Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "logging"
Its Friday, you all know what that means! ... Its results day for practiseSafeHex's most incompetent co-worker!!!
We've had a bewildering array of candidates, lets remind ourselves:
- a psychopath that genuinely scared me a little
- a CEO I would take pleasure seeing in pain
- a pothead who mistook me for his drug dealer
- an unbelievable idiot
- an arrogant idiot obsessed with strings
Tough competition, but there can be only one ... *drum roll* ... the winner is ... none of them!
*audience member: what?*
*audience member: no way!*
*audience member: your fucking kidding me!*
Sir calm down! this is a day time show, no need for that ... let me explain, there is a winner ... but we've kept him till last and for a good reason
You see our final contestant and ultimate winner of this series is our good old friend "C", taking the letters of each of our previous contestants, that spells TRAGIC which is the only word to explain C.
Oh I assure you its no laughing matter. C was with us for 6 whole months ... 6 excruciatingly painful months.
We needed someone with frontend, backend and experience with IoT devices, or raspberry PI's. We didn't think we'd get it all, but in walked an interviewee with web development experience, a tiny bit of Angular and his masters project was building a robot device that would change LED's depending on your facial expressions. PERFECT!!!
... oh to have a time machine
Working with C:
- He never actually did the tutorials I first set him on for Node.js and Angular 2+ because they were "too boring". I didn't find this out until some time later.
- The first project I had him work on was a small dashboard and backend, but he decided to use Angular 1 and a different database than what we were using because "for me, these are easier".
- He called that project done without testing / deploying it in the cloud, despite that being part of the ticket, because he didn't know how. Rather than tell or ask anyone ... he just didn't do it and moved on.
- As part of his first tech review I had to explain to him why he should be using if / else, rather than just if's.
- Despite his past experience building server applications and dashboards (4 years!), he never heard of a websocket, and it took a considerable amount of time to explain.
- When he used a node module to open a server socket, he sat staring at me like a deer caught in headlights completely unaware of how to use / test it was working. I again had to explain it and ultimately test it for him with a command line client.
- He didn't understand the need to leave logging inside an application to report errors. Because he used to ... I shit you not ... drive to his customers, plug into their server and debug their application using a debugger.
... props for using a debugger, but fuck me.
- Once, after an entire 2 days of tapping me on the shoulder every 15 mins for questions / issues, I had to stop and ask:
Me: "Have you googled it?"
C: "... eh, no"
Me: "can I ask why?"
C: "well, for me, I only google for something I don't know"
Me: "... well do you know what this error message means?"
C: "ah good point, i'll try this time"
... maybe he was A's stoner buddy?
- He burned through our free cloud usage allowance for a month, after 1 day, meaning he couldn't test anything else under his account. He left an application running, broadcasting a lot of data. Turns out the on / off button on the dashboard only worked for "on". He had been killing his terminal locally and didn't know how to "ctrl + c a cloud app" ... so left it running. His intention was to restart the app every time you are done using it ... but forgot.
- His issue with the previous one ... not any of his countless mistakes, not the lack of even trying to make the button work, no, no, not for C. C's issue is the cloud is "shit" for giving us such little allowances. (for the record in a month I had never used more than 5%).
- I had to explain environment variables and why they are necessary for passwords and tokens etc. He didn't know it wasn't ok to commit these into GitHub.
- At his project meetups with partners I had to repeatedly ask him to stop googling gifs and pay attention to the talks.
- He complained that we don't have 3 hour lunch breaks like his last place.
- He once copied and pasted the same function 450 times into a file as a load test ... are loops too mainstream nowadays?
You see C is our winner, because after 6 painful months (companies internal process / requirements) he actually achieved nothing. I really mean that, nothing. Every thing was so broken, so insecure / wide open, built without any kind of common sense or standards I had to delete it all and start again ... it took me 2 weeks.
I hope you've all enjoyed this series and will join me in praying for the return of my sanity ... I do miss it a lot.
Some guy my girlfriend knows, heard I'm a software developer. He had this 'great' idea on how he wanted to start a new revolutionary way of paying on the internet. He wanted to create a service like paypal but without having the hassle of logging in first and going through a transaction. He wanted a literal "buy now" button on every major webshop on the internet. When I asked him how he thought that would work legally and security wise, he became a bit defensive and implied that since I'm the tech guy I should work out that kind of stuff. When the software was ready, he would have clients lined up for the service and his work would start.
I politely declined this great opportunity14
Hoorah! My code finally works! Now gotta remove those 1000 print statements I used to identify the bugs 😥12
So my friend has two-step authentication for his smartphone.
Now he is not able to find his phone.
So, he tried to find his phone by logging into his google account via Android Device Manager.
Now, it is asking for the authentication pin which is in his phone.😂
He just got deadlocked.13
My classmate just fell for a phishing email from "PayPal."
She was talking about her payment being declined to her friend.
It peaked my attention when she said after logging in, she was lead to a blank page.
I asked if I could see it and it was definitely a phishing email
I will admit, it's one of the most professional phishing email I've ever seen, but the grammar wasn't very professional and the PayPal logo wasn't completely accurate.
Why do these idiots fall for everything?33
After several months of bug fixing, I can proudly say the application I inherited at work has gone a whole day in production without an unhandled exception (from a peak of above 1200 a few months ago).
Well, either that or I've broken the error logging and am now living in blissful ignorance.4
I worked on a greenfield project a couple of years ago. The company had an old solution written in Omnis (heard of it? Yeah, me neither) with an SQL database. My team was to create a completely new web based system... on top of the old database, so the customers could keep their existing stuff.
The dba was an intelligent man, one of the nicest people I've met, and over the course of fifteen years he had made a remarkably terrifying monstrosity of a database. Some years before me they wanted to "future proof" the system and make it "easier to switch to new technologies". So they moved the entire business logic into the database...
I used a tool to create a visualization of said database when we started. It had no views, only tables and sprocs. Look at it! Tables and sprocs are rectangles (well, dots) and any connections are drawn in grey lines. There were no foreign keys, so a tables only visualization only yielded a collection of independent rectangles without a single line.
Now, the stored procedures were bloody MASSIVE. A single procedure that only registered a new interested party and attached them to a property had 2500+ lines and over 150 parameters.
Also, this dba added features and fixed bugs by logging into the respective customers production server and writing SQL.
That database is the stupidest thing I've ever seen a developer do.36
Did you know logging into chrome will auto sync all your fucking bookmarks to that other person's account??
(I use Firefox mainly and chromium for testing.)
I use chrome only for porn. Got shit tons of bookmarks. I login to my friend's sister Gmail on my chrome(for remote desktop - to help fix her computer. Somehow,remote desktop doesn't work on chromium)
Was browsing her pc via remote session and suddenly all of my porn bookmarks appear at the top bar.)
Had to manually select each bookmark in the bookmark manager and delete since CTRL+A won't work during the remote session. Don't know why.
I'm logging my DevRant time as training ... I read all these dumb things that people do, and make mental notes so that I don't do the same thing. Best. Training. Ever.6
So Nvidia doesn't let you use their GeForce Experience app anymore without logging in.
Fuck that, I don't want to login so I can see an FPS counter in my ganes or record them to my local disk or something like that... Fuck you Nvidia and fuck whoever decided that would be a good idea.10
So I own a webshop together with a guy I met at one of my previous contract jobs. He said he had a great idea to sell product X because he can get them very cheap from another European country. Actually it is a great idea so we decided to work together on this: I do everything tech related, he does the non tech stuff.
Now we are more than 1 year in business. I setup a VPS, completely configured it, installed and setup the complete webshop, built 2 custom PrestaShop modules, built many customizations, built a completely new order proces (both front and back end), advertised quite some products, did some link building, ensured everything is in place to do proper SEO, wrote some content pages, did administration and tax declarations, rewrote a part of a PrestaShop component because it was so damn inefficient and horribly slow, and then some more. Much more.
He did customer relation management, supplier management and some ad words campaigns. Promised me many times to write the content for our product pages. This guy has an education in marketing but literally said: I'm not gonna invest in creating some marketing plan. I have no ambition in online marketing.
What?! You have the marketing knowledge and skills but refuse to use it to market our webshop and business? What the fuck is wrong with you?!
Today he says to me: 'Hey man, this is becoming an expensive hobby as we don't sell much and have lots of costs. I don't understand why I should be the one to write these content pages. Everything you did in the past 8 months can be done in less than 20 hours! You are a joke and just made it a big deal by spreading your work over so many months. I know for sure because I currently work at a company where I'm surrounded by front end devs! Are you fucking crazy?! You're a liar.'
He talks like this to me every 2 months or so while he can't even deliver the content for 1 single product in 6 fuckin' months! We even had to refund a few of our customers because Mr. client relations manager didn't respond to their e-mails within 1 fucking week!! So I asked him how could that have happened as you do the client relations and support. Well, he replied to me: 'Why didn't YOU respond to our clients? You don't log on in our back office at least once a day?!'.
Of course I do asshole. But YOU don't. He replied that I was lying just like I was lying about what I did for our business.
So, asshole, let's have a look at PrestaShops logs to see who's logging in daily. Well, you can probably guess who's IP was there in most of the entries. It wasn't his.
So, what the fuck have you been doing then?! You can't even manage to respond quickly to a client?!! We have maybe 50 clients and if we get 1 question a month by email it is already a lot. But you keep bitching, complaining and insulting me instead?!!!
Last time he literally admitted on a WhatsApp conversation that he had and still has the hope that he could just sit back and relax and watch me do ALL the work.
Well, guess what you fucking moron. That's not what we agreed upon. You fuckin' retard think you're so smart but you say EVERYTHING on WhatsApp! Including your promises to me. Thank you you fuckin' piece of dog shit because now I have hard evidence and will hand it over to my lawyer to make you pay every god damn cent for all the hours I've spent working on our business. Oh, and I'll take over the webshop and make it a success on my own because I know damn well how to get relevant traffic and thus customers.
You just go get yourself fucked in the ass without lubricant you fuckin' asshole. I have told you you shouldn't fuck with me because I take business very seriously. I even warned you when you were crossing a line again. Well, if you don't listen... You will pay for the consequences. I will be so damn happy to tell you 'I told you so' with a very very big smile on my face. That momemt WILL come, 'partner'.
Fuck you. You will be fucked. Count on that. Fucking asshole.7
Worst thing you've seen another dev do? Long one, but has a happy ending.
Classic 'Dev deploys to production at 5:00PM on a Friday, and goes home.' story.
The web department was managed under the the Marketing department, so they were not required to adhere to any type of coding standards and for months we fought with them on logging. Pre-Splunk, we rolled our own logging/alerting solution and they hated being the #1 reason for phone calls/texts/emails every night.
Wanting to "get it done", 'Tony' decided to bypass the default logging and send himself an email if an exception occurred in his code.
At 5:00PM on a Friday, deploys, goes home.
Around 11:00AM on Sunday (a lot folks are still in church at this time), the VP of IS gets a call from the CEO (who does not go to church) about unable to log into his email. VP has to leave church..drive home and find out he cannot remote access the exchange server. He starts making other phone calls..forcing the entire networking department to drive in and get email back up (you can imagine not a group of happy people)
After some network-admin voodoo, by 12:00, they discover/fix the issue (know it was Tony's email that was the problem)
We find out Monday that not only did Tony deploy at 5:00 on a Friday, the deployment wasn't approved, had features no one asked for, wasn't checked into version control, and the exception during checkout cost the company over $50,000 in lost sales.
Was Tony fired? Noooo. The web is our cash cow and Tony was considered a top web developer (and he knew that), Tony decided to blame logging. While in the discovery meeting, Tony told the bosses that it wasn't his fault logging was so buggy and caused so many phone calls/texts/emails every night, if he had been trained properly, this problem could have been avoided.
Well, since I was responsible for logging, I was next in the hot seat.
For almost 30 minutes I listened to every terrible thing I had done to Tony ever since he started. I was a terrible mentor, I was mean, I was degrading, etc..etc.
Me: "Where is this coming from? I barely know Tony. We're not even in the same building. I met him once when he started, maybe saw him a couple of times in meetings."
Andrew: "Aren't you responsible for this logging fiasco?"
Me: "Good Lord no, why am I here?"
Andrew: "I'll rephrase so you'll understand, aren't you are responsible for the proper training of how developers log errors in their code? This disaster is clearly a consequence of your failure. What do you have to say for yourself?"
Me: "Nothing. Developers are responsible for their own choices. Tony made the choice to bypass our logging and send errors to himself, causing Exchange to lockup and losing sales."
Andrew: "A choice he made because he was not properly informed of the consequences? Again, that is a failure in the proper use of logging, and why you are here."
Me: "I'm done with this. Does John know I'm in here? How about you get John and you talk to him like that."
'John' was the department head at the time.
Andrew:"John, have you spoken to Tony?"
John: "Yes, and I'm very sorry and very disappointed. This won't happen again."
John: "You know what. Did you even fucking talk to Tony? You just sit in your ivory tower and think your actions don't matter?"
Me: "Whoa!! What are you talking about!? My responsibility for logging stops with the work instructions. After that if Tony decides to do something else, that is on him."
John: "That is not how Tony tells it. He said he's been struggling with your logging system everyday since he's started and you've done nothing to help. This behavior ends today. We're a fucking team. Get off your damn high horse and help the little guy every once in a while."
Me: "I don't know what Tony has been telling you, but I barely know the guy. If he has been having trouble with the one line of code to log, this is the first I've heard of it."
John: "Like I said, this ends today. You are going to come up with a proper training class and learn to get out and talk to other people."
