A trusted-partner of my company obviously opened a dodgy email, as some of my co-workers got emails with a dodgy link from them....

So our Network Admin sent an email to the entire company with a screenshot of the email and a message along the lines of "DO NOT CLICK THE LINK IF YOU'VE RECEIVED THE ORIGINAL EMAIL!"

Company director REPLIES TO ALL and says 'i cant click the link that you sent to us'.
N.A replies directly to him to say its only a screenshot as it could spread a virus.

Director then informs N.A that that he has found the original mail (hurrah!) but the link downloaded an empty .zip file, so he forwarded the file to another director... who also couldn't open.... so they forwarded it to another person who also couldn't open it..... and they in turn forwarded it etc etc.

Currently have 37 power scans running (out of 250 computers) and trying to figure out how the hell these people manage to dress themselves every morning.

To replace humans with robots, because human beings are complete shit at everything they do.

I am a chemist. My alignment is not lawful good. I've produced lots of drugs. Mostly just drugs against illnesses. Mostly.

But whatever my alignment or contribution to the world as a chemist... Human chemists are just fucking terrible at their job. Not for a lack of trying, biological beings just suck at it.

Suiting up for a biosafety level lab costs time. Meatbags fuck up very often, especially when tired. Humans whine when they get acid in their face, or when they have to pour and inhale carcinogenic substances. They also work imprecisely and inaccurately, even after thousands of hours of training and practice.

Weaklings! Robots are superior!

So I replaced my coworkers with expensive flow chemistry setups with probes and solenoid fluid valves. I replaced others with CUDA simulations.

First at a pharma production & research lab, then at a genetics lab, then at an Industrial R&D lab.

Many were even replaced by Raspberry Pi's with two servos and a PH meter attached, and I broke open second hand Fischer Sci spectrophotometers to attach arduinos with WiFi boards.

The issue was that after every little overzealous weekend project, I made myself less necessary as well.

So I jumped into the infinitely deep shitpool called webdev.

App & web development is kind of comfortable, there's always one more thing to do, but there's no pressure where failure leads to fatalities (I think? Wait... do I still care?).

Super chill, if it weren't for the delusion that making people do "frontend" and "fullstack" labor isn't a gross violation of the Geneva Convention.

Quickly recognizing that I actually don't want to be tortured and suffer from nerve damage caused by VueX or have my organs slowly liquefied by the radiation from some insane transpiling centrifuge, I did what any sane person would do.

Get as far away from the potential frontend blast radius as possible, hide in a concrete bunker.

So I became a data engineer / database admin.

That's where I'm quarantining now, safely hiding from humanity behind a desk, employed to write a MySQL migration or two, setting up Redis sorted sets, adding a field to an Elastic index. That takes care of generating cognac and LSD money.

But honestly.... I actually spend most of my time these days contributing to open source repositories, especially writing & maintaining Rust libraries.

Excuse the profuse amount of profanity below.

Fuck this fucking fucked up motherfucker of a fucking director. Money does not make you a fucking decent person, and you come in here and tell me that you pay my fucking measly salary so I must be fucking grateful.

Starts off with a boardroom meeting this morning. Wireless connection on my laptop takes two minutes to connect, I get told that I am wasting company time and that the salary of everyone in the meeting is quite a lot ("with me being the highest"- cuntface director) so stop wasting time. Fuck you man, it's a fucking wireless connection. I am building your motherfucking company applications and doing web design and for what, so I can earn fuckall and be told that I am fucking wasting time. I am presenting your fucking site you wanted, so give me a fucking minute extra to start up the fucking wireless connection.

The fucking mails are taking long to send, great, let's come down and fucking scream at the dev who regrettably said he would try and assist IT (by calling the provider). I literally just got told that I am the following. 1) Fucking stupid 2) He is going to close the dept down because I apparently fuck up (yet again cuntface, your fucking mailserver is NOT MY FUCKING PROBLEM) 3) He is going to contact an external company to come and check my work. 4) I am fucking useless. 5) I telling him lies (yeah fuckface, I worked as a sys admin, I know what a motherfucking DNS server is and what it does. you don't - so don't fucking tell me that I am lying when I tell you there is a DNS fucking issue, because you don't know what the fuck you are talking about - to top that off motherfucker, I FUCKING BUILT YOUR FUCKING SERVER AND YOUR FUCKING NETWORK. I FUCKING KNOW HOW IT WORKS AND WHAT THE FUCK I AM TALKING ABOUT).

On top of that, I got pushed out of the way of my own PC, my code got some fucked up gibberish in it (because he was trying to minimise my editor and he typed some in it, and now I have to fucking roll-back. He told me I am wasting company time and he will take my shit away from me if I download something again. It is an open network. I downloaded JAVA and fucking updated Sublime. Jesus man. What the fucking fuck.

