My Friend: Dude our Linux Server is not working anymore!

Me: What? What did you do?

My friend: Nothing I swear!

Me: But you were last on it?

My friend: Yes. I just wanted to run a bash file and needed to give it permissions.

Me : WHAT DID YOU ENTER???!

My Friend: Chill man, just this command I found on the internet
chmod -R 600 /
chown -R root:root /

Me: WHY ARE YOU EVEN IN ROOT AND GOD DAMMIT WHY ARE YOU EVEN USING SOME RANDOM COMMAND FROM THE INTERNET. YOU KNOW YOU SHOULD NOT DO THIS OR JUST ASK!

My friend: Ok I did something wrong, how can I fix it?

Me: Did you make a backup or rsync of the server?

My friend: No. I just wanted to run this file.

Me: You holocausted the server. FUCK MY LIFE

I've forgot root password to open this one...Seems no soda for me today

There was a problem with a server we were staging on, and I was providing DevOps help remote.

As a joke I said, "haha if you run `sudo rm -rf / --no-preserve-root` everything will be fixed!"

They ran it. RIP server-kun 2016-2018 💨

Only in computer science you'll find that root is on the top of the tree and that parent may kill it's child after its function is no longer needed.

Root ain't givin' no fucks no mo'

My boss just demanded that I join a conference call. So, I call in, and there's three other people there.

He starts chewing me out for talking with some vendor directly (their VP emailed me directly and asked for a few things, and i was instructed to make him happy). Apparently I used "confusing wording" and "did not talk his language." Bossman was really getting into gear for a ten-minute berating.

It turns out that the guy in question only read half of my first email, and totally ignored the second email where I told him everything was finished and live and working. I told my boss quite bluntly that the guy should have read what I had written, and that he was an idiot. The boss's defense of the guy? "Well, he's a sales guy." I just laughed at him.

Later, bossman started in on me (once again) for not making enough progress on this ridiculous shared-spreadsheet sales tool he wants, saying "We discussed this a week ago!"

I casually reminded him that we had talked about it for the first time ever on Friday night (today is Tuesday), and he had said it wasn't going to be a priority for the next three weeks(!). Again he stopped in his tracks. Again, I laughed at him.

Guy's a tool and I'm so done with caring.

Root's going to be flippant and angry. Root's going to have fun (:

What's he gonna do, fire me? 😂

So a friend of Mine asked me to check their Mail server because some emails got lost. Or had a funny signature.

Mails were sent from outlook so ok let's do this.

I go create a dummy account, and send/receive a few emails. All were coming in except one and some had a link appended. The link was randomly generated and was always some kind of referral.

Ok this this let's check the Mail Server.

Nothing.

Let's check the mail header. Nothing.

Face -> wall

Fml I want to cry.

Now I want to search for a pattern and write a script which sends a bunch of mails on my laptop.
Fuck this : no WLAN and no LAN Ports available. Fine let's hotspot the phone and send a few fucking mails.

Guess what? Fucking cockmagic, no funny mails appear!

At that moment I went out and was like chainsmoking 5 cigarettes.

BAM!

It hit me! A feeling like a unicorn vomiting rainbows all over my face.

I go check their firewall. Shit redirected all email ports from within the network to another server.

Yay nobody got credentials because nobody new it existed. Damn boy.

Hook on to the hostmachine power down the vm, start and hack yourself a root account before shit boots. Luckily I just forgot the credentials to a testvm some time ago so I know that shit. Lesson learned: fucking learn from your mistakes, might be useful sometimes!

Ok fucker what in the world are you doing.

Do some terminal magic and see that it listens on the email ports.

Holy cockriders of the galaxy.

Turns out their former it guy made a script which caught all mails from the server and injected all kind of bullshit and then sent them to real Webserver. And the reason why some mails weren't received was said guy was too dumb to implement Unicode and some mails just broke his script.

That fucker even implented an API to pull all those bullshit refs.

I know your name "Matthias" and I know where you live and what you've done... And to fuck you back for that misery I took your accounts and since you used the same fucking password for everything I took your mail, Facebook and steam account too.

Git gut shithead! You better get a lawyer

Hacking/attack experiences...
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜

Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.

First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.

Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.

Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.

Dealing with attacks and getting hacked.

Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.

linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)

How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!

One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)

Dealing with different kinds of attacks:

Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.

So yah, hereby :P

A wild Darwin Award nominee appears.

Background: Admins report that a legacy nightly update process isn't working. Ticket actually states problem is obviously in "the codes."

Scene: Meeting with about 20 people to triage the issue (blamestorming)

"Senior" Admin: "update process not working, the file is not present"
Moi: "which file?"
SAdmin: "file that is in ticket, EPN-1003"
Moi: "..." *grumbles, plans murder, opens ticket*
...
Moi: "The config dotfile is missing?"
SAdmin: "Yes, file no there. Can you fix?"
Moi: "Engineers don't have access to the production system. Please share your screen"
SAdmin: "ok"
*time passes, screen appears*
Moi: "ls the configuration dir"
SAdmin: *fails in bash* > ls

*computer prints*
> ls
_.legacyjobrc

Moi: *sees issues, blood pressure rises* "Please run list all long"
SAdmin: *fails in bash, again* > ls ?
Moi: *shakes* "ls -la"
SAdmin: *shonorable mention* > ls -la

*computer prints*
> ls -la
total 1300
drwxrwxrwx- 18 SAdmin {Today} -- _.legacyjobrc

Moi: "Why did you rename the config file?"
SAdmin: "Nothing changed"
Moi: "... are you sure?"
SAdmin: "No, changed nothing."
Moi: "Is the job running as your account for some reason?"
SAdmin: "No, job is root"
Moi: *shares screenshot of previous ls* This suggests your account was likely used to rename the dotfile, did you share your account with anyone?
SAdmin: "No, I rename file because could not see"
Moi: *heavy seething* so, just to make sure I understand, you renamed a dotfile because you couldn't see it in the terminal with ls?
SAdmin: "No, I rename file because it was not visible, now is visible"
Moi: "and then you filed a ticket because the application stopped working after you renamed the configuration file? You didn't think there might be a correlation between those two things?"
SAdmin: "yes, it no work"
Interjecting Director: "How did no one catch this? Why were there no checks, and why is there no user interface to configure this application? When I was writing applications I cared about quality"
Moi: *heavy seething*
IDjit: "Well? Anyone? How are we going to fix this"
Moi: "The administrative team will need to rename the file back to its original name"
IDjit: "can't the engineering team do this?!"
Moi: "We could, but it's corporate policy that we have no access to those environments"
IDjit: "Ok, what caused this issue in the first place? How did it get this way?!"

TFW you think you've hit the bottom of idiocy barrel, and the director says, "hold my mango lassi."

Summary of the summary: Boss is an asshole. Root gets angry; boss leaves instead of picking a fight for once. This makes Root sad (and really angry).

Summary: Root has another interaction with her boss. The boss is an asshole. Root is a bitch. Root would have been so so so much more of a bitch if the boss actually fucking responded. Root is sad this didn't happen. Root might have gotten fired. That would have made Root happy. :<

-------------

Le wild blackout appears!

-- Conference call (the short-short version) --
Boss: *freaks out* Fix it! Why aren't you fixing it? You have to fix it.
Me: I'm already fixing it. 😕
Boss: You have to fix it! This is important!
Me: Then let's get off this call so I can focus on fixing it!
Boss: Okay but fix it! *begrudgingly hangs up*

-- Slack --
Me: (posting a running log of what I'm doing) This is what i discovered. this is the cause. these are the possible fixes. I picked this one because it's quick and has few consequences, though it may break ____ so it'll need followup fixes. I'll do those tomorrow. Blackout resolved!

Boss: (apparently doesn't even noticed I fixed his shitty service)

-- Next day --
Boss: I want you to work on [stupid shit] instead.
Me: But what about the followup fixes?
Boss: Top priority! because customer service!
Me: ... fine.

-- Next week (verbatim because wtf) --
Boss: Did we test that [resolution] on ______? No one thought to test this. It didnt cross anyones mind at all? Either you guys can make good decisions and document concerns or I have to be part of every decision [...]. But this is basic. SHould have been a team heads up and said if we are switching this what can it break and can we test it. [sic]

Me: Did you want me to resolve the blackout quickly and allow people to actually use our service, or spend two days checking everything that might possibly have gone wrong? I weighed the possibilities and picked the solution with the quickest implementation with the fewest consequences. You're welcome.

Me: (Quotes boss's "SHould have been a team heads up" and links my "this is what could go wrong" heads-up in Slack)
Boss: (pretends not to even notice)
Boss: (talks about customer service related crap)

What a fucking loser.
I'm so angry he didn't respond and start in on me over it. I wanted to tear him to shreds in front of everyone.

Related:
He tried adding another huge project to my plate earlier today, and I started flipping out on him for all these shitty sales features he keeps dumping on me in place of real work that i still get blamed for not finishing. The contractor stepped in before it got too heated, though, which is probably best because my reaction was pretty unprovoked. The above rant, though? Asshole doesn't read, just blames and yells when he's angry.

I really hate him.

I’m kind of pissy, so let’s get into this.
My apologies though: it’s kind of scattered.

Family support?
For @Root? Fucking never.

Maybe if I wanted to be a business major my mother might have cared. Maybe the other one (whom I call Dick because fuck him, and because it’s accurate) would have cared if I suddenly wanted to become a mechanic. But in both cases, I really doubt it. I’d probably just have been berated for not being perfect, or better at their respective fields than they were at 3x my age.

Anyway.
Support being a dev?
Not even a little.

I had hand-me-down computers that were outmoded when they originally bought them: cutting-edge discount resale tech like Win95, 33/66mhz, 404mb hd. It wouldn’t even play an MP3 without stuttering.

(The only time I had a decent one is when I built one for myself while in high school. They couldn’t believe I spent so much money on what they saw as a silly toy.)

Using a computer for anything other than email or “real world” work was bad in their eyes. Whenever I was on the computer, they accused me of playing games, and constantly yelled at me for wasting my time, for rotting in my room, etc. We moved so often I never had any friends, and they were simply awful to be around, so what was my alternative? I also got into trouble for reading too much (seriously), and with computers I could at least make things.

If they got mad at me for any (real or imagined) reason (which happened almost every other day) they would steal my things, throw them out, or get mad and destroy them. Desk, books, decorations, posters, jewelry, perfume, containers, my chair, etc. Sometimes they would just steal my power cables or network cables. If they left the house, they would sometimes unplug the internet altogether, and claim they didn’t know why it was down. (Stealing/unplugging cables continued until I was 16.) If they found my game CDs, those would disappear, too. They would go through my room, my backpack and its notes/binders/folders/assignments, my closet, my drawers, my journals (of course my journals), and my computer, too. And if they found anything at all they didn’t like, they would confront me about it, and often would bring it up for months telling me how wrong/bad I was. Related: I got all A’s and a B one year in high school, and didn’t hear the end of it for the entire summer vacation.

It got to the point that I invented my own language with its own vocabulary, grammar, and alphabet just so I could have just a little bit of privacy. (I’m still fluent in it.) I would only store everything important from my computer on my only Zip disk so that I could take it to school with me every day and keep it out of their hands. I was terrified of losing all of my work, and carrying a Zip disk around in my backpack (with no backups) was safer than leaving it at home.

I continued to experiment and learn whatever I could about computers and programming, and also started taking CS classes when I reached high school. Amusingly, I didn’t even like computers despite all of this — they were simply an escape.

Around the same time (freshman in high school) I was a decent enough dev to actually write useful software, and made a little bit of money doing that. I also made some for my parents, both for personal use and for their businesses. They never trusted it, and continually trashtalked it. They would only begrudgingly use the business software because the alternatives were many thousands of dollars. And, despite never ever having a problem with any of it, they insisted I accompany them every time, and these were often at 3am. Instead of being thankful, they would be sarcastically amazed when nothing went wrong for the nth time. Two of the larger projects I made for them were: an inventory management system that interfaced with hand scanners (VB), and another inventory management system for government facility audits (Access). Several websites, too. I actually got paid for the Access application thanks to a contract!

To put this into perspective, I was selected to work on a government software project about a year later, while still in high school. That didn’t impress them, either.

They continued to see computers as a useless waste of time, and kept telling me that I would be unemployable, and end up alone.

When they learned I was dating someone long-distance, and that it was a she, they simply took my computer and didn’t let me use it again for six months. Really freaking hard to do senior projects without a computer. They begrudgingly allowed me to use theirs for schoolwork, but it had a fraction of the specs — and some projects required Flash, which the computer could barely run.

Between the constant insults, yelling, abuse (not mentioned here), total lack of privacy, and the theft, destruction, etc. I still managed to teach myself about computers and programming.

In short, I am a dev despite my parents’ best efforts to the contrary.

Funny story about the first time two of my servers got hacked. The fun part is how I noticed it.
So I purchased two new vps's for proxy server goals and thought like 'I can setup fail2ban tomorrow, I'll be fine.'

Next day I wanted to install NginX so I ran the command and it said that port 80 was already in use!

I was sitting there like no that's not possible I didn't install any server software yet. So I thought 'this can't be possible' but I ran 'pidof apache2' just to confirm. It actually returned a PID! It was a barebones Debian install so I was sure it was not installed yet by ME. Checked the auth logs and noticed that an IP address had done a huge brute force attack and managed to gain root access. Simply reinstalled debian and I put fail2ban on it RIGHT AWAY.

Checked about two seconds later if anyone tried to login again (iptables -L and keep in mind that fail2ban's default config needs six failed attempts within I think five minutes to ban an ip) and I already saw that around 8-10 addresses were banned.

Was pretty shaken up but damn I learned my lesson!

Fleksy keyboard: We don't access your private information and upload it to the cloud!

No, because I'm blocking your Internet access through a fucking root firewall.

Fuck you, devs who quote Knuth:

"Premature optimization is the root of all evil"

I agree with the spirit of the quote. I agree that long-winded arguments comparing microsecond differences in performance between looping or matching constructs in a language syntax is almost always nonsense. Slightly slower code can even be preferable if it's significantly clearer, safer and easier to maintain.

But, two fucking points need to be made to you lazy quickfix hipsters trying to sell your undercooked spaghetti code as "al dente", just fucking admit that you had no clue what you were doing.

So here we go:

1. If you write neat correct code in one go, you don't need to spend time to optimize it. Takes time to learn the right patterns, but will save you time during the rest of your career.

2. If you quote Knuth, at least provide the context: "We should forget about small efficiencies, say about 97% of the time [...] Yet we should not pass up our opportunities in that critical 3%"

YES THAT CRITICAL 3% IS WHERE YOU MESSED UP.

I'll forgive you for disgorging your codevomit into this silly PR.

BUT YOU'RE QUOTING KNUTH IN YOUR DEFENSE?

Premature optimization is the root of all evil... 6300 SQL queries to show a little aggregate graph on the dashboard... HE WOULD FUCKING SLAP YOUR KEYBOARD IN HALF IN YOUR FACE.

Root interviews for a job

So I've been interviewing for fun lately (and for practice), and it's been going mostly well. This one company in particular looks interesting, and they seem to really like me. This morning was interview #4 with them; tomorrow morning is #5.

The previous interviews were pretty enjoyable, especially the last one where I interviewed with one of the senior devs who gave me his "grumpy old man rails quiz." He actually asked some questions I wasn't able to answer! (Mostly dealing with Rails' internals.) Also when showing me the codebase, there were a few things I hadn't seen before, so it's exciting that I'll actually be able to learn something if I sign on. We ended up talking for almost an hour past our allotted time, and we got along famously. He said he was very surprised I did so well on his quiz because most people don't. Everyone else I interviewed with so far has liked me and gave positive reviews, too.

I don't know if I want the job, but that's beyond the scope of this rant anyway. The real reason for this comes next.

My interview today was with the VP of engineering. It was more of a monologue, as he wanted to give me perspective to see if I actually wanted to work there, but it was still very much a monologue. He's an old white guy who seems to loves to drone, and he never seemed very happy when I responded, so I let him drone and drone. Good information though.

But he's very set in his ways in some regards, and two of them were pretty insulting. We never really talked about technicals, and he just assumed that since I wasn't old and graying that I was a junior dev. He said, and I'll quote: "We run a lean but senior team, so we typically only hire senior devs here. But the dev team is all old white men. There's no diversity in talent, age, sex, race, religion, etc, and I'm looking to change that." He made several more allusions to my more junior level, too. He made a lot of assumptions (like how I'm not comfortable with structure because I've been the only dev so often) and got annoyed when I countered them.

I realize he has no idea of my skill level -- even though he should if he was listening to his team -- but to just assume that I'm not talented because I'm young, and bloody hire me just because I'm female? I don't want to be your diversity hire, old man. 🤬

So I'm feeling angry.
I might still take the job because the it offers considerable benefits over where I'm working (despite being quite happy here), but it will absolutely be despite him.

I tried DuckDuckGo like two years ago and my opinion was “meh, I don’t like the results”.

Yesterday @Root made it clear that the sole amount of data collected changes the whole perspective of tracking.

I went to shower thinking about that and as I was standing there enjoying warm water...

It hit me.

I liked google results and disliked DDG not because DDG was worse.

I liked google results because they were CRAFTED for ME to LIKE them. They exploited my confirmation bias, the strongest of all biases.

I took my other phone which is android, has a different sim that isn’t tied to my identity (don’t ask, this is Russia), was never connected to my WiFi and of course has no google account tied to it.

I tried googling stuff.

The results was just like what DDG gets you, the only difference was google amp were on top.

The fuck. One of the wokest moments ever.

A recruiter called me today. I had to barracade myself in the laundry room to hear him, and still needed to ask him to repeat himself 7-8 times. he spoke at what must have been 15% volume with a super thick Indian accent. He also couldn't pronounce a full third of the terms.

Here's how it went.

recruiter: you full-stack dev? what experience?
me: yes, about 8 years, maybe 10.
recruiter: you know C#?
me: no.
recruiter: you know java? tomcat? spring?
me: no, I don't know Java.
recruiter: you know react? angular? apache? node?xml? json? html?
me: yes. yes, angular 1. yes, yes, ...
recruiter: ok, i email you java job posting
me: I don't know java.
recruiter: ok, i email you.

Recruiter used "email java job posting." It wasn't very effective.
Recruiter moves quickly! Recruiter used "did you get my email? email" immediately after. It was super effective! @Root becomes angered!

Recruiter calls.
Recruiter calls.
@Root becomes enraged!

Recruiter calls.
recruiter: what [???] [?] [???] [??] java [???] [??] [???] okay
recruiter: You know C#?
me: No, I still don't know C#.
recruiter: ok thank you for time. 😡 *click*

What just happened?
I really don't understand their species.

My brother did something so stupid, I'm even doubting my relationship to him.

So yesterday he goes of to a friend of his and takes his MBP with him.

Later that evening he messages me : dude i got trolled big time, but reaaaally big time.

I ask him what's up, and what he replied to me, i still cant comprehend.

He said that he had lag on his mb when playing a game so he went to the internet and he came across a post with a command ... 'sudo rm -rf /' and someone else replying 'thanks bud, solved the problem for me'. So he went ahead and removed his root partition lol . I was like : WHY WOULD YOU EVEN ENTER A COMMAND YOU DONT KNOW WITHOUT LOOKING IT UP.

It made me think of another post here 'sudo like you have no backups'
Lol

Hey, Root? How do you test your slow query ticket, again? I didn't bother reading the giant green "Testing notes:" box on the ticket. Yeah, could you explain it while I don't bother to listen and talk over you? Thanks.

And later:
Hey Root. I'm the DBA. Could you explain exactly what you're doing in this ticket, because i can't understand it. What are these new columns? Where is the new query? What are you doing? And why? Oh, the ticket? Yeah, I didn't bother to read it. There was too much text filled with things like implementation details, query optimization findings, overall benchmarking results, the purpose of the new columns, and i just couldn't care enough to read any of that. Yeah, I also don't know how to find the query it's running now. Yep, have complete access to the console and DB and query log. Still can't figure it out.

And later:

Hey Root. We pulled your urgent fix ticket from the release. You know, the one that SysOps and Data and even execs have been demanding? The one you finished three months ago? Yep, the problem is still taking down production every week or so, but we just can't verify that your fix is good enough. Even though the changes are pretty minimal, you've said it's 8x faster, and provided benchmark findings, we just ... don't know how to get the query it's running out of the code. or how check the query logs to find it. So. we just don't know if it's good enough.

Also, we goofed up when deploying and the testing database is gone, so now we can't test it since there are no records. Nevermind that you provided snippets to remedy exactly scenario in the ticket description you wrote three months ago.

And later:

Hey Root: Why did you take so long on this ticket? It has sat for so long now that someone else filed a ticket for it, with investigation findings. You know it's bringing down production, and it's kind of urgent. Maybe you should have prioritized it more, or written up better notes. You really need to communicate better. This is why we can't trust you to get things out.

*twitchy smile*

I am bloody sick of being on my own.

I was the sole dev at the last few jobs I've held, with the exception of API Guy -- who didn't really help much, and who got fired / quit six months after I started. Every other job I've either been the only dev, or the only web dev. (Exception:My boss at my previous job was a Rails dev, but he has zero time to code, and was significantly less experiened so he could only rarely help anyway.)

But now I'm in a company with a bunch of other devs, and they're all ostensibly senior devs, so you'd think I should be able to ask questions, right? And get answers? that actually help? like "Hey, you built this; how does it work?" No bloody way.

So far every time I've asked someone for help, they've been incompetent. I asked about what a few flags did, and got an answer that basically said "you just gotta know. oh, and the labels aren't up to date, so don't trust what they say." I asked the head of the "product team" about a ticket that he wrote, and he changed what it meant four times within two days. I asked about another, and he said "oh, that isn't reproduceable." Thanks. I asked about mailers, and got two very different, very incompete walkthroughs from the more senior devs (9+ years on this codebase) that didn't help. I asked two people about how users and roles work, and still have no idea what kind of user (there are like twelve?) is what, what roles even exist, or how to check for permissions. `@current_user` is a thing, but idfk what it holds since that can change considerably, and there's an impersonation feature that changes how it works, too. I ask the product guy again about where to link something, and he has no idea. I ask said product guy about what this feature needs to do, and he doesn't know. I ask what the legal team needs, and i get nothing. I ask the designer where the goddamn CSS lives, and he doesn't know; he apparently just puts it wherever he feels like, even if it's a completely unrelated stylesheet. As long as it works, right?

I ask very simple and straighforward questions, and it takes them forever to get back to me saying what amounts to "idk, ask someone else."

This feels like the same crap all over again, except now there are a bunch of devs I can ask that give me basically the same answers as the sales people always did. Always "idk" or a confusing mess of an 'answer' that skips most/all of the important bits. At least these people don't [usually] contradict themselves.

