Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Wow... this is the perfect week for this topic.
Thursday, is the most fucked off I’ve ever been at work.
I’ll preface this story by saying that I won’t name names in the public domain to avoid anyone having something to use against me in court. But, I’m all for the freedom of information so please DM if you want to know who I’m talking about.
Yesterday I handed in my resignation, to the company that looked after me for my first 5 years out of university.
Thursday was my breaking point but to understand why I resigned you need a little back story.
I’m a developer for a corporate in a team of 10 or so.
The company that I work for is systemically incompetent and have shown me this without fail over the last 6 months.
For the last year we’ve had a brilliant contracted, AWS Certified developer who writes clean as hell hybrid mobile apps in Ion3, node, couch and a tonne of other up to the minute technologies. Shout out to Morpheus you legend, I know you’re here.
At its core my job as a developer is to develop and get a product into the end users hands.
Morpheus was taking some shit, and coming back to his desk angry as fuck over the last few months... as one of the more experienced devs and someone who gives a fuck I asked him what was up.
He told me, company want their mobile app that he’s developed on internal infrastructure... and that that wasn’t going to work.
Que a week of me validating his opinion, looking through his work and bringing myself up to speed.
I came to the conclusion that he’d done exactly what he was asked to, brilliant Work, clean code, great consideration to performance and UX in his design. He did really well. Crucially, the infrastructure proposed was self-contradicting, it wouldn’t work and if they tried to fudge it in it would barely fucking run.
So I told everyone I had the same opinion as him.
4 months of fucking arguing with internal PMs, managers and the project team go by... me and morpheus are told we’re not on the project.
The breaking point for me came last Wednesday, given no knowledge of the tech, some project fannies said Morpheus should be removed and his contract terminated.
I was up in fucking arms. He’d done everything really well, to see a fellow developer take shit for doing his job better than anyone else in [company] could was soul destroying.
That was the straw on the camels back. We don’t come to work to take shit for doing a good job. We don’t allow our superiors to give people shit in our team when they’re doing nothing but a good job. And you know what: the opinion of the person that knows what they’re talking about is worth 10 times that of the fools who don’t.
My manager told me to hold off, the person supposed to be supporting us told me to stand down. I told him I was going to get the app to the business lead because he fucking loves it and can tell us if there’s anything to change whilst architecture sorts out their outdated fucking ideas.
Stand down James. Do nothing. Don’t do your job. Don’t back Morpheus with his skills and abilities well beyond any of ours. Do nothing.
That was the deciding point for me, I said if Morpheus goes... I go... but then they continued their nonsense, so I’m going anyway.
I made the decision Thursday, and Friday had recruiters chomping at the bit to put the proper “senior” back in my title, and pay me what I’m worth.
The other issues that caused me to see this company in it’s true form:
- I raised a key security issue, documented it, and passed it over to the security team.
- they understood, and told the business users “we cannot use ArcGIS’ mobile apps, they don’t even pretend to be secure”
- the business users are still using the apps going into the GDPR because they don’t understand the ramifications of the decisions they’re making.
I noticed recently that [company] is completely unable to finish a project to time or budget... and that it’s always the developers put to blame.
I also noticed that middle management is in a constant state of flux with reorganisations because in truth the upper managers know they need to sack them.
For me though, it was that developers in [company], the people that know what they’re talking about; are never listened to.
Fuck being resigned to doing a shit job.
Fuck this company. On to one that can do it right.
Morpheus you beautiful bastard I know you’ll be off soon too but I also feel I’ve made a friend for life. “Private cloud” my arse.
Since making the decision Thursday I feel a lot more free, I have open job offers at places that do this well. I have a position of power in the company to demand what I need and get it. And I have the CEO and CTO’s ears perking up because their department is absolutely shocking.
Freedom is a wonderful feeling.13 -
So, some time ago, I was working for a complete puckered anus of a cosmetics company on their ecommerce product. Won't name names, but they're shitty and known for MLM. If you're clever, go you ;)
Anyways, over the course of years they brought in a competent firm to implement their service layer. I'd even worked with them in the past and it was designed to handle a frankly ridiculous-scale load. After they got the 1.0 released, the manager was replaced with some absolutely talentless, chauvinist cuntrag from a phone company that is well known for having 99% indian devs and not being able to heard now. He of course brought in his number two, worked on making life miserable and running everyone on the team off; inside of a year the entire team was ex-said-phone-company.
Watching the decay of this product was a sheer joy. They cratered the database numerous times during peak-load periods, caused $20M in redis-cluster cost overrun, ended up submitting hundreds of erroneous and duplicate orders, and mailed almost $40K worth of product to a random guy in outer mongolia who is , we can only hope, now enjoying his new life as an instagram influencer. They even terminally broke the automatic metadata, and hired THIRTY PEOPLE to sit there and do nothing but edit swagger. And it was still both wrong and unusable.
