How do I un-idiot my users when it comes to clicking on dodgy email-links??

Got a forwarded email just there from a user who said;

Good afternoon,
Is the below ok to open?
I just tried but got a popup saying I've been blocked from opening it.
I'm not sure who it is coming from and I am not waiting on anything but as it says its from dropbox and is important, i know it's okay.
Can you unblock the link ASAP please?
This is really impeding my work-day as I need to know what it is and act accordingly.
Regards... user.

The Original email came from a random jumble of letters with a subject line of 'important dropbox program' - not only does it look dodgy but its english is horrible! It said;

"Hi tu my freind,

You tu still read a pending verrry important document sent by one of your own contact to be vieweddd.

Install "Highly Confidential english.pdf" by clickinggg here

*insert link leading to something called 'viral-update-trojan.exe'*"

I mean, seriously... help!!! 😢
We have sent emails explaining how to hover over links and to not to click them if it looks wrong.
No one does it.
We hired a company to send fake phishing emails to train users in what to do.
It made no difference!
We now make people 'verify' their email addresses when opening any sort of link to try get them to actually look at what they're opening.
We also strip emails of original attachments and create 'safe' html copies as we can't trust them to look at what they're opening.
Everyone complains about it but Jesus Christ, this is why!!!

Its so exhausting!! What is wrong with people!!! Argh!!! 😤

My first rant here, don't know how to start, but fuck these self proclaimed senior developers who can't even get their concepts right about basic things and don't believe in reading docs.

Fuck you for asking if sequelize has a method to return details of the logged in user of your app, it's a fucking ORM you dumbfuck. You are a "full stack" developer for fuck's sake.

Fuck you for making those "minor changes" which breaks build and then blame it on any random plugin or lib used, or my commits.

Fuck you for expecting me to review your code on Sundays because you couldn't finish it on time.

I don't like java, at all, but even I get that without it we wouldn't be where we are right now and can't reach where we aspire to reach. But you can't keep chanting "Java is dead, Java is dead" every chance you get. No, it's NOT dead. Nor is going to, anytime soon.

And for god's sake, please stop choosing one library/plugin over another just on the basis of stars on repo, it's not the only (or valid) criteria. Look if you actually even need it. Think.

And please learn how to google first, and also stop using "the" before every the noun, the adjective and the verb. It's the fucking the annoying to read.

And yes, there are different linting presets out there, and just because a piece of code in a plugin/library/boilerplate is not following your specific, and may I say horrible standard, doesn't mean it's a "bad code". It's written by people who have created/worked-on these libraries as side projects on which your entire career is based upon.

And I haven't even talked about the code you write or your domain knowledge or the way you treat other people. So get off your high horse and behave like a developer, a real one.

I've had many, but this is one of my favorite "OK, I'm getting fired for this" moments.

A new team in charge of source control and development standards came up with a 20 page work-instruction document for the new TFS source control structure.
The source control kingpin came from semi-large military contract company where taking a piss was probably outlined somewhere.

Maybe twice, I merged down from a release branch when I should have merged down from a dev branch, which "messed up" the flow of code that one team was working on.
Each time I was 'coached' and reminded on page 13, paragraph 5, sub-section C ... "When merging down from release, you must verify no other teams are working
on branches...blah blah blah..and if they have pending changes, use a shelfset and document the changes using Document A234-B..."

A fellow dev overheard the kingpin and the department manager in the breakroom saying if I messed up TFS one more time, I was gone.

Wasn't two days later I needed to merge up some new files to Main, and 'something' happened in TFS and a couple of files didn't get merged up. No errors, nothing.
Another team was waiting on me, so I simply added the files directly into Main. Unknown to me, the kingpin had a specific alert in TFS to notify him when someone added
files directly into Main, and I get a visit.

KP: "Did you add a couple of files directly into Main?"
Me:"Yes, I don't what happened, but the files never made it from my branch, to dev, to the review shelfset, and then to Main. I never got an error, but since
they were new files and adding a new feature, they never broke a build. Adding the files directly allowed the Web team to finish their project and deploy the
site this morning."
KP: "That is in direct violation of the standard. Didn't you read the documentation?"
Me: "Uh...well...um..yes, but that is an oddly specific case. I didn't think I hurt any.."
KP: "Ha ha...hurt? That's why we have standards. The document clearly states on page 18, paragraph 9, no files may ever be created in Main."
Me: "Really? I don't remember reading that."
<I navigate to the document, page 18, paragraph 9>
Me: "Um...no, it doesn't say that. The document only talks about merging process from a lower branch to Main."
KP: "Exactly. It is forbidden to create files directly in Main."
Me: "No, doesn't say that anywhere."
KP: "That is the spirit of the document. You violated the spirit of what we're trying to accomplish here."
Me: "You gotta be fracking kidding me."

KP grumbles something, goes back to his desk. Maybe a minute later he leaves the IS office, and the department manager leaves his office.

It was after 5:00PM, they never came back, so I headed home worried if I had a job in the morning.

I decided to come in a little early to snoop around, I knew where HR kept their terminated employee documents, and my badge wouldn't let me in the building.

Oh crap.

It was a shift change, so was able to walk in with the warehouse workers in another part of the building (many knew me, so nothing seemed that odd), and to my desk.

I tried to log into my computer...account locked. Oh crap..this was it. I'm done. I fill my computer backpack with as much personal items as I could, and started down the hallway when I meet one of our FS accountants.

L: "Hey, did your card let you in the building this morning? Mine didn't work. I had to walk around to the warehouse entrance and my computer account is locked. None of us can get into the system."

*whew!* is an understatement. Found out later the user account server crashed, which locked out everybody.

Never found out what kingpin and the dev manager left to talk about, but I at least still had a job.

Every step of this project has added another six hurdles. I thought it would be easy, and estimated it at two days to give myself a day off. But instead it's ridiculous. I'm also feeling burned out, depressed (work stress, etc.), and exhausted since I'm taking care of a 3 week old. It has not been fun. :<

I've been trying to get the Google Sheets API working (in Ruby). It's for a shared sales/tracking spreadsheet between two companies.

The documentation for it is almost entirely for Python and Java. The Ruby "quickstart" sample code works, but it's only for 3-legged auth (meaning user auth), but I need it for 2-legged auth (server auth with non-expiring credentials). Took awhile to figure out that variant even existed.

After a bit of digging, I discovered I needed to create a service account. This isn't the most straightforward thing, and setting it up honestly reminds me of setting up AWS, just with less risk of suddenly and surprisingly becoming a broke hobo by selecting confusing option #27 instead of #88.

I set up a new google project, tied it to my company's account (I think?), and then set up a service account for it, with probably the right permissions.

After downloading its creds, figuring out how to actually use them took another few hours. Did I mention there's no Ruby documentation for this? There's plenty of Python and Java example code, but since they use very different implementations, it's almost pointless to read them. At best they give me a vague idea of what my next step might be.

I ended up reading through the code of google's auth gem instead because I couldn't find anything useful online. Maybe it's actually there and the past several days have been one of those weeks where nothing ever works? idk :/

But anyway. I read through their code, and while it's actually not awful, it has some odd organization and a few very peculiar param names. Figuring out what data to pass, and how said data gets used requires some file-hopping. e.g. `json_data_io` wants a file handle, not the data itself. This is going to cause me headaches later since the data will be in the database, not the filesystem. I guess I can write a monkeypatch? or fork their gem? :/

But I digress. I finally manged to set everything up, fix the bugs with my code, and I'm ready to see what `service.create_spreadsheet()` returns. (now that it has positively valid and correctly-implemented authentication! Finally! Woo!)

I open the console... set up the auth... and give it a try.

... six seconds pass ...

... another two seconds pass ...

... annnd I get a lovely "unauthorized" response.

asjdlkagjdsk.

> Pic related.

Buckle up kids, this one gets saucy.

At work, we have a stress test machine that trests tensile, puncture and breaking strength for different materials used (wood construction). It had a controller software update that was supposed to be installed. I was called into the office because the folks there were unable to install it, they told me the executable just crashed, and wanted me to take a look as I am the most tech-savvy person there.

