Storytime!

Manager: Hey fullstackchris, the maps widget on our app stopped working recently...

Dev: (Skeptical, little did he know) Sigh... probably didn't raise quota or something stupid... Logs on to google cloud console to check it out...

Google Dashboard: Your bill.... $5,197 (!!!!!!) Payment method declined (you think?!)

Dev: 😱 WTF!?!?!! (Calls managers) Uh, we have HUGE problem, charges for $5000+ in our google account, did you guys remove the quota limits or not see any limit reached warnings!?

Managers: Uh, we didn't even know that an API could cost money, besides, we never check that email account!

Dev: 🤦‍♂️ yeah obviously you get charged, especially when there have literally been millions of requests. Anyway, the bigger question is where or how our key got leaked. Somewhat started hammering one of the google APIs with one of our keys (Proceeds to hunt for usages of said API key in the codebase)

Dev: (sweating 😰) did I expose an API key somewhere? Man, I hope it's not my fault...

Terminal: grep results in, CMS codebase!

Dev: ah, what do we have here, app.config, seems fine.... wait, why did they expose it to a PUBLIC endpoint?!

Long story short:

The previous consulting goons put our Angular CMS JSON config on a publicly accessible endpoint.

WITH A GOOGLE MAPS API KEY.

JUST CHILLING IN PLAINTEXT.

Though I'm relieved it wasn't my fault, my faith in humanity is still somewhat diminished. 🤷‍♂️

Oh, and it's only Monday. 😎

Cheers!

Hey. I have some steam keys I don't want, and I don't really have any friends to give them away to, so. Here you go!

I'll post them in the comments below.

Only redeem them if you actually want the game, and if you've used one please comment or upvote to let others know! Be kind, don't be greedy, honor system, etc. etc.

You've got to be kidding?

My first contact with an actual computer was the Sinclair ZX80, a monster with 512 bytes of ram (as in 1/2 kbyte)

It had no storage so you had to enter every program every time and it was programmed in basic using key combinations, you could not just write the commands since it did not have memory enough to keep the full text in memory.

So you pressed the cmd key along with one of the letter keys and possibly shift to enter a command, like cmd+p for print and it stored s byte code.

I used to do some freelance work for a nonprofit. I’d do some website stuff and gallery sitting.

My friend was the gallery director. When she left, I decided to stop freelancing there and I dropped off the keys with the new director. I told them they could contact me later if they have questions about some things I implemented on the website. The new director thinks I’m a random freelancer and starts to BADMOUTH MY FRIEND, the former director.

Over a year later, the gallery assistant emails me asking about SSL warnings and cc’s the new director. WTF.

1) Those warnings were happening long before I left and long before I even started. 2) I am not your website support. I only invited contact for things I worked on. 3) The assistant already contacted Squarespace and Go Daddy for help and they gave her instructions.

I told her I didn’t set up their website and it sounds like she has the resources to resolve this on her own and she should contact Squarespace and Go Daddy if she needs more help. After all, you pay those companies for their services support and my time isn’t free.

Safari 💩

Dev: Woah look at this code! I might be a genius!

Also dev a few months later: Woah WTH is this shit? Was I totally dumb or what?

FUCK YOU PHP, FUCK YOU SYMFONY AND DEFINITELY FUCK YOU SHOPWARE.

Don't get me wrong, PHP has evolved a lot, but the stuff people are building with it is just the biggest load of fucking shit I have ever seen: Shopware. Shopware is the most ass-sucking abomination to extend. It's nearly impossible to develop anything beyond "use the standard features and shut the fuck up" that is more sophisticated than a fucking calculator.

The architecture of this pile of crap is the worst bullshit ever. A mix of OOP, randomly making use of non OOP concepts and features together with the unnecessarily HUGE amount of useless interfaces and classes. Sometimes I feel like it's 90% fucking shitty boilerplate shit.

And don't get me started with TWIG. It's a nice thought, but WHY THE BLOODY FUCK WOULD YOU NOT USE VUE IF YOU ARE ALREADY USING IT FOR A DIFFERENT PART OF SHOPWARE. This makes no fucking sense whatsoever and makes development of new features a huge pain in the ass. I can't comprehend how people actually like using this shit.

OH AND THE DATABASE. OH MY FUCKING GOD. This one is bad. Ever tried to figure anything out in a database where random strings (yes MySQL "relational" - you might think) that are stored as text in a JSON format make up some object or relations during runtime?? Why the fuck do you have foreign and primary keys if you don't use them properly??

Seriously you can't even figure out which data belongs to what because the architecture just sucks fucking ass. FUCK YOU Shopware wankers, you suck, your product sucks, your support sucks, your architecture sucks and you keep releasing new versions that regularly break shit even in minor versions.

I used to like PHP, but not in projects like these.