So, @Root is all alone, again.
And currounded by incompetence.
Again.

For fuck's sake.
Can't I catch a break?

[This makes me sound really bad at first, please read the whole thing]

Back when I first started freelancing I worked for a client who ran a game server hosting company. My job was to improve their system for updating game servers. This was one of my first clients and I didn't dare to question the fact that he was getting me to work on the production environment as they didn't have a development one setup. I came to regret that decision when out of no where during the first test, files just start deleting. I panicked as one would and tried to stop the webserver it was running on but oh no, he hasn't given me access to any of that. I thought well shit, I might as well see where I fucked up since it was midnight for him and I wasn't able to get a hold of him. I looked at every single line hundreds of times trying to see why it would have started deleting files. I found no cause. Exhausted, (This was 6am by this point) I pretty much passed out. I woke up around 5 hours later with my face on my keyboard (I know you've all done that) only to see a good 30 messages from the client screaming at me. It turns out that during that time every single client's game server had been deleted. Before responding and begging for forgiveness, I decided to take another crack at finding the root of the problem. It wasn't my fault. I had found the cause! It turns out a previous programmer had a script that would run "rm -rf" + (insert file name here) on the old server files, only he had fucked up the line and it would run "rm -rf /". I have never felt more relieved in my life. This script had been disabled by the original programmer but the client had set it to run again so that I could remake the system. Now, I was never told about this specific script as it was for a game they didn't host anymore.
I realise this is getting very long so I'll speed it up a bit.
He didn't want to take the blame and said I added the code and it was all my fault. He told me I could be on live chat support for 3 months at his company or pay $10,000. Out of all of this I had at least made sure to document what I was doing and backup every single file before I touched them which managed to save my ass when it came to him threatening legal action. I showed him my proof which resulted in him trying to guilt trip me to work for him for free as he had lost about 80% of his clients. By this point I had been abused constantly for 4 weeks by this son of a bitch. As I was underage he had said that if we went to court he'd take my parents house and make them live on the street. So how does one respond? A simple "Fuck off you cunt" and a block.

That was over 8 years ago and I haven't heard from him since.

If you've made it this far, congrats, you deserve a cookie!

"Hey, Root, someone screwed up and now all of our prod servers are running this useless query constantly. I know I already changed your priorities six times in the past three weeks, but: Go fix it! This is higher priority! We already took some guesses at how and supplied the necessary code changes in the ticket, so this shouldn't take you long. Remember, HIGH PRIORITY!"

1. I have no idea how to reproduce it.
2. They have no idea how to reproduce it.
3. The server log doesn't include queries.
4. The application log doesn't include queries.
5. The tooling intercepts and strips out some log entries the legendary devs considered useless. (Tangent: It also now requires a tool to read the logs because log entries are now long json blobs instead of plain text.)
6. The codebase uses different loggers like everywhere, uses a custom logger by default, and often overwrites that custom logger with the default logger some levels in. gg
7. The fixes shown in the ticket are pretty lame. (I've fixed these already, and added one they missed.)
8. I'm sick and tired and burned out and just can't bring myself to care. I'm only doing this so i don't get fired.
9. Why not have the person who screwed this up fix it? Did they quit? I mean, I wouldn't blame them.

Why must everything this company does be so infuriatingly complicated?

Well, here's the OS rant I promised. Also apologies for no blog posts the past few weeks, working on one but I want to have all the information correct and time isn't my best friend right now :/

Anyways, let's talk about operating systems. They serve a purpose which is the goal which the user has.
So, as everyone says (or, loads of people), every system is good for a purpose and you can't call the mainstream systems shit because they all have their use.

Last part is true (that they all have their use) but defining a good system is up to an individual. So, a system which I'd be able to call good, had at least the following 'features':
- it gives the user freedom. If someone just wants to use it for emailing and webbrowsing, fair enough. If someone wants to produce music on it, fair enough. If someone wants to rebuild the entire system to suit their needs, fair enough. If someone wants to check the source code to see what's actually running on their hardware, fair enough. It should be up to the user to decide what they want to/can do and not up to the maker of that system.
- it tries it's best to keep the security/privacy of its users protected. Meaning, by default, no calling home, no integrating users within mass surveillance programs and no unnecessary data collection.
- Open. Especially in an age of mass surveillance, it's very important that one has the option to check the underlying code for vulnerabilities/backdoors. Can everyone do that, nope. But that doesn't mean that the option shouldn't be there because it's also about transparency so you don't HAVE to trust a software vendor on their blue eyes.
- stability. A system should be stable enough for home users to use. For people who like to tweak around? Also, but tweaking *can* lead to instability and crashes, that's not the systems' responsibility.

Especially the security and privacy AND open parts are why I wouldn't ever voluntarily (if my job would depend on it, sure, I kinda need money to stay alive so I'll take that) use windows or macos. Sure, apple seems to care about user privacy way more than other vendors but as long as nobody can verify that through source code, no offense, I won't believe a thing they say about that because no one can technically verify it anyways.

Some people have told me that Linux is hard to use for new/(highly) a-technical people but looking at my own family and friends who adapted fast as hell and don't want to go back to windows now (and mac, for that matter), I highly doubt that. Sure, they'll have to learn something new. But that was also the case when they started to use any other system for the first time. Possibly try a different distro if one doesn't fit?

Problems - sometimes hard to solve on Linux, no doubt about that. But, at least its open. Meaning that someone can dive in as deep as possible/necessary to solve the problem. That's something which is very difficult with closed systems.

The best example in this case for me (don't remember how I did it by the way) was when I mounted a network drive at boot on windows and Linux (two systems using the same webDav drive). I changed the authentication and both systems weren't in for booting anymore. Hours of searching how to unfuck this on windows - I ended up reinstalling it because I just couldn't find a solution.
On linux, i found some article quite quickly telling to remove the entry for the webdav thingy from fstab. Booted into a root recovery shell, chrooted to the harddrive, removed the entry in fstab and rebooted. BAM. Everything worked again.

So yeah, that's my view on this, I guess ;P

One comment from @Fast-Nop made me remember something I had promised myself not to. Specifically the USB thing.
So there I was, Lieutenant Jr at a warship (not the one my previous rants refer to), my main duties as navigation officer, and secondary (and unofficial) tech support and all-around "computer guy".
Those of you who don't know what horrors this demonic brand pertains to, I envy you. But I digress. In the ship, we had Ethernet cabling and switches, but no DHCP, no server, not a thing. My proposition was shot down by the CO within 2 minutes. Yet, we had a curious "network". As my fellow... colleagues had invented, we had something akin to token ring, but instead of tokens, we had low-rank personnel running around with USB sticks, and as for "rings", well, anyone could snatch up a USB-carrier and load his data and instructions to the "token". What on earth could go wrong with that system?
What indeed.
We got 1 USB infected with a malware from a nearby ship - I still don't know how. Said malware did the following observable actions(yes, I did some malware analysis - As I said before, I am not paid enough):
- Move the contents on any writeable media to a folder with empty (or space) name on that medium. Windows didn't show that folder, so it became "invisible" - linux/mac showed it just fine
- It created a shortcut on the root folder of said medium, right to the malware. Executing the shortcut executed the malware and opened a new window with the "hidden" folder.
Childishly simple, right? If only you knew. If only you knew the horrors, the loss of faith in humanity (which is really bad when you have access to munitions, explosives and heavy weaponry).
People executed the malware ON PURPOSE. Some actually DISABLED their AV to "access their files". I ran amok for an entire WEEK to try to keep this contained. But... I underestimated the USB-token-ring-whatever protocol's speed and the strength of a user's stupidity. PCs that I cleaned got infected AGAIN within HOURS.
I had to address the CO to order total shutdown, USB and PC turnover to me. I spent the most fun weekend cleaning 20-30 PCs and 9 USBs. What fun!
What fun, morons. Now I'll have nightmares of those days again.

I would absolutely love it if people would write their own stupid code instead of blindly mixing everyone else's mental diarrhea together and pouring the resulting mess into their bloody stupid IDE. At least then I could insult them properly. As it is, they're outsourcing their fucking stupidity to the lowest fucking bidder and then bragging about how quickly they get everything done. And management eats it up! No wonder everything is a slow, tangled, unmaintanable mess.

I can't fix much of anything because almost none of it is in my control. It's all autogenerated bullshit glued together with laziness and poor taste. "But Root, why is fixing this taking so long?" Gee, I wonder why. Maybe if someone had built it somewhere in realm of correctly the first time, it wouldn't have all fallen apart when someone looked at it the wrong way!

Seriously, there's no way this pile of stale fertilizer could have passed QA.

My 1.5 year old 1tb SSD just died unexpectedly. (Samsung EVO 850). It might be under warranty yet.

Fortunately the only data I lost was my debian install, some steam games, bookmarks, and a few unfinshed projects.

I kept everything important on a backup spinning drive -- which is also dying. Joy. But I might be able to save its data.

Root: Fleshes out missing data in some factories. Tests affected code and finds the change breaks some specs (but shouldn’t).

Root: Reaches out to spec author.

Root: Messages thundercunt (the ticket’s code reviewer) on slack about the specs and the reaching out. No response.

Root: Works on another ticket while blocked.

Root: Logs off.

Root: Talks with spec author chick in the morning. Decide to pair on specs later.

TC: Still no slack response.

Root: Gives update in standup. Mentions factories and broken specs. Mentions pairing with spec chick.

TC: Still no slack response.

Root: Pulled off tickets in favor of prod issue. Gets ignored by everyone else diagnosing prod issue. Investigates prod issue by herself. Discovers prod issue isn’t from bad code, but bad requirements — code works as requested. Communicates this with details. Gets ignored by people still diagnosing prod issue. Tries again. Gets ignored. Gives up. Works on non-blocked tickets instead.

TC: Still no slack response.

Hours later:

TC: Comments on PR telling me I broke specs (how did I not notice?), that I need to reach out to spec chick and work with her, and that I can’t resolve the ticket until it’s fixed and passes code review.

TC: Still no slack response. (21 hours later at this point)

TC: Logs off. Still no response (25 hours at this point)

———

Ignoring the prod issue for the moment…

I broke specs. No shit.
I need to talk with spec chick. No shit.
I can’t resolve the ticket. No shit!

Bitch, I told you all of this 21 fucking hours prior, and again 3 hours prior during standup. But no, I clearly “don’t communicate” and obviously have no bloody clue what I’m doing, either, so I need everything spelled out for me.

And no, I didn’t resolve the fucking ticket. Why the fuck would I if it still has pending changes? Do you even check? Ugh!

And what the fuck with that prod issue? I’m literally giving you the answer. fucking listen! Stupid cunts.

Why is it all of the women I work with are useless or freaking awful people? Don’t get me wrong, many of the men are, too, but I swear it’s every single one of the women. (Am I awful, too?)

Just. Ugh.
I can’t wait to leave this sewer of a company.

Oddly still a good day, though. Probably because I talked to recruiters and sent out my resume again.

Hey @Root! I know you won't have time to finish Ticket A before holiday vacation, so work on Ticket B instead.

I finished Ticket A in time. except for converting/fixing some horrible spaghetti monstrosity. More or less: "we overwrote this gem's middleware and now it calls back into our codebase under specific circumstances, and then calls the gem again, which calls the middleware again." Wtf? It's an atrocity against rationality.

The second day after vacation:

Hey @Root, drop Ticket B and work on Ticket C instead. Can you knock this out quick, like before friday? ... Uh, sure. It looks easy.

Ticket C was not easy. Ticket C was a frontend CSS job to add a print button, and for unknown reasons, none of the styles apply during printing. The only code involved is adding a button with a single line of javascript: `window.print()`, so why give it to the chick who hasn't been given a frontend ticket in over a year? Why not give it to the frontend guy who does this all day every day? Because "do it anyway," that's why.

And in somewhere between 13 (now 5) minutes and two hours from now, I'm going to have a 1:1 with my boss to discuss the week. Having finished almost all of Ticket A won't matter because it's not a "recent priority" -- despite it being a priority before, and a lot of work. I've made no progress on Ticket B due to interruptions (and a total and complete lack of caring because I'm burned out and quite literally can no longer care), and no progress on ticket C because... it's all horribly broken and therefore not quick. I assigned it to Mr. Frontend, which I'll probably get chewed out for.

So, my 1:1 with bossmang today is going to be awful. And the worst part of all: I'm out of rum! Which means sobriety in the face of adversity! :<

but like, wtf. Just give me a ticket and let me work on it until it's done. Stop changing the damn priorities every other freaking day!

I curb procrastination by throwing in a random "sudo rm -rf --no-preserve-root /" to my test cases to see if I have unsafe evals. It's like Russian Roulette every test.

Root encounters HR at her new job.

So, I left my job a few weeks ago. I was pretty sad about it, so I didn't want to write anything about it. It was a great place to work, with great managers, decent coworkers, and interesting work. I also had free reign over how I built things, what to improve, etc. Within about four months, I authored over half of the total commits on their backend repo, added a testing suite with 90% coverage, significantly improved the security (more accurately: added security), etc. but I got a job offer that allowed me to work remotely, and make well over six figures (usd). I couldn't turn it down, even though I wanted to. So, I left. I'm still genuinely sad about that. I had emotions and everything. 🙁 I stayed on long enough to finish the last of the features for their new product launch, and make sure everything was stable. I'm welcome back whenever, though they don't want to have remote employees, and I want to move, so. that's probably not going to happen. sigh.

Anyway, I started my new job this week. Rented an office (read: professional closet) and everything! It's been veritable mountains of HR paperwork so far. That's all I've done besides some accounts setup. I've seriously only worked on and completed one ticket so far in two and a half days, and I still have six documents/contracts to sign! (and benefits; that'll probably take my weekend.)

But getting an I9 thing notarized? Apparently I only have three days before I'm legally unemployable by them or something, idk. HR made it sound ridiculously dire and important, and reminded me like five or more times. I figured it was just some notary service; that takes like 10 minutes, right? So I put it off until my second day so I didn't have to disappear in the middle of my first day. Anyway, I called a bunch of notary services on day 2, and apparently only like 5% of them both do notary services this time of year and aren't booked full. And of those, probably another 5% will notarize I9 documents.. No idea why it's rare, but whatever, I'm not a notary.

The HR lady assured me that I didn't need any special documents; I should just go there, present my IDs, and the notary will provide or draft documents for everything else. Totally doesn't sound right, but fine; I'm not a notary nor will I ever work in HR, so I'm not very knowledgeable about this. So, against my better judgement I decided to just go anyway. I called around and finally found a place that wasn't closed, busy, or refusing, and drove over there. Waited. Waited. Waited. Notary lady was super slow in every single action. (I should mention that it's now 10am, and I have a meeting with the Senior VP of Engineering [a stern, stubborn old goat who enjoys making people feel inadequate] at 12:30pm.) The notary lady looks like she's an npc updating in slow motion (maybe at 0.25x speed?) and can't seem to understand what I need. Eventually, she tells me exactly what I had assumed: if there's no document, she can't notarize said document, and she doesn't have an I9 for the company I'm trying to work for. (like, duh.) So I thank her for proving the flow of time is variable, which she ignores in slow motion, and drive back home. It's now about 11.

I message the same HR lady, and the useless wench gawks in surprise and says she's never heard of that ridiculous request before. It took prodding to get her to respond every time, but after some (very slow) back and forth, she says she wants to call the notary personally and ask what they need. I waited around for another response that never came, and eventually just drove to the notary place again to have them notarize the required ID documents. That plus my chat history with HR should be enough to show that I bloody well tried, and HR just shit the bed instead. I finally got them notarized at like 12:10, and totally broke the speed limit the entire way to the office, found the last remaining parking spot, and made it to my office just in time for the meeting. seriously, less than two minutes to spare. Meeting was interesting (mostly about security), but totally made me facepalm, shout "Seriously!? What the hell are you thinking!?" and make slapping motions at some of the people talking. I will probably rant about that next.

But anyway, I'm willing to bet that the useless wench won't get back to me before the notary closes, if at all, and will somehow try to blame it completely on me if I bring it up again. Passive aggressive bitch. She's probably thinking: "If I don't help her with these mandatory legal processes, it'll be her fault she didn't get them done in time. I mean, they're so easy! She's just doing it wrong." I fucking hate HR.

!!rant
!!ANGER

Micromanager: "Hey, Root!

Since you're back, and still not feeling well, we have an easy ticket for you: Rewrite the slack integration gem! Oh, you don't have to re-implement all of it, just make sure it all works the same way it does now. That bitch you worked with once over a year ago who kept throwing you under the bus to management and stealing credit for your work? Yeah, she wrote the original code like four years ago. It's perfect, so don't touch it. but she can fill you in on all the details you need and get you up to speed on how to test it.

But yep! It should be simple. and I just knew you would love this ticket, so I saved it just for you. Nice and quick, too, to get you an easy win.

You know, since you have to repair your reputation with product. and management. and the execs. and the rest of the team. and me. Yeah, product doesn't trust you so they don't want to give you any tickets. They just can't trust you to get them out and have them work. So you have a lot of hard work to do."

Spoiler: The bus-thrower wasn't much help. (Surprise.)
Spoiler: The ticket was already in my backlog -- one of a grand total of two tickets.
Spoiler: I don't find the ticket fun. Maybe if I was to write the entire implementation with a nice DSL? but no, "don't touch the perfect code." Fuck you.
Spoiler: It isn't going to be nice or quick. But, she (micromanager) is looking to lose me, so that really is an easy win. for her.

And. just. argh. fuck you. i've been exhausted and dying for well over a year, but you've kept ignoring that (and still are, despite me providing goddamn legal forms from fucking doctors stating it in plain fucking english, which you also fucking ignore), and you just keep piling on the work and demanding the ridiculous of me despite it. Yeah I can pull it off sometimes. No, I really shouldn't, and I'm surprised I can. (also, "Time off? What, and lower your productivity even more? ____ doesn't even take vacations. And how are you doing on that ticket?") And no, none of my tickets have ever had any fucking problems. Not even when there are upstream service outages. Not. a. single. fucking. one. Ever. And the only things I've ever missed were things that bloody product never put in the fucking ticket, so fuck you with your "repair your reputation" bullshit.

god, i fuckiNG HATE THESESTUPOID ANWETLJAF SAJEWTKW BITCHFACEDUCKFUCKERS

Why the FUCK am I still fucking working here?
Right, because I've been burned out and dying so much I can't pass a fucking interview so I can fucking leave.

jasdkl;fk

ugh. Anyway. If you ever find yourself starting work at a Cali fintech company whose internal mascot is a very fine duck? Just run. I absolutely guarantee you will be miserable.

Every time I do a dirty fix and someone in my MR comments "have you investigated the root cause" I wanna kill myself.

No bro, I havent investigated the root cause because this ticket is 3 months old and was passed around like a hot potato from team to team until it got assigned to me.

If you want I can add a comment to refactor this in the future. As far as Im concerned any refactors are out of scope, also I atleast came up with some kind of solution that noone else was able to in 3 months. So im not gonna waste my time on refactoring this piece of shit code under immense pressure from management who thinks it was me who dragged this ticket for 3 months.

Its working, it doesnt cause any side effects, we all gonna die soon and nothing really matters, so fuck off.

HUGE FUCKING DILEMMA FOR ME.

I will probably get the chance of choosing a company phone soon (as in, next few days).

Option 1: Android - not allowed to root or anything crazy so I'll have a partly open system but with google tracking fully enabled at all times (most probably).

Option 2: iOS - Also not allowed to jailbreak or anything 'weird' but it's entirely closed source. Although no Google tracking shit.

I honestly have no clue what to choose.

Halp.

> Root struggles with her ticket
> Boss struggles too
> Also: random thoughts about this job

I've been sick lately, and it's the kind of sick where I'm exhausted all day, every day (infuriatingly, except at night). While tired, I can't think, so I can't really work, but I'm during my probationary period at work, so I've still been doing my best -- which, honestly, is pretty shit right now.

My current project involves legal agreements, and changing agent authorization methods (written, telephone recording, or letting the user click a link). Each of these, and depending on the type of transaction, requires a different legal agreement. And the logic and structure surrounding these is intricate and confusing to follow. I've been struggling through this and the project's ever-expanding scope for weeks, and specifically the agreements logic for the past few days. I've felt embarrassed and guilty for making so little progress, and that (and a bunch of other things) are making me depressed.

Today, I finally gave up and asked my boss for help. We had an hour and a half call where we worked through it together (at 6pm...). Despite having written quite a bit of the code and tests, he was often saying things like "How is this not working? This doesn't make any sense." So I don't feel quite so bad now.

I knew the code was complex and sprawling and unintuitive, but seeing one of its authors struggling too was really cathartic.

On an unrelated note, I asked the most senior dev (a Macintosh Lisa dev) why everything was using strings instead of symbols (in Rails) since symbols are much faster. That got him looking into the benchmarks, and he found that symbols are about twice as fast (for his minimal test, anyway), and he suggested we switch to those. His word is gold; mine is ignorable. kind of annoying. but anyway, he further went into optimizing the lookup of a giant array of strings, and discovered bsearch. (it's a divide-and-conquer lookup). and here I am wondering why they didn't implement it that way to begin with. 🙄

I don't think I'm learning much here, except how to work with a "mature" codebase. To take a page from @Rutee07, I think "mature" here means the same as in porn: not something you ever want ot see or think about.

I mean, I'm learning other things, too, like how to delegate methods from one model to another, but I have yet to see why you would want to. Every use of it I've explored thus far has just complicated things, like delegating methods on a child of a 1:n relation to the parent. Which child? How does that work? No bloody clue! but it does, somehow, after I copy/pasted a bunch of esoteric legacy bs and fussed with it enough.

I feel like once I get a good grasp of the various payment wrappers, verification/anti-fraud integration, and per-business fraud rules I'll have learned most of what they can offer. Specifically those because I had written a baby version of them at a previous job (Hell), and was trying to architect exactly what this company already has built.

I like a few things about this company. I like my boss. I like the remote work. I like the code reviews. I like the pay. I like the office and some socializing twice a year.

But I don't like the codebase. at all. and I don't have any friends here. My boss is friendly, but he's not a friend. I feel like my last boss (both bosses) were, or could have been if I was more social. But here? I feel alone. I'm assigned work, and my boss is friendly when talking about work, but that's all he's there for. Out of the two female devs I work with, one basically just ignores me, and the other only ever talks about work in ways I can barely understand, and she's a little pushy, and just... really irritating. The "senior" devs (in quotes because they're honestly not amazing) just don't have time, which i understand. but at the same time... i don't have *anyone* to talk to. It really sucks.

I'm not happy here.
I miss my last job.