I go to the computer and open up the firmware download folder. I see a couple folders, some random VBScript file, and Installation.txt. I open the TXT, and find the first round of bullshit.

"Do not run the installer executable directly as it will not work. Run install.vbs instead."

Now, excuse me for a moment, but what kind of dick-cheese-sniffing cockmonger has end users run VBScript files to install something in 2018?! Shame I didn't think of opening it up and examining it for myself to find out what that piece of boiled dogshit did.

I suspend my cringe and run it, and lo and behold, it installs. I open the program and am faced with entering a license key. I'm given the key by the folks at the office, but quickly conclude no ways of entering it work. I reboot the program and there is an autofilled key I didn't notice previously. Whatever, I think, and hit OK.

The program starts fine, and I try with the login they had previously used. Now it doesn't work for some reason. I try it several times to no avail. Then I check the network inspector and notice that when I hit login, no network activity happens in the program, so I conclude the check must be local against some database.

I browse to the program installation directory for clues. Then I see a folder called "Databases".

"This can't be this easy", I think to myself, expecting to find some kind of JSON or something inside that I can crawl for clues. I open the folder and find something much worse. Oh, so much worse.

I find <SOFTWARE NAME>.accdb in the folder. At this point cold sweat is already running down my back at the sheer thought of using Microsoft Access for any program, but curiosity takes over and I open it anyway.

I find the database for the entire program inside. I also notice at this point that I have read/write access to the database, another thing that sent my alarm bells ringing like St. Pauls cathedral. Then I notice a table called "tUser" in the left panel.

Fearing the worst, I click over and find... And you knew it was coming...

Usernames and passwords in plain text.

Not only that, they're all in the format "admin - admin", "user - user", "tester - tester".

I suspend my will to die, login to the program and re-add the account they used previously. I leave the office and inform the peeps that the program works as intended again.

I wish I was making this shit up, but I really am not. What is the fucking point of having a login system at all when your users can just open the database with a program that nowadays comes bundled with every Windows install and easily read the logins? It's not even like the data structure is confusing like minified JSON or something, it's literally a spreadsheet in a program that a trained monkey could read.

God bless them and Satan condemn the developers of this fuckawful program.

This rant means YOU if you are one of those people that "fix" their family's computers.

I was visiting my family over the holidays and while I managed to stay away from fixing their computers for the most time, I offered to help my grandfather to update the Garmin navigation device he wanted to gift my father. (They do not use smartphones for navigation, and my father doesn't want "these modern shitty phones".)

When booting up my grandfather's laptop, I realized something odd: Linux Mint boot screen. Wut?

And immediately I said: "It could be impossible to update your navigation device on this laptop."

As true enough, the Garmin Express update software requires either a Windows PC or a Mac; and even though I vaguely hoped it might be possible to upgrade through Linux, I just could not be bothered to find out that day.

What I wondered though is why did my grandfather of all people ran Linux!?

Don't get me wrong, I use Linux myself on my work machine and I never want to work with something else when coding; yet my grandfather is an end user of the show-me-where-and-what-and-how-often-to-click-kind.

What could he gain by it?

As it turns out, the computer nerd's friend of my uncle managed his PC. And my uncle and he decided unanimously my grandfather should better run Linux. Is it something my grandfather needs? No. BUT IT'S RIGHT! Suck it up! (My father's laptop therefore also runs Linux Mint. So he can't upgrade his new device either.)

This is the ugly kind of entitled nerd-dom I truly detest.

When discussing things further, my grandfather told me that he had problems ever since with his printer. Under Windows, he knew how to print on the special photo paper. Under Linux, all he can barely manage is to print on normal papers. Shame, printing photos was the only thing he liked doing on that device. What did my uncle's friend tell him?

"Get a decent printer!"

Fuck that guy.

It's fine if Linux works for you, but before you install it on a PC of a relative, you better make sure it fits their needs! If you have that odd member that only wants to write letters, read emails, use facebook, and wants to play that browser game, feel free to introduce them to Linux.

Yet if they have any special wish, don't stand in their way.

If they want to do something that requires a certain OS, don't just decide for them that their desire is wrong, but help them achieve their goal. If you can't align that with your ideology, then get the fuck out of my way and stop "helping".

For some people, a computer is a device to achieve a certain goal, a work. They only get hindered by your ill-advised attempts at virtue signalling.

One step through the door my wife whips around, a look so disgusted she barely seems human. "What's that smell?" she cries. "It's you! You smell like...like bad code!"

Indeed, I am covered with the scent of the forbidden love child of a man who read half a chapter on if-then statements and then pushed out into the world, earthworm-like, a mangled misshapened gelatinous mass that my employer gave the title of line-of-business application purely out of pity.

For more days than I'd like to count I have been porting a ColdFusion 5 application to .NET. Initially written in 2000 and last touched in 2006, it has a data architecture comparable to Dresden after the second world war. It features a table solely comprised of seven columns of IDs so that joins can be made between other tables lacking a common key. Columns that should be contained within a single table spread out among multiple tables. Single columns containing data that should be multiple columns (with handy flags to separate the subsets). A view with 14 joins that playfully displays unintended results. And so much more spread out over almost 200 stored procedures, views, triggers, and tables on the SQL server, and dozens of additional ADO-like SQL statements within the ColdFusion itself. Fortunately, the application overcomes these issues by having absolutely no data validation while allowing nulls pretty much everywhere.

When I am done this will be a very nice ASP.NET MVC app with at least 150 less stored procs, views, and tables. Auto-generated duplicate entries will be a thing of the past. Pop-up windows that inexplicably refresh the underlying screen to display a different part of the program than the one the user wants will be eliminated. And a UI based on the colors of a Rubik's Cube with usability that Mr. Rubik would find challenging will disappear with only the trauma of using it left behind.

Sadly, this is not my worse legacy code experience. Just the most recent. Just the most recent stench added to a lifetime of bathing in code rot.

I built a feature. I asked questions for days. Nobody helped. I built it anyway, and while I'm not sure it's quite right, it works.

During a code review, I asked for clarification on who the fuck it's for. Simple fucking question. Didn't get an answer. I did get the same crap response twice, though. It's great because it both doesn't answer my question and makes things worse.

Let's refer to this as "branding." Here we go!

------

Root: "Should this be changed to blue? I'm not sure who the end-user is."

TC: "should be purple, then call it something more convenient" (...what?)

Root: "Better phrasing: if we use the feature, it should match our colors and be blue. If customers use it, it should match their colors and be red. It shouldn't be both. I looked through everything again, and i'm convinced that it's only for us, so it should be blue so it matches everything."

TC: "this should be purple, and then call it something [sic] red" (...what!? also: lolcopypaste)

------

But like, that's wrong in every single way. It's internal, not external. Doing both makes it confusing. Doing both and calling it external is fucking stupid. Did she even read the PR? or any of my questions? ugh.

I swear, it's like arguing with a boulder and expecting it to listen. An ugly, oversized boulder that comically resembles Jabba the Hutt. No joke.

Whatever, it can be purple. Later, if someone complains that it's confusing, I'll just link them to the damned PR. Then again, almost everything here is confusing AF, so I doubt anyone will actually notice.

Screw this place. So glad I'm on my way out.

I'm fixing a security exploit, and it's a goddamn mountain of fuckups.

First, some idiot (read: the legendary dev himself) decided to use a gem to do some basic fucking searching instead of writing a simple fucking query.

Second, security ... didn't just drop the ball, they shit on it and flushed it down the toilet. The gem in question allows users to search by FUCKING EVERYTHING on EVERY FUCKING TABLE IN THE DB using really nice tools, actually, that let you do fancy things like traverse all the internal associations to find the users table, then list all users whose password reset hashes begin with "a" then "ab" then "abc" ... Want to steal an account? Hell, want to automate stealing all accounts? Only takes a few hundred requests apiece! Oooh, there's CC data, too, and its encryption keys!

Third, the gem does actually allow whitelisting associations, methods, etc. but ... well, the documentation actually recommends against it for whatever fucking reason, and that whitelisting is about as fine-grained as a club. You wanna restrict it to accessing the "name" column, but it needs to access both the "site" and "user" tables? Cool, users can now access site.name AND user.name... which is PII and totally leads to hefty fines. Thanks!

