What it's like to be a network engineer...translated into normal people speak

User: I think we are having a major road issue.

Me: What? No, I just checked, the roads are fine. I was actually just on the roads.

User: No, I’m pretty sure the roads are down because I’m not getting pizzas.

Me: Everything else on the roads is fine. What do you mean you aren’t getting pizzas?

User: I used to get pizzas when I ordered them, now I’m not getting them. It has to be a road issue.

Me: As I said, the roads are fine. Where are you getting pizzas from?

User: I’m not really sure. Can you check all places that deliver pizzas?

Me: No I don’t even know all the places that deliver pizza. You need to narrow it down.

User: I think it is Subway.

Me: Okay, I’ll check…No, I just looked and Subway doesn't deliver pizzas.

User: I’m pretty sure it is Subway. Can you just allow all food from Subway and we can see if pizza shows up?

Me: Sigh, fine I’ve allowed all food from Subway, but I don’t think that is the issue.

User: Yeah I’m still not getting pizza. Can you check the roads?

Me: It’s not the roads, the roads are fine. I’m pretty sure Subway isn’t the place.

User: Okay, I found it. It’s Papa Johns.

Me: Okay, I looked and Papa Johns does deliver pizza. Is it the local Papa Johns or one in a different town?

User: I don’t know. Can you allow pizza from all Papa Johns to me?

Me: No I can’t do that. Can you get me an address for Papa Johns?

User: No, I only know it as Papa Johns. Can you get me all the addresses of all Papa Johns and I’ll tell you if one of them is correct?

Me: No, I don’t have time for that. Okay, I looked at the local one and it looks like they have sent you pizza in the past and they are currently allowed to send you pizzas. Try ordering a pizza while I watch.

User: Yeah still no pizza. I’m guessing they are getting blocked at the freeway. Can you check the freeway to make sure they can get through?

Me: No, this is a local delivery. They aren't even using the freeway.

User: Okay, well then it has to be a road issue.

Me: No, the roads are fine. Okay, I just drove from the Papa Johns to the address they have on file for you and there is nothing there.

User: Hmm, wait we did move recently.

Me: Did you give your new address to Papa Johns?

User: No, I just thought they would be able to look me up by name.

Me: No they need your new address. What’s your new address?

User: I’m not really sure. Can you look it up?

Me: Sigh, give me a second…Okay, I found your address and gave it to Papa Johns. Try ordering a pizza now.

User: HEY! PIZZA JUST SHOWED UP!

Me: Okay, good.

User: (To everyone else they know) I apologize for the delay in the pizza but there was a major road issue that was preventing the pizza from getting to me. The network engineer has fixed the roads and we are able to get pizza again.

Me: But it wasn’t the roads…whatever.

User: Oh, can you also check on an issue where Chinese food isn’t getting to me? I think it may be a road issue

I worked with a good dev at one of my previous jobs, but one of his faults was that he was a bit scattered and would sometimes forget things.

The story goes that one day we had this massive bug on our web app and we had a large portion of our dev team trying to figure it out. We thought we narrowed down the issue to a very specific part of the code, but something weird happened. No matter how often we looked at the piece of code where we all knew the problem had to be, no one could see any problem with it. And there want anything close to explaining how we could be seeing the issue we were in production.

We spent hours going through this. It was driving everyone crazy. All of a sudden, my co-worker (one referenced above) gasps “oh shit.” And we’re all like, what’s up? He proceeds to tell us that he thinks he might have been testing a line of code on one of our prod servers and left it in there by accident and never committed it into the actual codebase. Just to explain this - we had a great deploy process at this company but every so often a dev would need to test something quickly on a prod machine so we’d allow it as long as they did it and removed it quickly. It was meant for being for a select few tasks that required a prod server and was just going to be a single line to test something. Bad practice, but was fine because everyone had been extremely careful with it.

Until this guy came along. After he said he thought he might have left a line change in the code on a prod server, we had to manually go in to 12 web servers and check. Eventually, we found the one that had the change and finally, the issue at hand made sense. We never thought for a second that the committed code in the git repo that we were looking at would be inaccurate.

Needless to say, he was never allowed to touch code on a prod server ever again.

So a few days ago I felt pretty h*ckin professional.

I'm an intern and my job was to get the last 2003 server off the racks (It's a government job, so it's a wonder we only have one 2003 server left). The problem being that the service running on that server cannot just be placed on a new OS. It's some custom engineering document server that was built in 2003 on a 1995 tech stack and it had been abandoned for so long that it was apparently lost to time with no hope of recovery.

"Please redesign the system. Use a modern tech stack. Have at it, she's your project, do as you wish."

Music to my ears.

First challenge is getting the data off the old server. It's a 1995 .mdb file, so the most recent version of Access that would be able to open it is 2010.

Option two: There's an "export" button that literally just vomits all 16,644 records into a tab-delimited text file. Since this option didn't require scavenging up an old version of Access, I wrote a Python script to just read the export file.

And something like 30% of the records were invalid. Why? Well, one of the fields allowed for newline characters. This was an issue because records were separated by newline. So any record with a field containing newline became invalid.

Although, this did not stop me. Not even close. I figured it out and fixed it in about 10 minutes. All records read into the program without issue.

Next for designing the database. My stack is MySQL and NodeJS, which my supervisors approved of. There was a lot of data that looked like it would fit into an integer, but one or two odd records would have something like "1050b" which mean that just a few items prevented me from having as slick of a database design as I wanted. I designed the tables, about 18 columns per record, mostly varchar(64).

Next challenge was putting the exported data into the database. At first I thought of doing it record by record from my python script. Connect to the MySQL server and just iterate over all the data I had. But what I ended up actually doing was generating a .sql file and running that on the server. This took a few tries thanks to a lot of inconsistencies in the data, but eventually, I got all 16k records in the new database and I had never been so happy.

The next two hours were very productive, designing a front end which was very clean. I had just enough time to design a rough prototype that works totally off ajax requests. I want to keep it that way so that other services can contact this data, as it may be useful to have an engineering data API.

Anyways, that was my win story of the week. I was handed a challenge; an old, decaying server full of important data, and despite the hitches one might expect from archaic data, I was able to rescue every byte. I will probably be presenting my prototype to the higher ups in Engineering sometime this week.

Happy Algo!

"Let's go for the low hanging fruit first" 🤢

"I think we should do some market research" 🤢

"Yeah that is also on my radar" 🤢

OKAY YOU FUCKING CUNT, STOP WITH YOUR PATRONIZING SHIT.

FIRST OF ALL, ARE YOU REALLY SO SMALL MINDED THAT YOU CAN'T REACH ANY HIGHER? THIS TREE IS FUCKING RAW AMD BARE ON THE BOTTOM, WITH YOUR FILTHY CLAWS GRASPING FOR ALL THOSE EASY NARROW FIXES.

SECONDLY, A FUCKING EMAIL SURVEY WITH BIASED QUESTIONS ANSWERED BY 3 HOBOS IS NOT BLOODY MARKET RESEARCH.

THIRDLY, IF THIS NUCLEAR ICBM OF AN INFRASTRUCTURE PROBLEM IS ON YOUR RADAR, MAYBE STOP FONDLING YOUR SWEATY BALLS FOR A MINUTE AND TAKE ACTION.

"Okay lets peel this onion, so we hit the ground running" 😩🤢😞

NO, LET'S NOT "HIT THE GROUND RUNNING", YOU'RE GOING TO FUCKING TRIP AND MESS UP YOUR FACE EVEN MORE. HOW ABOUT GET YOUR PILE OF SHIT IN ORDER FOR ONCE, PREPARE FOR A MEETING? HOW ABOUT THOUGHTFUL ACTION, SOME FEATURE DESIGN?

