Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Client : Can you make some adblock?
Me : Why? There is a lot of good things already...
C : I mean... Listen carefully.
M : ok
C: i have some google ads and user blocks with adblock
M : yeah, that is normal
C : so i implemented adblock blocker which blocks adblock so that i can show the webpage plus ads when the user disables adblock.
M : i bet users hate that.
C : yeah, so users found out a way to disable adblock blocker which disables adblock blocker which i implemented to show the ads! So i cant earn revenue..
M : so what?
C : Can you make ad block block block block?
M : Sure. How much will you give me ?
C : 20 to 30 dollars
M : great ( the most generous client ever seen)
*couple of years later*
Client : can you make ad block block block block block block block block block block?
Me : i cant understand
C : count the number of block
If there is odd number of block i means to block ads.
If there is even number of block ads, it means to show ads making user to disable ads.
M : so just tldr your request this time
C : even number
M : ok how much will you pay
C : 20 to 30 dollars
*next day*
C : can you..
M : offline
Who in the fucking world made ads, made adblock and made adblock block?15 -
Does anyone know if there's a Bob Ross of development?
I feel like I just need to hear someone coding or talking best practices in a chilled out relaxing way to help me through the day.16 -
Recently started at a new job. Things were going fine, getting along with everyone, everything seems good and running smoothly, a few odd things here and there but for the most part fine.
Then I decided to take a look at our (public facing) website... What's this? Outdated plugins from 2013? Okay, that's an easy fix I guess? All of these are free and the way we're using them wouldn't require a lot of refactoring...
Apparently not. Apparently, we can't even update them ourselves, we have to request that an external company does it (which we pay, by the way, SHITELOADS of money to). A week goes past, and we finally get a response.
No, we won't update it, you'll have to pay for it. Doesn't matter that there's a CVE list a bloody mile long and straight up no input validation in several areas, doesn't matter that tens of thousands of users are at risk, pay us or it stays broken. Boggles the fuckin' mind.
I dug into it a bit more than I probably should have (didn't break no laws though I'm not a complete dumbass, I just work for em) and it turns out it's not just us getting fucked over, it's literally EVERYONE using their service which is the vast majority of people within the industry in my country. It also turns out that the entirety of our region is running off a single bloody IP which if you do a quick search on shodan for, you guessed it, also has a CVE list pop up a fuckin' mile long. Don't get me started on password security (there is none). I hate this, there's fucking nothing I can do and everyone else is just fine sitting on their hands because "nobody would target us because we're not a bank!!", as if it bloody matters and as if peoples names, addresses, phone numbers and assuming someone got into our actual database, which wouldn't be a fuckin' stretch of the imagination let me tell you, far more personal details, that these aren't enticing to anyone.
What would you do in my situation?
What can I even do?
I don't want to piss anyone senior off but honestly, I'm thinkin' they might deserve it. I mean yeah there's nothing we can do but at least make a fuss 'cause they ain't gunna listen to my green ass.10 -
While this wasn't technically a real client, it's still one of the most insane requests I've ever had.
I chose to specialize in software engineering for the last year and a half of my degree, which meant a lot of subjects were based around teamwork, proper engineering practises, accessibility, agile methods, basically a lot of stuff to get us ready to work in a proper corporate dev environment. One of our subjects was all about project management, and the semester-long coursework project (that was in lieu of a final exam) was to develop a real project for a real client. And, very very smartly, the professors set up a meeting with the clients so that the clients could tell us what they wanted with sixty-odd students providing enough questions. They basically wanted a management service for their day-center along with an app for the people there. One of the optional requirements was a text chat. Personally not something I'm super interested in doing but whatever, it's a group project, I'll do my part.
The actual development of the project was an absolute nightmare, but that's a story for another day. All I'll say is that seven juniors with zero experience in the framework we chose does not make a balanced dev team.
Anyway, like three months into the four-month project we've got a somewhat functional program, we just need to get the server side part running and are working our asses off (some more than others) when the client comes in and says that 'hey, nice app, nobody else has added the chat yet, but could you do voice recognition okay thanks?'.
Fucking.
Voice.
Recognition.
This was a fucking basic-ass management app with the most complicated task being 'make it look pretty' and 'hook up a DB to an API' and they want us to add voice recognition after sitting on their ass for three months??? The entire team collectively flipped its shit the second they were out of earshot. The client would not take no for an answer, the professor simply told us that they asked for it and it was up to us whether we delivered or not. Someone working on the frontend had the genius idea of 'just get them to use google voice recognition' so we added the how-to in the manual and ticked the requirement box.
What amazes me about all that is how the client probably had no idea that their new last-minute request was even a problem for us, let alone it being in a completely different ballpark in terms of implementing from scratch.9 -
So I work for a VPN company as the Info Sec manager long story short I'm not usually the pleb who does customer support.