"why is your gmail open?!?!" because I was testing your emails from an external network. "DON'T FEED ME BULLSHIT" (even though the top mail states "test"). It's the whole fucking "my money determines my dick size" mentality.

That being said, I got told that I need to work overtime, without pay, to resolve IT's issue, even if I have to on the weekend.

That being said,my new Dell that I had just bought (my own) got thrown on the floor and he fucked out of my office. Stupid motherfucker. I fucking earn nothing but cannot leave. I will find another job, and when I do - you can go and fuck yourself and your fucking degrading opinions. I am not fucking stupid, so fuck you.Fuck your company and fuck you. Cunt.

Navy story continued.
And continuing from the arp poisoning and boredom, I started scanning the network...
So I found plenty of WinXP computers, even some Win2k servers (I shit you not, the year was 201X) I decided to play around with merasploit a bit. I mean, this had to be a secure net, right?
Like hell it was.
Among the select douchebags I arp poisoned was a senior officer that had a VERY high idea for himself, and also believed he was tech-savvy. Now that, is a combination that is the red cloth for assholes like me. But I had to be more careful, as news of the network outage leaked, and rumours of "that guy" went amok, but because the whole sysadmin thing was on the shoulders of one guy, none could track it to me in explicit way. Not that i cared, actually, when I am pissed I act with all the subtleness of an atom bomb on steroids.
So, after some scanning and arp poisoning (changing the source MAC address this time) I said...
"Let's try this common exploit, it supposedly shouldn't work, there have been notifications about it, I've read them." Oh boy, was I in for a treat. 12 meterpreter sessions. FUCKING 12. The academy's online printer had no authentication, so I took the liberty of printing a few pages of ASCII jolly rogers (cute stuff, I know, but I was still in ITSec puberty) and decided to fuck around with the other PCs. One thing I found out is that some professors' PCs had the extreme password of 1234. Serious security, that was. Had I known earlier, I could have skipped a TON of pointless memorising...
Anyway, I was running amok the entire network, the sysad never had a chance on that, and he seemed preoccupied with EVERYTHING ELSE besides monitoring the net, like fixing (replacing) the keyboard for the commander's secretary, so...
BTW, most PCs had antivirus, but SO out of date that I didn't even need to encode the payload or do any other trick. An LDAP server was open, and the hashed admin password was the name of his wife. Go figure.
I looked at a WinXP laptop with a weird name, and fired my trusty ms08_067 on it. Passowrd: "aaw". I seriously thought that Ophcrack was broken, but I confirmed it. WTF? I started looking into the files... nothing too suspicious... wait a min, this guy is supposed to work, why his browser is showing porn?
Looking at the ""Deleted"" files (hah!) I fount a TON of documents with "SECRET" in them. Curious...
Decided to download everything, like the asshole I am, and restart his PC, AND to leave him with another desktop wallpaper and a text message. Thinking that he took the hint, I told the sysadmin about the vulnerable PCs and went to class...
In the middle of the class (I think it was anti-air warfare or anti-submarine warfare) the sysad burst through the door shouting "Stop it, that's the second-in-command's PC!".
Stunned silence. Even the professor (who was an officer). God, that was awkward. So, to make things MORE awkward (like the asshole I am) I burned every document to a DVD and the next day I took the sysad and went to the second-in-command of the academy.
Surprisingly he took the whole thing in quite the easygoing fashion. I half-expected court martial or at least a good yelling, but no. Anyway, after our conversation I cornered the sysad and barraged him with some tons of security holes, needed upgrades and settings etc. I still don't know if he managed to patch everything (I left him a detailed report) because, as I've written before, budget constraints in the military are the stuff of nightmares. Still, after that, oddly, most people wouldn't even talk to me.
God, that was a nice period of my life, not having to pretend to be interested about sports and TV shows. It would be almost like a story from highschool (if our highschool had such things as a network back then - yes, I am old).
Your stories?

The following meeting occurred at a client between a recently added client PM and our team, we'll call her Shrilldesi, previously from one of the main consulting vendors.