"No, just implement it quick and dirty" 🤢😡👿

OH YOU WANT IT QUICK AND DIRTY? IS THAT HOW YOU FUCK YOUR DAD AS WELL?

"Let's evaluate the fix in a few weeks. We really had good synergy here team" 🤢😫

YEAH SURE, LET'S EVALUATE THIS.... BUT LET'S EVALUATE IT RIGHT NOW: 😡

"Ahem....

1. You're always late for meetings.
2. After 6 months, you still barely know what we do as a company, you still don't know the teams, and you still don't know the product.
3. You do not listen to engineers flooding you with red flags, requiring time for a redesign to fix serious scaling issues.
4. Everything must be a quickfix, nothing is allowed to require thought, because you CAN ABSOLUTELY NOT think ahead for more than 30 seconds.

OH AND IF YOU EVER AGAIN COVER UP ONE OF YOUR MANY SHORTCOMINGS WITH THAT FUCKING SLIMEY DOUCHEBAG MANAGER VOCABULARY OF YOURS, LET'S SEE HOW MUCH SYNERGY YOU FEEL WHEN YOU'RE DEEPTHROATHING A CACTUS."

Hacking/attack experiences...
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜

Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.

First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.

Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.

Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.

Dealing with attacks and getting hacked.

Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.

linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)

How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!

One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)

Dealing with different kinds of attacks:

Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.

So yah, hereby :P

So I had my exams recently and I thought I'd post some of the most hacky shit I've done there over here. One thing to keep in mind, I'm a backender so I always have to hack my way around frontend!

- Had a user level authentication library which fucked up for some reason so I literally made an array with all pages and user levels allowed so I pretty much had a hardcoded user level authentication feature/function. Hey, it worked!

- CSS. Gave every page a hight of 110 percent because that made sure that you couldn't see part of the white background under the 'background' picture. Used !important about everywhere but it worked :P.

- Completey forgot (stress, time pressure etc) to make the user ID's auto incremented. 'Fixed' that by randomly generating a user id and really hoping during every registration that that user ID did not exist in the database already. Was dirty as fuck but hey it worked!

- My 'client' insisted on using Windows server.Although I wouldn't even mind using it for once, I'd never worked with it before so that would have been fucked for me. Next to that fact, you could hear swearing from about everyone who had to use Windows server in that room, even the die hard windows users rather had linux servers. So, I just told a lot of stuff about security, stability etc and actually making half of all that shit up and my client was like 'good idea, let's go for linux server then!'. Saved myself there big time.

- CHMOD'd everything 777. It just worked that way and I was in too much time pressure to spend time on that!

- Had to use VMWare instead of VirtulBox which always fucks up for me and this time it did again. Windows 10 enjoyed corrupting the virtual network adapters after every reboot of my host so I had to re-create the whole adapter about 20 times again (and removing it again) in order to get it to work. Even the administrator had no fucking clue why that was happening.

- Used project_1.0.zip etc for version control :P.

Yup, fun times!

Time for an actual rant:

During an internship I heard from my PM that my assignment for the week after was going to be working on a specific sql query to add some features and fix some bugs.

When talking with colleagues about that assignment later, they laughed and referred to the query as the "query of doom" (QoD), naive as I was back then, I thought that one of my colleagues had the QoD displayed on his screen because the query he was working on looked rather large (about 20 lines). They all laughed and told me I was in for a treat.

Starting my assignment the week after I was horrified to find out the QoD was huge, and by huge I mean, printing that specific query resulted in 8 A4 pages font size 10, front and back.
There were over a 100 union statements, no proper aliases, no documentation, not a single foreign key in the entire database, naming that makes no sense. And everything written manually by 10 different developers over the past years, who all fell of the face of the earth.

And this was only the query of doom. The entire product was a complete clusterfuck of forms with a queries directly behind action buttons, because we weren't allowed to make classes (yes you read that correctly. We couldn't make classes, unless we had a very compelling reason). Everything was created by over 30 different devs who only managed to stay just long enough to get some work done.

And all of this was the result of a PM who didn't believe in frameworks, ORM's, OOP, classes, ... because that made the software slow. To this day he still manages that product, but I'm glad that I quickly decided to move on.

Root gets ignored.

I've been working on this monster ticket for a week and a half now (five days plus other tickets). It involves removing all foreign keys from mass assignment (create, update, save, ...), which breaks 1780 specs.

For those of you who don't know, this is part of how rails works. If you create a Page object, you specify the book_id of its parent Book so they're linked. (If you don't, they're orphans.) Example: `Page.create(text: params[:text], book_id: params[:book_id], ...)` or more simply: `Page.create(params)`

Obviously removing the ability to do this is problematic. The "solution" is to create the object without the book_id, save it, then set the book_id and save it again. Two roundtrips. bad.

I came up with a solution early last week that, while it doesn't resolve the security warnings, it does fix the actual security issue: whitelisting what params users are allowed to send, and validating them. (StrongParams + validation). I had a 1:1 with my boss today about this ticket, and I told him about that solution. He sort of hand-waved it away and said it wouldn't work because <lots of unrelated things>. huh.

He worked through a failed spec to see what the ticket was about, and eventually (20 minutes later) ran into the same issues Idid, and said "there's no way around this" (meaning what security wants won't actually help).

I remembered that Ruby has a `taint` state tracking, and realized I could use that to write a super elegant drop-in solution: some Rack middleware or a StrongParams monkeypatch to mark all foreign keys from user-input as tainted (so devs can validate and un-taint them), and also monkeypatch ACtiveRecord's create/save/update/etc. to raise an exception when seeing tainted data. I brought this up, and he searched for it. we discovered someone had already build this (not surprising), but also that Ruby2.7 deprecates the `taint` mechanism literally "because nobody uses it." joy. Boss also somehow thought I came up with it because I saw the other person's implementation, despite us searching for it because I brought it up? 🤨

Foregoing that, we looked up more possibilities, and he saw the whitelist+validation pattern quite a few more times, which he quickly dimissed as bad, and eventually decided that we "need to noodle on it for awhile" and come up with something else.

Shortly (seriously 3-5 minutes) after the call, he said that the StrongParams (whitelist) plus validation makes the most sense and is the approach we should use.

ffs.
I came up with that last week and he said no.
I brought it up multiple times during our call and he said it was bad or simply talked over me. He saw lots of examples in the wild and said it was bad. I came up with a better, more elegant solution, and he credited someone else. then he decided after the call that the StrongParams idea he came up with (?!) was better.

jfc i'm getting pissy again.

TL;DR I'm fucking sick and tired of Devs cutting corners on security! Things can't be simply hidden a bit; security needs to be integral to your entire process and solution. Please learn from my story and be one of the good guys!

As I mentioned before my company used plain text passwords in a legacy app (was not allowed to fix it) and that we finally moved away from it. A big win! However not the end of our issues.

Those Idiot still use hardcoded passwords in code. A practice that almost resulted in a leak of the DB admin password when we had to publish a repo for deployment purposes. Luckily I didn't search and there is something like BFG repo cleaner.

I have tried to remedy this by providing a nice library to handle all kinds of config (easy config injection) and a default json file that is always ignored by git. Although this helped a lot they still remain idiots.
The first project in another language and boom hardcoded password. Dev said I'll just remove before going live. First of all I don't believe him. Second of all I asked from history? "No a commit will be good enough..."