Over the course of two years, I ended up rewriting large portions of their infra surrounding the centralized service cancer to do things like, "implement security," as well as cut memory usage and runtimes down by quite literally 100x in the worst cases.
It was during this time I discovered a rather critical flaw. This is the story of what, how and how can you fucking even be that stupid. The issue relates to users and their reports and their ability to order.
I first found this issue looking at some erroneous data for a low value order and went, "There's no fucking way, they're fucking stupid, but this is borderline criminal." It was easy to miss, but someone in a top down reporting chain had submitted an order for someone else in a different org. Shouldn't be possible, but here was that order staring me in the face.
So I set to work seeing if we'd pwned ourselves as an org. I spend a few hours poring over logs from the log service and dynatrace trying to recreate what happened. I first tested to see if I could get a user, not something that was usually done because auth identity was pervasive. I discover the users are INCREMENTAL int values they used for ids in the database when requesting from the API, so naturally I have a full list of users and their title and relative position, as well as reports and descendants in about 10 minutes.
I try the happy path of setting values for random, known payment methods and org structures similar to the impossible order, and submitting as a normal user, no dice. Several more tries and I'm confident this isn't the vector.
Exhausting that option, I look at the protocol for a type of order in the system that allowed higher level people to impersonate people below them and use their own payment info for descendant report orders. I see that all of the data for this transaction is stored in a cookie. Few tests later, I discover the UI has no forgery checks, hashing, etc, and just fucking trusts whatever is present in that cookie.
An hour of tweaking later, I'm impersonating a director as a bottom rung employee. Score. So I fill a cart with a bunch of test items and proceed to checkout. There, in all its glory are the director's payment options. I select one and am presented with:
"please reenter card number to validate."
Bupkiss. Dead end.
OR SO YOU WOULD THINK.
One unimportant detail I noticed during my log investigations that the shit slinging GUI monkeys who butchered the system didn't was, on a failed attempt to submit payment in the DB, the logs were filled with messages like:
"Failed to submit order for [userid] with credit card id [id], number [FULL CREDIT CARD NUMBER]"
One submit click later and the user's credit card number drops into lnav like a gatcha prize. I dutifully rerun the checkout and got an email send notification in the logs for successful transfer to fulfillment. Order placed. Some continued experimentation later and the truth is evident:
With an authenticated user or any privilege, you could place any order, as anyone, using anyon's payment methods and have it sent anywhere.
So naturally, I pack the crucifixion-worthy body of evidence up and walk it into the IT director's office. I show him the defect, and he turns sheet fucking white. He knows there's no recovering from it, and there's no way his shitstick service team can handle fixing it. Somewhere in his tiny little grinchly manager's heart he knew they'd caused it, and he was to blame for being a shit captain to the SS Failboat. He replies quietly, "You will never speak of this to anyone, fix this discretely." Straight up hitler's bunker meme rage.13 -
What an absolute fucking disaster of a day. Strap in, folks; it's time for a bumpy ride!
I got a whole hour of work done today. The first hour of my morning because I went to work a bit early. Then people started complaining about Jenkins jobs failing on that one Jenkins server our team has been wanting to decom for two years but management won't let us force people to move to new servers. It's a single server with over four thousand projects, some of which run massive data processing jobs that last DAYS. The server was originally set up by people who have since quit, of course, and left it behind for my team to adopt with zero documentation.
Anyway, the 500GB disk is 100% full. The memory (all 64GB of it) is fully consumed by stuck jobs. We can't track down large old files to delete because du chokes on the workspace folder with thousands of subfolders with no Ram to spare. We decide to basically take a hacksaw to it, deleting the workspace for every job not currently in progress. This of course fucked up some really poorly-designed pipelines that relied on workspaces persisting between jobs, so we had to deal with complaints about that as well.
So we get the Jenkins server up and running again just in time for AWS to have a major incident affecting EC2 instance provisioning in our primary region. People keep bugging me to fix it, I keep telling them that it's Amazon's problem to solve, they wait a few minutes and ask me to fix it again. Emails flying back and forth until that was done.
Lunch time already. But the fun isn't over yet!
I get back to my desk to find out that new hires or people who got new Mac laptops recently can't even install our toolchain, because management has started handing out M1 Macs without telling us and all our tools are compiled solely for x86_64. That took some troubleshooting to even figure out what the problem was because the only error people got from homebrew was that the formula was empty when it clearly wasn't.
After figuring out that problem (but not fully solving it yet), one team starts complaining to us about a Github problem because we manage the github org. Except it's not a github problem and I already knew this because they are a Problem Team that uses some technical authoring software with Git integration but they only have even the barest understanding of what Git actually does. Turns out it's a Git problem. An update for Git was pushed out recently that patches a big bad vulnerability and the way it was patched causes problems because they're using Git wrong (multiple users accessing the same local repo on a samba share). It's a huge vulnerability so my entire conversation with them went sort of like:
"Please don't."
"We have to."
"Fine, here's a workaround, this will allow arbitrary code execution by anyone with physical or virtual access to this computer that you have sitting in an unlocked office somewhere."