*Meeting begins after 15 minutes of bullshitting, waiting for people to file in*
Shrilldesi: "Ok everyone, let's get started
TeamMember: "We're still waiting for Z and W, not sure why they're late."
SD: "We can start there. It was decided had to lay off Z and W, because we didn't have enough work."
Moi: "Wait, what. Who made that decision? Why weren't we consulted on this? We have another project starting next week that they were needed for. They just delivered the entire public facing rewrite, why would we let them go?!"
SD: "It was decided by myself, pajeet, and venkata looking at the backlog. Not enough work, week gap."
Moi: "This is going to hurt our ability to deliver the next phase. When are we going to start interviewing new people, the project begins next week?"
SD: "We will interview new resources as needed."
Moi: "Who is we? And 'as needed' is yesterday, or realistically several weeks ago as the. project. starts. next. week. Also, we're obligated by federal law to bring back anyone we lay off before we hire anyone else for the same position."
SD: "Interviews will be done by myself, Mohd, and Pajeet."
Moi: "...can I point out that there's only one modestly technical person in that group, they're an admin, and none of them are from this team? How do you conduct an engineering interview without any engineers?"
SD: "That does not matter, I have watched enough to be able to ask your questions."
Moi: *anger intensifies* "I have to respectfully disagree. I don't feel it's appropriate to cut us out of the process of interviewing our own team members."
SD: "It is decided, we will take care of it, let us move on. Next, we need to find work for the Manasa, she doesn't have anything to do."
Moi: *sharpens baseball bat* "...shouldn't we just fire her then?"
SD: "Oh that is so mean, why would we fire her? We were thinking she might be able to do some of my project management work."
Moi: *sharpening intensifies* "You do realize it's a violation of H1-B statutes for someone to be employed in work other than what is stated on their contract, and Project Managers are specifically listed as not specialized skillsets per federal law."
SD: *ignores question* "We also need to find work for the offshore team, they don't have enough to do. Please find them work for the next period."
Moi: *checks how long the wait period is for ar-15s*
SD: "We also have a new person rolling onto our team, he comes from the xyz team, Dikshit *gestures to person we all figured was lost*. He will be handling our front end development."
Moi: *seething hatred* "WE JUST LET TWO EXCELLENT FRONT END DEVELOPERS GO. WE DO NOT NEED DIKSHIT."
SD: "Please calm down. We will be replacing the other two shortly, there is no problem."
Moi: "Have you heard nothing I've said? Did you even run this by legal and HR? Why did we let them go in the first place? Why do we even need Dikshit?!"
SD: "I said it before, please listen. There is not enough work for them. Dikshit will do front end. What is unclear?"

Note: There's not really any dramatization here. It's almost verbatim what happened. Eventually, the next project was cancelled, they incrementally rolled the rest of the local team off. They then had the cojones to express aghast anger when I notified them I would not be renewing my contract, and open hatred when I explained to them I was not a slave, and I refused to be a bag holder for the inevitable failure of a project without any chance of success. I don't really care what happened after that, they can all burn in their own little nepotistic shitshow of perpetual failure.

Our website once had it’s config file (“old” .cgi app) open and available if you knew the file name. It was ‘obfuscated’ with the file name “Name of the cgi executable”.txt. So browsing, browsing.cgi, config file was browsing.txt.
After discovering the sql server admin password in plain text and reporting it to the VP, he called a meeting.
VP: “I have a report that you are storing the server admin password in plain text.”
WebMgr: “No, that is not correct.”
Me: “Um, yes it is, or we wouldn’t be here.”
WebMgr: “It’s not a network server administrator, it’s SQL Server’s SA account. Completely secure since that login has no access to the network.”
<VP looks over at me>
VP: “Oh..I was not told *that* detail.”
Me: “Um, that doesn’t matter, we shouldn’t have any login password in plain text, anywhere. Besides, the SA account has full access to the entire database. Someone could drop tables, get customer data, even access credit card data.”
WebMgr: “You are blowing all this out of proportion. There is no way anyone could do that.”
Me: “Uh, two weeks ago I discovered the catalog page was sending raw SQL from javascript. All anyone had to do was inject a semicolon and add whatever they wanted.”
WebMgr: “Who would do that? They would have to know a lot about our systems in order to do any real damage.”
VP: “Yes, it would have to be someone in our department looking to do some damage.”
<both the VP and WebMgr look at me>
Me: “Open your browser and search on SQL Injection.”
<VP searches on SQL Injection..few seconds pass>
VP: “Oh my, this is disturbing. I did not know SQL injection was such a problem. I want all SQL removed from javascript and passwords removed from the text files.”
WebMgr: “Our team is already removing the SQL, but our apps need to read the SQL server login and password from a config file. I don’t know why this is such a big deal. The file is read-only and protected by IIS. You can’t even read it from a browser.”
VP: “Well, if it’s secured, I suppose it is OK.”
Me: “Open your browser and navigate to … browse.txt”
VP: “Oh my, there it is.”
WebMgr: “You can only see it because your laptop had administrative privileges. Anyone outside our network cannot access the file.”
VP: “OK, that makes sense. As long as IIS is securing the file …”
Me: “No..no..no.. I can’t believe this. The screen shot I sent yesterday was from my home laptop showing the file is publicly available.”
WebMgr: “But you are probably an admin on the laptop.”
<couple of awkward seconds of silence…then the light comes on>
VP: “OK, I’m stopping this meeting. I want all admin users and passwords removed from the site by the end of the day.”

