Apple rejected my app, because they throught there was a frickin Windows phone on my loading screen.

How insecure can you be?

friend of mine: "I like my servers like I like my girls"
me: "insecure?"

Its Friday, you all know what that means! ... Its results day for practiseSafeHex's most incompetent co-worker!!!

*audience: wwwwwwooooooooo!!!!*

We've had a bewildering array of candidates, lets remind ourselves:

- a psychopath that genuinely scared me a little
- a CEO I would take pleasure seeing in pain
- a pothead who mistook me for his drug dealer
- an unbelievable idiot
- an arrogant idiot obsessed with strings

Tough competition, but there can be only one ... *drum roll* ... the winner is ... none of them!

*audience: GASP!*
*audience member: what?*
*audience member: no way!*
*audience member: your fucking kidding me!*

Sir calm down! this is a day time show, no need for that ... let me explain, there is a winner ... but we've kept him till last and for a good reason

*audience: ooooohhhhh*

You see our final contestant and ultimate winner of this series is our good old friend "C", taking the letters of each of our previous contestants, that spells TRAGIC which is the only word to explain C.

*audience: laughs*

Oh I assure you its no laughing matter. C was with us for 6 whole months ... 6 excruciatingly painful months.

Backstory:

We needed someone with frontend, backend and experience with IoT devices, or raspberry PI's. We didn't think we'd get it all, but in walked an interviewee with web development experience, a tiny bit of Angular and his masters project was building a robot device that would change LED's depending on your facial expressions. PERFECT!!!

... oh to have a time machine

Working with C:

- He never actually did the tutorials I first set him on for Node.js and Angular 2+ because they were "too boring". I didn't find this out until some time later.

- The first project I had him work on was a small dashboard and backend, but he decided to use Angular 1 and a different database than what we were using because "for me, these are easier".

- He called that project done without testing / deploying it in the cloud, despite that being part of the ticket, because he didn't know how. Rather than tell or ask anyone ... he just didn't do it and moved on.

- As part of his first tech review I had to explain to him why he should be using if / else, rather than just if's.

- Despite his past experience building server applications and dashboards (4 years!), he never heard of a websocket, and it took a considerable amount of time to explain.

- When he used a node module to open a server socket, he sat staring at me like a deer caught in headlights completely unaware of how to use / test it was working. I again had to explain it and ultimately test it for him with a command line client.

- He didn't understand the need to leave logging inside an application to report errors. Because he used to ... I shit you not ... drive to his customers, plug into their server and debug their application using a debugger.

... props for using a debugger, but fuck me.

- Once, after an entire 2 days of tapping me on the shoulder every 15 mins for questions / issues, I had to stop and ask:

Me: "Have you googled it?"
C: "... eh, no"
Me: "can I ask why?"
C: "well, for me, I only google for something I don't know"
Me: "... well do you know what this error message means?"
C: "ah good point, i'll try this time"

... maybe he was A's stoner buddy?

- He burned through our free cloud usage allowance for a month, after 1 day, meaning he couldn't test anything else under his account. He left an application running, broadcasting a lot of data. Turns out the on / off button on the dashboard only worked for "on". He had been killing his terminal locally and didn't know how to "ctrl + c a cloud app" ... so left it running. His intention was to restart the app every time you are done using it ... but forgot.

- His issue with the previous one ... not any of his countless mistakes, not the lack of even trying to make the button work, no, no, not for C. C's issue is the cloud is "shit" for giving us such little allowances. (for the record in a month I had never used more than 5%).

- I had to explain environment variables and why they are necessary for passwords and tokens etc. He didn't know it wasn't ok to commit these into GitHub.

- At his project meetups with partners I had to repeatedly ask him to stop googling gifs and pay attention to the talks.

- He complained that we don't have 3 hour lunch breaks like his last place.

- He once copied and pasted the same function 450 times into a file as a load test ... are loops too mainstream nowadays?

You see C is our winner, because after 6 painful months (companies internal process / requirements) he actually achieved nothing. I really mean that, nothing. Every thing was so broken, so insecure / wide open, built without any kind of common sense or standards I had to delete it all and start again ... it took me 2 weeks.

I hope you've all enjoyed this series and will join me in praying for the return of my sanity ... I do miss it a lot.

Yours truly,
practiseSafeHex

I really feel insecure, when it threatens me!

I know people who need this!

"Oh, he is asking that much money for this website? I will create that for only $250 with WordPress. He is just trying to use you"

You fucking wanker. What you don't understand is that you are pushing the companies to a fucking black hole that they won't be able to recover from.

He shows an example of a website which takes 30 sec to load. It's full of hundreds of dreadful plugins. He chose the shittiest stock pictures to make it look "pretty".

When I point out his fucking shite website takes this long to load, he says if the company wants to make the website fast, they will need buy the premium plan of CloudFlare. WHAT THE FUCK are you even talking about?

Not only that, the example website, doesn't even have any SSL. He is saying that the other company didn't want to pay for the SSL. Ever heard of fucking StartSSL or LetsEncrypt?

It's people like you who is responsible for making half of the web an insecure, slow, low-performance space which is prone to hacking.

WordPress was made for blogging. KEEP IT THAT WAY. Stop trying to make your high-performance CMS or eCommerce website with this shite.

Imagine what a coder Gordon Ramsay might be like:

Your alghoritm is so FUCKING slow, I'd rather to try to brute force a 20 characters long alphanumeric password!

This app is more insecure than an average teenager!

If your code was a spaghetti it would be a fucking health hazard!

this isn't even a tech thing. it just fucking bamboozled me. I overheard a conversation today.

> "duuuude you gotta make a better password that shit is insecure af"

> "bruh i did, i googled it"

> "googled what?"

> "how to make a good password"

> "so how longs your password?"

> "not long, it's bob2"

> "where's your capital?"

> "I made the '2' capital"

> "so you capitalized a number…"

thank god he walked away. he even told him his fucking password. ignorance.

No! How about you go FUCK yourself instead? If you hash it then the length should NOT MATTER!

So, i tried to demonstrate my roommate how many people push their credentials to github by searching for "password remove" commits.

I decided to show him the file and noticed something interesting. A public IP, and mysql credentials.

I visit the IP and what do i see there, a directory listening with a python script, with injects the database into a webpage (???) and a log of all http requests. Lots of failed attacks aiming at the PHP CGI. Still wondering how they failed on a python server 🤔🤔🤔

Edit phpmyadmin to connect to the mysql database. Success.

Inserted a row telling him the his password is on github. Maybe i should also have told him how to actually remove it. 😅
Yes, root can login from %

This is how far i can get with my current abilities.
------------------------------

Scary how insecure this world is.

Are you http? 'Cause you're insecure ://

sudo apt-get random-tool

Traceback (most recent call last):

Aborting because there's a fork in the spoon compartment on line 43 in main

Error this script only works on Python 2.7 and maybe 4.1 on line 59 in main

Missing symbols when trying to decipher Sumerian recipe for steamed vegetables on line 67 in main

Cannot open shared object: Your OS is a bully and is hiding my files on line 98 in main

Are you sure all directories matching ^(/)?([^/\0]+(/)?)+$ are in your $PATH on line 268 in main

Your computer is kind of vibrating in an annoying way on line 332 in main

Failing because I'm feeling insecure please hold me on line 587 in main

I'm feeling confused about my sentience when running TensorFlow models on line 682 in main

FUCK

HAS ANYONE EVER MANAGED TO JUST FUCKING INSTALL A PYTHON BASED APPLICATION WITHOUT DEBUGGING RANDOM COMPUTER STATE SHIT AND DEPENDENCIES FOR THREE HOURS?

It was fun to watch my entire high school (~1200 people) freak out when I ran "net send * Big brother is watching you..." on what I found to be an insecure computer in my high school's library. Every single computer in the building displayed the pop up message. The town's IT director even showed up to figure out what happened.

I was caught, but they were more happy it wasn't a hacker, and that I discovered that the IT firm the town hired totally botched properly implementing network security, so I was let off the hook.

Firefox is that secure, it even declares its own website as insecure 🤣

I wonder why banks are always so terribly insecure, given how much money there's for grabs in there for hackers.

Just a while ago I got a new prepaid credit card from bpost, our local postal service that for some reason also does banking. The reason for that being that - thank you 'Murica! - a lot of websites out there don't accept anything but credit cards and PayPal. Because who in their right mind wouldn't use credit cards, right?! As it turns out, it's pretty much every European I've spoken to so far.

That aside, I got that card, all fine and dandy, it's part of the Mastercard network so at least I can get my purchases from those shitty American sites that don't accept anything else now. Looked into the manual of it because bpost's FAQ isn't very clear about what my login data for their online customer area now actually is. Not that their instruction manual was either.

I noticed in that manual that apparently the PIN code can't be changed (for "security reasons", totally not the alternative that probably they didn't want to implement it), and that requesting a forgotten PIN code can be done with as little as calling them up, and they'll then send the password - not a reset form, the password itself! IN THE FUCKING MAIL.

Because that's apparently how financial institutions manage their passwords. The fact that they know your password means that they're storing it in plain text, probably in a database with all the card numbers and CVC's next to it. Wouldn't that be a treasure trove for cybercriminals, I wonder? But YOU the customer can't change your password, because obviously YOU wouldn't be able to maintain a secure password, yet THEY are obviously the ones with all the security and should be the ones to take out of YOUR hands the responsibility to maintain YOUR OWN password.

Banking logic. I fucking love it.

As for their database.. I reckon that that's probably written in COBOL too. Because why wouldn't you.

So I was at work and send to another location (distribution centers) and in the lunch break my guider for that day and I started a conversation about servers etc (he appeared to do loads of stuff with that). He recommended me all those programs but I didn't recognize anything so I asked him what kinda servers he ran. He runs a lot of Windows servers. No problem for me but I told him that I am into Linux servers myself.

Guy: "Linux guy, eh? That system is considered to be so secure but in reality it's insecure as fuck!".

Me: (If he would come up with real/good arguments I am not going to argue against that by the way!) Uhm howso/why would you think that?
Guy: "Well all those script kiddies being able to execute code on your system doesn't seem that secure.".

*me thinking: okay hold on, let's ask for an explanation as that doesn't make any fucking sense 😐*

Me: "Uhm how do you mean, could you elaborate on that?"

Guy: "Well since it's open source it allows anyone to run any shit on your system that they'd like. That's why windows rocks, it doesn't let outsiders execute bad code on it.".

Seriously I am wondering where the hell he heard that. My face at that moment (internally, I didn't want to start a heated discussion): 😐 😲.

Yeah that was one weird conversation and look on open source operating systems...

Fingerprint sensor is insecure

-gf can open your phone when you are asleep
-same with chloroform, unconscious, then use fingers
-can cut your fingers if it leads to that.

Fine I agree....but how secure is the face ID ??

-all of the same points can be applied to it.

I fucking hate Internet of Things, I think that it's a ridiculous idea to connect things, that work perfectly fine, to the internet.
The 'convenience' you get is minimalistic and most of the time non existent.
It is also often insanely insecure and expensive. The burdans it brings with it most of the time just outweigh the positive sides of it.

Now today happened something that made me hate it even more. Today was the First Lego Lego (Lego competition with ev3 robots, etc.) and one part of the tournament is to find a solution for a given problem. This year the general topic was hydro-dynamics and so the problem was how you can reduce water usage and 'save' water.

Our idea was to make reusable coffee cups and give them to the local coffee shops. One time use paper cups use take around 400ml water when produced) Basically you buy a cup once for 5 bucks and you get your coffee served in it. After drinking the coffee you return the cup to a local cafe and get a chip as pawn. When you buy your next coffee, you give them your chip and get it served in another reusable cup. The are at the moment already around 1000 cups going around the city.

Now this was our idea and we got ranked third. I am not too mad about our rank but what really drives me fucking mad is the team who ranked first.

Their idea was to make a pump (using an arduino) and a humidity sensor which you stick into a plant and the pump pumps water when the plant is too dry.
However (you probably guessed it already) they went a step further and connected it to the internet. They also made a web 'interface' for it so you can control the pump with your smartphone / computer / smartwatch / tv / whatever the fuck is connected to the internet nowadays 'thanks' to the iot 'revolution'.

So it is a pump that waters your plant when it is too dry BUT it is also connected to the internet.

WHY THE FUCK DOES THIS HAVE TO BE CONNECTED TO THE INTERNET.

"Oh look it is connected to the internet, wow awesome, oh it is also 'smart'. oh cooool. Nice I don't have to water my plants anymore"

A funny thing is that one of my friends built basically the same thing without connecting it to the internet. He built a small box with a pump and a humidity sensor that measures if the dirt is too dry and then waters the plant. It checks every few hours and the also is a small 16x2 LCD and a knob that you can turn to control how much water it should give the plant each time it waters it. He built it and I programmed it for him. Works perfectly fine and I don't see any reason why there should be any need to connect something like this to the internet.

Anyway we got ranked third, they first. I guess we should connect our coffee cups to the internet in some way ...

Working on the notes service and I'm still at the signup/login/password reset part.

Spending hours on thinking the process through, trying to think of any possible weaknesses in the system and writing patches right away.
I find it funny how thinking through every step (code-wise and user-wise) gives a very broad overview of how secure/insecure this thing is.

I fucking love doing this.

Insecure... My laptop disk is encrypted, but I'm using a fairly weak password. 🤔

Oh, you mean psychological.

Working at a startup in crisis time. Might lose my job if the company goes under.