"How do I run a Git command I don't use Git."
So that dealt with, I start taking a look at our toolchain, trying to figure out if I can easily just cross-compile it to arm64 for the M1 macbooks or if it will be a more involved fix. And I find all kinds of horrendous shit left behind by the people who wrote the tools that, naturally, they left for us to adopt when they quit over a year ago. I'm talking entire functions in a tool used by hundreds of people that were put in as a joke, poorly documented functions I am still trying to puzzle out, and exactly zero comments in the code and abbreviated function names like "gars", "snh", and "jgajawwawstai".
While I'm looking into that, the person from our team who is responsible for incident communication finally gets the AWS EC2 provisioning issue reported to IT Operations, who sent out an alert to affected users that should have gone out hours earlier.
Meanwhile, according to the health dashboard in AWS, the issue had already been resolved three hours before the communication went out and the ticket remains open at this moment, as far as I know.5 -
Back in the day, I joined a little agency in Cape Town, small team small office with big projects, projects they weren’t really supposed to take on but hey when the owner of a tech business is not a tech person they do weird things.
A month had passed and it was all good, then came a project from Europe, Poland to be specific. The manager introduced me to the project, it was a big brand - a segment of Lego, built on Umbraco (they should change the name to slowbraco or uhmmm..braco somewhere there) the manager was like so this one is gonna be quite a challenge and I remember you said you are keen on that, I was like hell yeah bring it on (genuinely I got excited) now the challenge was not even about complexity of the problem or code or algorithms etc you get my point… the challenge was that the fucking site was in polish - face palm 1 - so I am like okay code is code, its just content, and I already speak/familiar with 13 human languages so I can’t fail here ill get around it somehow. So I spin up IIS, do the things and boom dev environment is ready for some kick ass McCoding. I start to run through the project to dig into the previous dev’s soul. I could not relate, I could not understand. I could not read, I could not, I could not. - face palm 2 - This dude straight up coded this project in polish variable names in polish, class names in polish, comments in freaking polish. Look, I have no beef with the initial guy, its his language so why not right? sure. But not hey this is my life and now I should learn polish, so screw it, new tab - google translate, new notes, I create a dictionary of variables and class etc 3 days go by and I am fucking polish bro. Come at me. I get to read the previous devs soul through his comments, what a cool dude, his code wasn’t shit either - huge relief. So I rock on and make the required changes and further functionality. The project manager is like really, you did it? I am like yeah dude, there it is. Then I realise I wasn’t the first on this, this dude done tried others and it didn’t go down well, they refused. - face palm 3 -
Anyway, now I am a rock star in the office, and to project managers this win means okay throw him in the deep - they move me to huge project that is already late of course and apparently since I am able to use google translate, I can now defeat time, let the travelling begin. - face palm 4 - I start on the project and they love me on it as they can see major progress however poland was knocking on the door again, they need a whole chunk of work done. I can’t leave the bigger project, so it was decided that the new guy on Monday will start his polish lessons - he has no idea, probably excited to start a new job, meanwhile a shit storm is being prepared for him.
Monday comes, hello x - meet the team, team meets x
Manager - please join our meeting.
I join the meeting, the manager tells me to assist the new dev to get set up.
Me: Sure, did you tell him about he site?
Manager: Yes, I told him you knocked it out the park and now we just need to keep going
Me: in my head (hmm… that’s not what I was asking but cool I guess he will see soon enough -internal face palm 5 - ) New dev is setup, he looks at the project, I am ask him if he is good after like an hour he is like yeah all good. But his face is pink so I figured, no brother man is not okay. But I let him be and give him space.
Lunch time comes, he heads out for lunch. 1hr 15mins later, project manager is like, is the new dude still at lunch.
We are all like yeah probably. 2hrs pass 3hrs pass Now we are like okay maybe something happened to him, hit by a car? Emergency? Something… So I am legit worried now, I ask the manager to maybe give him a ring. Manager tries to call. NOTHING, no response. nada.
Next day, 8am, 9am, 10am no sign of the dude. I go to the manager, ask him what’s up. Manager: he is okay. However he said he is not coming back.7 -
My school just tried to hinder my revision for finals now. They've denied me access just today of SSHing into my home computer. Vim & a filesystem is soo much better than pen and paper.
So I went up to the sysadmin about this. His response: "We're not allowing it any more". That's it - no reason. Now let's just hope that the sysadmin was dumb enough to only block port 22, not my IP address, so I can just pick another port to expose at home. To be honest, I was surprised that he even knew what SSH was. I mean, sure, they're hired as sysadmins, so they should probably know that stuff, but the sysadmins in my school are fucking brain dead.
For one, they used to block Google, and every other HTTPS site on their WiFi network because of an invalid certificate. Now it's even more difficult to access google as you need to know the proxy settings.
They switched over to forcing me to remote desktop to access my files at home, instead of the old, faster, better shared web folder (Windows server 2012 please help).