My phone was stolen so that's why I wasn't getting here to rant about this, but today I had to make a back up and remembered.
adminer's export function doesn't export the tables in the correct order for import. Doesn't take foreign keys into account.
Dude, that's the whole point of a relational database, relations between tables; if you don't take that into account then what's the point?
Is this the same for the rest of database managers or is it just adminer? Please tell me this isn't normal.

In most businesses, self-proclaimed full-stack teams are usually more back-end leaning as historically the need to use JS more extensively has imposed itself on back-end-only teams (that used to handle some basic HTML/CSS/JS/bootstrap on the side). This is something I witnessed over the years in 4 projects.

Back-end developers looking for a good JS framework will inevitably land on the triad of Vue, React and Angular, elegant solutions for SPA's. These frameworks are way more permissive than traditional back-end MVC frameworks (Dotnet core, Symfony, Spring boot), meaning it is easy to get something that looks like it's working even when it is not "right" (=idiomatic, unit-testable, maintainable).

They then use components as if they were simple HTML elements injecting the initial state via attributes (props), skip event handling and immediately add state store libraries (Vuex, Redux). They aren't aware that updating a single prop in an object with 1000 keys passed as prop will be nefarious for rendering performance. They also read something about SSR and immediately add Next.js or Nuxt.js, a custom Node express.js proxy and npm install a ton of "ecosystem" modules like webpack loaders that will become abandonware in a year.

After 6 months you get: 3 basic forms with a few fields, regressions, 2MB of JS, missing basic a11y, unmaintainable translation files & business logic scattered across components, an "outdated" stack that logs 20 deprecation notices on npm install, a component library that is hard to unit-test, validate and update, completely vendor-& version locked in and hundreds of thousands of wasted dollars.

I empathize with the back-end devs: JS frameworks should not brand themselves as "simple" or "one-size-fits-all" solutions. They should not treat their audience as if it were fully aware and able to use concepts of composition, immutability, and custom "hooks" paired with the quirks of JS, and especially WHEN they are a good fit.

going back to my personal windows laptop till the time new company provides me a new mac, i gotta say i missed this. I don't know, but i think i can never be a extreme mac os or linux fan as much as i like windows (even though my next personal laptop is also going to be a macbook for sure)

mac has the best performance out there when running emulators or heavy intellij ides, but the user experience in windows is 💋💋

i missed how my cursor ran like a tiger on arrow keys press, the ability to create files on right click, having multiple hard drives and organising my files/folders there, being able to control program locations... all these stuff is cool to me. when i was using ubuntu , i could surely do all these stuff too, but it still felt a little unpolished.

i know am about to get roasted in the comment section. so let's begin 😂

vanilla pudding.

So i wanna try explain the concept of JWT to a 5(+55) year old, and also to myself who is noob at web stuff. please tell me if this is a correct analogy, because i am myself confuse regarding how its secure?

So A wants B, a blind jeweller, to keep his super valuable notebook page with bank passwords safe. B says "give me your sheet and 5 nickels". (Assume that every nickel is always 1gm, made up of pure iron . Assume these statements to be true and world-known )

B takes A's nickels, melts them, adds 20gm more iron, adds 25gm copper, adds 25gm aluminum and then adds 25gm carbon dioxide and makes a mixture that is impossible to revert , but will automatically disintegrate after 24 hours due to CO2 (again, pure true statement, but this formula is only known to B) .

He makes 2 exact copies of keys from the 100 gm mixture, gives one to A and says
("Anyone can either give me 5 nickels of same name, markings, and year and i will give them back this secret sheet. or they give me the same key fo next 24 hours,and i will still give them back the sheets. after 24 hours, this key will also not work. I will even keep this on public display that i make keys using the materials I just showed, and then also no one would be able to create he exact same replica because they don't know how much percentage of each material went into the mixture"

So is this true? I have heard my friend boldly claim that they don't store user passwords as plaintext or even encoded text but rather doing this :
user password + company's private key --->[public domain encryption algorithm] = irreversible public key which is saved against user profile as "password"

public key + other info + time bound expiring logic ---->[public domain JWT encrypted token maker algorithm] = reversible JWTToken which is sent back to user

if user sends back token, then
token --> [JWT decoder] = public key + other info

if public key matches the stored public key , then user is a real user and should be given data

if user sends back the original password, then
user password + company's private key --->[public domain encryption algorithm] = irreversible public key .
again if public key matches the stored public key, then user will again receive access?

So this means all the time we are transmitting a lightly jumbled up version of public key, which is itself a hard, almost irreversible jumbled up version of our passwords that can only be unjumbled via a private key (or jewellers mixture ratios) that companies hold dearly ?

Editor [neovim](I know, I'm a degenerate) suddenly stopped responding to all mapped keys and after a while of closing and opening it, commenting out plugins,... it started working again. No idea what happened there!