I'm a Tech lead, Senior Backender, DB admin, Debugger, Solutions Architect, PR reviewer.

In practice, that means zero portfolio. Truth be told, I can sniff out issues with your code, but can't code features for shit. I really just don't have the patience to actually BUILD things.

I'm pretty much the town fool who angrily yells at managers for being dumb, rolls his eyes when he finds hacky code, then disappears into his cave to repair and refactor the mess other people made.

I totally suck at interviews, unless the interviewer really loves comparing Haskell's & Rust's type systems, or something equally useless.

I'm grumpy, hedonistic and brutally straight forward. Some coworkers call me "refreshing" and "direct but reasonable", others "barely tolerable" or even "fundamentally unlikable".

I'm not sure if they actually mean it, or are just messing with me, but by noon I'm either too deep into code, or too much under influence of cognac & LSD, wearing too little clothing, having interesting conversations WITH instead of AT the coffee machine, to still care about what other humans think.

There have been moments where I coded for 72 hours straight to fix a severe issue, and I would take a bullet to save this company from going under... But there have also been days where I called my boss a "A malicious tumor, slowly infecting all departments and draining the life out of the company with his cancerous ideas" — to his face.

I count myself lucky to still have a very well paying job, where many others are struggling to pay bills or have lost their income completely.

But I realize I'm really not that easy to work with... Over time, I've recruited a team of compatible psychopaths and misfits, from a Ukranian ex-military explosives expert & brilliant DB admin to a Nigerian crossfitting gay autist devops weeb, to a tiny alcoholic French machine learning fanatic, to the paranoid "how much keef is there in my beard" architecture lead who is convinced covid-19 is linked to the disappearance of MH370 and looks like he bathes in pig manure.

So... I would really hate to ever have to look for a new employer.

I would really hate to ever lose my protective human meat shield... I mean, my "team".

I feel like, despite having worked to get my Karma deep into the red by calling people all kinds of rude things, things are really quite sweet for me.

I'm fucking terrified that this peak could be temporary, that there's a giant ravine waiting for me, to remind me that life is a ruthless bitch and that all the good things were totally undeserved.

Ah well, might as well stay in character...

*taunts fate with a raised middlefinger*

Everyone keeps staring at me on the train 😓 what have I done 😓

I'm just a Insecure dev leave me alone!

When I managed to minimize the processing time of the project I'm currently handling. It went down from 30min-1hr to 7min-15mins. The project owner was so happy, said it made his life easier. I was told I did a good job by my manager.

I feel like a real dev then and there. So whenever I'm having a bad day, feeling insecure, I try to remember that day when I was able to do something right. :)

Hashedram's compilations #1
List of most annoying website designs.

1) Pages with AUTO PLAYING VIDEOS.

Yes I'm looking at you Netflix. Along with every news website known to man. I'm looking to read a fucking article, so why would you even waste your money and bandwidth trying to shove a video of some shit I don't care about in my face, and make it follow me as I scroll down like a fucking insecure puppy. Also, fuck you Instagram.

2) Pages that redirect once immediately after you visit them, thereby fucking with the browser history and the BACK BUTTON just leads back to the same fucking site.

I mean, just why. Did you think I would just go "Hey the back button doesn't work so let's stay on the site and read their awesome content"?

3) Sites showing things in a SLIDESHOW, when it actually should be in a list.

Slideshows are for progressive stories or for showing lists where you don't care about what's in them. Top 10 foods that reduce weight. Slideshow 1/15. Fuck you.

4) LOOKS LIKE YOU'RE USING AN AD BLOCKER

Yes. Yes I am. No I will not turn it off for you, you narcissistic snowflake fuck. And don't even try to guilt shame me into turning it off, because I know you're just going to bombard me with videos of sexy singles in the area if I do.

5) Pages where I see the first 3 lines of an article and have to SUBSCRIBE to see more.

Yes. Brilliant fucking idea. A user wants to see what your site has to offer, so within the first three seconds, don't show him exactly that.

6) Looking up an article and having to read through the entire motivational life story of the author.

I just want to know how to boil eggs, not read about your journey across Africa learning how to make difference recepies using boiled rhino dung.

7) CLICK BAIT.

Title: School boy designs blockchain machine learning game engine

Actual Content: Tic tac toe program made using linked lists

Had a discussion with a developer about security. His software transfers all user data (password and files) unencrypted, so anyone can grab them with wireshark. I told him that this is a severe issue. He said no its no problem because if you get hacked its your own fault, because you probably used an insecure network. NO ! YOU FUCKING MALADJUSTED SHEEP-MOLESTING OBJECT OF EXECRATION, YOU SHOULD ALWAYS ENCRYPT SENSITIVE USERDATA NO MATTER WHAT NETWORK YOU USE. FUCKING KILL ME ALREADY.
Not implementing encryption is one thing but then acting like its no problem is a fucking nother one. Why do people not understand that security of userdata is important???

I really dont get it when people cry over "when sending password in emails".

Had a customer today that wants us to send credentials on WhatsApp instead because it is "secure" instead of email, because email is insecure... .

TFW your client's git policies are so draconian that the dev teams use "develop" as trunk, and completely ignore the release process.

I wrote up 50 pages of git standards, documentation and procedure for a client. Bad indian director 9000 decides the admin (also Indian) who specializes in Clearcase and has no git or development experience is more qualified to decide and let's him set the policy.

FF to today:

- documentation, mostly contradictory, is copy pasted from the atlassian wiki
- source tree is the standard
- no force pushing of any branches, including work branches
- no ff-merge
- no rebasing allowed
- no ssh, because he couldn't figure it out...errr it's "insecure"
- all repos have random abbreviated names that are unintelligible
- gitflow, but with pull requests and no trust
- only project managers can delete a branch
- long lived feature branches
- only projects managers can conduct code reviews
- hotfixes must be based off develop
- hotfixes must go in the normal release cycle
- releases involve creating a ticket to have an admin create a release branch from your branch, creating a second ticket to stage the PR, a third ticket to review the PR (because only admins can approve release PRs), and a fourth ticket to merge it in
- rollbacks require director signoff
- at the end of each project the repo must be handed to the admin on a burned CD for "archiving"

And so no one actually uses the official release process, and just does releases out of dev. If you're wondering if IBM sucks, the answer is more than you can possibly imagine.

6 months ago:

Boss: We have this idea to improve our onboarding to avoid drop off in the new app. See this section here? Were going to take that out of the onboarding and just let them pass straight through to the app. Then when they get into the app, there will be a banner telling them they should go to settings and set this up. That way they can ignore it for a while and get into the app sooner

Me: Get into the app sooner to do what?

Boss: Explore it

Me: Explore an empty app with no content, as they are a brand new user with nothing setup? While theres a big banner on the screen saying "You have insecure settings" ... basically forcing them to do it straight away anyway?

Boss: Yeah, we can give them some recommendations or something while they click around. It will be good. This is months away anyway, we'll talk again

Yesterday:

Boss: So this weird unexpected thing happened. We showed some beta users our plans to remove this section from onboarding and they felt weird about it. They said they didn't like the idea of the banner telling them they haven't set it up correctly

Me: Thats not weird, I said the same thing 6 months ago

Boss: ......... oh, really?

Me: Yep. Its not an improvement to get them through onboarding quicker, just to tell them they have to now go do it somewhere else

Boss: ... right. Ok maybe we'll build it anyway and see how they feel with it in there hands?

Me: nope

Boss: ... what do you mean?

Me: We are behind, you've asked me 3 times in the last week if we are going to be able to get everything in on time ... and now you want me to build something that everyone, apart from you, says they don't like. So realistically, i'm going to build it, and then remove it next week ... and we'll have a discussion about what has to be dropped because of this

Boss: ........ right .... ok .... hhhmmm

Me: *sits with resting bitch face*

Boss: ... maybe we can hide the banner until later. Not show it to them until they've done something in the app?

Me: ... maybe we can not do any of this?

Boss: right but then the onboarding will ...

Me: *talks louder* ... yes will be the way our users want it to be

Boss: ... hhmm i'm not sure

Me: Ok heres what we'll do, so long as it doesn't delay me getting the designs I need, feel free to have the designer mock up what it would look like using that figma on device preview thing. If users say they like it, i'll build it

Boss: ... right but it won't be real on device app so ...

Me: Its that or we cut feature X

Boss: ... well we need that

Me: ok glad we agree, let me know what feedback the designer gets

Boss: ... ok

Today 🙄
This dev goes "I connect using plain FTP over a VPN to update why can't you!?"

Because it's unsecure you fucking idiot.

His FTP server can't even do secure connections. Some how.

Guess I have a new site to take over 😏

TL;DR I'm fucking sick and tired of Devs cutting corners on security! Things can't be simply hidden a bit; security needs to be integral to your entire process and solution. Please learn from my story and be one of the good guys!

As I mentioned before my company used plain text passwords in a legacy app (was not allowed to fix it) and that we finally moved away from it. A big win! However not the end of our issues.

Those Idiot still use hardcoded passwords in code. A practice that almost resulted in a leak of the DB admin password when we had to publish a repo for deployment purposes. Luckily I didn't search and there is something like BFG repo cleaner.

I have tried to remedy this by providing a nice library to handle all kinds of config (easy config injection) and a default json file that is always ignored by git. Although this helped a lot they still remain idiots.
The first project in another language and boom hardcoded password. Dev said I'll just remove before going live. First of all I don't believe him. Second of all I asked from history? "No a commit will be good enough..."

Last week we had to fix a leak of copyrighted contend.
How did this happen you ask? Well the secure upload field was not used because they thought that the normal one was good enough. "It's fine as long the URL to the file is not published. Besides now we can also use it to upload files that need to be published here"
This is so fucking stupid on so many levels. NEVER MIX SECURE AND INSECURE CONTENT it is confusing and hard to maintain. Hiding behind a URL that thousands of people have access to is also not going to work. We have the proof now...
Will they learn? Maybe for a short while but I remain sceptic. I hope a few DevrRanters do!

What is this ?
U call this wireless security??

Anyway what is the best way of securing hotspots in the airports , hotels , ... ?

Since this category is called rant/story, let me tell you a story today.

I went paragliding above the turqoise colored "dead beach" of Fethiye.
And boy was that awesome.
I was very insecure about flying first. I have such an anxiety. While moving up towards the "Babadağ" Mountain which is 2000 meters above the sea level, my hands began to Shake. We reached the Clouds. The pilot told me everything will be fine. He is doing that since 2006 and has 4 medals for Turkey's best long distance flyer and he also was a stunt man.
We ran down the Cliff. And as my butt was pushed against the seat, my anxiety began to lower itself.
We even did some stunts, but I do not have them on tape.

Those having such anxiety problems should definitely try this out! Really! :)

Don't burn other devs just because you don't like their solution. Discuss empower and stop being a total prick. People should look up to you because they respect you not because you put them down!

Here is my list of horrible techs which are common in my current and previous workplace which should be extinct ASAP:

SAP
SharePoint
Java applets
Java Swing desktop apps
C# Windows Forms desktop apps
ASP/JSP
VB
RemoteApp
Shitty insecure php web apps
Micorsoft Access DB
Windows XP
Windows Servers
Closed Linux-based appliances which lack many basic GNU software and are forbidden to tamper with
Every single Symantec product

Post yours below

Spotted this insecure motorbike

I've found and fixed any kind of "bad bug" I can think of over my career from allowing negative financial transfers to weird platform specific behaviour, here are a few of the more interesting ones that come to mind...

#1 - Most expensive lesson learned

Almost 10 years ago (while learning to code) I wrote a loyalty card system that ended up going national. Fast forward 2 years and by some miracle the system still worked and had services running on 500+ POS servers in large retail stores uploading thousands of transactions each second - due to this increased traffic to stay ahead of any trouble we decided to add a loadbalancer to our backend.

This was simply a matter of re-assigning the IP and would cause 10-15 minutes of downtime (for the first time ever), we made the switch and everything seemed perfect. Too perfect...

After 10 minutes every phone in the office started going beserk - calls where coming in about store servers irreparably crashing all over the country taking all the tills offline and forcing them to close doors midday. It was bad and we couldn't conceive how it could possibly be us or our software to blame.

Turns out we made the local service write any web service errors to a log file upon failure for debugging purposes before retrying - a perfectly sensible thing to do if I hadn't forgotten to check the size of or clear the log file. In about 15 minutes of downtime each stores error log proceeded to grow and consume every available byte of HD space before crashing windows.

#2 - Hardest to find

This was a true "Nessie" bug.. We had a single codebase powering a few hundred sites. Every now and then at some point the web server would spontaneously die and vommit a bunch of sql statements and sensitive data back to the user causing huge concern but I could never remotely replicate the behaviour - until 4 years later it happened to one of our support staff and I could pull out their network & session info.

Turns out years back when the server was first setup each domain was added as an individual "Site" on IIS but shared the same root directory and hence the same session path. It would have remained unnoticed if we had not grown but as our traffic increased ever so often 2 users of different sites would end up sharing a session id causing the server to promptly implode on itself.

#3 - Most elegant fix

Same bastard IIS server as #2. Codebase was the most unsecure unstable travesty I've ever worked with - sql injection vuns in EVERY URL, sql statements stored in COOKIES... this thing was irreparably fucked up but had to stay online until it could be replaced. Basically every other day it got hit by bots ended up sending bluepill spam or mining shitcoin and I would simply delete the instance and recreate it in a semi un-compromised state which was an acceptable solution for the business for uptime... until we we're DDOS'ed for 5 days straight.

