Its Friday, you all know what that means! ... Its results day for practiseSafeHex's most incompetent co-worker!!!

*audience: wwwwwwooooooooo!!!!*

We've had a bewildering array of candidates, lets remind ourselves:

- a psychopath that genuinely scared me a little
- a CEO I would take pleasure seeing in pain
- a pothead who mistook me for his drug dealer
- an unbelievable idiot
- an arrogant idiot obsessed with strings

Tough competition, but there can be only one ... *drum roll* ... the winner is ... none of them!

*audience: GASP!*
*audience member: what?*
*audience member: no way!*
*audience member: your fucking kidding me!*

Sir calm down! this is a day time show, no need for that ... let me explain, there is a winner ... but we've kept him till last and for a good reason

*audience: ooooohhhhh*

You see our final contestant and ultimate winner of this series is our good old friend "C", taking the letters of each of our previous contestants, that spells TRAGIC which is the only word to explain C.

*audience: laughs*

Oh I assure you its no laughing matter. C was with us for 6 whole months ... 6 excruciatingly painful months.

Backstory:

We needed someone with frontend, backend and experience with IoT devices, or raspberry PI's. We didn't think we'd get it all, but in walked an interviewee with web development experience, a tiny bit of Angular and his masters project was building a robot device that would change LED's depending on your facial expressions. PERFECT!!!

... oh to have a time machine

Working with C:

- He never actually did the tutorials I first set him on for Node.js and Angular 2+ because they were "too boring". I didn't find this out until some time later.

- The first project I had him work on was a small dashboard and backend, but he decided to use Angular 1 and a different database than what we were using because "for me, these are easier".

- He called that project done without testing / deploying it in the cloud, despite that being part of the ticket, because he didn't know how. Rather than tell or ask anyone ... he just didn't do it and moved on.

- As part of his first tech review I had to explain to him why he should be using if / else, rather than just if's.

- Despite his past experience building server applications and dashboards (4 years!), he never heard of a websocket, and it took a considerable amount of time to explain.

- When he used a node module to open a server socket, he sat staring at me like a deer caught in headlights completely unaware of how to use / test it was working. I again had to explain it and ultimately test it for him with a command line client.

- He didn't understand the need to leave logging inside an application to report errors. Because he used to ... I shit you not ... drive to his customers, plug into their server and debug their application using a debugger.

... props for using a debugger, but fuck me.

- Once, after an entire 2 days of tapping me on the shoulder every 15 mins for questions / issues, I had to stop and ask:

Me: "Have you googled it?"
C: "... eh, no"
Me: "can I ask why?"
C: "well, for me, I only google for something I don't know"
Me: "... well do you know what this error message means?"
C: "ah good point, i'll try this time"

... maybe he was A's stoner buddy?

- He burned through our free cloud usage allowance for a month, after 1 day, meaning he couldn't test anything else under his account. He left an application running, broadcasting a lot of data. Turns out the on / off button on the dashboard only worked for "on". He had been killing his terminal locally and didn't know how to "ctrl + c a cloud app" ... so left it running. His intention was to restart the app every time you are done using it ... but forgot.

- His issue with the previous one ... not any of his countless mistakes, not the lack of even trying to make the button work, no, no, not for C. C's issue is the cloud is "shit" for giving us such little allowances. (for the record in a month I had never used more than 5%).

- I had to explain environment variables and why they are necessary for passwords and tokens etc. He didn't know it wasn't ok to commit these into GitHub.

- At his project meetups with partners I had to repeatedly ask him to stop googling gifs and pay attention to the talks.

- He complained that we don't have 3 hour lunch breaks like his last place.

- He once copied and pasted the same function 450 times into a file as a load test ... are loops too mainstream nowadays?

You see C is our winner, because after 6 painful months (companies internal process / requirements) he actually achieved nothing. I really mean that, nothing. Every thing was so broken, so insecure / wide open, built without any kind of common sense or standards I had to delete it all and start again ... it took me 2 weeks.

I hope you've all enjoyed this series and will join me in praying for the return of my sanity ... I do miss it a lot.

Yours truly,
practiseSafeHex

D: “Did the attackers exfiltrate any data?”

M: “I can’t say for sure, but most likely based on—”

D: “—but did you find any undeniable evidence of it?”

M: “Keep in mind that the absence of evidence isn’t necessarily evidence of absence. There was very limited logging to begin with and the attacker erased artifacts and logs.”

D: “If there’s no evidence, then there was no exfiltration.”

M: “If a business doesn’t have cameras on its front door and then gets robbed, it can’t claim there was no robbery just because they didn’t video-record it.”

D: “That’s a poor analogy. Nothing’s missing here. I couldn’t care less if a robber made a *copy* of my money. That isn’t robbery.”

M: “... If the Titanic really hit an iceberg, then how come no pieces of an iceberg were ever found in the wreckage?”

Some guy my girlfriend knows, heard I'm a software developer. He had this 'great' idea on how he wanted to start a new revolutionary way of paying on the internet. He wanted to create a service like paypal but without having the hassle of logging in first and going through a transaction. He wanted a literal "buy now" button on every major webshop on the internet. When I asked him how he thought that would work legally and security wise, he became a bit defensive and implied that since I'm the tech guy I should work out that kind of stuff. When the software was ready, he would have clients lined up for the service and his work would start.

I politely declined this great opportunity

Hoorah! My code finally works! Now gotta remove those 1000 print statements I used to identify the bugs 😥

** The most hilarious authentication implementation I've ever seen **

They stored password in cleartext, but never mind, this is sadly quite common.
For some reasons credentials were also case insensitive (maybe to avoid silly tickets from CAPS LOCK lovers?).

Then I had a look to the query executed during the login:
SELECT * FROM users WHERE username LIKE ? AND password LIKE ?;

So I tried logging in with user "admin" and password "%"... and it worked!
I laughed all the day.

So my friend has two-step authentication for his smartphone.

Now he is not able to find his phone.

So, he tried to find his phone by logging into his google account via Android Device Manager.

Now, it is asking for the authentication pin which is in his phone.😂

He just got deadlocked.

My brother logging in to my facebook to post "i m gayy".

Things were simpler back then.

My classmate just fell for a phishing email from "PayPal."

She was talking about her payment being declined to her friend.

It peaked my attention when she said after logging in, she was lead to a blank page.

I asked if I could see it and it was definitely a phishing email

I will admit, it's one of the most professional phishing email I've ever seen, but the grammar wasn't very professional and the PayPal logo wasn't completely accurate.

Why do these idiots fall for everything?

After several months of bug fixing, I can proudly say the application I inherited at work has gone a whole day in production without an unhandled exception (from a peak of above 1200 a few months ago).

Well, either that or I've broken the error logging and am now living in blissful ignorance.

Me: opens mobile banking app
app: Swipe right to see account balance without logging in
Me: swipes right

app:

I worked on a greenfield project a couple of years ago. The company had an old solution written in Omnis (heard of it? Yeah, me neither) with an SQL database. My team was to create a completely new web based system... on top of the old database, so the customers could keep their existing stuff.

The dba was an intelligent man, one of the nicest people I've met, and over the course of fifteen years he had made a remarkably terrifying monstrosity of a database. Some years before me they wanted to "future proof" the system and make it "easier to switch to new technologies". So they moved the entire business logic into the database...

I used a tool to create a visualization of said database when we started. It had no views, only tables and sprocs. Look at it! Tables and sprocs are rectangles (well, dots) and any connections are drawn in grey lines. There were no foreign keys, so a tables only visualization only yielded a collection of independent rectangles without a single line.

Now, the stored procedures were bloody MASSIVE. A single procedure that only registered a new interested party and attached them to a property had 2500+ lines and over 150 parameters.

Also, this dba added features and fixed bugs by logging into the respective customers production server and writing SQL.

That database is the stupidest thing I've ever seen a developer do.

Remember the Ububtu mobile OS ?

I remember working on the community UI drive for this project. To know that something as awesome as ubuntu would come down into the form factor of a phone , was just ecstatic.

The first build was out , people liked it. People nagged a bit about the performance issues , but it was going fine. Then the second build .. then the third no one heard about and the 4th that never came.

The interface for this system was unique because after Wondows , this is the only other OS developer that embraced the one ecosystem mantra of design.

Using Ubuntu phone was natural , it was a small desktop OS.

I remember logging on to launchpad one day and seeing the Ubuntu mobile channel with it's last post " Thank you and goodbye "

It was heartbreaking , but i could understand. Like windows phone ( which if you guys weren't aware of , had APK support by the end of its lifecycle ) felt crushed under the weight of android and iOS.

Waiting for a day when there will be a third champion in game. I miss having to see Ubuntu being on my phone , but they seem to be doing great in everything else , so good on that. 😄

Ok done .. thanks

Story.
Did you know logging into chrome will auto sync all your fucking bookmarks to that other person's account??
I DIDN'T!!
(I use Firefox mainly and chromium for testing.)
I use chrome only for porn. Got shit tons of bookmarks. I login to my friend's sister Gmail on my chrome(for remote desktop - to help fix her computer. Somehow,remote desktop doesn't work on chromium)
Was browsing her pc via remote session and suddenly all of my porn bookmarks appear at the top bar.)
Had to manually select each bookmark in the bookmark manager and delete since CTRL+A won't work during the remote session. Don't know why.
FML.

I'm logging my DevRant time as training ... I read all these dumb things that people do, and make mental notes so that I don't do the same thing. Best. Training. Ever.

Gahaa!!! Finally back home, after 7 fucking hours of sitting in busses and trains!

BUT I GOT MY NEXUS 6P!! Yoo-hoo!!! :D

And I've got a nice story about it.

So when I bought it, the guy selling it to me was a nontechnical type (I think?) whose wife was the previous owner. So I thought to myself, cool a nontechnical user used it.. probably no hardware mods or anything to worry about. Apparently they even factory reset it for me :)

Now, when I left to go back home, I of course immediately booted up the thing and did the whole doodad of logging into it, setting up the device etc.

Then it struck me. When I booted up the device and wanted to log in, there was a lock from Google that required me to first authenticate as either a previous account of the device, or their unlock pattern. So I figured, eh fuck it, I'll just flash some AOSP without GApps or send the owner an email asking what the previous pattern is.

But I still had to wait 30 minutes at the bus stop so I thought to myself.. previous owner was a nontechnical woman.. maybe I could crack it. No way to know if I don't try. So I started putting in random unlock patterns.

3 attempts later - I shit you not! - pattern accepted.
Do you want to add this account?

Oh boy Google, of course I do! Thanks for letting me in pal!

3 fucking attempts. That's all it took to crack the unlock pattern of an unknown person. 😎

Worst thing you've seen another dev do? Long one, but has a happy ending.

Classic 'Dev deploys to production at 5:00PM on a Friday, and goes home.' story.

The web department was managed under the the Marketing department, so they were not required to adhere to any type of coding standards and for months we fought with them on logging. Pre-Splunk, we rolled our own logging/alerting solution and they hated being the #1 reason for phone calls/texts/emails every night.

Wanting to "get it done", 'Tony' decided to bypass the default logging and send himself an email if an exception occurred in his code.

At 5:00PM on a Friday, deploys, goes home.

Around 11:00AM on Sunday (a lot folks are still in church at this time), the VP of IS gets a call from the CEO (who does not go to church) about unable to log into his email. VP has to leave church..drive home and find out he cannot remote access the exchange server. He starts making other phone calls..forcing the entire networking department to drive in and get email back up (you can imagine not a group of happy people)

After some network-admin voodoo, by 12:00, they discover/fix the issue (know it was Tony's email that was the problem)

We find out Monday that not only did Tony deploy at 5:00 on a Friday, the deployment wasn't approved, had features no one asked for, wasn't checked into version control, and the exception during checkout cost the company over $50,000 in lost sales.

Was Tony fired? Noooo. The web is our cash cow and Tony was considered a top web developer (and he knew that), Tony decided to blame logging. While in the discovery meeting, Tony told the bosses that it wasn't his fault logging was so buggy and caused so many phone calls/texts/emails every night, if he had been trained properly, this problem could have been avoided.

Well, since I was responsible for logging, I was next in the hot seat.

For almost 30 minutes I listened to every terrible thing I had done to Tony ever since he started. I was a terrible mentor, I was mean, I was degrading, etc..etc.
Me: "Where is this coming from? I barely know Tony. We're not even in the same building. I met him once when he started, maybe saw him a couple of times in meetings."
Andrew: "Aren't you responsible for this logging fiasco?"
Me: "Good Lord no, why am I here?"
Andrew: "I'll rephrase so you'll understand, aren't you are responsible for the proper training of how developers log errors in their code? This disaster is clearly a consequence of your failure. What do you have to say for yourself?"
Me: "Nothing. Developers are responsible for their own choices. Tony made the choice to bypass our logging and send errors to himself, causing Exchange to lockup and losing sales."
Andrew: "A choice he made because he was not properly informed of the consequences? Again, that is a failure in the proper use of logging, and why you are here."
Me: "I'm done with this. Does John know I'm in here? How about you get John and you talk to him like that."
'John' was the department head at the time.
Andrew:"John, have you spoken to Tony?"
John: "Yes, and I'm very sorry and very disappointed. This won't happen again."
Me: "Um...What?"
John: "You know what. Did you even fucking talk to Tony? You just sit in your ivory tower and think your actions don't matter?"
Me: "Whoa!! What are you talking about!? My responsibility for logging stops with the work instructions. After that if Tony decides to do something else, that is on him."
John: "That is not how Tony tells it. He said he's been struggling with your logging system everyday since he's started and you've done nothing to help. This behavior ends today. We're a fucking team. Get off your damn high horse and help the little guy every once in a while."
Me: "I don't know what Tony has been telling you, but I barely know the guy. If he has been having trouble with the one line of code to log, this is the first I've heard of it."
John: "Like I said, this ends today. You are going to come up with a proper training class and learn to get out and talk to other people."