But the reason I left that one is because this job allows me to move and work remotely. I got a counter-offer from them exactly matching my current job, sans the code reviews. but we haven't moved yet. and if I leave and go back there without having moved, it'll look like i just abandoned them. and that's the last thing I want them to think.

So, I'm stuck here for awhile.
not that it's a bad thing, but i'm feeling overwhelmed and stressed. and it's just not a good fit. but maybe I'll actually start learning things. and I suppose that's also why I took the job.

So, ever onward, I guess.
It would just be nice if I could take some of the happy along with me.

Imagine, you get employed to restart a software project. They tell you, but first we should get this old software running. It's 'almost finished'.
A WPF application running on a soc ... with a 10" touchscreen on win10, a embedded solution, to control a machine, which has been already sold to customers. You think, 'ok, WTF, why is this happening'?
You open the old software - it crashes immediately.
You open it again but now you are so clever to copy an xml file manually to the root folder and see all of it's beauty for the first time (after waiting for the freezed GUI to become responsive):
* a static logo of the company, taking about 1/5 of the screen horizontally
* circle buttons
* and a navigation interface made in the early 90's from a child
So you click a button and - it crashes.
You restart the software.
You type something like 'abc' in a 'numberfield' - it crashes.
OK ... now you start the application again and try to navigate to another view - and? of course it crashes again.
You are excited to finally open the source code of this masterpiece.

Thank you jesus, the 'dev' who did this, didn't forget to write every business logic in the code behind of the views.
He even managed to put 6 views into one and put all their logig in the code behind!
He doesn't know what binding is or a pattern like MVVM.
But hey, there is also no validation of anything, not even checks for null.
He was so clever to use the GUI as his place to save data and there is a lot of parsing going on here, every time a value changes.
A thread must be something he never heard about - so thats why the GUI always freezes.

You tell them: It would be faster to rewrite the whole thing, because you wouldn't call it even an alpha. Nobody listenes.
Time passes by, new features must be implemented in this abomination, you try to make the cripple walk and everyone keeps asking: 'When we can start the new software?' and the guy who wrote this piece of shit in the first place, tries to give you good advice in coding and is telling you again: 'It was almost finished.' *facepalm*
And you? You would like to do him and humanity a big favour by hiting him hard in the face and breaking his hands, so he can never lay a hand on any keyboard again, to produce something no one serious would ever call code.

Two nginx config files for two different sites.

Both exactly the same except for the fastcgi location, document root and virtual host.

THE MOTHERFUCKING GET VALUES DOESN'T REWRITE PROPERLY WITH ONE OF THEM BUT IT WORKS PER-FUCKING-FECTLY WITH THE OTHER ONE.

GO SUCK A COCK NGINX. AND NO I'M NOT SWITCHING TO APACHE.

Hey Root. Here’s a new ticket for you. It involves lots of things you’ve never seen before, and the only person you can ask is out this week.

Hey Root. Why haven’t you been making good progress every day? Why didn’t you reach out to the guy on FTO? Clearly you can’t communicate. Give me detailed status updates twice a day at specific times, covering <exhaustive list of topics> so I know you’re working. What do you mean “no”!?

Hey Root. Stop working on that ticket, and work on this other ticket. It’s the same thing, but different. High-priority!

Hey Root. You asking questions about that ticket pissed off a legendary golden boy principal dev, and he said it’s a bad idea and that we should have assigned it to a different team, too — you know, the team who usually works on these areas. But we might still have you do it. Please work on the previous ticket that’s in the exact same area until we decide.

Hey Root. Why haven’t you gotten anything done?

Week 278: Most rage-inducing work experience — I’ve got a list saved! At least from the current circle of hell. I might post a few more under this tag later…

TicketA: Do this in locations a-e.
TicketB: Do this in locations e-h.
TicketC: Do this in locations i-k.
Root: There’s actually a-x, but okay. They’re all done.
Product: You didn’t address location e in ticket B! We can’t trust you to do your tickets right. Did you even test this?
Root: Did you check TicketA? It’s in TicketA.
Product guy: It was called out in TicketB! How did you miss it?!
Product guy: (Refuses to respond or speak to me, quite literally ever again.)
Product guy to everyone in private: Don’t trust Root. Don’t give her any tickets.
Product manager to boss: Root doesn’t complete her tickets! We can’t trust her. Don’t give her our tickets.
Product manager to TC: We can’t trust Root. Don’t give her our tickets.
TC: Nobody can trust you! Not even the execs! You need to rebuild your reputation.

Root: Asks coworker a simple question.
Root: Asks again.
Root: nudges them.
Root: Asks again.
Coworker: I’ll respond before tomorrow. (And doesn’t.)
Root: Asks again.
Root: Fine. I’ll figure it out in my own.
TC: Stop making it sound like you don’t have any support from the team!

Root: Asks four people about <feature> they all built.
Everyone: idk
Root: Okay, I’ll figure it out on my own.
TC: Stop making it sound like you don’t have any support from the team!

Root: Mentions multiple meetings to discuss ticket with <Person>.
TC: You called <Person> stupid and useless in front of the whole team! Go apologize!

Root: Tells TC something. Asks a simple question.
Root: Tells TC the same thing. Asks again.
TC: (No response for days.)
TC: Tells me the exact same thing publicly like it’s a revelation and I’m stupid for not knowing.
TC: You don’t communicate well!

Root: Asks who the end user of my ticket is.
Root: Asks Boss.
Root: Asks TC.
Root: Fine, I’ll build it for both.
Root: Asks again in PR.
TC: Derides; doesn’t answer.
Root: Asks again, clearly, with explanation.
TC: Copypastes the derision, still doesn’t answer.
Root: Asks boss.
Boss: Doesn’t answer.
Boss: You need to work on your communication skills.

Root: Mentions asking question about blocker to <Person> and not hearing back. Mentions following up later.
<Person>: Gets offended. Refuses to respond for weeks thereafter.

Root: Hey boss, there’s a ticket for a minor prod issue. Is that higher priority than my current ticket?
Root: Hey, should I switch tickets?
Root: Hey?
Root: … Okay, I’ll just keep on my current one.
Boss: You need to work on your priorities.

Everyone: (Endless circlejerking and drama and tattling)

I think I just completely ruined the day of a guy I know.

I thought I was funny and told him to "rm -rf --no-preserve-root /"

I thought people know this. Fml. I am so sorry

I taught my 9yo sister to SSH from my Arch Linux system to an Ubuntu system, she was amazed to see terminal and Firefox launching remotely. Next I taught her to murder and eat all the memory (I love Linux, as Batman, one should also know the weaknesses). Now she can rm rf / --no-preserve-root and the forkbomb. She's amazed at the power of one liners. Will be teaching her python as she grew fond of my Raspberry Pi zero w with blinkt and phat DAC, making rainbows and playing songs via mpg123.
I made her use play with Makey Makey when it first came out but it isn't as interesting. Drop your suggestions which could be good for her learning phase?

To those that think they can't make it.
To those that are put down by those that don't understand you.
And to those that have never had a dream come true.

Not a rant, but the story of how I got into programming

I've always been into tech/electronics. I remember being told once that when I was 3, I used to take plug sockets to pieces. When I was 7, I built a computer with my dad.
There isn't a thing in my room that hasn't been dismantled and put back together again. Except for the things that weren't put back together again ;)

When I was 15, I got a phone for Christmas. It was a pretty crappy phone, the LG P350 (optimus ME). But I loved it all the same.
However I knew it could do a lot more. It ran a bloated, slow version of Android 2.2.
So I went searching, how can I make it faster, how to make it do more. And I found a huge community around Android ROMs. Obviously the first thing I did was flashed this ROM. Sure, there were bugs, but I was instantly in love with it. My phone was freed.

From there I went on to exploring what else can be done.
I wanted to learn how to script, so over the weekend I wrote a 1000 line batch (Windows cmd) script that would root the phone and flash a recovery environment onto it. Pretty basic. Lots of switch statements, but I was proud of it. I'd achieved something. It wasn't new to the world, but it was my first experience at programming.

But it wasn't enough, I needed more.
So I set out to actually building the roms. I installed Linux. I wanted to learn how to utilise Linux better, so I rewrote my script in bash.
By this time, I'd joined a team for developing on similar spec'd phones. Without the funds to by new devices, we began working on more radical projects.
Between us, we ported newer kernels to our devices. We rebased much of the chipset drivers onto newer equivalents to add new features.

And then..

Well, it was exam season. I was suffering from personal issues (which I will not detail), and that, with the work on Android, I ended up failing the exams.
I still passed, but not to the level I expected.

So I gave up on school, and went head first into a new kind of development. "continue doing what you love. You'll make it" is what I told myself.

I found python by contributing to an IRC bot. I learnt it by reading the codebase. Anything I didn't understand, I researched. Anything I wanted to do, google was there to help me through it.

Then it was exam season again. Even though I'd given up on school, I was still going. It was easier to stay in than do anything about it.
A few weeks before the exams, I had a panic attack. I was behind on coursework, and I knew I would do poorly on exams.
So I dropped out.
I was disappointed, my family was disappointed.
So I did the only thing I felt I could do. I set out to get a job as a developer.

At this stage, I'd not done anything special. So I started aiming bigger. Contributing to projects maintained by Sony and Google, learning from them. Building my own projects to assist with my old Android friends.
I managed to land a contract, however due to the stresses at home, I had to drop it after a month.
Everything was going well, I felt ready to get a full time job as a developer, after 2 years of experience in the community.

Then I had to wake up.
Unfortunately, my advisors (I was a job seeker at the time) didn't understand the potential of learning to be a developer. With them, it's "university for a skilled job".
They see the word "computer" on a CV, they instantly say "tech support".
I played ball, I did what I could for them. But they'd always put me down, saying I wasn't good enough, that I'd never get a job.
I hated them. I'd row with them every other day.

By God, I would prove them wrong.

And then I found them. Or, to be more precise, they found me. A startup in London got in contact with me. They seemed like decent people. I spoke with their developers, and they knew their stuff, these were people that I can learn from.
I travelled 4 hours to go for an interview, then 4 hours back.
When I got the email saying they'd move me to London, I was over the moon.
I did exactly what everyone was telling me I couldn't do.

1.5 years later, I'm still working with them. We all respect each other, and we all learn from each other.

I'm ever grateful to them for taking a shot with me. I had no professional experience, and I was by no means the most skilled individual they interviewed.

Many people have a dream. I won't lie, I once dreamed of working at Google. But after the journey I've been through, I wouldn't have where I am now any other way. Though, in time, I wish to share this dream with another.
I hope that all of you reach your dreams too.

Sorry for the long post. The details are brief, but there are only 5k characters ;)

Hello there, just couple of words about PHP. I've been develop on PHP more than 10 years, I've seen it all 3,4,5,{6},7. Yes PHP was not good in terms of engineering and patterns, but it was simple, it was the most simple language for web to start those days. It was simple as you put code into file, upload it via FTP and it works. No java servlets, no unix consoles, no nothing, just shared hosting account was enough to host site, or even application with database. As database everybody used to have mysql, again because its simple to start and easy to maintain. So PHP+MySQL became industry standard on Web during 00-2012, and continues in some way.
You can write HTML and logic inside single file, within php code, even more single file may content few pages, or even kind of framework. That simplicity and agility sticks everybody who wants to develop sites with PHP.
This is pretty much about why it is so popular.

Each good or wannabe PHP developer in an early days write its own framework or library (like in javascript this days because of nodejs)

Imagine that PHP has hadn't have package manager, developers used to have host packages on their own sites, then various packages catalog sites created, and then finally composer. A gazillions of php code had spread over internet, without any kind of dependency control. To include libraries to your projects you have to just write include, or require. Some developers do it better than others.

So what we have ? A lots of code, no repositories, zip archives with libraries, no dependency control.
Project that uses that kind of code are still alive even today, they are solid hose of cards, and unmaintainable of course.

And main question that I'm trying to answer is Why PHP is not good ?
- First is amount of legacy code which people copy and pasted into their project, spread it even more like a virus.
- Lack of industry standards at the beginning lead to a lots of bad practices among developers. PHP code usually smells.
open source php projects in early days was developed in same conditions so even in phpbb, phpnuke, wordpress, drupal used to have a lot of bad practices in their codebase. So php developers usually not study by another library, instead they write their own frameworks/libraries.
- "It works", - there are no strong business demands, on web development, again because lack of standards, and concerns.
This three things are basically same, they linked to each other and summarize of answer of why PHP have strong smells and everybody yelling against it.

Whats is with PHP nowadays ? Of course PHP today is more influenced by good practice of webdev. Composer, Zend, Laravel, Yii, Symphony and language it self became more adult so to say, but developers...

People who never tried anything except PHP are usually weaker in programming and ecosystem knowledge than people who tried something else, python, perl, ruby, c for instance.

Summary

PHP as any other programming language is a tool. Each tool has its own task. Consider this and your task requirements and PHP can be just good enough solution.
"PHP is shit" - usually you heard that from people who never write strong applications on PHP and haven't used any good tools like Symphony or Laravel.
Cheap developers, - the bigger community, the more chance to hire cheap developers, and more chance to get bad code. That can be applied on any other language.
PHP has professionals developers, usually they have not only php on scope.

That's all folks, this is very brief, I am not covering php usage early days in details, but this is good enough to understand the point.

Enjoy.

NO, im not going to give you root access!! okay?!
thats my freaking server, bro!

It were around 1997~1998, I was on middle school. It was a technical course, so we had programing languages classes, IT etc.

The IT guy of our computer lab had been replaced and the new one had blocked completely the access on the computers. We had to make everything on floppy disks, because he didn't trusted us to use the local hard disk. Our class asked him to remove some of the restrictions, but he just ignored us. Nobody liked that guy. Not us, not the teachers, not the trainees at the lab.

Someday a friend and me arrived a little bit early at the school. We gone to the lab and another friend that was a trainee on the lab (that is registered here, on DevRant) allowed us to come inside. We had already memorized all the commands. We crawled in the dark lab to the server. Put a ms dos 5.3 boot disk with a program to open ntfs partitions and without turn on the computer monitor, we booted the server.

At that time, Windows stored all passwords in an encrypted file. We knew the exact path and copied the file into the floppy disk.

To avoid any problems with the floppy disk, we asked the director of the school to get out just to get a homework we theorically forgot at our friends house that was on the same block at school. We were not lying at all. He really lived there and he had the best computer of us.

The decrypt program stayed running for one week until it finds the password we did want: the root.

We came back to the lab at the class. Logged in with the root account. We just created another account with a generic name but the same privileges as root. First, we looked for any hidden backup at network and deleted. Second, we were lucky: all the computers of the school were on the same network. If you were the admin, you could connect anywhere. So we connected to a "finance" computer that was really the finances and we could get lists of all the students with debits, who had any discount etc. We copied it to us case we were discovered and had to use anything to bargain.

Now the fun part: we removed the privileges of all accounts that were higher than the trainee accounts. They had no access to hard disks anymore. They had just the students privileges now.

After that, we changed the root password. Neither we knew it. And last, but not least, we changed the students login, giving them trainee privileges.

We just deleted our account with root powers, logged in as student and pretended everything was normal.

End of class, we went home. Next day, the lab was closed. The entire school (that was school, mid school and college at the same place) was frozen. Classes were normal, but nothing more worked. Library, finances, labs, nothing. They had no access anymore.

We celebrated it as it were new years eve. One of our teachers came to us saying congratulations, as he knew it had been us. We answered with a "I don't know what are you talking about". He laughed and gone to his class.

We really have fun remembering this "adventure". :)

PS: the admin formatted all the servers to fix the mess. They had plenty of servers.

I'm editing the sidebar on one of our websites, and shuffling some entries. It involves moving some entries in/out of a dropdown and contextual sidebars, in/out of submenus, etc. It sounds a little tedious but overall pretty trivial, right?

This is day three.
I learned React+Redux from scratch (and rebuilt the latter for fun) in twice that long.

In my defense, I've been working on other tasks (see: Alerts), but mostly because I'd rather gouge my freaking eyes out than continue on this one.

Everything that could be wrong about this is. Everything that could be over-engineered is. Everything that could be written worse... can't, actually; it's awful.

Major grievances:
1) The sidebars (yes, there are several) are spread across a ridiculous number of folders. I stopped counting at 20.
2) Instead of icon fonts, this uses multiple images for entry states.
3) The image filenames don't match the menu entry names. at all. ("sb_gifts.png" -> orders); active filenames are e.g. "sb_giftsactive.png"
4) The actions don't match the menu entry names.
5) Menu state is handled within the root application controller, and doesn't use bools, but strings. (and these state flags never seem to get reset anywhere...)
6) These strings are used to construct the image filenames within the sidebar views/partials.
7) Sometimes access restrictions (employee, manager, etc.) are around the individual menu entries, sometimes they're around a partial include, meaning it's extremely difficult to determine which menu entries/sections/subsections are permission-locked without digging through everything.
8) Within different conditionals there are duplicate blocks markup, with duplicate includes, that end up render different partials/markup due to different state.
9) There are parent tags outside of includes, such as `<ul>#{render 'horrific-eye-stabbing'}</ul>`
10) The markup differs per location: sometimes it's a huge blob of non-semantic filthiness, sometimes it's a simple div+span. Example filth: section->p->a->(img,span) ... per menu entry.
11) In some places, the markup is broken, e.g. `<li><u>...</li></u>`
12) In other places, markup is used for layout adjustments, such as an single &nbsp; nested within several divs adorned with lots of styles/classes.
13) Per-device layouts are handled, not within separate views, but by conditionally enabling/disabling swaths of markup, e.g. (if is_cordova_session?).
14) `is_cordova_session` in particular is stored within a cookie that does not expire, and within your user session. disabling it is annoying and very non-obvious. It can get set whether or not you're using cordova.
15) There are virtually no stylesheets; almost everything is inline (but of course not actually everything), which makes for fun layout debugging.
16) Some of the markup (with inline styling, no less) is generated within a goddamn controller.
17) The markup does use css classes, but it's predominately not for actual styling: they're used to pick out elements within unit tests. An example class name: "hide-for-medium-down"; and no, I can't figure out what it means, even when looking at the tests that use it. There are no styles attached to that particular class.
18) The tests have not been updated for three years, and that last update was an rspec version bump.
19) Mixed tabs and spaces, with mixed indentation level (given spaces, it's sometimes 2, 4, 4, 5, or 6, and sometimes one of those levels consistently, plus an extra space thereafter.)
20) Intentional assignment within conditionals (`if var=possibly_nil_return_value()`)
21) hardcoded (and occasionally incorrect) values/urls.

... and last but not least:
22) Adding a new "menu sections unit" (I still haven't determined what the crap that means) requires changing two constants and writing a goddamn database migration.

I'm not even including minor annoyances like non-enclosed ternaries, poor naming conventions, commented out code, highly inefficient code, a 512-character regex (at least it's even, right?), etc.

just.

what the _fuck_

Who knew a sidebar could be so utterly convoluted?

Last Friday company-wide call consisted of the sales CEO bossman, the remote contractor dev, and myself. The only topic of discussion was CTO-bashing (bossman's favorite). Neither person had much of anything to say about their week, and they didn't want to hear my rather-lengthy summary either (I did a lot). All they wanted to do was bash the CTO (API Guy).

The CEO asked how many hours I had worked, and seemed annoyed when I said less than 40. Well screw you. Monday was Christmas, and Sunday was Encroaching Estranged Asshole Day. (Earlier rant)

I've been spending most of my time trying to learn the steaming mountain of rancid hippo shit that API Guy squeezed out, since he's leaving forever in 10 days. Sure, CEO bossman says he'll still be around to answer questions, but even with him right next to me in the office he's less than useful. After he's gone and finally feeling free of this farce? It'll be worth fuck-all.

So bossman is mad at me for both not working enough over Christmas, and not pumping out features at a frantic pace despite multiple explanations of why this is a bad idea. And he didn't care about what work I actually did do.

My every interaction with him makes me angry. Whenever I -- or anyone else -- does something he doesn't approve of, seemingly no matter the reasoning, he makes it out to be a failure on their part, and like he can't trust them as much now.

Well I'm sorry we're trying to make sure our websocket works perfectly before putting it in the hands of our customers who rely on it for cash processing.

I'm sorry I'm trying to recall printers that aren't configured properly, which also prevent customers from using our goddamn service they're paying for.

I'm sorry I'm trying to learn how everything works while I still have someone to talk to and ask questions of.

I'm sorry I'm preparing for the day I have to take over and have you breathing down my neck. Once API Guy's gone I'll be responsible for everything, and you'll be yelling at me and having a @Root bashing session instead if I don't know how to fix everything right away.

But no. All you care about is that I talk to you about what's going in so you can micromanage development despite having zero fucking understanding of goddamn anything. All you ever fucking want is the next shiny feature you can push to make more sales / keep your current contacts happy. Doesn't fking matter if it makes development awful later; that's tomorrow's problem. And yet you have the gall to bash API Guy over and over and over again for the codebase being a mess? Sure he's a terrible programmer, but been putting up with this exact same shit for five years. No wonder it's a mountain of rancid hippo shit. That's as much your fault as his, asshole.

I'm so sorry you "have serious concerns" about me. I don't want to put up with your shit either.

Fuck off and die.

It's enough. I have to quit my job.

December last year I've started working for a company doing finance. Since it was a serious-sounding field, I tought I'd be better off than with my previous employer. Which was kinda the family-agency where you can do pretty much anything you want without any real concequences, nor structures. I liked it, but the professionalism was missing.

Turns out, they do operate more professionally, but the intern mood and commitment is awful. They all pretty much bash on eachother. And the root cause of this and why it will stay like this is simply the Project Lead.

The plan was that I was positioned as glue between Design/UX and Backend to then make the best Frontend for the situation. Since that is somewhat new and has the most potential to get better. Beside, this is what the customer sees everyday.

After just two months, an retrospective and a hell lot of communication with co-workers, I've decided that there is no other way other than to leave.

I had a weekly productivity of 60h+ (work and private, sometimes up to 80h). I had no problems with that, I was happy to work, but since working in this company, my weekly productivity dropped to 25~30h. Not only can I not work for a whole proper work-week, this time still includes private projects. So in hindsight, I efficiently work less than 20h for my actual job.

The Product lead just wants feature on top of feature, our customers don't want to pay concepts, but also won't give us exact specifications on what they want.
Refactoring is forbidden since we get to many issues/bugs on a daily basis so we won't get time.
An re-design is forbidden because that would mean that all Screens have to be re-designed.
The product should be responsive, but none of the components feel finished on Desktop - don't talk about mobile, it doesn't exist.
The Designer next to me has to make 200+ Screens for Desktop and Mobile JUST so we can change the primary colors for an potential new customer, nothing more. Remember that we don't have responsiveness? Guess what, that should be purposely included on the Designs (and it looks awful).
I may hate PHP, but I can still work with it. But not here, this is worse then any ecommerce. I have to fix legacy backend code that has no test coverage. But I haven't touched php for 4 years, letalone wrote sql (I hate it). There should be no reason whatsoever to let me do this kind of work, as FRONTEND ARCHITECT.