My hands were tied and there was no way to mitigate it except for stopping individual sites as they came under attack and starting them after it subsided... (for some reason they seemed to be targeting by domain instead of ip). After 3 days of doing this manually I was given the go ahead to use any resources necessary to make it stop and especially since it was IIS6 I had no fucking clue where to start.

So I stuck to what I knew and deployed a $5 vm running an Nginx reverse proxy with heavy caching and rate limiting linked to a custom fail2ban plugin in in front of the insecure server. The attacks died instantly, the server sped up 10x and was never compromised by bots again (presumably since they got back a linux user agent). To this day I marvel at this miracle $5 fix.

So my ISP decided it was ok for them to log into my router remotely and re enable the wifi.

I turned it off for a reason and no your excuse that it will improve my upload speed is bullshit you stupid patronising fucking shithead.

I'm now seriously looking into cancelling my service with you because you don't respect your customers or their wishes.

Also I'm guessing there's a default backdoor password into the router as I changed all the passwords I could find. Meaning the whole thing is horribly insecure.

My mobile provider doesn't allow me to set a password that contains any other symbol than letters and numbers for the website where you can look at how much data you consumed (and can order new data, change plans, etc.). Are you kidding me. This is making shit insecure, you fucks!

You know that feeling, when you code, compile, run. It just works ?

That’s the moment I get insecure

I've just been given a beautiful turd of a PC with only 512MB RAM to get ready for someone in the residence. Way too small for any modern Windows or even Linux with a halfway decent GUI. And the user doesn't have any technical background so I highly doubt that they'll be able to maintain a Linux system. Windows XP is full of security issues but it might just be able to run on that craptop. Due to me knowing that it's a vulnerable system though, I've got an ethical issue with that. Windows XP is insecure but at least the user would be able to use it.. and Linux is secure but it'd never get updated, and I really don't want that guy to come knock on my door every time he wants to install a piece of software.. the guy fucking stinks! What would you do in a situation like that?

I'm fed up of this shit. I'm a Bachelors student and I study in a class where no student wants to study. Like literally none. You'd think someone studying Bachelors degree would have some sense. But no. Not a fucking one of them. Our class requires a minimum number of students to attend to smoothly run the class. I am the CR and I can't convince them enough to even meet that level. How am I gonna get through these two years? I try to say something, everybody snaps at me for being a smartass. Which I'm clearly not. These are the same people who come at me when the courses to do finish in time. I am alone. I am getting too weak to stand against them. My self esteem is declining day by day. I am really insecure.

me: the source code is currently store on GitHub and we use GitHub Actions after each updates to compile your code into binary before deploying to your servers
client: storing source code on GitHub (external server) is insecure and breaks compliance
me: so i guess you will need to have a copy of the source code on all your servers and build them directly there (too cheap to have a separate build server) instead of using GitHub Actions
client: yeah
me: keep in mind that all your certificates and tokens are going to be store as plain text in all your servers so if a hacker gain access to anyone of your servers, they will have access to everything.
client: yeah, this is in compliance to our security policy

Half convinced universities are paid off by virus developers to teach their students the most shit and insecure practices available.

I am DONE with this woman.

Background: we're a team of 3 developers and I'm the junior in this team and I've been in this shit for a year now. 2 months ago the team leader left for another project and I had to stand in for him in every responsibility against the PM and other teams.

Now I not only had to endure this insecure woman but I was also supposed to work with her! Fast-forward to today, the team leader is back and I thought I could put my headphones on and work peacefully at last.

But no!

I've found out she's sent a faulty code to production - no big deal - and said that over chat (although she's sitting right behind me):

Me: We need to fix this.
Her: What?

Me: *giving some details about the issue*
Her: Your attitude is important when you ask me to do something. Whenever you're writing to me you're typing on your keyboard like you're going to break it on my head.

*me not knowing what to say at this point because we had something stupid like this before*

Me: So you're offended by the sound my keyboard makes? (I have mx brown switches by the way and they're not even loud)
Her: No you're typing too fast when you're writing to me. The sound echoes in the office.
...

Can you fucking believe this shit? I hate people that think they can educate me but have no idea how to rationally respond to situations and take responsibility! I didn't even say anything!

And she's been saying to me she hadn't had a problem with any other people for gazillion years who knows how long and why would she cause a problem now! And thinks I am the problem, fuck YOU!

Since you don't like receiving orders why hadn't you taken the place when the fucking guy went for another project but I had to take all the responsibility? I know why you fucking entitled bitch.

Because you HAD NO IDEA AND YOU STILL DON'T.

So shut the fuck up and do as I say.

Kind regards

When you ask the IT-Department of a company collab with Microsoft, why you aren't allowed to use Firefox instead of IE.

The answer is: "It's insecure because it's open source"

YOU FUCKING KIDDING ME INSECURE ??? IT IS MORE SECURE AS IE!!! INSECURE BECAUSE OPEN SOURCE? THAN LET'S USE CHROME OR OPERA INSTEAD BUT NOT IE

I always feel insecure when i push my code to github as public repo.

Like what if my code is so far from standard.

What if i showed a very stupid logic.

I am very insecure when pushing my code to public repos.

Qualifications and experience require to start a WordPress consultancy/brand agency:
• Be a marketing/people person.
• No technical requirements required.

Hate seeing others get clients and delivering half-assed solutions and deploying outdated and even insecure versions of everything.

!rant && rant

I've been doing random HTML/CSS/JS crap since I was 11 (I'm 20 now). And worked with NodeJS/Swift/Java/Typescript for the past 4 years. For some reason, I've always been interested in public transit and the combination between public transit and Development seemed magical to me. I've tried making Departure time apps and trip planners for a few years now. And for that you need open data, for which we have a national data source and a Google Group for support with that.

I quit my study two years ago after a year doing nothing and I was on the edge of getting into depression because I didn't do anything useful for two years. Didn't see myself do anything useful in the next few years apart from some random dev crap (still public transit related).

About half a year ago I ranted on that Google Group about shit being not efficient (weird standards, weird documentation but mostly lack thereof).

For some reason a business saw that rant and sent me an email about two months ago and told me they 'potentially' had 'some' work for me. So I had some really informal conversations with that business but I still was very insecure about myself (had some shitty experience with tons of unfinished projects) and I was worried that they had higher expectations for me than what I could give them.

A week later I received an e-mail with a proposal for an actual, full-time job as a back-end developer and obviously took the opportunity.

I started a month ago with a month-long probation period and after three weeks told me I had passed the probation period.

I'm a super happy boy right now. I got a job, being super insecure, without any certifications, without finishing school (Everyone in the Netherlands tells you you NEED a diploma to get a job), more than double minimum wage (minimum wage is quite high in the Netherlands), and most important, at a business that does a lot of public transit stuff.

Apparently ranting about stuff, not finishing your school and being depressed gives you a well-paid job. :)

The number of people who responded to this with bile such as “yeah but how well” or “i bet she can only write hello world”.
Its sad that this attitude still exists in our industry. If you havent seen the story she responded by clarifying that she is on the iOS tutorial team for Raywenderlich, and has a bachelors degree with a double major in Computer Science. But she shouldnt have to explain that just because shes a woman. Are people that insecure about their knowledge that they need to resort to demeaning other peoples? for shame.

Clicking "forgot my password" and getting a mail with my password in clear text. Sending a mail and asking why they don't care about security. The answer I'm getting is "it's a feature, makes things easier". Yeah...

I am currently working on my Master's thesis in the R&D department of a company that builds&sells mechanical appliances. Obviously a part of the thesis is outlining the various approaches.

Me: * Headphones on, browsing competitor's website for citeable content*

*Le boss approaches, starts looking at my screen*
B: Are you honestly preferring their approach over ours?!

M: *sets down headphones* What dou you mean?

B: *Begins rant about unfair competitors, how I dare consider defecting to a competitor*

M: Uhm.. I was just looking for sources so that i coukd write about different approaches...

B: Oh. Carry on then. *leaves*

M: *scratches head, opens devRant, begins typing*

Today I learned that there are people that disable javascript...

Quote: "It's both insecure and resource intensive"

Then he went that only if the script is free he would see what it is to run it.

He also said that he would never allow any js file that comes from google even jquery...

I wonder, how does a man like this live today when most of the websites are heavily dependant on javascript?

I wouldn't live in an isolated world just to be 100% secure, I want my good user experience xD

!rant

In july chrome will mark all http-pages as not secure and firefox will follow.
Worst of all, those insecure pages won't be allowed to access the microphone and other features any more. What will i do in cafes now?

So I have too many posts for wk110. It's sad. Here we go. I got a bad grade on an assignment for a hello world program in college. How do you write a hello world program that successfully prints hello world and not get 100 percent?

The teacher insisted that we write a console "hello world" program in C++, on windows. If he can't read hello world, you fail. So you must add `system("pause")` at the end so the window stays open. One problem: system() is horribly insecure and im stubborn. I refused to write exactly what he wanted, like everyone else did, because I try to not write code I know is unsafe. So I ended my script with cin.get() which also pauses for input. Unlike pause however it can't be any key, it reads a line, so you must hit enter. This was "unfavorable behavior" and ultimately I got something like a high C, low B grade. Only person to not get 100%

Those managers who think that Microsoft is the only platform and believe that Linux is insecure - fuck off. I don't want to use azure, you ass.

I hate being so insecure. I don't start developing an idea because I think I won't be able to do it, I don't code together with someone who is better than me because I think they'll make fun of me or think I'm doing it wrong, I don't speak up in class even though I probably, definitely, know the answer. I feel like I'll never get anywhere if I remain this way. Anyone have some advice? Thanks

I am an insecure person. Coding gave me a much needed boost in confidence in my skills.

Perhaps more of a wishlist than what I think will actually happen, but:

- Everyone realises that blockchain is nothing more than a tiny niche, and therefore everyone but a tiny niche shuts up about it.
- Starting a new JS framework every 2 seconds becomes a crime. Existing JS frameworks have a big war, until only one is left standing.
- Developing for "FaaS" (serverless, if I must use that name) type computing becomes a big thing.
- Relational database engines get to the point where special handling of "big data" isn't required anymore. Joins across billions of rows doesn't present an issue.
- Everyone wakes up one day and realises that Wordpress is a steaming pile of insecure cow dung. It's never used again, and burns in a fire.

After a few weeks of being insanely busy, I decided to log onto Steam and maybe relax with a few people and play some games. I enjoy playing a few sandbox games and do freelance development for those games (Anywhere from a simple script to a full on server setup) on the side. It just so happened that I had an 'urgent' request from one of my old staff member from an old community I use to own. This staff member decided to run his own community after I sold mine off since I didn't have the passion anymore to deal with the community on a daily basis.

O: Owner (Former staff member/friend)
D: Other Dev

O: Hey, I need urgent help man! Got a few things developed for my server, and now the server won't stay stable and crashes randomly. I really need help, my developer can't figure it out.
Me: Uhm, sure. Just remember, if it's small I'll do it for free since you're an old friend, but if it's a bigger issue or needs a full recode or whatever, you're gonna have to pay. Another option is, I tell you what's wrong and you can have your developer fix it.
O: Sounds good, I'll give you owner access to everything so you can check it out.
Me: Sounds good

*An hour passes by*

O: Sorry it took so long, had to deal with some crap. *Insert credentials, etc*
Me: Ok, give me a few minutes to do some basic tests. What was that new feature or whatever you added?
O: *Explains long feature, and where it's located*
Me: *Begins to review the files* *Internal rage wondering what fucking developer could code such trash* *Tests a few methods, and watches CPU/RAM and an internal graph for usage*
Me: Who coded this module?
O: My developer.
Me: *Calm tone, with a mix of some anger* So, you know what, I'm just gonna do some simple math for ya. You're running 33 ticks a second for the server, with an average of about 40ish players. 33x60 = 1980 cycles a minute, now lets times that by the 40 players on average, you have 79,200 cycles per minute or nearly 4.8 fucking cycles an hour (If you maxed the server at 64 players, it's going to run an amazing fucking 7.6 million cycles an hour, like holy fuck). You're also running a MySQLite query every cycle while transferring useless data to the server, you're clusterfucking the server and overloading it for no fucking reason and that's why you're crashing it. Another question, who the fuck wrote the security of this? I can literally send commands to the server with this insecure method and delete all of your files... If you actually want your fucking server stable and secure, I'm gonna have to recode this entire module to reduce your developer's clusterfuck of 4.8 million cycles to about 400 every hour... it's gonna be $50.
D: *Angered* You're wrong, this is the best way to do it, I did stress testing! *Insert other defensive comments* You're just a shitty developer (This one got me)
Me: *Calm* You're calling me a shitty developer? You're the person that doesn't understand a timer, I get that you're new to this world, but reading the wiki or even using the game's forums would've ripped this code to shreds and you to shreds. You're not even a developer, cause most of this is so disorganized it looks like you copy and pasted it. *Get's angered here and starts some light screaming* You're wasting CPU usage, the game can't use more than 1 physical core, and after a quick test, you're stupid 'amazing' module is using about 40% of the CPU. You need to fucking realize the 40ish average players, use less than this... THEY SHOULD BE MORE INTENSIVE THAN YOUR CODE, NOT THE OPPOSITE.
O: Hey don't be rude to Venom, he's an amazing coder. You're still new, you don't know as much as him. Ok, I'll pay you the money to get it recoded.
Me: Sounds good. *Angered tone* Also you developer boy, learn to listen to feedback and maybe learn to improve your shitty code. Cause you'll never go anywhere if you don't even understand who bad this garbage is, and that you can't even use the fucking wiki for this game. The only fucking way you're gonna improve is to use some of my suggestions.
D: *Leaves call without saying anything*

TL;DR: Shitty developer ran some shitty XP system code for a game nearly 4.8 million times an hour (average) or just above 7.6 million times an hour (if maxed), plus running MySQLite when it could've been done within about like 400 an hour at max. Tried calling me a shitty developer, and got sorta yelled at while I was trying to keep calm.