Last week we had to fix a leak of copyrighted contend.
How did this happen you ask? Well the secure upload field was not used because they thought that the normal one was good enough. "It's fine as long the URL to the file is not published. Besides now we can also use it to upload files that need to be published here"
This is so fucking stupid on so many levels. NEVER MIX SECURE AND INSECURE CONTENT it is confusing and hard to maintain. Hiding behind a URL that thousands of people have access to is also not going to work. We have the proof now...
Will they learn? Maybe for a short while but I remain sceptic. I hope a few DevrRanters do!

There was a time I made an update on one of our client's e-commerce website sign-up page. The update caused a bug that allowed new users to create an account without actually creating an account.

The code block meant to save user credentials (i.e email address and password) to the database was commented out for some reasons I still can't remember to this day. After registration new users had their session created just as normal but in reality they have no recorded account on the platform. This shit went on like this for a whole week affecting over 350 new customers before the devil sent me a DM.

I got a call from my boss on that weekend that some users who had made purchases recently can't access their account from a different device and cannot also update their password. Nobody likes duty calls on a weekend, I grudgingly and sluggishly opened up my PC to create a quick fix but when I saw what the problem was I shut down my PC immediately, I ran into the shower like I was being chased by a ghost, I kept screaming "what tha fuck! what tha fuck!!" cus I knew hell was about to break loose.

At that moment everything seemed off as if I could feel everything, I felt the water dripping down my spine, I could hear the tiniest of sound. I thought about the 350 new customers the client just lost, I imagined the raving anger on the face of my boss, I thought about how dumb my colleagues would think I was for such a stupid long running bug.

I wondered through all possible solutions that could save me from this embarrassment.
-- "If this shitty client would have just allowed us verify users email before usage things wouldn't have gotten to this extent"
-- "Should I call the customers to get their email address using their provided telephone?... No they'd think I'm a scammer"
-- "Should I tell my boss the database was hacked? Pffft hack my a**",
-- "Should I create a page for the affected users to re-verify their email address and password? No, some sessions may have expired"
-- "Or maybe this the best time to quit this f*ckn job!"
... Different thoughts from all four corners of the bathroom made it a really long bath. Finally, I decided it was best I told my boss what had happened. So I fixed the code, called my boss the next day and explained the situation on ground to him and yes he was furious. "What a silly mistake..!" he raged and raged. See me in my office by Monday.
That night felt longer than usual, I couldn't sleep properly. I felt pity for the client and I blamed it all on myself... yeah the "silly mistake", I could have been more careful.

Monday came boss wasn't at the office, Tuesday, Wednesday, Thursday, Friday not available. Next week he was around and when we both met the discussion was about a different project. I tried briefing him about last week incident, he seems not to recall and demands we focus on the current project.

However, over three hundred and fifty customers swept under the carpet courtesy of me. I still felt the guilt of that f*ck up till this day.

The state of the web in 2020:
discussion sites as a medium are dying. chalk that up to censorship.

reddit is an echochamber. twitter is mostly a marketing platform disguised as (anti)social media. instagram is a self promotion/wannabe eceleb site, and youtube is the new hollywood..quickly becoming irrelevant.

facebook is where I (dont) go to (totally not) ignore all the people important to me.

and email is where I go to send letters bordering on hatespeech to my various local and federal "representatives", in between borderline cyberbullying people stupid enough not to automate their spam marketing in 2020. or talking to left/right self-help grifters about the state of society.

in the grim dark future of 2020, the last bastion of intelligent conversation, free speech, and civility, the one shining icon of hope in a dark world..
is the comment section of pornhub videos where a women got stuck under a bed for the 50,000th time. And all I can think is "wow I never knew how easy it was to get trapped under a bed. They should look into fixing this safety hazard."

newsmedia has jumped so many sharks, the fonz now spins in his grave so fast we could hook him up to a generator. meanwhile people hide in their homes for a disease so deadly you have to be tested to know if you even have it.

while ever more car commercials
are released, set to somber but hopeful piano music to the tune of "in this time of social distancing its important to stay close even when we're apart."

Im beginning to think media has become a poison on society, both television and the internet, and like an ersatz cargo cultist worshipping the great-charles- manson-in-the-sky we should all take a page from the unabomber and smash our televisions with hammers before going outside and sawing down the telephone polls.

I jest of course. But there is no denying the inherent appeal of moving from the unsettling uncertainty of complex societies, driven by expertly manipulated fear cycles, to the beatitude-esque simplicty of pastoral protestant style living, sans witch burning and shoe buckles.

And against the reckoning of utopians who are still fresh from the womb as it were, wet behind the ears and smelling of their mother's pussy, I reject the notion that "up" is a synonym for "forward."
Were it the case, every drinking binge, followed by throwing up, would bring us, with each vomitting, one step closer to heaven. Rather the state of affairs is what it is, and what it is, like most of nature, is a cruel master and a harsh teacher. And while we may binge on digital delusions of grandeur and a greater society, rest easy in the nihilistic and sobering thought that we are little more than 200,000 year old cave men wielding magic bricks, and atomic bombs.

..where water flows more readily from metal tubes in our houses than it does from the nile. where food comes to our door at little more than our beck and call.
where we may bath, and sleep, and *shit*, cleanly, comfortably, and safely, wrapped in the (failing) bubble of delusion we all tenaciously grasp collectively, the thing we call "civilization".

an empire of needful things, wanton and fragile.

if we have not gone mad from boredom, I have no doubt we one day will.

it becomes more and more obvious to me every day, had war never existed, it would have been necessary for man to invent it just to have something to do, that didnt include farming, fucking, or building.

And so enters "political idealogy."

How would we ever have enemies if we were allowed to speak our piece instead of being given the means (and reflex dogwhistle training) to silence and destroy one another?

give a man a gun, he'll rob a bank. give a man a bank, he'll rob the world.
give him a media empire or a tech platform, and he'll lie about the theft and convince one half of millions of lemmings to hate all the other lemmings.

I used to work for a Mexican bank in Mexico, as a developer I opened (and use) an account, since the bank was not famous(most of its business was with the government), going to the bank and see no waiting lines was an advantage, so I started using it as my only bank account even nowadays.

Now I live in NYC, and some years later I see on the news the bank merged(was absorbed) with another bank, 'sounds good, I don't care' I thought.

Well, I open my online account and the nightmare begins:

1) Redirection to the 2nd bank page
2) My credentials does not work
3) Call the original bank(no answers)
4) After several calls and days I got a phone contact
5) 'well, try all other passwords you have' (transaction passwords, operative passwords, login passwords, etc), among many other stupid answers, which by the way, were preceded by infinite question about the 2nd bank, like:

- when did you open the account with the 2nd bank?
- what is your 2nd bank account number

6) after 20 calls like that, they asked for documents, information and screenshots, and send all that to the 2nd bank tech help email.

7) After several days a person responded: 'Go to your bank(which fucking bank?)' and ask for a new user.

8) a ton of calls to know what bank I was assigned

9) called the bank: 'well, you have to come in person(no exceptions allowed) and request to close your 1st bank account and open a 2nd bank account' (I am not sure if that is gonna work)

All the technology nowadays and still I have to travel thousands of miles hoping this 'solution' works.

to be continue....

NUKE IT FROM ORBIT. It was when i was doing an assignment with my roommate, i was compiling something on my pi and ran netstat afterwards for no reason. I had an ssh-connection from china (logged in too). The pi was shutdown ASAP, i salvaged everything i needed from the sd and dd'ed raspbian on the disk again.