Fourth. If the gem can't access something thanks to the whitelist, it doesn't catch the exception and give you a useful error message or anything, no way. It just throws NoMethodErrors because fuck you. Good luck figuring out what they mean, especially if you have no idea you're even using the fucking thing.

Fifth. Thanks to the follower mentality prevalent in this hellhole, this shit is now used in a lot of places (and all indirectly!) so there's no searching for uses. Once I banhammer everything... well, loads of shit is going to break, and I won't have a fucking clue where because very few of these brainless sheep write decent test coverage (or even fucking write view tests), so I'll be doing tons of manual fucking testing. Oh, and I only have a week to finish everything, because fucking of course.

So, in summary. The stupid and lazy (and legendary!) dev fucked up. The stupid gem's author fucked up, and kept fucking up. The stupid devs followed the first fuckup's lead and repeated his fuck up, and fucked up on their own some more. It's fuckups all the fucking way down.

User gives me a Mac to work on, States that it “only needs Microsoft office Mac installed”

Okay.

Boot up the laptop....

**Mac OS X utilities**

Hmmm, odd. Reboot.

**Mac OS X utilities**

You’ve got to be shitting me. Call user —
Her - “NO! It was working when I gave it to you, you fix it. I’m not paying to get my laptop returned broken. It was working when I gave it to you!”

Me - “I’m sorry, but it wasn’t. I literally turned it on and this is what it stated * read her the message*

Her - “I don’t believe you, you did something to my computer.”

YOU FUCK! THE FUCK I DID! YOU LITERALLY JUST HANDED ME THE GOD DAMN THING! Can I PLEASE curb stomp this bitch, please....

Let me explain a tiny corner of some awful code I read earlier today, in layman’s terms.

It’s a method to see if the user is in a secure session — not to set up the session, just to see if it exists. The method ends with a question mark, so it’s basically a question. It should look up the info (without changing anything) and should always give a clear yes/no answer. Makes sense, right?

Let’s say the question is “am I in school right now?”

The code… well.

If there isn’t a student, the answer it gives is null, not yes or no. Null is a fancy word for no, pretty much, so that’s kinda fine, but it really should be a simple no.

It then checks to see if the school is open today. If it is open, it then checks to see if I made my lunch, if I took my backpack, and if I rode the bus — and makes these things happen if they didn’t. Forgot my backpack? Just ask “am I in school today?” And poof! There’s my backpack! … but only if the school is open.

It then, finally, checks to see if I’m actually in the school, and gives that answer.

It could just see if I’m in the school — I mean, I could be in school without a backpack, or walked there on the weekend, right? Ha! You and your silly logic have no place here.

So, by asking if the user is in a secure session, we change the answer: they weren’t before, but the act of asking makes it so. This isn’t profound or anything: I don’t work with Schrödinger. My coworkers are just idiots.

And no, the rest of the code isn’t any better…

As much as I love opensource I hate really hate some of its actvie community members (read this as "freetards" <-- see urbandictonary). As a .Net + web devloper with minimal C experience (I just started learning it) and literally no Python experience its not really easy to contribute for me to many (most) opensource software for linux. I am using some <unnamed software> and I found a <critical bug>, it was easy to reproduce and I wrote for list of possible solutions, found it in a code and linked and basically wrote a docummentation longer than any other I ever wrote for every single project I did ever, combined. This <software> was critical for my server and since owner of github repo and few other people there were really active, I hoped that this bug with pretty good documentation will be solved fast, I went to my bed with a heroic feeling of an open source community contributor that helped saving world. I was horribly wrong. Tomorrow, I got 3 passively agressive responses from owner and other 2 freetards that summed up said <other1>:"oh thats nice, fix i yourself and commit it", <other2>:"have a sex with yourself" in a nice way, and <owner>: "fix my softwate and create mrege request". After replying that I have no experience my Python skills are not on a level requied for such an action, he messaged me on twitter I have linked to my GitHub profile saying even less nicely that I am a "retarded c*nt" and that I should learn Python and fix it myself. This makes me stay with my Windows based Server for some time now, fuck this. I googled his github nickname and guess what. Our main freetard is admin on an <unnamed linux forum> and mebmber of many other "computer help" with literally half of his posts just slightly toxic posts about how everyone should use linux and how supreme it is ober anything other, the other hals was crying why linux has only 1% of market share. Oh boi I am not sure why but ITS MAYBE BECAUSE OF FREETARDS LIKE YOU.
And the funnies thing is, hes not only freetard, he is just fullstack retard. One of his posts is "helping" to some <noob windows user> installing Linux. tl:dr for this las part: Freetard basically wiped all data of that <noob>.

PS: Bless everyone who do not respond "oh nice, now you can do it yourself"

Fuck Apple and its review system

So, this started in december. We wanted to publsih an app, after years of development.

Submit to review, and passes on the first try. Well, what do you know. We are on manual release option, so we can release together with the android counterpart. Well yes, but someone notices that the app name is not what was aggreed (App Name instead of AppName). Okay, should be easy, submit the same app, just the name changed. If it passed once, it will pass again, right? HAH

Rejected, because the description, why we use the device’s camera is too general. Well... its the purpose of the app... but whatever, i read the guidelines, okay, its actually documented with exapmles. BUT THEN WHY THE FUCK COULDNT YOU SAY THAT ON THE FIRST UPLOAD?

Whatever, fix it, new version, accepted, ready to release just in time.

It doesindeed roll out,but of course, we notice that the app has a giant issue, but only on specific phones. None of our test phones had this problem, but those who have, essentially cannot use our program. Nasty as it is, the fix is really easy, done in 5 minutes. Upload it asap, literally nothing changed from user point of view, except now it doesnt crash on said devices. Meanwhile 1 star reviews are arriving from these users - of course with all the right. Apple should allow this patch quickly, right? HAH

THE REAL BULLSHIT COMES NOW

With only config files changed, the same binary uploaded we get rejected? What now? Lets read it. “Metadata rejected, no need to upload new binary”.... oh fine only the store page is wrong? Easy. Read the message, what went wrong. “Referencing third party content is nit permitted on the app store” meaning that no android test device should be shown. Fine, your rules. They even send a picutre of the offending element. BUT ITS NOT EVEN ON THE STORE. THATS A SCREENSHOT OF THE APP. HOW IS THAT METADATA? I ask about this, and i get a reply, from either a bot, or a person who cant speak or read english, and only pasted a sample answer, repeating the previous message. WTF. Fine, i guess you are dumb, but since they stop replying to our queries, do the only sensible thing, re-record the offending tutorial video that actually contained an android device. This is about 2 weeks, after the first try to apply a simple patch to a broken app. And still, how did it pass the review 2 times?

Whatever, reupload again, play the waiting game for a week, when the promised average wait time is 2 days, they hit us with a message, that they want to know what patent we use in our apps core functionality. WTF WHY NOW? It didnt bother you for a month, let it release ti production and now you delay a simple patch for this? We send them what they know. Aaaaand they reply: sorry we need more time to review your app. FUUUUUUCKKK YOUUU. You are reviewing a PATCH with close to zero functional change!!! Then, this shit goes on, every week we ask about an ETA, always asking for patience... at the end it took another 3 weeks... so december 15 to jan 21 in total...

FOR. A. SINGLE. FUCKING. PATCH

Bottom line is what is infurating, apple cares that there is an android device in the tutorial video, but they dont care that a significant percentage of our users simply cannot use the app.

Im done

We have to use this tool in work for classifying new and existing projects for GDPR. Long story short you have to fill out a REALLY long questionnaire, then it gets reviewed by someone in legal. The tool will also assign you tasks and suggest actions to common issues (e.g. suggesting a banner to explain cookie policy if you tick a certain box).

I have spent about an hour trying to re-assign the assessment I started, as i'm due to leave the company in a few days, to the guy taking over from me.

1. There is a “generate shareable URL” button, with the ability to click a button that says “replace me with the logged in user who opens this”. All it does is duplicate the name and description fields and send a new copy to that person, with no access to any of my other content or answers.