But today I ended up having to do this. I spent over 1 hour helping a client that a support agent escalated the request for to me. So I figure out that his network adapters are sharing incorrectly.
I fix problem.
He tries to connect.
Denied access so I check our servers for the request and he's blocked.
I think that's odd.....
I check active subscription and this person ISNT A CLIENT THATS ACTIVE....
WHY IS SUPPORT SO IGNORANT.
UGH.1 -
Arghhhhhhhh! What the hell is becoming of today's world?
So I have registration form that relates to parents signing up for a service and asking for ages of their children. Children are never older than 5 years old.
So, for each child the user specified the child's sex/gender (Boy or girl) and their age.
I'm still in disbelief over my client's request, that is marked "urgent".
I basically need to add to the list of options, as "boy" and "girl" are no enough and the question is now "too limiting".
I apparently need to add several more options including: "prefer not to specify", "geneder neutral", "bigender" and "genderfluid".
I mean how can a child aged 5 or less identify as "gender neutral" or "bigender" - how on earth are they able to decide.
Fine, if you're an adult and signing up to something like Facebook, have your 80 odd options. But for children under 5 how have no idea wtf any of this means, stuff like this really annoys me.17 -
I'm currently between jobs and have a few rants about my previous job (naturally). In retrospect, it's somewhat therapeutic to range about the sheer brainfuckery that has taken place. Enjoy!
First, let me set the scene: legacy B2B web app made with LEMP stack and sencha ext.js 3 + 4 (don't ask) and a lot of madness. Let's call that app "Alpha".
Alpha is a self made CMS build for typical ERP stuff. Yes, a self made CMS: entities are containers, containers have types and fields and values. Like so many legacy PHP apps, it does not have a dedicated FE: the HTML is rendered on the server and then spewed out to the browser.
Easy right? Coding like it's 1999! But there was a twist: Because everything is basically a container, the HTML-templates are saved in the DB. Along with the nessary JS and the CSS. And the translation variables. Why? Because fuck you! That's why. Who needs a git history anyways.
For some reason, Alpha was kinda slow.
There was also an editor, that allowed you to modify templates (web, mail, pdf) on the fly in prod. Because templates contain repeating data (header/footer), one template could contain additional templates. Much confusion. You could change templates via migration (slow, boring) or just ctrl-c/ctrl-v that sucker (fast, much excitement).
Did I mention Alpha was slow?
On with the rant: e-mails! How do they work? Noone knows. How to send mails asynchronous in PHP? Witchcraft is the only possible answer to that riddle. Here is your enterprise™ solution:
1. create mail
2. insert mail into DB
3. WAIT UP TO 59 SECONDS FOR A FUCKING CRON TO SEND MAIL
Why? "Because that way, we can resend mails in case the network is down :)"
Same procedure for the SOAP-API (db-queue + cron). You read that right: all requests to various other systems are processed once a minute.
Alpha slow.
Alpha was only one of several systems. Imagine a bunch of monolithic php apps, interconnected via SOAP, REST and GraphQL like a godamn intergalactic orgy. Image having to debug that cluster fuck.
Let's say there is a bad request. These things happen. No biggie. Remember the db-queue? Let's try to send the bad request a second time! And a third time! Still no luck? How odd. Let's create a specific file in a specific directory: a LOCK-file. Now, "the db-queue is on hold and no request gets processed :)"
Golly gee thanks Alpha.
Anyhow, did you know that MySQL has a join limit of 61 tables?
3 -
just found out a vulnerability in the website of the 3rd best high school in my country.
TL;DR: they had burried in some folders a c99 shell.
i am a begginer html/sql/php guy and really was looking into learning a bit here and there about them because i really like problem solving and found out ctfs mainly focus on this part of programming. i am a c++ programmer which does school contest like programming problems and i really enjoy them.
now back on topic.
with this urge to learn more web programming i said to myself what other method to learn better than real life sites! so i did just that. i first checked my school site. right click. inspect element. it seemed the site was made with wordpress. after looking more into the html code for the site i concluded all the images and files i could see on the site were from a folder on the server named 'wp-content/uploads'. i checked the folder. and here it got interesting. i did a get request on the site. saw the details. then i checked the site. bingo! there are 3 folders named '2017', '2018', '2019'. i said to myself: 'i am god.'
i could literally see all the announcements they have made from 2017-2019. and they were organised by month!!! my curiosity to see everything got me to the final destination.
with this adrenaline i thought about another site. in my city i have the 3rd most acclaimed high school in the country. what about checking their security?
so i typed the web address. looked around. again, right click, inspect element and looked around the source code. this time i was more lucky. this site is handmade!!! i was soooo happy because with my school's site i was restricted with what they have made with wordpress and i don't have much experience with it.