Turns out you were able to login via root (i thought i disabled it) with the password i set (root...). I learned from this, now external logins are only allowed via private key and i have fail2ban set up

So... I've got a confession to make.
I'm no longer a Dev. After the disaster that was my last commercial gig, I went and got a sec Ops role... And I love it. It's just technical problem solving and explaining all the way.
Don't get me wrong, I still love to code. But that's exactly the thing. As a commercial developer employed by corporations, I spent close to 80 % of my time not coding, but in useless meetings, or trying to figure out just what my colleagues thought was "common sense", reverse engineering their work and documenting how to get it running, etc. Basically, fixing shit for braindead academics with next to no real world experience.
Now, when I code, I get to do it on my own terms, with my own stack and as much comments and docs as I want to have. I own my time, and the only ones that are allowed to interrupt me is the local fire department.
I can do what I'm fucking passionate about and leave the rest for the useless people.

Stop teaching people deprecated bulls*it.

I'm taking a "Web Design" course and the teacher wants us to use html attributes and the <font> tag to format pages. He doesn't allow us to use CSS. Says "We'll get to CSS later, right now I'm teaching you HTML". He thought us the <frameset> thing which isn't even supported in HTML5. And of course no <header>, <footer>, <aside> etc.

Same thing in my C++ course. The computers don't even have a C++11 (or newer) compiler. Just an old version of Code::Blocks we're not allowed to update. It does support C++0x so you can still get some of the features, but still.

So I joined this financial institution back in Nov. Selling themselves as looking for a developer to code micro-services for a Spring based project and deploying on Cloud. I packed my stuff, drove and moved to the big city 3500 km away. New start in life I thought!
Turns out that micro-services code is an old outdated 20 year old JBoss code, that was ported over to Spring 10 years ago, then let to rot and fester into a giant undocumented Spaghetti code. Microservices? Forget about that. And whats worse? This code is responsible for processing thousands of transactions every month and is currently deployed in PROD. Now its your responsibility and now you have to get new features complied on the damn thing. Whats even worse? They made 4 replicas of that project with different functionalities and now you're responsible for all. Ma'am, this project needs serious refactoring, if not a total redesign/build. Nope! Not doing this! Now go work at it.
It took me 2-3 months just to wrap my mind around this thing and implement some form of working unit tests. I have to work on all that code base by myself and deliver all by myself! naturally, I was delayed in my delivery but I finally managed to deliver.
Time for relief I thought! I wont be looking at this for a while. So they assign me the next project: Automate environment sync between PROD and QA server that is manually done so far. Easy beans right? And surely enough, the automation process is simple and straightforward...except it isnt! Why? Because I am not allowed access to the user Ids and 3rd party software used in the sync process. Database and Data WareHouse data manipulation part is same story too. I ask for access and I get denied over and over again. I try to think of workarounds and I managed to do two using jenkins pipeline and local scripts. But those processes that need 3rd party software access? I cannot do anything! How am I supposed to automate job schedule import on autosys when I DONT HAVE ACCESS!! But noo! I must think of plan B! There is no plan B! Rather than thinking of workarounds, how about getting your access privileges right and get it right the first time!!
They pay relatively well but damn, you will lose your sanity as a programmer.
God, oh god, please bless me with a better job soon so I can escape this programming hell hole.
I will never work in finance again. I don't recommend it, unless you're on the tail end of your career and you want something stable & don't give a damn about proper software engineering principles anymore.

So this just happened. Some background before I begin: We're understaffed, my desk is in the back of the building, and there's no one really at the front to greet people. No security either...

Guy walks in wearing a flannel jacket (no shirt under it), pajama pants, and sandals. He looks like hell. Explains he was just released from a hospital and his apartment is locked. I let him use my phone to call his sister.

When I talk to his sister, she barely wants to speak with him. Tells me his apartment is locked for a reason and he's not allowed back. I'm just like: "So... what would you have us do for him?" At this point if his sister won't help, I was going to ask him to leave. Oh, and that hospital was a drug rehab.

So it ends with him waiting for a ride, but he ends up napping on the couch in the front of our office. CEO/Owner and his business partner walk right past and say nothing. They go into a meeting. I'm trying to figure out if I ask him to leave, wait outside for his ride... I'm a developer, this isn't my job.

A good 45-60 minutes later, after the guy walked outside and then came back in and laid back down on the couch, he leaves with his ride. Shortly after the owner walks out of his meeting, so I ask him what to do in this situation - more hoping he'd realize the need for more security.

If this story isn't crazy enough, the business partner pipes up - absolutely serious - and says he didn't say anything because he thought the guy was a developer.

So I've learned that we've got extremely low hygiene standards for developers here, with a relaxed dress code and are allowed nap times on the front couch.

Thankfully our CYBER security is better than our PHYSICAL security. :|

Please take sleep deprivation seriously!
Take care of it and don't allow stress to take you over.

Here's a little story of what happened to me:

I've had sleep problems for all of my life, but the beginning of last summer 2018 it went too far. I turned 18 and somehow all the school, dev and personal work started to pile up, I stressed about them and started to have no sleep every other day and little sleep another. Immediately I took time off from everything for trying get better sleep.

Having no sleep means that your brain starts to run in really low gear but you might not even notice it. So I started stressing about every little detail, making ridiculous decisions and doing stuff that didn't really make any sense.

I went to a doctor and was ordered to take time off for a month or so and start medication with bunch of different pills. At the time I thought the medication could wait for a day and went to an old work friend's place for night stay to discuss about everything. That wasn't obviously the thing I should've done. I was up all of that night, he slept, and in the morning he noticed something was really a bit off about me.

We went to the hospital and I agreed for a treatment in there. They got me to sleep normally again and I rested there for a while. I went back home or actually my parents' place and the problems continued, and back to the hospital I go. This time there was no choice. After a really long while, my mind started to stabilize enough that I was allowed to return to my everyday life: enjoying my summer break. It was an awful summer. I often felt lonely and bored. But at least I slept normally.

In the fall I returned to my usual busy schedule. And life's good again. This time I will manage my stress and sleep better and take them to account when planning schedule.

dev, ~boring

This is either a shower thought or a sober weed thought, not really sure which, but I've given some serious consideration to "team composition" and "working condition" as a facet of employment, particularly in regard to how they translate into hiring decisions and team composition.

I've put together a number of teams over the years, and in almost every case I've had to abide by an assemblage of pre-defined contexts that dictated the terms of the team working arrangement:

1. a team structure dictated to me
2. a working temporality scheme dictated to me
3. a geographic region in which I was allowed to hire
4. a headcount, position tuple I was required to abide by

I've come to regard these structures as weaknesses. It's a bit like the project management triangle in which you choose 1-2 from a list of inadequate options. Sometimes this is grounded in business reality, but more often than not it's because the people surrounding the decisions thrive on risk mitigation frameworks that become trickle down failure as they impose themselves on all aspects of the business regardless of compatibility.

At the moment, I'm in another startup that I have significantly more control over and again have found my partners discussing the imposition of structure and framework around how, where, why, who and what work people do before contact with any action. My mind is screaming at me to pull the cord, as much as I hate the expression. This stems from a single thought:

"Hierarchy and structure should arise from an understanding of a problem domain"

As engineers we develop processes based on logic; it's our job, it's what we do. Logic operates on data derived from from experiments, so in the absence of the real we perform thought experiments that attempt to reveal some fundamental fact we can use to make a determination.

In this instance we can ask ourselves the question, "what works?" The question can have a number contexts: people, effort required, time, pay, need, skills, regulation, schedule. These things in isolation all have a relative importance ( a weight ), and they can relatively expose limits of mutual exclusivity (pay > budget, skills < need, schedule < (people * time/effort)). The pre-imposed frameworks in that light are just generic attempts to abstract away those concerns based on pre-existing knowledge. There's a chance they're fine, and just generally misunderstood or misapplied; there's also a chance they're insufficient in the face of change.