2. I did find a re-assign button eventually, again all it does it create a duplicate, and throws and error saying names must be unique when I try to save it.

3. While I couldn’t find a way to do that, I did find another button to at least assign the reviewer. It told me i’m forbidden to change the reviewer on assessments i’ve created.

This is THE WORST piece of nonsensical shit on earth. The entire application is absolute garbage and sssssssooooooo slow.

When you first create an assessment it brings you to a page that has all the questions, makes sense right? Wrong. All the questions are in read-only mode, and they are simply there as a "this is what you can expect to see later on", telling you whether or not they will be freeform, multiple choice etc.

The way to actually answer the questions is to click the "start survey" button hidden in the "status" dropdown.

I don't have much advice to anyone around GDPR, but please stay the hell away from TrustArc.

tl;dr:
The Debian 10 live disc and installer say: Heavens me, just look at the time! I’m late for my <segmentation fault

—————

tl:
The Debian 10 live cd and its new “calamares” installer are both complete crap. I’ve never had any issues with installing Debian prior to this, save with getting WiFi to work (as expected). But this version? Ugh. Here are the things I’ve run into:

Unknown root password; easy enough to get around as there is no user password; still annoying after the 10th time.

Also, the login screen doesn’t work off-disc because it won’t accept a blank password, so don’t idle or you’ll get locked out.

The lock screen is overzealous and hard-locks the computer after awhile; not even the magic kernel keys work!

The live disc doesn’t have many standard utilities, or a graphical partition editor. Thankfully I’m comfortable with fdisk.

The graphical installer (calamares) randomly segfaults, even from innocuous things like clicking [change partition] when you don’t have a partition selected. Derp.

It also randomly segfaults while writing partitions to disk — usually on the second partition.

It strangely seems less likely to segfault if the partitions are already there, even if it needs to “reformat” (recreate) them.

It also defaults to using MBR instead of GPT for the partition table, despite the tooltip telling you that MBR is deprecated and limited, and that GPT is recommended for new systems. You cannot change this without doing the partitions manually.

If you do the partitions manually and it can’t figure out where to install things, it just crashes. This is great because you can’t tell it where to install things, and specifying mount points like /boot, /, and /home don’t seem to be enough.

It also tries installing 32bit grub instead of 64bit, causing the grub installer to fail.

If you tell it to install grub on /boot, it complains when that partition isn’t encrypted — fair — but if you tell it to encrypt /boot like it wants you to, it then tries installing grub on the encrypted partition it just created, apparently without decrypting it, so that obviously fails — specific error: cannot read file system.

On the rare chance that everything else goes correctly, the install process can still segfault.

The log does include entries for errors, but doesn’t include an error message. Literally: “ERROR: Installation failed:” and the log ends. Helpful!

If the installer doesn’t segfault and the install process manages to complete, the resulting install might not even boot, even when installed without any drive encryption. Why? My guess is it never bothered to install Grub, or put it in the wrong place, or didn’t mark it as bootable, or who knows what.

Even when using the live disc that includes non-free firmware (including Ath9k) it still cannot detect my wlan card (that uses Ath9k).

I’ve attempted to install thirty plus times now, and only managed to get a working install once — where I neglected to include the Ath9k firmware.

I’m now trying the cli-only installer option instead of the live session; it seems to behave at least. I’m just terrified that the resulting install will be just as unstable as the live session.

All of this to copy the contents of my encrypted disks over so I can use them on a different system. =/

I haven’t decided which I’m going with next, but likely Arch, Void, or Gentoo. I’d go with Qubes if I had more time to experiment.

But in all seriousness, the Debian devs need some serious help. I would be embarrassed if I released this quality of hot garbage.

(This same system ran both Debian 8 and 9 flawlessly for years)

I haven't really known what to post. But I've decided not to care about being relevant or care about the like count. I'm a very competitive person so things like like count tend to effect the way I see the quality of a post.

I want devRant to be a place where I can be honest and feel safe even if I don't get the validation I sometimes wish I had. And hey maybe someone will think my opinions or thoughts are interesting.

So let's start with a little about me. I'm a 17 year old kid that loves programming. I work full time as a full stack web developer and I'm really the only web person. The current system is built on WordPress because of fucking course it is. I don't like it but I gotta keep it user friendly for less techy people to manage. No one likes have all minor changes and tweaks having to go through one person when they could do it themselves. So I manage.

I'd say my passion is more backend development but I do love having a pretty UI to display the results.

I've struggled with mental health the past few years but I'm doing much better. Even just last week I had an anxiety attack during a social event. I came here for the community and I do enjoy it, but I'm gonna try to make it an outlet. My best friend went off to university and I don't really have any IRL friends I can just be me around.

I don't have anything special to say. But if you read this thank you for listening to some random kid on the internet. I hope you have a great day.

I think I made someone angry, then sad, then depressed.

I usually shrink a VM before archiving them, to have a backup snapshot as a template. So Workflow: prepare, test, shrink, backup -> template, document.

Shrinking means... Resetting root user to /etc/skel, deleting history, deleting caches, deleting logs, zeroing out free HD space, shutdown.

Coworker wanted to do prep a VM for docker (stuff he's experienced with, not me) so we can mass rollout the template for migration after I converted his steps into ansible or the template.

I gave him SSH access, explained the usual stuff and explained in detail the shrinking part (which is a script that must be explicitly called and has a confirmation dialog).

Weeeeellll. Then I had a lil meeting, then the postman came, then someone called.

I had... Around 30 private messages afterwards...

- it took him ~ 15 minutes to figure out that the APT cache was removed, so searching won't work
- setting up APT lists by copy pasta is hard as root when sudo is missing....
- seems like he only uses aliases, as root is a default skel, there were no aliases he has in his "private home"
- Well... VIM was missing, as I hate VIM (personal preferences xD)... Which made him cry.
- He somehow achieved to get docker working as "it should" (read: working like he expects it, but that's not my beer).

While reading all this -sometimes very whiney- crap, I went to the fridge and got a beer.

The last part was golden.

He explicitly called the shrink script.
And guess what, after a reboot... History was gone.

And the last message said:

Why did the script delete the history? How should I write the documentation? I dunno what I did!

*sigh* I expected the worse, got the worse and a good laugh in the end.

Guess I'll be babysitting tomorrow someone who's clearly unable to think for himself and / or listen....

Yay... 4h plus phone calls. *cries internally*

I just have to rant...

7 months ago, I was still a pretty new iOS developer, but finally coming into my own. My boss gave me my first feature ever... a fully custom backend tweaker for our development builds, complete with text fields that devs and testers alike could fill in themselves for whatever they needed to test. I worked harder on that than I’ve ever worked on anything... and I got to make all the decisions on how it looked, behaved, what exactly the user saw/read... everything.

A month ago the most senior dev on my team was asked to update the tool to prepare for a backend migration to a new server. He was then hired to work for Apple, hurried to finish this task, and left forever. (He deserves it, we probably were slowing him down realistically. But that doesn’t forgive the following...)

Unfortunately, he thought it’d be a good idea to remove my entire custom backend tool in the process. Not sure why— maybe he thought it was legacy code or something. He must not have tested either, because the entire backend selector stopped working after that. But that was no problem— I could fix the pre-filled environment buttons just by updating a few values.

It’s the fact that he removed 100+ lines of my custom code from 3 separate classes (including entirely removing one of those classes), for no known reason, and now I have to completely rebuild the feature. Since it was entirely custom, it required no change for our migration in the first place. But he rewrote how the entire view works by writing an entirely new VC, so there is no chance I can just restore my work as it was written.

And in the shared class, he erased every line with the word “custom.” So, so many lines of hard work, now irrelevant and only visible in old defunct versions. And my boss has asked me to “just make it look how it did before the migration.”

I know it’s useless to be angry at a guy who’s long gone, but damn. I am having a real hard time convincing myself to redo all this work. He removed every trace, and all I can think is WHY DID YOU DO THAT YOU FUCKING MONSTER? IT WAS MY GREATEST WORK, AND NOBODY ASKED YOU TO DESTROY IT. THIS WAS NOT EVEN RELATED TO THE TASK YOU WERE GIVEN, AND NOW A SIMPLE TICKET TO RESTRUCTURE A TOOL HAS BECOME A MANDATE TO REBUILD IT FROM SCRATCH.