Still pissed he tried calling me a shitty developer...

Fuck Microsoft and the windows dev team! Fuck the person who thinks it's a bright idea to force users to download updates on their fucking insecure OS.
I live in a shitty substandard country where the cheapest mobile data plan is roughly $7.5 for 7.2gb for a month.
After several weeks of Windows auto downloading updates I don't need, I disabled the updates on several fronts using tutorials found online until yesterday, the fucking thing still found a way to download updates over 6gb, I didn't suspect a thing until I got notification that my data plan is exhausted and I immediately checked windows update and saw a fucking download meter of 76% downloaded. The data was suppose to last for 4-5 days, all gone within 3 hours span.

Fuck whoever thought it is a nice idea to force users to download shitty updates, leave me with the fucking old unstable version, if I get a malware I know how to find my way out you fucking goofs at microfuckingsoft!!

Just went to book something online. About to click the "Pay" button and noticed the page wasn't secure. Who the hell, in 2017, captures credit card details via insecure 'http'??? And 'https' worked on the home page but not the payment page!! Backed out of that, messaged them and we'll see if anything comes of it.

Code comments #1: A way to document bad code that wasn't reduced to it's essentials and thus unreadable. Bad.

Code comments #2: A way to explain for non-programmers how the code works. Wrong place.

Code comments #3: Company policy. No one really knows why, but others do that, so we better do it to. The management sucks.

Code comments #4: Because some hip methodology/guru describes how to document code. After a few years, when the methodology has been (unofficially) forgotten, everyone still comments the code the same way. The old management sucked.

Code comments 5#: For insecure programmers who want to convince them self they understand the code they've written. Maybe apply at McDo?

Code comments #6: Some programmers are apparently paid by lines of code. Possibly understandable.

// Comments, anyone?

Anyone else hates those tutorials that go in a direction for pages and pages, then suddenly they tell you that while that works, it's inefficient and insecure. THEN WHY THE FUCK DID YOU NOT TALK ABOUT THE PROPER WAY??? You don't teach people to drive a car blindfolded.

FUCK!
After submitting a registration form I noticed the site is served over plain HTTP. Their marketing site is served encrypted, but login and register are not! What the fuck!!!

Fuck everyone who does this stupid fucking shit with disregard to basic security features! Their goddamn bullshit privacy policy is bragging about how it's top priority to protect their customers' information and shit like that. Get the fuck out, cunts!!

I contacted them so I might have a continuation to this rant if I'm not satisfied with their answers.

Goddamn it!

Just had a junior/mid dev who worked in our company for around 3 months quit because in his words "he is unable to win any argument".

I saw his comments in MR's and other seniors were just being meticulous. Had he compromised a little or atleast got to knew the devs in person and took this offline most of his problems would have been resolved. Never scheduled any meetings before implementing stuff, he just followed his gut and then shot himself in the foot plenty of times.

Personally I think it wasnt even a skill issue but a communication issue. We have a relaxed culture where u can work in the office or fully remotely so the guy came in on his first day, picked up his laptop and we never saw him. Tried to invite him for an afterwork beer or some activities, he never accepted.

If he had met the devs in person he would have seen that:

1. One guy has OCD and he never agrees with anyone but if theres a timeline hes able to make compromises and hes actually chill
2. Second guy is also a perfectionist but has mentor capabilities and you can always go to him about anything and he helps to mediate with the first guy. You can run everything through this guy and he will never give you shit
3. Third guy in the team is just a junior hotshot whos a bit insecure and disagrees in comments just because he can. But he can be dealt with very quickly with showing a little backbone.

Like seriously these are just people that you can deal very easily when u know their personalities. Instead he saw everyone in company as these 2D robots that he wasnt able to win his arguments against.

Communication shouldnt happen only in standups and MR comment section. U have to learn to deal with people otherwise u will burn urself out like this guy and quit.

I was asked to fix a critical issue which had high visibility among the higher ups and were blocking QA from testing.

My dev lead (who was more like a dev manager) was having one of his insecure moments of “I need to get credit for helping fix this”, probably because he steals the oxygen from those who actually deserve to be alive and he knows he should be fired, slowly...over a BBQ.

For the next few days, I was bombarded with requests for status updates. Idea after idea of what I could do to fix the issue was hurled at me when all I needed was time to make the fix.

Dev Lead: “Dev X says he knows what the problem is and it’s a simple code fix and should be quick.” (Dev X is in the room as well)

Me: “Tell me, have you actually looked into the issue? Then you know that there are several race conditions causing this issue and the error only manifests itself during a Jenkins build and not locally. In order to know if you’ve fixed it, you have to run the Jenkins job each time which is a lengthy process.”

Dev X: “I don’t know how to access Jenkins.”

And so it continued. Just so you know, I’ve worked at controlling my anger over the years, usually triggered by asinine comments and decisions. I trained for many years with Buddhist monks atop remote mountain ranges, meditated for days under waterfalls, contemplated life in solitude as I crossed the desert, and spent many phone calls talking to Microsoft enterprise support while smiling.

But the next day, I lost my shit.

I had been working out quite a bit too so I could have probably flipped around ten large tables before I got tired. And I’m talking long tables you’d need two people to move.

For context, unresolved comments in our pull request process block the ability to merge. My code was ready and I had two other devs review and approve my code already, but my dev lead, who has never seen the code base, gave up trying to learn how to build the app, and hasn’t coded in years, decided to comment on my pull request that upper management has been waiting on and that he himself has been hounding me about.

Two stood out to me. I read them slowly.

“I think you should name this unit test better” (That unit test existed before my PR)

“This function was deleted and moved to this other file, just so people know”

A devil greeted me when I entered hell. He was quite understanding. It turns out he was also a dev.

Want to be likeable or get your way through people?

No need to sell ice cream, just validate those insecure souls.

Wide majority does not want their fragile bubble to be broken even if they are suffocating within.

All they seek is validation. That's fucking it. That's the secret.

If someone asks you for some opinion or support, most of the time they are just want to hear how great their mediocre thought process is.

Someone's lack of ability accept criticism and grow is the sole reason they are stuck in quicksand situation and only drowning further.

An unethical social skill but this will take you a long way and also help you stay sane from the insecure narcissistic scums by avoiding toxic interaction.

JUST VALIDATE THEM.

Despite common sense, I think technology is not making our lives easier. It's just build chaos on top of chaos.

Take server-side programming for instance.

First you have to find someone to host your thing, or a PaaS provider. Then you have to figure out how much RAM and storage you need, which OS you're going to use. And then there's Docker (which will run on top of a VM on AWS or GCP anyway, making even less sense). And then there's the server technology: nginx, Apache (and many many more; if, that is, you're using a server at all). And then there are firewalls, proxies, SSL. And then you go back to the start, because you have to check if your hosting provider will support the OS or Docker or your server. (I smell infinite recursion here.)

Each of these moving parts come with their own can of worms in terms of configuration and security. A whole bible to read if you want to have the slightest clue about what you're doing.

And then there's the programming language to use and its accompanying frameworks. Can they replace the server technology? Should you? Will they conflict with each other and open yet another backdoor into your system? Is it supported by your hosting provider? (Did I mention an infinite recursion somewhere?)

And then there's the database. Does it have a port to the language/framework of your choosing? Why does it expose an web interface? Is it supposed to replace your server? And why are its security features optional again? (Just so I have to test both the insecure and the secure environments?)

And you haven't written a single line of code yet, mind you.

My manager is so insecure about us working from home that he has started stalking everyone on social media...

So last night a friend randomly found a raw not-yet-installed WordPress instance on a public domain that he found on a Facebook site (it was already linked for I don't know how long, but just not installed).

He told me about it and, being the guy I am, I signed up an account on some free MySQL hosting website, set up a database and used it for that WordPress site.

I then left a kind little note on the front page for the admin telling him that I just saved his ass since others could've done the same but posted racist shit or something and, also, told him not to use WordPress.

Even though I had no bad intentions, I used proxies and VPN connectsions because you never know how these people might react.

Hopefully they'll learn from it 😇

I wish I could read my code on other people's screens. I wouldn't sound like such an idiot whenever I leave my desk. *sigh*

Dear SSLv3, when I'm around you, I feel so insecure...

Why everyone is happy about Google clip? It's the single most scary instance of a big brother appliance that exists today. What are they going to do with the data? They say it's save memories of your kid or your dog. There's already something like that. It's called a brain and paying attention to your damn life. I don't want to be saved in your shitty memories just bc you are so insecure about remembering your fuck*ng memories.

I'm sorry for the outburst but that sh*t is solving a problem nobody had and it's getting applauded like those heaven's gate motherf*ckrs that say that life is improved by these shitty beliefs.

I'm kinda insecure about my main focus being web stuff. I'm pretty good at it and it comes naturally - and more importantly, there are tons of web jobs. But I've always wanted to do something more unique and interesting, you know? I don't wanna introduce myself as web developer.

When you spend 6 hours figuring out how to best encrypt/decrypt your unimportant website cookies just because you don't want people to see how bad you are at naming stuff :x

Hmm...recently I've seen an increase in the idea of raising security awareness at a user level...but really now , it gets me thinking , why not raise security awareness at a coding level ? Just having one guy do encryption and encoding most certainly isn't enough for an app to be considered secure . In this day an age where most apps are web based and even open source some of them , I think that first of all it should be our duty to protect the customer/consumer rather than make him protect himself . Most of everyone knows how to get user input from the UI but how many out here actually think that the normal dummy user might actually type unintentional malicious code which would break the app or give him access to something he shouldn't be allowed into ? I've seen very few developers/software architects/engineers actually take the blame for insecure code . I've seen people build apps starting on an unacceptable idea security wise and then in the end thinking of patching in filters , encryptions , encodings , tokens and days before release realise that their app is half broken because they didn't start the whole project in a more secure way for the user .

Just my two cents...we as devs should be more aware of coding in a way that makes apps more secure from and for the user rather than saying that we had some epic mythical hackers pull all the user tables that also contained unhashed unencrypted passwords by using magix . It certainly isn't magic , it's just our bad coding that lets outside code interact with our own code .

I don't know what you did yesterday, but i did make my company throw away 2 months of progress.
It all started in the beginning, since that i've made numerous complaints about the workflow or code and how to improve it. I've been told off every time, and every time i either told the boss who agreed in the end or wrote code to prove myself. Everything was a hassle and my tasks weren't better.
Team lead: you'll do X now, please do that by making Y.
Me: but Y is insecure, we should do Z.
Team lead: please do Y
Later it turns out Y is impossible and we do Z in the end...
Team lead: please do W now
Me, a few days later: i've tried and their server doesn't give http cors headers, doing W in the browser is impossible
Team lead, a few days later: have you made progress on W?
Me: * tells again it's impossible and uploads code to prove it *
Team lead: * no response *

After that i had enough. Technically i still was assigned to do W, but i used my time to look over the application and list all the things wrong with it. We had everything, giant commits, commented out code, unnecessary packages, a new commit introduced packages that crashed npm install on non-macs, angularjs-packages even though we use angular, weird logic, a security bug, all css in one file even though you can use component-specific css files...

I sent that to my boss, telling him to let the backend-guys have a look at it too and we had a meeting about this. I couldn't attend but they agreed with me completely. They decided to throw away what we have already and to let one of the backend-guys supervise our team. I guess there will be another talk with the team lead, but time will tell.
It feels so good having hope to finally escape this hellish development cycle of badly defined task, bad communication and headache-inducing merges.

So my brother went back to school today. Now, during the 5 years I was there they had the most shit security on their IT systems, but aparently now they have fucked up their ssl. If you try to load the https page it comes up with the warning saying its an invalid certificate, but once you click it, it doesn't even load the school website, it loads this random page. Clicking on the buttons then take you to a page under their domain provided by another school. Going to this schools website, the https seems to be broken in the exact same way. It wouldnt be so bad, but it can confuse the hell out of people who type https before a url, and thos who dont realise and end up on the insecure site will need to provide passwords over an insecure connection. I am so glad im out of that place, they had such crap IT and everything was so easy to break.

So I just recently had the pleasure to set up a Rails environment for a friend on Windows. I haven't used Windows in about 5 or 6 years, and the person I had to set it up for doesn't know much about programming at all.

I all went fine at first, install database, devkit thingy and git. Then set up the project itself. And there is where the problems started.

First windows would refuse to use SSL, because of some weird bug in the Windows version of rubygems. The suggested upgrade did not work so I had to switch some gem sources to insecure connections, but at least it did install everything correctly.

Alright, I thought, that's not _that_ bad, everything is running now.

He sent me a screenshot some time later. Something was wrong with the JavaScript runtime, and I could not figure out for the life of me what the issue was.

Later again he sent me another screenshot.
His Antivirus spyware was messing with the asset pipeline. (╯°□°）╯︵ ┻━┻

This was the point where I just said "FUCK IT, i'll just put everything into a fucking VM and let him use that".
I should have done that in the first place.

Long story short:
Setting up a development under Windows is painful.
Do yourself a favor and just use a VM.