Fictional entities like the "A Team," comprise a group of humans whose skills are mutually compatible, and achieve synergy by random chance. Since real life doesn't work on movie/comic book logic, it's easy to dismiss the seed of possibility there, that an organic structure can naturally evolve to function beyond its basic parts due to a natural compatibility that wasn't necessarily statistically quantifiable (par-entropic).

I'm definitely not proposing that, nor do I subscribe to the 10x ninja founders are ideal theory. Moreso, this line of reasoning leads me to the thought that team composition can be grown organically based on an acceptance of a few observed truths about shipping products:

1. demand is constant
2. skills can either be bought or developed
3. the requirement for skills grows linearly
4. hierarchy limits the potential for flexibility
5. a team's technically proficiency over time should lead to a non-linear relationship relationship between headcount and growth

Given that, I can devise a heuristic, organic framework for growing a team:

- Don't impose reporting structure before it has value (you don't have to flatten a hierarchy that doesn't exist)
- crush silos before they arise
- Identify needed skills based on objectives
- base salary projections on need, not available capital
- Hire to fill skills gap, be open to training since you have to pay for it either way
- Timelines should always account for skills gap and training efforts
- Assume churn will happen based on team dynamics
- Where someone is doesn't matter so long as it's legal. Time zones are only a problem if you make them one.
- Understand that the needs of a team are relative to a given project, so cookie cutter team composition and project management won't work in software
- Accept that failure is always a risk
- operate with the assumption that teams that are skilled, empowered and motivated are more likely to succeed.
- Culture fit is a per team thing, if the team hates each other they won't work well no matter how much time and money you throw at it

Last thing isn't derived from the train of thought, just things I feel are true:

- Training and headcount is an investment that grows linearly over time, but can have exponential value. Retain people, not services.
- "you build it, you run it" will result in happier customers, faster pivoting. Don't adopt an application maintenance strategy

/rant

(1st week Monday)
Went to a game programmer job interview, job description says most of unity related stuffs; create games in Unity, code in c#, work within Unity to build robust game systems etc.

Interviewer asked for my experience and portfolios, showed him. Then he asked me some questions about making interactable objects in a VR scene, then asked if I'm able to do a demo (on oculus rift) to prove him I can do it.
I don't have oculus rift, I'm allowed to go their office and use their rift for testing though.
Dateline = 2nd week Friday.

(2nd week Monday)
Showed him a demo scene in GearVR, he seems pretty satisfied.
He: I will get back to you next Monday. I'll wait for client's reply first.
Me: (smile and jokingly said) so...... If the client doesn't get back to you or doesn't want the project anymore, means I don't get the job?
He instantly replied: no (with a serious face)
Then said: You shouldn't reply with that "attitude", you should instead think of "is there any reason to hire you if client doesn't get back to me"
*backfired, but wtf?*
*insert meme here*
(Please comment, am I too rude? Or *unprofessional*, but it's just a joke ffs)

He also asked if I'm able to do it on rift since I made it on GearVR already.
I said yes, depends on the controller used.
(Any dev with common logic should understand it'll work too, with given SDK, even without, some hacks should do it, just a matter of time)
(He even told me he's a dev himself)
(Should I insert the meme here again?)

But he doesn't accept the answer. He wants me to give him a text (through WhatsApp), telling him *in a professional way* that I can do it.
*wtf*
*insert meme here*

(Last day of third week)
Needless to say, he didn't get back to me. Thought he promised he would.

Things to note:
Job description doesn't say anything about VR.
Spend a week of my time to do his demo without obligations.
Didn't get to ask much about his role and job scope either.

So first of all merry delayed Xmas and of course wishing you all a happy new year.

Now...

I always loved designing and coding, yes I actually like it, I must be absolutely mental or something.. I finally after pushing myself through hours upon hours of courses, finishing most within 15% of the allotted time, and doing more then was requested, I finally found a job, related to front-end development. You might think "Gee; good for you buddy, you filthy commoner.." Well; it didn't last all too long, I basically after nailing the interview process got my first day there within a few days, now I am absolutely stoked and my nerves are shot, plus the 4 cups of coffee aren't helping. I literally was so nervous to do well on my first day, that I slept for only one hour, literally one bloody hour.

I get into the office where I am greeted by an amazing laptop, I mean high-end gaming 360 no-scope all over the place gaming. I sit down and start on getting all my tools ready to go (they let us use whatever IDE we wanted, which I thought was amazing) after getting my IDE and the plugins and all the emails/Slack etc setup, I then get told to get a Dropbox account. I assumed the Dropbox account was just there to share things quickly with the designers, we would obviously be using Git right?! Well; no not exactly, actually not at all - we all used the Dropbox account of one of the bosses, I swear everybody pushed and pulled stuff all the time, a copy of the boss's passport was in there as well, and they had projects from and up to 3 years ago, still in there... It took my Dropbox 3 bloody hours to grab as much as it could to actually allow me to get started...

I then to my absolute dismay notice that I would be working on a prefab of a prefab, basically the only thing I would be responsible for, is to adjust the animations and aligning elements.... Aligning and animations.... Fine, I guess it could be worse right? Started going along with it, using a framework that I never heard of before, till like a good 3 days before starting there called "Greensock" which is amazing I must admit, could've helped me allot on my solo-projects. Problem was; we had designers who wanted things, that just looked plain horrible, it was never 'on-point' so to say, maybe it's just me being a perfectionist but it just looked wrong.

Finally got it done after struggling with the prefabs and what not, then the day was almost over and I finally got to go home, fortunately dodging the drinking that was occurring around 4 in the afternoon in the middle of the office, it wasn't beers or anything of the sort - but hard liquor along the lines of Wodka and straight up Gin. I fortunately had a personal issue I had to attend too, so I got out of there before things got too crazy and they went out for dinner stumbling all over the place.

Well this wen't for a few more days (minus the drinking), with 8 being the exact number of days and my grievance list only kept growing. I was for one a junior-developer and thus with them knowing was supposed to get training from our lead, however; that never occurred instead said 'lead' would leave early or be completely absent on most days, leaving me to mess around with prefabs that did my head in, with no comments nor any indication what it did or should've done, I spent hours just adjusting one line of code at a time to see what would happen.

Eventually they told us to work from home only, so I did - did a project here and there and then got told they wouldn't keep me on board any longer, stating I was too inexperienced and they didn't have enough work (which was a load of bs) and that I lacked "office experience" whatever the heck that means, I was always sociable and hell I ever cracked people up, kept a neat and orderly list of things that needed doing, I even contrary to most commented on my code, so the next poor sod wouldn't be going through 'try by error' hell that I wen't through.

Either way; I currently have been feeling absolutely wrecked in terms of motivation, that job would've solved my financial situation and allowed me to finally do what I wanted to do. Instead of doing some random dead-end job each week or month, I would've had a steady income and something I could've built on.

But to add some positivism to this endless and too long of a rant... I'm currently going through a boot-camp and doing a small Linux based course on the side, this little thing isn't going to hold me back; yeah it will be tough, but then again most things don't come easy..

Thank you for reading and I hope you have allot and I mean allot more luck on your first job.

!rant !dev

I was just on my way to work back from the University cafeteria when a guy in a black car - who I thought was moving the car out of a parking lot - stopped the car and asked if I had a second.
Naive me, thinking he might need directions or something decided to listen to him.
He looked older, around 60ish, with sunglasses on ( making it harder for me to read him).
He said that he had a stroke (or something) a few years ago and got damage to his brain, so that sometimes it can happen that he would faint. Therefore, he cannot go swimming unsupervised, and was asking if I would have the time to accompany him to the university lake, so that he could swim for an hour or so. He offered to pay me 40 bucks.
Me, being paranoid af, declined politely, saying I have to go to work ( which was actually true).
He goes on to say how he was a teacher, how he worked at the university before, how I look trustworthy, how I am the first person he asks today, and asked if he could have my number, so that he could call me sometime to supervise the swimming. I would just need to look out for him not to drown and if anything looks weird I should alarm the people working at the lake ( lookouts? not sure what they are called).
I kept declining politely and he backed off, letting me go without any fuzz.
Previously he also mentioned how some students are rich, others are poor, and how he would have done anything for 20 bucks back in the day. But also said that he accepts a no and won't bother me further.