But the worst of it includes apparently having no password on their SQL server, STORING FUCKING PASSWORDS IN PLAIN TEXT allowing someone to hijack my session, and just leaving a file unprotected with a shit load of people's names, parents, and home addresses. That's some super sketchy illegal shit.
So if you sysadmins happen to be reading this on devRant, INSTEAD OF WASTING YOUR FUCKING TIME BLOCKING MORE WEBSITES THAN THEIR ARE LIVING HUMANS, HOW ABOUT TRY UPPING YOUR SECURITY, PASSWORDS LIKE "", "", and "gryph0n" ARE SHIT - MAKE IT BETTER SO US STUDENTS CAN ACTUALLY BROWSE MORE FREELY - I THINK I WANT TO PASS, NOT HAVE EVERY OTHER THING BLOCKED.
Thankfully I'm leaving this school in 3 weeks after my last exam. Sure, I could stay on with this "highly reputable" school, but I don't want to be fucking lied to about computer studies, I don't want to have to workaround your shitty methods of blocking. As far as I can tell, half of the reputation is from cheating. The students and sysadmins shouldn't have to have an arms race between circumventing restrictions and blocking those circumventions. Just make your shit work for once.
**On second thought, actually keep it like that. Most of the people I see in the school are c***s anyway - they deserve to have half of everything they try to do censored. I won't be around to care soon.**2 -
If nobody hates you, you're doing something wrong ~ House MD
Tl;Dr : I'm pissing the right people off and my God I like it
That's what I've known and have confirmed doing my current side project with my gf, we are working on a ratemyprofessors clone with extra spicy features, one in particular is so spicy some teachers will be put in a position in which they would rather grind hot peppers with their butt cheeks.
Don't get me wrong, there are good teachers (some of which actually showed support) but some are not good teachers and some aren't good people either; I've decided it's time to stop complaining and take action.
We recently released an alpha and I presented it to a teacher I had this semester (one of the "not so great" kind) as a DB proyect cuz fuck it I'm not doing 2 projects.
This teacher is your run of the mill "I'm lazy and I don't care" teacher and she ran the classroom like a shitty kindergarten, so much so, one of the teams was presenting a buggy admin site as their project and she started talking on the phone! Right up on their faces!!
My turn, I go up and handle her a 30 page printed thesis of my project and said that unlike my mates, I was going to start presenting the idea and then the actual software...why is it printed?, She said; Because I won't be projecting the PDF ma'am, I actually made a professional presentation and that way you can read more technical details while I give a broad overview...
I started talking about the huge issues students face and my research about it, undisciplined teachers, no class structure ~ abrupt interruption ~ "yeah I know like, you are giving so much statistics and numbahs but where is the database?"
I got pissed off because the whole purpose of printing and giving her the docs was for her to ask specific questions AT THE END! So I told her I was getting there and to ask questions at the end...I start showing off the system's sweetest features... everyone got quiet...a girl on the front row kept looking at the teacher and then back to the board with her eyes wide open, the teacher was visibly upset.
I asked someone to please help me by using the site being projected for everyone to see, he searched the teacher's name and it obviously popped up cuz I scrapped the whole teacher index site... some people gasp and others start murmuring.
She freaked and started arguing saying that frontend can't be just HTML and CSS, where did you mentioned x and y feature? admit it's just teacher evaluations! where did you get the teacher names? I want the scripts!....it went on even 10 minutes after class and the next class with a police like interrogation.
So yeah, something tells me I'm not getting an A, but I'm happy after all because that's the kind of reaction I want from those types of professors.
Worth it 😎
8 -
Ever heard of event-based programming? Nope? Well, here we are.
This is a software design pattern that revolves around controlling and defining state and behaviour. It has a temporal component (the code can rewind to a previous point in time), and is perfectly suited for writing state machines.
I think I could use some peer-review on this idea.
Here's the original spec for a full language: https://gist.github.com/voodooattac...
(which I found to be completely unnecessary, since I just implemented this pattern in plain TypeScript with no extra dependencies. See attached image for how TS code looks like).
The fact that it transcends language barriers if implemented as a library instead of a full language means less complexity in the face of adaptation.
Moving on, I was reviewing the idea again today when I discovered an amazing fact: because this is based on gene expression, and since DNA is recombinant, any state machine code built using this pattern is also recombinant[1]. Meaning you can mix and match condition bodies (as you would mix complete genes) in any program and it would exhibit the functionality you picked or added.
You can literally add behaviour from a program (for example, an NPC) to another by copying and pasting new code from a file to another. Assuming there aren't any conflicts in variable names between the two, and that the variables (for example `state.health` and `state.mood`) mean the same thing to both programs.
If you combine two unrelated programs (a server and a desktop application, for example) then assuming there are no variables clashing, your new program will work as a desktop application and as a server at the same time.
I plan to publish the TypeScript reference implementation/library to npm and GitHub once it has all basic functionality, along with an article describing this and how it all works.