Over the next couple of weeks I become a powerpoint wizard and 'train' anyone/everyone on the proper use of logging. The one line of code to log. One line of code.
A friend 'Scott' sits close to Tony (I mean I do get out and know people) told me that Tony poured out the crocodile tears. Like cried and cried, apologizing, calling me everything but a kitchen sink,...etc. It was so bad, his manager 'Sally' was crying, her boss 'Andrew', was red in the face, when 'John' heard 'Sally' was crying, you can imagine the high levels of alpha-male 'gotta look like I'm protecting the females' hormones flowing.
Took almost another year, Tony released a change on a Friday, went home, web site crashed (losses were in the thousands of $ per minute this time), and Tony was not let back into the building on Monday (one of the best days of my life).9
We're having an ongoing credential stuffing attack right now. Hackers hit us hard over the weekend and the web team sent out an email congratulating themselves that they stopped the threat.
I decided to look to see how they "fixed" the issue.
They modified their code to stop logging the errors to prevent Splunk from sending the automated emails to management (how we have been able to spot/monitor the attack).
They literally just put their heads in the sand, stapled a sign to their ass that reads "Meteor? We see no meteor approaching. Everything is fine."5
Not necessarily dev related but I need to get this off my chest.
So a bit of a backstory. I had to stay late from school the other day and ended up having to take an Uber home. The ride was fine lady was nice. Everything seems to be going well and there were no signs of any payment failure.
Then yesterday, I had to stay late again. I never said that I had an outstanding balance on my account. Apparently Uber was having problems charging my Android pay account.
So I ended up being stuck at school for like 3 hours. Great!😑
So I emailed Uber when I got home. And this is when I started pulling my hair out. I don't know how many replies I had, but each time I had to tell them that I was not using a prepaid card.
This was one of my replies:
"I'm sorry, are you real? If you are, here is a quick summary of the issue. I am using ANDROID PAY with my CHASE DEBIT CARD. Not, NOT, NOT a prepaid card. I happen to know that CHASE DEBIT CARD(which is the card I use, in case you have already forgotten) works with uber because MY FATHER USES THE EXACT SAME TYPE OF CARD with uber. He uses a CHASE DEBIT CARD(again I use that same type of card as well). So by using LOGIC I am able to deduce that a CHASE DEBIT CARD is in fact compatible. AGAIN THIS IS NOT A PREPAID CARD!!! If the card is incompatible, WHY DOES THE APP ALLOW BE TO ADD IT?!?! Also in response to your last email... Because I am using Android pay, do you really think that an ANDROID would be able to use APPLE pay? Also Google wallet is DISCONTINUED! Finally, PayPal DOES NOT CONNECT TO UBER. Returns a "Server Error." So please stop wasting my time with generic help solutions. Believe me, I have already googled my issue, and nothing comes up. That is why I contacted Uber. I want my driver to be paid, and, uber had made it SO painful with unhelpful "Solutions" to problems that don't even APPLY TO MY ISSUE. No not even mention PREPAID cards in your reply or I will consider you a robot built by monkeys banging their heads on a keyboard. Uber HAS my VALID payment information, USE IT! If there is a phone number I can call, please, enlighten me"
And the response was:
"Thanks for reaching out with this.
Happy to help with this issue you are having.
After reviewing your I can see that the only payment method associated with your account is an ANDROID PAY card and it is also a prepaid card. Some cards and methods are not compatible with our billing processes and can't be used with Uber. This includes prepaid cards."
So I concluded that they are monkeys.
Then Uber banned me from logging into my account because I didn't pay.
So now it is impossible for me to pay because I can't do anything with my account.
Now they want my SSN and a bunch of other shit that I won't give them.
I told them that they were being illogical, and I got the exact same response about the prepaid bullshit.
So I sent them this photo as a goodbye.
I get my driver's licence next weekend, so I won't need Uber anymore. YAY!
Also mind grammatical errors, I talked it in and am to lazy to proofread15
My last wk93 story, the time we discovered school faculty was spying on students and we uncovered student's deepest secrets.
I call it, kiddiegate.
So if you've read my past rants you've noticed I did some pretty childish and reckless stuff with my highschool's systems when I was younger, but nothing compares to this thing.
After resetting the sysadmin account pwd on some machines it occurred to me I could write a keylogger to capture teachers Moodle accounts and so on, I decided to try it out on a regular lab computer first.
Imagine my surprise when I found a hidden keylogger already installed! I couldn't believe it but then I thought, what if other PC's have it? So I recruited my mates and teached them the process to check if a PC had been infected...ALL PCs were, over 30 computers we checked had been logging for over 3 months! That damn sysadmin! >:[
We were shocked and angry, but then I thought "hey. . . My work has been done for me, better take advantage"
So we did, we extracted each log and then removed it from the PCs along with the keyloggers. There were hundreds of records and then one day we started snooping into the fb accounts of some students (we shouldn't have) we uncovered so many nasty, shocking secrets...
One of the school's lady's man had a drunk one nighter with one of our gay friends, the most secluded and shy guy was sexting like crazy with 15 chicks at the same time, things like that...we promised to never say a word and deleted the logs.
After that we didn't do much and continued highschool as every teenage minor should, getting drunk and avoiding responsibilities, though we could never see many of our classmates the same way. The sysadmin was fired shortly after I graduated, no reason was stablished.
I want to clear out we were minors and laws in my country weren't clearly stablished at the time plus no harm was ever done. I don't condone hacking or any kind of illegal activity, just thought I'd share.9
Fucking wix advertisements! Getting real tired of the "want a website? Why not make it yourself?" ads. You're already logging all my fucking google searches to display relevant ad info so maybe wrap your head around the fact that I'm a web dev and make my own fucking sites??5
I literally cringed today when my neighbor wanted help installing an app, she didn't tell me it was her banking app... And the thing I needed to help with was logging in... So she told me her bank details...
Even though I said (multiple times) it was dangerous to do so, and that she can't just trust people with this kind of information...
WHY ARE PEOPLE SO GOD DAMN STUPID WHEN IT COMES TO SECURITY!9
Boss: "Yeah we have a logging project coming up that has to be done in C" Me: "I know C, I can give some pointers on that"6
I now know another person's password without even wanting to.
He was sitting in the row in front of me, logging into our course page and then *brrrrraaaaapppp* - ran his index finger along the top number row and hit enter.
I don't even know what to say.13
- devRant TOR rant! -
There is a recent post that just basically says 'fuck TOR' and it catches unfortunate amount of attention in the wrong way and many people seem to aggree with that, so it's about time I rant about a rant!
First of all, TOR never promised encryption. It's just used as an anonymizer tool which will get your request through its nodes and to the original destination it's supposed to arrive at.
Let's assume you're logging in over an unencrypted connection over TOR and your login information was stolen because of a bad exit node. Is your privacy now under threat? Even then, no! Unless of course you had decided to use your personal information for that login data!
And what does that even have to do with the US government having funded this project even if it's 100%? Are we all conspiracy theorists now?
Let's please stop the spread of bs and fear mongering so that we can talk about actual threats and attack vectors on the TOR network. Because we really don't have any other reliable means to stop a widely implemented censorship.18
Day 1 10:00 am
Login to email account (Zimbra)
Your password is incorrect (I entered it correctly, this was a permanent issue ,used to happen in the company with many employees)
Reset your password by logging into internal company portal.
Logged into company portal, somehow. 2 Mbps internet shared among 104 people, you can imagine the speed.
Reset email password
* your password has been sent to your email id*
Are you fucking kidding me? U have emailed me the password to the same email I can't log in to?
Where did the architecture designer get this top notch weed from?
Asked HR to reset my password (using a colleague's email)
No reply from HR yet
I went to meet HR, she's on vacation. So they have 1 person managing the password reset, for 5000 people with no backup person. Cool.
Your internal company password has expired. Check your email for link to create new password. This is some next level shit going on.
I called up Internal IT team to generate a new email for me.
They asked me to raise a ticket.
I can't raise a ticket because the only way to do so, is through the portal.
Nothing. Btw, personal email and all social networks were banned. You can't even open stackoverflow.
And this was a research lab, amazing huh?
Loss of pay for 4 days since I can't login to company portal to fill timesheet.
HR comes back. Resets my password.
I try to generate my new password for portal.
The password policy:
Password can't be same as last 10 passwords
Passwords expire every week
8 characters minimum, 2 upper case, 2 lower case, NO SPECIAL SYMBOL. WTF. How long do u think its gonna take to crack that?
Fuckers had a company wise policy to automatically lock PC every 1 min if not used. Who the fuck can keep on using it continuously! I'm reading an article, and bam ! Locked. 2 wrong entries and that's it, repeat all steps again. Fuckers really didn't want to let me do my job, just keep on logging in all day.21
ANTI VIRUSES AREN'T ALWAYS YOUR FRIEND!
So I'm under a little pressure to get an assignment done so I came home an was planning on working on it but Windows had other plans and decided to finish its update which I suspect copied my hard drive and uploaded it to the NSA at dial up speed because it it forever!!
But anyway back to the text in caps lock... I started working on it then when I hit compile I got an "access denied" error in the console and didn't know what the f*** was going on. So I decided to copy my filed to another directory and tried again... amazingly this worked so I carried on and after about 2 hours I get the same error -_- So instead of messing around and loosing my work I decided to commit it... but I cant... again "access denied" error.
After threatening my computer with a trip out the window, I finally decided to reboot it... cause "have you tried turning it off and on again" kept on rattling in my head.
After logging in I tried again and still the same error... Then I opened up my anti virus dashboard and went through the logs and found the screen shot attached.....21
I used to work as an all-in-one IT guy in a company. One day I got a call from our HR team and the HR said "my Internet banking account has been hacked! It's logging in automatically!!" So I went to see the issue, and the so called "hack" was because she allowed Mozilla Firefox to save her login credentials, and because of that the login form was automatically filled. Such a stupid ass4
So the Microsoft rage continues as I tell a story about my father, the company that he works for and that companies whole IT structure.
So my father is forced to use Windows because, get this (he hates W10 with a burning passion, like me).... Office and other crap. Cool cool
Seems like Libreoffice isn't enough for you.... YES IT FUCKING IS. MY DAD GAVE ME EXAMPLE DOCUMENTS FROM HIS WORK AND GUESS WHAT, THEY ALL OPEN WITHOUT A FUCKING PROBLEM. But OK, maybe not all employees are familiar with Libreoffice/Openoffice, JUST KIDDING THEY ARE SOME FUCKTARDS WHO WORK FOR THEIR COMPANY THAT DON'T KNOW HOW TO FILL OUT A FORM IN EXCEL (aka. PROBABLY NEVER USED AN COMPUTER IN THEIR LIFE/OFFICE SPACE AMNISH). Okay, some employees might be incapable, but their infrastructure might be alright.
IT RUNS ON MICROSOFT SQL AND DIVX (YES, FUCKING DIVX, CAUSE THAT MAKES SENSE) FROM..........2008.
At this point I just feel bad for them. Because there were no IT guys at the company (they didn't understand shit that I said half of the time). I've warned them that their infrastructure might have more holes than fucking swiss cheese. I see they value their data since the front door is a 60 kg one (that's 132 lb in retard units). And there's a 1.8 m fence around the building.
And they've told me that the parent company, which hosts the server also hosts for 100+ other companies around the world.
100+, you say. I'm legit scared for them right now.
So naturally, I've asked them if they have backups... they do, thank god.
But still they use 2008 shit in 2018 and expect it to be secure. Fun fact, logging into their server (which is an HTTP running on Windows Server...... 2008 (that hurts to say)) with a browser other than.... not Edge.... but IE, *drum roll* breaks it, since... it runs authetication dll's (YES FUCKING DLLS) on the host system. THOSE POOR MOTHERFUCKERS COULDN'T EVEN SETUP SERVER SIDE AUTHENTICATION. EVEN CHANGING THE PASSWORD REQUIRES A FUCKING SYSADMIN TO BE CONTACTED, OH YEA YOU CAN'T SINCE THERE ARE NONE.
GOOD DAY TO YOU <INSERT COMPANY>, SORRY BUT YOU'LL GET FUCKING OBLIRIATED IF SOMEBODY DECIDES TO HACK YOU.11
This is from my days of running a rather large (for its time) Minecraft server. A few of our best admins were given access to the server console. For extra security, we also had a second login stage in-game using a command (in case their accounts were compromised). We even had a fairly strict password strength policy.
But all of that was defeated by a slightly too stiff SHIFT key. See, in-game commands were typed in chat, prefixed with a slash -- SHIFT+7 on German-ish keyboards. And so, when logging in, one of our head admins didn't realize his SHIFT key didn't register and proudly broadcast to the server "[Admin] username: 7login hisPasswordHere".
This was immediately noticed by the owner of a 'rival' server who was trying to copy some cool thing that we had. He jumped onto the console that he found in an nmap scan a week prior (a scan that I detected and he denied), promoted himself to admin and proceeded to wreak havoc.
I got a call, 10-ish minutes later, that "everything was literally on fire". I immediately rolled everything back (half-hourly backups ftw) and killed the console just in case.
The best part was the Skype call with that admin that followed. I wasn't too angry, but I did want him to suffer a little, so I didn't immediately tell him that we had good backups. He thought he'd brought the downfall of our server. I'm pretty sure he cried.5
For my privacy advocate friends... They are logging keystrokes, clicks, and scrolls...
Yesterday the web site started logging an exception “A task was canceled” when making a http call using the .Net HTTPClient class (site calling a REST service).