...sincerely?
FUCK YOUR PASSWORDS

FUCK YOUR PASSWORD REQUIREMENTS.

FUCK YOU thinking you are the most important site in the universe so of course everyone will remember their password mangled beyond the original intention/recognition by your idiotic requirements!

I want to have an insecure password? MY PROBLEM.
I want to have the same password everywhere so I don't have to go through the idiotic "forgot my password" dance each time I try to login into your page? MY PROBLEM!

You're not the most important site in the universe.
I'm getting seriously fed up with this idea in general.
WHAT THE FUCK. Why did nobody come up with nothing better yet?
And the password storages and autocompletions don't count, that's a plaster on top of idiotic paradigm, nothing else.

...how is there nothing more sensible, still, after 18+ years?

Hotel wifi: Weak signal of a slow wifi that works once per 10 minutes
*goes to diff hotel*
New hotel wifi: Weak but stable signal that is fast and works all the time; admin:admin

Most of 2020 was a bad dev experience for me. I was paid to remake a system because it was

a ) insecure
b ) inconsistent
c ) hard to mantain (spaghetti code)

I thought I could focus on the backend and just reuse the front end but even that was unusable.

Basically had to redo it from scratch and since I made the fatal mistake of letting THEM estimate how long it would take, I worked most of the year instead of just 2-3 months.

Never again. After being done with the project I still had to be 'reachable' for the coming weeks if anything happened.

I turned off my phone during one weekend and then the next thing I know the only other dev at that small company is asking me for details on the project (meaning they just decided to offload everything to him). Never heard from them again and I'm hoping that won't change.

Beware small dev companies with less than 5 actual devs.

Best: Dev wise this year has been bad or not-bad but nothing 'great' comes to mind.

My fun times and enjoyments were not derived from dev activities.

i've got my first job after getting out of college. not a great package. I'm learning more, will get experience. i have plans for freelancing and seek a better job. I'm an Indian.

what really upsets me is that I just discovered that I've no knowledge in finance. I'm feeling insecure, afraid and depressed. I'm browsing for some youtube channels, books and podcasts to get some some knowledge about finance and real estate.

all I have is a saving account in SBI bank, I just know how to take money out of it with my debit card and transfer money with online banking

how do u guys do ur finance, where do u invest. do u invest in stock market. insurance?? help me out. i'm fucked.

never thought i can be so stupid, I hate myself, never even thought I'll need financial intelligence.

are there more people like me.

i'm just so down and feeling suicidal.

The job wasn't bad. I started as an intern in a startup. The company did have its problems but the people were nice and I liked the job. But holy shit, I was insecure. I was constantly worrying if I was doing okay or not and even though nobody ever said anything even slightly negative. Since it was a startup, projects did fail and I usually felt guilty and blamed them on myself. Failures that I now understand did not have anything to do with me or my coding abilities and were mostly because of other issues (management, marketing, finances, etc). But all in all, I liked it and I improved a lot. Both technically and non-technically.

Just learnt perfectly what the below joke means:

'I wanted to improve the world, but they wouldn't give me the source code'

I really don't understand why the world is full of obsolete processes that people fight against daily when changing things ever so slightly could take the weight of the world off their shoulders. The same thing goes for my work, I work in finance, and we use a remote app built in Windows forms (not xaml or wpf, the original forms) and it's insecure, slow, buggy, and crashes whenever you press ESC (yes, really). Even worse, I've offered to rewrite their whole network for nothing, just the improvement to people's lives. And they say no! WELL FUCK YOU FOR BEING A PLAGUE ON THE FUCKING WORLD! Why do people insist on staying behind the times when the world could be such a beautiful place?!?

Look, I get it. Wordpress sucks. It’s bloated. It’s slow. It’s not elegant. It’s a nightmare to debug and code for. The plugin ecosystem is an insecure, confusing mess of outdatedness and issues.

We can all agree that in a perfect world all power to determine everything about a website, from the code to the content, would be in our power as developers. But we don’t live in a perfect world. People want convenience, even at the cost of performance and security, and they will inevitably resent technologists who refuse to give it to them. We do ourselves and our customers a disservice when we only do what we feel is in our own best interests or preferences and not what will help them with their realities.

Yes, it sucks. Yes, it’s a pain. Yes, it’s in demand and there’s nothing any of us can do to change that.

And that’s all I have to say about that.

I have been working on this software for 3 years now. The code base was a working prototype made by my boss before I came, not more, not less. Php + Angular. Have been refactoring a lot, backend is backed with hundreds of tests now, frontend still lacks a lot. Still a lot of programm structures are still the same weird ones my boss once created in a rush between two meetings while learning Angular to get the prototype finished. Now it's used in production which makes hard to refactor, because we have to maintain backwards compatibility. Neither the parts I added or refactored completely are satisfying, because they are built on this structures, because i never got any feedback for anything I decided and because I changed my own paradigms over time.

So I am all alone on this project. All genuinly new projects are assigned to the new team members (i was the first one, no we are five plus my boss) because I wont have time, have to maintain the old one. So I never can do something new which is quite frustrating.

I did a little side tool, the only thing I invented and did completely by myself in our repertoire - and now some stakeholder shows big interest onto this. Instead of giving me the task to make a real project from this my boss wants to give it to them to develop it. Why? Because I need more time for the main application.

Also the more the software is used the more bug tickets and feature requests come. I was crying for help for months but the others had appareantly more important stuff to do.

This might be true to some extend. Yesterday we had some kind of crisis meeting and my boss wanted again to assing pur junior to help me, who has a shit load of other things to do and is a student. I insisted that this would not be enough, and one of the fulltime devs has to get involved because the thing is our core application and I am only part time btw. So my boss said we wont decide today but one of them should do it. They should have some time to figure out who which is understandable but it's not that I didn't keep saying this for months. Now they are all like whimp whimp when I have to do php i will quit. The new projects are all typescript, with node backend if any. But alas, one of them even said yesterday he doesn't want to do js anymore. Okay... but... this is our tech stack then get another job allready?

And I should do the same probably. But then again I feel very sorry for my boss who helped me in very dark times of corona and more. If both of us leave, the project he worked on for decade (including convincing poeole, collect money..) might be suddenly at it's end while he is so exited about it's access today...

I also get insecure if it's really that they hate php so much or that they don't want to work with me personally because maybe I am a bad team Player or what?

I experienced the same at my old workplace, got left alone with big parts of the project because they didn't want to do php and js in this case and it ended up five devs doing the python backend and me doing the frontend and the php cms part all alone. Then I quit and now everything seems to happen again.

And then again I think I am only fucked up so hard by this stuff because I do not really like being a developer at all. I only do it for the money and because I am good at it (at least i think so. Nobody ever bothers to ever to read my code and give me feedback, because you know, php and js). So I guess I would hate any other job in the field maybe likewise?

This job *is* convinient, salary, office
position, flexibility could not be better. At the end of the day it's not that stressfull. And i don't have any second of freetime (due to family) or energy i could offer a new and more demanding employer, can't work over time or even take a fulltime position, can't home office, can't earn less, can't travel very long to the office and especially can't go back to school to learn something completely new. Some of these constraints are softwe then other naturally but still my posibilities at the Moment are very limited. That might change in about five years if the family situation changed. So it would most likely be reasonable to stay until then at my current job? And bear being alone with this app, don't getting involved on any new project, don't learn anything new, don't invent anything.

There was one potential way out, they considered offering me PHD position to the upcoming ml part of the project... But I learned that I would attend to a bunch of classes at university first, which i would like to, but I don't think i have the time.

I feel trapped somehow. I also feel very lonely in the Office because those fucktards keep saying in home office.

Man, I don't want to go to work today.

Fucking mongodb... the name is really fitting "mongol db"..
I get that a NoSQL db can be very useful but holy crap mongodb is shit..

Even better is the security.. holy shit it's insecure..

"Just use the configuration to only allow 127.0.0.1" stfu that shit apparently doesn't work on fucking centos..

And yes my customer did get hacked
And yes they did blame me
And yes I did have a backup

Just thought I'd publicly give myself a pat on the back

I haven't been on devrant since 2018, but revisiting old rants I posted now, I feel quite proud that I feel a lot less insecure and fine with not knowing things, and I've learnt a lot! I only think about what an imposter I am maybe once a month instead of once a minute

Go progress! 🎉🎉🎉

Am I the only one who thinks OSX is stupidly insecure unless you encrypt the whole disk? I mean, how dumb is it to boot into safe moot and provide a root shell without prompting for credentials?

Credentials are in var/www/credentials.txt

Working with javascript with java experience is like 'really? you can summon the method from no where and you have one and only god var? ' I'm feeling so insecure.

when you have to use one language inside of another, and you basically have to call functions allowing you to call the other's language function within it, and you get the hell confused, since it gets harder and harder to see what is what and who can call who and how, and the compiler ofc. won't say anything about it since it only cares about the main language you are in and not the nesting of the other...
I just have no idea what I'm doing right now, or if my thought process and understanding of this is even close to where it is supposed to be.
D: I'm just confused and insecure about this right now....

time for experiments to figure this out, and get the hang of it

TLDR; Default admin login on WEP encrypted WLAN router for getting free stuff at my hair stylist studio.

Free WLAN in my hair stylist studio: They had their WEP key laying around in the waiting area. Well, I am not very happy with WEP, thought that they never heard of security. Found the default GW address, typed it into my browser and pressed Enter, logged in with admin/1234 and voila, I was root on their ADSL router 😌 Even more annoyed now from such stupidity I decided to tell the manager. All I told him was: You use a default login on your router, you give the WiFi password for free, WEP is very very insecure and can be hacked in seconds, and do you know what criminals will do with your internet access? He really was shocked about that last question, blank horror, got very pale in just one sec. I felt a little bit sorry for my harsh statement, but I think he got the point 😉 Next problem was: he had no clue how to do a proper configuration (he even didn't knew the used ISP username or such things). Telled me that 'his brother' has installed it, and that he will call him as soon as possible. Told him about everything he should reconfigure now, and saw him writing down the stuff on a little post-it.

Well, he then asked me what he can pay me? Told him that I don't want anything, because I would be happy when he changes the security settings and that is pay enough. He still insisted for giving me something, so I agreed on one of a very good and expensive hairwax. Didn't used it once 😁

Some weeks later when I was coming back for another hair cut: Free WLAN, logged in with admin/1234, got access and repeated all I did the last time once more 😎

HOW CAN YOU NOT LEARN FROM FAILS??

A conversation between an offshore developer and his manager at a fortune 500:

I'm a software developer and the company I work for is a vendor for $manager's and $offshore_dev's company. They provide endless hours of entertainment/terror. Recently, we've been trying to convince them that they need to stop sending sensitive information plaintext over HTTP and set up TLS/HTTPS which has led to tons of fun conversations such as this one they had during a conference call:

* $manager: "Did $offshore_dev implement TLS1.2?"
* $offshore_dev: "Yes, we enabled a parameter in the code to enable TLS1.2 in the code but according to $me's email, this requires HTTPS in order to work."
* $manager: "No this works, we're using TLS in $other_application right now."
* $offshore_dev: "Well, $manager, it's implemented but it currently doesn't encrypt anything as such."
* $manager: "Okay, HTTPS is in the roadmap in the next quarter, we can move forward without this for now."

I started searching for a job as I'm insecure at my current position because of this pandemic. What I found is ridiculous.

Companies are looking for junior developers with an experience of a senior developer ready to work for a salary of an intern 😭

During one of our 'pop-up' meetings last week.

Ralph: "The test code the developers are checking in is a mess. They don't know what they are doing."

ex.
var foo = SomeLibrary.GetFoo();
Assert.IsNotNull(foo);

Fred: "Ha ha..someone should talk to HR about our hiring practices. These people are literally driving the company backwards."
Me: "I think unit testing is complete waste of time."
- You could almost see the truck hit the wall and splatter watermelon everwhere..took Ralph and Fred a couple of seconds to respond
Fred: "Uh..unit testing is industry best practice. There is scientific evidence that prove testing reduces bugs and increases code quality"
Ralph: "Over 90% of our deployments are rolled back because of bugs. Unit testing will eliminate that."
Me: "Sorry, I disagree."
- Stepping on kittens wouldn't have gotten a worse look from Fred and Ralph
Fred: 'Pretty sure if you ask any professional developer, they'll tell you unit testing and code coverage reduces bugs.'
Me: "I'm not asking anyone else, I'm asking you. Find one failed deployment, just one, over the past 6 months that unit testing or code coverage would have prevented."
- good 3 seconds of awkward silence.
Ralph: "Well, those rollbacks are all mostly due to server mis-configurations. That's not a fair comparison."
Me: "I'm using your words. Unit tests reduces bugs and lack of good tests is the direct reason why we have so many failed deployments"
Boss: "Yea, Ralph...you and Fred kinda said that."
Fred: "No...we need to write good tests. Not this mess."
Me: "Like I said, show me one test you've written that would have prevented a rollback. Just one."
Ralph: "So, what? We do nothing?"
Me: "No, we have to stop worshiping this made up 80% code coverage idol. If not, developers are going to keep writing useless test code just to meet some percent. If we wrote device drivers or frameworks for other developers maybe, but we write CRUD apps. We execute a stored procedure or call a service. This 80% rule doesn't fit for code we write."
Fred: "If the developers took their head out of their ass.."
Me: "Hey!..uh..no, they are doing exactly what they are being told. Meet the 80% requirement, even if doesn't make sense."
Ralph: "Nobody told them to write *that* code."
Boss: "My gosh, what have you and Fred been complaining about for the past hour?"
- Ralph looks at his monitor and brilliantly changes the subject
Ralph: "Oh my f-king god...Trump said something stupid again ..."