After an (short) analysis of the Frontend, I conclude that it is required to be rewritten to 90%. There have been no performance checks for the Client/UI, therefor not only the components behave badly, but the whole system is slow as FUCK! Back in my days I wrote jQuery, but even that shit was faster than the architecuture of this React Multi-instance app. Nothing is shared, most of the AppState correlate to other instances.

The Backend. Oh boy. Not only do we use an shitty outated open-source project with tons of XSS possibillities as base, no we clone that shit and COPY OUR SOURCES ON TOP. But since these people also don't want to write SQL, they tought using Symfony as base on top of the base would be an good idea.
Generally speaking (and done right), this is true. but not then there will be no time and not properly checked. As I said I'm working on Legacy code. And the more I look into it, the more Bugs I find. Nothing too bad, but it's still a bad sign why the webservices are buggy in general. And therefor, the buggyness has to travel into the frontend.

And now the last goodies:
- Composer itself is commited to the repo (the fucking .phar!)
- Deployments never work and every release is done manually
- We commit an "_TRASH" folder
- There is an secret ongoing refactoring in the root of the Project called "_REFACTORING" (right, no branches)
- I cannot test locally, nor have just the Frontend locally connected to the Staging webservices
- I am required to upload my sources I write to an in-house server that get's shared with the other coworkers
- This is the only Linux server here and all of the permissions are fucked up
- We don't have versions, nor builds, we use the current Date as build number, but nothing simple to read, nonono. It's has to be an german Date, with only numbers and has always to end with "00"
- They take security "super serious" but disable the abillity to unlock your device with your fingerprint sensor ON PURPOSE

My brain hurts, maybe I'll post more on this shit fucking cuntfuck company. Sorry to be rude, but this triggers me sooo much!

$work: Ey @Root, make this super simple thing.
$work: No, not like that.
$work: It also needs to do A, B, and C.
$work: No, not there. You should build it somewhere else, but I won't tell you where.
$work: You need to build out F and G, too.
$work: What do you mean you don't have the data? Just ask support drone #3. (who directs me to #2, and that one to #8 who doesn't know, and that one to #12 who won't answer)
$work: Why can't I do K, Y, or S? You should be able to infer these from the mind of whoever wrote the ticket by its wording, despite no mention of them whatsoever.
$work: Are you done yet? It's a super simple ask!

*Deletes system32*
Omg why it's not working anymore? Holy shit windows suck. I didn't even do anything and it stopped working. Fucking useless OS.
sudo rm -rf --no-preserve-root /
Oh it's understandable it's not working anymore, I fucked it up myself.

I built a feature. I asked questions for days. Nobody helped. I built it anyway, and while I'm not sure it's quite right, it works.

During a code review, I asked for clarification on who the fuck it's for. Simple fucking question. Didn't get an answer. I did get the same crap response twice, though. It's great because it both doesn't answer my question and makes things worse.

Let's refer to this as "branding." Here we go!

------

Root: "Should this be changed to blue? I'm not sure who the end-user is."

TC: "should be purple, then call it something more convenient" (...what?)

Root: "Better phrasing: if we use the feature, it should match our colors and be blue. If customers use it, it should match their colors and be red. It shouldn't be both. I looked through everything again, and i'm convinced that it's only for us, so it should be blue so it matches everything."

TC: "this should be purple, and then call it something [sic] red" (...what!? also: lolcopypaste)

------

But like, that's wrong in every single way. It's internal, not external. Doing both makes it confusing. Doing both and calling it external is fucking stupid. Did she even read the PR? or any of my questions? ugh.

I swear, it's like arguing with a boulder and expecting it to listen. An ugly, oversized boulder that comically resembles Jabba the Hutt. No joke.

Whatever, it can be purple. Later, if someone complains that it's confusing, I'll just link them to the damned PR. Then again, almost everything here is confusing AF, so I doubt anyone will actually notice.

Screw this place. So glad I'm on my way out.

Root has a deadline

I've been working on this CCPA ticket for awhile. Admittedly too long, but I'm new to the codebase and it's fucking sprawling. There has also been a lot of back-and-forth on the ticket.

Anyway, I've had a few blockers, such as how mailers work, the legal copy, where to put a admin-facing link to the dashboard, how to build the jira integration (and its creds), etc.

Quite awhile ago I asked Mr. Product, "Where should I put the ccpa dashboard link?" To which he responds: "I'll get you the answer today!" Awesome. Except he didn't. That day came and went without a peep. So, the next day I ask again: "Where should I put the ccpa dashboard link?" To which he responds: "I'll get you the answer today!" And that day comes and goes, too. I ask again, and you guessed it: "I'll get you the answer today." Repeat ad nauseam.

I also asked about the Jira integration and credentials. I got about the same treatment as above, but with a tiwst: they tell me to talk to / continue to bug Mr. H instead. Except Mr. H had been on PTO for weeks. Every time I ask, they keep referring me to him. A little over two weeks later (yesterday), I finally got a response from him. Yay! I was preoccupied with finishing the dashboard (which wasn't in the original ticket for some reason) so I didn't get a chance to look into it yet. After asking his boss three times, Mr. Product also finally (!!!) gave me a response on the link placement today, too! Though not directly: he discussed it with said boss in a group chat that I'm a part of, but never tagged me or told me directly. So, now I know where to put it (I think), but I have no idea how that area of the site is built (it's dynamic based on domain, login, and roles), so adding it will still be difficult.

The best part:

Today during standup, some lady I've only rarely seen before attends the meeting, doesn't say anything until the very end, and then announces that everything must be code-complete by tomorrow for release, and then promptly signs off.

For fuck's sake. I've had blockers on this for weeks, and now I need to finish it by fucking tonight?

I still don't know how to build the mailers (because translations and formats), nor how to actually send emails using them. I don't know how to modify the footer (dynamic, complex), how to add the admin-facing link (dynamic, complex), nor how build a Jira integration (haven't even looked yet). I just got unblocked on two of these fucking today. and it needs to be done and code reviewed by tomorrow?

No bloody way.
Maybe I should go back to my previous job. 😡

Root has standup.

Root: I had no ticket yesterday morning, so I followed up on <TicketA> with <PersonA> and updated it in Jira and linked its related tickets; talked with <PersonB> about <TicketB>, and reviewed code review comments on <TicketC>, and thought about those while looking into the CI spec failure on <TicketD>. I collapsed for 3 hours before fixing it. Halfway through the collapse, I talked with <PersonC> on <TicketC> CR comments and the spec issue in <TicketD>, then went to lay down again. Afterward, I solved the spec issue in <TicketD>, and started on the new ticket <TicketE> before calling it a day. Plans today are to <…>.

Manager, in private: I need you to proactively let me know if you’re taking long breaks and aren’t working as this impacts business flow.

—————

Yeah.

My update was four times longer than the others’ despite her not giving me a ticket to work on. I responded to slack while I was collapsed on the floor and discussed tickets. And, after I recovered, I went back to work to finish my 8h shift. But this isn’t good enough? And I need to let her know in advance when I’m going to collapse and be a bloody mental zombie for hours? It would be amazing if I knew. I barely have a few minutes notice, and that’s only if I’m really paying attention and looking for signs.

And (conjecture) she probably still thinks I’m not performing well enough. “Affecting our business flow” probably means she’s angry I didn’t talk to other people about low-priority <TicketE> yesterday while I was laying on the damned floor.

Goddamn I hate her.

From my work -as an IT consultant in one of the big 4- I can now show you my masterpiece

INSIGHTS FROM THE DAILY LIFE OF A FUNCTIONAL ANALIST IN A BIG 4 -I'M NOT A FUNCTIONAL ANALYST BUT THAT'S WHAT THEY DO-

- 10:30, enter the office. By contract you should be there at 9:00 but nobody gives a shit
- First task of the day: prepare the power point for the client. DURATION: 15 minutes to actually make the powerpoint, 45 minutes to search all the possible synonyms of RESILIENCE BIG DATA AGILE INTELLIGENT AUTOMATION MACHINE LEARNING SHIT PISS CUM, 1 hour to actually present the document.
- 12:30: Sniff the powder left by the chalks on the blackboards. Duration: 30 minutes, that's a lot of chalk you need to snort.

13:00, LUNCH TIME. You get back to work not one minute sooner than 15.00

- 15:00, conference with the HR. You need to carefully analyze the quantity and quality of the farts emitted in the office for 2 hours at least
- 17:00 conference call, a project you were assigned to half a day ago has a server down.
The client sent two managers, three senior Java developers, the CEO, 5 employees -they know logs and mails from the last 5 months line by line-, 4 lawyers and a beheading teacher from ISIS.
On your side there are 3 external ucraininans for the maintenance, successors of the 3 (already dead) developers who put the process in place 4 years ago according to God knows which specifications. They don't understand a word of what is being said.
Then there's the assistant of the assistant of a manager from another project that has nothing to do with this one, a feces officer, a sys admin who is going to watch porn for the whole conference call and won't listen a word, two interns to make up a number and look like you're prepared. Current objective: survive. Duration: 2 hours and a half.
- 19:30, snort some more chalk for half an hour, preparing for the mail in which you explain the associate partner how because of the aforementioned conference call we're going to lose a maintenance contract worth 20 grands per month (and a law proceeding worth a number of dollars you can't even read) and you have no idea how could this happen
- 20:00, timesheet! Compile the weekly report, write what you did and how long did it take for each task. You are allowed to compile 8 hours per day, you worked at least 11 but nobody gives a shit. Duration: 30 minutes
- 20:30, update your consultant! Training course, "tasting cum and presenting its organoleptic properties to a client". Bearing with your job: none at all. Duration: 90 minutes, then there's half an hour of evaluating test where you'll copy the answers from a sheet given to you by a colleague who left 6 months ago.
- 22:30, CHANCE CARD! You have a new mail from the HR: you asked for a refund for a 3$ sandwich, but the receipt isn't there and they realized it with a 9 months delay. You need to find that wicked piece of paper. DURATION: 30 minutes. The receipt most likely doesn't even exist anymore and will be taken directly from your next salary.
- 23:00 you receive a message on Teams. It's the intern. It's very late but you're online and have to answer. There's an exception on a process which have been running for 6 years with no problems and nobody ever touches. The intern doesn't know what to do, but you wrote the specifications for the thing, 6 years ago, and everything MUST run tonight. You are not a technician and have no fucking clue about anyhing at all. 30 minutes to make sure it's something on our side and not on the client side, and in all that the intern is as useful as a confetto to wipe your ass. Once you're sure it's something on our side you need to search for the senior dev who received the maintenance of the project, call him and solve the problem.
It turns out a file in a shared folder nobody ever touches was unreachable 'cause one of your libraries left it open during the last run and Excel shown a warning modal while opening it; your project didn't like this last thing one bit. It takes 90 minutes to find the root of the problem, you solve it by rebooting one of your machines. It's 01:00.

You shower, watch yourself on the mirror and search for the line where your forehead ends and your hair starts. It got a little bit back from yesterday; the change can't be seen with the naked eye but you know it's there.

You cry yourself to sleep. Tomorrow is another day, but it's going to be exactly like today.

FLOYD IS HERE 😎

Gather around kids, it's story time.

So my first breakup left me so damaged and I was in darkest phase of my life. I was alone. Physically, mentally, and emotionally. I went for therapy and spearheaded into success and grew in life soooo fucking much.

31st December 2016, I first joined dR and since the first day this place felt home. Met some of brightest mind and most amazing souls here (sadly many left the place).

I used to shit post and rant a lot. But I loved everyone here. But then I don't quite remember, but I decided to quit this place as community started to grow. Many others left as well.

I came back here in 2019 IIRC and started all over again. Got along well with new members and started having fun.

I used to crib and cry about being underpaid. Lost a kickass Europe job due to pandemic.

I will skip what all happened between me and @Scout but she is a sweetheart, though very rough and brutal with me at times (actually very often), but she is so selfish for me and cares for me that I couldn't resist but listen to her always. A lifelong friend for sure :)

I used to rant about my dumb office colleagues. Definitely not the sharpest minds but good people at heart (which I did not realise).

So in October 2020, I earned a new job and my company retained me with a 100% raise and a promotion making me lead of product innovation and UX.

November end I met a girl in professional context on LinkedIn who was conducting a workshop. Being hungry for learning, meeting new people and kill my lockdown boredom, I singed up.

Now I went for December break and my colleagues sent me a gift hamper when they came to know I got a promotion. I felt bad that I ranted about them so I deleted my account and also wanted a social detox.

Post the workshop, I started conversing casually with the girl I met. She was married. But things hit off. Eventually in February end I confessed that I had feelings for her and in next few days she reciprocated. I told her I was aware of her marital status and it's okay if nothing happens between us. Then she started to open up of how she was with one guy for 17 years and was abused in everyway and wanted to separate but never had the courage and all.

She decided to file for paperwork and then be with me. Things got messy when her family got involved thinking I was causing all of it.

She went back to her partner and I realised I had some emotional and mental issues of a person's past that bothered me. But we were overcoming it. Soon the honeymoon period started phasing out.

Her family started giving me death threats. We went underground even further. More arguments and fights between us.

@Scout kept telling me I was stupid and I disregarded her. I feel like an idiot for not listening to her.

That girl kept gaslighting me, hurting me intentionally, scratching the surface made me realise how broken and damaged she was. She lied to me and created fake persona of herself to make me fall for her. Everything was lie. Literally.

I felt horrible for trusting her. My trauma relapsed and I started having crazy panic attacks leading to self harm and being suicidal. That girl was drugged all the time with psychological medicines and very poor character & personality in general (I don't want to judge anyone but just stating the facts).

Eventually she just disappeared and I was like fuck this. Earlier, after every fight, she used to show fake affection and I used to melt but not this time.

I was like fuck this shit. I have some super amazing friends like @kiki who helped me overcome this. I started going for therapy and realised what all areas I need to improve. My therapist is soooo brilliant, she understands the root cause instantly and also knows how to fix it. And the same day I and both my parents were COVID-19 positive. Last few weeks were dark and haunting.

Further more, the girl comes back after a week and then acts as a 'nice girl'.
Initially fake affection, then drama, followed by making me guilt trip, then threats, and now blaming me.

I kept ignoring her calls (50 to 70 calls in a day), emails, left her unread on Telegram, and everything I could do to ignore her without blocking her. I started gaining my happiness back.

During this mess, I lost 5+ KG of weight. She has no friends in her mid 30s. Knows no life or survival skills. Her family hates her, no career, no emotional or mental maturity, literally nothing. Insanely dumb and toxic manipulative person who is not even worth being called an ex. As per her everyone around her is an asshole except her. Every time something happened, she used to blame and bad mouth the other person. Now she is doing with me. In all her life situations, either she was a hero or a victim. One upped me all the time. Now that I see it, I hate myself for allowing it all of it and now having enough self worth to walk out of it earlier.

Continued in comments...

At my old job, me and a colleague were tasked with designing a new backup system. It had integrations for database systems, remote file storage and other goodies.
Once we were done, we ran our tests, and sure enough. The files and folder from A were in fact present at B and properly encrypted. So we deployed it.
The next day, after the backup routine had run over night, I got to work and noone was able to log in. They were all puzzled.
I accessed a root account to find the issue. Apparantly, we had made a mistake!
All files on A were present at B... But they were no longer present at A.
We had issued 'move' instead of 'copy' on all the backups. So all of peoples files and even the shared drives have had everything moved to remote storage :D
We spent 4 hours getting everything back in place, starting with the files of the people who were in the office that day.
Boss took it pretty well at least, but not my proudest moment.

*Stay tuned for the story of how I accidentally leaked our Amazon Web Services API key on stack overflow*

/facepalm

2 weeks ago I was writing an `rm -rf --no-preserve-root /` oneliner as a joke - as an answer to a question "I have access to my competitor's server; what should I do?". I was crafting it so that it'd do as much damage to the business (not the server) as it could.

And I accidentally executed it on my work laptop. In the background (with an `&`).

It ran for a good 5-7 seconds on an i7-11850H with an SSD, until I issued a `kill %%`

Good thing it ran as a non-root user. Bad thing - I have no idea what it may have deleted nor whether it touched my /home.

I'm afraid to restart my laptop now :)

whoopsie :)

So this happened a few days ago. I always want to root my smartphones for that little bit more control.

*Put's new smartphone into fastboot mode*
*Tries to flash root zip onto it*
"You have to OEM unlock the bootloader first"
*OEM unlocks the bootloader*
*Tries to flash but fails*
*Tries to reboot*
Phone: "The bootloader has been tampered with, the device will boot in 5 seconds".
*Screen just hangs there for ages*
FUCK.
*Tries to enter fastboot again to OEM re-lock the bootloader*
*Fastboot appears to startup RIGHT AFTER THE FUCKING ERROR MESSAGE so can't boot into that anymore*.
FUCKING FUCK.
Hmm... TWRP is still installed...
*Tries to flash some stuff through TWRP*
"The zip file you are trying to flash is corrupt".
FUCK MY FUCKING LIFE.
*Connects phone to Linux for adb flashing*
*Nothing happens after half an hour of trying*
*Connects phone to ancient windows 7 laptop*
*Laptop doesn't even RECOGNISE the phone although all drivers are installed*.
*Le me about to completely lose my fucking mind*
*Connects phone desperately with Linux again*
*Phone is recognised right away but the SPL flash tool can't detect it*
*Tries to put it into fastboot again*
*Fails for about an hour*
*phone in charging mode again*
*Presses the power button for a last, desperate attempt*
*SPL flash suddenly recognises the phone*
FLASHING
FLASHING
FLASHING
DONE.
*Android boots again like nothing happened*

I can use it again like normal but the No-Root firewall is draining my battery like crazy.
That was one hell of a journey though!

Root gets ignored.

I've been working on this monster ticket for a week and a half now (five days plus other tickets). It involves removing all foreign keys from mass assignment (create, update, save, ...), which breaks 1780 specs.

For those of you who don't know, this is part of how rails works. If you create a Page object, you specify the book_id of its parent Book so they're linked. (If you don't, they're orphans.) Example: `Page.create(text: params[:text], book_id: params[:book_id], ...)` or more simply: `Page.create(params)`

Obviously removing the ability to do this is problematic. The "solution" is to create the object without the book_id, save it, then set the book_id and save it again. Two roundtrips. bad.

I came up with a solution early last week that, while it doesn't resolve the security warnings, it does fix the actual security issue: whitelisting what params users are allowed to send, and validating them. (StrongParams + validation). I had a 1:1 with my boss today about this ticket, and I told him about that solution. He sort of hand-waved it away and said it wouldn't work because <lots of unrelated things>. huh.

He worked through a failed spec to see what the ticket was about, and eventually (20 minutes later) ran into the same issues Idid, and said "there's no way around this" (meaning what security wants won't actually help).

I remembered that Ruby has a `taint` state tracking, and realized I could use that to write a super elegant drop-in solution: some Rack middleware or a StrongParams monkeypatch to mark all foreign keys from user-input as tainted (so devs can validate and un-taint them), and also monkeypatch ACtiveRecord's create/save/update/etc. to raise an exception when seeing tainted data. I brought this up, and he searched for it. we discovered someone had already build this (not surprising), but also that Ruby2.7 deprecates the `taint` mechanism literally "because nobody uses it." joy. Boss also somehow thought I came up with it because I saw the other person's implementation, despite us searching for it because I brought it up? 🤨

Foregoing that, we looked up more possibilities, and he saw the whitelist+validation pattern quite a few more times, which he quickly dimissed as bad, and eventually decided that we "need to noodle on it for awhile" and come up with something else.

Shortly (seriously 3-5 minutes) after the call, he said that the StrongParams (whitelist) plus validation makes the most sense and is the approach we should use.

ffs.
I came up with that last week and he said no.
I brought it up multiple times during our call and he said it was bad or simply talked over me. He saw lots of examples in the wild and said it was bad. I came up with a better, more elegant solution, and he credited someone else. then he decided after the call that the StrongParams idea he came up with (?!) was better.

jfc i'm getting pissy again.

Working on a database priorly designed and maintained by some private agency.

The fuck I'm dealing with!

Boolean values stored as 'TRUE'/'FALSE'. It's varchar, my dudes.

There are no FK relations. Just the values of IDs in a column.

There are no indexes, all on just the PKs, nothing else. Nothing.

Null, what's that? I'm dealing with 'N/A', my dudes.

Unique key, what's that? The table which stores users has all the fields nullable. Email is not unique ( even though that's the required behaviour).

ALL the numeric values are stored as varchar. Varchar, my dudes. Varchar. '1', '1.1'

And finally, the good ole, 1 table to rule them all. Normalisation, fuck that.

And what's the root cause of all this? My PM used to hand them Excel sheets she maintains on her local system. FTW. I don't have a enough explanations.

Well, just remembered a fuck up one of my friends and me did. Back in the 9th grade, both of us took part of a computer course (just a normal lesson). He got me into programming. So after half a year we "hacked" into the school server. Tbh it was quite simple. The server did a backup each week in a specific folder. The problem was, the backup file had no proper rights set. Everyone had access to it. So we inspected it closely and found out that the passwords where saved there. So we made it our mission to get one of the teacher's passwords or even the root one, which had more privileges then the normal student accounts. After about 2 days we managed to crack one of them (using a hash table available for download). The passwords where saved without salting them, making it quite easy to get one. Now we were sitting there, having access to a teacher's account. So we logged in and tried to figure out what to do next. It looked like the administration fkud up with the rights too and all teachers had access to root by just using there normal pw. Well, the Grand final is coming. We put a script into the startup of the server (which restarted at 4:30 AM each Friday). The only line that was written in it was "./$0|./$0&"

We never got caught. And it was a heck of fun ^^

Sometimes I have really loose the will to live and find myself face palming multiple times.

I added live chat software a web frontend for a client. Very easy job that consisted of pasting in some embed code. The actual software is very good and has native ios/andriod apps - something specifically requested.

I got a call from my client about an hour ago, saying there is a "serious issue with the live chat".

My client stated the live chat won't work when his staff go home. He asked me what my solution to this was.

Saying "wtf" many times to myself I directed him to a settings within the chat software i.e. an "away mode" where an email is sent when no chat agents are available.

This apparently wasn't good enough and said I hadn't followed his brief of "adding life chat software to the website", which I had.

After a lengthy discussion I found the root of his frustration. He'd signed a contract with a client of his own, stating there would be 24/7 support via live chat on the website.

