Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
CLIENT "So my nephew who does stuff with computers built it and we are ok with how it all works so don't worry about changing that. "
DEV "so like you have a public form with no input filtering, spam mitigation let alone sanitization or remote concern for security. Basically you have a Json flat file that is 34mbs of links to, viagra, replica watches, nock off name brands and one real estate company. It is getting about 15 submissions an hour. Since you don't want me changing how it works are you happy to just leave all that ?"
CLIENT "no no we don't want all that but we have no route to delete it, can you just stop all the spam and let us continue on?"
DEV "ok so back to my first question can we rebuild all of this properly, or do you really want to just leave it all"
:/ FML3 -
Some years ago our company site was hosted by a prick who knew nothing and started to pretend the server got a virus or whatever.
I tested their server and figured out they did not have any firewall policies going on like mitigation of ssh brute force.
It was at this time I learned about SYN flood, and boy I flooded that port 80 of them.
The company site went down for as long as I wanted.
It was great because now we manage it in house and never had a problem anymore. -
Ya'll know what... If humans weren't such annoying vulnerability-searching little shits then we wouldn't have had to implement any protection against them and think of all the performance that would be saved on that. Take branch prediction vulnerability mitigation in the Linux kernel for example, that's got to make a performance hit of least 10% on basically everything.
Alas, I do get why security is important and why we keep such vulnerability mitigation running despite the performance hit. I get why safe code is necessary but still... if these people weren't such annoying little bastards.
Yeah, I was just kind of set off by the above. So much would be faster and easier if only the programmers wouldn't have to plan for people exploiting their software. Software would be written much faster and humans would progress to stuff that actually matters like innovation.8 -
dev, ~boring
This is either a shower thought or a sober weed thought, not really sure which, but I've given some serious consideration to "team composition" and "working condition" as a facet of employment, particularly in regard to how they translate into hiring decisions and team composition.
I've put together a number of teams over the years, and in almost every case I've had to abide by an assemblage of pre-defined contexts that dictated the terms of the team working arrangement:
1. a team structure dictated to me
2. a working temporality scheme dictated to me
3. a geographic region in which I was allowed to hire
4. a headcount, position tuple I was required to abide by
I've come to regard these structures as weaknesses. It's a bit like the project management triangle in which you choose 1-2 from a list of inadequate options. Sometimes this is grounded in business reality, but more often than not it's because the people surrounding the decisions thrive on risk mitigation frameworks that become trickle down failure as they impose themselves on all aspects of the business regardless of compatibility.
At the moment, I'm in another startup that I have significantly more control over and again have found my partners discussing the imposition of structure and framework around how, where, why, who and what work people do before contact with any action. My mind is screaming at me to pull the cord, as much as I hate the expression. This stems from a single thought:
"Hierarchy and structure should arise from an understanding of a problem domain"
As engineers we develop processes based on logic; it's our job, it's what we do. Logic operates on data derived from from experiments, so in the absence of the real we perform thought experiments that attempt to reveal some fundamental fact we can use to make a determination.
In this instance we can ask ourselves the question, "what works?" The question can have a number contexts: people, effort required, time, pay, need, skills, regulation, schedule. These things in isolation all have a relative importance ( a weight ), and they can relatively expose limits of mutual exclusivity (pay > budget, skills < need, schedule < (people * time/effort)). The pre-imposed frameworks in that light are just generic attempts to abstract away those concerns based on pre-existing knowledge. There's a chance they're fine, and just generally misunderstood or misapplied; there's also a chance they're insufficient in the face of change.
Fictional entities like the "A Team," comprise a group of humans whose skills are mutually compatible, and achieve synergy by random chance. Since real life doesn't work on movie/comic book logic, it's easy to dismiss the seed of possibility there, that an organic structure can naturally evolve to function beyond its basic parts due to a natural compatibility that wasn't necessarily statistically quantifiable (par-entropic).
I'm definitely not proposing that, nor do I subscribe to the 10x ninja founders are ideal theory. Moreso, this line of reasoning leads me to the thought that team composition can be grown organically based on an acceptance of a few observed truths about shipping products:
1. demand is constant
2. skills can either be bought or developed
3. the requirement for skills grows linearly
4. hierarchy limits the potential for flexibility
5. a team's technically proficiency over time should lead to a non-linear relationship relationship between headcount and growth
Given that, I can devise a heuristic, organic framework for growing a team:
- Don't impose reporting structure before it has value (you don't have to flatten a hierarchy that doesn't exist)
- crush silos before they arise
- Identify needed skills based on objectives
- base salary projections on need, not available capital
- Hire to fill skills gap, be open to training since you have to pay for it either way
- Timelines should always account for skills gap and training efforts
- Assume churn will happen based on team dynamics
- Where someone is doesn't matter so long as it's legal. Time zones are only a problem if you make them one.
- Understand that the needs of a team are relative to a given project, so cookie cutter team composition and project management won't work in software
- Accept that failure is always a risk
- operate with the assumption that teams that are skilled, empowered and motivated are more likely to succeed.
- Culture fit is a per team thing, if the team hates each other they won't work well no matter how much time and money you throw at it
Last thing isn't derived from the train of thought, just things I feel are true:
- Training and headcount is an investment that grows linearly over time, but can have exponential value. Retain people, not services.
- "you build it, you run it" will result in happier customers, faster pivoting. Don't adopt an application maintenance strategy
/rant2 -
Why can't people just do their fucking jobs? How hard is it to understand? Managers keep time, resources and risks in check and inform the developers. Developers develop and test the system. How the fuck do we have manager for agile, manager for program a manager for program b, risk mitigation manager, this shit manager that shit manager . For fucks sake with this much management we should be like fuckin bee nest and not an unorganized mess. In the end it turns out that literally there are more managers than developers just because they cannot fire an incapable idiot and they hire the next one. It is plain fucking simple - if you are not fit for the job get lost or make yourself fit. For fucks sake.
It really makes me wonder are there any well organized companies out there? -
Someone has a cloud VM running automated attempts to sign up at our website, which is causing the payment processor to block us because of all the suspicious credit card creation attempts, so we get no new signups... I suppose implementing recaptcha is a potential solution/mitigation for this? Do you guys have any other suggestions?12
-
XSS mitigation is a pain in the ass.
After all this time, with all the brilliant developers around the world, why haven't we found a sane way to mitigate this shit by default?
Shit!8 -
Y'know, there are some things that are timeless. Like bug severity arguments. We don't have a "likeliness of occurrence" parameter in the bug database. We just have "severity if it occurs". You have to classify it as such. The bug database IS NOT FOR RISK MITIGATION ACTIVITIES IT'S FOR FIXING THE FUCKING SOFTWARE!!! STOP MAKING THESE DAMN MEETINGS TAKE 30 YEARS BY QUESTIONING THE SYSTEM THAT WAS ESTABLISHED IN THE BEFORE TIMES BY PEOPLE WHO ARE ABOVE YOUR PAY GRADE!!! TINDER BOX!!! MATCH!!! GODS DAMMIT!!!
-
What do you use for your side-projects regarding Anti-DDoS protection?
I have a community with 1-2k daily users hosted in Siteground. Currently, I am not experiencing any DDoS issues (mainly L4) but I used to when I was using another service provider. The trade-off is that the machine and the service I'm paying here is way more expensive.
I don't care about managing the server, but I was looking for a cheaper option to get my project with.
The stack is LAMP and it is an Invision Power Board forum.
What do you recommend? Which service(s) do you use for your projects and how do you prevent DDoS on your side?13
Top Tags
Weekly Rant
View