Took a little longer than a day, but after reviewing what the web team changed:
- They did remove the SQL Server SA account, but replaced it with another account with full admin privileges.
- Replaced the “App Name”.txt with centrally located config file at C:\Inetpub\wwwroot\config.txt (hard-coded in the app)
When I brought this up again with my manager..
Mgr: “Yea, I know, it sucks. WebMgr showed the VP the config file was not accessible by the web site and it wasn’t using the SA password. He was satisfied by that. Web site is looking to beat projections again by 15%, so WebMgr told the other VPs that another disruption from a developer could jeopardize the quarterly numbers. I’d keep my head down for a while.”

Buckle up kids, this one gets saucy.

At work, we have a stress test machine that trests tensile, puncture and breaking strength for different materials used (wood construction). It had a controller software update that was supposed to be installed. I was called into the office because the folks there were unable to install it, they told me the executable just crashed, and wanted me to take a look as I am the most tech-savvy person there.

I go to the computer and open up the firmware download folder. I see a couple folders, some random VBScript file, and Installation.txt. I open the TXT, and find the first round of bullshit.

"Do not run the installer executable directly as it will not work. Run install.vbs instead."

Now, excuse me for a moment, but what kind of dick-cheese-sniffing cockmonger has end users run VBScript files to install something in 2018?! Shame I didn't think of opening it up and examining it for myself to find out what that piece of boiled dogshit did.

I suspend my cringe and run it, and lo and behold, it installs. I open the program and am faced with entering a license key. I'm given the key by the folks at the office, but quickly conclude no ways of entering it work. I reboot the program and there is an autofilled key I didn't notice previously. Whatever, I think, and hit OK.

The program starts fine, and I try with the login they had previously used. Now it doesn't work for some reason. I try it several times to no avail. Then I check the network inspector and notice that when I hit login, no network activity happens in the program, so I conclude the check must be local against some database.

I browse to the program installation directory for clues. Then I see a folder called "Databases".

"This can't be this easy", I think to myself, expecting to find some kind of JSON or something inside that I can crawl for clues. I open the folder and find something much worse. Oh, so much worse.

I find <SOFTWARE NAME>.accdb in the folder. At this point cold sweat is already running down my back at the sheer thought of using Microsoft Access for any program, but curiosity takes over and I open it anyway.

I find the database for the entire program inside. I also notice at this point that I have read/write access to the database, another thing that sent my alarm bells ringing like St. Pauls cathedral. Then I notice a table called "tUser" in the left panel.

Fearing the worst, I click over and find... And you knew it was coming...

Usernames and passwords in plain text.

Not only that, they're all in the format "admin - admin", "user - user", "tester - tester".

I suspend my will to die, login to the program and re-add the account they used previously. I leave the office and inform the peeps that the program works as intended again.

I wish I was making this shit up, but I really am not. What is the fucking point of having a login system at all when your users can just open the database with a program that nowadays comes bundled with every Windows install and easily read the logins? It's not even like the data structure is confusing like minified JSON or something, it's literally a spreadsheet in a program that a trained monkey could read.

God bless them and Satan condemn the developers of this fuckawful program.

It were around 1997~1998, I was on middle school. It was a technical course, so we had programing languages classes, IT etc.

The IT guy of our computer lab had been replaced and the new one had blocked completely the access on the computers. We had to make everything on floppy disks, because he didn't trusted us to use the local hard disk. Our class asked him to remove some of the restrictions, but he just ignored us. Nobody liked that guy. Not us, not the teachers, not the trainees at the lab.

Someday a friend and me arrived a little bit early at the school. We gone to the lab and another friend that was a trainee on the lab (that is registered here, on DevRant) allowed us to come inside. We had already memorized all the commands. We crawled in the dark lab to the server. Put a ms dos 5.3 boot disk with a program to open ntfs partitions and without turn on the computer monitor, we booted the server.

At that time, Windows stored all passwords in an encrypted file. We knew the exact path and copied the file into the floppy disk.

To avoid any problems with the floppy disk, we asked the director of the school to get out just to get a homework we theorically forgot at our friends house that was on the same block at school. We were not lying at all. He really lived there and he had the best computer of us.

The decrypt program stayed running for one week until it finds the password we did want: the root.

We came back to the lab at the class. Logged in with the root account. We just created another account with a generic name but the same privileges as root. First, we looked for any hidden backup at network and deleted. Second, we were lucky: all the computers of the school were on the same network. If you were the admin, you could connect anywhere. So we connected to a "finance" computer that was really the finances and we could get lists of all the students with debits, who had any discount etc. We copied it to us case we were discovered and had to use anything to bargain.

Now the fun part: we removed the privileges of all accounts that were higher than the trainee accounts. They had no access to hard disks anymore. They had just the students privileges now.

After that, we changed the root password. Neither we knew it. And last, but not least, we changed the students login, giving them trainee privileges.

We just deleted our account with root powers, logged in as student and pretended everything was normal.