Over the next couple of weeks I become a powerpoint wizard and 'train' anyone/everyone on the proper use of logging. The one line of code to log. One line of code.

A friend 'Scott' sits close to Tony (I mean I do get out and know people) told me that Tony poured out the crocodile tears. Like cried and cried, apologizing, calling me everything but a kitchen sink,...etc. It was so bad, his manager 'Sally' was crying, her boss 'Andrew', was red in the face, when 'John' heard 'Sally' was crying, you can imagine the high levels of alpha-male 'gotta look like I'm protecting the females' hormones flowing.

Took almost another year, Tony released a change on a Friday, went home, web site crashed (losses were in the thousands of $ per minute this time), and Tony was not let back into the building on Monday (one of the best days of my life).

So I own a webshop together with a guy I met at one of my previous contract jobs. He said he had a great idea to sell product X because he can get them very cheap from another European country. Actually it is a great idea so we decided to work together on this: I do everything tech related, he does the non tech stuff.

Now we are more than 1 year in business. I setup a VPS, completely configured it, installed and setup the complete webshop, built 2 custom PrestaShop modules, built many customizations, built a completely new order proces (both front and back end), advertised quite some products, did some link building, ensured everything is in place to do proper SEO, wrote some content pages, did administration and tax declarations, rewrote a part of a PrestaShop component because it was so damn inefficient and horribly slow, and then some more. Much more.

He did customer relation management, supplier management and some ad words campaigns. Promised me many times to write the content for our product pages. This guy has an education in marketing but literally said: I'm not gonna invest in creating some marketing plan. I have no ambition in online marketing.

What?! You have the marketing knowledge and skills but refuse to use it to market our webshop and business? What the fuck is wrong with you?!

Today he says to me: 'Hey man, this is becoming an expensive hobby as we don't sell much and have lots of costs. I don't understand why I should be the one to write these content pages. Everything you did in the past 8 months can be done in less than 20 hours! You are a joke and just made it a big deal by spreading your work over so many months. I know for sure because I currently work at a company where I'm surrounded by front end devs! Are you fucking crazy?! You're a liar.'

He talks like this to me every 2 months or so while he can't even deliver the content for 1 single product in 6 fuckin' months! We even had to refund a few of our customers because Mr. client relations manager didn't respond to their e-mails within 1 fucking week!! So I asked him how could that have happened as you do the client relations and support. Well, he replied to me: 'Why didn't YOU respond to our clients? You don't log on in our back office at least once a day?!'.

Of course I do asshole. But YOU don't. He replied that I was lying just like I was lying about what I did for our business.

So, asshole, let's have a look at PrestaShops logs to see who's logging in daily. Well, you can probably guess who's IP was there in most of the entries. It wasn't his.

So, what the fuck have you been doing then?! You can't even manage to respond quickly to a client?!! We have maybe 50 clients and if we get 1 question a month by email it is already a lot. But you keep bitching, complaining and insulting me instead?!!!

Last time he literally admitted on a WhatsApp conversation that he had and still has the hope that he could just sit back and relax and watch me do ALL the work.

Well, guess what you fucking moron. That's not what we agreed upon. You fuckin' retard think you're so smart but you say EVERYTHING on WhatsApp! Including your promises to me. Thank you you fuckin' piece of dog shit because now I have hard evidence and will hand it over to my lawyer to make you pay every god damn cent for all the hours I've spent working on our business. Oh, and I'll take over the webshop and make it a success on my own because I know damn well how to get relevant traffic and thus customers.

You just go get yourself fucked in the ass without lubricant you fuckin' asshole. I have told you you shouldn't fuck with me because I take business very seriously. I even warned you when you were crossing a line again. Well, if you don't listen... You will pay for the consequences. I will be so damn happy to tell you 'I told you so' with a very very big smile on my face. That momemt WILL come, 'partner'.

Fuck you. You will be fucked. Count on that. Fucking asshole.

Boss asked one of our senior Linux engineers to look into an issue. When restarting a service, the person renting the server would get the errors e-mailed which occurred during the restart (it wasn't reachable so the service trying to reach it would throw errors).

Although this was very expected behavior, the client found it unacceptable! Boss asked the engineer to look into this while acknowledging that it was probably an impossible task except for if you'd just disable logging but then all debug info would be gone which we frequently use to debug stuff ourselves.

After two minutes:

E (engineer): fixed it.
V (boss): wait, WHAT? HOW?! I'VE BEEN TRYING TO FIND A FIX OR WORKAROUND FOR AGES!
E (with the mist nonchalant/serious face): I disabled the log mailing in the configuration.
B: 😶
B: .
B: .
B: .
B: 😂

Everyone was laughing. The client thanked us for 'solving' it xD

So Nvidia doesn't let you use their GeForce Experience app anymore without logging in.
*Uninstalled*
Fuck that, I don't want to login so I can see an FPS counter in my ganes or record them to my local disk or something like that... Fuck you Nvidia and fuck whoever decided that would be a good idea.

A story a friend dev of mine told me.
It happened at one of their clients, he was there to fix some internal legacy system of theirs.

Friend: So where are yesterdays logs.
Client: Wait a sec. *goes into server room*
*comes back* Sorry, the logging stopped last week.
Friend: What, let me see.
He walks into the server room and finds this horror:
Their logging system was a dot-matrix printer which was connected to an old win95 pc, which ran a telnet session to the server. From there it copied the output stream to the printer.
The printer ran out of ink(that ribbon) a week ago, leaving a long strip of blank paper coming out of that printer.

-----
I hope to never have to work in such an environment, ever.

We're having an ongoing credential stuffing attack right now. Hackers hit us hard over the weekend and the web team sent out an email congratulating themselves that they stopped the threat.

I decided to look to see how they "fixed" the issue.

They modified their code to stop logging the errors to prevent Splunk from sending the automated emails to management (how we have been able to spot/monitor the attack).

They literally just put their heads in the sand, stapled a sign to their ass that reads "Meteor? We see no meteor approaching. Everything is fine."

Fucking wix advertisements! Getting real tired of the "want a website? Why not make it yourself?" ads. You're already logging all my fucking google searches to display relevant ad info so maybe wrap your head around the fact that I'm a web dev and make my own fucking sites??

RANT Incoming
Not necessarily dev related but I need to get this off my chest.

So a bit of a backstory. I had to stay late from school the other day and ended up having to take an Uber home. The ride was fine lady was nice. Everything seems to be going well and there were no signs of any payment failure.

Then yesterday, I had to stay late again. I never said that I had an outstanding balance on my account. Apparently Uber was having problems charging my Android pay account.
So I ended up being stuck at school for like 3 hours. Great!😑

So I emailed Uber when I got home. And this is when I started pulling my hair out. I don't know how many replies I had, but each time I had to tell them that I was not using a prepaid card.

This was one of my replies:
"I'm sorry, are you real? If you are, here is a quick summary of the issue. I am using ANDROID PAY with my CHASE DEBIT CARD. Not, NOT, NOT a prepaid card. I happen to know that CHASE DEBIT CARD(which is the card I use, in case you have already forgotten) works with uber because MY FATHER USES THE EXACT SAME TYPE OF CARD with uber. He uses a CHASE DEBIT CARD(again I use that same type of card as well). So by using LOGIC I am able to deduce that a CHASE DEBIT CARD is in fact compatible. AGAIN THIS IS NOT A PREPAID CARD!!! If the card is incompatible, WHY DOES THE APP ALLOW BE TO ADD IT?!?! Also in response to your last email... Because I am using Android pay, do you really think that an ANDROID would be able to use APPLE pay? Also Google wallet is DISCONTINUED! Finally, PayPal DOES NOT CONNECT TO UBER. Returns a "Server Error." So please stop wasting my time with generic help solutions. Believe me, I have already googled my issue, and nothing comes up. That is why I contacted Uber. I want my driver to be paid, and, uber had made it SO painful with unhelpful "Solutions" to problems that don't even APPLY TO MY ISSUE. No not even mention PREPAID cards in your reply or I will consider you a robot built by monkeys banging their heads on a keyboard. Uber HAS my VALID payment information, USE IT! If there is a phone number I can call, please, enlighten me"

And the response was:
"Thanks for reaching out with this.

Happy to help with this issue you are having.

After reviewing your I can see that the only payment method associated with your account is an ANDROID PAY card and it is also a prepaid card. Some cards and methods are not compatible with our billing processes and can't be used with Uber. This includes prepaid cards."

So I concluded that they are monkeys.

Then Uber banned me from logging into my account because I didn't pay.
So now it is impossible for me to pay because I can't do anything with my account.

Now they want my SSN and a bunch of other shit that I won't give them.

I told them that they were being illogical, and I got the exact same response about the prepaid bullshit.

So I sent them this photo as a goodbye.

I get my driver's licence next weekend, so I won't need Uber anymore. YAY!

Also mind grammatical errors, I talked it in and am to lazy to proofread

My last wk93 story, the time we discovered school faculty was spying on students and we uncovered student's deepest secrets.

I call it, kiddiegate.

So if you've read my past rants you've noticed I did some pretty childish and reckless stuff with my highschool's systems when I was younger, but nothing compares to this thing.

After resetting the sysadmin account pwd on some machines it occurred to me I could write a keylogger to capture teachers Moodle accounts and so on, I decided to try it out on a regular lab computer first.

Imagine my surprise when I found a hidden keylogger already installed! I couldn't believe it but then I thought, what if other PC's have it? So I recruited my mates and teached them the process to check if a PC had been infected...ALL PCs were, over 30 computers we checked had been logging for over 3 months! That damn sysadmin! >:[

We were shocked and angry, but then I thought "hey. . . My work has been done for me, better take advantage"

So we did, we extracted each log and then removed it from the PCs along with the keyloggers. There were hundreds of records and then one day we started snooping into the fb accounts of some students (we shouldn't have) we uncovered so many nasty, shocking secrets...

One of the school's lady's man had a drunk one nighter with one of our gay friends, the most secluded and shy guy was sexting like crazy with 15 chicks at the same time, things like that...we promised to never say a word and deleted the logs.

After that we didn't do much and continued highschool as every teenage minor should, getting drunk and avoiding responsibilities, though we could never see many of our classmates the same way. The sysadmin was fired shortly after I graduated, no reason was stablished.

I want to clear out we were minors and laws in my country weren't clearly stablished at the time plus no harm was ever done. I don't condone hacking or any kind of illegal activity, just thought I'd share.

I literally cringed today when my neighbor wanted help installing an app, she didn't tell me it was her banking app... And the thing I needed to help with was logging in... So she told me her bank details...

Even though I said (multiple times) it was dangerous to do so, and that she can't just trust people with this kind of information...

WHY ARE PEOPLE SO GOD DAMN STUPID WHEN IT COMES TO SECURITY!

Yes, you fucking retards, I will read this article about logging in NodeJS when the cover photo

- Isn't JavaScript
- Isn't about logging

You really seem to know what you're talking about!

Well this is a new one.

Had to download some forms online from a governmental institute. Tried logging in and I shit you not I got a message saying "we are currently closed, are opening times are X to Y"

BruhFuckingWhat.exe since when did servers get human rights and working hours

Boss: "Yeah we have a logging project coming up that has to be done in C" Me: "I know C, I can give some pointers on that"

- devRant TOR rant! -

There is a recent post that just basically says 'fuck TOR' and it catches unfortunate amount of attention in the wrong way and many people seem to aggree with that, so it's about time I rant about a rant!

First of all, TOR never promised encryption. It's just used as an anonymizer tool which will get your request through its nodes and to the original destination it's supposed to arrive at.

Let's assume you're logging in over an unencrypted connection over TOR and your login information was stolen because of a bad exit node. Is your privacy now under threat? Even then, no! Unless of course you had decided to use your personal information for that login data!

And what does that even have to do with the US government having funded this project even if it's 100%? Are we all conspiracy theorists now?

Let's please stop the spread of bs and fear mongering so that we can talk about actual threats and attack vectors on the TOR network. Because we really don't have any other reliable means to stop a widely implemented censorship.

Day 1 10:00 am
Login to email account (Zimbra)
Your password is incorrect (I entered it correctly, this was a permanent issue ,used to happen in the company with many employees)
Reset your password by logging into internal company portal.

11:00 am
Logged into company portal, somehow. 2 Mbps internet shared among 104 people, you can imagine the speed.
Reset email password
* your password has been sent to your email id*
Are you fucking kidding me? U have emailed me the password to the same email I can't log in to?
Where did the architecture designer get this top notch weed from?