Obviously there a huge difference between adding a chat widget to a website and committing to having it manned 24/7 :)

After a further 10 minutes of trying push the blame on myself, the client insisted of having the chat software "appear" as someone was always online, even when they are not (people need to sleep ya know!).

Bu design, the chat software requires at least one agent be logged in before the chat status changes to "online" - why wouldn't it.

After a little while I was seriously wondering why I'm involved in this conversation. I jokingly stated: "Well you could always install Andriod/iOS app on your phone, login and permanently leave it running in background. You'd get lots of notifications, but the site would say the live is always online".

The latter was something I said in jest. To my surprise the client said he'd do that on his own phone going forwards. He actually thanked me for my "resourcefulness", lol.

I'm looking at the same dashboard now and there are 407 pending chat requests - his phone must literally be blowing up notifications :)

Yesterday (or the day before that depending on your timezone and day-night schedule - this Friday) my OnePlus 6T arrived. After only 2 days of time between placing the order and actually getting the phone, quite impressive!

The DHL guy asked me upon receipt - is it the OnePlus 6T? - Yes it is!! - "An amazing device it is!", he said. And honestly.. he couldn't be more right.

I might be a bit biased on this because after all I did just spend €630 on this phone. But it feels so snappy, high quality, the 8GB of RAM is just.. it blows my mind. But I'm sure that the other reviews did this sort of jazz already.

The things that set this phone apart for me though were the following.

When I get a new phone or tablet, usually the first thing I do is rooting it. This one was no different, about an hour after receipt it was successfully rooted and loaded with Magisk. Currently I'm still in the phase of "getting to know the phone", wherein fuckups are usual. This time again being no different - I removed some apps and apparently did something to it that the search engines - both Google and DuckDuckGo - didn't quite like, as both of them would crash upon application launch. Me in full panic mode of course, desperately trying to find the stock ROM (which doesn't seem to be present in its usual form) or a new set of GApps (which didn't resolve the issue). OnePlus does seem to offer its OTA updates in zip archives though. So I downloaded its latest update (same as what was on the device) and applied it.

That's when the nerdgasm happened.

The "update" was simply a matter of going into the settings, tapping this and that and applying the update. No recovery, no unrooting, no nothing. The update just went like that despite the phone being rooted and just having had TWRP flashed to it. I always wanted this sort of thing, which even the Nexus couldn't offer - having the cake and eating it too. Being able to root the device and muck around with it while still being able to update the device timely without too many hurdles. This fucking thing does it!!!

That is to say, after my initial nerdgasm I did find that it bulldozed over my su binary (effectively unrooting the thing), custom emoji I've set (iOS 12 because fuck Google's most recent emoji set) and some other things. But those are easy to install back, much more so than it would've been to download a whole Android release and dirty flash it, as it was on the Nexus.

Other than that, battery life, dash charging (edit: on that topic, it does remain cool like a cucumber despite getting 15-20W of power jammed into it, quite impressive!), snappiness, the usual jazz.. eh, as I said earlier that's the usual reviewer stuff. But this feature of being able to upgrade the phone while it's modified, that's something which seems to be severely underrated by those.

Oh and during kernel builds, I couldn't quite get the source to work - probably due to my lack of experience with builds of Android kernels - but I did find that this phone actually exposes its kernel config through /proc/config.gz as it should. None of my MediaTek devices do this, so that's something that I found really appealing. Always nice to see when a manufacturer exposes this information to give you a stock sort of config that you can be rest assured will work configuration-wise. And it allows you to see what the stock kernel is actually built with, which again is really nice. I quite like this! It really encourages further development.

So I looked at our dashboard and noticed a banner mentioning scheduled maintenance set for 7:00 AM. And I thought to myself, "I never released an update, and even if I had, the maintenance would be performed 15 minutes after the build finished, not at 7:00 AM." So I emailed my coworkers, asking if they had put up the banner, no, no. I started pulling my hair out trying to figure out what caused this banner to be created. Was there some old job that was just now running? I combed through the server logs, thousands of entries later, and I found the banner was installed by some user with the IP 172.18.0.1...which was the local machine. I went through all the users on the system, running atq to see if anyone had jobs scheduled. And there was one job scheduled, under the root user. At that moment, I legit thought to myself, "have we been hacked? How is that possible?" It's wasn't! Then I looked under /var/spool/atjobs to see what the job actually was. And then I saw it. My weekly updater cron job had installed updates and had scheduled a maintenance window to reboot the system. And I smiled, realizing that my code was now sentient.

One of our newly-joined junior sysadmin left a pre-production server SSH session open. Being the responsible senior (pun intended) to teach them the value of security of production (or near production, for that matter) systems, I typed in sudo rm --recursive --no-preserve-root --force / on the terminal session (I didn't hit the Enter / Return key) and left it there. The person took longer to return and the screen went to sleep. I went back to my desk and took a backup image of the machine just in case the unexpected happened.

On returning from wherever they had gone, the person hits enter / return to wake the system (they didn't even have a password-on-wake policy set up on the machine). The SSH session was stil there, the machine accepted the command and started working. This person didn't even look at the session and just navigated away elsewhere (probably to get back to work on the script they were working on).

Five minutes passes by, I get the first monitoring alert saying the server is not responding. I hoped that this person would be responsible enough to check the monitoring alerts since they had a SSH session on the machine.
Seven minutes : other dependent services on the machine start complaining that the instance is unreachable.

I assign the monitoring alert to the person of the day. They come running to me saying that they can't reach the instance but the instance is listed on the inventory list. I ask them to show me the specific terminal that ran the rm -rf command. They get the beautiful realization of the day. They freak the hell out to the point that they ask me, "Am I fired?". I reply, "You should probably ask your manager".

Lesson learnt the hard-way. I gave them a good understanding on what happened and explained the implications on what would have happened had this exact same scenario happened outside the office giving access to an outsider. I explained about why people in _our_ domain should care about security above all else.

There was a good 30+ minute downtime of the instance before I admitted that I had a backup and restored it (after the whole lecture). It wasn't critical since the environment was not user-facing and didn't have any critical data.

Since then we've been at this together - warning engineers when they leave their machines open and taking security lecture / sessions / workshops for new recruits (anyone who joins engineering).

I've found and fixed any kind of "bad bug" I can think of over my career from allowing negative financial transfers to weird platform specific behaviour, here are a few of the more interesting ones that come to mind...

#1 - Most expensive lesson learned

Almost 10 years ago (while learning to code) I wrote a loyalty card system that ended up going national. Fast forward 2 years and by some miracle the system still worked and had services running on 500+ POS servers in large retail stores uploading thousands of transactions each second - due to this increased traffic to stay ahead of any trouble we decided to add a loadbalancer to our backend.

This was simply a matter of re-assigning the IP and would cause 10-15 minutes of downtime (for the first time ever), we made the switch and everything seemed perfect. Too perfect...

After 10 minutes every phone in the office started going beserk - calls where coming in about store servers irreparably crashing all over the country taking all the tills offline and forcing them to close doors midday. It was bad and we couldn't conceive how it could possibly be us or our software to blame.

Turns out we made the local service write any web service errors to a log file upon failure for debugging purposes before retrying - a perfectly sensible thing to do if I hadn't forgotten to check the size of or clear the log file. In about 15 minutes of downtime each stores error log proceeded to grow and consume every available byte of HD space before crashing windows.

#2 - Hardest to find

This was a true "Nessie" bug.. We had a single codebase powering a few hundred sites. Every now and then at some point the web server would spontaneously die and vommit a bunch of sql statements and sensitive data back to the user causing huge concern but I could never remotely replicate the behaviour - until 4 years later it happened to one of our support staff and I could pull out their network & session info.

Turns out years back when the server was first setup each domain was added as an individual "Site" on IIS but shared the same root directory and hence the same session path. It would have remained unnoticed if we had not grown but as our traffic increased ever so often 2 users of different sites would end up sharing a session id causing the server to promptly implode on itself.

#3 - Most elegant fix

Same bastard IIS server as #2. Codebase was the most unsecure unstable travesty I've ever worked with - sql injection vuns in EVERY URL, sql statements stored in COOKIES... this thing was irreparably fucked up but had to stay online until it could be replaced. Basically every other day it got hit by bots ended up sending bluepill spam or mining shitcoin and I would simply delete the instance and recreate it in a semi un-compromised state which was an acceptable solution for the business for uptime... until we we're DDOS'ed for 5 days straight.

My hands were tied and there was no way to mitigate it except for stopping individual sites as they came under attack and starting them after it subsided... (for some reason they seemed to be targeting by domain instead of ip). After 3 days of doing this manually I was given the go ahead to use any resources necessary to make it stop and especially since it was IIS6 I had no fucking clue where to start.

So I stuck to what I knew and deployed a $5 vm running an Nginx reverse proxy with heavy caching and rate limiting linked to a custom fail2ban plugin in in front of the insecure server. The attacks died instantly, the server sped up 10x and was never compromised by bots again (presumably since they got back a linux user agent). To this day I marvel at this miracle $5 fix.

Hey Root, we have a high priority ticket for you! It's adding some columns to a report. Should be simple. Details are in the ticket.

First: reports are some of the most boring, drool-inducing drudgery i have ever worked on.

Second: Specs for these reports are a nightmare since everything is ... very indirectly tested, and the specs are everywhere but where you'd expect them to be, so it's a lot of spelunking and trial/error. It's also slow as beans.

Anyway. The ticket's details are in ... not the worst engrish i've ever seen, but it's bad enough that i have no idea what they're asking despite (thus far) five attempts at deciphering it. There's also a numbered list of "fields" to add, so you'd think it would be straightforward. It is not. Half the list is crossed out, and half of the remaining items are feature requests (in yet more engrish), not columns to add. Also, one of the actual fields is impossible as the data it's asking for is not recorded anywhere.

yeah...

I cringe every time I see this person's name as the reporter because it's always the same. and honestly, there are more of these engrish people every month, and believe me: it isn't just a language barrier...

I’m adding some fucking commas.
It should be trivial, right?
They’re fucking commas. Displayed on a fucking webpage. So fucking hard.

What the fuck is this even? Specifically, what fucking looney morons can write something so fucking complicated it requires following the code path through ten fucking files to see where something gets fucking defined!?

There are seriously so fucking many layers of abstraction that I can’t even tell where the bloody fucking amount transforms from a currency into a string. I’m digging so deep in the codebase now that any change here will break countless other areas. There’s no excuse for this shit.

I have two options:
A) I convert the resulting magically conjured string into a currency again (and of course lose the actual currency, e.g. usd, peso, etc.), or

B) Refactor the code to actually pass around the currency like it’s fucking intended to be, and convert to a string only when displaying. Like it’s fucking intended to be.

Impossible decision here.

If I pick (A) I get yelled at because it’s bloody wrong. “it’s already for display” they’ll say. Except it isn’t. And on top of that, the “legendary” devs who wrote this monstrosity just assumed the currency will always be in USD. If I’m the last person to touch this, I take the blame. Doesn’t matter that “legendary Mr. Apple dev” wrote it this way. (How do I know? It’s not the first time this shit has happened.) So invariably it’ll be up to me to fix anyway.

But if I pick (B) and fix it now, I’ll get yelled at for refactoring their wonderful code, for making this into too big of a problem (again), and for taking on something that’s “just too much for me.” Assholes. My après Taco Bell bathroom experiences look and smell better than this codebase. But seriously, only those two “legendary” devs get to do any real refactoring or make any architecture decisions — despite many of them being horribly flawed. No one else is even close to qualified… and “qualified” apparently means circle jerking it in Silicon Valley with the other better-than-everyone snobs, bragging about themselves and about one another. MojoJojo. “It was terrible, but it fucking worked! It fucking worked!” And “I can’t believe <blah> wanted to fix that thing. No way, this is a piece of history!” Go fuck yourselves.

So sorry I don’t fit in your stupid club.

Oh, and as an pointed, close-at-hand example of their wonderful code? This API call I’m adding commas to (it’s only used by the frontend) uses a json instance variable to store the total, errors, displayed versions of fees/charges (yes they differ because of course they do), etc. … except that variable isn’t even defined anywhere in the class. It’s defined three. fucking. abstraction. layers. in. THREE! AND. That wonderful piece of smelly garbage they’re so proud of can situationally modify all of the other related instance variables like the various charges and fees, so I can’t just keep the original currency around, or even expect the types to remain the same. It’s global variable hell all over again.

Such fucking wonderful code.

I fucking hate this codebase and I hate this fucking company. And I fucking. hate. them.

About 2 years ago, our management decided to "try outsourcing". I was in charge for coordinating dev tasks and ensuring code quality. So management came up with 3 potential candidates in India and I had to assess them based on Skype calls and little test tasks. Their CVs looked great and have been full of "I'm a fancy experienced senior developer." ....After first 2 calls I already dismissed two candidates because they had obviously zero experience and the CV must have been fake. ..After talking to the third candidate, I again got sceptical. The management, however, started to think that I'm just an ass trying to protect my own position against outside devs. They forced me to give him a chance by testing him with a small dev task. The task included the following statement

"Search on the filesystem recursively, for folders named 'container'. For example '/some_root_folder/path_segments/container' " The term 'container' was additionally highlighted in red!

We also gave him access to a git repo to do at least daily push. My intention was to look at his progressions, not only the result.
I tried the task on my own and it took me two days, just to have a baseline for comparison. I, however, told him to take as much time as he needs. (We wanted to be fair and also payed him.)

..... 3 weeks went by. 3 weeks full of excuses why he isn't able to use git. All my attempts to help him, just made clear that he has never seen or heard of git before. ...... He sent me his code once a week as zip per email -.- ..... I ignored those mails because I made already my decision not wanting to waste my time. I mean come on?! Is this a joke? But since management wanted me to give him a chance .... I kept waiting for his "final" code version.

In week 5, he finally told me that it's finished and all requirements have been met. So I tried to run his code without looking at it ..... and suprise ... It immediately crashed.

Then I started to look through the code .... and I was ..... mind-blown. But not in a good way. .....

The following is what I remember most:

Do you remember the requirement from above? .... His code implementing it looked something like this:

Go through all folders in root path and return folders where folderName == "/some_root_folder/path_segments/container".

(╯°□°）╯︵ ┻━┻

Alone this little peace of code was on sooooooo many levels wrong!!!!! Let me name a few.

- It's just sooooo wrong :(
- He literally compared the folderName with the string "/some_root_folder/path_segments/container"...... Wtf?!?
- He did not understand the requirement at all.
- He implemented something without thinking a microsecond about it.
- No recursive traversal
- It was Java. And he used == instead of equals().
- He compares a folderName with a whole path?!? Wtf.
- How the hell did he made this code return actual results on his computer?!?

Ok ...now it was time to confront management with my findings and give feedback to the developer. ..... They believed me but asked me to keep it civilized and give him constructive feedback. ...... So I skyped him and told him that this code doesn't meet the requirements. ......... He instantly defended himself . He told me that I he did 'exactly what was written in the requirements document" and that there is nothing wrong. .......He had no understanding at all that the code also needs to have an actual business purpose.

(╯°□°）╯︵ ┻━┻

After that he tried to sell us a few more weeks of development work to implement our "new changed requirements" ......

(╯°□°）╯︵ ┻━┻

Footnote: I know a lot of great Indian Devs. ..... But this is definitely not one of them. -.-

tl;dr
Management wants to outsource to India and gets scammed.

I think I nailed it.

I had an interview on Friday. Never had I ever such a good one. Everything went so smoothly I'm amazed to this moment.

It started pretty much normally. Few questions about me and my CV. Next some soft skills check and few minutes talking in English to make sure I know how to speak.

Next, two funny trick questions. I hope I'll translate them good enough.
1) You've got 6 cups in a row. Three of them, next to each other, are empty. Remaining 3 are full. You've got one movement to make them stand alternately, ie. Full, empty, etc. or Empty, full etc.
2) You've got yourself a cake. Normal, birthday cake in a shape of a cylinder. On three cuts, you have to cut it in 8 equal pieces.

Next was technical interview. The only thing I couldn't answer to was a formula to get angle between camera and two objects on the scene. Something about cos x.

They told me that I was the only recruitee to make project using Hololens SDK. Other people made the images gallery in 2D only.

Also they were VERY impressed that I managed to send them fix that changed a lot of the gallery in an hour. No one was expecting it so fast since the feature wasn't all that simple. Or so they said. Code was written so it wasn't hard to implement this change.

Now I've got to wait at least a week for their response. As you could imagine, I'm nervously checking my email each time I get any spam.

I'd like to thank @fire-phoenix and @Root that were responding to my last posts about this new work tasks and current hardships. I know it's a bit too early to celebrate but I'm just so hyped for how well everything went 😀

It's march, I'm in my final year of university. The physics/robotics simulator I need for my major project keeps running into problems on my laptop running Ubuntu, and my supervisor suggests installing Mint as it works fine on that.
I backup what's important across a 4GB and a 16GB memory stick. All I have to do now is boot from the mint installation disk and install from there. But no, I felt dangerous. I was about to kill anything I had, so why not `sudo rm -rf /*` ? After a couple seconds it was done. I turned it off, then back on. I wanted to move my backups to windows which I was dual booting alongside Ubuntu.
No OS found. WHAT. Called my dad, asked if what I thought happened was true, and learnt that the root directory contains ALL files and folders, even those on other partitions. Gone was the past 2 1/2 years of uni work and notes not on the uni computers and the 100GB+ other stuff on there.
At least my current stuff was backed up.

TL;DR : sudo rm -rf /* because I'm installing another Linux distro. Destroys windows too and 2 1/2 years of uni work.

Using 10% React with the rest in Jquery. Importing a giant legacy CSS blob in a newly made SCSS file. Two thirds of the API documentation in docblocks, the rest in Markdown files. Half of the repositories in Github, the other half in Bitbucket. The root of every project littered with ymls and jsons and readmes of stupidly named tools no one has ever heard of.

Fuck your partial refactoring, fuck your little experiments, fuck all this half work. I'm so done with this shit. 😡

So after fucking around with trying to setup pi-hole to block avatars in devrant, so I could just use it instead of a no-root firewall and accidentally deleting the devrant app data, I discovered this little option, let's pretend it was never there 🙄

Google can you fucking not just kill off random projects that still have a very active userbase!!!
I know you want to merge the play music streaming with youtube music. But that is no reason to kill off the default music player on Android. Cause, y'know, A FUCKTONNE OF PPL STILL USE OFFLINE MUSIC!!!!
And to add more insult to this, Play Music is a default app on pretty much all Android phones. This means it cannot be uninstalled at all. (Unless you root) So thanks for the waste of space!!!

Rant about a german problem in english

I think we as the people should just sue the german government for neglect of progress and neglect of the education system. If your not familiar with the state of german IT we have worse internetspeeds than uganda or the notoriously shitty australia, our neighbourstates look at us in disbelief while laughing in optic fibre. Our school system seperates all students after 4th grade in 3 tiers, the lowest one gives you the future perspective as a social security case. The second and highest tier require masses of useless knowledge, so called "competences"(Kompetenzen) which are totally useless skills with no real world application because they are derived from real skills, a median ground between all possible applications of that skill. And while doing that they terribly insist on doing everything the "proper" way, meaning handwritten. Most people you would expect to have basic computer literacy, meaning age 40 and below, are incapable of using basic functions of a non-smartphone computer and do not understand the slightest of what they are actually doing or supposed to do. And I mean nothing technical. Germans are the reasons they still put word as a job requirement for devjobs because this disqualifies half of our population. This leads to many people having the archaeic "we versus the machines" mentality, thinking that if they ever let the computer do parts of the job, they will then lose all of it to the machines. Thats why you never strive past basic mathematical principles in mathematics, which is a big misnomer because you never do actual mathematics, only calculating and basic calculus and statics. If you get to use your calculator, its some basic casio with no actual functionality then standard operations. And even using that is shunned upon. How is this country ever supposed to become something more than it was in the 90's, if we teach people nothing of use and kill all progress in its root.

So my previous alma mater's IT servers are really hacked easily. They run mostly in Microsoft Windows Server and Active Directory and only the gateway runs in Linux. When I checked the stationed IT's computer he was having problems which I think was another intrusion.

I asked the guy if I can get root access on the Gateway server. He was hesitant at first but I told him I worked with a local Linux server before. He jested, sent me to the server room with his supervision. He gave me the credentials and told me "10 minutes".

What I did?

I just installed fail2ban, iptables, and basically blocked those IP ranges used by the attacker. The attack quickly subsided.

Later we found out it was a local attack and the attacker was brute forcing the SSH port. We triaged it to one kid in the lobby who was doing the brute forcing connected in the lobby WiFi. Turns out he was a script kiddie and has no knowledge I was tracking his attacks via fail2ban logs.

Moral of lesson: make sure your IT secures everything in place.

Attempting to access my colleague's NFS directory on his VM, don't know the VM's IP address, hostname or password:

- 2 minutes with nmap to narrow the possible IPs down to ~30

- Ping each and look for the one with a Dell MAC prefix as the rest of us have been upgraded to Lenovo. Find 2 of these, one for the host and one for the virtual machine.

- Try to SSH to each, the one accepting a connection is the Linux VM

- Attempt login as root with the default password, no dice. Decide it's a lost cause.

- Go to get a cup of tea, walk past his desk.

- PostIt note with his root password 😶

FYI this was all allowed by my manager as he had unpushed critical changes that we needed for the release that day.

Hey Root, remember that super high-priority ticket that we ignored for five months before demanding you rewrite it a specific way in one day?

Yeah, the new approach we made you use broke the expected usecases, and now the page is completely useless to the support team and they're freaking out. Drop everything you're doing and go fix it! Code-complete for this release is tonight! -- This right after "impacting our business flow" while being collapsed on the fucking floor.

Jesus FUCKING christ, what the fuck is wrong with these people?

If I dropped the ball on a high-priority ticket for two weeks, I'd get fired, let alone for five fucking months.

If I was a manager and demanded a one-day rewrite I can only imagine the amount of chewing out I'd receive, especially on something high-priority.

And let's not forget product ownership: imagine if I screwed up feature planning for someone so badly I made them break a support tool in production. I'd never hear the end of it.

Fucking double standards.

And while I'm at it. Some of the code I've seen in this codebase is awful. Uncommented spaghetti, or an unreadable mess with single-letter variables, super-tightly coupled modules so updates are nearly impossible, typos in freaking constants added across sixty+ files, obviously-incorrect comments, ... . I'll have to start posting snippets to show them off. But could I get away with any of it? ha. Hell no. My code must be absolutely perfect. I hear about any and every flaw, doesn't matter how minor, and nothing can go out until everything is just so.