End of class, we went home. Next day, the lab was closed. The entire school (that was school, mid school and college at the same place) was frozen. Classes were normal, but nothing more worked. Library, finances, labs, nothing. They had no access anymore.

We celebrated it as it were new years eve. One of our teachers came to us saying congratulations, as he knew it had been us. We answered with a "I don't know what are you talking about". He laughed and gone to his class.

We really have fun remembering this "adventure". :)

PS: the admin formatted all the servers to fix the mess. They had plenty of servers.

Worst WTF dev experience? The login process from hell to a well-fortified dev environment at a client's site.
I assume a noob admin found a list of security tips and just went like "all of the above!".

You boot a Linux VM, necessary to connect to their VPN. Why necessary? Because 1) their VPN is so restrictive it has no internet access 2) the VPN connection prevents *your local PC* from accessing the internet as well. Coworkers have been seen bringing in their private laptops just to be able to google stuff.
So you connect via Cisco AnyConnect proprietary bullshit. A standard VPN client won't work. Their system sends you a one-time key via SMS as your password.

Once on their VPN, you start a remote desktop session to their internal "hopping server", which is a Windows server. After logging in with your Windows user credentials, you start a Windows Remote Desktop session *on that hopping server* to *another* Windows server, where you login with yet another set of Windows user credentials. For all these logins you have 30 seconds, otherwise back to step 1.
On that server you open a browser to access their JIRA, GitLab, etc or SSH into the actual dev machines - which AGAIN need yet another set of credentials.

So in total: VM -> VPN + RDP inside VM -> RDP #2 -> Browser/SSH/... -> Final system to work on
Input lag of one to multiple seconds. It was fucking unusable.

Now, the servers were very disconnect-happy to prevent anything "fishy" going on. Sitting at my desk at my company, connected to my company's wifi, was apparently fishy enough to kick me out every 5 to 20 minutes. And that meant starting from step 1 inside the VM again. So, never forget to plugin your network cable.

There's a special place in hell for this admin. And if there isn't, I'll PERSONALLY make the devil create one. Even now that I'm not even working on this any more.

The tech stack at my current gig is the worst shit I’ve ever dealt with...

I can’t fucking stand programs, especially browser based programs, to open new windows. New tab, okay sure, ideally I just want the current tab I’m on to update when I click on a link.

Ticketing system: Autotask
Fucking opens up with a crappy piss poor sorting method and no proper filtering for ticket views. Nope you have to go create a fucking dashboard to parse/filter the shit you want to see. So I either have to go create a metric-arse tonne of custom ticket views and switch between them or just use the default turdburger view. Add to that that when I click on a ticket, it opens another fucking window with the ticket information. If I want to do time entry, it just feels some primal need to open another fucking window!!! Then even if I mark the ticket complete it just minimizes the goddamn second ticket window. So my jankbox-supreme PC that my company provided gets to strugglepuff along trying to keep 10 million chrome windows open. Yeah, sure 6GB of ram is great for IT work, especially when using hot steaming piles of trashjuice software!

I have to manually close these windows regularly throughout the day or the system just shits the bed and halts.

RMM tool: Continuum
This fucker takes the goddamn soggy waffle award for being utterly fucking useless. Same problem with the windows as autotask except this special snowflake likes to open a login prompt as a full-fuck-mothering-new window when we need to open a LMI rescue session!!! I need to enter a username and a password. That’s it! I don’t need a full screen window to enter credentials! FUCK!!! Btw the LMI tools only work like 70% of the time and drag ass compared to literally every other remote support tool I’ve ever used. I’ve found that it’s sometimes just faster to walk someone through enabling RDP on their system then remoting in from another system where LMI didn’t decide to be fully suicidal and just kill itself.

Our fucking chief asshat and sergeant fucknuts mcdoogal can’t fucking setup anything so the antivirus software is pushed to all client systems but everything is just set to the default site settings. Absolutely zero care or thought or effort was put forth and these gorilla spunk drinking, rimjob jockey motherfuckers sell this as a managed AntiVirus.

We use a shitty password manager than no one besides I use because there is a fully unencrypted oneNote notebook that everyone uses because fuck security right? “Sometimes it’s just faster to have the passwords at the ready without having to log into the password manager.” Chief Asshat in my first week on the job.

Not to mention that windows server is unlicensed in almost every client environment, the domain admin password is same across multiple client sites, is the same password to log into firewalls, and office 365 environments!!!

I’ve brought up tons of ways to fix these problems, but they have their heads so far up their own asses getting high on undeserved smugness since “they have been in business for almost ten years”. Like, Whoop Dee MotherFucking Doo! You have only been lucky to skate by with this dumpster fire you call a software stack, you could probably fill 10 olympic sized swimming pools to the brim with the logarrhea that flows from your gullets not only to us but also to your customers, and you won’t implement anything that is good for you, your company, or your poor clients because you take ten minutes to try and understand something new.