Day 2
Asked HR to reset my password (using a colleague's email)

Day 3
No reply from HR yet

Day 4
I went to meet HR, she's on vacation. So they have 1 person managing the password reset, for 5000 people with no backup person. Cool.

Day 5
Your internal company password has expired. Check your email for link to create new password. This is some next level shit going on.

Day 6
I called up Internal IT team to generate a new email for me.
They asked me to raise a ticket.
I can't raise a ticket because the only way to do so, is through the portal.

Day 7
Nothing. Btw, personal email and all social networks were banned. You can't even open stackoverflow.
And this was a research lab, amazing huh?

Day 8
Loss of pay for 4 days since I can't login to company portal to fill timesheet.

Day 9
HR comes back. Resets my password.
I try to generate my new password for portal.
The password policy:
Password can't be same as last 10 passwords
Passwords expire every week
8 characters minimum, 2 upper case, 2 lower case, NO SPECIAL SYMBOL. WTF. How long do u think its gonna take to crack that?

Fuckers had a company wise policy to automatically lock PC every 1 min if not used. Who the fuck can keep on using it continuously! I'm reading an article, and bam ! Locked. 2 wrong entries and that's it, repeat all steps again. Fuckers really didn't want to let me do my job, just keep on logging in all day.

I now know another person's password without even wanting to.

He was sitting in the row in front of me, logging into our course page and then *brrrrraaaaapppp* - ran his index finger along the top number row and hit enter.

1234567890

I don't even know what to say.

ANTI VIRUSES AREN'T ALWAYS YOUR FRIEND!

So I'm under a little pressure to get an assignment done so I came home an was planning on working on it but Windows had other plans and decided to finish its update which I suspect copied my hard drive and uploaded it to the NSA at dial up speed because it it forever!!

But anyway back to the text in caps lock... I started working on it then when I hit compile I got an "access denied" error in the console and didn't know what the f*** was going on. So I decided to copy my filed to another directory and tried again... amazingly this worked so I carried on and after about 2 hours I get the same error -_- So instead of messing around and loosing my work I decided to commit it... but I cant... again "access denied" error.

After threatening my computer with a trip out the window, I finally decided to reboot it... cause "have you tried turning it off and on again" kept on rattling in my head.

After logging in I tried again and still the same error... Then I opened up my anti virus dashboard and went through the logs and found the screen shot attached.....

I used to work as an all-in-one IT guy in a company. One day I got a call from our HR team and the HR said "my Internet banking account has been hacked! It's logging in automatically!!" So I went to see the issue, and the so called "hack" was because she allowed Mozilla Firefox to save her login credentials, and because of that the login form was automatically filled. Such a stupid ass

I wrote a database migration to add a column to a table and populated that column upon record creation.
But the code is so freaking convoluted that it took me four days of clawing my eyes out to manage this.
BUT IT'S FINALLY DONE.
FREAKING YAY.

Why so long, you ask? Just how convoluted could this possibly be? Follow my lead ~

There's an API to create a gift. (Possibly more; I have no bloody clue.)
I needed the mobile dev contractor to tell me which APIs he uses because there are lots of unused ones, and no reasoning to their naming, nor comments telling me what they do.

This API takes the supplied gift params, cherry-picks a few bits of useful data out (by passing both hashes by reference to several methods), replaces a couple of them with lookups / class instances (more pass-by-reference nonsense). After all of this, it logs the resulting (and very different) mess, and happily declares it the original supplied params. Utterly useless for basically everything, and so very wrong.

It then uses this data to call GiftSale#create, which returns an instance of GiftSale (that's actually a Gift; more on that soon).

GiftSale inherits from Gift, and redefines three of its methods.

GiftSale#create performs a lot of validations / data massaging, some by reference, some not. It uses `super` to call Gift#create which actually maps to the constructor Gift#initialize.

Gift#initialize calls Gift#pre_init (passing the data by reference again), which does nothing and returns null. But remember: GiftSale inherits from Gift, meaning GiftSale#pre_init supersedes Gift#pre_init, so that one is called instead. GiftSale#pre_init returns a Stripe charge object upon success, or a Gift (and a log entry containing '500 Internal') upon failure. But this is irrelevant because the return value is never actually used. Pass by reference, remember? I didn't.

We're now back at Gift#initialize, Rails finally creates a Gift object using the args modified [mostly] in-place by all of the above.

Another step back and we're at GiftSale#create again. This method returns either the shiny new Gift object or an error string (???), and the API logic branches on its type. For further confusion: not all of the method's returns are explicit, and those implicit return values are nested three levels deep. (In Ruby, a method will return the last executed line's return value automatically, allowing e.g. `def add(a,b); a+b; end`)

So, to summarize: GiftSale#create jumps back and forth between Gift five times before finally creating a Gift instance, and each jump further modifies the supplied params in-place.

Also. There are no rescue/catch blocks, meaning any issue with any of the above results in a 500. (A real 500, not a fake 500 like last time. A real 500, with tragic consequences.)

If you're having trouble following the above... yep! That's why it took FOUR FREAKING DAYS! I had no tests, no documentation, no already-built way of testing the API, and no idea what data to send it. especially considering it requires data from Stripe. It also requires an active session token + user data, and I likewise had no login API tests, documentation, logging, no idea how to create a user ... fucking hell, it's a mess.)

Also, and quite confusingly:
There's a class for GiftSale, but there's no table for it.
Gift and GiftSale are completely interchangeable except for their #create methods.

So, why does GiftSale exist?
I have no bloody idea.
All it seems to do is make everything far more complicated than it needs to be.

Anyway. My total commit?
Six lines.
IN FOUR FUCKING DAYS!

AHSKJGHALSKHGLKAHDSGJKASGH.

This is from my days of running a rather large (for its time) Minecraft server. A few of our best admins were given access to the server console. For extra security, we also had a second login stage in-game using a command (in case their accounts were compromised). We even had a fairly strict password strength policy.
But all of that was defeated by a slightly too stiff SHIFT key. See, in-game commands were typed in chat, prefixed with a slash -- SHIFT+7 on German-ish keyboards. And so, when logging in, one of our head admins didn't realize his SHIFT key didn't register and proudly broadcast to the server "[Admin] username: 7login hisPasswordHere".
This was immediately noticed by the owner of a 'rival' server who was trying to copy some cool thing that we had. He jumped onto the console that he found in an nmap scan a week prior (a scan that I detected and he denied), promoted himself to admin and proceeded to wreak havoc.
I got a call, 10-ish minutes later, that "everything was literally on fire". I immediately rolled everything back (half-hourly backups ftw) and killed the console just in case.
The best part was the Skype call with that admin that followed. I wasn't too angry, but I did want him to suffer a little, so I didn't immediately tell him that we had good backups. He thought he'd brought the downfall of our server. I'm pretty sure he cried.

So the Microsoft rage continues as I tell a story about my father, the company that he works for and that companies whole IT structure.

So my father is forced to use Windows because, get this (he hates W10 with a burning passion, like me).... Office and other crap. Cool cool
Seems like Libreoffice isn't enough for you.... YES IT FUCKING IS. MY DAD GAVE ME EXAMPLE DOCUMENTS FROM HIS WORK AND GUESS WHAT, THEY ALL OPEN WITHOUT A FUCKING PROBLEM. But OK, maybe not all employees are familiar with Libreoffice/Openoffice, JUST KIDDING THEY ARE SOME FUCKTARDS WHO WORK FOR THEIR COMPANY THAT DON'T KNOW HOW TO FILL OUT A FORM IN EXCEL (aka. PROBABLY NEVER USED AN COMPUTER IN THEIR LIFE/OFFICE SPACE AMNISH). Okay, some employees might be incapable, but their infrastructure might be alright.

IT RUNS ON MICROSOFT SQL AND DIVX (YES, FUCKING DIVX, CAUSE THAT MAKES SENSE) FROM..........2008.
At this point I just feel bad for them. Because there were no IT guys at the company (they didn't understand shit that I said half of the time). I've warned them that their infrastructure might have more holes than fucking swiss cheese. I see they value their data since the front door is a 60 kg one (that's 132 lb in retard units). And there's a 1.8 m fence around the building.

And they've told me that the parent company, which hosts the server also hosts for 100+ other companies around the world.

100+, you say. I'm legit scared for them right now.

So naturally, I've asked them if they have backups... they do, thank god.

But still they use 2008 shit in 2018 and expect it to be secure. Fun fact, logging into their server (which is an HTTP running on Windows Server...... 2008 (that hurts to say)) with a browser other than.... not Edge.... but IE, *drum roll* breaks it, since... it runs authetication dll's (YES FUCKING DLLS) on the host system. THOSE POOR MOTHERFUCKERS COULDN'T EVEN SETUP SERVER SIDE AUTHENTICATION. EVEN CHANGING THE PASSWORD REQUIRES A FUCKING SYSADMIN TO BE CONTACTED, OH YEA YOU CAN'T SINCE THERE ARE NONE.

GOOD DAY TO YOU <INSERT COMPANY>, SORRY BUT YOU'LL GET FUCKING OBLIRIATED IF SOMEBODY DECIDES TO HACK YOU.

Coworker: I give up! Please help me!

Me: What's up?

C: Take a look at this. I have this function here that gets the tab index and I'm passing it to the Tabs component over there. I'm logging the index and as you can see it's 3, but the Tabs component isn't working. However if I replace the function call with a 3 it works!

Coworker 2: While you were explaining all that, shellbug already thought about at least 3 reasons why that isn't working.

Me: **sighs** Of what type is the value that function is returning?

C: **stares at me for a few seconds** It's a number.

Me: Are you sure?

C: Well, it's returning 3.

Me: Please do a typeof.

It was string.

My dad used to be a Marketing Manager. He used to make a lot of presentations et al for his meetings. We got our first computer in our house when I was around 7 years old. It was first Windows 95, but I wasn't fortunate enough to even touch the machine. My dad was very protective about the machine. He himself would not use it unless he had to complete some work overnight. For me, it was an absolute wonder as to how and what that thing in the bedroom sitting on the desk next to my parents bedside was. I used to hide and peek around the door sill when my dad was working on it. He became a bit more lenient with the Windows 98 and let me and my sibling play DOS games under his supervision for a limited time.

Over time, I managed to look over his shoulder for the passwords - both BIOS and OS user passwords and started logging in myself. By now, my dad would let me sit on the bed near him when I looked curiously as he worked. Then I had to figure how to connect to the internet and surf the web. And there folks is how my journey with computers began.

Yesterday the web site started logging an exception “A task was canceled” when making a http call using the .Net HTTPClient class (site calling a REST service).

Emails back n’ forth ..blaming the database…blaming the network..then a senior web developer blamed the logging (the system I’m responsible for).

Under the hood, the logger is sending the exception data to another REST service (which sends emails, generates reports etc.) which I had to quickly re-direct the discussion because if we’re seeing the exception email, the logging didn’t cause the exception, it’s just reporting it. Felt a little sad having to explain it to other IT professionals, but everyone seemed to agree and focused on the server resources.

Last night I get a call about the exceptions occurring again in much larger numbers (from 100 to over 5,000 within a few minutes). I log in, add myself to the large skype group chat going on just to catch the same senior web developer say …
“Here is the APM data that shows logging is causing the http tasks to get canceled.”

FRACK!

Me: “No, that data just shows the logging http traffic of the exception. The exception is occurring before any logging is executed. The task is either being canceled due to a network time out or IIS is running out of threads. The web site is failing to execute the http call to the REST service.”

Several other devs, DBAs, and network admins agree.

The errors only lasted a couple of minutes (exactly 2 minutes, which seemed odd), so everyone agrees to dig into the data further in the morning.

This morning I login to my computer to discover the error(s) occurred again at 6:20AM and an email from the senior web developer saying we (my mgr, her mgr, network admins, DBAs, etc) need to discuss changes to the logging system to prevent this problem from negatively affecting the customer experience...blah blah blah.

FRACKing female dog!

Good news is we never had the meeting. When the senior web dev manager came in, he cancelled the meeting.

Turned out to be a hiccup in a domain controller causing the servers to lose their connection to each other for 2 minutes (1-minute timeout, 1 minute to fully re-sync). The exact two-minute burst of errors explained (and proven via wireshark).

People and their petty office politics piss me off.

For a week+ I've been listening to a senior dev ("Bob") continually make fun of another not-quite-a-senior dev ("Tom") over a performance bug in his code. "If he did it right the first time...", "Tom refuses to write tests...that's his problem", "I would have wrote the code correctly ..." all kinds of passive-aggressive put downs. Bob then brags how without him helping Tom, the application would have been a failure (really building himself up).
Bob is out of town and Tom asked me a question about logging performance data in his code. I look and see Bob has done nothing..nothing at all to help Tom. Tom wrote his own JSON and XML parser (data is coming from two different sources) and all kinds of IO stream plumbing code.
I use Visual Studio's feature create classes from JSON/XML, used the XML Serialzier and Newtonsoft.Json to handling the conversion plumbing.
With several hundred of lines gone (down to one line each for the XML/JSON-> object), I wrote unit tests around the business transaction, integration test for the service and database access. Maybe couple of hours worth of work.
I'm 100% sure Bob knew Tom was going in a bad direction (maybe even pushing him that direction), just to swoop in and "save the day" in front of Tom's manager at some future point in time.