Emails back n’ forth ..blaming the database…blaming the network..then a senior web developer blamed the logging (the system I’m responsible for).
Under the hood, the logger is sending the exception data to another REST service (which sends emails, generates reports etc.) which I had to quickly re-direct the discussion because if we’re seeing the exception email, the logging didn’t cause the exception, it’s just reporting it. Felt a little sad having to explain it to other IT professionals, but everyone seemed to agree and focused on the server resources.
Last night I get a call about the exceptions occurring again in much larger numbers (from 100 to over 5,000 within a few minutes). I log in, add myself to the large skype group chat going on just to catch the same senior web developer say …
“Here is the APM data that shows logging is causing the http tasks to get canceled.”
Me: “No, that data just shows the logging http traffic of the exception. The exception is occurring before any logging is executed. The task is either being canceled due to a network time out or IIS is running out of threads. The web site is failing to execute the http call to the REST service.”
Several other devs, DBAs, and network admins agree.
The errors only lasted a couple of minutes (exactly 2 minutes, which seemed odd), so everyone agrees to dig into the data further in the morning.
This morning I login to my computer to discover the error(s) occurred again at 6:20AM and an email from the senior web developer saying we (my mgr, her mgr, network admins, DBAs, etc) need to discuss changes to the logging system to prevent this problem from negatively affecting the customer experience...blah blah blah.
FRACKing female dog!
Good news is we never had the meeting. When the senior web dev manager came in, he cancelled the meeting.
Turned out to be a hiccup in a domain controller causing the servers to lose their connection to each other for 2 minutes (1-minute timeout, 1 minute to fully re-sync). The exact two-minute burst of errors explained (and proven via wireshark).
People and their petty office politics piss me off.2
For a week+ I've been listening to a senior dev ("Bob") continually make fun of another not-quite-a-senior dev ("Tom") over a performance bug in his code. "If he did it right the first time...", "Tom refuses to write tests...that's his problem", "I would have wrote the code correctly ..." all kinds of passive-aggressive put downs. Bob then brags how without him helping Tom, the application would have been a failure (really building himself up).
Bob is out of town and Tom asked me a question about logging performance data in his code. I look and see Bob has done nothing..nothing at all to help Tom. Tom wrote his own JSON and XML parser (data is coming from two different sources) and all kinds of IO stream plumbing code.
I use Visual Studio's feature create classes from JSON/XML, used the XML Serialzier and Newtonsoft.Json to handling the conversion plumbing.
With several hundred of lines gone (down to one line each for the XML/JSON-> object), I wrote unit tests around the business transaction, integration test for the service and database access. Maybe couple of hours worth of work.
I'm 100% sure Bob knew Tom was going in a bad direction (maybe even pushing him that direction), just to swoop in and "save the day" in front of Tom's manager at some future point in time.
This morning's standup ..
Boss: "You're helping Tom since Bob is on vacation? What are you helping with?"
Me: "I refactored the JSON and XML data access, wrote initial unit and integration tests. Tom will have to verify, but I believe any performance problem will now be isolated to the database integration. The problem Bob was talking about on Monday is gone. I thought spending time helping Tom was better than making fun of him."
<couple seconds of silence>
Boss:"Yea...want to let you know, I really, really appreciate that."
Bob, put people first, everyone wins.11
Sometimes the design decisions of big companies amazes me.
I wanted to contact support of Cloudflare. The only way to submit a new support query is by logging into the account first.
My problem is that I can not log into my account. What a bunch of retards.7
Me: Hello. I'm from dept. ABC. My system isn't working.
IT: Have you tried logging OFF & ON again?
Me: (Let me rephrase) No the system isn't turning ON 😅
IT: Before I come over to your desk, can you try restarting once? 🤓
Me: (Motherfuck..) 🙂5
Am I the only one who thinks Spotify is seriously awful? Spotify is hyped by almost everybody I know, but I think it's fucking awful, buggy as fuck, and man: they are greedy and annoying. But before you bombard me with "You suck, I would suck Spotify's cock, if it had one!!!1!!11eleven", let me explain, what happened:
I just felt like listening to some music, and I had just been talking about Spotifiy with a friend a few days ago. I didn't like it when I first tested it, because I thought it was too expensive, the ads were annoying and I didn't find most of the music I like (this one is not their fault, to be fair). So I thought I'd give Spotify another chance. I still had the account, so I reset the password that I had long forgotten and lost, because it was months ago, and logged in.
I was immediately confused, because I couldn't find a possibility to add an avatar to my account, but of course Spotify wants to know my age, my gender and other shit that should be none of their fucking beeswax. I remembered why I hated Spotifiy, but I said I was going to give them another chance, so swallowed my anger and annoyance. I installed the client.
Needless to say that thing is shit too. Seemed to have been crapped together as an Electron app. Then I tried to log in, with the password I had just generated in the password resetting process still in my clipboard. It didn't fucking work. Why? I thought they must be fucking kidding me, so I went back to the web GUI and saw I was still logged in.
I didn't think logging out there would or should make a difference, but since I had already been negatively surprised I logged out there in order to try again. Nothing. Literally, because Spotify didn't even log me out! It just reloaded the settings page. What the fuck, Spotify developers?
I clicked around while a big ass question mark was hovering over my head, then I saw the option "Überall abmelden" (meaning: "Log out on every device"). I clicked it. again: nothing. I began asking myself whether I was stupid or drunk.
And, before you ask, no, I the page wasn't cached, I tried that, and I also wasn't browsing a phishing site, it was definitely the Spotify site in German, I knew that before, of course, but I double checked, because I was completely flabbergasted on how a company like Spotify could have a faulty, nonfunctuoning API like that.
Needless to say I uninstalled the Spotify Client, and deleted the cookie to finally get logged out of their buggy crappy mess.
Seriously, what a shit service! If you can't even log out ... Wow. Spotify, your developers suck, fire those morons and get some good devs. Until then, I'll not be wasting time with your crappy service.
Fuck you, Spotify, from the bottom of my stone-cold heart. You suck.23
My family hosts an 100 mile (160km) run once every year for ultra-runners. 11 hours in the first runner has done 105 km. And I'm sitting at this checkpoint logging their times and working on a project. But rain started pouring down and this not so waterproof tent has just become the worst developing workplace I have ever been in because the umbrella ain't big enough for me and the laptop. So I'm soaked and won't be relieved for another 8 hours. The things you do for family.8
Client: “I’m sorry I just don’t understand the issue with the contract?
You said logging into Facebook was easy, what’s the issue with feature X (= complex graph API queries based on opinions and sentiment) and displaying images and videos, it’s the same thing!!!”
... no sir, it is NOT2
TLDR: Small family owned finance business woes as the “you-do-everything-now” network/sysadmin intern
Friday my boss, who is currently traveling in Vegas (hmmm), sends me an email asking me to punch a hole in our firewall so he can access our locally hosted Jira server that we use for time logging/task management.
Because of our lack of proper documentation I have to refer to my half completed network map and rely on some acrobatic cable tracing to discover that we use a SonicWall physical firewall. I then realize asking around that I don’t have access to the management interface because no one knows the password.
Using some lucky guesses and documentation I discover on a file share from four years ago, I piece together the username and password to log in only to discover that the enterprise support subscription is two years expired. The pretty and useful interface that I’m expecting has been deactivated and instead of a nice overview of firewall access rules the only thing I can access is an arcane table of network rules using abbreviated notation and five year old custom made objects representing our internal network.
An hour and a half later I have a solid understanding of SonicWallOS, its firewall rules, and our particular configuration and I’m able to direct external traffic from the right port to our internal server running Jira. I even configure a HIDS on the Jira server and throw up an iptables firewall quickly since the machine is now connected to the outside world.
After seeing how many access rules our firewall has, as a precaution I decide to run a quick nmap scan to see what our network looks like to an attacker.
The output doesn’t stop scrolling for a minute. Final count we have 38 ports wide open with a GOLDMINE of information from every web, DNS, and public server flooding my terminal. Our local domain controller has ports directly connected to the Internet. Several un-updated Windows Server 2008 machines with confidential business information have IIS 7.0 running connected directly to the internet (versions with confirmed remote code execution vulnerabilities). I’ve got my work cut out for me.
It looks like someone’s idea of allowing remote access to the office at some point was “port forward everything” instead of setting up a VPN. I learn the owners close personal friend did all their IT until 4 years ago, when the professional documentation stops. He retired and they’ve only invested in low cost students (like me!) to fill the gap. Some kid who port forwarded his home router for League at some point was like “let’s do that with production servers!”
At this point my boss emails me to see what I’ve done. I spit him back a link to use our Jira server. He sends me a reply “You haven’t logged any work in Jira, what have you been doing?”
I came back here, after not logging in for about a year just to say that patents are fucking stupid. Thanks, see you in another year!5
PM: Can we have it so the usernames are case-sensitive?
Me: uhh, sure I guess.. But thats like really pointless and adds no real usefulness.. In fact makes the whole logging in thing a tad more complicated for no reason..
PM: Well this one other product we have uses "Admin" for the login versus yours that used "admin" so it needs to be implemented.
(note that mine accepted "Admin" anyways...) *implemented it*
PM: So there's a problem with the username sort, it sorts by capitals then lowercase.. eg:
Me: Yeah, you asked for case-sensitive usernames..
PM: Well can you fix it?
Me: I could create a second field within the user data that is the username in all lowercase and sort by that. But that negates like all of the whole case-sensitive usernames thing.. OR I could drop all this actually important work I'm doing and do a whole bunch of work on a custom sort for this useless fucking feature you wanted me to put in..
*it's been 2 weeks and still no reply...*
The day I discovered Schrödinger's lesser known paradox of simultaneously being fired and not fired.
This isn't really much of a dev story, but I figured I'd share it anyway.
About two minutes into signing into all my stuff, I suddenly was kicked out of everything. I tried logging in a few more times, and then suddenly started getting the error, "Your account has been disabled for security reasons." I couldn't sign into chat, and co-workers confirmed that I was missing from the company directory. My manager didn't come in for another two hours, and we couldn't get anyone else to answer what the hell was going on. So I was kinda panicking.
Eventually, we found out from one of our coordinators that someone else with the same name as me was leaving the company, and they had deactivated the wrong person.
It ended up getting a lot better. They told me that it could take up to 48 hours to restore my access (it took longer), so I found stuff to do so I could maintain my paycheck. One of those things was assisting someone with data collection and processing, where I eventually said, "Dude, I could totally automate this," and now that's what I'm getting paid to do.1
Started part time job at a company, had to log my time on timesheets. Said fuck this and now the whole company logs their hours on a custom web based time logging system which I built.6
Not a rant, just feeling pretty happy about my current situation so thought I'd share!
Been stuck in a dead end job at a small web design agency - you know the type, web design, development, SEO, anything in between - for the past 5 years (I was the only dev and was relied upon to do everything).
Finally got myself a new job this year and I'm loving it so far. Was dreading actually logging my time spent on projects / tickets as my old job was pretty much a chaotic free for all, but it's left me with a sense of achievement / accomplishment and I feel more organised in my personal life too.4
When a colleague left their computer without logging out, I created a shortcut to internet explorer, named it Google Chrome, and changed the icon to Chrome's icon. I couldn't remove Chrome's shortcut from the desktop or modify it because I didn't have permissions, so I turned of icon snapping and dragged it off the screen. I also replaced Chrome in the task bar with my fake icon. I then set the Internet Explorer to open a bunch of useless pages when it opens, set it to the default browser, and changed the search engine to Yahoo!18
I fucked up..😓😓
I had to delete my facebook account, i was seeing things 🙈 that i never engaged with in my news feed. And i was tired to hide those posts again and again.
So i go to request deletion of my account. Its says developer can't delete accounts and asked me to add other admins to Facebook apps before deleting my account.
Okay, i created another Facebook account, transferred ownership and requested deletion for my first account.
Me happy guy.. went on vacation for 3 days.. during first day i logged in my new account in Facebook android app and it asked to confirm my identity. Okay did that and it said i'll receive an email shortly.
Waited my whole vacation no Email received. Went back home, started my computer tried logging in my account and it says
Your account has been disabled
Can't you fucking send an e-mail informing me something is wrong with my account.
So with that disabled message there was a link to faqs why my account was disabled. It was disabled for
IMPERSINATING MYSELF 😡
As a result .. i lost access to my facebook app. I was using Facebook audience network to deliver ads in my android app. And now ads are stopped because of this.
And i can't create another Facebook app because Android app package is already in use by other app.
So i appealed for enabling my account.. and they said i will receive email shortly.. still haven't got any fucking email by them13
Any bikers around here?
I recently bought my first motor bike ( super cheap ) and I'm excited to add some enhancements to it like GPS logging and collect relevant data about my bike.
Have you don't anything similar to your ride? I would like to put my Dev skills and improve my bike as a hobby.18
I like logging into public wireless networks where the admin credentials are the default and mess with their wireless settings...
Am I wrong?19
OMFG I don't even know where to start..
Probably should start with last week (as this is the first time I had to deal with this problem directly)..
Also please note that all packages, procedure/function names, tables etc have fictional names, so every similarity between this story and reality is just a coincidence!!
Here it goes..
Lat week we implemented a new feature for the customer on production, everything was working fine.. After a day or two, the customer notices the audit logs are not complete aka missing user_id or have the wrong user_id inserted.
Hm.. ok.. I check logs (disk + database).. WTF, parameters are being sent in as they should, meaning they are there, so no idea what is with the missing ids.
OK, logs look fine, but I notice user_id have some weird values (I already memorized most frequent users and their ids). So I go check what is happening in the code, as the procedures/functions are called ok.