Thank you for being here, devRant. I would’ve gotten myself into deep trouble long ago if I didn’t have this safe place to blow off steam 🙏

In today's episode of kidding on SystemD, we have a surprise guest star appearance - Apache Foundation HTTPD server, or as we in the Debian ecosystem call it, the Apache webserver!

So, imagine a situation like this - Its friday afternoon, you have just migrated a bunch of web domains under a new, up to date, system. Everything works just fine, until... You try to generate SSL certificates from Lets Encrypt.

Such a mundane task, done more than a thousand times already... Yet... No matter what you do, nothing works. Apache just returns a HTTP status code 403 - Forbidden.

Of course, what many folk would think of first when it came to a 403 error is - Ooooh, a permission issue somewhere in the directory structure!

So you check it... And re-check it to make sure... And even switch over to the user the webserver runs under, yet... You can access the challenge just fine, what the hell!

So you go deeper... And enable the most verbose level of logging apache is capable of - Trace8. That tells you... Not a whole lot more... Apparently, the webserver was unable to find file specified? But... Its right there, you can see it!

So you go another step deeper and start tracing the process' system calls to see exactly where it calls stat/lstat on the file, and you see that it... Calls lstat and... It... Returns -1? What the hell#2!

So, you compile a custom binary that calls lstat on the first argument given and prints out everything it returns... And... It works fine!

Until now, I chose to omit one important detail that might have given away the issue to the more knowledgeable right away. Our webservers have the URL /.well-known/acme-challenge/, used for ACME challenges, aliased somewhere else on the filesystem - To /tmp/challenges.

See the issue already?

Some *bleep* over at the Debian Package Maintainer group decided that Apache could save very sensitive data into /tmp, so, it would be for the best if they changed something that worked for decades, and enabled a SystemD service unit option "PrivateTmp" for the webserver, by default.

What it does is that, anytime a process started with this option enabled writes to /tmp/*, the call gets hijacked or something, and actually makes the write to a private /tmp/something/tmp/ directory, where something... Appeared as a completely random name, with the "apache2.service" glued at the end.

That was also the only reason why I managed fix this issue - On the umpteenth time of checking the directory structure, I noticed a "systemd-private-foobarbas-apache2.service-cookie42" directory there... That contained nothing but a "tmp" directory with 777 as its permission, owned by the process' user and group.

Overriding that unit file option finally fixed the issue completely.

I have just one question - Why? Why change something that worked for decades? I understand that, in case you save something into /tmp, it may be read by 3rd parties or programs, but I am of the opinion that, if you did that, its only and only your fault if you wrote sensitive data into the temporary directory.

And as far as I am aware, by default, Apache does not actually write anything even remotely sensitive into /tmp, so...

Why. WHY!
I wasted 4 hours of my life debugging this! Only to find out its just another SystemD-enabled "feature" now!

And as much as I love kidding on SystemD, this time, I see it more as a fault of the package maintainers, because... I found no default apache2/httpd service file in the apache repo mirror... So...

These ignorant comments about arch are starting to get on my nerves.

You ranted or asked help about something exclusive to windows and someone pointed out they don't have that problem in arch and now you're annoyed?

Well maybe it's for good.

Next comes a very rough analogy, but imagine if someone posts "hey guys, I did a kg of coke and feeling bad, how do I detox?"

It takes one honest asshole to be like "well what if you didn't do coke?".

Replace the coke with windows.
Windows is a (mostly) closed source operating system owned by a for profit company with a very shady legal and ethical history.

What on earth could possibly go wrong?

Oh you get bsod's?
The system takes hours to update whenever the hell it wants, forces reboot and you can't stop it?
oh you got hacked because it has thousands of vulnerabilities?
wannacry on outdated windows versions paralyzed the uk health system?

oh no one can truly scrutinize it because it's closed source?

yet you wonder why people are assholes when you mention it? This thing is fucking cancer, it's hundreds of steps backwards in terms of human progress.

and one of the causes for its widespread usage are the savage marketing tactics they practiced early on. just google that shit up.

but no, linux users are assholes out to get you.

and how do people react to these honest comments? "let's make a meme out of it. let's deligitimize linux, linux users and devs are a bunch of neckbeards, end of story, watch this video of rms eating skin off his foot on a live conference"

short minded idiots.

I'm not gonna deny the challenges or limitations linux represents for the end user.

It does take time to learn how to use it properly.
Nvidia sometimes works like shit.
Tweaking is almost universally required.
A huge amount of games, or Adobe/Office/X products are not compatible.
The docs can be very obscure sometimes (I for one hate a couple of manpages)

But you get a system that:
* Boots way faster
* Is way more stable
* Is way way way more secure.
* Is accountable, as in, no chance to being forced to get exploited by some evil marketing shit.

In other words, you're fucking free.
You can even create your own version of the system, with total control of it, even profit with it.

I'm not sure the average end user cares about this, but this is a developer forum, so I think in all honesty every developer owes open source OS' (linux, freebsd, etc) major respect for being free and not being corporate horseshit.

Doctors have a hippocratic oath? Well maybe devs should have some form of oath too, some sworn commitment that they will try to improve society.

I do have some sympathy for the people that are forced to use windows, even though they know ideally isn't the ideal moral choice.
As in, their job forces it, or they don't have time or energy to learn an alternative.

At the very least, if you don't know what you're talking about, just stfu and read.

But I don't have one bit of sympathy for the rest.

I didn't even talk about arch itself.
Holy fucking shit, these people that think arch is too complicated.

What in the actual fuck.

I know what the problem is, the arch install instructions aren't copy paste commands.
Or they medium tutorial they found is outdated.

So yeah, the majority of the dev community is either too dumb or has very strong ADD to CAREFULLY and PATIENTLY read through the instructions.

I'll be honest, I wouldn't expect a freshman to follow the arch install guide and not get confused several times.
But this is an intermediate level (not megaexpert like some retards out there imply).

Yet arch is just too much. That's like saying "omg building a small airplane is sooooo complicated". Yeah well it's a fucking aerial vehicle. It's going to be a bit tough. But it's nowhere near as difficult as building a 747.

So because some devs are too dumb and talk shit, they just set the bar too low.

Or "if you try to learn how to build a plane you'll grow an aviator neckbeard". I'll grow a fucking beard if I want too.

I'm so thankful for arch because it has a great compromise between control and ease of install and use.

When I have a fresh install I only get *just* what I fucking need, no extra bullshit, no extra programs I know nothing about or need running on boot time, and that's how I boot way faster that ubuntu (which is way faster than windows already).

Configuring nvidia optimus was a major pain in the ass? Sure was, but I got it work the way I wanted to after some time.

Upgrading is also easy as pie, so really scratching my brain here trying to understand the real difficult of using arch.

I've seen JavaScript client-side app that was connecting directly to DB using hardcoded (obfuscated, lol) DB password xD

And yes, there was no DB setting that this user is read-only and only from few tables. It was like GRANT * ON *.

To me this is one of the most interesting topics. I always dream about creating the perfect programming class (not aimed at absolute beginners though, in the end there should be some usable software artifact), because I had to teach myself at least half of the skills I need everyday.

The goal of the class, which has at least to be a semester long, is to be able to create industry-ready software projects with a distributed architecture (i.e. client-server).

The important thing is to have a central theme over the whole class. Which means you should go through the software lifecycle at least once.

Let's say the class consists of 10 Units à ~3 hours (with breaks ofc) and takes place once a week, because that is the absolute minimum time to enable the students to do their homework.

1. Project setup, explanation of the whole toolchain. Init repositories, create SSH keys for github/bitbucket, git crash course (provide a cheat sheet).
Create a hello world web app with $framework. Run the web server, let the students poke around with it. Let them push their projects to their repositories.
The remainder of the lesson is for Q&A, technical problems and so on.

Homework: Read the docs of $framework. Do some commits, just alter the HTML & CSS a bit, give them your personal touch.
For the homework, provide a $chat channel/forum/mailing list or whatever for questions where not only the the teacher should help, but also the students help each other.