I wish I had a good academic background now, because I think this is worthy of a spec/research paper. Unfortunately, I don't have any connections in academia. (If you're interested in writing a paper about this, please let me know)
Edit: here's the current preliminary code: https://gist.github.com/voodooattac...
***
[1] https://en.wikipedia.org/wiki/...29 -
Roommate: Filter it, would you please? (* Was talking about the tea*).
Me: Alright buddy, say no more. (*Names the signal that I was working on as "Tea".*)
(*Got the filtered output 😎*)
3 -
Ok friends let's try to compile Flownet2 with Torch. It's made by NVIDIA themselves so there won't be any problem at all with dependencies right?????? /s
Let's use Deep Learning AMI with a K80 on AWS, totally updated and ready to go super great always works with everything else.
> CUDA error
> CuDNN version mismatch
> CUDA versions overwrite
> Library paths not updated ever
> Torch 0.4.1 doesn't work so have to go back to Torch 0.4
> Flownet doesn't compile, get bunch of CUDA errors piece of shit code
> online forums have lots of questions and 0 answers
> Decide to skip straight to vid2vid
> More cuda errors
> Can't compile the fucking 2d kernel
> Through some act of God reinstalling cuda and CuDNN, manage to finally compile Flownet2
> Try running
> "Kernel image" error
> excusemewhatthefuck.jpg
> Try without a label map because fuck it the instructions and flags they gave are basically guaranteed not to work, it's fucking Nvidia amirite
> Enormous fucking CUDA error and Torch error, makes no sense, online no one agrees and 0 answers again
> Try again but this time on a clean machine
> Still no go
> Last resort, use the docker image they themselves provided of flownet
> Same fucking error
> While in the process of debugging, realize my training image set is also bound to have bad results because "directly concatenating" images together as they claim in the paper actually has horrible results, and the network doesn't accept 6 channel input no matter what, so the only way to get around this is to make 2 images (3 * 2 = 6 quick maths)
> Fix my training data, fuck Nvidia dude who gave me wrong info
> Try again
> Same fucking errors
> Doesn't give nay helpful information, just spits out a bunch of fucking memory addresses and long function names from the CUDA core
> Try reinstalling and then making a basic torch network, works perfectly fine
> FINALLY.png
> Setup vid2vid and flownet again
> SAME FUCKING ERROR
> Try to build the entire network in tensorflow
> CUDA error
> CuDNN version mismatch
> Doesn't work with TF
> HAVE TO FUCKING DOWNGEADE DRIVERS TOO
> TF doesn't support latest cuda because no one in the ML community can be bothered to support anything other than their own machine
> After setting up everything again, realize have no space left on 75gb machine
> Try torch again, hoping that the entire change will fix things
At this point I'll leave a space so you can try to guess what happened next before seeing the result.
Ready?
3
2
1
> SAME FUCKING ERROR
In conclusion, NVIDIA is a fucking piece of shit that can't make their own libraries compatible with themselves, and can't be fucked to write instructions that actually work.
If anyone has vid2vid working or has gotten around the kernel image error for AWS K80s please throw me a lifeline, in exchange you can have my soul or what little is left of it5 -
OMFG I don't even know where to start..
Probably should start with last week (as this is the first time I had to deal with this problem directly)..
Also please note that all packages, procedure/function names, tables etc have fictional names, so every similarity between this story and reality is just a coincidence!!
Here it goes..
Lat week we implemented a new feature for the customer on production, everything was working fine.. After a day or two, the customer notices the audit logs are not complete aka missing user_id or have the wrong user_id inserted.
Hm.. ok.. I check logs (disk + database).. WTF, parameters are being sent in as they should, meaning they are there, so no idea what is with the missing ids.
OK, logs look fine, but I notice user_id have some weird values (I already memorized most frequent users and their ids). So I go check what is happening in the code, as the procedures/functions are called ok.
Wow, boy was I surprised.. many many times..
In the code, we actually check for user in this apps db or in case of using SSO (which we were) in the main db schema..
The user gets returned & logged ok, but that is it. Used only for authentication. When sending stuff to the db to log, old user Id is used, meaning that ofc userid was missing or wrong.
Anyhow, I fix that crap, take care of some other audit logs, so that proper user id was sent in. Test locally, cool. Works. Update customer's test servers. Works. Cool..
I still notice something off.. even though I fixed the audit_dbtable_2, audit_dbtable_1 still doesn't show proper user ids.. This was last week. I left it as is, as I had more urgent tasks waiting for me..
Anyhow, now it came the time for this fuckup to be fixed. Ok, I think to myself I can do this with a bit more hacking, but it leaves the original database and all other apps as is, so they won't break.
I crate another pck for api alone copy the calls, add user_id as param and from that on, I call other standard functions like usual, just leave out the user_id I am now explicitly sending with every call.
Ok this might work.
I prepare package, add user_id param to the calls.. great, time to test this code and my knowledge..