At that point I put my headphones on went back to what I was doing. I'm pretty sure Fred and Ralph spent the rest of the day messaging back-n-forth, making fun of me or some random code I wrote 3 years ago (lots of typing and giggling). How can highly educated grown men (one has a masters in CS) get so petty and insecure?

A random story that just popped back into my head while reading another rant:

Long ago, we developed our own webmail platform at the request of clients. After it was finished, it was never updated and eventually turned into an outdated insecure steaming pile of crap. Up until ~2015, it looked like the first iteration of AOL Mail from the 1990s (and it functioned as such too.) Years, we decided to sunset the platform, and allotted 6-months or so to transition all the active users off the platform and over to an alternative email provider. We had to call each client multiple times and send multiple emails with a deadline detailing when the service would be shut down, and we'd explain that if they didn't transition over to a new service and transfer all their emails before that date, then the emails would be lost forever. Lo and behold, a handful of clients ignored our repeated contact attempts, and we shut down their email service (as we told them that we would.) Of course, they called screaming and panicking "OUR EMAIL IS DOWN OUR EMAIL IS DOWN WE'RE LOSING MONEY FIX IT NOW!!!!," and we told them "We attempted to contact you multiple times, and you neglected to return our numerous calls or emails. We're happy to help you transition your old email addresses to this new provider, but because you neglected to follow the cushy deadline we provided you, all of your emails are gone."

Of course, they denied having ever received our calls/emails, and we'd have to provide them with our outgoing call recordings to prove that we did in fact contact them multiple times. Then they'd blame the mishap on their secretary, who would blame it on the intern, who would blame it on the IT guy, who would blame it on the janitor, and so on and so forth.

Moral of the story: always keep outgoing call recordings when you're sunsetting a product.

In uni
Lecturer: SOAP is insecure...

In interview: Any disadvantages you see with SOAP?

Me: The last i read SOAP is insecure. Im abit rusty with this knowledge

Interviewer: ahhh okay, SOAP is actually secure...

DAMN YOU LECTURER!

Is it OK to punch a game dev who codes stupid numeric bugs?

So my wife got into Stardew Valley, that admittedly awesome comfort game farming simulator.
She went pretty far in the game, and found some item that was supposed to highly increase the damage she could inflict onto cute little monster thingies.
It didn't work as intended.
Since equipping the piece of shit all her hits did 0 damage. She tossed the item away but the problem persisted. And on and on...
She took to the googles to try and find some explanation, and apparently that is a fairly common bug for mobile devs.
Then she called in the big guns (that is how I'm calling myself in this case, you will see why).

Apparently there is some buggy piece of shitcode somewhere in the game with a numerical insecure routine that overflows the attack modifier. I.e. if it was supposed to increase from 1.990 to 2.010, it actually went all the way down to -0.4.
She was lucky her attacks weren't increasing the monsters' HP.

We found a forum post where some dude said that he managed to edit the game save file and reset the negative-value attack increase modifier variable. Seems easy enough at first, but my wife uses iOS. Nothing is ever so straightforward with apple stuff.

We did get to the save file, she emailed it to me (the file has no extension and no line breaks in it, so we facepalm'd on a couple attempts at editing it directly).
I finally manage to get it into my personal 11-yo laptop... that won't open a single line file that big.

Cue the python terminal. Easy enough to read the file into a string var and search for the buggy XML tag. Edit the value and overwrite into a new file. Send it back to her by email. Figure out how to overwrite the file in iOS.

Some tense moments while the game reloads... and it works!!!! Got some serious hubby goodwill points here.
Srsly, this troubleshoot process is not for technophobes. It is out of reach to pretty much every non-techy user.

And now back to the original question: If I ever manage to find the kid who coded a game-breaking numerically unsafe routine and shipped it as if every test in the planet had waved it bye-bye, can I punch them? Or maybe buy them a beer, let's see how I get to cash that hubby goodwill tonight :)

that feel when I am the only one in team who knows at least one framework.. and coworkers refuse to learn and instead copy and paste code parts from old, insecure apps into new apps... 😐

Each time I login at GitHub and take
a look at featured repos, also when I realize the huge server destroyer bug it's just a misplaced line.
Sometimes I look at some repos and I'm scared to contribute...never contributed once.

left work last night at 4am, leaving the laptop at the office disgustes. now i feel insecure for leaving it there on a sunday

DevRant doesn't let you choose the protocol for your website. Seeing http:// on my profile makes me feel insecure.

Refactoring is like dating. You have to remember stuff, maybe you're insecure and you may have to overcome yourself to actually do it.

But when it works out, it's great.

I hate applying for a job online. For some reason it just doesn't work out for me. I have a lot of humor but today my interviewer asked me if i was insecure doing that. I'm like "No, my whole family is like this".

But that's beside the point. Every company thinks they're so special. Well, some do have special benefits. But after a few times turned down my ego starts to break.

I'm so done with this new type of interviewing

That moment when you realize that writing “that moment when...” is because you’re too passive and insecure to just say what you really want to say...

I had to create an account on a website. I used LastPass to generate a strong password. I entered it and got the following message:
"Password must be between 8 and 16 characters and must have special characters (? , ! & #) and numbers"
My password was 20 characters, me annoyed to generate a 16 character password. Filled it in and got the same error. That was it for me.
Who dafuq limits a password to 16 characters, that's fucking nothing. It did not accept all special characters, only the ones that were showed (like 5 or so).
And here comes the worst part...
It's a bank website! I had to create the most most most insecure password in history for it to work.

I can now leave freely without any regrets!
The slight misgivings I had about leaving this place over the toys they provide, is now gone because I re-realized that while this place adopts new tech, it doesn't adapt to it. So they have shiny tools but the people and processes won't change.
It seems to me that due to pressure to deliver, there is little thought/analysis behind any tech change.

They don't plan to change their wretched delivery pipelines. Everything will be same but on git. So no velocity gains, and same bureaucratic review request process. Such a waste. This attitude applies to their other tools too. They are using a unit test library to write tests that don't use mock. They are using modern languages but without modern idioms. It's like writing C code in C++. And of course theoretically we are agile but actually we're just a waterfall team with managers on our ass everyday and tighter release schedules.

Reminds me of @boombodies recent posts and discussion about business spaghetti reflecting in code.

There are possibly multiple reasons for these problems but I think a large part of it is a lack of empathy/mutual respect. Everyone's too insecure, noone cares for anyone but themselves and people just try to outwit each other.

I work for an investment wank. Worked for a few. The classic setup - it's like something out of a museum, and they HATE engineers. You are only of value if work on the trade floor close to the money.

They treat software engineering like it's data entry. For the local roles they demand x number of years experience, but almost all roles are outsourced, and they take literally ANYONE the agency offers. Most of them can't even write a for loop. They don't know what recursion is.

If you put in a tech test, the agency cries to a PMO, who calls you a bully, and hires the clueless intern. An intern or two is great, if they have passion, but you don't want a whole department staffed by interns, especially ones who make clear they only took this job for the money. Literally takes 100 people to change a lightbulb. More meetings and bullshit than development.

The Head of Engineering worked with Cobol, can't write code, has no idea what anyone does, hates Agile, hates JIRA. Clueless, bitter, insecure dinosaur. In no position to know who to hire or what developers should be doing. Randomly deletes tickets and epics from JIRA in spite, then screams about deadlines.

Testing is the same in all 3 environments - Dev, SIT, and UAT. They have literally deployment instructions they run in all 3 - that is their "testing". The Head of Engineering doesn't believe test automation is possible.

They literally don't have architects. Literally no form of technical leadership whatsoever. Just screaming PMOs and lots of intern devs.

PMO full of lots of BAs refuses to use JIRA. Doesn't think it is its job to talk to the clients. Does nothing really except demands 2 hour phone calls every day which ALL developers and testers must attend to get shouted at. No screenshare. Just pure chaos. No system. Not Agile. Not Waterfall. Just spam the shit out of you, literally 2,000 emails a day, then scream if one task was missed.

Developers, PMO, everyone spends ALL day in Zoom. Zoom call after call. Almost no code is ever written. Whatever code is written is so bad. No design patterns. Hardcoded to death. Then when a new feature comes in that should take the day, it takes these unskilled devs 6 months, with PMO screaming like a banshee, demanding literally 12 hours days and weekends.

Everything on spreadsheets. Every JIRA ticket is copy pasted to Excel and emailed around, though Excel can do this.

The DevOps team doesn't know how to use Jenkins or GitHub.

You are not allowed to use NoSQL database because it is high risk.

"My generation's obsession with having established careers before 25 has led to everyone being hyper competitive, opportunistic, self-centered and deeply insecure. I wish everyone could relax a bit!"

I came across this quote few days back and I don't know why but this did hit me hard. Every word was so so true, I wish I along with everyone of this age group could relax a bit and enjoy this wonderful life.

Do you feel the same as I do, or is it just me ?

How can I ask my coworkers for feedback without coming off as insecure?
A year and a half ago I got my first job as a remote developer when I was 30. I've done web and IT related jobs before but not full time development. Everything was fine for the first 10 months and then I started getting negative reviews, that my productivity rate is much lower than the rest of the team. I felt really sad and stressed, which led to a minor breakdown, which led to my contract being changed from a full time employee to a contractor that gets paid by the (estimated) hour. After a bit of research, I found out that my productivity rate was low because I was the only developer following our "One test per pull request" policy, which was obviously cancelled at some point, but nobody informed me. I didn't bring this up to my boss because I didn't want to make my manager and coworkers look bad. Working as a contractor isn't so good because a lot of times my features are delayed because of external factors I can't control(code reviews, testers, tests randomly breaking). I want to find out if I'm a bad developer or if the company is trying to cut costs by taking advantage of my insecurity and inexperience.

So, the internet is over. Just in case you didn’t notice. If you post a link to anything that involves you: an article, a podcast, a thing you built, a video you made - then mods and admins and trolls get their pitchforks and ban you or roast you or delete you.

This is not the way.

Not only are the walled gardens of apple, Twitter, Facebook/Instagram, breaking the web into little areas - and marketing is buying your time - but we’re doing it to ourselves too.

I can’t post a video about some of my favorite programming books in
/learnprogramming or I’m immediately banned!? Every link that takes people away from your ad dollars is ‘spam?’ Without any useful discourse and content - then why would anyone be there in the first place.

One time I posted a link HERE about how people could get CSS help in the CSS discord and I got fire-stormed for self-promotion. Really? Hundreds of hours helping people learn programming - for free... is my self promotion? Is everyone so insecure that they can’t allow anyone else to talk about their work? It’s super scary.

This is how you control people. This is Nazi shit. It’s a slippery Slope. Watch out.

And whatever you do... don’t share links to your things. That is NOT what the internet was made for.

I am insecure about using graphical user interfaces. E.g. IDEs, COTS systems, cloud tools, and ERPs. If I don't know what is happening inside the box I don't feel like I know what I'm doing.

Because of a ridiculous strict server environment (where even PHP was not allowed) he proposed that I could connect over Skype to do my stuff in typo3, which than could be exported to plain html to run on their server.
SSH or even remote desktop would be to insecure.

Today I noticed how incredibly insecure IBANs are.

You give it to anyone who wants to transfer money to your bank account, and all you need to perform a transaction is an IBAN, the account holders name and his signature.

So anyone who has your IBAN, your name and your signature (which all can occur in a single mail) can just send himself money from your account, cash out and move away. Noone can prove that it wasn't you who did the transaction and you couldnt find the guy.

And this is what all the banks in Europe use? What am I missing here?... how can a system this important be this insecure?

I recently celebrated a rather significant birthday and it got me to thinking what's changed about me over the years.

Young me: Feared that I wasn't a supremely talented software developer and completely insecure about it.

Older me: I know I'm not a supremely talented software developer... and that's ok.

My new project: a camera sends an image of the electricity clock to a server that does ocr and submits the value to the electricity company on the 5th of every month

Current progress: spent 4 hours trying to get emails to work in scala when i found on an obscure forum that you have to enable insecure app access in your gmail to use smtp

OpenSSH has announced plans to drop support for it's SHA-1 authentication method.

According to the report of ZDNet : The OpenSSH team currently considered SHA-1 hashing algorithm insecure (broken in real-world attack in February 2017 when Google cryptographers disclosed SHAttered attack which could make two different files appear as they had the same SHA-1 file signature). The OpenSSH project will be disabling the 'ssh-rsa' (which uses SHA-1) mode by default in a future release, they also plan to enable the 'UpdateHostKeys' feature by default which allow servers to automatically migrate from the old 'ssh-rsa' mode to better authentication algorithms.

I got a REALLY nice compliment from my dev team today. But first, the setup...

Tuesday night, I pushed some changes before I left that totally borked the build today when my team pulled changes (this is an off-shore team, so we more or less work opposite hours). Fortunately, my team dealt with it easy enough since (a) it was pretty obvious what happened, and (b) my commit message had enough information to help them know for sure, and they just reverted one file and were good to go for the day (they didn't fix the problem, left that for me to do, which is proper).

It was an absolutely stupid, careless mistake: I somehow copied the contents of a JS file into a JSP and pushed it. Just a simple case of too many tabs open at once and too many interruptions while I'm trying to code (which is typical most days, unfortunately, but this day it had an impact other than just slowing me down).