amd so i began looking what request the site made for the logos and other links. it seemed all the other links on the site were with this format: www.site.com/index.php?home. and i was very confused and still am. is this referencing some part of the site in the index.php file? is the whole site written inside the index.php file and with the question mark you just get to a part of the site? i don't really get it.
so nothing interesting inside the networking tab, just some stylesheets for the site's design i guess. i switched to the debugger tab and holy moly!! yes, it had that tree structure. very familiar. just like a project inside codeblocks or something familiar with it. and then it clicked me. there was the index.php file! and there was another folder from which i've seen nothing from the network tab. i finally got a lead!! i returned in the network tab, did a request to see the spgm folder and boooom a site appeared and i saw some files and folders from 2016. there was a spgm.js file and a spgm.php file. there was a contrib, flavors, gal and lang folders. then it once again clicked me! the lang folder was las updated this year in february. so i checked the folder and there were some files named lang with the extension named after their language and these files were last updated in 2016 so i left them alone. but there was this little snitch, this little 650K file named after the name of the school's site with the extension '.php' aaaaand it was last modified this year!!!! i was so excited! i thought i found a secret and different design of the site or something completely else! i clicked it and at first i was scared there was this black/red theme going on my screen and something was a little odd. there were no school announcements or event, nononoooo. this was still a tree structured view. at the top of the site it's written '!c99Shell v. 1.0...'
this was a big nono. i saw i could acces all kinds of folders. then i switched to the normal school website and tried to access a folder i have seen named userfiles and got a 403 forbidden error. wopsie. i then switched to the c99 shell website and tried to access the userfiles folder and my boy showed all of its contents. it was nakeeed naked. like very naked. and in the userfiles folder there were all, but i mean ALL files and folders they have on the server. there were a file with the salary of each job available in the school. some announcements. there was a list with all the students which failed classes. there were folders for contests they held. it was an absolute mess and i couldn't believe it.
i stopped and looked at the monitor. what have i done? just to learn some web programming i just leaked the server of the 3rd most famous high school in my country. image a black hat which would have seriously caused more damage. currently i am writing an email to the school to updrage their security because it is reaaaaly bad.
and the journy didn't end here. i 'hacked' the site 2 days ago and just now i thought about writing an email to the school. after i found i could access the WHOLE server i searched for the real attacker so if you want to knkw how this one went let me know in the comments.
sorry for the long post, but couldn't held it anymore13 -
Hey! This is a followup to my last story.
TL;DR: I thinking of quitting my old job, got an offer at a startup, about the same pay, but much better working conditions.
First of all, the meeting with my lead. It was a performance report on her side to me, and I got 100 to 110% in performance in all points. My lead said "this team without you wouldn't be this team anymore" - which makes me feel a little bit bad for her if I decide to quit. She is a great team lead, but I don't belive the old company is worth my time anymore.
Now to the new company. Shortly after that performance report meeting, I had a call with the ceo, and what do I have to say besides: What a cool dude. He listened to me, asked me questions about my previous jobs (not just as programmer) and so on. But because first looks are deceiving, I went to their office last thursday. And wow. Their are exactly what I imagined them to be. Cool, young folks, 100% tech enthusiasts, and open minded.
One of the new hires in the new company wanted a 6 months internship between his studies. Instead they offered him a full time job - for the 6 months. They even offered me to pay back my scholarship that I will own my old company for leaving early. This is awesome.
The only things that will be worse than my old job are, that I have to negotiate payment instead of yearly increases, 4 days less paid vacation, so only 26 days, and 40h weeks. And they have no workers council, which isn't good, but it's not the worst either.
I got them fixed on 57.000€, not including an up to 10.000€ annual bonus. The way you achieve your bonus seems good to. It's split in two parts, internal and external bonus. Internal bonus is when you engage with internal events like tech calls, sharing your knowledge on your main IT topics, etc. External Bonus is a bit more complicated, but also straight forward. You work on projects for customers, and if you have less than 3 weeks a year that you dont participate in an project, you get the full bonus.
Last friday, I filed a request for a certificate of employment from my current team lead, this is odd for her because I have never done it before, and she asked why I requested it. I said to her that we can talk about it, and she agreed but didn't call me, yet.
Lastly, another good friend of mine will be employed by my team soon, but for a fraction of the payment that I currently receive! He is doing the exact same work, and even worse, he is doing project managment for his main developer project too! And is getting less paid... I just cant...
Yesterday we needed to update a few cloud instances, the only other person who knows about setting up CICD and our OpenShift Containers than me is only in part time and works two days a week, his trainee didn't know anything, so it's up to me. This isn't hard or anything, but it shows that this system our mangement maintains will fail soon, maybe even with me going? I sure hope so tbh.