Wow, boy was I surprised.. many many times..
In the code, we actually check for user in this apps db or in case of using SSO (which we were) in the main db schema..
The user gets returned & logged ok, but that is it. Used only for authentication. When sending stuff to the db to log, old user Id is used, meaning that ofc userid was missing or wrong.
Anyhow, I fix that crap, take care of some other audit logs, so that proper user id was sent in. Test locally, cool. Works. Update customer's test servers. Works. Cool..
I still notice something off.. even though I fixed the audit_dbtable_2, audit_dbtable_1 still doesn't show proper user ids.. This was last week. I left it as is, as I had more urgent tasks waiting for me..
Anyhow, now it came the time for this fuckup to be fixed. Ok, I think to myself I can do this with a bit more hacking, but it leaves the original database and all other apps as is, so they won't break.
I crate another pck for api alone copy the calls, add user_id as param and from that on, I call other standard functions like usual, just leave out the user_id I am now explicitly sending with every call.
Ok this might work.
I prepare package, add user_id param to the calls.. great, time to test this code and my knowledge..
I made changes for api to incude the current user id (+ log it in the disk logs + audit_dbtable_1), test it, and check db..
Disk logs fine, debugging fine (user_id has proper value) but audit_dbtable_1 still userid = 0.
WTF?! I go check the code, where I forgot to include user id.. noup, it's all there. OK, I go check the logging, maybe I fucked up some parameters on db level. Nope, user is there in the friggin description ON THE SAME FUCKING TABLE!!
Just not in the column user_id...
WTF..Ok, cig break to let me think..
I come back and check the original auditing procedure on the db.. It is usually used/called with null as the user id. OK, I have replaced those with actual user ids I sent in the procedures/functions. Recheck every call!! TWICE!! Great.. no fuckups. Let's test it again!
OFC nothing changes, value in the db is still 0. WTF?! HOW!?
So I open the auditing pck, to look the insides of that bloody procedure.. WHAT THE ACTUAL FUCK?!
Instead of logging the p_user_sth_sth that is sent to that procedure, it just inserts the variable declared in the main package..
WHAT THE ACTUAL FUCK?! Did the 'new guy' made changes to this because he couldn't figure out what is wrong?! Nope, not him. I asked the CEO if he knows anything.. Noup.. I checked all customers dbs (different customers).. ALL HAD THIS HARDOCED IN!!! FORM THE FREAKING YEAR 2016!!! O.o
Unfuckin believable.. How did this ever work?!
Looks like at the begining, someone tried to implement this, but gave up mid implementation.. Decided it is enough to log current user id into BLABLA variable on some pck..
Which might have been ok 10+ years ago, but not today, not when you use connection pooling.. FFS!!
So yeah, I found easter eggs from years ago.. Almost went crazy when trying to figure out where I fucked this up. It was such a plan, simple, straight-forward solution to auditing..
If only the original procedure was working as it should.. bloddy hell!!11
So this bloody hilarious, I submit my PWA to windows store, mainly for shits and giggles, see how the whole thing works and all that.
According to them, this is 'Opening within my application" and I am apparently able to access user details via google own sign in link, not SSO.
This exists solely for the benefit of Microsoft who are having trouble comprehending the fact that RTMS Events does NOT have Authentication.
Microsoft believes that as the application uses Google Maps, and when Google Maps opens a “Sign In” button appears, that I am able to access your personal information.
As any reasonable person will understand, that is not the case, logging into Google Maps/Google for the benefit of using Google Maps in NO WAY gives anyone else access to your personal information.
On a 5 hour bus ride for which the company advertised that they have WiFi. Technically they did, it just didn't seem to be connected to anything. (it was but it was unusable). I tried logging into the router as i always do and one default "admin" password later i was in.
I didn't want to mess up anything too badly, however i did change the wpa password to "YouShouldMakeThisABitMoreSecure"5
"WTF? These records should have been inserted into the table!"
...Hours of checking code, trying to figure out how this is possible, can't find a way to have this scenario happen...
...Add additional debug and troubleshooting code, add more verbose logging, redeploy to all the containers, reset all the tables, many apologies to the boss for the delay....
...Co-worker comes in: "oh, hey, sorry, accidently deleted some stuff from the database last night before i left."1
When I see two fields, one for username and one for password, I expect I can fill them out immediately subsequently with only a tab in between. While typing my password I DON'T want to get sent to a page where I can enter my password only: I was entering it already! Sometimes I even make it until I pressed the enter key that was supposed to log me in, but then I'm kindly requested to reenter my password. At that moment I not-so-kindly think: FUCK YOU Microsoft, you should know better. Even when logging into Visual Studio for fack sake3
Introduced a ‘new’ logging framework for our web site. Web team is testing the integration and I get an email saying the logging wasn’t working. Instead of sending me how she is searching the logs, she sends me a screen shot of the code (which is ass-backwards of how I documented the logging library, but that’s another rant). OK, she wrote 5 lines of code that should be one line, but OK, the error still should have logged fine. I search the logs, and sure enough, there they are. Errors logged just as they should.
So I email back (with screenshot of the search query and results) asking how she searched for the errors.
Hour later she responds ..”I don’t know.”
WTF do you mean “I don’t know”?…WTF…you are a –bleep-ing developer too! This is not the first –bleep-ing splunk query you’ve written!
OK..I’m calm..feeling better. Wouldn’t be so bad if she emailed just me with the question (I’m not a splunk query expert either, we can figure it out together), but she was sure to cc 3 of the PMs involved in the integration, my boss, and other team members to make it sound like the problem was my code.3
I've started logging my sleep patterns on a spreadsheet. Hoping to get some interesting statistics eventually.17
<just got out of this meeting>
Mgr: “Can we log the messages coming from the services?”
Me: “Absolutely, but it could be a lot of network traffic and create a lot of noise. I’m not sure if our current logging infrastructure is the right fit for this.”
Senior Dev: “We could use Log4Net. That will take care of the logging.”
Mgr: “Log4Net?…Yea…I’ve heard of it…Great, make it happen.”
Me: “Um…Log4Net is just the client library, I’m talking about the back-end, where the data is logged. For this issue, we want to make sure the data we’re logging is as concise as possible. We don’t want to cause a bottleneck inside the service logging informational messages.”
Mgr: “Oh, no, absolutely not, but I don’t know the right answer, which is why I’ll let you two figure it out.”
Senior Dev: “Log4Net will take care of any threading issues we have with logging. It’ll work.”
Me: “Um..I’m sure…but we need to figure out what we need to log before we decide how we’re logging it.”
Senior Dev: “Yea, but if we log to SQL database, it will scale just fine.”
Mgr: “A SQL database? For logging? That seems excessive.”
Senior Dev: “No, not really. Log4Net takes care of all the details.”
Me: “That’s not going to happen. We’re not going to set up an entire sql database infrastructure to log data.”
Senior Dev: “Yea…probably right. We could use ElasticSearch or even Redis. Those are lightweight.”
Mgr: “Oh..yea…I’ve heard good things about Redis.”
Senior Dev: “Yea, and it runs on Linux and Linux is free.”
Mgr: “I like free, but I’m late for another meeting…you guys figure it out and let me know.”
Me: “So..Linux…um…know anything about administrating Redis on Linux?”
Senior Dev: ”Oh no…not a clue.”
It was all I could do from doing physical harm to another human being.
I really hate people playing buzzword bingo with projects I’m responsible for.
Only good piece is he’s not changing any of the code.4
Is it just me, or does anyone miss logging into a Unix/Linux machine, doing a 'w' or 'who' and seeing a long list of folks all using the machine simultaneously? I still reflexively run 'who' as soon as I log into any real or virtual Unix or Linux machine and I am still slightly disappointed to find I'm all alone on it.5
You know the worst thing about being a freelancer? You're expected to wear every fucking hat and you don't get normal hours.
Over the past few days I have been working with a client of a client attampting to fix his server. He's running CentOS on VMWare and somehow ended up breaking the system.
Upon inspection there was no way to fix his system remotely. It wouldn't even boot in recovery mode. So we've been attempting to recover his data so that we can reinstall CentOS and not have to start completely from scratch.
So for the past 3 days straight I have been remotely logging in to a Debian Live CD and manually sending folders to a FTP server of his. He has somewhere close to 30 sites on this server, and upwards of 1 million files in total.
Yesterday either the system freaked out or he did something, but the entire fucking system stopped responding which forced me to reboot it, reinsert the live CD, reinstall evertything, and re-mount his broken systems drives.
Here we are 3 days in, we're still not done, and I'm getting slightly pissy because if you don't know Linux well enough to fix this shit yourself, you shouldn't be acting as your own sysadmin for 30+ sites.
Also, backups are a thing right? VMWare also has snapshots. I know the extra storage isn't cheap, but it's a hell of a lot cheaper than paying soemone like me $35/hr to go and fix all of your shitty mistakes.2
"Wait, we're logging all web traffic now?"
Me: You're the security engineer, you asked him to do it!
"I know but I didn't think he would actually do it!"
I was noticing some slow network and it was dropping some connections. So I booted up my old XP install with Java 6 so connect to the ASA 5505, I see it’s logging max connections of 10000 has been reached.
Fine, I recon it’s my colleague backing up his entire machine to Google Drive.
Because when he shut it off, n connections dropped.
I check back in the log, and I see there’s 4-500 connections happening per second, I think WTF and check the source IP. Lots of random IPs from Vietnam, all going to a Windows2008 Server using rdp.
(I didn’t setup our servers, so I didn’t know which server it was accessing)
Ask my other colleague, he told me it’s a windows server from an earlier project that’s not used anymore.
I rdp into it, see there’s users logged in from around the world, and I immediately do a shutdown.
Would you look at that, connections per second dropped to about 50.
I guess that server isn’t going back online ever.
And I now need to ask management for a budget to update our network infrastructure, because the old ASA 5505 is begging me to die.
TL;DR gg previous employees didn’t shut down old servers and left them open to the world to enjoy9
So we have an API that my team is supposed send messages to in a fire and forget kind of style.
We are dependent on it. If it fails there is some annoying manual labor involved to clean that mess up. (If it even can be cleaned up, as sometimes it is also time-sensitive.)
Yet once in a while, that endpoint just crashes by letting the request vanish. No response, no error, nothing, it is just gone.
Digging through the log files of that API nothing pops up. Yet then I realize the size of the log files. About ~30GB on good old plain text log files.
It turns out that that API has taken the LOG EVERYTHING approach so much too heart that it logs to the point of its own death.
Is circular logging such a bleeding edge technology? It's not like there are external solutions for it like loggly or kibana. But oh, one might have to pay for them. Just dump it to the disk :/
This is again a combination of developers thinking "I don't need to care about space! It's cheap!" and managers thinking "100 GB should be enough for that server cluster. Let's restrict its HDD to 100GB, save some money!"
And then, here I stand trying to keep my sanity :/1
When you take procrastination to another level... Adding Good looking table style output with emoji in a logging script which is only to be used once in a lifetime 😁3
So I was logging into google today and my password is very long so I often make mistakes while typing it so I went to inspect element to change input type to text so that I can check the password and I see that Firefox is storing my password already as plain text. Wtf Firefox???8
I previously worked as a Linux/unix sysadmin. There was one app team owning like 4 servers accessible in a very speciffic way.
* logon to main jumpbox
* ssh to elevated-privileges jumpbox
* logon to regional jumpbox using custom-made ssh alternative [call it fkup]
* try to fkup to the app server to confirm that fkup daemon is dead
* logon to server's mgmt node [aix frame]
* ssh to server directly to find confirm sshd is dead too
* access server's console
* place root pswd request in passwords vault, chase 2 mangers via phone for approvals [to login to the vault, find my request and aprove it]
* use root pw to login to server's console, bounce sshd and fkupd
* logout from the console
* fkup into the server to get shell.
That's not the worst part... Aix'es are stable enough to run for years w/o needing any maintenance, do all this complexity could be bearable.
However, the app team used to log a change request asking to copy a new pdf file into that server every week and drop it to app directory, chown it to app user. Why can't they do that themselves you ask? Bcuz they 'only need this pdf to get there, that's all, and we're not wasting our time to raise access requests and chase for approvals just for a pdf...'
oh, and all these steps must be repeated each time a sysadmin tties to implement the change request as all the movements and decisions must be logged and justified.
Each server access takes roughly half an hour. 4 servers -> 2hrs.
So yeah.. Surely getting your accesses sorted out once is so much more time consuming and less efficient than logging a change request for sysadmins every week and wasting 2 frickin hours of my time to just copy a simple pdf for you.. Not to mention that threr's only a small team of sysadmins maintaining tens of thousands of servers and every minute we have we spend working. Lunch time takes 10-15 minutes or so.. Almost no time for coffee or restroom. And these guys are saying sparing a few hours to get their own accesses is 'a waste of their time'...
That was the time I discovered skrillex.6
My predecessor used auth as a bool. The only way he kept basic users from accessing admin functions was by including the word "admin" or "user" in the URL so any user could be the administrator by just changing the URL parameters after logging in
For example, mysite.com/admin/editorderdetails vs. mysite.com/user/editorderdetails
Seems like there was GitHub breach.
Some funny guy added my other github (unused) account to follow a repo, more people were affected.
Interestingly there are no information whatsoever in "Security history" about anyone logging into the account and I never authorised any app though it.
Could be GitHub bug?
Anyone experienced this?4
Enter full rant mode. Go!
Ok I've been wanting to rant about this for a while...