But, those are the reasons it happened, they aren't excuses. It was carelessness, plain and simple.

So, once I fixed it, I sent a note to the team explaining it. It basically said "Look, that was a dumb, careless mistake on my part, my bad, sorry for the inconvenience, it's fixed now."

I had a message waiting for me in my inbox this morning that said how I'm an inspiration because despite all my knowledge and experience, despite being a long-time lead, they (a) appreciate the fact that I'm human and still make mistakes, and (b) I stand up and take responsibility when it happens and then do what's necessary to reverse the mistake.

That made my day :)

To me, it's just the right way to be (I credit my parents 100%), never occurs to me to do otherwise, but the truth is not everyone can say the same. Some people are insecure and play the CYA game right away, every time. Some people act like they never make mistakes in the first place.

I don't care if you're an experienced dev or a junior, always take responsibility for your actions, especially your mistakes. Don't try and bullshit your way out of them. Sure, it's fine to explain why it happened if there were factors beyond your control, but at the end of the day, own up to them, apologize where necessary, and then put in the effort to make it right. Most people have no problem with people who make mistakes every so often - everyone does, whether everyone admits to it or not - but those who try and shirk responsibility don't last long in this or any endeavor (you know, putting aside the professional bullshitters who build their careers around it... that's not most people, thankfully).

Today spent 20min in a senior android dev interview debating an ex backender CTO about the importance of final classes where he tried to pull out some sort of perfect answer from me about it. Ironically this is the same CTO who failed managing a previous android contractor who was supposed to rewrite old app and ended up with an even shittier new app in 6 months of time. Now they are insecure and are looking for a new contractor who will be micromanaged this time.

But hey I guess he knows the importance of final classes. Some CTO's need a reality check and at least some business training, because your perfectly written app is useless if it doesnt fulfill business needs.

Their app is based on heresdk and built around navigation. The biggest bottleneck is that it works shitty on low end devices so their competition solved this problem by using a whitelabel rooted tables with a custom ROM wher u have full control over hardware, permissions and battery management. However this startup thinks they can build a perfect navigation app which will work perfectly on all devices while at the same time while also relying on a poorly optimized navigation sdk. Poor initial strategy I'd say and they didnt learn from previous 2 failures, now they are searching for the next savior android contractor who will have to solely implement evrything.

So we are migrating between different hosts so I write a nice script to move two pieces of encrypted data between the two, one over ssh, the other over https to two separate end points. One boss says can’t do that as it is insecure because they come from the same script!

Another boss objected that I wrote a script to dump databases in bash rather than like his in PHP even all his PHP does is run the same bash commands, I just took out the middleman and made it faster.

#baddayintheoffice #anyonelookingforaseniordev

Mozilla has announced plans to remove support for the FTP protocol from Firefox. Users won't be able to download files via the FTP protocol and view the content of FTP folders inside the Firefox browser.

According to the report of ZDNet: Michal Novotny, a software engineer at the Mozilla Corporation said "We're doing this for security reasons, FTP is an insecure protocol and there are no reasons to prefer it over HTTPS for downloading resources. Also, a part of the FTP code is very old, unsafe and hard to maintain and we found a lot of security bugs in it in the past." Novotny says Mozilla plans to disable support for the FTP protocol with the release of Firefox 77, scheduled for release in June this year.

Users will still be able to view and download files via FTP, but they'll have to re-enable FTP support via a preference inside the about:config page.

Not a rant but I kinda wanted to see if anyone else feels the same way and might have advice on how to overcome this:

So I work as a student in research. Meaning there is not much documentation and things are chaneging fast, some things are also fairly complicated.
I have a really good supervisor.

However. I am super scared of asking about how things work. Whenever we discuss things and she notices I'm insecure about how something works, she explains it to me patiently. No probs. But insead of asking I just try out random stuff for hours. Having no clue about how things work and what I'm doing. In the end she is able to explain the issue to me within a minute.

The thing is, I think that trying to figure stuff out on my own, is the right approach. Not daring to ask questions or express my theories is really bad. I get super anxcious. Most of the time my theories and assumptions are correct. I just never dare to voice them.
The irony is, that I'm perfectly fine whenever I talk about or hold presentations which are not CS related. But if I have to do that on a CS topic I just die. I freezze, stutter, everything.... T_T
Like come on. They can't do anything to me except correct me... jeez.

Maybe I am just sensitive.. but sometimes I feel that my new manager is being a little harsh on me.

Again, he might behave the same with everyone and I am assuming that it's just me.

1.5 months in the new job and not a single good comment/feedback I recieved from him. It's not that he criticises me or my work, or calls me a dumbass.

But whenever I submit anything for review, I get a ton of feedback where he expects everything to extreme precision.

He guides me, explains me post my failure, and has specific pointers of what he wants/how he wants things.

But all I am given is a set of documents to read initially with an expectation that I have to figure things out. When I am not upto the mark, he then guides me.

Why I worry?

1. I am on probation and this place is a start-up, don't want to get fired.

2. They got me as a Sr PM (which was also my previous role where I excelled), so I fear that expectations would be high from me. Failing to deliver those might get me in trouble.

3. He isn't a micro manager and quite supportive, but his communication style isn't working for me (so far).

Somehow, as always, I am getting along well with everyone in the org and everyone is talking good about me.

But with my immediate boss, the imposter syndrome kicks in real hard and I am super insecure. Every time I have to interact with him, I get super stressed and anxious.

I know things take time, but given that I am a Sr PM (and my boss expects me to be a lead PM, a position higher than current), I feel if the expectations are not delivered then I might get fucked.

So the time has come for me to officially say "Fuck IE".

The potential client, one of the major hospital chain in the country, wants the site to work in Internet Explorer. Can't believe they are still clinging on stupid IE because Google Chrome is insecure 😂

There is no way all the charts and graphs we made would work in IE.

To top it off, the "bluffon" boss came up with idea of using flash to display this features on IE.

It's fucking 2017!!

At 4am there was some random youtuber in my head that reads reddit posts and he presents me one but it's blurry and he says hi there how you there are stupid but how stupid you are, humming hammers,
MOMMY THATS SWEET MIAMI MOMMY THATS SWEET MIAMI he's insecure go back then hayeens HIGH WINS HIGH WINS HIGH WINS HIGH WINS and he never stops
It literally feels like a broken neural network output, meaningless. But it's in my head, I never asked for this but it's there generating itself

While trying to fall asleep, I came to the conclusion that a solution to privacy would be an encrypted p2p messenger. You'd need a dns-like system that can tell the peers how to contact their communication partners. Then I searched for one, and there was a good looking one, but it wasn't open source. looks secure otherwise, but perfection looks different.

Can anyone recommend something similar to kripter/tell me why it would be secure/insecure to use their service instead of, say, signal? Not that I truly NEED this, but I at least want to try it :)

As a dev, how can you work with a teamlead that second, third and 4th guesses your decisions?

Simple example: fixed a bug, but temlead was shitting bricks about some error. Did a thorough research and told him that that error message was already in codebase for years and can be safely ignored because there is no workaround. Main thing is that our solution is working and I followed the latest standards. Basically I had to advocate for myself. Fine. Shit happens I get it. But it seems that this is becoming a pattern.

Then I had to do another issue: fix some bugs. While testing I was not able to reproduce any bugs. Filmed a video of app, attached all proofs to the jira issue and informed the teamlead. He couldnt believe his eyes! One month ago he saw the bug and now its gone! I had to retest 3-4 times everything and he still doesnt take my word for it.

I cant continue working like this. I have few years of experience under my belt, never had to deal with such insecure teamlead. How can I work if he second guesses everything what I do? Jesus.

The current finish of the whole network stuff is... exhausting.

We are in the finishing phase...

Like in the Simpsons:
Knife goes in, guts come out.

I've debugged today 4 h DNS...

One of the nodes - and the only node of 5 - didn't resolve one zone of many correctly.

It always tried to resolve via INet / Dot ...

So a _very_ special snowflake.

After going crazy... I decided to isolate the setup and increase verbosity for debugging.

It tourned out that the DNS server answered correctly - but was asked then again for a response by the defective node.

So I ripped out DNSSEC out from the DNS server, hoping the defective node would be fine with it.

Nope. It resolved then by itself via internet...

Well...
A lot of domain-insecure sprinkles later the defective node behaved correctly.

But why the fuck does _ONE_ single fucking stupid cunt machine decide to go rogue? Every node is equal....

It's just... Insane.

And reading the logs was insane too.

This is the story of probably the least secure CMS ever, at least for the size of it's consumer base. I ran into this many years ago, before I knew anything about how websites work, and the CMS doesn't exist anymore, so I can't really investigate why everything behaved so strangely, but it was strange.

This CMS was a kind of blog platform, except only specially authorised users could view it. It also included hosting. I was helping my friend set it up, and it basically involved sending everybody who was authorized a email with a link to create an account.

The first thing my friend got complaints about was the strange password system. The website had two password boxes, with a limit of (I think) 5 characters each. So when creating a account we recomended people simply insert the first 5 characters in the first box, and the rest in the second. I can not really think of a good explanation for this system, except maybe a shitty way to make sure password are at least 5 characters? Anyway, since this website was insecure the password was emailed to you after the account was created. This is not yet the WTF part.

The CMS forced sidebar with navigation, it also showed the currently logged in users. Except for being unreadable due to a colorful background image, there where many strange behaviors. The sidebar would generally stay even when navigating to external websites. Some internal links would open a second identical sidebar right next to the third. Now, I think that the issue was the main content was in an iframe with the sidebar outside it, but I didn't know about iframe's back then.

So far, we had mostly tested on my friends computer, which was logged in as the blog administrator. At some point, we tried testing with a different account. However, the behavior of sidebars was even stranger now. Now internal links that had previously opened a second, identical sidebar opened a sidebar slightly different from the first: One where the administrator was logged in.

We expirimented somewhat, and found that by clicking links in the second sidebar, we could, with only the login of a random user, change and edit all the settings of the site. Further investigation revealed these urls had a ending like ?user=administrator2J8KZV98YT where administrator was the my friends username. We weren't sure of the exact meaning of the random digits at the end, maybe a hash of the password?

Despite my advice, my friend decided to keep using this CMS. There was also a proper way to do internal links instead of copying the address bar, and he put a warning up not to copy links to on the homepage. Only when the CMS shut down did he finally switch to a system where formatting a link wrong could give anybody admin access.

SQL was never meant to be used in web applications. It is inherently insecure in its c&c schema. Can we please fucking stop using databases that are not designed for the web in the web? Please?

(I know, I know, we’re stuck with what we have. But for fok’s sake, I want to strangle that muthafucka who thought it’s a good idea…)

Most of the people here are SoOoO insecure and self conscious about their programming abilities they have to complain about other languages they don’t know anything about.

This b2plane guy is really something

I mean I felt dumb and insecure about my job and now I don't :v

I want to rant here but I have a lot of backlog. They’re all pretty deep for refinement. So I want to put them all in one sprint. Because I don’t want a marathon of ranting.
But I do realise in IT sprints never end, and eventually turn out to be a marathon of sprints. I came to a point to deliver over 100 story points in one sprint. Maybe I shall write a book instead of exploding this app.
I could have never imagined the dark side of this occupation.
However I love coding so much I’ll brush the backlog under the carpet😏

But you know there are always saviour heros wanted for refactoring. This honour goes to:

The arrogant guys who think they’re a genius when their code compiles.
The insecure guys who want to overpower the next available when their code doesn’t compile.
The egoists who like to underestimate and show of, where their faulty biased googles display a little girl instead of a developer.
The aggressives when they are invited to the reality and kindly offered to sit back on their place.

I hope this rant wouldn’t ouch anyone. If it does, not sorry, the message is delivered.

If there’s an offence or reaction to this refactoring job, the 4th one would be offered to clean the mess.

I'm one month of finishing college, I have failed to pass an intership in a company I would have loved to join and I'm kind of insecure about what is made for me to be doing in the future.

So far.. I.m like a bit of front-end but not so much, I'm like now a bit of programming but I have a hard time underdtanding its logic and I struggle daily to learn to live. Wish to get into workouts aswell but I'd like to do so for getting healthier instead of good looking. Yet, i feel pretty healthy even tho I smoke a lot of pot..

I don't see the point of recruiters anymore. If they are just as insecure as a person that prefers a job above working freelance than ... What's the point of those fuckers? They contact you - they see you're young with a lot of humor and ask for your insecurities. Uhmmzz.. I have none when it comes to work. Only insecurity in the room is theirs.

TLDR; second time today: fuck recruiters

Just a reminder that Terraform is insecure by design and if you even THINK about using it to execute CI/CD deployments not built into the cloud (Jenkins, on-prem CI/CD, etc...), then you're a DOUBLE fool. God i hate my infra team sometimes...

I recently became manager of the student radio at my university. Our servers are extremely old and insecure, so I am currently working on getting some new servers up hosted by the university’s IT department as a replacement.

Meanwhile, a few days ago someone unauthorized have fucking accessed our server, deleted /home folder and a bunch of other shit, then cleared the history of the user. Why the fuck what someone do that? What the fuck did they achieve? What is the fucking point? That fucking piece of shit left his IP address though when he signed out from the server...

I just don’t fucking get why the fuck someone would do that? They don’t achieve a fucking shit about it, only fucks with us trying to save the radio from dying.

Hi guys, this is my first post, I am currently doing an internship as a backend intern and I'm constantly anxious if I'm good enough I come from a no name college and everybody here is from a top tier college and I constantly worry that I am not on an equal footing as other interns.