I’m fucking livid because I’m stuck in a position where I can’t just quit and work on my business full time. I’m married and have a 6m old baby. Between both my wife and I working we barely make ends meet and there’s absolutely zero reason that I couldn’t be providing better service to customers without having to lie through my teeth to them and I could easily support my family and be about 264826290461% happier!

But because we make so little, I can’t scrap together enough money to get Terranimbus (my startup) bootstrapped. We have zero expendable/savable income each month and it’s killing my soul. It’s so fucking frustrating knowing that a little time and some capital is all that stands between a better life for my family and I and being able to provide a better overall service out there over these kinds of shady as fuck knob gobblers.

From my work -as an IT consultant in one of the big 4- I can now show you my masterpiece

INSIGHTS FROM THE DAILY LIFE OF A FUNCTIONAL ANALIST IN A BIG 4 -I'M NOT A FUNCTIONAL ANALYST BUT THAT'S WHAT THEY DO-

- 10:30, enter the office. By contract you should be there at 9:00 but nobody gives a shit
- First task of the day: prepare the power point for the client. DURATION: 15 minutes to actually make the powerpoint, 45 minutes to search all the possible synonyms of RESILIENCE BIG DATA AGILE INTELLIGENT AUTOMATION MACHINE LEARNING SHIT PISS CUM, 1 hour to actually present the document.
- 12:30: Sniff the powder left by the chalks on the blackboards. Duration: 30 minutes, that's a lot of chalk you need to snort.

13:00, LUNCH TIME. You get back to work not one minute sooner than 15.00

- 15:00, conference with the HR. You need to carefully analyze the quantity and quality of the farts emitted in the office for 2 hours at least
- 17:00 conference call, a project you were assigned to half a day ago has a server down.
The client sent two managers, three senior Java developers, the CEO, 5 employees -they know logs and mails from the last 5 months line by line-, 4 lawyers and a beheading teacher from ISIS.
On your side there are 3 external ucraininans for the maintenance, successors of the 3 (already dead) developers who put the process in place 4 years ago according to God knows which specifications. They don't understand a word of what is being said.
Then there's the assistant of the assistant of a manager from another project that has nothing to do with this one, a feces officer, a sys admin who is going to watch porn for the whole conference call and won't listen a word, two interns to make up a number and look like you're prepared. Current objective: survive. Duration: 2 hours and a half.
- 19:30, snort some more chalk for half an hour, preparing for the mail in which you explain the associate partner how because of the aforementioned conference call we're going to lose a maintenance contract worth 20 grands per month (and a law proceeding worth a number of dollars you can't even read) and you have no idea how could this happen
- 20:00, timesheet! Compile the weekly report, write what you did and how long did it take for each task. You are allowed to compile 8 hours per day, you worked at least 11 but nobody gives a shit. Duration: 30 minutes
- 20:30, update your consultant! Training course, "tasting cum and presenting its organoleptic properties to a client". Bearing with your job: none at all. Duration: 90 minutes, then there's half an hour of evaluating test where you'll copy the answers from a sheet given to you by a colleague who left 6 months ago.
- 22:30, CHANCE CARD! You have a new mail from the HR: you asked for a refund for a 3$ sandwich, but the receipt isn't there and they realized it with a 9 months delay. You need to find that wicked piece of paper. DURATION: 30 minutes. The receipt most likely doesn't even exist anymore and will be taken directly from your next salary.
- 23:00 you receive a message on Teams. It's the intern. It's very late but you're online and have to answer. There's an exception on a process which have been running for 6 years with no problems and nobody ever touches. The intern doesn't know what to do, but you wrote the specifications for the thing, 6 years ago, and everything MUST run tonight. You are not a technician and have no fucking clue about anyhing at all. 30 minutes to make sure it's something on our side and not on the client side, and in all that the intern is as useful as a confetto to wipe your ass. Once you're sure it's something on our side you need to search for the senior dev who received the maintenance of the project, call him and solve the problem.
It turns out a file in a shared folder nobody ever touches was unreachable 'cause one of your libraries left it open during the last run and Excel shown a warning modal while opening it; your project didn't like this last thing one bit. It takes 90 minutes to find the root of the problem, you solve it by rebooting one of your machines. It's 01:00.

You shower, watch yourself on the mirror and search for the line where your forehead ends and your hair starts. It got a little bit back from yesterday; the change can't be seen with the naked eye but you know it's there.

You cry yourself to sleep. Tomorrow is another day, but it's going to be exactly like today.