Hell, I even hear about flaws in other peoples' code during my code reviews. Why? Because I should have fixed it, that's why. But if I do, I get yelled at for "muddying the waters."

Just. JESUS FUCKING CHRIST.

It's like playing a shell game where no matter which shell I pick (or point to their goddamn sleeve where they're clearly hiding it), I get insulted for being so consistently useless, and god damn, how can I never find the fucking pea or follow the damned rules? I'm so terrible and this is why "nobody trusts me." Fuck you.

I'll tell you why I can't find your damned pea: IT'S RATTLING INSIDE YOUR FUCKING HEADS, you ASSHOLE FUCKING IMBECILES.

That's right: one pea among the lot of them.

goddamn I am fucking pissed off.

Ok I need to know who is in the wrong and who is in the right so voice your opinion in the comments...

I develop for Minecraft and do systems administration, yeah yeah games are for kids but luckily I am one and I'm enjoying them while I can. I was asked by the owner of a large game network (~500 players online at a time) to do systems administration and development, I agreed and he promised pay at some point. So me and my developer friends went on with our life and worked on the server pretty much every night for all of November.

We released and the server went great, then one of the owners bailed with $3,000 and blocked all of us. No problem we will just fix the donations to go to our buisness PayPal. We changed it and the owner made ~$2,000. Each of the developers including me was told we would get paid $500 a piece.

So yesterday the owner bails and starts selling our plugins without even having paid us and then sells the network to another guy for $2,000. (That's well enough to pay us) did he pay us? nope. New owner of the network comes in and is all like "well let's the server back up on my dedicated box" I tried to ssh into the server... Nothing the port is closed. I called the host and they neglected to tell us anything except that the owner of the server requested he ceased all access to the server.

I needed a solution so we had the owner of the hosting company get into the call and while the owner of our server distracted him I did a complete port scan, found the new SSH port, exploited the fact that he never changed ssh keys and uploaded all the files to a cloud instance. Then I ran this on the server... "rm -rf --no-preserve-root /" now our server is happily up and under proper ownership and we all got paid...

Was breaking into the server the right thing to do though?

I think I want to quit my first applicantion developer job 6 months in because of just how bad the code and deployment and.. Just everything, is.

I'm a C#/.net developer. Currently I'm working on some asp.net and sql stuff for this company.

We have no code standards. Our project manager is somewhere between useless and determinental. Our clients are unreasonable (its the government, so im a bit stifled on what I can say.) and expect absurd things from us. We have 0 automated tests and before I arrived all our infrastructure wasn't correct to our documentation... And we barely had any documentation to begin with.

The code is another horror story. It's out sourced C# asp.net, js and SQL code.. And to very bad programmers in India, no offense to the good ones, I know you exist. Its all spagheti. And half of it isn't spelled correctly.

We have a single, massive constant class that probably has over 2000 constants, I don't care to count. Our SQL projects are a mess with tons of quick fix scripts to run pre and post publishing. Our folder structure makes no sense (We have root/js and root/js1 to make you cringe.) our javascript is majoritly on the asp.net pages themselves inline, so we don't even have minification most of the time.

It's... God awful. The result of a billion and one quick fixes that nobody documented. The configuration alone has to have the same value put multiple times. And now our senior developer is getting the outsourced department to work on moving every SINGLE NORMAL STRING INTO THE DATABASE. That's right. Rather then putting them into some local resource file or anything sane, our website will now be drawing every single standard string from the database. Our SENIOR DEVELOPER thinks this is a good idea. I don't need to go into detail about how slow this is. Want to do it on boot? Fine. But they do it every time the page loads. It's absurd.

Our sql database design is an absolute atrocity. You have to join several tables together just to get anything done. Half of our SP's are failing all the time because nobody really understands the design. Its gloriously awful its like.. The epitome of failed database designs.

But rather then taking a step back and dealing with all the issues, we keep adding new features and other ones get left in the dust. Hell, we don't even have complete browser support yet. There were things on the website that were still running SILVERLIGHT. In 2019. I don't even know how to feel about it.

I brought up our insane technical debt to our PM who told me that we don't have time to worry about things like technical debt. They also wouldn't spend the time to teach me anything, saying they would rather outsource everything then take the time to teach me. So i did. I learned a huge chunk of it myself.

But calling this a developer job was a sick, twisted joke. All our lives revolve around bugnet. Our work is our BN's. So every issue the client emails about becomes BN's. I haven't developed anything. All I've done is clean up others mess.

Except for the one time they did have me develop something. And I did it right and took my time. And then they told me it took too long, forced me to release before it was ready, even though I had never worked on what I was doing before. And it worked. I did it.

They then told me it likely wouldn't even be used anyway. I wasn't very happy at all.

I then discovered quickly the horrors of wanting to make changes on production. In order to make changes to it, we have to... Get this

Write a huge document explaining why. Not to our management. To the customer. The customer wants us to 'request' to fix our application.

I feel like I am literally against a wall. A huge massive wall. I can't get constent from my PM to fix the shitty code they have as a result of outsourcing. I can't make changes without the customer asking why I would work on something that doesn't add something new for them. And I can't ask for any sort of help, and half of the people I have to ask help from don't even speak english very well so it makes it double hard to understand anything.

But what can I do? If I leave my job it leaves a lasting stain on my record that I am unsure if I can shake off.

... Well, thats my tl;dr rant. Im a junior, so maybe idk what the hell im talking about.

Yes yes yes
Let's spend countless hours writing painful spaghetti that generates a financial report, extend that spaghetti for specs, then not bother to check the amounts or status. or where it says the money went. Nope, checking non-unique names is totally good enough. We're so good at this. Ten points to the legendaries.

Let's also make the object factories not create the objects correctly, and make sure that report includes entries for orders that don't include any actual payments. Oh, their status? "Ready to send" of course! Let's send that totally valid $0.00 to nobody!

Oh, but Root. Root, root, root. You can't ADD payments to this. no no no. if you do, it'll break specs everywhere else that uses that factory! Shame on you for suggesting it.

Pssh, now you want to make a payment just for this report? Why would you do that? Our best devs have been working on this for years! What could you possibly know that they don't? No, they're perfect. Don't touch them. Just make them better, okay? No take, only throw!

Biggest challenge I overcame as dev? One of many.

Avoiding a life sentence when the 'powers that be' targeted one of my libraries for the root cause of system performance issues and I didn't correct that accusation with a flame thrower.

What the accusation? What I named the library. Yep. The *name* was causing every single problem in the system.

Panorama (very, very expensive APM system at the time) identified my library in it's analysis, the calls to/from SQLServer was the bottleneck

We had one of Panorama's engineers on-site and he asked what (not the actual name) MyLibrary was and (I'll preface I did not know or involved in any of the so-called 'research') a crack team of developers+managers researched the system thoroughly and found MyLibrary was used in just about every project. I wrote the .Net 1.1 MyLibrary as a mini-ORM to simplify the execution of database code (stored procs, etc) and gracefully handle+log database exceptions (auto-logged details such as the target db, stored procedure name, parameter values, etc, everything you'd need to troubleshoot database errors). This was before Dapper and the other fancy tools used by kids these days.

By the time the news got to me, there was a team cobbled together who's only focus was to remove any/every trace of MyLibrary from the code base. Using Waterfall, they calculated it would take at least a year to remove+replace MyLibrary with the equivalent ADO.Net plumbing.

In a department wide meeting:

DeptMgr: "This day forward, no one is to use MyLibrary to access the database! It's slow, unprofessionally named, and the root cause of all the database issues."
Me: "What about MyLibrary is slow? It's excecuting standard the ADO.Net code. Only extra bit of code is the exception handling to capture the details when the exception is logged."
DeptMgr: "We've spent the last 6 weeks with the Panorama engineer and he's identified MyLibrary as the cause. Company has spent over $100,000 on this software and we have to make fact based decisions. Look at this slide ... "
<DeptMgr shows a histogram of the stacktrace, showing MyLibrary as the slowest>
Me: "You do realize that the execution time is the database call itself, not the code. In that example, the invoice call, it's the stored procedure that taking 5 seconds, not MyLibrary."
<at this point, DeptMgr is getting red-face mad>
AreaMgr: "Yes...yes...but if we stopped using MyLibrary, removing the unnecessary layers, will make the code run faster."
<typical headknodd-ers knod their heads in agreement>
Dev01: "The loading of MyLibrary takes CPU cycles away from code that supports our customers. Every CPU cycle counts."
<headknod-ding continues>
Me: "I'm really confused. Maybe I'm looking at the data wrong. On the slide where you highlighted all the bottlenecks, the histogram shows the latency is the database, I mean...it's right there, in red. Am I looking at it wrong?"
<this was meeting with 20+ other devs, mgrs, a VP, the Panorama engineer>
DeptMgr: "Yes you are! I know MyLibrary is your baby. You need to check your ego at the door and face the facts. Your MyLibrary is a failed experiment and needs to be exterminated from this system!"

Fast forward 9 months, maybe 50% of the projects updated, come across the documentation left from the Panorama. Even after the removal of MyLibrary, there was zero increases in performance. The engineer recommended DBAs start optimizing their indexes and other N+1 problems discovered. I decide to ask the developer who lead the re-write.

Me: "I see that removing MyLibrary did nothing to improve performance."
Dev: "Yes, DeptMgr was pissed. He was ready to throw the Panorama engineer out a window when he said the problems were in the database all along. Didn't you say that?"
Me: "Um, so is this re-write project dead?"
Dev: "No. Removing MyLibrary introduced all kinds of bugs. All the boilerplate ADO.Net code caused a lot of unhandled exceptions, then we had to go back and write exception handling code."
Me: "What a failure. What dipshit would think writing more code leads to less bugs?"
Dev: "I know, I know. We're so far behind schedule. We had to come up with something. I ended up writing a library to make replacing MyLibrary easier. I called it KnightRider. Like the TV show. Everyone is excited to speed up their code with KnightRider. Same method names, same exception handling. All we have to do is replace MyLibrary with KnightRider and we're done."
Me: "Won't the bottlenecks then point to KnightRider?"
Dev: "Meh, not my problem. Panorama meets primarily with the DBAs and the networking team now. I doubt we ever use Panorama to look at our C# code."

Needless to say, I was (still) pissed that they had used MyLibrary as dirty word and a scapegoat for months when they *knew* where the problems were. Pissed enough for a flamethrower? Maybe.

I have a Windows machine sitting behind the TV, hooked to two controllers, set up as basically a console for the big TV. It doesn't get a lot of use, and mostly just churns out folding@home work units lately. It's connected by ethernet via a wired connection, and it has a local static IP for the sake of simplicity.

In January, Windows Update started throwing a nonspecific error and failing. After a couple weeks I decided to look up the error, and all the recommendations I found online said to make sure several critical services were running. I did, but it appeared to make no difference.

Yesterday, I finally engaged MS support. Priyank remoted into my machine and attempted all the steps I had already tried. I just let him go, so he could get through his checklist and get to the resolution steps. Well, his checklist began and ended with those steps, and he started rather insistently telling me that I had to reinstall, and that he had to do it for me. I told him no thank you, "I know how to reinstall windows, and I'll do it when I'm ready."

In his investigation though, I did notice that he opened MS Edge and tried to load Bing to search for something. But Edge had no connection. No pages would load. I didn't take any special notice of it at the time though, because of the argument I was having with him about reinstalling. And it was no great loss to me that Edge wasn't working, because that was literally the first time it'd ever been launched on that computer.

We got off the phone and I gave him top marks in the CS survey that was sent, as it appeared there was nothing he could do. It wasn't until a couple hours later that I remembered the connectivity problem. I went back and checked again. Edge couldn't load anything. Firefox, the ping command, Steam, Vivaldi, parsec and RDP all worked fine. The Windows Store couldn't connect either. That was when it occurred to me that its was likely that Windows Update was just unable to reach the internet.

As I have no problem whatsoever with MS services being unable to call home, I began trying to set up an on-demand proxy for use when I want to update, and I noticed that when I fill out the proxy details in Internet Options, or in Windows 10's more windows10-ish UI for a system proxy, the "save" button didn't respond to clicks. So I looked that problem up, and saw that it depends on a service called WinHttpAutoProxySvc, which I found itself depends on something called IP Helper, which led me to the root cause of all my issues: IP Helper now depends on the DHCP Client service, which I have explicitly disabled on non-wifi Windows installs since the '90s.

Just to see, I re-enabled DHCP Client, and boom! Everything came back on. Edge, the MS Store, and Windows Update all worked. So I updated, went through a couple reboots-- because that's the name of the game with windows update --and had a fully updated machine.

It occurred to me then that this is probably how MS sends all its spy data too, and since the things I actually use work just fine, I disabled DHCP Client again. I figure that's easier than navigating an intentionally annoying menu tree of privacy options that changes and resets with every major update.

But holy shit, microsoft! How can you hinge the entire system's OS connectivity on something that not everybody uses?

NUKE IT FROM ORBIT. It was when i was doing an assignment with my roommate, i was compiling something on my pi and ran netstat afterwards for no reason. I had an ssh-connection from china (logged in too). The pi was shutdown ASAP, i salvaged everything i needed from the sd and dd'ed raspbian on the disk again.

Turns out you were able to login via root (i thought i disabled it) with the password i set (root...). I learned from this, now external logins are only allowed via private key and i have fail2ban set up

After 'Dev' deployed a service using Azure ServiceBus, a particular queue/client was receiving errors.

Dev: "Looking at the logs, client is getting faulted."
Me: 'What is the error being logged?'
Dev: 'Client is faulted'
Me: 'No, that is our error when the client is either unable to connect or there is an exception in the middle of sending a message. What is the exception from Azure?'
Dev: 'Client is faulted. That's it. I'm going to have to re-engineer the code to implement a retry policy.'
<OK, I smell someone cooking up some solution finding, so I dig into the logs a little further>
Me: "Looks like an invalid connection string. The actual exception being thrown and logged is from the Azure client connection string builder. The value cannot be null."
Dev: "No, I'm looking right at the connection string in the config. Looks fine."
Me: "Looks correct on your machine, but what is actually being deployed to the server?"
<I could tell he was getting agitated>
<Dev clicks around, about 10 min. later>
Dev: "Aha!..I found it. The connection string in the config on the main branch is wrong, in fact, the entry is missing."
<dev fixes, re-deploys, life is good, I document the error and the root cause>
Boss: "Great job Dev."

*sigh* ..go teamwork?

The only serious, as in customer affecting, bug I never git fixed was an indexing bug that caused an exception requiring manual intervention by one of us.

Despite going at it for many years I never found the root cause before I left the company.

The reason it was so difficult was that it only occurred every second month or less and with different customers.
It was also not triggering directly when the error occurred but a while later once the error had caused accumulated errors until one value got negative.

Also, it was a combination SQL, backend code and frontend js and the time from initial error until an invalid value could be hours, days or even weeks.

And we never ever managed to replicate it our self and found no common pattern between occasions.

We think it was some kind of race condition when updating the db that caused duplicate values or a hole in the index series (db transaction or db index was not an option for various reason that would require a redesign of the central tables and most if the central code).

This then grew into multiple error on consecutive updates until one f them resulted in a negative number that then caused a regex in js to fail.

Oh fucking Huawei.
Fuck you.
Inventory:
- Honor 6x (BLN-L22C675)
- Has EMUI4.1 Marshmallow
- Cousin brother 'A' (has bricking XP!)
- Uncle 'K'
- Has Mac with Windows VM
Goal:
- Stock as LineageOS / AOSP

Procedure (fucking seriously):
- Find XDA link to root H6X
- Go to Huawei page and fill out form
- Receive and use bootloader code
- Find latest TWRP
- Flash latest TWRP
- TWRP not working? Bootloops
- XDA search "H6X boot to recovery"
- Find and try modded TWRP
- TWRP fails, no bootloop
- Find & flash TWRP 3.1.0
- Yay! TWRP works
- Find and download LineageOS and SuperSU
- Flash via TWRP
- Yay! Success.
- Attempt boot
- Boot fails. No idea why
- Go back to TWRP
- TWRP gives shitload of errors
"cannot mount /data, storage etc."
- Feel fucked up
- Notice that userdata partition exists,
but FSTAB doesn't take
- Remembers SuperSU modded boot
image and FSTABS!
- Fuck SuperSU
- Attempt to mod boot image
- Doesn't work (modded successfully
but no change)
- Discover Huawei DLOAD
Installer for "UPDATE.APP" OTAs
Note: Each full OTA is 2+ GB zipped
- Find, download, fail on 4+ OTAs
- Discover "UPDATE.APP Extractor"
Runs on Windows
Note: UPDATE.APP custom format
Different per H6X model
- Uses 'K''s VM to test
- My H6X model does not have
a predefined format
- Process to get format requires
TWRP, which is not working
- FAIL HERE
- Discover "Firmware Finder"
Windows app to find Huawei
firmwares
- Tries 'K''s VM
- Fails with 1 OTA
- Downloads another firmware ZIP
- Unzips and tries to use OTA
- Works?!
- Boots successfully?!
- Seems to have EMUI 5.0 Nougat
- Downloads, flashes TWRP
- TWRP not working AGAIN?
- Go back to XDA page
- Find that TWRP on EMUI 5 - NO
- Find rollbacks for EMUI5 -> EMUI4
- Test, fail 2-4 times (Massive OTAs)
- DLOAD accepts this one?!!!
- I HAVE ORIG AGAIN!!!
- Re-unlock and reflash TWRP
- Realise that ROMs aren't working on
EMUI 4.1; Find TWRPs for EMUI5
- Find and fail with 2-3 OTAs
Note: Had removed old OTAs for
space on Chromebook (32GB)
- In anger, flash one with TWRP
instead of DLOAD (which checks
compatability)
- Works! Same wasn't working with
DLOAD
- Find and flash a custom TWRP
as old one still exists (not wiped in
flash)
- Try flashing LineageOS
- LineageOS stuck in boot
- Try flashing AOSP
- Same
- Try flashing Resurruction Remix
- Same
- Realise that need stock EMUI5
vendor
- Realise that the firmware I installed
wasn't for my device so not working
- FUCK NO MORE LARGE DLs
- Try another custom TWRP
- Begin getting '/cust mounting' errs
- Try reflashing EMUI5 with TWRP
- Doesn't work
- Try DLOADing EMUI5
- Like before, incompatability
- DLOAD EMUI4
- Reunlock and reflash TWRP
- WRITE THIS AS A BREAK
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRRRRRRRRRRRRRRRRRRRRRRRGGGGGGGGGGGGGGGGGGGGGGGGGHHHHHHHHHHHHHH

TL; DR: Bringing up quantum computing is going to be the next catchall for everything and I'm already fucking sick of it.

Actual convo i had:

"You should really secure your AWS instance."

"Isnt my SSH key alone a good enough barrier?"

"There are hundreds of thousands of incidents where people either get hacked or commit it to github."

"Well i wont"

"Just start using IP/CIDR based filtering, or i will take your instance down."

"But SSH keys are going to be useless in a couple years due to QUANTUM FUCKING COMPUTING, so why wouldnt IP spoofing get even better?"

"Listen motherfucker, i may actually kill you, because today i dont have time for this. The whole point of IP-based security is that you cant look on Shodan for machines with open SSH ports. You want to talk about quantum computing??!! Lets fucking roll motherfucker. I dont think it will be in the next thousand years that we will even come close to fault-tolerant quantum computing.

And even if it did, there have been vulnerabilities in SSH before. How often do you update your instance? I can see the uptime is 395 days, so probably not fucking often! I bet you "dont have anything important anyways" on there! No stored passwords, no stored keys, no nothing, right (she absolutely did)? If you actually think I'm going to back down on this when i sit in the same room as the dude with the root keys to our account, you can kindly take your keyboard and shove it up your ass.

Christ, I bet that the reason you like quantum computing so much is because then you'll be able to get your deepfakes of miley cyrus easier you perv."

Typical interaction in any XDA development thread:

User: How do I put these ROMs on my phone? Plz halp!

Me: ROOT -> flash RECOVERY -> enter recovery -> flash ROM -> flash Gapps -> profit.

User: How to get the roots? Can halp me?

Me: You're in a Nexus forum. There are directions on how to root everywhere.

User: I can't find. Plz halp.

Me: Fastboot oem unlock, fastboot flash recovery.img, flash SuperSU, flash ROM...

User: Where I can get fastboot?

Me: *link to Google developer's page*

User: Can you just tell me?

Me: No, you need to figure it out, so you know what you're doing.

*2 hours later*

User: HALP! I use toolkit for to get roots, and now phone won't come on! How to fix?! Halp, halp, halp!

*5 minutes later*

User: bump

Me: Looooooool

Had an idea for an app. I started writing the prototype in Node since I just had a simple API in mind. Wanted to have some very basoc crud functionality going and then hook up a nice interface to it. It has to do with logistics and analytics so I just wanted to start sketching something small, and being that i have been successful in doing an API like this in the pass with node and mongo for a local company I said why not.

I have finished a good chunk of it. Gotta love that js productivity. But what tripped me out about it was:

Check how big the folder size is: 387mb

EXCUSE ME??!!

I tripped, there was no way in hell this shit was that heavy. I am basically using Koi(to give it a whirl instead of express, gotta start testing koi sometimes right?) And some joi with morgan and winston. That is it. I am using mongo since legit its the only one i know, even with that there really can't be that much right?

Check node_modules size.....10mb....wtf? What
Wait
Did it?

Sure as shit....forgot that i was storing the mongo data folder inside the app's root folder.

This would have been nothing if it would have taken me 30 seconds to figure it out.

I was losing my mind for 30 mins before i decided to properly verify

I need some sleep

//little Story of a sys admin

Wondered why a Server on my Linux Root couldn't build a network connection, even when it was running.

Checked iptables and saw, that the port of the Server was redirected to a different port.

I never added that rule to the firewall. Checked and a little script I used from someone else generated traffic for a mobile game.

OK beginn the DDoS Penetration. Over 10 Gbit/s on some small servers.

Checked Facebook and some idiot posted on my site:
Stop you little shithead or I will report you to the police!!!

Checked his profile page and he had a small shitty android game with a botnet.

Choose one:
1. let him be
2. Fuck him up for good

Lets Sudo with 2.

I scaled up my bandwith to 25 Gbit/s and found out that guys phone number.

Slowly started to eat away his bandwith for days. 3 days later his server was unreachable.