Make no mistake I work hard, yet I start to feel insecure. I hope this feeling goes away when I get more experience.

PHP is so insecure and vulnerable that it makes me feel unsafe. It has so many features and settings that can lead to security risks, such as register_globals, magic_quotes, and allow_url_fopen. It also has so many functions that can execute arbitrary code or commands, such as eval, exec, and system.

It is like PHP was designed by a bunch of hackers who wanted to exploit every possible loophole.

Why the hell do people still use Java? It's so slow, messy, insecure, and heck, it doesn't even have unsigned integers, bytes etc.? Like wtf?

I don't like windows since it's proprietary and insecure, but dual boot it for games and never had problems with windows update.

Oh china, you always know how to snap me out of long stints of mundane and/or annoying, chore-esq work.
//...and letting me excuse a 10min, otherwise purely wrong procrastination down a current political rabbit hole

I gotta say, at least in china they are bold enough to put their image and identity on whatever they make... but in that 'im selling pseudo-sex, not because im sexy--just the opposite, so you know I relate' way.

Side note: i got an automated spam call survey yesterday*... it ot got to the 1st (of claimed 3) question.. which had a surprising amount of actual reiterations before looping... it was determined to get opinions(and totally incept the lemmings, soccer moms and politically ignorant into their stance, plus intense rage/disgust/dreams of standing on a soap box and fighting about this new issue they were totally unaware of.)... about this actively serving, politician's demand that china sell tiktok or totally stop allowing any operations/use on american soil... because of the heavily implied heinous nature of controlling and twisting society via media to it's explicitly declared communism... even directly called china, as a whole, communists, with impressive dramatics (and i coached public speaking hs and college kids then over a decade of business consulting, typically involving coaching vocals and implicit vocab)

I actually listened to it because it's what a typical subject, brought out of the koolaid fog, would view as ridiculously ironic(assuming they knew the actual, and therefore inherently ironic, def if irony... most dont. It's disturbing)... but it you have decent common sense, and dont emotionally view your entirety as wrong/broken/needing to be fixed in a cult-like manner, it's the oposite of irony. History of/and politics pull this crap all the time. It still works.

It reminds me of how my moniker, awesomeest, came about. In 3rd grade i realised that even adults, knowing they were chatting with an 8yr old, even if they knew/used the correct spelling of a, less common, term... if i misspelled it as if i thought it was right, theyd actually change their spelling to match (in perpetuity) albeit my vocab was easily high school level by then...likely at least in part to my flawless(aka blind/ignorant) demeanor of confidence that whatever i said/thought was totally correct, as a matter of fact. Not like the insecure ppl trying to prove something

I used to find it so comical... now it's just sad.

This bs automated political spam/manipulation is the modern version of i remember of kids farting in the late 90s... the culprit quickly accusing someone else of their offense, but even extra immature kids 25+ yrs ago figured that out... and even made the retort a catchy rhyme..."the one who smelt it, dealt it"

*i basically programmed in a counter attack/something akin to immature passive aggressive ' who"s really the one wasting the other's time and resources now?!? Ha!' ...odd numbers automatically go into a sort of echo chamber instead of ringing, with a manual escape to actually ringing/calling prompt built in.

I can listen in at any time without it having any effecf/sound too.

I'm curious if anyone participates in these minor acts of terrorism to complete an unrequested, intrusive, and human-less format of a proclaimed opinion poll? And if you do, are you honest? Why do you do it?

Annoyance at spam aside... the real victim I mentally mourn, and view it's method of demise akin to a cardinal sin (assuming religion...blah blah)... is the data! I <3 data... good, unobscured, not contrived, simple, pure, raw data... killed before its birth :'(

Me to my peer: "Yo the code that they sent us works but it sucks and is insecure"
My peer: "Yo that sucks they should definitely change that, go submit a ticket so they change it up, that really sucks!"
Me: *prepares ticket, gets it checked by peer:
My peer: YOoOoO U cAnT tElL tHeM tO cHaNgE oR tElL tHeM hOw tO wRiTe tHeIr CoDe ThAt ThEy DeLiVeR tO uS!1!1!eleven
--
classics

I never had a fight. And I mean never at all, not just dev-related.
I'm not sure that this is a good thing.
Sometimes I wonder, does this mean that I'm a good diplomat, or that I'm not relevant enough to argue with?

Do employer also feel insecure if their employe is very progressive, hyperactive?
Like if he is a good employee then he can get a good offer and can leave current job anytime.

!dev
My date cancelled today because of not feeling well, we are gonna meet up (maybe) in the next few days. That totally not made me feel insecure in any way nononono.....

I'll soon start as a web dev intern, I'm looking forward to it, though I'm also a bit anxious/insecure about it.

Do you guys have any tips for my intern period etc?

If you have a blog, How do you decide what to write and publish on it? And, How do I motivate myself to write posts?

Context: I created my blog/website on 29 September 2017. I had a few ideas on writing blog posts(Condition variables in Go, Serverless related stuff and a whole bunch of posts related to wireguard) but every time I have tried write a post, I learn there is someone else who has already written a post on it and probably better than what I could have done, So what is really the point of writing it? And, I feel very insecure about writing posts, I feel like, If I do write a post, every one will know, I don't know anything about **anything**. :( I know about imposter syndrome, But I don't think I have that. I work with a lot of realllly smart people and I don't know as much as them. So, I am actually an imposter.

edit: I am usually active on Telegram, IRC and I try to help out people. It's easier for me to help people in communities like that but doing the same thing with a blog makes me very uncomfortable.

Kinda related to this site: i click any link in this page and LastPass pops up like "I FOUND A INSECURE LOGIN BRO! I KNOW THERE'S NONE ON THE SCREEN, BUT JUST TRUST ME BRO"

At 4am there was some random youtuber in my head that reads reddit posts and he presents me one but it’s blurry and he says hi there how you there are stupid but how stupid you are, humming hammers, MOMMY THATS SWEET MIAMI MOMMY THATS SWEET MIAMI he’s insecure go back then hayeens HIGH WINS HIGH WINS HIGH WINS HIGH WINS and he never stops

It literally feels like a broken neural network output, meaningless. But it’s in my head, I never asked for this but it’s there generating itself

I try to avoid comparing myself to others. It's easier said than done, but nothing good ever comes of it. Either I'm just telling myself how much smarter I am than somebody (just tearing them down in my mind, not a healthy attitude), or I'm feeling insecure about my own shortcomings (imposter syndrome).

If someone is paying you to do something you're obviously doing it well enough. And even if you aren't currently being paid, as long as you are working on something you enjoy and bettering yourself every day, you're going to be fine.

A very satisfactory debugging happened to me not long ago, when I discovered that assignement in C++ and Python doesn't work exactly the same.. I never took courses in Python so I had no way of knowing. I'm a self taught programmer, so I also always feel a bit insecure about my skills.
What made it really satisfying was that when I finally googled it, it was only to confirm the "diagnosis" that I had already made. I felt like years of struggles got me somewhere, now I feel a bit less insecure about my knowledge and skills in programming. :)

It’s hard keeping your girlfriend satisfied when you’re being pressured to code with less to no bugs. I mean, doesn’t she understand that computers are stunningly stupid, and you have to explain to them every last tiny step that you want them to do, and your explanation can't have any mistakes in it. And why this is the fundamental cause of buggy and insecure software😣

I feel so insecure about my future.

I feel like tomorrow I will be fired because AI can do my job. I've already got a few loans which I need to pay and I don't have any other commercial skills than programming.

I feel like in 5 years I will lose my job due to AI or am I just panicking?

Whenever I have to use anything new, I just follow the requirements - Googling through the whole way, rather than doing a course first. I get really insecure if someone asks whether 'Best Practices' has been used. Sometimes I wonder where would I be without Google and SO. I don't even wanna talk about Maths. I suck at that.

I got in love with an office chair but it is very expensive and I need someone to tell me stuff so I stop feeling insecure about purchasing it.

Advice/input welcome:

I’m nearing the end of my first year of a 2 year SE program at college. I’m considering leaving at the end of this year and looking for a job, but I don’t have much of a portfolio and feel insecure about my ability to make it in this industry. I know it’s probably just impostor syndrome, but it’s a really hard feeling to shake. It’s a trade college, so the program is designed to have students work ready by the end, but there is a certificate for having completed the first year even though most students do both years.

I’m competent with java, web dev including JavaScript vanilla and bootstrap, ok with python and a lil c++, and I used c# over last summer in unity to develop a game I never finished. 2nd year is mostly more of the same, just more in depth. I’m feeling like idgaf about school anymore, and there are some things happening in my life that would benefit from a full time salary and a decent health care plan.

I spoke with an alum of the program who left after one year to work, and he strongly suggested I stay for the 2nd year, but wasn’t clear on why he thought that.

So what I wanna know is, from folks in the workforce, do you think I should stick it out for the last year and then look for work? Or would I be ok to just... go and start looking for a job now?

How do you move clients from an old and insecure integration API, to a new implementation?

What is the reason behind Git Access Tokens being viewable only once after generation on platforms like GitHub? I'm struggling to comprehend this approach as it compels me to store the key in an insecure manner.

Am i overthinking too much or are passwords like this

S9L4dk1i6sy5

Insecure?
This is an example generated by some website where i have activated 2fa and need to generate app passwords to access it from clients

I've thought about it many times to ask them to make it more secure but everytime i think i'm overrracting

I can't recall what platform it was, but upon trying to change my password it would tell me that the new password was too similar to the previous one... :/

I do not feel insecure in my competency as software/Firmware engineer but i started feeling really insecure about being an engineer , mostly because the way Society in general place us
usually it's like

surgeon > physician > Scientist (or any basic science person) > engineer

i didn't realise this before but recently i noticed and i stopped introducing myself as engineer to the people i meet either from my family or from dating apps. Here is the conversation that usually happens

Person: what do you do ?
Me: I build things
Person: so what do build ?
Me: My work involves building lot of things related to smart phone's wireless capabilities.
Person: oh so you manufacture phones ?
Me: No i work in connectivity part of it like bluetooth , wifi
Person: I don't understand, does it involve staring at computers all day (makes a face )
Me: yes 90% of it , I like building things making something new HW or SW and most of them do require a use of computer , even if I was a mechanical engineer computers would be necessary
Person: Hmm if i was not a surgeon i would be hair dresser , because i can't do anything that involves staring at computers all day.

same conversation happened multiple times.
no matter how good you are at writing code or how important task that code is performing , society consider's Software Engineering as a mundane task of " staring at screen "
if that song Remember the name is written for software engineers it will go like

This is ten percent luck
Twenty percent skill
Fifteen percent concentrated power of will
Five percent pleasure
Fifty percent pain
And a hundred percent reason to live in disdain

Need some advise from all you clever devs out there.

When I finished uni I worked for a year at a good company but ultimately I was bored by the topic.

I got a new job at a place that was run by a Hitler wannabee that didn't want to do anything properly including writing tests and any time I improved an area or wrote a test would take me aside to have a go so I quit after 3 months.

Getti g a new job was not that hard but being at companies for short stints was a big issue.

My new job I've been here 3 months again but the code base is a shit hole, no standardisation, no one knows anything about industry standards, no tests again, pull requests that are in name only as clearly broken areas that you comment on get ignored so you might as well not bother, fake agile where all user stories are not user stories and we just lie every sprint about what we finished, no estimates and so forth, and a code base that is such a piece of shit that to add a new feature you have to hack every time. The project only started a few months back.

For instance we were implementing permissions and roles. My team lead does the table design. I spent 4 hours trying to convince him it was not fit for purpose and now we have spent a month on this area and we can't even enforce the permissions on the backend so basically they don't exist. This is the tip of the iceberg as this shit happens constantly and the worst thing is even though I say there is a problem we just ignore it so the app will always be insecure.

None of the team knows angular or wants to learn but all our apps use angular..

These are just examples, there is a lot more problems right from agile being run by people that don't understand agile to sending database entities instead of view models to client apps, but not all as some use view models so we just duplicate all the api controllers.

Our angular apps are a huge mess now because I have to keep hacking them since the backend is wrong.

We have a huge architectural problem that will set us back 1 month as we won't be able to actually access functionality and we need to release in 3 months, their solution even understanding my point fully is to ignore it. Legit.

The worst thing is that although my team is not dumb, if you try to explain this stuff to them they either just don't understand what you are saying or don't care.

With all that said I don't think they are even aware of these issues somehow so I dont think it's on purpose, and I do like the people and company, but I have reached the point that I don't give a shit anymore if something is wrong as its just so much easier to stay silent and makes no difference anyway.

I get paid very well, it's close to home and I actually learn a lot since their skill level is so low I have to pick up the slack and do all kinds of things I've never done much of like release management or database optimisation and I like that.

Would you leave and get a new job?

I need help understanding secured PayPal Express Checkout via my Webshop.

So I basically try to make a lizens system. At the web shop you can add an Server IP and buy my stuff for it. Now I don't know what to do about checking out. I want to use Express Checkout via PayPal but the JS API provided by PayPal seems pretty insecure.

Now should I use the Official PayPal API or should I use an PHP API found on the Internet?

And other things that could help my Webshop are welcome to!

Ie8 is the oldest browser I'll support. Come to me for anything older and I'll refuse. Even then it's a hassle.
Honestly. It's so old and insecure and someone comes to me asking to support ie 6. Really? I mean, a photography site doesn't need to support that old of a browser.