A while ago I brought my laptop to school to work on a project. While at school I decided to connect to the school wifi. Back then they had one of those things where you connect to the wifi network, then go to a webpage and authenticate from there. (They've since switched to a general WPA or whatever type thing, which obviously works a lot better.)
Note that this school board is a big one, it's probably got at least 100 schools and the area it operates in has around 6 million people. So it's pretty big.
So I was logging in to the wifi, I connected to the network then opened up firefox to authenticate. It redirected me to the authentication page where I typed in my student ID and password and clicked the submit button. It started loading the next page.
Then... my computer froze.
I obviously had too many apps open (video editing software, IDE and a bunch of firefox tabs) so it didn't really surprise me. 4GB of ram really isn't a lot.
But then I noticed, with horror, my PASSWORD IN PLAINTEXT PASSED AS A GET REQUEST IN THE URL BAR.
I am not joking. It literally said, amid all the cluttery GET stuff, `&password=` followed by my password in plaintext.
WTF?!? DO YOU SERIOUSLY KNOW NOTHING ABOUT SECURITY? AT LEAST USE A POST REQUEST, NOT A GET!!!
For you non-techie people, this means that my password is in the URL address that the page redirected to which means that the password, as well as being displayed in plaintext on the screen, is also stored in my browsing history. Definitely insecure.
I actually had to cover up that part of my screen with my hand until my computer unfroze. Ugh. I never got a chance to complain to the school board though as they switched to a native authentication system (wpa or whatever it is).
BUT SERIOUSLY!!! FOURTH LARGEST SCHOOL BOARD IN FUCKING NORTH AMERICA!!! YOU GUYS SHOULD KNOW BETTER!!
End rant, have a nice day4
Hello devRant, this is going to be my first time posting on the site.
I work for a gaming community on the side, and today one of the managers asked me to implement a blacklist system into the chat and reactivate the previously existing one temporarily. This shouldn't have had any issues and should've been implemented within minutes. Once it was done and tested, I pushed it to the main server. This is the moment I found out the previous developer apparently decided it would be the best idea to use the internal function that verifies that the sender isn't blacklisted or using any blacklisted words as a logger for the server/panel, even though there is another internal function that does all the logging plus it's more detailed than the verification one he used. But the panel he designed to access and log all of this, always expects the response to be true, so if it returns false it would break the addon used to send details to the panel which would break the server. The only way to get around it is by removing the entire panel, but then they lose access to the details not logged to the server.
May not have explained this the best, but the way it is designed is just completely screwed up and just really needs a full redo, but the managers don't want to redo do it since apparently, this is the best way it can be done.7
Turns out that providing a path with read/write permissions is much easier than spending the morning trying to find the non-existing bug in my logging method that tries to write to a protected location 🤦4
Is it just my country that doesn't want to teach programming to students in schools, or at least give them an idea of how this machine you use all the time and how these apps you use daily work, or it's the case in all countries in the world?
I'm 15, 2 years and a half away from finishing school. All what school taught me is how to type on fucking Word (not even advanced stuff, just writing text and selecting it and clicking on B to make it bold, like really? And that's taught for like 6-7 years!!), how to make a very simple PowerPoint presentation and put numbers in Excel and making some basic calculations. Well that's not of a big deal, but come on, those aren't stuff students in 9th grade must take!! What I learn now? Access!! Finally!! They are teaching me how to put values into tables. Great! I have no much problem with this, but what?! My friends/classmates are finding it hard and senseless, some of them are failing to animate text in PowerPoint using that animation pane, while I was in my home working on an android app (using Android Studio) that would steal their facebook accounts informations ( I was 14 and found it funny to trick them since they don't know shit about tech). It was basically a lie, the app had, like, a clone of the login screen of the original facebook app, and I told them it would change the design of your original facebook app and colors. They got excited and downloaded it. The app would actually not even want the permission of Internet (I forgot to fake the need of Internet permission). How the fuck did they not notice that?? I blame our school that doesn't teach shit. The app would actually asl them to login to their facebook accounts to change the design and stuff, while it would actually send the accounts informations to me via SMS. I tested it in my home on two phones, they can't actually notice an SMS was even sent. Very basic stuff eh?? I thought I could have a good laugh with them when they would tell me I was trying to steal their accounts, but what the fuck? I just got 5 SMS messages with the name of the friend, his e-mail and his fucking password to his account. I was like really? REALLY?! They didn't know shit. I taught they were planning a prank on me with fake informations, I tried logging in with one friend's information, but no, I actually logged in. Thanks to our school, this little, obvious and basic buggy trick worked, they were like ignorants. And I had to screenshot the SMS of everyone and send each one to they guy who sent it, telling him the truth behind this app that didn't change shit in their apps. They were mind blown and immediately changed their passwords. Next? They wanted a copy of the app that would send SMS messages to their numbers instead. I was like yes, but give me credit (silly). I was surprised no one asked me how I managed to make this app, until the fifth one asked me about the process of making it instead of a copy. I was happy to introduce him to Java. But fuck, he didn't even have a computer. He eventually told my other friends about this conversation. They were surprised to know that's how developers make their apps, but they still thought it's useless stuff to learn. And that's the story of the first app I released, to my friends... Next was a little 3D game (first person shooter) I made with Unity in C# one year later (6 months ago). They can't get over the fact I'm a computer genius, while I think I'm a very bad programmer who can't write few lines without stackoverflow, and I'm still blaming school for this. This year I told my teacher that I was disappointed with all this. He looked at me with wide open eyes and told him about how he got his actual job and that he learned programmation at school and talked about his little projects that he lost due to a hard drive problem in 2000 and all that stuff. I found hope that Lebanese people (I'm lebanese btw, from Lebanon, middle east) actually have a clue about computers/tech/programming, even if only like 5% of us. School would teach us how to sing "Monitor!! Keyboard!!" In 1st grade and end up teaching us how to type in 9th grade, but wouldn't teach us how these fucking machines work and how they read code, or at least give us an idea. I really want to become a game developer, I have the passion for it, but Goddamn it, there is no place where I can learn!! And I really wanna see my friends know how their stuff work instead of having no clue about their phones OS!! Is it the case in every school out there?? Because I think middle east is not as involved into tech as much as, like, Europe and the USA are, for example. Or am I just whining and I'm actually wrong and that's what shool is suppoed to teach us, alongside with what the fuck is the name of that thing that lets the plant breathe... I feel unlucky I can't learn already, I think I have the capabilities to. This is also my first post on devRant. It's been like one week since I installed the app and I already love it!! :D25
So I have a script that runs every time I turn on my PC. The script copies a few files to a ftp server in my basement. Forgot to turn off logging....
Opend the file in Notepad, and would you look at that, 1 GB of ram..? WTF?
Edit: Managed to open the file, turns out that it's been exactly one year since I started using the script.3
Me: After 3 days of deliberation, I finally picked a framework, I can jump into the rewrite
*2 hours of inspired coding later
I finished the configuration validation and logging setup! What was that framework again?1
Hello fellow devRanters, this weekend I've been working on devRant CLI client I want to share with you: https://github.com/stepnivlk/rrant
I'm using it as a fortune when logging into terminal and since it stores rants locally it is fast.
I spent only couple of hours developing it so there is some space for improvement :).
Enjoy it and feel free to comment/do codereview.4
Client: "I cant logging me in"
Me: "Ok do you know your username? "
Client: "yes, off course"
Me:"ok, which password do you use?"
client: "I looked to my colleague... 5 stars"
We are required to use corporate SSO for any authenticated internal websites, and one of the features they require you to implement is a "logout" button.
They provide a whole slew of specifications, including size and placement/visibility, etc. They provide an SSO logout URL you must redirect to after you take care of your own application logout tasks.
Makes sense... except the logout URL they provide to serve the actual SSO logout function broke over 3 months ago, and remains non-functional to this day.
Apparently I'm the first person (and perhaps one of the only people) who reported it, and was told "just not to worry about it".
So, we have a standing feature request to provide a button... that doesn't actually work.
Corporate Security - Making your corporation _appear_ more secure every day...2
In order to reduce support costs, manager instructed his team to remove all logging/reporting of errors in the company’s CRM application.
Team’s support tickets went down 80%, manager received an award for his efforts, but mysteriously, DBA/support workload increased, bad/missing data,
increased support tickets in other areas of the business (shipping, etc. that relied on correct data from the CRM) and other side-affectual behavior.
Even after pointing this out this correlation, showing before/after code, no one believed the two were related and I was accused of not being a ‘team player’.
“You and the other teams need to learn from his example!”. As ‘punishment’ was I was moved to the team managing the CRM application.1
The Database is so slow that while logging in I have time to open devrant and write this rant...... And more.....
Finding the right balance between well written, need-one-week, maintainable software, and fast-written, ready-in-2-hours-and-never-look-at-it-again software.
Last time it took me 20 minutes to integrate with a new API. I had a script that did everything you needed. I then spent 2 weeks on handling error responses, unexpected responses, exceptions, intelligent retries, logging, unit tests, integration tests, caching, documentation, etc.
Upgrading. We like to upgrade our stuff, whether it's software, operating systems or hardware. When it works its great but when it dosen't...
All my BAD experiences have been with upgrading.
One day I was using Jumla (a CMS) that controlled a big online clothing store. Noticing that Jumla was 0.01 versions behind I decided to 'upgrade'. This caused the entire site to break, maxed out the space on the server and eventually lost my job and that day the company supposably lost $10,000.
Today's f#ck up made me write this rant. Me and a friend own a local development company and we have a small Digital Ocean server for client website previews (before they get there own hosting). We have a few projects going at the moment and yesterday we sent a few links to clients so they could see there new website. This morning I woke up, read a few emails and ssh'd onto the server to read logs and what not. I got a bit side tracked, reading about the benefits of Ubuntu 17. You can already see where this is going... I innocently Google: "How to upgrade to Ubuntu 17". Surprisingly after running the commands and downloading the updates it was worked well. Everything was working. Then I restarted. I waited about 15 seconds and tried logging in again. Timeout after timeout. Something was wrong. I checked the console via the online Dashboard and see a page full of Kernal errors. I contacted the hosting people and they were able to help by referring to some guides but after 5 hours of cranking through errors and not winning I give up.
*Email from client*
The website you sent via link isn't working, can you fix this as I would like to show our CEO,
I destroy the droplet (server), making a new one. I have to setup and secure the server. Generating new SSH keys, new user accounts as well as installing AND configure Apache, PHP and MYSQL. I then had to upload 5gb of backups via SSH (not fast), go through each clients backup, including web files and databases and distributing where it needs to go.
Discovering that one of the DB's name changed last week and therefore our backup script failed to save it, we were forced to rewrite 10 pages of website content.
From 10 yesterday morning to 2 this morning, a total of 14 hours (I think) sitting in front of my computer trying to fix a problem that would have never occured if I didn't "upgrade"9
Was logging in my student account to check whether the system actually registered my admission and here I go.
And this is not just some college. This is a website every engineering student shall use throughout the country.
Also this is not the first time this happened.
Ok, so one of the oldest guy is leaving from my company (on a good note) and he was involved in multiple things in our organization. From having access to almost everything (AWS, Github and owning multiple projects and our legacy code). I am supposed to take KTof one project and man THE CODE IS MESS. YOU DONT PUT A RANDOM NUMBER WHILE CALLING A FUNCTION. You are supposed to define a constant and use that. I've told my manager that I need at least 1 week just to improve logging.3
I dont need DuckDuckGo,
I dont need any VPN
I dont need all of this "Internet Privacy Service" BULLSHIT which my ISP wants me to use,
I DONT NEED ANY OF THIS FUCKING SHIT!
AND I DONT WANT IT EITHER!
I HAVE MY OWN PI HOLE!
AND THATS FUCKING ENOUGH FOR WHAT I NEED! STOP TELLING ME ABOUT ALL THIS "We are clearly not logging your shit" WHILE YOU DO!!
Because I have my own shit!
So, two hour in the chair, I configured access for one staff, opened the ports and let my own healthcheck script report it's status to a logging server, got that now-historical data and mapped it so that now we're getting a nice graph of data load in the queues, beanstalk is still shit, and am half way through configuring a way to rsync binlog files when beanstalk goes to shit again, am writing the requirements to get more vms from systems guys so I can put MORE FUCKING FAILOVERS for a system that is just a microservice and already has a copy of itself as failover...
And they wonder why I resigned!
... No, kidding. No one gave half a shit when I resigned.
Note: not the Amazon beanstalk. Google beanstalkd, if curios.
At work, all errors within the site are logged into our database with a subject and error column. SQL errors are logged in the subject field while the traceback is put in the error column. However, a lot of SQL errors are really large and exceed the max character width of the subject field, causing yet another SQL error, and the cycle repeats. This recursive error has been the bane of my existence, because 1) it times my local dev instance out and 2) the error doesn't end up getting logged because the server both freezes and the error can't be inserted in the database. You can't even begin to imagine how many hours I've wasted trying to find what line I changed cause total and utter failure with absolutely 0 error logging. Next thing on my todo list is to fix this fucking issue since the head dev refuses to get it done.2
Fuck! I check my server before leaving and it's fine. I leave to go to see my dad for the weekend and maybe I can remote ftp&mysql into it. No! it crashes the minuet I try logging on!!!!!2
Yay! My first bash project :D
disclaimer - my bash is not pretty. yet.
Why I created it?
I encountered several footlong scripts in a new project at work. And they had no logging. And I am in charge of making it sing again. So here it is a tiny logging framework.1
So, this incident happened with me around 2 years ago. I was pentesting one of my client's web application. They were new into the Financial Tech Industry, and wanted me to pentest their website as per couple of standards mentioned by them.