2. Setup of CI/Build automation. This is one of the hardest parts for the teacher/uni because the university must provide the necessary hardware for it, which costs money. But the students faces when they see that a push to master automatically triggers a build and deploys it to the right place where they can reach it from the web is priceless.
This is one recurring point over the whole course, as there will be more software artifacts beside the web app, which need to be added to the build process. I do not want to go deeper here, whether you use Jenkins, or Travis or whatev and Ansible or Puppet or whatev for automation. You probably have some docker container set up for this, because this is a very tedious task for initial setup, probably way out of proportion. But in the end there needs to be a running web service for every student which they can reach over a personal URL. Depending on the students interest on the topic it may be also better to setup this already before the first class starts and only introduce them to all the concepts in a theory block and do some more coding in the second half.

Homework: Use $framework to extend your web app. Make it a bit more user interactive with buttons, forms or the like. As we still have no backend here, you can output to alert or something.

3. Create a minimal backend with $backendFramework. Only to have something which speaks with the frontend so you can create API calls going back and forth. Also create a DB, relational or not. Discuss DB schema/model and answer student questions.

Homework: Create a form which gets transformed into JSON and sent to the backend, backend stores the user information in the DB and should also provide a query to view the entry.

4. Introduce mobile apps. As it would probably too much to introduce them both to iOS and Android, something like React Native (or whatever the most popular platform-agnostic framework is then) may come in handy. Do the same as with the minimal web app and add the build artifacts to CI. Also talk about getting software to the app/play store (a common question) and signing apps.

Homework: Use the view API call from the backend to show the data on the mobile. Play around with the mobile project to display it in a nice way.

5. Introduction to refactoring (yes, really), if we are really talking about JS here, mention things like typescript, flow, elm, reason and everything with types which compiles to JS. Types make it so much easier to refactor growing codebases and imho everybody should use it.
Flowtype would make it probably easier to get gradually introduced in the already existing codebase (and it plays nice with react native) but I want to be abstract here, so that is just a suggestion (and 100% typed languages such as ELM or Reason have so much nicer errors).
Also discuss other helpful tools like linters, formatters.

Homework: Introduce types to all your API calls and some important functions.

6. Introduction to (unit) tests. Similar as above.
Homework: Write a unit test for your form.

(TBC)

Old old organization makes me feel like I'm stuck in my career. I'm hanging out with boomer programmers when I'm not even 30.

I wouldn't call myself an exceptional programmer. But the way the organization does it's software development makes me cringe sometimes.

1. They use a ready made solution for the main system, which was coded in PL/SQL. The system isn't mobile friendly, looks like crap and cannot be updated via vendor (that you need to pay for anyway) because of so many code customizations being done to it over the years. The only way to update it is to code it yourself, making the paid solutions useless
2. Adding CloudFlare in the middle of everything without knowing how to use it. Resulting in some countries/networks not being able to access systems that are otherwise fine
3. When devs are asked to separate frontend and backend for in house systems, they have no clue about what are those and why should we do it (most are used to PHP spaghetti where everything is in php&html)
4. Too dependent on RDBMS that slows down development time due to having to design ERD and relationships that are often changed when users ask for process revisions anyway
5. Users directly contact programmers, including their personal whatsapp to ask for help/report errors that aren't even errors. They didn't read user guides
6. I have to become programmer-sysadm-helpdesk-product owner kind of thing. And blamed directly when theres one thing wrong (excuse me for getting one thing wrong, I have to do 4 kind of works at one time)
7. Overtime is sort of expected. It is in the culture

If you asked me if these were normal 4 years ago I would say no. But I'm so used to it to the point where this becomes kinda normal. Jack of all trades, master of none, just a young programmer acting like I was born in the era of PASCAL and COBOL

The datepicker saga

Part one

So I begin work on a page where user add their details, project is late, taking ages on this page

Nearly done, just need a component to allow users to put in some date of births. Look for react components.

Avoiding that one because fuck Bootstrap.

Ah-ha, that looks good, let's give it a go.

CSS doesn't exist, oh need copy it over from npm dist. Great it applied but...

... WTF it's tiny. Thought it was a problem with my zoom. Nope found the issue in github.com and it's something to do with using REM rather than EM or something, okay someone provided a solution, rather I saw a couple of solutions, after some hacking around I got it working and pasted it in the right location and yes, it's a reasonable size now.

Only it's a bit crap because it only allows scrolling 1 month at a time. No good. Hunting through the docs reveals several options to add year and month drop downs and allow them to be scrolled. Still a bit shit as it only shows certain years, figure I'd set the start date position somewhere at the average.

Wait. The up button on the scroll doesn't even show, it's just a blank 5px button. Mouse scroll doesn't work

Fucking...

... Bailing on that.

Part 2

Okay sod it I'll just make my own three drop down select boxes, day, month and year. Easy.

At this point I take full responsibility and cannot blame any third party. And kids, take this as a lesson to plan out your code fully and make no assumptions on the simplicity of the problem.

For some reason (of which I regretted much) I decided to abstract things so much I made an array of three objects for each drop down. Containing the information to pretty much abstract away the field it was dealing with. This sort of meta programming really screwed with my head, I have lines like the following:

[...].map(optionGroup =>
optionGroup.options[
parseInt(
newState[optionGroup.momentId]
, 10)
]
)...

But I was in too deep and had to weave my way through this kind of abstract process like an intrepid explorer chopping through a rain forest with a butter knife.

So I am using React and Redux, decided it was overkill to use Redux to control each field. Only trouble is of course when the user clicks one of the fields, it doesn't make sense in redux to have one of the three fields selected. And I wanted to show the field title as the first option. So I went against good practice and used state to keep track of the fields before they are handed off to the parent/redux. What a nightmare that was.

Possibly the most challenging part was matching my indices with moment.js to get the UI working right, it was such a meta mess when it just shouldn't have taken so stupidly long.

But, I begin to see the light at the end of this tunnel, it's slowly coming together. And when it all clicks into place I sit back and actually quite enjoy my abysmal attempt at clean and easy to read code.

Part 3

Ran the generated timestamp through a converter and I get the day before, oh yeah that's great

Seems like it's dependant on the timezone??!

Nope. Deploying. Bye. I no longer care if daylight savings makes you a day younger.

Things that piss me the fuck off about user programs(in this case text editors):

No fucking documentation or signs of it available, a promise from like 3 years ago to post: tutorials/actual docs and yet unfulfilled shit. Yet the author sells the editor, you can get a free version of it, but the extension api is only given in the paid version. It's like $12 bucks, which depending on where you are from is really the cost of a meal.

The editor in question is 4coder, seems like a good stack for building C/C++ based applications with a lot of cool utilities underneath, I see dudes using it to create a lot of cool shit online, but things like moving input, stopping the thing from formatting pasted code etc etc. Shit, even reaching the documentation is fucky, you get the names of the commands......ok...awesome...wtf do I do with these? Why do i need to watch a 20+ minute tutorial from the developer instead of being able to read a retarded ass tutorial regarding how to do the most basic shit? For an editor that is set to replace Emacs and Vim for developers inside of a windows platform....it sure is lacking AF in that regards.

I really want to work with this thing because it seems to be made with a lot of heart, just can't stand the fact that the documentation is lacking like a motherfucker

Those who had the "pleasure" of working directly with clients know a thing or two about how a clumsy communication can have grave consequences.

Software developer and an Imgur user BackDoorNoBaby shed some light on these humorous situations and misunderstandings that often occur with clueless clients. Because we all have our niche interests and specializations, and it’s easy to sneer at the plebs who just don’t get it. To be fair though, dealing with unrealistic demands by clients who have no real understanding of what you do must get pretty frustrating at times, and if you work in IT, you’ll surely have come across at least one of these situations before.

What we have here are the daily trials and tribulations of an IT worker. Clients that read the latest trends in a tech magazine and want it right now. Business people who think that because they have the money, solutions should magically materialize. Clients that complain about something not functioning properly, when they clearly don't have a clue how to use it properly. We all know this kind of clients, and these kind of 'horror' stories are part of what makes working in IT so special. Sometimes humour is the only suitable response.