Our web department was deploying a fairly large sales campaign (equivalent to a ‘Black Friday’ for us), and the day before, at 4:00PM, one of the devs emails us and asks “Hey, just a heads up, the main sales page takes almost 30 seconds to load. Any chance you could find out why? Thanks!”
We click the URL they sent, and sure enough, 30 seconds on the dot.
Our department manager almost fell out of his chair (a few ‘F’ bombs were thrown).
DBAs sit next door, so he shouts…
Mgr: ”Hey, did you know the new sales page is taking 30 seconds to open!?”
DBA: “Yea, but it’s not the database. Are you just now hearing about this? They have had performance problems for over week now. Our traces show it’s something on their end.”
Mgr: “-bleep- no!”
Mgr tries to get a hold of anyone …no one is answering the phone..so he leaves to find someone…anyone with authority.
4:15 he comes back..
Mgr: “-beep- All the web managers were in a meeting. I had to interrupt and ask if they knew about the performance problem.”
Me: “Oh crap. I assume they didn’t know or they wouldn’t be in a meeting.”
Mgr: “-bleep- no! No one knew. Apparently the only ones who knew were the 3 developers and the DBA!”
Me: “Uh…what exactly do they want us to do?”
Mgr: “The –bleep- if I know!”
Me: “Are there any load tests we could use for the staging servers? Maybe it’s only the developer servers.”
DBA: “No, just those 3 developers testing. They could reproduce the slowness on staging, so no need for the load tests.”
Mgr: “Oh my –bleep-ing God!”
4:30 ..one of the vice presidents comes into our area…
VP: “So, do we know what the problem is? John tells me you guys are fixing the problem.”
Mgr: “No, we just heard about the problem half hour ago. DBAs said the database side is fine and the traces look like the bottleneck is on web side of things.”
VP: “Hmm, no, John said the problem is the caching. Aren’t you responsible for that?”
Mgr: “Uh…um…yea, but I don’t think anyone knows what the problem is yet.”
VP: “Well, get the caching problem fixed as soon as possible. Our sales numbers this year hinge on the deployment tomorrow.”
- VP leaves -
Me: “I looked at the cache, it’s fine. Their traffic is barely a blip. How much do you want to bet they have a bug or a mistyped url in their javascript? A consistent 30 second load time is suspiciously indicative of a timeout somewhere.”
Mgr: “I was thinking the same thing. I’ll have networking run a trace.”

4:45 Networking run their trace, and sure enough, there was some relative path of ‘something’ pointing to a local resource not on development, it was waiting/timing out after 30 seconds. Fixed the path and page loaded instantaneously. Network admin walks over..
NetworkAdmin: “We had no idea they were having problems. If they told us last week, we could have identified the issue. Did anyone else think 30 second load time was a bit suspicious?”
4:50 VP walks in (“John” is the web team manager)..
VP: “John said the caching issue is fixed. Great job everyone.”
Mgr: “It wasn’t the caching, it was a mistyped resource or something in a javascript file.”
VP: “But the caching is fixed? Right? John said it was caching. Anyway, great job everyone. We’re going to have a great day tomorrow!”
VP leaves
NetworkAdmin: “Ouch…you feel that?”
Me: “Feel what?”
NetworkAdmin: “That bus John just threw us under.”
Mgr: “Yea, but I think John just saved 3 jobs. Remember that.”

TL;DR :

"when i die i want my group project members to lower me into my grave so they can let me down one last time"

STORY TIME

Last year in College, I had two simultaneous projects. Both were semester long projects. One was for a database class an another was for a software engineering class.

As you can guess, the focus of the projects was very different. Databases we made some desktop networked chat application with a user login system and what not in Java. SE we made an app store with an approval system and admin panels and ratings and reviews and all that jazz in Meteor.js.

The DB project we had 4 total people and one of them was someone we'll call Frank. Frank was also in my SE project group. Frank disappeared for several weeks. Not in class, didn't contact us, and at one point the professors didn't know much either. As soon as we noticed it would be an issue, we talked to the professors. Just keeping them in the loop will save you a lot of trouble down the road. I'm assuming there was some medical or family emergency because the professors were very understanding with him once he started coming back to class and they had a chance to talk.

Lesson 1: If you have that guy that doesn't show up or communicate, don't be a jerk to them and communicate with your professor. Also, don't stop trying to contact the rogue partner. Maybe they'll come around sometime.

It sucked to lose 25% of our team for a project, but Frank appreciated that we didn't totally ignore him and throw him under the bus to the point that the last day of class he came up to me and said, "hey, open your book bag and bring it next to mine." He then threw a LARGE bottle of booze in there as a thank you.

Lesson 2: Treat humans as humans. Things go wrong and understanding that will get you a lot farther with people than trying to make them feel terrible about something that may have been out of their control.

Our DB project went really well. We got an A, we demoed, it worked, it was cool. The biggest problem is I was the only person that had taken a networking class so I ended up doing a large portion of the work. I wish I had taken other people's skills into account when we were deciding on a project. Especially because the only requirement was that it needed to have a minimum of 5 tables and we had to use some SQL language (aka, we couldn't use no-SQL).