One of the most hilarious bug that I found was at the login page, when a user tries logging into an account and forgets the password, a Captcha image is shown where the user needs to prove that he is indeed a human and not a robot, which was fair enough to be implemented at the login screen.
But, here's the catch. When I checked the "view source" option of the web page, I saw that the alt attribute of the Captcha image file had the contents of the Captcha. Making it easy for an attacker to easily bruteforce the shit outta the login page.
You don't need hackers to hack you when your internal dev team itself is self destructive.4
I made Skype Bot which queries the data using wsdl authentication on our ticketing tool and send the data whoever has requested in skype itself(without logging or touching the ticketing tool).
Manager: Is that even possible?
Me: (In excitement) Everything is possible if you have the will.
Now, He wants me to work on his pet project. I dont know how to react!4
Nothing makes me not want to take a full-time job at your company more than having to go through IT tickets every quarter year when my password expires to actually change my password. Why have a fucking self-service portal for employees if logging in with an expired password doesn't work and the reset password link tells me that I need to log in to enroll with security questions (???). It feels like these websites are glued together with sticks and spit and there's a million of them each sporting one specific purpose! I have to go through this shit multiple times since I'm an intern and I didn't have access to my account through the course of the semester. Get your fucking shit together!1
The scrum master for the project I'm working on decided to help out with changing some code (I'll add he's got a master's in software engineering and very proud about it..aka..big ego). It took him two days...yes two days to write the attached code.
I reviewed his code and sent back a response (code took about 15 seconds to write) including the link to the logging documentation explaining what fields were and were not necessary. Not sure how will look in devrant ...
var data = new InformationalDataPoint
["RMANumber"] = rma,
["InvoiceID"] = invoiceId
He's stopped talking to me. Our next scrum meeting with the product owner should be ...um...awkward.
Goes back to high school.....
Me: This laptop is having issues logging into the network. I have tried restarting as well as restarting the WiFi. You probally should submit a ticket so IT knows it is broken.
Teacher: They would not fix it anyway.
TL;DR: Teacher thinks that telling IT to fix a computer would result in nothing happening.2
I like my log messages to indicate automatically where in the code something happened, so that I can easily identify where a message originated from while tracking down problems.
In C/C++ this is nice and easy - write a logging routine, wrap it in macros for the different log levels and have that automatically output __FILE__, __LINE__ etc.
I wanted to do something similar in NodeJS, as I'd found myself manually writing the file name in the log message and then splitting functionality out into new files and it became a mess.
The only way I found to be able to do this was to create an "Error" object and access the "stack" member of it. This is a string containing a stack backtrace, suitable for writing to console/file. I just wanted the filename/line/routine.
So I ended up splitting the string into lines, then for each of the lines, trimming the surrounding spaces (or tabs?), and parsing them to see if the stack entry is inside my logger module. The first entry outside of that module must therefore be the thing that called it, so I then parse out the routine or object and method, filename and line number.
It's a lot of clumsy work but the output is pretty neat. I just wish it were simpler!2
When older family members have entire notebooks dedicated to logging obscure, easily-hackable passwords, but then download any app in the world that promises to "make your phone run like new!" (by using 30MB more RAM on God-knows how much malware)
We aren't doing a good job of educating people if anyone we know can fall victim to those kinds of hackneyed procedures and snake-oil apps. It's almost painful to watch, and have to be the bad guy by telling someone dear to me they've been making things worse for themselves because of a seemingly harmless app that they were almost proud of.4
Spent hours troubleshooting an internal app that had zero logging today. It would just terminate, no exceptions, no feedback to the debugger, NOTHING.
Turned out to be the damn corporate virus scanner blocking "malicious" behaviour. Good thing my desk is so heavy or I woulda flipped it...
The real life of me as a trainee developer:
New system works locally but fails to work in production and dev.
Proceeds at futile attempts to debug for hours to find out that my connection strings in the transforms were nested inside logging.
Docker's encapsulation is amazing! I don't have to know anything about networking to get a swarm running with some demo services all talking to each other and central logging and... oh I fucked something up... better read about networking so I know what I broke1
Just got handed a dozen servers. Documentation shows a (Linux) database cluster is using ldap authentication. I try logging in with my creds. No joy. I look up the root password and log in.
Not only is it not configured to use ldap, it's also not clustered.
I need more coffee.
Presented my project at uni, teacher was pretty pleased and I'll get my grade some time next week, but for those that are interested, here's a small video of it in aciton:
Uses: Raspberry Pi 3B, Mifare RC522 RFID reader, a breadboard, ribbon cable, neopixel rgb led ring and a TowerPro sg90
For the ui I used PyQt5, almost got the threading completely working, there's only 1 blocking thing left, that's when the message for logging in doesn't disappear
Ran the build today 4:30 and found out our grunt file is missing some pretty critical error checks without even logging a warning. A dependency was unavailable and it was pushed to production. The site was down for 30+ minutes.1
Royal Mail in the UK have an online service to view invoices they have issued to your business.
To sign up, you are given a link where you create a login email and password. You then provide some info. This is verified (takes a day) and then approved.
Logging in after you are approved prompts you to immediately set a new password. Have to enter existing password as well.
First attempt results in error “must contain upper and lowercase”
Second attempt results in error “password too long”
Thirds attempt results in error “password too long”
Had to set an 8 character password.
At no point was any advice given on how to avoid the errors b fore submitting the password change request.
Old password had to be entered on each attempt.1
Just spend about 2 hours debugging a simple piece of code just to find out it actually worked but never wrote to the logs as it was supposed to...
Client writes about an issue.
I write back with the most likely cause and a solution.
He writes: Oh, yes, that does correspond with our findings and adds a lot of extra information, logging and other stuff. Making it look all complicated.
I write: Well, did you try the solution?
Anwser within minutes: Oh, yeah, that works! Thank you!
Sometimes you just need to remind people to actually try the suggested solutions and not spend so much time on complicated emails. It would have saved him time.
This one happened to me two years ago:
Off on holiday overseas, just arrived and decide to check my Emails. Easy peasy..."Hey, we noticed you're logging in from a different country. We sent a security code to your backup account."
Welp, fine, login to my backup account: "Hey, we..." Can anybody guess the problem here? Yep, my primary account was the backup account for my backup. Lovely circular dependency.
Microsofts solution: Play the guessing game, where you name us Emails, Contacts and Folders to prove it's yours and we might unlock your account... or not (managed to get it back on the 2nd try)
Thank you Microsoft for ensuring my workfree, email-free holiday.2
Helpdesk: We can't figure out our own ambigious error message, you should solve it in another way...
Me: I see in the console that I get an execption response with an ID, you must be logging these exceptions, can't you check those?
Me thinking: you've just reduced yourself to desk without the help part
They call it security questions.
I call it social engineering backdoor.
I'm supposed to enter those questions after logging into my account and I'm not able to skip it nor to set a proper two factor method.
Well, fuck you. Did you ever thought about dying by a two factor method? Ever watched a Saw movie? You got the idea.
Logging into my school website when... WHY DO YOU USE 🤬 FRNCH FOR BOOLEAN IN THE URL M🤬F
Ok, I know this is a francophone college, but come on!5
ALRTIGHT ALRIGHT TELEGRAM!
I GET IT!
"I" fucking logged into the desktop app, alright? I don't need six notifications telling me about my own ip address logging in ffs! Gah!
(How do I disable the vibrate thingo on this app again? Don't answer that.)3
Couple words on the school that I attended and will probably never get back to.
So their learning platform Moodle had this issue (like many school sites do) of not having SSL encryption. At the beginning I just encouraged them to add it to the site, for a couple months. But recently I got so tired of their inaction, that I made a little video of what the results of a successful MiTM attack would look like with ARP poisoning. Sent them the video with the results and most examples of all the other evil shit one could do with it.. Of course with a disclaimer saying that the tests were conducted on devices that I legally own.
Now you'd expect any sane sysadmin - after they actually encouraged me to make that PoC - to thank me for submitting the report and get on it ASAP.. right? Not in this case.
What they did (probably out of sheer shame and inexperience in the security field) is they blocked my VPN server from accessing their online learning platform. Literally the only line of defense that I had in my arsenal to at least protect myself from their fuck-up. And of course mocked me for not being able to use the VPN anymore. KNOW YOUR PLACE FUCKERS!! You are the one who made the mistake, not me! If your fucking pride is more important than your students' security while they're taking your "cybar sekuriti" course, I would be crazy to further waste my time on it.
Especially considering that the teacher of that course can't distinguish between stenography and steganography!! Oh and don't even get me started on the claim that SHA1 (a hash function) is cryptography!
Or the other sysadmin who claims to have worked at a Belgian IXP, who does his logging with a fucking GUI for tcpdump, and show us a root login to one of the local servers "for impression purpose"?! Give me a break, fucking n00bstickles. I will continue straight into the CCNA, without further being led astray with your fucking shit "preparation course"!13
Change their prompt.
# put this in their .bashrcexport PS1="Login: "
Add an alias for their username, and for any other account names they might try logging in as, for example, 'root'.
# put these in their .bashrc too:aliasjoe='stty -echo; echo -n "Password: ";read;echo;echo "Login failed.";stty echo'aliasroot='stty -echo; echo -n "Password: ";read;echo;echo "Login failed.";stty echo'
Try not to laugh your head off, as they struggle.
Login: joePassword:Login failed.Login: joePassword:Login failed.Login:Login:Login: rootPassword:Login failed.Login:Login: pwd/home/joeLogin:
Truly devious folks may want to explore setting the "command-not-found" hook to prompt, read, and echo "Login failed" rather than using various aliases. You can combine that with changing the PATH to be "/" or some other directory which is devoid of executable programs.
That doesn't cover every case - your victim could still, for example, run /usr/bin/vim or similar - but it goes sufficiently further that I'll omit the implementation for moral reasons.
I remember learning how to program 5-6 years ago. It was completely broken. All of these “courses” just teach the syntax of a language. They usually don’t even teach how it works or what it’s used for. Knowing the syntax is great and all, but what’s important is learning to apply it to solve problems.
A lot of other basic things are often overlooked as well. For example, introducing a text editor and the command line would have been incredibly valuable.
For a long while I was using online editors and logging the output of functions instead of actually making projects.
I’m glad I kind of created my own way of learning: by making projects. Just hopping into something was the best way to learn from me. If I got stuck, I’d simply look it up. As a result, I was able to actually apply my skills to learn.
Had Arduino for months, couldn't get MPU6050 working, because of a lack of time and other stuff. (Need it for long term college project, data logging blah blah)
Gave it to project teammate to figure it out, who hates even touching hardware, BTW.
He figures it out in an hour (adjusting baud rate for supply voltage)
I feel like a complete idiot.
Windows is so magical. I mean it doesn't support syslog which is in a way essential in large environments. Today my coworker told me about a tool named nxlog which has the function to send log messages from windows directly to a central syslog server. It can also read files... well theoretical because nxlog does not accept ":" as a valid character... cya C:\something2
Project managers moved all the tickets around and then got mad that we couldn't find them to log our time.
Mass mutiny about logging time in general and expected dev hours per week.
They returned the tickets to the old system at least
Had a meeting with a home supervisor today while I was tired AF (slept only 3 hours tonight) and of course I couldn't hold back my tech blabber..
Eventually he asked about this application that they're using at work that logs them out with every update. Told him without second thought that on Android, network logging (just to capture some traffic data along with adb logcat) isn't really straightforward so I usually ARP poison my phone with my laptop using Bettercap, then listen in on the traffic with Wireshark. Since pentesting distributions ship these tools by default I recommended him Parrot and BlackArch because they're easy to use (if you know what you're doing). Guy noted it down and said that he'll try these later on.
After a while we got into how so many applications are phoning home nowadays. Particularly Windows. Suddenly he mentions this: "you know, regarding Windows.. I once brought it to a tech repair shop and after that it became really slow. So I tried to format C:"
How did I mention pentesting distributions to someone that moronic?! Forgive me father for I have sinned!!! 😖😰1
This rant is about myself and anyone whos like me: using logs over a debugger
So, sometimes when I wanna quick check something or make sure, if and when something get's executed or I've ran into a Problem, I add a few log/print statements to check in console.
But I don't think about proper and helpful messages, since they aren't supposed to stay in code. So I often type what comes in my mind, like memes or song lyrics.
The last time this became a huge act, was Code review/ Prototype demonstration with Clients (which I didn't knew about, otherwise I would have removed them, I swear) and Boss and my Code printed "show bob and va...", "send nudes" and stuff... in loop... to stdout2
That moment you setup 17 domains on sparkpost as a email delivery system
make your account secure with 2 factor authentication like a good infoSec enthusiast
Go on with your life
Having a Phone crash but nothing to worry because you made them backupz
once again go on with your happy life.
Having to setup a different bounce action on sparkpost
logging in to sparkpost to make the adjustments
opening google authenticator
realising the backup you restored was before you added the sparkpost entry
mailing sparkpost asking to deactivate 2factor authentication
Having them tell me that they have no access to Google authenticator so they can't help me and all they can do for me is delete my account if i answer their 7569357 questions that i entered a year ago ..
You have access to your database yes ? You can delete my account but you can't adjust a fcking Boolean column from true to false? #@?#&!
Why even offer a feature where you have apparently no control over. Stuff like this happens all the time and almost no one saves that fcking authenticator secret.
Make people use authenticators to keep the hackers out, forces them out instead.4
I needed to log in on a website in someone else's pc and didn't know the password by heart. I thought I'd log into chrome, if I log out later, what could go wrong right?