I made changes for api to incude the current user id (+ log it in the disk logs + audit_dbtable_1), test it, and check db..
Disk logs fine, debugging fine (user_id has proper value) but audit_dbtable_1 still userid = 0.
WTF?! I go check the code, where I forgot to include user id.. noup, it's all there. OK, I go check the logging, maybe I fucked up some parameters on db level. Nope, user is there in the friggin description ON THE SAME FUCKING TABLE!!
Just not in the column user_id...
WTF..Ok, cig break to let me think..
I come back and check the original auditing procedure on the db.. It is usually used/called with null as the user id. OK, I have replaced those with actual user ids I sent in the procedures/functions. Recheck every call!! TWICE!! Great.. no fuckups. Let's test it again!
OFC nothing changes, value in the db is still 0. WTF?! HOW!?
So I open the auditing pck, to look the insides of that bloody procedure.. WHAT THE ACTUAL FUCK?!
Instead of logging the p_user_sth_sth that is sent to that procedure, it just inserts the variable declared in the main package..
WHAT THE ACTUAL FUCK?! Did the 'new guy' made changes to this because he couldn't figure out what is wrong?! Nope, not him. I asked the CEO if he knows anything.. Noup.. I checked all customers dbs (different customers).. ALL HAD THIS HARDOCED IN!!! FORM THE FREAKING YEAR 2016!!! O.o
Unfuckin believable.. How did this ever work?!
Looks like at the begining, someone tried to implement this, but gave up mid implementation.. Decided it is enough to log current user id into BLABLA variable on some pck..
Which might have been ok 10+ years ago, but not today, not when you use connection pooling.. FFS!!
So yeah, I found easter eggs from years ago.. Almost went crazy when trying to figure out where I fucked this up. It was such a plan, simple, straight-forward solution to auditing..
If only the original procedure was working as it should.. bloddy hell!!8 -
We have to use this tool in work for classifying new and existing projects for GDPR. Long story short you have to fill out a REALLY long questionnaire, then it gets reviewed by someone in legal. The tool will also assign you tasks and suggest actions to common issues (e.g. suggesting a banner to explain cookie policy if you tick a certain box).
I have spent about an hour trying to re-assign the assessment I started, as i'm due to leave the company in a few days, to the guy taking over from me.
1. There is a “generate shareable URL” button, with the ability to click a button that says “replace me with the logged in user who opens this”. All it does is duplicate the name and description fields and send a new copy to that person, with no access to any of my other content or answers.
2. I did find a re-assign button eventually, again all it does it create a duplicate, and throws and error saying names must be unique when I try to save it.
3. While I couldn’t find a way to do that, I did find another button to at least assign the reviewer. It told me i’m forbidden to change the reviewer on assessments i’ve created.
This is THE WORST piece of nonsensical shit on earth. The entire application is absolute garbage and sssssssooooooo slow.
When you first create an assessment it brings you to a page that has all the questions, makes sense right? Wrong. All the questions are in read-only mode, and they are simply there as a "this is what you can expect to see later on", telling you whether or not they will be freeform, multiple choice etc.
The way to actually answer the questions is to click the "start survey" button hidden in the "status" dropdown.
I don't have much advice to anyone around GDPR, but please stay the hell away from TrustArc. -
I miss old times rants...So i guess, here it goes mine:
Tomorrow is the day of the first demo to our client of a "forward-looking project" which is totally fucked up, because our "Technical Quality Assurance" - basically a developer from the '90-s, who gained the position by "he is a good guy from my last company where we worked together on sum old legacy project...".
He fucked up our marvellous, loose coupling, publish/subscribe microservice architecture, which was meant to replace an old, un-maintainable enormous monolitch app. Basically we have to replace some old-ass db stored functions.
Everyone was on our side, even the sysadmins were on our side, and he just walked in the conversation, and said: No, i don't like it, 'cause it's not clear how it would even work... Make it an RPC without loose coupling with the good-old common lib pattern, which made it now (it's the 4th 2 week/sprint, and it is a dependency hell). I could go on day and night about his "awesome ideas", and all the lovely e-mails and pull request comments... But back to business
So tomorrow is the demo. The client side project manager accidentally invited EVERYONE to this, even fucking CIO, legal department, all the designers... so yeah... pretty nice couple of swallowed company...
Today was a day, when my lead colleague just simply stayed home, to be more productive, our companys project manager had to work on other prjects, and can't help, and all the 3 other prject members were thinking it is important to interrupt me frequently...
I have to install our projects which is not even had a heart beat... not even on developer machines. Ok it is not a reeeeaaally big thing, but it is 6 MS from which 2 not even building because of tight coupling fucktard bitch..., But ok, i mean, i do my best, and make it work for the first time ever... I worked like 10 ours, just on the first fucking app to build, and deploy, run on the server, connect to db and rabbit mq... 10 FUCKING HOURS!!! (sorry, i mean) and it all was about 1, i mean ONE FUCKING LINE!