He also mentioned he wouldn't lay a hand on me, that he is not a creep, since I could see his car and license plate, and if I gave him my number, I would also have his. That I shouldn't worry about anything, if I later decided to say no he would delete my number, and that he is not big on the technology and Internet so nothing would happen.

Uhh... well if he was genuine I'm sorry for him, but then you can just ask authorities at the beach to pay more attention to you, no?
Mentioning "all my worries" raised a red flag for me sort of.
Also, if you keep on fainting occasionally, even if you haven't fainted in 2 years, how are you allowed to drive? Or actually, why do you even drive then?
I don't know. The more I think about it, the more I think I should have taken a picture of the car or license plate.
And there are literal services for this kind of thing. Pretty sure you can get one of these if you are willing to pay even.
Jeez now I'm worried for the entire population of my university...

Didn't think I had material for a rant but... Oh boy (at least at the level I'm at, I'm sure worse is to come)

I'm a Java programmer, lets get that out of the way. I like Java, it feels warm and fuzzy, and I'm still a n00b so I'm allowed to not code everything in assembly or whatever.

So I saw this video about compilers and how they optimize and move and do stuff with the machine code while generating the executable files. And the guy was using this cool terminal that had color, autocomplete past commands and just looked cool. So I was like "I'll make that for my next project!"

In Java.

So I Google around and find a code snipped that gives me "raw" input (vs "cooked" input) and returns codes and I'm like 😎. Pressing "a" returns 97 (I think that's the ASCII value) and I think this is all golden now.

No point in ranting if everything goes as planned so here is the *but*

Tabs, backspaces and other codes like that returned appropriate ASCII codes in Unix. But in windows, no such thing. And since I though I'd go multiplatform (WORA amarite) now I had to do extra work so that it worked cross platform.

Then I saw arrow keys have no ASCII codes... So I pressed a arrow key and THREE SEPARATE VALUES WERE REGISTERED. Let me reiterate. Unix was pretending I had pressed three keys instead of one, for arrow keys. So on Unix, I had to work some magic to get accurate readings on what the user was actually doing (not too bad but still...). Windows actually behaved better, just spit out some high values and all was good. So two more systems I had to set up for dealing with arrow keys.

Now I got to ANSI codes (to display color, move around the terminal window and do other stuff). Unix supports them and Windows did but doesn't but does with some Win 10 patch...? But when tested it doesn't (at least from what I've seen). So now, all that work I put into making one Unix key and arrow key reader, and same for Windows, flies out the window. Windows needs a UI (I will force Win users, screw compatibility).

So after all the fiddling and messing, trying to make the bloody thing work on all systems, I now have to toss half the input system and rework it to support UI. And make a UI, which I absolutely despise (why I want to do back end work and thought this would be good, since terminal is not too front end).

The worst of Agile and Sc(r)um: All those people knowing the right way(™) to do it. Endless discussion about useless tooling: the proper use of the custom workflow in Jira, on when and how to create sub tickets. The hour-less meta-discussions on what should be discussed where and when (what's subject of the backlog refinement, retro, etc), the roles: the PO's, what he should do, cannot, the PM's. Who is allowed to pull a ticket to the sprint or not. How many reviewers need to acknowledge a pull request. To and fro. Pointless, but fought with heart and blood, full of sound and fury, signifying nothing.

And everywhere I hear: "In my previous company, we did Scrum like.. and it worked perfectly!"

Some of you might remember my rants on Mr. Gitmaster, with whom I thought I'd made my peace. Guess what? He's now a team member and turning into Mr. Agile - a more severe reincarnation! As our company starts flogging that dead horse of Agility, he seems to feel strong tailwind. Our team lead would constantly cut his monologues, but he's now on holiday, so we have no escape from the never ending: "In my previous company..."

If it was so great, why didn't you stay?

We are not allowed to pull a ticket to the sprint unless every team member is notified? I don't fucking care. If our software fails on customer's machines and I can fix it, I will do if there is a ticket, if it's in the sprint or not. Screw Scrum, if it is getting in the way of it. You can waste your hours discussing horseshit, I want to sit at my desk, deep in the test-compile loop and ship some fucking code.

I don't generally agree with the death sentence, but maaaybe it should be allowed specifically for the person who created the current iteration of Windows Update. Just got woken up by a video playing on my computer, which happened because Windows fucking Update thought it was a good time to reboot for no reason.

After reading mostly sad (and astonishing!) stories, I didn't really want to share my story.. but still, here I am, trying to contribute a wholesome story.

For me, this whole story started very early. I can't tell how old I was but I'm going to guess I was about 5 or 6, when my mom did websites for a small company, which basically consisted of her and.. that's it. She did pretty impressive stuff (for back then) and I was allowed to watch her do stuff sometimes.
Being also allowed to watch her play Sims and other games, my interest in computer science grew more and more and the wish to create "something that draws some windows on the screen and did stuff" became more real every day.

I started to read books about HTML, CSS and JS when I was around 10 or something. And I remember as it was yesterday: After finishing the HTML book I thought "Well that's easy. Why is this something people pay for?" - Then I started reading about CSS. I did not understand a single thing. Nothing made sense for me. I read the pages over and over again and I couldn't really make any sense of it (Mind you, I didn't have a computer back then, I just had a few hours a week on MOM-PC ^^)
But I really wanted to know how all this pretty-looking stuff worked and I tried to read it again around 1 year later. And I kid you not, it was a whole different book. It all made sense now. And I wrote my first markups with stylings and my dream became more and more reality. But there was one thing lacking. Back in the days, when there was no fancy CSS3. It was JavaScript. Long story short: It - again - made no fucken sense to me what the books told me.

Fast forward a few years, I was about 14. JavaScript was my fucken passion, I loved it. When I had no clue about CSS, I'd always ask my mom for tips. (Side story: These days it's the other way around, she asks me for tips. And it makes me unbelievably proud!)
But there was something missing. All this newschool canvas-stuff wasn't done back then and I wanted more. More possibilities, more performance, more everything.

Stuff begun to become wild. My stepdad (we didn't have the best connection) studied engineering back then, so he had to learn C. With him having this immensely thick book for C, I began to read it and got to know the language. I fell in love again. C was/is fucken awesome.
I made myself some calculators for physics and some other basic stuff and I had much fun using and learning it. I even did some game development, when I heard about people making C-coded games for PSP. Oh boy, the nights I spent in IRCs chatting with people about C, PSP-programming and all that good stuff, I'll never forget it - greatest time of my life!

But I got back to JS more and more and today I do it for money and I love it. I'll never forget my roots and my excurse into the C/C++ world and I'm proud to say, that I was able to more or less grow up with coding and the mindset that comes with it.

Since day 0, I have been fond of computers. One of my first plush was called "DataDog" and looked like a CRT screen with dog ears around. According to my mum I was "addicted" to it.

At year 2, my dad was arranging some music on some software while I was watching him on his lap. Quick jump to the present: nowadays and since 10 years I run my own home studio with three guitars, two keyboards, one bass, three monitors, a microphone, an amp and a cabinet... coincidence? I think not!