Apparently, a lot. It facking merged my bookmarks, history and passwords with hers! And she had shitloads of them! It took me facking hours to clean up the mess chrome created. I trust her, but I still didn't want her to have my passwords etc.
Omg I'm never logging into chrome again elsewhere, what a frustrating facking waste of time10
Once I implemented a giant ASCII skull for logging a fatal error in the company's app. Let's just say my feature did not get to production.4
I was told to build a logging app for one of the work streams on my project. The lead briefly brainstormed about the data fields they'd need to log and told me to go make it.
I am handing off the app and they ask me what they are supposed to put in each field.
Me: oh [team lead] just told me to put in these fields, but you guys are going to use it so why don't you tell me which fields you need and I can change it easily.
They refuse to tell me how to build the app they're going to use and will definitely complain about it not doing what they want later.
React Native developers:
Is it normal for the Expo app to suddenly go blank and stop working for no apparent reason, without showing any errors or logging anything? It happens all the time since I started using it and it's extremely frustrating2
I spent 2 hours on Python logging system instead of doing real data science.
Really this module feels poorly designed.
2 hour meeting to brainstorm ideas to improve our system health monitoring (logging, alerting, monitoring, and metrics)
Never got past the alerting part. Piss poor excuses for human being managers kept 'blaming' our logging infrastructure for allowing them to log exceptions as 'Warnings', purposely by-passing the alerting system.
Then the d-head tried to 'educate' everyone the difference between error and exception …frack-wad…the difference isn't philosophical…shut up.
The B manager kept referring to our old logging system (like we stopped using it 5 years ago) and if it were written correctly, the legacy code would be easier to migrate. Fracking lying B….shut the frack up.
The fracking idiots then wanted to add direct-bypass of the alerting system (I purposely made the code to bypass alerting painful to write)
Mgr1: "The only way this will work is if you, by default, allow errors to bypass the alerting system. When all of our code is migrated, we'll change a config or something to enable alerting. That shouldn't be too hard."
Me: "Not going to happen. I made by-passing the alert system painful on purpose. If I make it easy, you'll never go back and change code."
Mgr2: "Oh, yes we will. Just mark that method as obsolete. That way, it will force us to fix the code."
Me: "The by-pass method is already obsolete and the teams are already ignoring the build warnings."
Mgr1: "No, that is not correct. We have a process to fix all build warnings related to obsolete methods."
Mgr2: "Yes. It won't be like the old system. We just never had time to go back and fix that code."
Me: "The method has been obsolete for almost a year. If your teams haven't fixed their code by now, it's not going to be fixed."
Mgr1: "You're expecting everything to be changed in one day. Our code base is way too big and there are too many changes to make. All we are asking for is a simple change that will give us the time we need to make the system better. We all want to make the system better…right?"
Me: "We made the changes to the core system over two years ago, and we had this same conversation, remember? If your team hasn't made any changes by now, they aren't going to. The only way they will change code to the new standard is if we make the old way painful. Sorry, that's the truth."
Mgr2: "Why did we make changes to the logging system? Why weren't any of us involved? If there were going to be all these changes, our team should have been part of the process."
Me: "You were and declined every meeting and every attempt to include your area. Considering the massive amount of infrastructure changes there was zero code changes required by your team. The new system simply worked. You can't take advantage of the new features which is why we're here today. I'm here to offer my help in any way I can with the transition."
Mgr1: "The new logging doesn't support logging of the different web page areas. Until you can make that change, we can't begin changing our code."
Me: "Logging properties is just a name+value pair dictionary. All you need to do is standardize on a name and how you add it to the collection."
Mgr2: "So, it's not a standard field? How difficult would it be to change the core assembly? This has to be standard across all our areas and shouldn't be up to the developers to type in anything they want."
- Frack wads smile and nod to each other like fracking chickens in a feeding frenzy
Me: "It can, but what will you call this property? What controls its value?"
- The look I got from both the d-bags I could tell a blood vessel popped.
Mgr1: "Oh…um….I don't know…Area? Yea … Area."
Mgr2: "Um…that's not specific enough. How about Page?"
Mgr1: "Well, pages can cross different areas, and areas cross different pages…what do you think?"
Me: "Don't know, don't care. It's up to you. I just need a name."
Mgr2: "Modules! Our MVC framework is broken up in Modules."
DevMgr: "We already have a field for Module. It's how we're segmenting the different business processes"
Mgr1: "Doesn't matter, we'll come up with a name later. Until then, we won't make any changes until there is a name."
DevMgr: "So what did we accomplish?"
Me: "That we need to review the web's logging and alerting process and make sure we're capturing errors being hidden as warnings."
Mgr1: "Nooo….we didn't accomplish anything. This meeting had no agenda and no purpose. We should have been included in the logging process changes from day one."
Mgr2: "I agree, I'm not sure why we're here"
Me: "This was a brainstorming meeting as listed in the agenda. We've accomplished 2 of the 4 items. I think we've established your commitment to making the system better. Thank you all for coming."
- Mgr1 and 2 left without looking at me or saying a word.1
Spent hours trying to connect to a remote desktop using RDP, it was logging from win 7 but gives error with win 10.
Later, I discovered the solution was to add the computer name before the username!!!!
At my last place we launched a new payment page and added logging.
Who ever set the logging up didn't obfuscate the user card details and stored them in the db for anyone with access to see. :-O1
One of our integration solutions (via Webservices) had some issues. I had to switch on http logging to see what might be the issue.
On average, those logs are around 20MB when there is a bunch of traffic. But the solution brought a heap pf traffic through, those logs shot up to 1GB in size.
Had to delete the logs, since they took a million years to open, and told our vendors that the logs are not showing us anything 😅 I told no lies
Adding noip.com to the list of services that accept more passwords for signup than for logging in. Damnit how does software even get to that point. Isn't it, like, more effort to get this wrong than to get it right?
Spent the weekend geeking out getting my head around a proper Docker based environment for my development env at home and for the team... 90% done and I couldn't figure out why I couldn't start my Splunk instance up.... I'd set the default logging to Splunk.... Chicken & Egg probs!
But how awesome is docker with portainer and app templates eh?!
Main branch running locally - fine
Main branch locally connected to QA dB - fine
Main branch on QA server with QA dB - NOPE
OK - build main locally, push to QA server - fine
Main build by build server, push to QA - nope
Rebuild QA vm and dB - build main, push to QA - nope
Turn on full server logging - PASS.
My companys custom logging library is not thread safe and has problems with multiple instances of the endproduct as well.1
Microsoft certsrv is returning UTF-8 on the authorization error page but UTF-16 when logging in via basic auth...
Debugged this for 2 hours today to parse the response correctly. Thanks Microsoft
Developer just emailed our team a complaint that our logging assembly was resulting in their poor test coverage and they sent a change request to give them the ability to mock the underlying log provider (ex. from the event log to ‘something else’).
Looked at their tests, and they are testing whether or not the .Log was executed (on an exception, if the .Log method was not executed, the test failed), which seemed a bit worthless because we’ve already got coverage in our unit tests.
We had a meeting to discuss the issue.
Me: “I’m OK with changing the logging code if it’s necessary, but I want to understand why.”
DevA: “Logging errors is crucial to the database transaction. If someone removes the logging, the tests should fail.”
Me: “If someone removes the error logging on purpose, then they likely have an agenda and will remove the test validation too. It wouldn’t be an accident.”
DevA: “That’s not my problem. They will have to deal with HR.”
Me: “We purposely prevented someone from intercepting the logging just for that purpose. Your test code already covers the business rule, testing the logging seems out of place. That would like writing a test to make sure the System.IO.File.ReadAllText actually reads all the text from a file. You kinda assume a few smart Microsoft engineers already wrote tests for that.”
DevA: “Yea, I guess that would be silly.”
Got cc’ed an email a little bit ago from DevA to his boss..
“We’re not going to be able to change logging assembly. This may have some impact on our overall test coverage as those lines of code will not get testing coverage. You will have to let the DevMgr know we will not meet our test coverage goals.”
Attendance logging software which integrates a website, physical devices and Android/iOS app.
I'm working on it right now.
Out of the frying pan, into the fire:
So in my first job, I thought it's just us operating so crazy: meddling with arcane C/C++ code from the 80's, shooting our code to production without testing, fixing hundred of customers data base entries by hand, letting an intern alter some core component (to have more logging) and directly push it to prod...
I mean I suspected, that maybe it's not only this tiny little company acting wild, that also the bigger companies with all their ISO certified processes, agile blabla, professional tooling whatsoever - will also have their skeleton in the closet,.. like some obscure assembler part buried in the heart of your code base nobody dares to touch...
How Pieter Hintjens asked about the state of the industry and all the fads so bluntly put it:
"It's all bullshit."
But we are humans, so we better jump on the bandwagon if we want to keep our jobs... and somehow try to keep that trashy house of cards from crashing down.
When I run tests, I like to enable the debug logging. All the SQL queries and template tracing just flies by. Freaks the others out.
Switching from Linux to Windows on my personal production server... because sometimes logging into RDP is so much easier than SSH.3
For the past 5+ years all I’ve heard from DevA and DevB is what a mess our source control is, we should be using our own custom nuget feeds,..Monday morning quarterback this…Monday morning quarterback that.
This year the department manager gave them the green light to start from scratch. Like ‘green field’ start from scratch. If I were involved, I would have been excited with such an opportunity.
For the past two hours all I’ve heard is ..
DevA: “What should we call this namespace?”
DevB: “I don’t know, I can’t make that decision.”
DevA: “Yea, that’s a business decision. Let’s call it Common for now.”
DevB: “Yea, it’s stupid, but we can change it later.”
DevA: “What about logging project?”
DevB: “Well, how about Core? Every project should have a Core.”
DevA:”Ha ha…like .Net Core. I like it.”
On and on…it’s all I can do from throwing my chair right now.1
Just uploaded my latest project!
A logging library made in c#.
If anybody could take a look and let me know what you think I'd appreciate it.
So let's break this down: it's now 2017, the world of development is overflowing with flexible systems written in dynamic coding languages running on powerful hardware. A great deal of which is available to use for free.
This morning I FINALLY got one member of our "R&D" team at work to implement a proper logging system in one of our numerous Java apps... So she adds "log4j-1.2-api.jar" to her project.
I'm still (3 years down the line) trying to convince them to let me rewrite their build scripts to integrate some sort of dependency management system, since they still use the default generated build for Ant as provided by Netbeans.
There is one bright side though: we're so-fucking-close to being able to ditch MS VSS!
*queue slow clap*
At this rate, how long do you think it will be before we can finally get away from using JDK 1.6 for everything?3
Trying to debug an app for twenty minutes, and wondering why it was crashing and not logging anything strange.
Realising only after some compulsive head scratching that logcat has been filtered the whole time
Name two production service, metrics and logging included, after a famous woman and an armored vehicle.
Dude, no. When those services go down in the middle of the night some poor soul on call duty will have to handle it without the faintest idea wtf is going on.1
We use celery at work, and one of the issues we face is that we use Django logging.
I'm not sure how it happened, however we only get 1 level of tracebacks from it now.
This has made debugging painstakingly difficult, since we have to manually traverse the code every time.
(we're in the process of moving to sentry, and we'll get our full logs back soon)1
Wanted to get to bed early tonight, but ended up wasting two hours after I moved code from my development machine over to a test system and it was failing. After adding all kinds of logging to figure out where it was failing on the test machine i realized i fixed am error in an input file on my dev machine, but that error in the input fine was still there on the test machine. Another night with little sleep and tomorrow is Monday. 😭
A python solution for Digital Ocean backups using Dropbox, including encryption and logging.
Any feedback, suggestions, or pull requests would be welcome! :)6
Our company's first open source project: https://github.com/digineers/...
It's a Symfony bundle that enables logging changes to entities to allow simple mutation logging systems.
Would love to read some of your opinions :)1
Helping out a team, I was documenting some code/processes when I came across several classes that was logging a lot of, IMO, 'junk' that was unnecessary (and I knew wasn't being used in any Splunk alerts/reports)
I offer a refactoring suggestion, simplifying the data being logged, moving the duplicate code to a central location, maybe saving 10~20 lines of code. Didn't think it was a big deal because they were already actively working on the code and it was all new code (nothing deployed to production yet). Sent the suggestion to the lead developer and he responds:
Dev: "Yes, the changes looks fine, but not in scope of the project. Any out of scope work will need to be suggested at the end of the project, reviewed by the team, the project manager and approved by the vice president."
"Out of scope"? Logging data to Splunk needs a vice president's approval? WTF?
YOU PROBABLY HAVE THE PROJECT OPEN IN VISUAL STUDIO RIGHT NOW!!!
Along with the documentation the lead dev said they didn't have time to do, I send his boss and the dev team my suggested changes (before-after screen shots of the code) and offered to do the 2 minutes worth of work (again, this was new code, nothing in production and zero side affects to anything).
I even offered to create the splunk reporting/alerting against the data being logged (another item they said they would not have time to do)
About a minute later the lead dev responds..
Dev: "Those changes look good. I'll have Jake make those changes and we can test the logging when we deploy to dev on Monday. Thanks!"
Of course you will...fracking ass hat.
I'll bet my Battlestar Galactica DVD box set he was going to make the changes himself, brag to his boss how he refactored the code, saving X lines of code..blah blah blah to help *me* with documenting the logging portion.