This morning's standup ..
Boss: "You're helping Tom since Bob is on vacation? What are you helping with?"
Me: "I refactored the JSON and XML data access, wrote initial unit and integration tests. Tom will have to verify, but I believe any performance problem will now be isolated to the database integration. The problem Bob was talking about on Monday is gone. I thought spending time helping Tom was better than making fun of him."
<couple seconds of silence>
Boss:"Yea...want to let you know, I really, really appreciate that."

Bob, put people first, everyone wins.

I've got a confession to make.

A while ago I refurbished this old laptop for someone, and ended up installing Bodhi on it. While I was installing it however, I did have some wicked thoughts..

What if I could ensure that the system remains up-to-date by running an updater script in a daily cron job? That may cause the system to go unstable, but at least it'd be up-to-date. Windows Update for Linux.

What if I could ensure that the system remains protected from malware by periodically logging into it and checking up, and siphoning out potential malware code? The network proximity that's required for direct communication could be achieved by offering them free access to one of my VPN servers, in the name of security or something like that. Permanent remote access, in the name of security. I'm not sure if Windows has this.

What if I could ensure that the system remains in good integrity by disabling the user from accessing root privileges, and having them ask me when they want to install a piece of software? That'd make the system quite secure, with the only penetration surface now being kernel exploits. But it'd significantly limit what my target user could do with their own machine.

At the end I ended up discarding all of these thoughts, because it'd be too much work to implement and maintain, and it'd be really non-ethical. I felt filthy from even thinking about these things. But the advantages of something like this - especially automated updates, which are a real issue on my servers where I tend to forget to apply them within a couple of weeks - can't just be disregarded. Perhaps Microsoft is on to something?

My family hosts an 100 mile (160km) run once every year for ultra-runners. 11 hours in the first runner has done 105 km. And I'm sitting at this checkpoint logging their times and working on a project. But rain started pouring down and this not so waterproof tent has just become the worst developing workplace I have ever been in because the umbrella ain't big enough for me and the laptop. So I'm soaked and won't be relieved for another 8 hours. The things you do for family.

Sometimes the design decisions of big companies amazes me.

I wanted to contact support of Cloudflare. The only way to submit a new support query is by logging into the account first.

My problem is that I can not log into my account. What a bunch of retards.

Me: Hello. I'm from dept. ABC. My system isn't working.

IT: Have you tried logging OFF & ON again?

Me: (Let me rephrase) No the system isn't turning ON 😅

IT: Before I come over to your desk, can you try restarting once? 🤓

Me: (Motherfuck..) 🙂

Pro-Tip: Debugging/Logging with emojis is so much more fun

I think I've got a working searx instance which I'd open up for the public.

NOTE: I cannot prove that I don't store anything because for that you'd need root access to the server which I won't give obviously. If you're not comfortable with that, just don't uses it.

I still have to do something for ip address logging anonymising or stripping, though. (nginx + CSF provided enough abuse prevention).

Tips on that?

Irony of github....
A blocked person can easily see your profile after logging out
¯\_(ツ)_/¯

Client: “I’m sorry I just don’t understand the issue with the contract?

You said logging into Facebook was easy, what’s the issue with feature X (= complex graph API queries based on opinions and sentiment) and displaying images and videos, it’s the same thing!!!”

... no sir, it is NOT

Installed Miami Street earlier today.. some random free Shaftgame.
Late at night now, I figured "let's try this out".

> Logging in...
*crashes*

*goes to the settings for this crap game*
> *crashes*

Fucking worthless piece of Microshit.. yet another data collection hook that REQUIRES your shit to log in just to fucking work? Fucking Shaftfuckers, 5GB of internet traffic I spent on this?! Just to see it be a worthless data-hungry paperweight?!! Luckily my residential connection is unmetered and has some decent speeds.. but still, FUCK YOU MICROSHAFT!!!

Coincidentally, keyboard input completely broke when I wanted to do a minor edit to the drafted rant. Microshit can't even design a decent keyboard driver anymore, huh.. I DIDN'T WANT TO HAVE TO REWRITE THIS SHIT FOR A SECOND TIME, FUCKING REDMOND MICROCUNTSUCKERS!!!!

The day I discovered Schrödinger's lesser known paradox of simultaneously being fired and not fired.

This isn't really much of a dev story, but I figured I'd share it anyway.

About two minutes into signing into all my stuff, I suddenly was kicked out of everything. I tried logging in a few more times, and then suddenly started getting the error, "Your account has been disabled for security reasons." I couldn't sign into chat, and co-workers confirmed that I was missing from the company directory. My manager didn't come in for another two hours, and we couldn't get anyone else to answer what the hell was going on. So I was kinda panicking.

Eventually, we found out from one of our coordinators that someone else with the same name as me was leaving the company, and they had deactivated the wrong person.

It ended up getting a lot better. They told me that it could take up to 48 hours to restore my access (it took longer), so I found stuff to do so I could maintain my paycheck. One of those things was assisting someone with data collection and processing, where I eventually said, "Dude, I could totally automate this," and now that's what I'm getting paid to do.

PM: Can we have it so the usernames are case-sensitive?

Me: uhh, sure I guess.. But thats like really pointless and adds no real usefulness.. In fact makes the whole logging in thing a tad more complicated for no reason..

PM: Well this one other product we have uses "Admin" for the login versus yours that used "admin" so it needs to be implemented.

(note that mine accepted "Admin" anyways...) *implemented it*

PM: So there's a problem with the username sort, it sorts by capitals then lowercase.. eg:
alpha
beta
Alpha

Me: Yeah, you asked for case-sensitive usernames..

PM: Well can you fix it?

Me: I could create a second field within the user data that is the username in all lowercase and sort by that. But that negates like all of the whole case-sensitive usernames thing.. OR I could drop all this actually important work I'm doing and do a whole bunch of work on a custom sort for this useless fucking feature you wanted me to put in..

*it's been 2 weeks and still no reply...*

I came back here, after not logging in for about a year just to say that patents are fucking stupid. Thanks, see you in another year!

When a colleague left their computer without logging out, I created a shortcut to internet explorer, named it Google Chrome, and changed the icon to Chrome's icon. I couldn't remove Chrome's shortcut from the desktop or modify it because I didn't have permissions, so I turned of icon snapping and dragged it off the screen. I also replaced Chrome in the task bar with my fake icon. I then set the Internet Explorer to open a bunch of useless pages when it opens, set it to the default browser, and changed the search engine to Yahoo!

TL;DR: Sometimes it okay if all you did the entire day was to breathe and survive.

There's heavy downpour since early morning and water logging is frequent and common in my area.

I had to catch the office bus, but being dependent on local transport to get to the office bus stop, got me all soaked.

I literally had to jump in a puddle of water (like a kid and it was fun 😂😂), to catch the bus.

Anyway, the journey begun and I started sneezing. Damn! I forgot the handkerchief and had nothing to wipe my head dry.

I have serious sinus issues and just prayed that shit doesn't start until I reach office, because I had no tissues as well. I didn't want to be embarrassed with running nose and watery eyes.

Reached office all soaked and dripping. Now the fun begins. The cunts keep the air conditioning temperature to -99 degree celsius. Yes, MINUS 99 DEGREES.

People are fucking freezing to death and motherfuckers refuse to increase the temperature 😂😂😂

By 12:00 PM, my body was numb. I was shivering and could hardly feel anything. Thanks to my reserved body heat, managed to dry myself by 01:00 PM.

Then was assigned a shitty task, which was to clean up a co-workers steaming shit.

Earlier, I had to deal with numb body, but now my mind was numb as well.

Managed to finish the task and call it a day.

Well on the way back, I had to pick some groceries.

It took me literally two minutes to put them in a basket and FORTY-FUCKING-FIVE MINUTES TO STAND IN QUEUE AND PAY FOR THEM.

While in queue, the illiterate and ill-mannered cunts in the supermarket annoyed me to death. Pushing and squeezing me between their tits and ass.

Somehow managed to reach home, all tired and depressed with no mood to do anything at all.

Might just browse through rants for a while now and retire to bed.

Hope tomorrow's a good day. 😊

Every single fucking time:

Developers: Maybe we'll do something nice for the users, like signing in with Facebook account?
Business: Nah, nobody is gonna pay for that and it sounds useless. We're good with current solutions. Just do your job!

half a year later:

Business: Hey, I just came up with the idea that we could have logging in with Facebook.
Also business: Wow, great idea!
Management: Here's your bonus for a great idea!
Developers: ...

TLDR: Small family owned finance business woes as the “you-do-everything-now” network/sysadmin intern

Friday my boss, who is currently traveling in Vegas (hmmm), sends me an email asking me to punch a hole in our firewall so he can access our locally hosted Jira server that we use for time logging/task management.

Because of our lack of proper documentation I have to refer to my half completed network map and rely on some acrobatic cable tracing to discover that we use a SonicWall physical firewall. I then realize asking around that I don’t have access to the management interface because no one knows the password.

Using some lucky guesses and documentation I discover on a file share from four years ago, I piece together the username and password to log in only to discover that the enterprise support subscription is two years expired. The pretty and useful interface that I’m expecting has been deactivated and instead of a nice overview of firewall access rules the only thing I can access is an arcane table of network rules using abbreviated notation and five year old custom made objects representing our internal network.

An hour and a half later I have a solid understanding of SonicWallOS, its firewall rules, and our particular configuration and I’m able to direct external traffic from the right port to our internal server running Jira. I even configure a HIDS on the Jira server and throw up an iptables firewall quickly since the machine is now connected to the outside world.

After seeing how many access rules our firewall has, as a precaution I decide to run a quick nmap scan to see what our network looks like to an attacker.

The output doesn’t stop scrolling for a minute. Final count we have 38 ports wide open with a GOLDMINE of information from every web, DNS, and public server flooding my terminal. Our local domain controller has ports directly connected to the Internet. Several un-updated Windows Server 2008 machines with confidential business information have IIS 7.0 running connected directly to the internet (versions with confirmed remote code execution vulnerabilities). I’ve got my work cut out for me.

It looks like someone’s idea of allowing remote access to the office at some point was “port forward everything” instead of setting up a VPN. I learn the owners close personal friend did all their IT until 4 years ago, when the professional documentation stops. He retired and they’ve only invested in low cost students (like me!) to fill the gap. Some kid who port forwarded his home router for League at some point was like “let’s do that with production servers!”

At this point my boss emails me to see what I’ve done. I spit him back a link to use our Jira server. He sends me a reply “You haven’t logged any work in Jira, what have you been doing?”

Facepalm.

Logging into Windows at the age of 1 and a half ... Challenge accepted!

Any bikers around here?

I recently bought my first motor bike ( super cheap ) and I'm excited to add some enhancements to it like GPS logging and collect relevant data about my bike.

Have you don't anything similar to your ride? I would like to put my Dev skills and improve my bike as a hobby.

Not a rant, just feeling pretty happy about my current situation so thought I'd share!

Been stuck in a dead end job at a small web design agency - you know the type, web design, development, SEO, anything in between - for the past 5 years (I was the only dev and was relied upon to do everything).

Finally got myself a new job this year and I'm loving it so far. Was dreading actually logging my time spent on projects / tickets as my old job was pretty much a chaotic free for all, but it's left me with a sense of achievement / accomplishment and I feel more organised in my personal life too.

I like logging into public wireless networks where the admin credentials are the default and mess with their wireless settings...

Am I wrong?

When I see two fields, one for username and one for password, I expect I can fill them out immediately subsequently with only a tab in between. While typing my password I DON'T want to get sent to a page where I can enter my password only: I was entering it already! Sometimes I even make it until I pressed the enter key that was supposed to log me in, but then I'm kindly requested to reenter my password. At that moment I not-so-kindly think: FUCK YOU Microsoft, you should know better. Even when logging into Visual Studio for fack sake

"WTF? These records should have been inserted into the table!"
...Hours of checking code, trying to figure out how this is possible, can't find a way to have this scenario happen...
...Add additional debug and troubleshooting code, add more verbose logging, redeploy to all the containers, reset all the tables, many apologies to the boss for the delay....
...Co-worker comes in: "oh, hey, sorry, accidently deleted some stuff from the database last night before i left."

Started part time job at a company, had to log my time on timesheets. Said fuck this and now the whole company logs their hours on a custom web based time logging system which I built.

Did a bunch more cowboy coding today as I call it (coding in vi on production). Gather 'round kiddies, uncle Logan's got a story fer ya…

First things first, disclaimer: I'm no sysadmin. I respect sysadmins and the work they do, but I'm the first to admit my strengths definitely lie more in writing programs rather than running servers.

Anyhow, I recently inherited someone else's codebase (the story of my profession career, but I digress) and let me tell you this thing has amateur hour written all over it. It's written in PHP and JavaScript by a self-taught programmer who apparently discovered procedural programming and decided there was nothing left to learn and stopped there (no disrespect to self-taught programmers).

I could rant for days about the various problems this codebase has, but today I have a very specific story to tell. A story about errors and logs.