Let me explain: spring boot amqp with SSL was never tested before this time. I searched everything i could tought about, what could cause "Connection reset"... Yeah... not so helpful error message... I even have to "hack" into the demo server to test the keystore-truststore at localhost... and all the fucking configs, user names, urls, everything was correct... But one fucking line was missing...
EXCEPT ONE FUCKING LINE:
spring.rabbitmq.ssl.enabled=false # Whether to enable SSL support.
This little bitch took me 6 hours to figure out...so please guys, learn from my fault and check the spring boot appendix for default application properties, if everything is correct, but it is not working...
And of course, if you want SSL then ENABLE it...
spring.rabbitmq.ssl.enabled=true
BTW i really miss those old rants from angry devs, and i hope someone will smile on my fucking torture5 -
Keep this in mind: I don't like WordPress and PHP at all!!!
So a couple of days ago my boss asked me if I could extend a custom made WordPress plugin made by our intern. First thought: sure why not? Boss says: it has to be done in less than 100 hours of work (an estimate done by my boss and the intern). Me: I can't tell you that before I have seen the code and what functionality has to be in the extension. Boss: Cool, look it over this weekend and tell me if you want to do it or not.
I looked it through and my answer will probably be: NO WHERE IN HELL am I gonna are this in less that 100 hours! 1. no tests has been performed so I have absolutely no clue if his code works.
2. variable names are mostly: $string_query (whatever that means?), $result, $string_temp and so on.
3. Methods and functions are more than 250 lines long, with shitty formatting, and more comments than code. WTF?
4. The estimate has been made by an intern and my boss (doesn't know much about programming). I haven't been consulted about it....
5. No version control. No branches, no commits other than initial commit. Great.
6. Most comments in the code just tells me what I can read from the code. What it returns and what it takes as params. Can I please know wtf your method call named $booking->run () does? I still haven't found this method in the code after 1 hour of intensively looking for it...
FFS man... Not gonna do this, even though I thought it would have been an interesting project initially.
Sorry for the long rant... I just wish the intern would have consulted me about all this shit, since he obviously have bad practices. *sigh*6 -
honestly some online courses are bullshit. i joined one for some sample code, and no comments, no explanations, the variable names WEREN'T even descriptive.
this is from a website with a published book… how about you take some fucking responsibility for your code?
the language was c++ and they are still using printf! shake my fucking head. you have global variables that are one fucking letter! please, stop, get help.
…AND IT WASN'T EVEN ON GITHUB -
Pentesting for undisclosed company. Let's call them X as to not get us into trouble.
We are students and are doing our first pentest at an actual company instead of assignments at school. So we're very anxious. But today was a good day.
We found some servers with open ports so we checked a few of them out. I had a set of them with a bunch of open ports like ftp and... 8080. Time to check this out.
"please install flash player"... Security risk 1 found!
System seemed to be some monitoring system. Trying to log in using admin admin... Fucking works. Group loses it cause the company was being all high and mighty about being secure af. Other shit is pretty tight though.
Able to see logs, change password, add new superuser, do some searches for USERS_LOGGEDIN_TODAY! I shit you not, the system even had SUGGESTIONS for usernames to search for. One of which had something to do with sftp and auth keys. Unfortunatly every search gave a SQL syntax error. Used sniffing tools to maybe intercept message so we could do some queries of our own but nothing. Query is probably not issued from the local machine.
Tried to decompile the flash file but no luck. Only for some weird lines and a few function names I presume. But decompressing it and opening it in a text editor allowed me to see and search text. No GET or POST found. No SQL queries or name checks or anything we could think of.
That's all I could do for today. So we'll have to think of stuff for next week. We've already planned xss so maybe we can do that on this server as well.
We also found some older network printers with open telnet. Servers with a specific SQL variant with a potential exploit to execute terminal commands and some ftp and smb servers we need to check out next week.
Hella excited about this!
If you guys have any suggestions let us know. We are utter noobs when it comes to this.6 -
Best client I have ever experienced. Kappa
So, I got job to recreate one old website, because the old one was incredibly fucked up. She told us, it was made by someone retarded.
The code was fucked up even more than UI. It was definitely written by some kind of idiot. Diacritics, mixed languages, no OOP, no FW, just copy&paste. Yeah copy and paste for every page.
The DB was another level of shit. Inifine is not enough to describe it. Column names with whitespace, diacritics, uppercase, lowercase...pure hell. Yeah and I had to import it.
Whenthe new website was ready for testing I got an email from her that it was her who made the website... HER!! Fucking hell, no more of this please!1 -
Everyone in this team calls everything a team effort, but once I start offering my help, they be like "no, I can do it. I know more than you".
Hmm. yeah, but you (sysadmin) use jQuery and vanillajs mixed. For example: $('#hello') and document.getElementById('hello').
Also you put console.logs everywhere, I don't mind putting console.logs in development, but not in production.
Oh and he copies the libraries to every folder that needs it, so there are at least 12 jquery libs in this project and the version is not even the same. Lol.... Please slap me to death.