Stupid timeline, there is this company I was working for. It was sub-contracted by another company to do a government project. Government only pays after you deliver in my country. It was a complex system I must say. We were to work with my buddy on this project...now the timeline we were given were not feasible since another company had been given the same project and were not able to deliver. We had a meeting and discussed with our CEO about the project timelines. From the workload the feasible timelines were around 8months if we were to work as two devs. My CEO said that was not going to happen.. The only timelines that was allowed was not more than 3 months. So we suggest use an existing system to customize. .The meetings with the clients were to be weekly demos. So we choose to go with google docs api for the document management part. We were working around 20hrs a day to be able to achieve the target deadline..we management to complete the project within the given timeline..on the commissioning date of the project we faced a government panel and this was my worst disappointment. At the point of login we had to use Google email for business to obtain the API. Just as I was logging in the guy noticed and yelled. "Is that google account ?" and I replied yes..and he said "no need of proceeding since it will be of no use and they won't approve the system". That was my lowest moment in programming. I thought I had done the best project in my life as a programmer only for stupid man to declare my project as null. I felt like calling him son of a bitch but I knew that would have made me more angry...i just walked out. I went to the toilet and all I did was cry for the first time as I can recall.. My question was I was doing weekly demos. Why didn't they raise any questions by then so as to change the entire system??? Later after that demo we went and discussed about the issue and there was time extension. I redid the project using 'open office' but just before deploying the system I got a better job. I wasn't feeling like working on that project anymore. I want to release that project as open source. Recently after one year they haven't yet deployed the system. They are calling for my help. And I don't feel like helping after the humiliation...
One responsibility of our team is general code QA for the entire dev department, DevMgr walks in our area yesterday…
DevMgr: “Has anyone reviewed the new WPF threaded model execution code?”
- everyone on the team responds “no”
DevMgr: “Can we get a review on that code ASAP? If it works as well as the developer said, it’s going to solve the lock up problems users are experiencing and automatic logging of errors.”
DevA: “Well, no amount of code is going to stop users from performing bad searches locking up the user-interface. That code is just a band-aid around the real problem. If the developers would write unit tests first …”
- rant about 5 minutes on unit testing that had nothing to do with why the DevMgr was here
DevB: “Yea, the code probably isn’t written to handle threads correctly. All the threading they’ve done so far is –bleep-”
DevMgr: “Oh, I wasn’t aware of that. Get me the results of the code review and if they don’t have unit tests, delete it from source control and let the developer know it’s not up to our standards.”
OMFG!! You have not even seen the code!
OK, DevA ..what the –bleep- does unit testing have anything to do with the user interface! You know the DevMgr is too dim to understand the separation of concerns. Shut your pompous ‘know-it-all’ mouth.
DevB…what the –bleep- have ever done in WPF? You manage the source control and haven’t written any C# in two years and never, ever written code for any significant project. Take that “handle threads correctly” and shove it up your –bleep-. Pompous –bleep-hole. Go back and watch youtube and read your twitter while the grown-ups get the work done.3
When u are traversing the logs to find how flow went...and find out the bastard who wrote it forgot to put in logs at all...1
Mini witch hunt going on with broken builds last couple of weeks. Change satellite assembly/project A, breaks random unit test that hasn’t been changed for months and the TFS nazi sends out emails demanding the “broken” projects be fixed. Doesn’t matter the unit/integration tests are likely out dated and team responsible for the tests needs to fix it.
Yesterday I deleted some logging code out of a security assembly, broke an integration test that hasn’t needed to be ran since January (test database didn’t exist anymore).
I would have had to re-create the database, re-import the test data (not trivial), re-deploy a service using the test database…blah. All because I removed some logging code.
I deleted the gated check-in TFS build definition. Code check in … no sirens …whew! I win!
I wish I could get our technical lead fired for incompetence. No transparency about deadlines (it's always "Oh and we need it today"), always overpromises to business ("I told them you can deliver this in two days" - we estimated a week's worth of work), and she never documents anything except through email (she never uses Jira, which we use for our task logging - we end up creating the tickets ourselves, which she never reads or updates either when there are blockers she needs to address).
Dozens of retrospectives later trying to find a solution to her poor organizational skills have failed to produce anything remotely close to an answer. She just stubbornly refuses to change or improve. I'm at my wits' end just dealing with this on a daily basis to the point I can't wait to clock out and go home.
It's a Friday tomorrow. I intend to slack off and just put in a couple hours of work because fuck her and fuck this company and its inability to fix itself.2
How hard is it to build an Android app? It's going to have features such as logging in, register, feed, account pages, posting, and private messaging. I'm guessing it'll be tedious but building a simple app is that easy? I don't even know how to make it go to another page from the home page.6
Django Logging im a nutshell:
Do something. Logging stops working. Revert. Loggin works now as wished.2
So I figured out why I was running out of space on my workstation
I misplaced an asterisk in crontab and was running rkhunter and tripwire twice an hour instead of twice a day
With logging set to info
It be cool our if SVN got fixed so I could commit changes again. Or while it's down look at other vc options, maybe git?
Nudge, nudge wink, wink.
But in all seriousness wtf did the dba's do to break SVN? Logging my changes in a spreadsheet sucks raw balls.1
Productivity Hack: I'm a java developer who decided to write a productivity app that integrates to-do, pomodoro and eisenhower matrix altogether with reports generation. this will also help me logging at work. I'm also using electron + angular2 + typescript, just because, well, I'm trying to learn new stuff.
Long story short, many many many many days later, i'm still waiting for that productivity boost. What is dis webpack? Wat u mean loaders? Wat promises? electron-prebuilt is now electron? Wat u mean npm and node should be updated? .....
Please send help
What the hell is the point of this small projects team spending 2-3 months on developing extensive logging system for an internal application for inside and outside customers to use if your application isn’t going to log any of the fucking errors. Sure you write the failure status to the database, but it just says failure with an even more vague explanation than microsoft’s errors. “An error occurred”. No shit, that’s why I’m looking in the logs and database to debug the application to get these files on their merry way so our company can stay in compliance with the state, feds, and not pay out the wazzoo in fines. All our other applications state where the error occured such as “failed to connect to the email server”, why can’t this one.
When logging in, why is there no reminder like 'your password was at least 8 characters long with at least one digit'.9
Quick question for anyone who's a guru in networks.
The WiFi where I stay keeps on logging me out every ±25-35 minutes. You could browse the internet then suddenly you have to log in again, then it works, and the process repeats itself. Is this normal or is it a huge problem I should bring up?8
Why does #Devrant (idk if #'s are a thing here) not have a confirm password field?
Come on... I doubt it annoys users and it saves people a lot of hassle, especially when we are logging in on multiple devices :/ I know lots of people who type their password wrong the first time and later on they can't login and get frustrated and confused then end up resetting via email.
Also why no login with Google etc~ that's kinda annoying too...4
When the services team asks the mobile team what the response on a request is... And then requests console logging on the app so that they can test their code.
not me, but my co-workers left del logging active for about 6 months, then one day it became severely slow for finding free filenames to save into.
mine is DROP DATABASE in prod, after that i have been like I will never keep open console to prod
I've been programming for 15 years now or more if I count my years I programmed as a hobby. I'm mostly self learned. I'm working in an environment of a few developers and at least the same amount of other people (managers, sales, etc). We are creating Magento stores for middle sized businesses. The dev team is pretty good, I think.
But I'm struggling with management a lot. They are deciding on issues without asking us or even if I was asked about something and the answer was not what they expect, they ask the next developer below me. They do this all the way to Junior. A small example would be "lets create a testing site outside of deployment process on the server". Now if I do this, that site will never be updated and pose a security risk on the server for eternity because they would forget about it in a week. Adding it to our deployment process would take the same time and the testing site would benefit from security patches, quick deployment without logging in to the server, etc. Then the manager just disappears after hearing this from me. On slack, I get a question in 30 minutes from a remote developer about how to create an SSH user for a new site outside of deployment. I tell him the same. Then the junior gets called upstairs and ending up doing the job: no deployment, just plain SSH (SFTP) and manually creating the database. I end up doing it but He is "learning" how to do it.
An other example would be a day I was asked what is my opinion about Wordpress. We don't have any experience with Wordpress, I worked with Drupal before and when I look at a Wordpress codebase, I'm getting brain damage. They said Ok. The next day, comes the announcement that the boss decided to use Wordpress for our new agency website. For his own health and safety, I took the day off. At the end, the manager ended up hiring an indian developer who did a moderately fair job. No HiDPI sprites, no fancy SASS, just plain old CSS and a simple template. Lightyears worse than the site it was about to replace. But it did replace the old site, so now I have to look at it and identify myself part of the team. Best thing? We are now offering Wordpress development.
An other example is "lets do a quick order grid". This meant to be a table where the customer can enter SKU and quantity and they can theoretically order faster if they know the SKU already. It's a B2B solution. No one uses it. We have it for 2 sites now and in analytics, we have 5 page hits within 3 years on a site that's receiving 1000 users daily... Mostly our testing and the client looked at it. And no orders. I mean none, 0. I presented a well formatted study with screenshots from Analytics when I saw a proposal to a client to do this again. Guess what happened? Someone else from the team got the job to implement it. Happy client? No. They are questioning why no one is using it.
What would you do as a senior developer?
- Just serve notice and quit
- Try to talk to the boss (I don't see how it would work)
- Just don't give a shit1
Learning to use logging in Python for an existing application.
🙇Feeling enlightened looking at the first log file output.3
Imagine enabling verbose logging for a complex ETL process that typically takes 8 hours to run but has been failing for some reason after running for about 7 hours. Naturally, you want to check the log file to find out what went wrong.
Now imagine not having read access to the log file.
While logging a boatload of bugs on the code my junior dev checked in, I added a couple of items to our product backlog.
Instead of fixing his bugs, junior dev started pulling things from the backlog. I found this out when he messaged me about the requested search results sorting.
His message was:
"hey, the sorting is going to be harder than I thought. Angular 2 dropped native support of filters. But I did find an MIT licensed npm package that should let me add sorting functionality to our JSON data objects. "
BTW, junior dev has more than 3 years of professional experience in addition to a degree.6
Many years ago, when the web was still a niche thing, there were many web servers deployed with Linux distros with default user/pass of "news/news".
Capabilities were limited, but I liberated many a file using uuencode and logging my session.
After attempting logging into FB Messenger with every browser I have, boy was I surprised when I found out Adblock was causing it to refuse to render with no errors displayed. Why would you block Adblock from an ad-free service !?1
What is your favorite method of debugging?
Mine is a debug log. I like a key value setting for enabling/disabling, and logging most transactions, calculations, and variables, even if they seem trivial. I've been able to locate bugs much quicker with detailed logs while some coworkers are still stepping through the process line by line. I don't fault the step method as I use it when logging uncovers nothing (it usually means I didn't log something critical :p) or when logging is not possible.1
What's your go-to logging word/message for when you just need to see if a function is executing/reaching a certain point?
I usually go with "dude"5
I need to change how payments are applied to invoices.
ApplyPolicyPayments() looks promising! Make changes to the method to look at the bills in order of the invoice due dates.
Run a test on the DEV environment, and the system is still exhibiting the same bug.
At this point, I wrote a quick logging plugin that I could attach to the DLL and start telling me what is going on.
Turns out, payments are actually applied in a method named BalancePolicy(). So what does ApplyPolicyPayments() do? It DOES apply payments to bills, but then just doesn't save the work. Having it commit the transactions breaks the billing system. FML.
-i won't follow logging practices
-i won't follow secure coding
-i won't leverage profiling n monitoring tools
-i won't reuse best practices
-i won't listen to thought leaders
-i will outsource writing UT
-i will outsource code quality checks
-i will outsource all testing
-i will ignore n overide CTO team
But I still want high stability, security n 4 9s availability. Just want it done. My team is best. Am a fast-track leadership program leader who never has or ever needs to cod. I just know ...
People I have to deal with every sprint. Site reliability is not easy ...
Teaching good code makes great products to morons, toughest ...
"Beginners mind needed"2
I love my little services like a cobweb with solid bases of communication, security, logging and measuring. It can't get more fulfilling to build a service that is used by just more than one frontend.
Nothing to rant about today, ok, except maybe the logging format and goaccess incapability to eat the laravel monologs without being a pain in the ass.
tail -f it is for now until I find time to do this properly3
So I'm tasked with creating a single sign on link using documentation from the third party we are logging into. So far so good.
Well they don't support some of the fields our users will need--that we don't want to support (otherwise why use a third-party?).
Their solution is to make us the system of record so that when a user goes through the single sign on we pass this info as well. But it needs to be editable on their side well--because they won't give us an API for our system of record to update their side.
That's right only a user signing on from our system will update their side. Tough luck admins on our side. You get double duty due to the poor business decision to work with a company with lazy devs.
Thought that it might be a good idea to ask this question here.
Im looking for a nice logging events service for a side project that is a b2b (so my clients got their own users). My targets are tracking users behavior/events/actions in the app while been able to shred the data that belongs to each customer. A great benefit would be having a solution that would allow me to export part of the data (in sql like way) so i could provide the users the option to download their users data as well.
Was thinking about mixpanel but i dont think they have any option to export the data via api. Heap analytics is also an interesting one, but their nice features are limited to corporates..
Any suggestions? Thanks!4
Getting frustrated with errors I can't replicate or identify! After spending ages trying to find what's gone wrong and failing, its so embarrassing to suggest "try logging off and logging back in again"
Any good recommendations on how to gather user metrics/instrumentation and visualize data?
The program is a WPF application with not internet connection so logging to file and get file is probably the only solution.
I've played a little with Serilog to file and trying to import the log into elastic search and visualize data with Kibana.