Fast forward 5 years later (so I'm 6-7 years old), and I was playing with the legendary pinball game on Win95, as well as Flight Simulator. Then I was hogging mum's laptop to play settlers II (<3 that game), I eventually got my computer, and got into Quake III Arena being aged 10 (and had to tell my mum that game was safe for my age haha - I eventually removed the blood effects).

The Quake 3 Arena chapter is interesting: it got me into router configuration as I wanted to open a port through the router to host my own dedicated games with friends, it got me into DNS configuration (I was running a no-DNS client that allowed friends to join me through a DNS while having a dynamic IP) and eventually... to modifying .cfg files to tune my server as I wanted it. No programming here but a nice intro into :)

Then I hated the fact everybody would point their finger at me and say "geek" - I was only 13, fragile, sensitive, and I wanted everything but a bad image on me.

Meanwhile I continued on getting interested in hardware and configure my own computers, and investing myself into music production.

Then, university. "What do you want to study?" I thought of everything but IT, fleeing the image of a "geek". Turns out it was a waste of time, and at 21 yo I got into web development (well, just html and css), then learned a bit of PHP, finally got a specialized 2-year training and now here I am!

I was bound to be in IT either way since day 0, and funny fact, I've used every windows edition since Win95.

Hey guys, first time writing here.
Around 8 months ago I joined a local company, developing enterprise web apps. First time for me working in a "real" programming job: I've been making a living from little freelance projects, personal apps and private programming lessons for the past 10 years, while on the side I chased the indie game dev dream, with little success. Then, one day, realized I needed to confront myself with the reality of 'standard' business, where the majority of people work, or risk growing too old to find a stable job.
I was kinda excited at first, looking forward to learning from experienced professionals in a long-standing company that has been around for decades. In the past years I coded almost 100% solo, so I really wanted to learn some solid team practices, refine my automated testing skills, and so on. Also, good pay, flexible hours and team is cool.

Then... I actually went there.

At first, I thought it was me. I thought I couldn't understand the code because I was used reading only mine.
I thought that it was me, not knowing well enough the quirks of web development to understand how things worked.
I though I was too lazy - it was shocking to see how hard those guys worked: I saw one guy once who was basically coding with one hand, answering a mail with another, all while doing some technical assistance on the phone.

Then I started to realize.

All projects are a disorganized mess, not only the legacy ones - actually the "green" products are quite worse.
Dependency injection hell: it seems like half of the code has been written by a DI fanatic and the other half by an assembly nostalgic who doesn't really like this new hippy thing called "functions".
Architecture is so messed up there are methods several THOUSANDS of lines long, and for the love of god most people on the team don't really even know WHAT those methods are for, but they're so intertwined with the rest of the codebase no one ever dares to touch them.
No automated test whatsoever, and because of the aforementioned DI hell, it's freaking hard to configure a testing environment (I've been trying for two days during my days off, with almost no success).
Of course documentation is completely absent, specifications are spread around hundreds of mails and opaquely named files thrown around personal shared folders, remote archives, etc.

So I rolled my sleeves up and started crunching as the rest of the team. I tried to follow the boy-scout rule, when the time and scope allowed. But god, it's hard. I'm tired as fuck, I miss working on my projects, or at least something that's not a complete madness. And it's unbearable to manually validate everything (hundreds of edge cases) by hand.

And the rest of the team acts like it's all normal. They look so at ease in this mess. It's like seeing someone quietly sitting inside a house on fire doing their stuff like nothing special is going on.

Please tell me it's not this way everywhere. I want out of this. I also feel like I'm "spoiled", and I should just do like the others and accept the depressing reality of working with all of this. But inside me I don't want to. I developed a taste for clean, easy maintainable code and I don't want to give it up.

Stupid timeline, there is this company I was working for. It was sub-contracted by another company to do a government project. Government only pays after you deliver in my country. It was a complex system I must say. We were to work with my buddy on this project...now the timeline we were given were not feasible since another company had been given the same project and were not able to deliver. We had a meeting and discussed with our CEO about the project timelines. From the workload the feasible timelines were around 8months if we were to work as two devs. My CEO said that was not going to happen.. The only timelines that was allowed was not more than 3 months. So we suggest use an existing system to customize. .The meetings with the clients were to be weekly demos. So we choose to go with google docs api for the document management part. We were working around 20hrs a day to be able to achieve the target deadline..we management to complete the project within the given timeline..on the commissioning date of the project we faced a government panel and this was my worst disappointment. At the point of login we had to use Google email for business to obtain the API. Just as I was logging in the guy noticed and yelled. "Is that google account ?" and I replied yes..and he said "no need of proceeding since it will be of no use and they won't approve the system". That was my lowest moment in programming. I thought I had done the best project in my life as a programmer only for stupid man to declare my project as null. I felt like calling him son of a bitch but I knew that would have made me more angry...i just walked out. I went to the toilet and all I did was cry for the first time as I can recall.. My question was I was doing weekly demos. Why didn't they raise any questions by then so as to change the entire system??? Later after that demo we went and discussed about the issue and there was time extension. I redid the project using 'open office' but just before deploying the system I got a better job. I wasn't feeling like working on that project anymore. I want to release that project as open source. Recently after one year they haven't yet deployed the system. They are calling for my help. And I don't feel like helping after the humiliation...

About a month ago, one billion of Yahoo Accounts has been compromised. Today I received two emails from yahoo in my gmail accounts, they were saying that my yahoo password has been changed and my recovery email has been removed (+ a lot of warning emails of old accounts of forum and games that were receiving unknown accesses, but nvm). In the email which informed me about the recovery, I saw a link that would have allowed me to restore the old account, but before to click I thought "Wait! I had like 10 yahoo accounts. What account am I saving?" I check, I read, I read again, but nothing, no information about it in the text. Nevermind, there's a link. This link will be related to a specific account. Right? Wrong. I click, it sends me in a generic page. The link is mute. I attach a screenshot, you can see where the link points in the left-bottom corner. So now I know that one of my accounts has been hacked, I don't know WHICH account has been hacked and I'm not able to recover my account. Luckily it wasn't my main inbox!

What it's like to be a network
engineer...translated into normal people speak
User: I think we are having a major road issue,

Me: What? No, I just checked, the roads are
fine. I was actually just on the roads.

User: No, I'm pretty sure the roads are down
because I'm not getting pizzas.

Me: Everything else on the roads is fine. What
do you mean you aren't getting pizzas?

User: I used to get pizzas when I ordered
them, now I'm not getting them. It has to be a
road issue.

Me: As I said, the roads are fine. Where are
you getting pizzas from?

User: I'm not really sure. Can you check all
places that deliver pizzas?

Me: No I don't even know all the places that
deliver pizza. You need to narrow it down.

User: I think it is Subway.

Me: Okay, I'll check...No, I just looked and
Subway doesn't deliver pizzas.

User: I'm pretty sure it is Subway. Can you just
allow all food from Subway and we can see if
pizza shows up?

Me: Sigh, fine I've allowed all food from
Subway, but I don't think that is the issue.

Usher: Yeah I'm still not getting pizza. Can you
check the roads?

Me: It's not the roads, the roads are fine. I'm
pretty sure Subway isn't the place.

User: Okay, I found it. It's Papa Johns.

Me: Okay, I looked and Papa Johns does
deliver pizza. Is it the local Papa Johns or one
in a different town?

User: I don't know. Can you allow pizza from
all Papa Johns to me?

Me: No I can't do that. Can you get me an
address for Papa Johns?

User: No, I only know it as Papa Johns. Can
you get me all the addresses of all Papa Johns
and I'll tell you if one of them is correct?