And it all started when I noticed the disk space on our server was gradually decreasing.

So today I logged onto our API server (Ubuntu running Apache/PHP) and did a df -h to check the disk space, and was surprised to see that it had noticeably decreased since the last time I'd checked when everything was running smoothly. But seeing as this server does not store any persistent customer data (we have a separate db server) and purely hosts the stateless API, it should NOT be consuming disk space over time at all.

The only thing I could think of was the logs, but the logs were very quiet, just the odd benign message that was fully expected. Just to be sure I did an ls -Sh to check the size of the logs, and while some of them were a little big, nothing over a few megs. Nothing to account for gigabytes of disk space gradually disappearing.

What could it be? I wondered.

cd ../..
du . | sort --sort=numeric

What's this? 2671132 K in some log folder buried in the api source code? I cd into it and it turns out there are separate PHP log files in there, split up by customer, so that each customer of ours (we have 120) has their own respective error log! (Why??)

Armed with this newfound piece of (still rather unbelievable) evidence I perform a mad scramble to search the codebase for where this extra logging is happening and sure enough I find a custom PHP error handler that is capturing (most) errors and redirecting them to these individualized log files.

Conveniently enough, not ALL errors were being absorbed though, so I still knew the main error_log was working (and any time I explicitly error_logged it would go there, so I was none the wiser that this other error-catching was even happening).

Needless to say I removed the code as quickly as I found it, tail -f'd the error_log and to my dismay it was being absolutely flooded with syntax errors, runtime PHP exceptions, warnings galore, and all sorts of other things.

My jaw almost hit the floor. I've been with this company for 6 months and had no idea these errors were even happening!

The sad thing was how easy to fix all the errors ended up being. Most of them were "undefined index" errors that could have been completely avoided with a simple isset() check, but instead ended up throwing an exception, nullifying any code that came after it.

Anyway kids, the moral of the story is don't split up your log files. It makes absolutely no sense and can end up obscuring easily fixable bugs for half a year or more!

Happy coding.

They added a javascript that checks the login info. Worst part an if statement was the only thing keeping you from logging in without the correct password

So Patanjali(aka Ramdev Baba trying to sell you even a fucking underwear as ayurvedic and locally made) released their chat application "Kimbho" and was taken down within 24 hours because of major security flaws.

Some obvious ironies I would like to point out here.

1. Coming up with a chat application with gaping security flaws at this stage when privacy related discussions are happening at every nook and corner, worst move ever.

2. There are elections in 2019 and 1 year would be the right amount of time to gather data on public and start targetting and influencing people. It shouldn't be so obvious and everyone knows which political party Patanjali leans towards.

3. You are promoting an app citing Make In India initiative. You are the biggest Indian based FMCG operating in India, courtesy exploiting nationalist sentiments. Whatever you aim of doing, at least invest a decent amount of money in hiring good developers and designers. If not anything get a content writer who will write you an original description of your app for as low as ₹1000.

4. Promoting a competitor of whatsapp on whatsapp is a brilliant move. Give that marketting fellow a big raise.

5. Replacing the phone icon with a shankh is not innovation. Also, everyone knows about spam farms in Bangladesh and many places in India. So boasting about 1.5 lakh downloads in less than an hour only speaks more about your ignorance and lack of technical knowledge.

6. If you really are promoting "swadeshi app", why are you offering logging in through facebook? I mean even a blind person can clearly see your agenda here.

7. Hike is a messaging app made in India and they are here since long and still it are nowhere near the usage of whatsapp. Selling shit in the name of Make in India is not cool and its high time Patanjali realises this. But then again, it is their only marketting strategy because how else can you sell something as gross as cow urine and that too people buying it voluntarily.

8. If this stunt was carried out to be in the news, well played. You are getting a good amount of publicity, but this time a bad publicity will do more harm than good. People are calling out your bluff and you will get to see the results.

Mr. Baba Ramdev, fraud karo, itna blatant mat karo. India ki public sentimental hai chutiya nahi.

On a 5 hour bus ride for which the company advertised that they have WiFi. Technically they did, it just didn't seem to be connected to anything. (it was but it was unusable). I tried logging into the router as i always do and one default "admin" password later i was in.
I didn't want to mess up anything too badly, however i did change the wpa password to "YouShouldMakeThisABitMoreSecure"

Introduced a ‘new’ logging framework for our web site. Web team is testing the integration and I get an email saying the logging wasn’t working. Instead of sending me how she is searching the logs, she sends me a screen shot of the code (which is ass-backwards of how I documented the logging library, but that’s another rant). OK, she wrote 5 lines of code that should be one line, but OK, the error still should have logged fine. I search the logs, and sure enough, there they are. Errors logged just as they should.
So I email back (with screenshot of the search query and results) asking how she searched for the errors.
Hour later she responds ..”I don’t know.”
That’s it.
WTF do you mean “I don’t know”?…WTF…you are a –bleep-ing developer too! This is not the first –bleep-ing splunk query you’ve written!
OK..I’m calm..feeling better. Wouldn’t be so bad if she emailed just me with the question (I’m not a splunk query expert either, we can figure it out together), but she was sure to cc 3 of the PMs involved in the integration, my boss, and other team members to make it sound like the problem was my code.

<just got out of this meeting>
Mgr: “Can we log the messages coming from the services?”
Me: “Absolutely, but it could be a lot of network traffic and create a lot of noise. I’m not sure if our current logging infrastructure is the right fit for this.”
Senior Dev: “We could use Log4Net. That will take care of the logging.”
Mgr: “Log4Net?…Yea…I’ve heard of it…Great, make it happen.”
Me: “Um…Log4Net is just the client library, I’m talking about the back-end, where the data is logged. For this issue, we want to make sure the data we’re logging is as concise as possible. We don’t want to cause a bottleneck inside the service logging informational messages.”
Mgr: “Oh, no, absolutely not, but I don’t know the right answer, which is why I’ll let you two figure it out.”
Senior Dev: “Log4Net will take care of any threading issues we have with logging. It’ll work.”
Me: “Um..I’m sure…but we need to figure out what we need to log before we decide how we’re logging it.”
Senior Dev: “Yea, but if we log to SQL database, it will scale just fine.”
Mgr: “A SQL database? For logging? That seems excessive.”
Senior Dev: “No, not really. Log4Net takes care of all the details.”
Me: “That’s not going to happen. We’re not going to set up an entire sql database infrastructure to log data.”
Senior Dev: “Yea…probably right. We could use ElasticSearch or even Redis. Those are lightweight.”
Mgr: “Oh..yea…I’ve heard good things about Redis.”
Senior Dev: “Yea, and it runs on Linux and Linux is free.”
Mgr: “I like free, but I’m late for another meeting…you guys figure it out and let me know.”
<mgr leaves>
Me: “So..Linux…um…know anything about administrating Redis on Linux?”
Senior Dev: ”Oh no…not a clue.”

It was all I could do from doing physical harm to another human being.
I really hate people playing buzzword bingo with projects I’m responsible for.

Only good piece is he’s not changing any of the code.

I previously worked as a Linux/unix sysadmin. There was one app team owning like 4 servers accessible in a very speciffic way.
* logon to main jumpbox
* ssh to elevated-privileges jumpbox
* logon to regional jumpbox using custom-made ssh alternative [call it fkup]
* try to fkup to the app server to confirm that fkup daemon is dead
* logon to server's mgmt node [aix frame]
* ssh to server directly to find confirm sshd is dead too
* access server's console
* place root pswd request in passwords vault, chase 2 mangers via phone for approvals [to login to the vault, find my request and aprove it]
* use root pw to login to server's console, bounce sshd and fkupd
* logout from the console
* fkup into the server to get shell.

That's not the worst part... Aix'es are stable enough to run for years w/o needing any maintenance, do all this complexity could be bearable.

However, the app team used to log a change request asking to copy a new pdf file into that server every week and drop it to app directory, chown it to app user. Why can't they do that themselves you ask? Bcuz they 'only need this pdf to get there, that's all, and we're not wasting our time to raise access requests and chase for approvals just for a pdf...'

oh, and all these steps must be repeated each time a sysadmin tties to implement the change request as all the movements and decisions must be logged and justified.

Each server access takes roughly half an hour. 4 servers -> 2hrs.

So yeah.. Surely getting your accesses sorted out once is so much more time consuming and less efficient than logging a change request for sysadmins every week and wasting 2 frickin hours of my time to just copy a simple pdf for you.. Not to mention that threr's only a small team of sysadmins maintaining tens of thousands of servers and every minute we have we spend working. Lunch time takes 10-15 minutes or so.. Almost no time for coffee or restroom. And these guys are saying sparing a few hours to get their own accesses is 'a waste of their time'...

That was the time I discovered skrillex.

Inmates are trying to take over the asylum again.

Got a message from the web team manager deeply concerned because since switching to the new logging framework, the site is significantly slower.

She provided no proof or any data to what 'significantly slower' means.

#1 The 'new logging' has been in place and logging for 5 years. We only recently depreciated the ILogger interface ('new' ILogger interface only has 1 method instead of 5)
#2 The 'old logging' was modified 5 years ago, so even if you were using the 'old' interface, the underlying implementation is still the same.

She tried to push the 'it wasn't this slow before' argument, so I decided to do some fact based analysis.
Knowing they deployed their logging changes couple of weeks ago, I opened up AppDynamics, looked at the average call time to Splunk (along with a few other http calls they are doing)
- caching services - 5ms
- splunk - 30ms
- Order Service - 350ms
- Product Data Service -525ms

Then I look at the data they are logging, for the month of June, over 5 million messages. At 30ms each, that's almost 42 hours spent logging errors...yes errors. Null reference exceptions, Argument exceptions, easily fixable stuff.

So far for the month of July (using the 'new' logging), almost 2.5 million errors. Pretty close so far with June's numbers.

My only suggestion was to fix the bugs in their code so they don't log so many errors.

Her response.."Can we have one of our developers review your logging code? We believe we can find ways to optimize the http requests"

Oh good Lord. I'm not a drinking man..but ...I might start.

OMFG I don't even know where to start..
Probably should start with last week (as this is the first time I had to deal with this problem directly)..

Also please note that all packages, procedure/function names, tables etc have fictional names, so every similarity between this story and reality is just a coincidence!!

Here it goes..

Lat week we implemented a new feature for the customer on production, everything was working fine.. After a day or two, the customer notices the audit logs are not complete aka missing user_id or have the wrong user_id inserted.
Hm.. ok.. I check logs (disk + database).. WTF, parameters are being sent in as they should, meaning they are there, so no idea what is with the missing ids.

OK, logs look fine, but I notice user_id have some weird values (I already memorized most frequent users and their ids). So I go check what is happening in the code, as the procedures/functions are called ok.

Wow, boy was I surprised.. many many times..
In the code, we actually check for user in this apps db or in case of using SSO (which we were) in the main db schema..
The user gets returned & logged ok, but that is it. Used only for authentication. When sending stuff to the db to log, old user Id is used, meaning that ofc userid was missing or wrong.

Anyhow, I fix that crap, take care of some other audit logs, so that proper user id was sent in. Test locally, cool. Works. Update customer's test servers. Works. Cool..

I still notice something off.. even though I fixed the audit_dbtable_2, audit_dbtable_1 still doesn't show proper user ids.. This was last week. I left it as is, as I had more urgent tasks waiting for me..

Anyhow, now it came the time for this fuckup to be fixed. Ok, I think to myself I can do this with a bit more hacking, but it leaves the original database and all other apps as is, so they won't break.
I crate another pck for api alone copy the calls, add user_id as param and from that on, I call other standard functions like usual, just leave out the user_id I am now explicitly sending with every call.
Ok this might work.

I prepare package, add user_id param to the calls.. great, time to test this code and my knowledge..

I made changes for api to incude the current user id (+ log it in the disk logs + audit_dbtable_1), test it, and check db..
Disk logs fine, debugging fine (user_id has proper value) but audit_dbtable_1 still userid = 0.

WTF?! I go check the code, where I forgot to include user id.. noup, it's all there. OK, I go check the logging, maybe I fucked up some parameters on db level. Nope, user is there in the friggin description ON THE SAME FUCKING TABLE!!
Just not in the column user_id...

WTF..Ok, cig break to let me think..

I come back and check the original auditing procedure on the db.. It is usually used/called with null as the user id. OK, I have replaced those with actual user ids I sent in the procedures/functions. Recheck every call!! TWICE!! Great.. no fuckups. Let's test it again!
OFC nothing changes, value in the db is still 0. WTF?! HOW!?

So I open the auditing pck, to look the insides of that bloody procedure.. WHAT THE ACTUAL FUCK?!
Instead of logging the p_user_sth_sth that is sent to that procedure, it just inserts the variable declared in the main package..
WHAT THE ACTUAL FUCK?! Did the 'new guy' made changes to this because he couldn't figure out what is wrong?! Nope, not him. I asked the CEO if he knows anything.. Noup.. I checked all customers dbs (different customers).. ALL HAD THIS HARDOCED IN!!! FORM THE FREAKING YEAR 2016!!! O.o

Unfuckin believable.. How did this ever work?!