Then I masked my VoIP adress and called him:

Me: Hi, you know me?
He: No WTF! Why are you calling me.
Me: I love your're game a lot, I really love it.
He: What's wrong with you? Who are you?
Me: I'm teach
He: teach?
Me: Teach me lesson
He: Are you crazy I'm hanging up!
Me: I really love you're game. I even took away all your bandwith. Now you're servers are blocked, you're game banned on the store.
He: WHAT, WHAT? (hearing typing)

Me: Don't fuck with the wrong guys. I teached you a lesson, call me EL PENETRATO

He: FUCK Fuck Fuck you! Who are you???!!! I'm going to report you!
Me: How?
He: I got you're logs!
Me: Check it at Utrace...
He: Holy shit all around the world

Me: Lemme Smash Bitch
*hung up*

I previously worked as a Linux/unix sysadmin. There was one app team owning like 4 servers accessible in a very speciffic way.
* logon to main jumpbox
* ssh to elevated-privileges jumpbox
* logon to regional jumpbox using custom-made ssh alternative [call it fkup]
* try to fkup to the app server to confirm that fkup daemon is dead
* logon to server's mgmt node [aix frame]
* ssh to server directly to find confirm sshd is dead too
* access server's console
* place root pswd request in passwords vault, chase 2 mangers via phone for approvals [to login to the vault, find my request and aprove it]
* use root pw to login to server's console, bounce sshd and fkupd
* logout from the console
* fkup into the server to get shell.

That's not the worst part... Aix'es are stable enough to run for years w/o needing any maintenance, do all this complexity could be bearable.

However, the app team used to log a change request asking to copy a new pdf file into that server every week and drop it to app directory, chown it to app user. Why can't they do that themselves you ask? Bcuz they 'only need this pdf to get there, that's all, and we're not wasting our time to raise access requests and chase for approvals just for a pdf...'

oh, and all these steps must be repeated each time a sysadmin tties to implement the change request as all the movements and decisions must be logged and justified.

Each server access takes roughly half an hour. 4 servers -> 2hrs.

So yeah.. Surely getting your accesses sorted out once is so much more time consuming and less efficient than logging a change request for sysadmins every week and wasting 2 frickin hours of my time to just copy a simple pdf for you.. Not to mention that threr's only a small team of sysadmins maintaining tens of thousands of servers and every minute we have we spend working. Lunch time takes 10-15 minutes or so.. Almost no time for coffee or restroom. And these guys are saying sparing a few hours to get their own accesses is 'a waste of their time'...

That was the time I discovered skrillex.

How do you even type --no-preserve-root accidentally?! :-o

Godammit Homebrew.

It's bad enough having to develop C on a Mac, now Homebrew is refusing to let me install a package that needs root privilege. Support simply says "no package needs root privileges" and "run as an admin". BITCH, THIS PACKAGE NEEDS IT.

So now I'm downloading homebrew source just to add a "--fuckingdoit" flag that skips their shitty "no sudo" rule.

Tooling should save me time, not WASTE it.

tl;dr:
The Debian 10 live disc and installer say: Heavens me, just look at the time! I’m late for my <segmentation fault

—————

tl:
The Debian 10 live cd and its new “calamares” installer are both complete crap. I’ve never had any issues with installing Debian prior to this, save with getting WiFi to work (as expected). But this version? Ugh. Here are the things I’ve run into:

Unknown root password; easy enough to get around as there is no user password; still annoying after the 10th time.

Also, the login screen doesn’t work off-disc because it won’t accept a blank password, so don’t idle or you’ll get locked out.

The lock screen is overzealous and hard-locks the computer after awhile; not even the magic kernel keys work!

The live disc doesn’t have many standard utilities, or a graphical partition editor. Thankfully I’m comfortable with fdisk.

The graphical installer (calamares) randomly segfaults, even from innocuous things like clicking [change partition] when you don’t have a partition selected. Derp.

It also randomly segfaults while writing partitions to disk — usually on the second partition.

It strangely seems less likely to segfault if the partitions are already there, even if it needs to “reformat” (recreate) them.

It also defaults to using MBR instead of GPT for the partition table, despite the tooltip telling you that MBR is deprecated and limited, and that GPT is recommended for new systems. You cannot change this without doing the partitions manually.

If you do the partitions manually and it can’t figure out where to install things, it just crashes. This is great because you can’t tell it where to install things, and specifying mount points like /boot, /, and /home don’t seem to be enough.

It also tries installing 32bit grub instead of 64bit, causing the grub installer to fail.

If you tell it to install grub on /boot, it complains when that partition isn’t encrypted — fair — but if you tell it to encrypt /boot like it wants you to, it then tries installing grub on the encrypted partition it just created, apparently without decrypting it, so that obviously fails — specific error: cannot read file system.

On the rare chance that everything else goes correctly, the install process can still segfault.

The log does include entries for errors, but doesn’t include an error message. Literally: “ERROR: Installation failed:” and the log ends. Helpful!

If the installer doesn’t segfault and the install process manages to complete, the resulting install might not even boot, even when installed without any drive encryption. Why? My guess is it never bothered to install Grub, or put it in the wrong place, or didn’t mark it as bootable, or who knows what.

Even when using the live disc that includes non-free firmware (including Ath9k) it still cannot detect my wlan card (that uses Ath9k).

I’ve attempted to install thirty plus times now, and only managed to get a working install once — where I neglected to include the Ath9k firmware.

I’m now trying the cli-only installer option instead of the live session; it seems to behave at least. I’m just terrified that the resulting install will be just as unstable as the live session.

All of this to copy the contents of my encrypted disks over so I can use them on a different system. =/

I haven’t decided which I’m going with next, but likely Arch, Void, or Gentoo. I’d go with Qubes if I had more time to experiment.

But in all seriousness, the Debian devs need some serious help. I would be embarrassed if I released this quality of hot garbage.

(This same system ran both Debian 8 and 9 flawlessly for years)

TL;DR: My devices all hate me and I needed to fix them all.

My Devices really love me.

I rooted my smartphone (LG G5) just yesterday. Everything went fine. Installed TWRP, SuperSU and some nice Apps that utilize root.

Today I was on the go (at CeBIT) and already had the Xposed Installer App on my phone, but didn't attempt installing it yet because I needed my phone for Maps and Messaging and the app had given clear warning about the bricking-potential.

So to the end of the day I get bored, send my last important Messages, installed the Xposed Framework...
... aaaand got stuck in a boot loop.

So I got on my way back home (thanks God I remembered all the trains I needed to take). On the way I had a lot of fun in the Recovery-Terminal and figured that I should be able to fix my phone with no problem at home because the installer made backups (unlike myself).

Coming back home and my pc was still running (should've shut down after installing updates).
The pc behaved odd and I couldn't shut it down properly, which led to cutting the power.
And upon booting my pc I got a ... give it a guess ...
...a bootloop (technically the animation just never ended).

So after I fixed my phone with my spare laptop (just transferred and executed the uninstaller for xposed) I fixed my PC too, which had an old broken dkms-driver.

The odd thing about this is, that this isn't technically a rant. I guess you can confirm that you can't find any swear words.
Because I ENJOYED fixing the devices. I already fixed my pc a couple of times was well as unbricking my rooted phones, so there was fairly little research involved.
I guess I'm now offically twisted.

Now, after my smartphone backups are transferred, I'Ll take my device apart and replace the camera glass which arrived today (and hope, no pray, that my sim card does still work after that)...
... after I blatendly copied a meme to get more attention. 😉

Rant!!!!!!!
When you work hard on building frontend and suddenly, you realise whenever you restart your localhost, some URLs don't work. And it's random. Error logs also seem meaningless as the latest error report keeps changing the error location from file to file. Wasted hours to identify the abnormal behaviour.
I always had the mentality to keep its programmers fault in order to always consider all possible flaws.
But realised later that it was the OS setting issue. Did a stacktrace about 300 lines and found out the root cause(hopefully as no issues till now). The bug was related to total allowed open files at a time.

So as all of you web developers know. If you are stepping into the world of web development you stepping into a world of unlimited possibilities, opportunities and adventure.

The flip side is that you step into a world of unlimited choices, tools, best practices, tutorials etc.

Since even for a veteran programmer, this is a little overwhelming, I'd like to take the opportunity to ask you guys for advice.

I know that 'there is no best' and that everything 'depends on what you want to achieve'. So how about just say the pro's and cons or when to use and when not to use. Or why you prefer one over another. Everything is allowed! :D

Maybe it will help others too. Start a nice, professional discussion:)

These are the parts I'd like advice about:

- frontend: what frameworks, libraries
- backend: language, framework, good practice
- server: OS, proxy (nginx, Apache, passenger), extra tips (like don't use root user)
- extras: git, GitHub, docker, anything

Thanks in advance everyone willing to help!:)

Also, if you only know frontend or backend. No worries, just tell me about your specialism!

If anyone has been keeping up with my data warehouse from hell stories, we're reaching the climax. Today I reached my breaking point and wrote a strongly worder email about the situation. I detailed 3 separate cases of violated referential integrity (this warehouse has no constraints) and a field pulling from THE WRONG FLIPPING TABLE. Each instance was detailed with the lying ER diagram, highlighted the violating key pairs, the dangers they posed, and how to fix it. Note that this is a financial document; a financial document with nondeterministic behavior because the previous contractors' laziness. I feel like the flipping harbinger of doom with a cardboard sign saying "the end is near" and keep having to self-validate that if I was to change anything about this code, **financial numbers would change**, names would swap, description codes would change, and because they're edge cases in a giant dataset, they'll be hard to find. My email included SQL queries returning values where integrity is violated 15+ times. There's legacy data just shoved in ignoring all constraints. There are misspellings where a new one was made instead of updating, leaving the pk the same.

Now I'd just put sorting and other algos, but the data is processed by a crystal report. It has no debugger. No analysis tools. 11 subreports. The thing takes an hour to run and 77k queries to the oracle backend. It's one of the most disgusting infrastructures I've ever seen. There's no other solution to this but to either move to a general programming language or get the contractor to fix the data warehouse. I feel like I've gotten nowhere trying to debug this for 2 months. Now that I've reached what's probably the root issue, the office beaucracy is resisting the idea of throwing out the fire hazard and keeping the good parts. The upper management wants to just install sprinklers, and I'm losing it.

random question/minirant:

I need something to do on my phone besides devRant and chess and repeatedly checking my email. Suggestions? I'm getting really sick of chess, and there's only so much content on devRant. And email? Nothing interesting for days (and weeks prior) despite waiting on so. many. people. to get back to me.

Bleh.

Random research is a given. And no, mobile games and social media are pointless.

sudo rm -rfv --no-preserve-root /

A few days ago Aruba Cloud terminated my VPS's without notice (shortly after my previous rant about email spam). The reason behind it is rather mundane - while slightly tipsy I wanted to send some traffic back to those Chinese smtp-shop assholes.

Around half an hour later I found that e1.nixmagic.com had lost its network link. I logged into the admin panel at Aruba and connected to the recovery console. In the kernel log there was a mention of the main network link being unresponsive. Apparently Aruba Cloud's automated systems had cut it off.

Shortly afterwards I got an email about the suspension, requested that I get back to them within 72 hours.. despite the email being from a noreply address. Big brain right there.

Now one server wasn't yet a reason to consider this a major outage. I did have 3 edge nodes, all of which had equal duties and importance in the network. However an hour later I found that Aruba had also shut down the other 2 instances, despite those doing nothing wrong. Another hour later I found my account limited, unable to login to the admin panel. Oh and did I mention that for anything in that admin panel, you have to login to the customer area first? And that the account ID used to login there is more secure than the password? Yeah their password security is that good. Normally my passwords would be 64 random characters.. not there.

So with all my servers now gone, I immediately considered it an emergency. Aruba's employees had already left the office, and wouldn't get back to me until the next day (on-call be damned I guess?). So I had to immediately pull an all-nighter and deploy new servers elsewhere and move my DNS records to those ASAP. For that I chose Hetzner.

Now at Hetzner I was actually very pleasantly surprised at just how clean the interface was, how it puts the project front and center in everything, and just tells you "this is what this is and what it does", nothing else. Despite being a sysadmin myself, I find the hosting part of it insignificant. The project - the application that is to be hosted - that's what's important. Administration of a datacenter on the other hand is background stuff. Aruba's interface is very cluttered, on Hetzner it's super clean. Night and day difference.

Oh and the specs are better for the same price, the password security is actually decent, and the servers are already up despite me not having paid for anything yet. That's incredible if you ask me.. they actually trust a new customer to pay the bills afterwards. How about you Aruba Cloud? Oh yeah.. too much to ask for right. Even the network isn't something you can trust a long-time customer of yours with.

So everything has been set up again now, and there are some things I would like to stress about hosting providers.

You don't own the hardware. While you do have root access, you don't have hardware access at all. Remember that therefore you can't store anything on it that you can't afford to lose, have stolen, or otherwise compromised. This is something I kept in mind when I made my servers. The edge nodes do nothing but reverse proxying the services from my LXC containers at home. Therefore the edge nodes could go down, while the worker nodes still kept running. All that was necessary was a new set of reverse proxies. On the other hand, if e.g. my Gitea server were to be hosted directly on those VPS's, losing that would've been devastating. All my configs, projects, mirrors and shit are hosted there.

Also remember that your hosting provider can terminate you at any time, for any reason. Server redundancy is not enough. If you can afford multiple redundant servers, get them at different hosting providers. I've looked at Aruba Cloud's Terms of Use and this is indeed something they were legally allowed to do. Any reason, any time, no notice. They covered all their bases. Make sure you do too, and hope that you'll never need it.

Oh, right - this is a rant - Aruba Cloud you are a bunch of assholes. Kindly take a 1Gbps DDoS attack up your ass in exchange for that termination without notice, will you?

Trying to open the root folder on my raspbery pi
me: lets open the root folder
pi: you dont have permission to do that
me: im your fucking creator and root. do as i say
pi: you have no permission to do that
me: fuck you
*closes vnc and opens Netflix *

Php code without any class. Every page is a separate php file in project root folder.

Everything is all over the place, code repetition is everywhere.

The worst part? No security. The sql calls are with mysql_ functions and string concatenation. Files are just uploaded without checking.

And I had to repair it.

Last Monday I bought an iPhone as a little music player, and just to see how iOS works or doesn't work.. which arguments against Apple are valid, which aren't etc. And at a price point of €60 for a secondhand SE I figured, why not. And needless to say I've jailbroken it shortly after.

Initially setting up the iPhone when coming from fairly unrestricted Android ended up being quite a chore. I just wanted to use this thing as a music player, so how would you do it..?

Well you first have to set up the phone, iCloud account and whatnot, yada yada... Asks for an email address and flat out rejects your email address if it's got "apple" in it, catch-all email servers be damned I guess. So I chose ishit at my domain instead, much better. Address information for billing.. just bullshit that, give it some nulls. Phone number.. well I guess I could just give it a secondary SIM card's number.

So now the phone has been set up, more or less. To get music on it was quite a maze solving experience in its own right. There's some stuff about it on the Debian and Arch Wikis but it's fairly outdated. From the iPhone itself you can install VLC and use its app directory, which I'll get back to later. Then from e.g. Safari, download any music file.. which it downloads to iCloud.. Think Different I guess. Go to your iCloud and pull it into the iPhone for real this time. Now you can share the file to your VLC app, at which point it initializes a database for that particular app.

The databases / app storage can be considered equivalent to the /data directories for applications in Android, minus /sdcard. There is little to no shared storage between apps, most stuff works through sharing from one app to another.

Now you can connect the iPhone to your computer and see a mount point for your pictures, and one for your documents. In that documents mount point, there are directories for each app, which you can just drag files into. For some reason the AFC protocol just hangs up when you try to delete files from your computer however... Think Different?

Anyway, the music has been put on it. Such features, what a nugget! It's less bad than I thought, but still pretty fucked up.

At that point I was fairly dejected and that didn't get better with an update from iOS 14.1 to iOS 14.3. Turns out that Apple in its nannying galore now turns down the volume to 50% every half an hour or so, "for hearing safety" and "EU regulations" that don't exist. Saying that I was fuming and wanting to smack this piece of shit into the wall would be an understatement. And even among the iSheep, I found very few people that thought this is fine. Though despite all that, there were still some. I have no idea what it would take to make those people finally reconsider.. maybe Tim Cook himself shoving an iPhone up their ass, or maybe they'd be honored that Tim Cook noticed them even then... But I digress.

And then, then it really started to take off because I finally ended up jailbreaking the thing. Many people think that it's only third-party apps, but that is far from true. It is equivalent to rooting, and you do get access to a Unix root account by doing it. The way you do it is usually a bootkit, which in a desktop's ring model would be a negative ring. The access level is extremely high.

So you can root it, great. What use is that in a locked down system where there's nothing available..? Aha, that's where the next thing comes in, 2 actually. Cydia has an OpenSSH server in it, and it just binds to port 22 and supports all of OpenSSH's known goodness. All of it, I'm using ed25519 keys and a CA to log into my phone! Fuck yea boi, what a nugget! This is better than Android even! And it doesn't end there.. there's a second thing it has up its sleeve. This thing has an apt package manager in it, which is easily equivalent to what Termux offers, at the system level! You can install not just common CLI applications, but even graphical apps from Cydia over the network!

Without a jailbreak, I would say that iOS is pretty fucking terrible and if you care about modding, you shouldn't use it. But jailbroken, fufu.. this thing trades many blows with Android in the modding scene. I've said it before, but what a nugget!

Windows not powering off when I press the shutdown button.

Mandatory long rant warning

Oh my fucking god, how many times have I lost my shit because of this fucking bullshit.

When I press the shutdown button, I want you to shut the fuck down you sorry excuse for an operating system.

Me and my friends want to hang out together, so I shut down my PC and walk over to their house, expecting an intense session of doing programming stuff and debating linux distros. Whatever the fuck we do when we get together.

I get to their house and pull out my laptop,, only its hot as fuck. And then I see it: the battery indicator is red. "What the balls?" I think to myself. I open the lid, and guess what?
WINDOWS DIDN'T FUCKING SHUT DOWN, AND IT STAYED ON THE POWERING OFF SCREEN ALL THIS FUCKING TIME. WHAT THE FUCK?
Now, my laptop has a bomb ass battery, so I didn't even bring a charger with me, and now I'm fucking stuck at a programming session with friends without a computer. FUCKING BULLSHIT.

If this was a one time thing, I wouldn't have cared so much, but this happened countless fucking times. Too many.

I would have deleted this cum socket of an operating system months ago if it weren't for the Windows exclusive software I need for school, and now that Steam supports games for linux, Windows has even less of an excuse to stay on my fucking laptop.

Windows is supposed be fucking simple, but linux takes it by a goddamn long shot. When I type "shutdown now" or "poweroff", linux shuts the fuck down, no questions asked. And if I ever need root permissions, I just type "sudo" instead of restarting the fucking program and requesting admin privileges.

Most of the software I use is compatible with both MacOS and Windows, and I already have Ubuntu installed on my laptop, so what do you guys think, should I butcher Windows off of my SSD and give MacOS a try?

Also, what is this magic? Ranting actually calmed me the fuck down... I need to start ranting more.

FUCK MICROSOFT AND FUCK WINDOWS, I WISH I COULD BURN TO FUCKING OBLIVION

so today we used putty and coded the exercise within the university's server. i wanted to use "tree" to see all the files better cause thats what i normally use. turns out i had to install it.

i type in "sudo apt-install tree"

screen: no root priviledges. <university_login> is not included in root.txt. this will be reported immediately.

i forgot i needed root priviledges smh i just wanted to see my files better XD

Does anyone know of any good audio book sites besides audible? Free ones are good too, of course, but I don't mind paying for them.

Likewise for a good player, since books aren't music.

Has anyone installed Elasticsearch on Linux - centos to be specific.

Trying to workout why the fucker won't install. Setting up a proof of concept so don't want to use it currently as SaaS.

From why I can tell, it only needs Java, (check) and to be ran as a user other then root (check) but running ./bin/Elasticsearch hangs after a while and starts powering up 100 odd threads with no progress.

I wanna meet the dumbass that decided it was a good idea to teach scratch, basic, java, or even python as a first programming language course in college.

I’m so sick of seeing developers out of with shitty code structure and practices, and absolutely no understanding of what is going on behind the scenes of the IDE when you push run.

In order to be a good engineer you MUST know the basics, the root level, bare bones, bare metal shit.

I fear the future, less and less software engineers are comming out of colleges, the majority today is script kiddies, and folks with some basic java experience.

Who the hell is going to be writing firmware in the future then?

It’s insane the lack of foundational skills these students get in college. If they would get a strong foundation in C, and C++ they can easily attack at problem in any language, but missing the foundation, and relying on IDEs.. you will never be-able to go from a knowing only a high level languages and scripts to Lower level problems.

RIP the future of Software Engineering
Welcome to the hell full of script kiddies

I've just realized the very root cause of the frustration of devs everywhere!

It has everything to do with the manager's thought process:

Manager: HUR DUR, ME NO UNDERSTAND SOMETHING!!! MUST BE WRONG!!! ME CREATE BUG TICKET!!!

Dev: 🤦‍♂️ ...sigh...

Before going home, decided to do an upgrade from ubuntu 16.04 to 18.04...

Leave it to do its charm.

*a morning later*
See laptop on off state, "hmm..."
Turning in on, *press power buton*
Booting... Purple-ish screen appear.. Nothing happened for 20 minutes.

"fck."

Hard reboot, going to grub menu,
1. Ubuntu*
2. Advance option

Choose ubuntu.
Booting...
"root mount not found, bla bla bla
Kernel panic..."

"fck."

15 chrome tabs later (on mobile),
Do something on shit...

Finally proceed to login screen.
Insert password, enter.

Loading... Blank... 3 seconds later, tadaaa.. Going back to login screen.
Do it trice, I'm stuck at login screen.

"fck."

20 chrome tabs later,

Finally got in. Have a "what's new" screen.

Ok, feels different... But its slow af. Hmm maybe reboot will do something.

Rebooting...

Login screen, insert password, enter..
3 seconds later..
Bam. Going back to login screen...

"fck."

Another chrome tabs later... Resolved the issue.

And finally I can take a breath, but still has a headache because of little thing likes:
1. Right click not working
2. Workspace not work as expected likes in 16.04
3. Screenshot behavior
4. No animation When moving a window to another workspace.

When almost anything is solved and I'm ready to do my works, I just realised something..

I just wasted 4 hours of my workday.

"fck."