One of you guys said, I should go to my team lead and negotiate a higher pay, but the truth is, that because we are a big ISP we have an collective agreement for payment and are grouped by tasks (which is bull shit btw, because I'm doing tasks much higher paid than currently). This also means that I cannot simply jump in another group, and can only increase my current pay to about 115%, which is done automatically every year by 5% up to 115%. Anything above is considered extra, but I don't think they will go with it.
I will decide this week about my future at the old company, but I really don't know what to do...2 -
After a code review where I identified an odd way a request was being generated, I suggested to the developer to utilize the Strategy pattern.
Knowing that the Strategy pattern probably wouldn't make sense in the current context, I told him I would put an example together by the end of the day.
I throw something together, sent it to him.
Go to the restroom, come back and 'Bob' says..
Bob:"There is my hero. Justin said you saved the world again. What was it this time? World hunger? Global warming? Ha ha ha."
Frack off you condescending kiss ass. Why don't you take 5 minutes to listen and understand the problem Justin was having instead of making fun of him?
Yea, I heard you this morning laughing at his code, monday-morning quarterbacking a solution in which you have no idea whats going on.
Heard your days are numbers anyway. Good riddance.1 -
I'll monitor our helpdesk ticket system from time-to-time and HR will send their employee termination request so the accounts are deactivated. I notice an odd name I hadn't seen in a long while (names have been changed)
<thought bubble> "Ketsup? Hmmm...wonder if they're related to ol' Brad Ketsup?"
Brad was a bully who would shove me in the bathroom when I would pee so I would tip over and hit the urinal. He was part of pack of older bullies who enjoyed torturing people in the stalls by throwing wet paper towels over the wall or one time in my case, busted the door open (Brad: "Look everybody! PaperTrail is pooping! Look at his little pee-pee...ha ha ha..") Incidentally, the school didn't fix the door, they removed all the doors so the problem wouldn't happen again, but I digress.
I look at the individual's pic, and it was like going back in time. There he was, the near perfect round face, pinned back ears...not Brad, but I'd bet my paycheck at Vegas it was his son. All the vent up frustrations started to bubble up...then...sadness.
Brad moved away in high school and unless the good Lord moved mountains in Brad's life, this poor kid likely lived the same abusive life as Brad. Brad's dad was a drunk and known to be abusive. Statistically speaking, no reason to believe the the apple wouldn't fall far from the tree.
Makes me wonder what happened to all those guys from back then. I know two of em' ended up in prison, but I wonder what I would say if I came across any of them in the wild?
I'm sure most of you had perfect lives growing up and no feelings of mass carnage when you think of the bullies in your early life.5 -
My way through front end started with a simple request of changing a blog CSS.. which I knew nothing of. Looking back it feels odd starting with CSS then HTML, JS and now first PHP; but oh well what ever works?
That was a couple of years ago and lately I've done couple of minor freelance projects and have helped students at my university with it (I studied network engineer because I doubted myself..).
I never felt that I knew enough of programming or front end.. that I wasn't really "good enough" to apply for a job even though I almost finish the frontend certificate at FCC, did the Android application schoolar via Google and have worked a lot with Adobe CC overall and help people with their front end issues from school, even with library's I haven't touched (mighty power of Google search and quick learning).
Now sit here as a stockmen in my lunch break being all excited for one thing based on a conclusion I took last week.. if I never try to follow my passion for it, I'll stay a stockmen.. so I applied for s frontend job and got a call in for an interview today. I still doubt myself but figure I must try.. I do not wish to stay where I have been the whole year but to move on and work as a front end Dev. If I get it.. than Santa came early and if not.. well.. keep on evolving and trying I guess. *Holding thumbs* -
Experience with Plasma Mobile, part 2.
I was able to clone the official master repository and commit my hacks to it, but when I sent the pull request, the current active maintainer said that the master branch was actually severely out of date and to try the "halium-flash" branch.
So I did. I checked out the "halium-flash" branch and attempted to install Plasma Mobile. The bash file used to flash the phone still needed to be hacked around, though my previous commit was made irrelevant by the change. However, I did get it working on my phone.
So, here are my thoughts: It's most definitely not ready. The lock screen looks pretty and is well put together, and the "desktop" and icons for applications look very nice.
However, my phone does not have a physical "home" button, and Plasma Mobile to date does not have a digital "home" button. So, in order to close an application I have to literally reboot my phone.
As of yet there seems to not be any tactile feedback or visual feedback, which is odd when typing in the passcode to log into Plasma Mobile or trying to open an application.
Firefox crashes if you try to open it, and currently there are two choices of wallpaper. I haven't tried calling someone, but I'm fairly certain that Plasma Mobile does not support telephony on my phone type.
So, my verdict is still the same: I have great hopes for the Plasma Mobile project, but unless you are a developer who is interested in making it a better product, I would stay away for now.6
Top Tags
Weekly Rant
View