Looks like at the begining, someone tried to implement this, but gave up mid implementation.. Decided it is enough to log current user id into BLABLA variable on some pck..
Which might have been ok 10+ years ago, but not today, not when you use connection pooling.. FFS!!

So yeah, I found easter eggs from years ago.. Almost went crazy when trying to figure out where I fucked this up. It was such a plan, simple, straight-forward solution to auditing..

If only the original procedure was working as it should.. bloddy hell!!

Is it just me, or does anyone miss logging into a Unix/Linux machine, doing a 'w' or 'who' and seeing a long list of folks all using the machine simultaneously? I still reflexively run 'who' as soon as I log into any real or virtual Unix or Linux machine and I am still slightly disappointed to find I'm all alone on it.

I'm planning on writing an open source (and much improved) version of my logger, but I'm stuck on picking a name :<

So, anyone have naming suggestions for a tagged and branching/nesting logging library? (ES6)

(I don't think "deforestation" is a good choice. sounds kinda bad.)

Managed to make myself look like a fucking moron again today...

Can't mount NFS share, get "permission denied". Huh, that's weird... It's correctly exported.

Well it's correctly exported and rpcinfo -p $HOST times out... Must be firewall rule.

Firewall rule is changed but still no joy "permission denied"... Fuck sake networks, can't you do anything right first time?!!!

Firewall rule is correct I am reliably informed... Go about proving that it's not fucking correct and provide "evidence" to show this, I was a little bit more blunt than was strictly required.

Networks say they will take another look.

I turn NFS logging to verbose for my own interest and notice the line "path/to/directory is not a valid directory".

I, as a moron, had missed a "/" at the start of the path. That's why I still couldn't mount after the firewall change.

Go over and apologise in person and explain how I'm a total idiot.

I was noticing some slow network and it was dropping some connections. So I booted up my old XP install with Java 6 so connect to the ASA 5505, I see it’s logging max connections of 10000 has been reached.

Fine, I recon it’s my colleague backing up his entire machine to Google Drive.
Because when he shut it off, n connections dropped.

I check back in the log, and I see there’s 4-500 connections happening per second, I think WTF and check the source IP. Lots of random IPs from Vietnam, all going to a Windows2008 Server using rdp.

(I didn’t setup our servers, so I didn’t know which server it was accessing)

Ask my other colleague, he told me it’s a windows server from an earlier project that’s not used anymore.
I rdp into it, see there’s users logged in from around the world, and I immediately do a shutdown.

Would you look at that, connections per second dropped to about 50.
I guess that server isn’t going back online ever.
And I now need to ask management for a budget to update our network infrastructure, because the old ASA 5505 is begging me to die.

TL;DR gg previous employees didn’t shut down old servers and left them open to the world to enjoy

Logging levels: Verbose, Debug, Info, Warning, Error, What a Terrible Failure

I've started logging my sleep patterns on a spreadsheet. Hoping to get some interesting statistics eventually.

Thanks to mandatory password change, today:

- My windows account got locked because my phone kept logging into wifi using
old password.
- Google Hangouts were silently running in background with old session until I re-opened it. Work of others delayed by 4 hours due to missing message notifications.
- Docker for Windows lost credentials needed to use SMB mounts - 1h of debugging why my containers mount empty folders ( now I will know)
- Google G-Sync for Outlook asked for new password on outlook restart - few mails delayed.

All of that for sake of security that could be easily solved with 2FA instead, not faking that "I do not change number at the end of my password"

TL;DR: Learn, trust, and use your debugger.

Today I learned a valuable lesson I had 100% forgotten as a result of doing JS development for so long.

Debuggers are a programmer's best friend.

It's logical in JS to do a quick console.log, save, and reload to see how things work. I haven't used a debugger since I did C# dev easily over a year ago.

I'm now developing a game of mine in C++, and HO MAN was I wrong about debugging using logging. Sent me on a 2 hour wild goose chase.

Rewind:

I wrote the first test of the first file in this project, and it is tossing a "double free or corruption" error every time. Confused the hell out of me, because I don't know how on earth this could even be possible.

Run Valgrind, all is green. k. Why is there no double-free error when I run Valgrind?

I do logging, and it indicates a function unrelated to the actual problem. Two hours of me experimenting, I get fed up and decide to
-DCMAKE_BUILD_TYPE=Debug, run gdb, and give 'er shit.

The function I thought it was? Perfectly fine. No errors, no bugs, runs great. Next 5 lines, no errors. Program exit, BAM. Error.

I know perfectly well what happens to objects on the stack when a scope-block breaks, so I look into the destructor of the class, and go line-by-line there, where I find it.

I was do a while loop, seeing using std::queue's queue::front function and checking if it returns nullptr. TURNS OUT, that's not what you should do. So instead, I iterate up from 0 to the queue::size, and it works just fine.

Fuck me, right? Haha, well, lesson learned. Trust thy debugger.

You know the worst thing about being a freelancer? You're expected to wear every fucking hat and you don't get normal hours.

Over the past few days I have been working with a client of a client attampting to fix his server. He's running CentOS on VMWare and somehow ended up breaking the system.

Upon inspection there was no way to fix his system remotely. It wouldn't even boot in recovery mode. So we've been attempting to recover his data so that we can reinstall CentOS and not have to start completely from scratch.

So for the past 3 days straight I have been remotely logging in to a Debian Live CD and manually sending folders to a FTP server of his. He has somewhere close to 30 sites on this server, and upwards of 1 million files in total.

Yesterday either the system freaked out or he did something, but the entire fucking system stopped responding which forced me to reboot it, reinsert the live CD, reinstall evertything, and re-mount his broken systems drives.

Here we are 3 days in, we're still not done, and I'm getting slightly pissy because if you don't know Linux well enough to fix this shit yourself, you shouldn't be acting as your own sysadmin for 30+ sites.

Also, backups are a thing right? VMWare also has snapshots. I know the extra storage isn't cheap, but it's a hell of a lot cheaper than paying soemone like me $35/hr to go and fix all of your shitty mistakes.

When you take procrastination to another level... Adding Good looking table style output with emoji in a logging script which is only to be used once in a lifetime 😁

Having trouble logging into an app I am suppose to be working on with another dev. Debugging and found this:

// TODO: Temporary Optional because the API is not working properly

... i'm not happy for so many reasons

Hello devRant, this is going to be my first time posting on the site.

I work for a gaming community on the side, and today one of the managers asked me to implement a blacklist system into the chat and reactivate the previously existing one temporarily. This shouldn't have had any issues and should've been implemented within minutes. Once it was done and tested, I pushed it to the main server. This is the moment I found out the previous developer apparently decided it would be the best idea to use the internal function that verifies that the sender isn't blacklisted or using any blacklisted words as a logger for the server/panel, even though there is another internal function that does all the logging plus it's more detailed than the verification one he used. But the panel he designed to access and log all of this, always expects the response to be true, so if it returns false it would break the addon used to send details to the panel which would break the server. The only way to get around it is by removing the entire panel, but then they lose access to the details not logged to the server.

May not have explained this the best, but the way it is designed is just completely screwed up and just really needs a full redo, but the managers don't want to redo do it since apparently, this is the best way it can be done.

So we have an API that my team is supposed send messages to in a fire and forget kind of style.

We are dependent on it. If it fails there is some annoying manual labor involved to clean that mess up. (If it even can be cleaned up, as sometimes it is also time-sensitive.)

Yet once in a while, that endpoint just crashes by letting the request vanish. No response, no error, nothing, it is just gone.

Digging through the log files of that API nothing pops up. Yet then I realize the size of the log files. About ~30GB on good old plain text log files.

It turns out that that API has taken the LOG EVERYTHING approach so much too heart that it logs to the point of its own death.

Is circular logging such a bleeding edge technology? It's not like there are external solutions for it like loggly or kibana. But oh, one might have to pay for them. Just dump it to the disk :/

This is again a combination of developers thinking "I don't need to care about space! It's cheap!" and managers thinking "100 GB should be enough for that server cluster. Let's restrict its HDD to 100GB, save some money!"

And then, here I stand trying to keep my sanity :/

My predecessor used auth as a bool. The only way he kept basic users from accessing admin functions was by including the word "admin" or "user" in the URL so any user could be the administrator by just changing the URL parameters after logging in

For example, mysite.com/admin/editorderdetails vs. mysite.com/user/editorderdetails

ALMOST HALF AN HOUR SPENT TRYING TO LOG INTO MY FUCKING RASPBERRY PI OVER SSH.

you know what the problem is?

I’m not gonna tell you because I want you to feel the agony too.

> be me
> want to set up a nextcloud instance on pi to play with
> boot up
> ssh pi
*enter password*
*password incorrect*
^tries like 60 more times with different things
> pulls HDMI out of PC
> connect to pi direct
*please login*
*enter password*
Hackerman_voice_im_in.mp3
Wtf.xml
> check the logs
>try login from phone
Fuckyou.jpg
>Tries resetting password
Fuckyou-final.jpg
>tried logging into other pi
Fuckyou-final2.jpg
>*wtf’s harder*
Andthenithitme.png
>type @ sign
Pi: “
> OHHHHHHH

It was the first time I worked on a big project with a big team, I looked at the given code and copied their code style.

I finished very fast and everything was working fine, was really proud of myself. I'd like to add some logging though.

Programm failed it was heavily async and parallel so 2 days of debugging had past the whole team was on board nobody knew what went wrong there.

As I stared into the darkness of my code I suddenly saw what went wrong 😂

As I adopted no curly braces style of the Team for

If (condition)
Justine();

And I added logging above without braces everything broke 😂 it was indented properly so as a heavily python user everything looked fine

Wow. Can't access a news article in an incognito tab without logging in or subscribing. This happened in Firefox and Chrome in mobile and desktop views on Android.

Enter full rant mode. Go!

Ok I've been wanting to rant about this for a while...

A while ago I brought my laptop to school to work on a project. While at school I decided to connect to the school wifi. Back then they had one of those things where you connect to the wifi network, then go to a webpage and authenticate from there. (They've since switched to a general WPA or whatever type thing, which obviously works a lot better.)

Note that this school board is a big one, it's probably got at least 100 schools and the area it operates in has around 6 million people. So it's pretty big.

So I was logging in to the wifi, I connected to the network then opened up firefox to authenticate. It redirected me to the authentication page where I typed in my student ID and password and clicked the submit button. It started loading the next page.

Then... my computer froze.

I obviously had too many apps open (video editing software, IDE and a bunch of firefox tabs) so it didn't really surprise me. 4GB of ram really isn't a lot.

But then I noticed, with horror, my PASSWORD IN PLAINTEXT PASSED AS A GET REQUEST IN THE URL BAR.

I am not joking. It literally said, amid all the cluttery GET stuff, `&password=` followed by my password in plaintext.

WTF?!? DO YOU SERIOUSLY KNOW NOTHING ABOUT SECURITY? AT LEAST USE A POST REQUEST, NOT A GET!!!

For you non-techie people, this means that my password is in the URL address that the page redirected to which means that the password, as well as being displayed in plaintext on the screen, is also stored in my browsing history. Definitely insecure.

I actually had to cover up that part of my screen with my hand until my computer unfroze. Ugh. I never got a chance to complain to the school board though as they switched to a native authentication system (wpa or whatever it is).

BUT SERIOUSLY!!! FOURTH LARGEST SCHOOL BOARD IN FUCKING NORTH AMERICA!!! YOU GUYS SHOULD KNOW BETTER!!

End rant, have a nice day

So I was logging into google today and my password is very long so I often make mistakes while typing it so I went to inspect element to change input type to text so that I can check the password and I see that Firefox is storing my password already as plain text. Wtf Firefox???

"Wait, we're logging all web traffic now?"
Me: You're the security engineer, you asked him to do it!
"I know but I didn't think he would actually do it!"

🙄😑

In order to reduce support costs, manager instructed his team to remove all logging/reporting of errors in the company’s CRM application.
Team’s support tickets went down 80%, manager received an award for his efforts, but mysteriously, DBA/support workload increased, bad/missing data,
increased support tickets in other areas of the business (shipping, etc. that relied on correct data from the CRM) and other side-affectual behavior.
Even after pointing this out this correlation, showing before/after code, no one believed the two were related and I was accused of not being a ‘team player’.
“You and the other teams need to learn from his example!”. As ‘punishment’ was I was moved to the team managing the CRM application.

Putty, you son of a bitch. Why do you call the logging option "All session output" if you don't include binary zeros in the output? Zeros don't count as "all" or what?
Then call the option "All session output without zeros", that would have saved me some time and prevented handing out false data.

So I have a script that runs every time I turn on my PC. The script copies a few files to a ftp server in my basement. Forgot to turn off logging....

Opend the file in Notepad, and would you look at that, 1 GB of ram..? WTF?

Edit: Managed to open the file, turns out that it's been exactly one year since I started using the script.

We are required to use corporate SSO for any authenticated internal websites, and one of the features they require you to implement is a "logout" button.

They provide a whole slew of specifications, including size and placement/visibility, etc. They provide an SSO logout URL you must redirect to after you take care of your own application logout tasks.

Makes sense... except the logout URL they provide to serve the actual SSO logout function broke over 3 months ago, and remains non-functional to this day.