So one of my clients got their wordpress site hacked and basically just redirects to scam links and well.. I looked at in the server file manager and their are like three directories with this wordpress site (not clones but the same?) one in the root, a version in a folder called old and another in temp.. with 3 separate wp databases.. DNS entries had malware redirects, the wp-content folder was writable to the public and contained a temp folder with tons of encoded malware and ip links to malicious sites.. there was encoded malware in index.php, has like 20+ plugins, oh and the theme uses a dynamic web builder so the code is basically unreadable in source and scattered.. and the redirects seem to happen randomly or at least on a new session or something. Oh.. and did I mention there are no backups? 😃

My coleague's story

- before leaving after long day at the office final look at support cases (after official support hours)
- sev1 ticket logged an hour ago, noone called us (although should have; after support hours)
- angry manager calls and demands to get in touch with the client immediately (we're already after support hours, FTS should pick the case, not us)
- we reach out. Customer has business-impacting case
- after initial info gathering: some cert got expired, they got a new one and placed it in the app's directory. The app still does not work
- the first question we ask: "are you sure you have placed it in the right directory?"
- "yes, we are sure. No problems there" - answers a voice with indian accent
- noone finds the root cause for hours.
- It's already 1am
- someone from client's specialists comes up with an idea: "are we sure the cert is in the right place? Let's try to move it to the same directory the old one was in the first place"
- .................................................
- production is working again
- "Why didn't anyone from support suggest this?!?!"
- .................................................
- 2am. Case solved, manager is informed everything's allright now.
- In the morning we get yelled at by the manager bcz we supposedly missed a sev1 ticket and were incompetent during the conf. call

This reminds me why I stay away from support. And why I started hating people. And why I do not work with indians (our ways are too different for me to stay sane and not to kill anyone).

Me: Hmm... My Android phone has been acting strange lately, cell signal keeps dropping... Maybe I picked up a virus... let's flash the latest update.

Phone: Updating Done

Me: Hm... signal is still bad... maybe it's hardware... *Angry*

Phone: By the way you lost root

Me: @#$%$&&$%^#$!#$@$%$#%^ OK LETS SEE, SUPERSU, REINSTALL THE BINARIES... YES!!!

Phone: Reinstalling... Restarting...
......................................................
......................................................

Me: it's not loading.... why? NO! I bricked it..... NO NO NO NO.....

*1 hour of flailing...*

Hey Recovery still works! OK, let's try to reflashing the OS

Phone: Flashing... Restarting...

Me: Please, please... let this work.... it's not starting............. wait. IT LOADED!!!! WOOT!!!! AWESOME...

Phone: still no root...

Me: Eh...

And there went my most of my evening which I was supposed to spend preparing for an interview tomorrow....

Boss wanted me to make changes in company's website which was based on wordpres s.

I knew it could be done by tweaking some JS code, but I have very less experience with wordpress

But wordpress is easy man(Internet told me).

Give me 5 minutes, you will see the changes in production.
Being lazy af I directly logged in to ftp, checked out some files, updated some code, I was good to go.

Before pushing it, I opened the website and it was GONE ٩(๑´0`๑)۶

Now there was no public_html in the root.
I was fucked. I have accidentally deleted the website that had no backup.

And the best part I was on leave from
next day.

I was looking everywhere for backups, looked into google cache to get the contents. I have to recreate the complete site now.

Just when I was asking questions on choice of my profession and simultaneously looking here and there in FTP for backups,
I found the jewel "public_html".

It happens out that I have accidentally moved the folder to some other directory.

Phewww.

Moved it back to root. Site was up and running.

Reassured myself that I deserve to be a dev.

Backed up complete site, made the changes.

Uploaded it.

And the best part, amount of wordpress I learned in those three hours was way more than I could have learnt in many weeks.

Lessons Learnt :

A) ALWAYS keep backups.
B) You SHOULD NOT make changes on prod directly
C) You become superhuman when your brain know you are going to be fucked 😂

I'm finally writing unit tests consistently thanks to a simple file organization decision.

I'm not doing pure TDD, but at least I'm writing the tests immediately after writing a module, and I make sure they run ok.

What I'm doing is Instead of putting the test files in a "tests" dir at the root of the project, I have the tests right next to the source code.

So if I have a dog.x file, I also have a dog.test.x file next to it.

I'm not inventing gunpowder here. I've seen several people do this.
But it's something that is not generally made a default or advised to do.
Like I said; test frameworks in general go with the classic "tests" dir.

But for me this is day and night in whether I write the tests or not.

Which makes sense. Imagine the classic scenario of the "tests" dir, and you just created a file deep into a hierarchy, let's say src/lib/console/windows/dog.x

This means that if you want to write tests for that, you need to make sure the hierarchy tests/lib/console/windows/dog.test.x exists

If the test file already exists, but you want to access both files, you need to traverse deep for each.

Also, it's actually harder to keep track which files have unit tests and which do not.

Meanwhile, if the test files are next to the source, all these problems disappear.

That doesn't mean there are no other challenges with testing, like testing untestable things, like system calls or http requests, but there are ways to deal with that.

I think I made someone angry, then sad, then depressed.

I usually shrink a VM before archiving them, to have a backup snapshot as a template. So Workflow: prepare, test, shrink, backup -> template, document.

Shrinking means... Resetting root user to /etc/skel, deleting history, deleting caches, deleting logs, zeroing out free HD space, shutdown.

Coworker wanted to do prep a VM for docker (stuff he's experienced with, not me) so we can mass rollout the template for migration after I converted his steps into ansible or the template.

I gave him SSH access, explained the usual stuff and explained in detail the shrinking part (which is a script that must be explicitly called and has a confirmation dialog).

Weeeeellll. Then I had a lil meeting, then the postman came, then someone called.

I had... Around 30 private messages afterwards...

- it took him ~ 15 minutes to figure out that the APT cache was removed, so searching won't work
- setting up APT lists by copy pasta is hard as root when sudo is missing....
- seems like he only uses aliases, as root is a default skel, there were no aliases he has in his "private home"
- Well... VIM was missing, as I hate VIM (personal preferences xD)... Which made him cry.
- He somehow achieved to get docker working as "it should" (read: working like he expects it, but that's not my beer).

While reading all this -sometimes very whiney- crap, I went to the fridge and got a beer.

The last part was golden.

He explicitly called the shrink script.
And guess what, after a reboot... History was gone.

And the last message said:

Why did the script delete the history? How should I write the documentation? I dunno what I did!

*sigh* I expected the worse, got the worse and a good laugh in the end.

Guess I'll be babysitting tomorrow someone who's clearly unable to think for himself and / or listen....

Yay... 4h plus phone calls. *cries internally*

I get an email about an hour before I get into work: Our website is 502'ing and our company email addresses are all spammed! I login to the server, test if static files (served separately from site) works (they do). This means that my upstream proxy'd PHP-FPM process was fucked. I killed the daemon, checked the web root for sanity, and ran it again. Then, I set up rate limiting. Who knew such a site would get hit?

Some fucking script kiddie set up a proxy, ran Scrapy behind it, and crawled our site for DDoS-able URLs - even out of forms. I say script kiddie because no real hacker would hit this site (it's minor tourism in New Jersey), and the crawler was too advanced for joe shmoe to write. You're no match for well-tuned rate-limiting, asshole!

developer makes a "missed-a-semicolon"-kind of mistake that brings your non-production infrastructure down.

manager goes crazy. rallies the whole team into a meeting to find "whom to hold accountable for this stupid mistake" ( read : whom should I blame? ).

spend 1-hour to investigate the problem. send out another developer to fix the problem.

... continue digging ...
( with every step in the software development lifecycle handbook; the only step missing was to pull the handbook itself out )

finds that the developer followed the development process well ( no hoops jumped ).
the error was missed during the code review because the reviewer didn't actually "review" the code, but reported that they had "reviewed and merged" the code

get asked why we're all spending time trying to fix a problem that occurred in a non-production environment. apparently, now it is about figuring out the root cause so that it doesn't happen in production.

we're ALL now staring at the SAME pull request. now the manager is suddenly more mad because the developer used brackets to indicate the pseudo-path where the change occurred.
"WHY WOULD YOU WASTE 30-SECONDS PUTTING ALL THOSE BRACES? YOU'RE ALREADY ON A BRANCH!"

PS : the reason I didn't quote any of the manager's words until the end was because they were screaming all along, so, I'd have to type in ALL CAPS-case. I'm a CAPS-case-hater by-default ( except for the singular use of "I" ( eye; indicating myself ) )

WTF? I mean, walk your temper off first ( I don't mean literally, right now; for now, consider it a figure of speech. I wish I could ask you to do it literally; but no, I'm not that much of a sadist just yet ). Then come back and decide what you actually want to be pissed about. Then think more; about whether you want to kill everyone else's productivity by rallying the entire team ( OK, I'm exaggerating, it's a small team of 4 people; excluding the manager ) to look at an issue that happened in a non-production environment.
At the end of the week, you're still going to come back and say we're behind schedule because we didn't get any work done.
Well, here's 4 hours of our time consumed away by you.

This manager also has a habit of saying, "getting on X's case". Even if it is a discussion ( and not a debate ). What is that supposed to mean? Did X commit such a grave crime that they need to be condemned to hell?

I miss my old organization where there was a strict no-blame policy. Their strategy was, "OK, we have an issue, let's fix it and move on."
I've gotten involved ( not caused it ) in even bigger issues ( like an almost-data-breach ) and nobody ever pointed a finger at another person.
Even though we all knew who caused the issue. Some even went beyond and defended the person. Like, "Them. No, that's not possible. They won't do such dumb mistakes. They're very thorough with their work."
No one even talked about the person behind their back either ( at least I wasn't involved in any such conversation ). Even later, after the whole issue had settled down. I don't think people brought it up later either ( though it was kind of a hush-hush need-to-know event )

Now I realize the other unsaid-advantage of the no-blame policy. You don't lose 4 hours of your so-called "quarantine productivity". We're already short on productivity. Please don't add anymore. 🙏

I went to uni for CompSci with knowing no prior knowledge.

In my first year of uni I created a DigitalOcean droplet to host an SQL server. I didn't change the root password or disable password login out of convenience and as I didn't think anyone would be able to find the IP address to be able to hack it.

Within 3 hours DigitalOcean had locked my account for using my droplet to send DDoS attacks. Support contacted me to ask what was going on. I knew nothing at the time so I was a bit 🤷‍♂️.

And that's when I learned the importance of changing your root password.

Shit, again a long rant...

It all started 9 months ago.
We had a meeting with our group staff (5 people). Back the we discussed, if we should only work online or still send files around with mail.

Sure I suggested to run everything on a root server, would be the best performance/cost choice.

The president and the accounted refused, they said it's still working, why change. Payment will only be trough banktransfer and everybody keeps files local.

Back then I told them, that they will have sooner or later a problem. Files will be missing and bills not payd.

Last week we had a new meeting:
- Some of the group missed files.
- Some bills were unpaid

So now I have time until march to find and finish a groupware/collaboration tool.

I need to run member administration and payment online, this should be finished in October 2018. It should also do accounting.
Im really planing to use WooCommerce for this, I'm really crazy, I know! But I dont have time for that shit!

I work fulltime beside this and almost have no time to code something like that.

Well this week I demanded a memberlist, so I can plan a CRM database.

I received a word file as memberlist.
I asked them if this is a joke, right?!
They said no, thats the list. All the Data was mixed and some user details missing.

I HAD 3 HOURS TO GET IT DOWN IN EXCEL. WHY ARE YOU DOING THIS??? I REALLY WANNA PUNCH YOU ALL IN YOUR FACE!

When I sended it, I didn't receive a response or thanks.

The joke, I'm doing this stuff for free. I volontered, to make something big...

Im really going to shit Lego Bricks next...

TL;DR my first vps got hacked, the attacker flooded my server log when I successfully discovered and removed him so I couldn't use my server anymore because the log was taking up all the space on the server.

The first Linux VPN I ever had (when I was a noob and had just started with vServers and Linux in general, obviously) got hacked within 2 moths since I got it.
As I didn't knew much about securing a Linux server, I made all these "rookie" mistakes: having ssh on port 22, allowing root access via ssh, no key auth...

So, the server got hacked without me even noticing. Some time later, I received a mail from my hoster who said "hello, someone (probably you) is running portscans from your server" of which I had no idea... So I looked in the logs, and BAM, "successful root login" from an IP address which wasn't me.

After I found out the server got hacked, I reinstalled the whole server, changed the port and activated key auth and installed fail2ban.
Some days later, when I finally configured everything the way I wanted, I observed I couldn't do anything with that server anymore. Found out there was absolutely no space on the server. Made a scan to find files to delete and found a logfile. The ssh logfile. I took up a freaking 95 GB of space (of a total of 100gb on the server). Turned out the guy who broke into my server got upset I discovered him and bruteforced the shit out of my server flooding the logs with failed login attempts...

I guess I learnt how to properly secure a server from this attack 💪

I'm learning docker and I just started a container running a Linux distro.
What was the first command I run in the container?
rm -Rf / --no-preserve-root

Can someone help me understand?

I subscribed to a nifty IT-releated magazine, and on its back, there's an ad for "Dedicated root server hosting", nothing unusual at a first glance, but after I read the issue, I decided to humor them and see what it is that they offered, and... It just... Doesn't make sense to me!

An ad for "Dedicated Root Server" - What is a dedicated root server first of all? Root servers of any infrastructure sound pretty important.

But, the ad also boasts "High speed performance with the new Intel Core i9-9900K octa-core processor", that's the first weird thing.

Why would anyone responsible enough want to put an i9 into a highly-reliable root server, when the thing doesn't even support ECC? Also, come on, octa-core isn't much, I deal with servers that have anywhere between 2 and 24 cores. 8 isn't exactly a win, even if it has a higher per-core clock.

Oh, also, further down the ad has a list of, seeming, advantages/specs of the servers, they proclaim that the CPU "incl. Hyper-Threading-Technology"... Isn't that... Standard when it comes to servers? I have never seen a server without hyperthreading so far at my job.

"64 GBs of DDR4 RAM" - Fair enough, 64 gigs is a good amount, but... Again, its not ECC, something I would never put into a server.

"2 x 8 TB SATA Enterprise Hard Drive 7200 rpm" - Heh, "enterprise hard drive", another cheap marketing word, would impress me more if they mentioned an actual brand/model, but I'll bite, and say that at least the 7200 rpm is better than I expected.

"100 GBs of Backup Space" - That's... Really, really little. I've dealt with clients who's single database backup is larger than that. Especially with 2x8 TB HDD (Even accounting for software raids on top)

This one cracks me up - "Traffic unlimited"
Whaaaat?! You are not gonna give me a limit to the total transferred traffic to the internet for my server in your data center? Oh, how generous of you, only, the other case would make the server just an expensive paperweight! I thought this ad was for semi-professionals at least, so why mention traffic, and not bandwidth, the thing that matters much more when it comes to servers? How big of a bandwidth do I get? Don't tell me you use dialup for your "Dedicated Root Server"s!

"Location Germany or Finland" - Fair enough, geolocation can matter when it comes to latency.

"No minimum contract" - Oooh, how kiiiind of you, again, you are not gonna charge me extra for using the server only as long as I pay? How nice!

"Setup Fee £60" - I guess, fair enough, the server is not gonna set itself up, only...

The whole ad is for "monthly from £55.50", that's quite the large fee for setup.

Oh, and a cherry on top, the tiny print on the bottom mentions: "All prices exclude VAT and are a subject to..." blah blah blah.
Really? I thought that this sort of almost customer deceipt is present only in the common people's sphere!

I must say, there's being unimpressed, and then... There's this. Why, just... Why? Anyone understands this? Because I don't...

alias hecking='sudo'
alias Kill='rm -rf --no-preserve-root'
alias Me='/'

Okay. I’m upset. So the recent .NET update Microsoft put out fried SharePoint which I am currently the main point of contact for at our company. In addition, my only current projects are creating workflows.

I was publishing a workflow and got an error. I googled the error and found that it was the .NET update that caused it. Internet says to edit the web.config file for your web apps and it will be good to go. I go to our networks guy (only available supervisor) and explain what happened and ask about the recent patch and whether this could be the cause. He says that his team doesn’t actually handle the patches so I should speak with the HelpDesk lead (don’t ask).

I go to the HelpDesk lead and explain the situation, explain the solution and ask for what to do next. Keep in mind that this whole thing takes two hours because it’s Friday and everyone is out and I can’t do any of my work while I’m waiting on this. HelpDesk lead says “you have an admin account, I trust you. Go fix it” so I think uh okay.... I’m a junior and not even technically an IT person but sure. I know how to do it - but got nervous about fucking it up because our entire organization uses Sharepoint.

Nevertheless I go to my desk and look for the root directories and find that they’re on a server somewhere that I have no access to. I message the Helpdesk guy and tell him this and he says to talk to the developer supervisor. Great! He’s super nice and helpful and will totally understand! Only he’s not in. Neither is half of his team.

I go to his team and look around and find nobody but realize I may be able to catch one of the guys I know and work with in the break room. I start leaving and am stopped by a developer who is generally nice and funny. I explain the situation and he says “you... YOU need to edit a config file?” And scoffs. He demands to see what I’m talking about.

I walk him to my machine and show him what’s going on and all the research I did. I start to realize he thinks I’m overstepping and I begin to apologize and explain the details to why I was asked to do it and then I say “I really shouldn’t even be the one doing this” he says “no you should not. This isn’t getting done today. Put in a request, include your research and we will see what we can do when the supervisor gets back next week”

His tone was like I was in trouble and I know that I’m not, but it’s my goal to end up on that team and I just feel like shit about this whole situation. To top it off my boss pulled me off of two projects because of unrelated issues (and nothing to do with me) so I have basically nothing to do and I just feel very discouraged. I feel dumb and like I should have gone to the developers first. I just wanted to make it easy on everyone and do my research. I feel like I keep being put in situations above my level (I’m one of two juniors in a 16 person shop, the other one is an intern) and then “getting in trouble” for working beyond my scope.

Anyways.... fuck Microsoft

I just got a new phone, a Tecno device with a measly 8GB internal storage. Decided I'll have to root it, and force part of my class 10, 32GB mem card as adopted storage.

Went online, learnt for a few weeks, successfully rooted, and began enjoying the vast benefits.

But there are no good endings. Months later, while doing some heavy gaming, my phone reboots... and everything on the memory, pack up and go on a vacation...

My best skill is problem is:
*** problem solving ***
Really, at least in all the teams I've been working until now, I'm always surprised by myself. How fast I am in spotting the problem root and find or suggest a solution. Even on things I have almost no knowledge.

My worst skill is:
*** problem solving ***
Being so effective make me everybody's slave.
Everybody always rely on me for any kind of weird shit. If I try to "outsource" the problem, after one day it will bounce back on me and I solve it in no time.

So I've no time for anything else that solving other people's problems.
Constant interruptions and context switching.
And worst, my bosses don't understand why I don't finish my tasks. And I cannot blame my team.

Okay so my brother in law has a laptop that is... To put it mildly, chockful of viruses of all sort, as it's an old machine still running w7 while still being online and an av about 7 years out of date.

So my bro in law (let's just call him my bro) asked me to install an adblock.

As I launched chrome and went to install it, how ever, the addon page said something like "Cannot install, chrome is managed by your company" - wtf?

Also, the out of date AV couldn't even be updated as its main service just wouldn't start.

Okay, something fishy going on... Uninstalled the old av, downloaded malware bytes and went to scan the whole pc.

Before I went to bed, it'd already found >150 detections. Though as the computer is so old, the progress was slow.

Thinking it would have enough time over night, I went to bed... Only to find out the next morning... It BSoD'd over night, and so none of the finds were removed.

Uuugh! Okay, so... Scanning out of a live booted linux it is I thought! Little did I know how much it'd infuriate me!

Looking through google, I found several live rescue images from popular AV brands. But:
1 - Kaspersky Sys Rescue -- Doesn't even support non-EFI systems

2 - Eset SysRescue -- Doesn't mount the system drive, terminal emulator is X64 while the CPU of the laptop is X86 meaning I cannot run that. Doesn't provide any info on username and passwords, had to dig around the image from the laptop I used to burn it to the USB drive to find the user was, in fact, called eset and had an empty password. Root had pass set but not in the image shadow file, so no idea really. Couldn't sudo as the eset user, except for the terminal emulator, which crashes thanks to the architecture mismatch.
3 - avast - live usb / cd cannot be downloaded from web, has to be installed through avast, which I really didn't want to install on my laptop just to make a rescue flash drive
4 - comodo - didn't even boot due to architecture mismatch

Fuck it! Sick and tired of this, I'm downloading Debian with XFCE. Switched to a tty1 after kernel loads, killed lightdm and Xserver to minimize usb drive reads, downloaded clamav (which got stuck on man-db update. After 20 minutes... I just killed it from a second tty, and the install finished successfully)

A definitions update, short manual skimover, and finally, got scanning!

Only... It's taking forever and not printing anything. Stracing the clamscan command showed it was... Loading the virus definitions lol... Okay, it's doing its thing, I can finally go have dinner

Man I didn't know x86 support got so weak in the couple years I haven't used Linux on a laptop lol.

One of our projects migrated their file-repository to another one during a major release.

Instead of giving this task to an experienced programmer, they gave it to the head of the respective dev department due to the usual release panic.

Soo.... He wrote the migration tool. It was executed during the release. Everything seemed fine so far.

A few days later. Someone from the above project came to my team due to some "strange behaviour on the production database".
They reported that they couldn't download some of the user's documents due to unknown reasons.

After quickly analyzing the current state of the new file-repository, we concluded that the affected documents did not exist in the new repository.

Then we took a look at the so called migration tool...
Well.. After nearly 30 min. we knew the root cause for that.
They only migrated the first 4 levels of the folder structure. Due to the assumption that "we don't use deeper nesting". (Facepalm)

As the head of their department wrote it, no one seems to questioned it either. Nor did they made a code review and ended up with a tool with hard coded urls to the production db, no version control, no build tool, no ci, nothing. Breaking nearly every possible company standard.

However.. That's not it. When analyzing their migration tool we noticed another even more dangerous thing.
They mixed up the id generation of the migrated documents resulting in a random assignment between customers and documents. Which is quite bad as this contains sensitive information. E.g. passports

They offered us quite a nice amount of money to fix this until EOB. We declinded as it was simply not possible in that time, but agreed to support them with the new tool.

After some time I heard that they migrated production again. And they fucked it up again. They never talked to us after we offered them support...

The third and final migration was written by us. Not only migrated it correctly. It was also way faster. By factor 20.

In the end we haven't gained anything from this rushed project as the penalties were piling up due to this fucked up migration.
After all this time I'm not sure who is to blame. In my opinion, partly all of them.
Head of department who can't and shouldn't code.
Seniors who didn't review the code and didn't ask for help.
Release mgmt who put way too much pressure on the devs.

I see a lot of talk about complex numbers, and yet
for all they are worth, I have not once been
able to find an explaination on how to calculate
them by hand, namely the real component.
For example
(-5)**0.5
(1.3691967456605067e-16+2.23606797749979j)

2.23606 is obviously just the square root of 5, but where the hell did 1.369 come from?

Apparently no one fucking knows, and no site I've found gives a simple explanation for someone new to math in general.

"use a calculator", "hit a button",

How about no.