There is another networkadmin that calls himself a (python) developer. He doesn't agree with my simplicity.
His work (just an example, changed names but you get the idea)
"A notebook that is used by x-department"
Model: Notebook
endpoint: department-notebooks
Model: DepartmentConfigs
Endpoint: notebook-department-configs
You won't believe what he put in 'department'configs, it's literally hardware vendor, model, versions.
Like... really? What the hell you doing man?!
Just have these models for example: device, department, vendor, product, category
We do not only have notebooks, but also servers, routers, switches and more.
His argument of having configs in the name is that they do more complex things. Hmm, I don't see it in the code and the data is messed up:
Microsoft, microsoft, micro soft.
He fixed it by hardcoding it in a select box. Mickysoft isn't the only vendor, fuck you!
fuck this team, fuck these people
Another fucking rant, a story was assigned to me. But that stupid fake developer worked on it immediately and message me he fixed it already. I guess he won't let me touch his baby.
Everything is just piling up. This team and people aren't fun at all.3 -
In work we use TFS (no judgement please) but I love creating shelvesets with obtuse names like
"The Evil Is everywhere in here"
"Dragons within"
"I See the Devil in this Code"2 -
My surname is also a common firstname, so sometimes people mix them up and call me by my surname. I'm never offended and just answer by calling them by their surname too, so they understand... usually.
Today, the following e-mail exchange happened:
(Following are made-up names)
Me: Alexander William
Colleague 1: Kurt Richardson
Colleague 2: Amy Lopez
From: k.richardson@contoso.com <Kurt Richardson>
To: a.william@contoso.com <Alexander William>
Cc: a.lopez@contoso.com <Amy Lopez>
Hi,
Could I have an USB-C to HDMI adapter please ?
Thanks.
--------------------------------------------------------------------------
From: a.william@contoso.com <Alexander William>
To: k.richardson@contoso.com <Kurt Richardson>
Cc: a.lopez@contoso.com <Amy Lopez>
Hi Kurt,
I'm currently remote-working but if you are on premises tomorrow I could give one to you.
If you're not there tomorrow, I'll just drop it on Amy's desk so you can get it from her.
Regards,
Alexander William
--------------------------------------------------------------------------
From: k.richardson@contoso.com <Kurt Richardson>
To: a.william@contoso.com <Alexander William>
Cc: a.lopez@contoso.com <Amy Lopez>
Hi William,
I'm working on premises every thursday.
Regards.
--------------------------------------------------------------------------
From: a.william@contoso.com <Alexander William>
To: k.richardson@contoso.com <Kurt Richardson>
Cc: a.lopez@contoso.com <Amy Lopez>
No problem, Richardson. As I said I'll then drop it on Lopez' desk.
Regards,
Alexander William
--------------------------------------------------------------------------
From: k.richardson@contoso.com <Kurt Richardson>
To: a.william@contoso.com <Alexander William>
Cc: a.lopez@contoso.com <Amy Lopez>
Good evening William, [Editor's Note: this was received at 14:23]
Thanks.
Is he fucking dense or what?11 -
Who here works at Apple in the Finder group. OMG, would you please fix shit? Finder has been such a bag of insects for years.
1. windows don't right-size to any reasonable minimum in icon view when there is one row of icons
2. text color of files and folder names no longer adjust to accommodate background color changes. Setting the window background color USED TO result in white text of the files and folders displayed in that window. Now it is Black-On-Black oh so readable 🙄
3. stop re-locating 0,0 in the god damn folder icon view. Finder items in grid view cannot, by themselves, get disorganized off the grid.
4. Stop moving the god damn folder/disk window locations between open and close
5. stop resizing the god damn folder/disk windows between open and close.
6. stop destroying the contents of clipping files. I get so tired of losing data to mac-unix programmers who think they know what the f they are doing at the file level. Resource forks were rocket science you just could not understand and you have really rolled the clock back on macOS file system to Stone Age 1980s tech.11 -
Another part of messy network gone.
Caching fucked me hard....
Isn't it just lovely that nowadays you need to nearly wipe a machine to get it from claiming stale data....
And thanks to DNS, HAProxy -/ service names / ... I think I know now why the curse of babel is so powerful.
When you have to think for 2 mins to make sure you've set the zone's right, cause otherwise you need to ProxyJump with SSH through more tunnels than imaginable (VPN/HO) to fix possible caching on several DNS servers.... You'll realize that it's russian roulette with too much bullets. :(
And If a monitoring service asks another monitoring service for status information which asks the first monitoring service which then asks the second monitoring cause you were too late...
You'll get very funky monitoring statistics.
Too slow, had to nuke it (mismatched a DNS name, the second monitoring service should have been a service node).
I think I've had more near death scenarios in the last 2 weeks than I like.
Hopefully I'll never have to do that again.
(Splitting and reordering a few dozen VLANs, assigning proper DNS names, loadbalancer migration....)
Top Tags
Weekly Rant
View