Apparently I'm the first person (and perhaps one of the only people) who reported it, and was told "just not to worry about it".

So, we have a standing feature request to provide a button... that doesn't actually work.

Corporate Security - Making your corporation _appear_ more secure every day...

The problem I have with atom, vscode, sublime, and notepad++ is that none are available on the command line over SSH, inside tmux. And that's where I do the vast majority of my text editing.

The first text editor I used on the command line was pico, the technological successor of which is nano. I used it because when I was in college in the late '90s, we used pine for our email, and pico was the default editor for pine.

When I got my first job out of college in 2000, I found out about vi, and very quickly fell in love with it, and its technological successor: vim.

The only reason I've never gotten into emacs is because I've never wanted for more than vi/vim. And also because as a system administrator, I'm logging into dozens, of not hundreds of servers a day. While vi or vim is guaranteed to be on all of them, emacs is not.

So, for me, the use of a desktop text editor like the ones I mentioned at the beginning of this post, just doesn't make sense to me. I almost never edit files that live on the computer where I'm sitting, and I'm not interested in doing a commit/push every single time I want to rerun a script.

Me: After 3 days of deliberation, I finally picked a framework, I can jump into the rewrite

*2 hours of inspired coding later

I finished the configuration validation and logging setup! What was that framework again?

Turns out that providing a path with read/write permissions is much easier than spending the morning trying to find the non-existing bug in my logging method that tries to write to a protected location 🤦

Client: "I cant logging me in"
Me: "Ok do you know your username? "
Client: "yes, off course"
Me:"ok, which password do you use?"
client: "I looked to my colleague... 5 stars"
Me: 🤐😣😯😭😭

TL;DR: Google asked me to PROVIDE a phone number to verify connection from a new device, on the said device.

Yesterdayto log into my work Google account from my personal laptop to check emails, calendars update and so on. I opened up a private navigation window, went to Google sign-in page, entered my credentials, all is well.

Google then decided to "verify it's me" and prompted me to PROVIDE a phone number (work account without work phone means no phone number set up) so that they can send a verification code to the number I just provided to make sure the connection is legit.

Didn't want to do that, clicked "use another method" and got asked to fill the last password I remember, which would be my current password thanks to my trusty password manager. After submitting, I'm prompted with an error saying I have to contact my admin to reset my password because they can't log me in with my CURRENT password.

I ain't gonna do that, so went back to login page, provided my phone number, got the code, filled in the code, next thing I know I'm browsing through my emails.

What the duck? Could have been anybody giving any phone number. So much for extra security.

Also don't care that they have my phone number, the issue is more about the way used to obtain it: locking me out of my account and having no other way of logging in.

Was logging in my student account to check whether the system actually registered my admission and here I go.

And this is not just some college. This is a website every engineering student shall use throughout the country.

Also this is not the first time this happened.

logging in to SO,

used wrong google account,

spent 10 minutes trying to find logout button,

googled the issue,

found the answer on meta SE,

login with google, stuck in the same account,

googled how to switch account,

nothing works,

cleared browser cache,

switched account successfully,

forgot why I'm logging in,

Finding the right balance between well written, need-one-week, maintainable software, and fast-written, ready-in-2-hours-and-never-look-at-it-again software.

Last time it took me 20 minutes to integrate with a new API. I had a script that did everything you needed. I then spent 2 weeks on handling error responses, unexpected responses, exceptions, intelligent retries, logging, unit tests, integration tests, caching, documentation, etc.

At NYU doctor's office that forces me to register a temp account to use their WiFi.

I get an email saying my medical records have changed so I try logging into the site to check.

Site can't be accessed on the network..,

A set of common utilities for node.js, things like better logging, password hashing

Deleting debugging/logging lines instead of commenting them out, when there is 95% chance that I will need them again

I dont need DuckDuckGo,
I dont need any VPN
I dont need all of this "Internet Privacy Service" BULLSHIT which my ISP wants me to use,
I DONT NEED ANY OF THIS FUCKING SHIT!
AND I DONT WANT IT EITHER!
I HAVE MY OWN PI HOLE!
AND THATS FUCKING ENOUGH FOR WHAT I NEED! STOP TELLING ME ABOUT ALL THIS "We are clearly not logging your shit" WHILE YOU DO!!
Because I have my own shit!

Thx

Last year I planned to start a startup. I've started many good things but not the startup yet.

* A new data format
* A new data type
* A new web framework
* A new concept for logging
* And many other opensource tools and libraries

Ok, so one of the oldest guy is leaving from my company (on a good note) and he was involved in multiple things in our organization. From having access to almost everything (AWS, Github and owning multiple projects and our legacy code). I am supposed to take KTof one project and man THE CODE IS MESS. YOU DONT PUT A RANDOM NUMBER WHILE CALLING A FUNCTION. You are supposed to define a constant and use that. I've told my manager that I need at least 1 week just to improve logging.

What a great login page:
{"message":"Error logging in."}

Goes back to high school.....

Me: This laptop is having issues logging into the network. I have tried restarting as well as restarting the WiFi. You probally should submit a ticket so IT knows it is broken.
Teacher: They would not fix it anyway.
Me: *facepalm*

TL;DR: Teacher thinks that telling IT to fix a computer would result in nothing happening.

Upgrading. We like to upgrade our stuff, whether it's software, operating systems or hardware. When it works its great but when it dosen't...

All my BAD experiences have been with upgrading.

One day I was using Jumla (a CMS) that controlled a big online clothing store. Noticing that Jumla was 0.01 versions behind I decided to 'upgrade'. This caused the entire site to break, maxed out the space on the server and eventually lost my job and that day the company supposably lost $10,000.

Today's f#ck up made me write this rant. Me and a friend own a local development company and we have a small Digital Ocean server for client website previews (before they get there own hosting). We have a few projects going at the moment and yesterday we sent a few links to clients so they could see there new website. This morning I woke up, read a few emails and ssh'd onto the server to read logs and what not. I got a bit side tracked, reading about the benefits of Ubuntu 17. You can already see where this is going... I innocently Google: "How to upgrade to Ubuntu 17". Surprisingly after running the commands and downloading the updates it was worked well. Everything was working. Then I restarted. I waited about 15 seconds and tried logging in again. Timeout after timeout. Something was wrong. I checked the console via the online Dashboard and see a page full of Kernal errors. I contacted the hosting people and they were able to help by referring to some guides but after 5 hours of cranking through errors and not winning I give up.

*Email from client*
Hello again,
The website you sent via link isn't working, can you fix this as I would like to show our CEO,
Thanks, Mike.

I destroy the droplet (server), making a new one. I have to setup and secure the server. Generating new SSH keys, new user accounts as well as installing AND configure Apache, PHP and MYSQL. I then had to upload 5gb of backups via SSH (not fast), go through each clients backup, including web files and databases and distributing where it needs to go.
Discovering that one of the DB's name changed last week and therefore our backup script failed to save it, we were forced to rewrite 10 pages of website content.

From 10 yesterday morning to 2 this morning, a total of 14 hours (I think) sitting in front of my computer trying to fix a problem that would have never occured if I didn't "upgrade"

So here's a rant I never thought I'd write.

I'm pretty happy with my current job. I'm working for a small non-tech business where I'm making a complete solution by myself. It's pretty chill just coding away all day and being my own project owner and manager.

The iffiest aspect is that my boss(es) don't know what (or if) I'm working on when I'm implementing a vital logging system, fixing bugs that cropped up due to implementing necessary, baseline security, and so on. They see a login page and figure the entire project is shippable, and when the login breaks because I'm configuring the wsgi for https the reaction is "it worked, why mess with it; just put it how it was". But I digress.

Today I got a job offer with a pay increase that made me exclaim "are you fucking serious" irl, in a business with a more professional environment consisting of senior devs, and with benefits I had never heard of.

I can't not accept, but that means just legacying the entire project I'm working on here. They'd basically be left with nothing after shelling out wages for me for these few months. Keep in mind this is a fairly small business who debated if they could afford this to begin with.

Disregarding whether they are willing/able to make it hard for me to leave, it stabs me in my scrubby dev soul to up and leave on a personal level.

They had a 3d printer at the other place though.

Yay! My first bash project :D
disclaimer - my bash is not pretty. yet.

Why I created it?
I encountered several footlong scripts in a new project at work. And they had no logging. And I am in charge of making it sing again. So here it is a tiny logging framework.

The scrum master for the project I'm working on decided to help out with changing some code (I'll add he's got a master's in software engineering and very proud about it..aka..big ego). It took him two days...yes two days to write the attached code.
I reviewed his code and sent back a response (code took about 15 seconds to write) including the link to the logging documentation explaining what fields were and were not necessary. Not sure how will look in devrant ...

var data = new InformationalDataPoint
{
Properties =
{
["RMANumber"] = rma,
["InvoiceID"] = invoiceId
}
};
Logger.Log(data);

He's stopped talking to me. Our next scrum meeting with the product owner should be ...um...awkward.

I can't login ffs
I don't care that it shows an impossible number of characters honestly, but I don't get why that should prevent me from logging in to any of these servers

For that matter, why the fuck is number of characters a signed int?

Yesterday, I put the final touches on a massive system using hundreds of classes, with thousands of lines of code, all easily maintained because of the way I used abstract classes, and coding to an interface, stubs, etc. And all instantiated with a near english fluent api. With detailed logging and even contacts me when there's problems, result of a year's work. I felt like a genius

Today, this fucking simple contact form that won't do what I want it to for the past 4 hours...

Fuck! I check my server before leaving and it's fine. I leave to go to see my dad for the weekend and maybe I can remote ftp&mysql into it. No! it crashes the minuet I try logging on!!!!!

You are a developer and you will only log time you're actually working. This means you will not be logging time spent in meetings, chasing for specs, requirement clarifications and similar. You must log 8 hours each day.

^^-- wtf?!? Is anyone else working in similar conditions?

At work, all errors within the site are logged into our database with a subject and error column. SQL errors are logged in the subject field while the traceback is put in the error column. However, a lot of SQL errors are really large and exceed the max character width of the subject field, causing yet another SQL error, and the cycle repeats. This recursive error has been the bane of my existence, because 1) it times my local dev instance out and 2) the error doesn't end up getting logged because the server both freezes and the error can't be inserted in the database. You can't even begin to imagine how many hours I've wasted trying to find what line I changed cause total and utter failure with absolutely 0 error logging. Next thing on my todo list is to fix this fucking issue since the head dev refuses to get it done.

So, this incident happened with me around 2 years ago. I was pentesting one of my client's web application. They were new into the Financial Tech Industry, and wanted me to pentest their website as per couple of standards mentioned by them.

One of the most hilarious bug that I found was at the login page, when a user tries logging into an account and forgets the password, a Captcha image is shown where the user needs to prove that he is indeed a human and not a robot, which was fair enough to be implemented at the login screen.

But, here's the catch. When I checked the "view source" option of the web page, I saw that the alt attribute of the Captcha image file had the contents of the Captcha. Making it easy for an attacker to easily bruteforce the shit outta the login page.

You don't need hackers to hack you when your internal dev team itself is self destructive.

Why doesn't Twitter have a public API without authentication for simple stuff, such as reading tweets. One can do that without logging in on the website, why shouldn't code be able to do it.

I made Skype Bot which queries the data using wsdl authentication on our ticketing tool and send the data whoever has requested in skype itself(without logging or touching the ticketing tool).

Manager: Is that even possible?

Me: (In excitement) Everything is possible if you have the will.

Now, He wants me to work on his pet project. I dont know how to react!

Must say, it's lookin' pretty neat 😉

Microsoft and their dev tools...

> Trying to login to Azure VM
> Get an error, saying that password needs to be changed before logging in the first time
> Head over to Azure portal, try resetting password
> Password reset is not successful. Reason: Account already exists (???)
> Google the error message. Found solution (coming from a Microsoft employee!): Create a new user, login with that, fix the password for user #1 inside the VM, then delete the new user

What's wrong with these people? 😂

Spotted a new feature that had just recently being completed: "Disable all Logging due to noise". What.

Us on the Ops team just died a bit inside...

I like my log messages to indicate automatically where in the code something happened, so that I can easily identify where a message originated from while tracking down problems.

In C/C++ this is nice and easy - write a logging routine, wrap it in macros for the different log levels and have that automatically output __FILE__, __LINE__ etc.

I wanted to do something similar in NodeJS, as I'd found myself manually writing the file name in the log message and then splitting functionality out into new files and it became a mess.

The only way I found to be able to do this was to create an "Error" object and access the "stack" member of it. This is a string containing a stack backtrace, suitable for writing to console/file. I just wanted the filename/line/routine.

So I ended up splitting the string into lines, then for each of the lines, trimming the surrounding spaces (or tabs?), and parsing them to see if the stack entry is inside my logger module. The first entry outside of that module must therefore be the thing that called it, so I then parse out the routine or object and method, filename and line number.

It's a lot of clumsy work but the output is pretty neat. I just wish it were simpler!

Logging into my school website when... WHY DO YOU USE 🤬 FRNCH FOR BOOLEAN IN THE URL M🤬F

Ok, I know this is a francophone college, but come on!