I don't care about market cap. Stick your hype-driven business practices up your ass. Infinite growth doesn't exist. I won't read your fucking books and attend your fucking bootcamps and MBAs. You don't have a business model. Selling data is not a business model. Fuck your quick-flip venture capital schemes, and especially fuck your “ethics”.

I will be the first alt-tech CEO. I only care about revenue. The real money, not capitalization bubble vaporware. You don't need a huge fleet of engineers if you're smart about your technology, know how to do architecture, and you're not a feature creep. You don't need venture capital if you don't need a huge fleet of engineers. You don't need to sell data if you don't need venture capital. See? See the pattern here?

My experience allows me to build products on entirely my own. I am fully aware of the limitations of being alone, and they only inspire lean thinking and great architectural decisions. If you know throwing capacity at a problem is not an option, you start thinking differently. And if you don't need to hire anyone, it is very easy to turn a profit and make it sustainable.

If you don't follow the path of tech vaporware, you won't have the problems of tech vaporware, namely distrust of your user base, shitty updates that break everything, and of course “oops, they raised capital, time to leave before things go south”.

A friend of mine went the path I'm talking about, developed a product over the course of four years all alone, reached $10k MRR and sold for $0.8M. But I won't sell. I only care about revenue. If I get to $10k MRR, I will most likely stop doing new features and focus on fixing all the bugs there are and improving performance. This and security patches. Maybe an occasional facelift. That's it. Some products are valued because they don't change, like Sublime Text. The utility tool you can rely on. This is my scheme, this is what I want to do in life. A best-kept secret.

Imagine 100 million users that hate my product but use it because there are no alternatives, 100 people in data enrichment department alone, a billion dollars of evaluation (without being profitable), 10 million twitter followers, and ten VC firms telling me what to do and what data to sell.

Fuck that. I'd rather have one thousand loyal customers and $10k MRR. I'm different, some call it a mental illness, but the bottom line is, my goals are beyond their understanding. They call me crazy. I won't say it was never about the money, of course it was, but inflating your evaluation is not “money”. But the only thing they have is their terrible hustle culture lives and some VC street wisdom, meanwhile I HAVE products, it is on record on my PH. I have POTDs, I have a fucking Golden Kitty nomination on health and fitness for a product I made in one day. Fuck you.

When your IT VP starts speaking blasphemy:

"Team,
We all know what’s going on with the API. Next week we may see 6x order volumes.

We need to do everything possible to minimize the load on our prod database server.

Here are some guidelines we’re implementing immediately:

· I’m revoking most direct production SQL access. (even read only). You should be running analysis queries and data pulls out of the replication server anyway.
· No User Management activities are allowed between 9AM and 9PM EST. If you’re going to run a large amount of updates, please coordinate with a DBA to have someone monitoring.
· No checklist setup/maintenance activities are allowed at all. If this causes business impact please let me know.
· If you see are doing anything in [App Name] that’s running long, kill it and get a DBA involved.

Please keep the communication level high and stay vigilant in protecting our prod environment!"

RIP most of what I do at work.

I have just slept for a minimum of 5 hours. It is 7:47 PM atm.
Why?
We have had a damn stressful day today.
We have had a programming test, but it really was rather an exam.
Normally, you get 30 minutes for a test and 45 minutes for an exam.

In this "test" we have had to explain what 'extends' does and name a few advantages of why one should use it.
Check.
Read 3 separate texts and write the program code on paper. It was about 1 super class and 1 sub class with a test class in Java.
Check.
Task 3: Create the UML diagram of the code from above. *internally: From above? He probably means my code since there is no other code there. *Checks time*. I have about 3 minutes left. Fuck my life.*
Draws the boxes. Put the class names in each of them. A private attribute for the super class.
Teacher: Last minute!
Draw the arrow starting starting from the sub class to the super class.
Put my name on each written paper. And mentally done for the day. Couldn't finish the last task. Task 3.
During this "test", I heard the frustrations of my classmates. Seemed like everyone was pretty much pissed.
After a short discussion with the teacher who also happens to be the physics professor of a university nearby.
[If you are reading this, I hope that something bad happens to you]
The next course was about computer systems. Remember my recent rant about DNS, dhcp, ftp, web server and samba on ubuntu?
We have had the task to do the screenshots of the consoles where you proof that you have dhcp activated on win7 machine etc. Seemed ok to me. I would have been done in 10 minutes, if I would be doing this relaxed. Now the teacher tells us to change the domain names to <surnameOfEachStudent>.edu.
I was like: That's fine.
Create a new user for the samba server. Read and write directories. Change the config.
Me: That should be easy.
Create new DNS entries in the configs.
Change the IPv6 address area to 192.168.x.100-200/24 only for the dhcp server.
Change the web server's default page. Write your own text into it.
You will have 1 hour and 30 minutes of time for it.
Dumbo -ANGRY-CLIENT-: Aye. Let us first start screenshotting the default page. Oh, it says that we should access it with the domain name. I don't have that much time. Let us be creative and fake it, legally.
Changes the title element so that it looks like it has been accessed via domain name. Deletes the url and writes the domain name without pressing Enter. Screenshot. Done. Ok, let us move to the next target.
Dhcp: Change lease time. Change IP address area. Subnet mask. Router. DNS. Broadcast. Optional domain name. Save.
Switches to win7.
ipconfig /release
ipconfig /renew
Holy shit it does not work!
After changing the configs on ubuntu for a legit 30 minutes: Maybe I should change the ip of the ubuntu virtual machine itself. *me asking my old self: why did not you do that in the first place, ass hole?!*
Same previous commands on win7 console. Does not work. Hmmm...
Where could be the problem?
Check the IP of the ubuntu server once again. Fml. Ubuntu did not save when I clicked on the save button the first time I have changed it. Click on save button 10 times to make sure it really is saved now lol.
Same old procedure on win7.
Alright. Dhcp works. Screenshot.
Checks time. 40 minutes left.
DNS:It is your turn. Checks bind9 configs. sudo nano db.reverse.edu.
sudo nano db.<mysurname>.edu.
Alright. All set. It should work now.
Ping win7 from ubuntu and vice versa. Works. Ping domain name on windows 7 vm. Does not work.
Oh, I forgot to restart the bind9 server on ubuntu.
sudo service bind stop
" " " start
Check DNS server IP on win7. It looks fine.
It still doesn't work. Fuck it. I have only 20 minutes left. Samba. Let us do this!
10 minutes in. No result. I don't remember why. I already forgot why I have done for it. It was a very stressful day.
Let us try DNS again.
Oh shit. I forgot the resolver!
sudo nano /etc/resolv.conf
The previous edits are gone. Dumb me. It says it in the comments. Why did not I care about it. Fuck it.6 minutes left. Open a yt video real quick. Changes the config file. Saves it. Restarts DNS and dhcp. Closes the terminal and opens a new one. The changes do not affect them until you reopen them. That's why.
Change to win7.
Ping works. How about nsloopup.
Does not work.
Teacher: 2 minutes left!
Fuck it.
Saves the word document with the images in it. Export as pdf. Tries to access the directories of the school samba server. Does not work. It was not my fault tho. Our school server is in general very slow. It feels like they are not maintained and left alone like this in the dust from the 90s.
Friend gets the permission to put his document on a USB and give the USB to the teacher.
Sneaky me: Hey xyz, can you give me your USB real quick?
Him: sure.
Gets bombed with "do you want to format the USB?" pop-ups 10 times. Fml. Skips in a fast way.
Transfers the pdf. Plug it out. Give it back.
After this we have had to give a presentation in politics. I am done.

Moving files is emotionally easier than copying and deleting files, and moving eliminates the risk of selecting the wrong files at the deletion part.

I have read that it is safer to manually copy and manually delete files rather than to move it, but copying and deleting has a hidden risk that was not mentioned: selecting the wrong files for deletion.

Moving files feels like moving an obstacle from one room to another. The deletion part of copying and deleting feels like destroying something, which is an added emotional barrier.