Me: No, I don't have time for that. Okay, I
looked at the local one and it looks like they
have sent you pizza in the past and they are
currently allowed to send you pizzas. Try
ordering a pizza while I watch.

Usher: Yeah still no pizza. I'm guessing they
are getting blocked at the freeway. Can you
check the freeway to make sure they can get
through?

Me: No, this is a local delivery. They aren't
even using the freeway.

User: Okay, well then it has to be a road issue,

Me: No, the roads are fine. Okay, I just drove
from the Papa Johns to the address they have
on file for you and there is nothing there.

User: Hmm, wait we did move recently.

Me: Did you give your new address to Papa,
Johns?

User: No, I just thought they would be able to
look me up by name.

Me: No they need your new address. What's
your new address?
User: I'm not really sure. Can you look it up?

Me: Sigh, give me a second...Okay, I found
your address and gave it to Papa Johns. Try
ordering a pizza now.

User: HEY! PIZZA JUST SHOWED UP!
Me: Okay, good.

User: (To everyone else they know) I apologize
for the delay in the pizza but there was a major
road issue that was preventing the pizza from
getting to me. The network engineer has fixed
the roads and we are able to get pizza again.

Me: But it wasn't the roads...whatever.

User: Oh, can you also check on an issue
where Chinese food isn't getting to me? think
it may be a road issue

When comments find their way to class tests:
“TODO: Finish conjugation of montre in the whole text”. I had no idea of the conjugation and finished under time pressure so this stayed in the class test (gave it back last second) and I was well aware of it.

Just wondering what the teacher must have thought. Didn’t say (or write) a word about it tho.
Should see if someone tweeted or posted this (I mean someone wrote a book only with examples of stuff like this)
Idk, I should ask if I’m allowed to write class test in an IDE. And set MARK, TODO, etc. Would make them a lot easier.

Just wanted to do some scripted image resizing for school in school because the teacher asked me to help her with that.
So I thought: Let's just write a tiny script. Written the script in almost no time (just iterates over all jpg's and resizes them)

30sec.

Now I tried to run it. Didn't have my laptop so I had to somehow run it on their windows PCs. At least it's windows 10, unlike other schools that still run XP and stuff so I thought it might be doable. Well guess what, nope it wasn't.

First tried to install imagemagick, that didn't work as only teacher accounts have admin and the teacher was already pretty scarred once he saw me doing stuff in powershell so I thought I'd better not ask to do this via a teacher account and mess with stuff as admin.

Next method: Installing msys2. That worked at least (after taking forever to install and having to mess with the av software to get it to run).
And there comes the next problem: pacman doesn't connect via the proxy so I can't download any packages. There is free wifi but only for teachers, and students aren't going to get access until the school finally has a faster connection because they'd (understandably) cause this connection to be constantly overloaded. I just happen to have access to this wifi network, too, because at least the guys from the IT dept know how bad using proxies under linux is. So I connect via wifi and it works. At least I thought: After running the script it yields weird errors about unsupported arguments even though the command is exactly the same I have been using for years (already checked typos twice)

Then got the idea of simply installing imagemagick on termux on android and transferring the files onto my phone.
Too bad we aren't allowed to attach our own USBs to the pcs. Luckily I got a rooted phone so I simply activate adb over network and connect to it.
After downloading the platform-tools I can't run them because of AV software. Luckily there is an option to add an exception per executable so I do that. After doing that it works.... nope it doesn't. The wifi only allows 443/tcp and 80/tcp, even for internal network devices.

So that's it. I'm simply going to upload that stuff to my nextcloud and convert it at home.

Windows, I hate you!!!

Time for an actual rant.

3rd year of CS.
We have Mobile Systems course - Android & iOS development.
Lectures - 1hr of interview with Steve Jobs about greatness of iOS.
Practice - So far we had to write 2 android apps.
Seems wrong? No, it's perfectly fine for "Course Leader" (idk how the guy is called properly in English)
First app - 3 screens (it was forced to do it with Activities), data passing between activities, lifecycles
Second app - 2 screens - one with ListView (well, I asked about RecyclerView, luckily I was allowed), another one adds elements to that List plus Snackbars, Notifications, list item selection and removing them (I ended up adding retrolambda and streams to write it anyhow). We were asked to do it on Activities, I thought it was an overkill, in the end did it on Fragments.
What pisses me off - we were asked to do those two apps after watching one hour of interview, the guy who leads the practical part of course has no idea how to do things in Android (said it clearly), I was, and still am, only one who knows how to do anything.
I work as Android dev, so I want to help my colleagues. Decided to make tutorial streams where I explain how to do everything.
Troll colleagues come and dislike it on youtube, post lulzy comments into chat. Not that it bothers me much, but still, people who I'm trying to help are mixing my help with shit, great :)
If Polish devranters want to check out those streams (you can write a decent app after watching those 4 hours) I can post them in comment.

Okay so i did an internship in Laravel for 6 months. I started there and i had zero experience with it. Later, i started to learn more about it and i realized their Laravel version was at 5.8 and their bootstrap was at 3.4. It annoyed me so much but i wasn't allowed to update it to a better version.

What happened is, i installed Linux on my laptop and had to install some things. I accidentally did composer update and updated the whole thing. I updated it to Laravel 7.4 and i thought, well, that's good right, it will not effect the whole project right? No it wasn't right. I got Teams messages from my colleagues. They normally don't really respond to me, ignoring me but this time, they responded quickly. It was wrong what i've done because the code on the server wasn't working anymore and it was pretty bad they said. So i had to get the last version in Gitlab and i should not do composer update again.

Also, i was annoyed because i couldn't use so many font awesome icons. They all didn't work! I had to make this dropdown menu with an arrow down but even that didn't work, so i used a transparent image to do it because that was my only option to have a good arrow. I wanted to update that as well but nope, not allowed.

Oh yes, i'm not done yet.

They have put so much CSS on the project, that i couldn't even use bootstrap columns. I struggled with that and seriously, no help. The pages were styled really weird and it was dramatic.

When i asked for help, for some PHP code for example, no one responded for days and i was angry about that. Later at the end of my internship, they told me I wasn't the one who was responding and that i should have asked for help and i had to start the conversation. They really just said that? Yes, they did and i'm not happy about that. It costed me some points on my end essay, because they haven't been doing their best.

I wanted to learn more about PHP, but ended up doing all the frontend. I like it, but it's not what i originally wanted to do. So basically, i learned stuff in frontend but almost nothing in backend. It saddens me and hope to get a better internship next schoolyear.

I really had to rant about this, oops.

Ok, so for past 1 whole day I am trying to make vhost work on my brand new laptop, running Ubuntu 16.04 LTS... When I installed OS, I've set hard disk encryption, and on top of it - user home folder encryption. Don't ask me why I did both.

Setting up vhost is simple and straight forward - I did it hundreds, maybe thousands of times, on various Linux distros, server and desktop releases alike.

And of course, as it usually happens, opposed to all logic and reason - setting up virtual host on this machine did't work. No matter what I do - I get 403 (access not allowed).

All is correctly set - directory params in apache config, vhost paths, directory params within vhost, all the usual stuff.

I thought I was going crazy. I go back to several live servers I'm maintaining - exactly the same setup that doesn't work on my machine. Google it, SO-it, all I can see is exactly what I have been doing... I ended up checking char by char every single line, in disbelief that I cannot find what is the problem.

And then - I finally figured it out after loosing one whole day of my life on it:

I was trying to setup vhost to point to a folder inside my user's home folder - which is set to be encrypted.

Aaaaaand of course - even with all right permissions - Apache cannot read anything from it.

As soon as I tried any other folder outside my home folder - it worked.

I cannot believe that nobody encountered this issue before on Stackoverflow or wherever else.