When working on a project first create a good error logging feature

Nothing makes me not want to take a full-time job at your company more than having to go through IT tickets every quarter year when my password expires to actually change my password. Why have a fucking self-service portal for employees if logging in with an expired password doesn't work and the reset password link tells me that I need to log in to enroll with security questions (???). It feels like these websites are glued together with sticks and spit and there's a million of them each sporting one specific purpose! I have to go through this shit multiple times since I'm an intern and I didn't have access to my account through the course of the semester. Get your fucking shit together!

SO MAD. Hands are shaking after dealing with this awful API for too long. I just sent this to a contact at JP Morgan Chase.

-------------------
Hello [X],
1. I'm having absolutely no luck logging in to this account to check the Order Abstraction service settings. I was able to log in once earlier this morning, but ever since I've received this frustratingly vague "We are currently unable to complete your request" error message (attached). I even switched IP's via a VPN, and was able to get as far as entering the below Identification Code until I got the same message. Has this account been blocked? Password incorrect? What's the issue?

2. I've been researching the Order Abstraction API for hours as well, attempting to defuddle this gem of an API call response:

error=1&message=Authentication+failure....processing+stopped

NOWHERE in the documentation (last updated 14 months ago) is there any reference to this^^ error or any sort of standardized error-handling description whatsoever - unless you count the detailed error codes outlined for the Hosted Payment responses, which this Order Abstraction service completely ignores. Finally, the HTTP response status code from the Abstraction API is "200 OK", signaling that everything is fine and dandy, which is incorrect. The error message indicates there should be a 400-level status code response, such as 401 Unauthorized, 403 Forbidden or at least 400 Bad Request.

Frankly, I am extremely frustrated and tired of working with poorly documented, poorly designed and poorly maintained developer services which fail to follow basic methodology standardized decades ago. Error messages should be clear and descriptive, including HTTP status codes and a parseable response - preferably JSON or XML.
-----

This whole piece of garbage is junk. If you're big enough to own a bank, you're big enough to provide useful error messages to the developers kind enough to attempt to work with you.

Logging work in Jira, because it goes against the whole ethos of trusting people to get the work done when they have to log exactly how much time they spent on each individual story. It also doesnt account for pair programming. so 2 people log the same time and it looks like the story took twice as long. I’ll stop now because I’m precariously close to opening the “time based estimates” can of worms and thats for another rant.

When older family members have entire notebooks dedicated to logging obscure, easily-hackable passwords, but then download any app in the world that promises to "make your phone run like new!" (by using 30MB more RAM on God-knows how much malware)
We aren't doing a good job of educating people if anyone we know can fall victim to those kinds of hackneyed procedures and snake-oil apps. It's almost painful to watch, and have to be the bad guy by telling someone dear to me they've been making things worse for themselves because of a seemingly harmless app that they were almost proud of.

Royal Mail in the UK have an online service to view invoices they have issued to your business.

To sign up, you are given a link where you create a login email and password. You then provide some info. This is verified (takes a day) and then approved.

Logging in after you are approved prompts you to immediately set a new password. Have to enter existing password as well.

First attempt results in error “must contain upper and lowercase”

Second attempt results in error “password too long”

Thirds attempt results in error “password too long”

Had to set an 8 character password.

At no point was any advice given on how to avoid the errors b fore submitting the password change request.

Old password had to be entered on each attempt.

Helpdesk: We can't figure out our own ambigious error message, you should solve it in another way...

Me: I see in the console that I get an execption response with an ID, you must be logging these exceptions, can't you check those?

Me thinking: you've just reduced yourself to desk without the help part

Time logging in multiple applications that takes so long you have to log that time too!

Boss: I don't want centralized error logging

Me: But we have 50+ client sites running the same web app, why the fuck wouldn't we?

Boss: What if the database is offline, then we wouldn't be able to log exceptions

Me: *beats head against desk*

Setting the log level to wtf is insurance that if it compiles, your app is guaranteed to work.

Ran the build today 4:30 and found out our grunt file is missing some pretty critical error checks without even logging a warning. A dependency was unavailable and it was pushed to production. The site was down for 30+ minutes.

Spent hours troubleshooting an internal app that had zero logging today. It would just terminate, no exceptions, no feedback to the debugger, NOTHING.

Turned out to be the damn corporate virus scanner blocking "malicious" behaviour. Good thing my desk is so heavy or I woulda flipped it...

Just got handed a dozen servers. Documentation shows a (Linux) database cluster is using ldap authentication. I try logging in with my creds. No joy. I look up the root password and log in.

Not only is it not configured to use ldap, it's also not clustered.

I need more coffee.

They call it security questions.
I call it social engineering backdoor.

I'm supposed to enter those questions after logging into my account and I'm not able to skip it nor to set a proper two factor method.

Well, fuck you. Did you ever thought about dying by a two factor method? Ever watched a Saw movie? You got the idea.

Just spend about 2 hours debugging a simple piece of code just to find out it actually worked but never wrote to the logs as it was supposed to...

Docker's encapsulation is amazing! I don't have to know anything about networking to get a swarm running with some demo services all talking to each other and central logging and... oh I fucked something up... better read about networking so I know what I broke

Once I implemented a giant ASCII skull for logging a fatal error in the company's app. Let's just say my feature did not get to production.

Step one:
Change their prompt.

# put this in their .bashrcexport PS1="Login: "

Step two:  
Add an alias for their username, and for any other account names they might try logging in as, for example, 'root'.

# put these in their .bashrc too:aliasjoe='stty -echo; echo -n "Password: ";read;echo;echo "Login failed.";stty echo'aliasroot='stty -echo; echo -n "Password: ";read;echo;echo "Login failed.";stty echo'

Step three:
Try not to laugh your head off, as they struggle.

Login: joePassword:Login failed.Login: joePassword:Login failed.Login:Login:Login: rootPassword:Login failed.Login:Login: pwd/home/joeLogin:

Truly devious folks may want to explore setting the "command-not-found" hook to prompt, read, and echo "Login failed" rather than using various aliases.  You can combine that with changing the PATH to be "/" or some other directory which is devoid of executable programs.

That doesn't cover every case - your victim could still, for example, run /usr/bin/vim or similar - but it goes sufficiently further that I'll omit the implementation for moral reasons.

Project managers moved all the tickets around and then got mad that we couldn't find them to log our time.

Mass mutiny about logging time in general and expected dev hours per week.

They returned the tickets to the old system at least

I spent 2 hours on Python logging system instead of doing real data science.
Really this module feels poorly designed.

I needed to log in on a website in someone else's pc and didn't know the password by heart. I thought I'd log into chrome, if I log out later, what could go wrong right?

Apparently, a lot. It facking merged my bookmarks, history and passwords with hers! And she had shitloads of them! It took me facking hours to clean up the mess chrome created. I trust her, but I still didn't want her to have my passwords etc.

Omg I'm never logging into chrome again elsewhere, what a frustrating facking waste of time

Had Arduino for months, couldn't get MPU6050 working, because of a lack of time and other stuff. (Need it for long term college project, data logging blah blah)
Gave it to project teammate to figure it out, who hates even touching hardware, BTW.

He figures it out in an hour (adjusting baud rate for supply voltage)
I feel like a complete idiot.
🙁

2 hour meeting to brainstorm ideas to improve our system health monitoring (logging, alerting, monitoring, and metrics)

Never got past the alerting part. Piss poor excuses for human being managers kept 'blaming' our logging infrastructure for allowing them to log exceptions as 'Warnings', purposely by-passing the alerting system.

Then the d-head tried to 'educate' everyone the difference between error and exception …frack-wad…the difference isn't philosophical…shut up.

The B manager kept referring to our old logging system (like we stopped using it 5 years ago) and if it were written correctly, the legacy code would be easier to migrate. Fracking lying B….shut the frack up.

The fracking idiots then wanted to add direct-bypass of the alerting system (I purposely made the code to bypass alerting painful to write)

Mgr1: "The only way this will work is if you, by default, allow errors to bypass the alerting system. When all of our code is migrated, we'll change a config or something to enable alerting. That shouldn't be too hard."
Me: "Not going to happen. I made by-passing the alert system painful on purpose. If I make it easy, you'll never go back and change code."
Mgr2: "Oh, yes we will. Just mark that method as obsolete. That way, it will force us to fix the code."
Me: "The by-pass method is already obsolete and the teams are already ignoring the build warnings."
Mgr1: "No, that is not correct. We have a process to fix all build warnings related to obsolete methods."
Mgr2: "Yes. It won't be like the old system. We just never had time to go back and fix that code."
Me: "The method has been obsolete for almost a year. If your teams haven't fixed their code by now, it's not going to be fixed."
Mgr1: "You're expecting everything to be changed in one day. Our code base is way too big and there are too many changes to make. All we are asking for is a simple change that will give us the time we need to make the system better. We all want to make the system better…right?"
Me: "We made the changes to the core system over two years ago, and we had this same conversation, remember? If your team hasn't made any changes by now, they aren't going to. The only way they will change code to the new standard is if we make the old way painful. Sorry, that's the truth."
Mgr2: "Why did we make changes to the logging system? Why weren't any of us involved? If there were going to be all these changes, our team should have been part of the process."
Me: "You were and declined every meeting and every attempt to include your area. Considering the massive amount of infrastructure changes there was zero code changes required by your team. The new system simply worked. You can't take advantage of the new features which is why we're here today. I'm here to offer my help in any way I can with the transition."
Mgr1: "The new logging doesn't support logging of the different web page areas. Until you can make that change, we can't begin changing our code."
Me: "Logging properties is just a name+value pair dictionary. All you need to do is standardize on a name and how you add it to the collection."
Mgr2: "So, it's not a standard field? How difficult would it be to change the core assembly? This has to be standard across all our areas and shouldn't be up to the developers to type in anything they want."
- Frack wads smile and nod to each other like fracking chickens in a feeding frenzy
Me: "It can, but what will you call this property? What controls its value?"
- The look I got from both the d-bags I could tell a blood vessel popped.
Mgr1: "Oh…um….I don't know…Area? Yea … Area."
Mgr2: "Um…that's not specific enough. How about Page?"
Mgr1: "Well, pages can cross different areas, and areas cross different pages…what do you think?"
Me: "Don't know, don't care. It's up to you. I just need a name."
Mgr2: "Modules! Our MVC framework is broken up in Modules."
DevMgr: "We already have a field for Module. It's how we're segmenting the different business processes"
Mgr1: "Doesn't matter, we'll come up with a name later. Until then, we won't make any changes until there is a name."
DevMgr: "So what did we accomplish?"
Me: "That we need to review the web's logging and alerting process and make sure we're capturing errors being hidden as warnings."
Mgr1: "Nooo….we didn't accomplish anything. This meeting had no agenda and no purpose. We should have been included in the logging process changes from day one."
Mgr2: "I agree, I'm not sure why we're here"
Me: "This was a brainstorming meeting as listed in the agenda. We've accomplished 2 of the 4 items. I think we've established your commitment to making the system better. Thank you all for coming."

- Mgr1 and 2 left without looking at me or saying a word.

Who here does time tracking/logging/whatever? More importantly, is forced to do so!

This one happened to me two years ago:

Off on holiday overseas, just arrived and decide to check my Emails. Easy peasy..."Hey, we noticed you're logging in from a different country. We sent a security code to your backup account."

Welp, fine, login to my backup account: "Hey, we..." Can anybody guess the problem here? Yep, my primary account was the backup account for my backup. Lovely circular dependency.

Microsofts solution: Play the guessing game, where you name us Emails, Contacts and Folders to prove it's yours and we might unlock your account... or not (managed to get it back on the 2nd try)

Thank you Microsoft for ensuring my workfree, email-free holiday.

This rant is about myself and anyone whos like me: using logs over a debugger

So, sometimes when I wanna quick check something or make sure, if and when something get's executed or I've ran into a Problem, I add a few log/print statements to check in console.

But I don't think about proper and helpful messages, since they aren't supposed to stay in code. So I often type what comes in my mind, like memes or song lyrics.

The last time this became a huge act, was Code review/ Prototype demonstration with Clients (which I didn't knew about, otherwise I would have removed them, I swear) and Boss and my Code printed "show bob and va...", "send nudes" and stuff... in loop... to stdout

This morning, I was logging in on the site I was working on without problem.

After lunch, I couldn't log in. No reason why.

Then I found out why. Someone modified the login in database, and warned everyone.

Everyone except the ones that are working on the website (me and my team).

"Let's just add a logging system to our dependency"
No. You fucking idiot. DON'T INCLUDE A CUSTOM LOGGING SYSTEM INTO A DEPENDENCY FOR IMAGE MANIPULATION. I DON'T WANT YOUR FUCKING BULLSHIT LOGGING WHEN I'M FUCKING HANDLING IT MYSELF FOR MY ALREADY EXISTING SOFTWARE!! HOW DUMB CAN YOU STUPID MOTHERFUCKER BE TO TELL ME TO JUST "IGNORE" THE MESSAGES IN THE CONSOLE WHEN I'M BUILDING A FUCKING CLI BASED SOFTWARE??!!

The real life of me as a trainee developer:

New system works locally but fails to work in production and dev.

Proceeds at futile attempts to debug for hours to find out that my connection strings in the transforms were nested inside logging.