Technically, copying and deleting is safer, since there is no risk of source files being deleted without having been transferred as a result of a device disconnecting or the buggy media transfer protocol (MTP) failing to load the entire file list. However, on mass storage devices, this pretty much never happened to me, and on MTP, data loss can be avoided by not moving folders but opening the source folders and selecting all files and moving those out. This prevents a parent folder with incompletely loaded file listing from being deleted.

However, something that is not considered about copying and deleting is that the risk of selecting the wrong files in the deletion step exists. One might end up selecting files that were never copied.

Not only is moving straightforward and time-saving, but it has no emotional barrier and the risk of selecting the wrong files to delete from the source is eliminated, since a proper file manager like Nemo or Windows Explorer (mass storage only, not MTP) only deletes a moved file from the source after it has been properly transferred. The user does not need to pay attention to select the correct files to delete, since the file manager already did it.

When I was new developer and accidentally did testing of an important internal business app on what I thought was dev but was actually production... and of course has entered some crude humor as data because it was "dev".

I've been lurking here for a little while now and I thought I'd post my first rant.

I'm an intern at a software development company and I have to design an application for the company, that will only be used in the company.
Both my frontend and backend are coming along decently, but still being new to the whole development scene, I didn't gather enough user stories from my colleagues.
So normally everybody is working hard, but has time. But the exact day I planned to gather some more user stories everybody is as busy as could possibly be.
Now I'm sitting here thinking what to do. My brain trembles from it and if I get can't get an idea of what to do soon, I'll feel truly slothfull.

I know my problem is far from horrible, when compared to some of the rants I've read here. But I really have no idea what I should do at the moment.

Oh, and if you got the two references I did to a certain series, you have suffered.

I can't help it sounding bitter..
If you work some amount of time in tech it's unavoidable that you automatically pick up skills that help you to deal with a lot of shit. Some stuff you pick up is useful beyond those problems that shouldn't even exist in the first place but lots of things you pick up over time are about fixing or at least somehow dealing or enduring stuff that shouldn't be like that in the first place.
Fine. Let's be honest, it's just reality that this is quite helpful.

But why are there, especially in the frontend, so many devs, that confuse this with progress or actual advancement in their craft. It's not. It's something that's probably useful but you get that for free once you manage to somehow get into the industry. Those skills accumulate over time, no matter what, as long as you manage to somehow constantly keep a job.
But improving in the craft you chose isn't about somehow being able to deal with things despite everything. That's fine but I feel like the huge costs of keeping things going despite some all the atrocities that arose form not even considering there could be anything to improve on as soon as your code runs. If you receive critic in a code review, the first thing coming back is some lame excuse or even a counter attack, when you just should say thank you and if you don't agree at all, maybe you need to invest more time to understand and if there's some critic that's actually not useful or base don wrong assumptions, still keep in mind it's coming from somebody that invested time to read your code gather some thoughts about it and write them down for you review. So be aware of the investment behind every review of your code.
Especially for the frontend getting something to run is a incredibly low bar and not at all where you can tell yourself you did code.
Some hard truth from frontend developer to frontend developer:
Everybody with two months of experience is able to build mostly anything expected on the job. No matter if junior or senior.
So why aren't you looking for ways to find where your code is isn't as good as it could be.

Whatever money you earn on top of your junior colleagues should make you feel obligated to understand that you need to invest time and the necessary humbleness and awareness of your own weaknesses or knowledge gaps.
Looking at code, that compiles, runs and even provides the complete functionality of the user story and still feeling the needs do be stuff you don't know how to do it at the moment.

I feel like we've gotten to a point, where there are so few skilled developer, that have worked at a place that told them certain things matter a lot Whatever makes a Senior a Senior is to a big part about the questions you ask yourself about the code you wrote if if's running without any problems at all.
It's quite easy to implement whatever functionality for everybody across all experience levels but one of your most important responsibilities. Wherever you are considered/payed above junior level, the work that makes you a senior is about learning where you have been wrong looking back at your code matters (like everything).

Sorry but I just didn't finde a way to write this down in a more positive and optimistic manner.

And while it might be easy to think I'm just enjoying to attack (former) colleaues thing that makes me sad the most is that this is not only about us, it's also about the countless juniors, that struggle to get a food in the door.
To me it's not about talent nor do I believe that people wouldn't be able to change.
Sometimes I'm incredibly disappointed in many frontend colleagues. It's not about your skill or anything. It's a matter of having the right attitude.
It's about Looking for things you need to work in (in your code). And investing time while always staying humble enough to learn and iterate on things. It's about looking at you
Ar code and looking for things you didn't solve properly.

Never forget, whenever there's a job listing that's fording those crazy amount of work experience in years, or somebody giving up after repeatedly getting rejected it might also be on the code you write and the attitude that 's keeping you looking for things that show how awesome you are instead of investing work into understanding where you lack certain skills, invest into getting to know about the things you currently don't know yet.
If you, like me, work in a European country and gathered some years of industry experience in your CV you will be payed a good amount of money compared to many hard working professions in other industries. And don't forget, you're also getting payed significantly more than the colleagues that just started at their first job.
No reason to feel guilty but maybe you should feel like forcing yourself to look for whatever aspect of your work is the weakest.

There's so many colleagues, especially in the frontend that just suck while they could be better just by gaining awareness that there code isn't perfect.

*Frustrated user noises* Whyyyy, Grafana, why don't you implement any actual query forgery checks?!

So long as a user has access to the Grafana frontend, they can happily forge the requests going off to the backend, and modify them to return *whatever* data they want from the datasource.

No matter that they're a read-only user. That only stops them from modifying the dashboard definitions on the frontend, but doesn't enforce any sort of immutability on the BE...

If anyone had any tips on how to further secure it, I'm curious...

I'm trying to improve my email setup once again and need your advice. My idea is as follows:
- 2-5 users
- 1 (sub)domain per user with a catchall
- users need to be able to also send from <any>@<subdomain>.<domain>
- costs up to 1€ per user (without domain)
- provider & server not hosted in five eyes and reasonably privacy friendly
- supports standard protocols (IMAP, SMTP)
- reliable
- does not depend on me to manage it daily/weekly
- Billing/Payment for all accounts/domains at once would be nice-to-have, but not necessary

I registered a domain with wint.global the other day and I actually managed to get this to work, but unfortunately their hosting has been very underwhelming.. the server was unreachable for a few minutes yesterday not only once, but roughly once an hour, and I'd really rather be able to actually receive (and retrieve) my mail. Also their Plesk is quite slow. To be fair for their price it's more like I pay for the domain and get the hosting for free, but I digress..

I am also considering self hosting, but realistically that means running it on a VPS and keeping at secure and patched, which I'd rather outsource to a company who can afford someone to regularly read CVEs and keep things running. I don't really want to worry about maintaining servers when I'm on holiday for example and while an unpatched game server is an acceptable risk, I'd rather keep my email server on good shape.

So in the end the question is: Which provider can fulfill my email dreams?

My research so far:
1. Tutanota doesn't offer standard protocols. I get their reasons but that also makes me depended on their service/software, which I wouldn't like. Multiple domains only on the business plans.
2.With Migadu I could easily hit their limits of incoming mails if someone signs up for too many newsletters and I can't (and don't want to) micromanage that.
3. Strato: Unclear whether I can create mails for subdomains. Also I don't like the company for multiple reasons. However I can access a domains hosted there and could try...
4. united-domains: Unclear whether I can create mails for subdomains.
5. posteo: No custom domains allowed.

I'm getting tired.. *sigh*

sorry, search engines were not helpful. does anyone know of a lightweight browser that doesn't need installing but stores everything in the os user directory?

i have no it-permissions but want to provide my department with a suitable browser. we have ie and edge, but the latter deletes everything on closing which makes it unusable for my usecase and the it is not willing to set this up different.

ff portable can not be run from a read-only-folder and any other scenario either needs installing on every terminal or does not handle different profiles which is essential. i read that this is the case for any portable browser.

i'd like to set it up properly with neccessary start page, favourites, adblocker and so on but just in one network directory for maintainance reasons.

we run a web based application strictly local but each windows-user-account must have their own setting in this app (cookies or preferably webstorage).

am i asking too much for?