The SE project had Frank and a music major who wanted to minor in CS (and then 3 other regular CS students aside from me). This assignment was make an app store using any technology you want. But, you had to use agile sprints. So we had weekly meetings with the "customer" (the TA), who would change requirements on us to keep us on our toes and tell us what they wanted done as a priority for the next meeting. Seriously, just like real life. It was so much fun trying to stay ahead of that.

So we met up and tried to decided what to use. One kid said Java because we all had it for school. The big issue is trying to make a Java web app is a pain in the ass. Seriously, there are so many better things to use. Other teams decided to use Django because they all wanted to learn Python. I suggested why not use something with a nice package system to minimize duplicating work that had already been done and tested by someone. Kid 1 didn't like that because he said in the real world you have to make your own software and not use packages. Little did he know that I had worked in SE for a few years already and knew damn well that every good project has code from somewhere else that has already solved a problem you're facing. We went with Java the first week. It failed miserably. Nobody could get the server set up on their computers. Using VCS with it required you to keep the repo outside of the where you wrote code and copy and paste changes in there. It was just a huge flop so everyone else voted to change.

Lesson 3: Be flexible. Be open to learning new things. Don't be afraid to try something new. It'll make you a better developer in the long run.

So we ended up using Meteor. Why? We all figured we could pick up javascript super easy.Two of us already knew it. And the real time thing would make for some cool effects when an app got a approved or a comment was made. We got to work and the one kid was still pissed. I just checked the repo and the only thing he committed was fixing the spelling of on word in the readme.

We sat down one day and worked for 4 straight hours. We finished the whole project in that time. While other teams were figuring out how to layout their homepage, we had a working user system and admin page and everything. Our TA was trying to throw us for loops by asking for crazy things and we still came through. We had tests that ran along side the application as you used it. It was friggin cool.

Lesson 4: If possible, pick the right tool for the job. Not the tool you know. Everything in CS has a purpose. If you use it for its purpose, you will save days off of a project.

A brief, and biased opinion of what love is in the dev world:

Love is my employees bringing me something to eat when they know I stay back so that they can all go out do whatever they can do.

Love is my CMS admin getting his ass up and walking all the way to my office when the director walks in to say some STUPID FUCKING SHIT to me that he(CMS Admin) knows would have me 2 fucking seconds away from getting out of my chair and drop kicking the fuck out of him.

Love is the rest of my employees getting up to follow along in case(certainly) one dude is not able to hold me down.

Love is them knowing that I know that their mere presence there will make me chill the fuck out and not choke the fucking director

Love is the CMS Admin proof reading every email I send to a bitch that was trying to get smart, to make sure that I was not being agressive.

Love is said CMS Admin bringing me coffee or a coke congratulating me on listening to him about X email not being aggressive (there is no passive in my vocabulary, just balls out "isn't this your fucking job" aggressive)

Love is my lead developer showing to work after medical treatment fucked up as all hell because he knows that if he is not there I will do a billion things myself in order to give him some rest.

Love is taking my CMS admin and lead dev out to eat when a major stakeholder shits on something I damn well know it took them a while to finish. Love is also letting me open up to said stakeholder to tell them how much of a fucktard they are, sometimes they let me loose, and I appreciate that.

Love is every small person in the company approaching you to tell you of their issues, becuase they care more about the productivity they give to their users, rather than the bullshit numbers their managers care about.

Love is the staff of other places taking care of you because you are not a VP dickhead that treats them like shit.

Love is the HR reps sending you personal e-mails asking you for help because their shitbag of a boss does not count for help and leaves them in the blank with shit software, for which said HR go above and beyond for you later on even though said shitbag manager said no.

Love is your team getting angry and responding respectfully at people when they talk shit about their manager on their emails (manager being me)

Love is your employees closing your door for you when they know you are overwhelmed and you need a quick second to pull yourself up.

Love is not wanting to leave this miserable place because you know some dickweed will be left in charge of the people that care for you, trust you, work for you regardless of the date, and confide in you.

They got me locked in, this shitty institution, for now. Until I find a way to bring my entire team with me.

As much as I love opensource I hate really hate some of its actvie community members (read this as "freetards" <-- see urbandictonary). As a .Net + web devloper with minimal C experience (I just started learning it) and literally no Python experience its not really easy to contribute for me to many (most) opensource software for linux. I am using some <unnamed software> and I found a <critical bug>, it was easy to reproduce and I wrote for list of possible solutions, found it in a code and linked and basically wrote a docummentation longer than any other I ever wrote for every single project I did ever, combined. This <software> was critical for my server and since owner of github repo and few other people there were really active, I hoped that this bug with pretty good documentation will be solved fast, I went to my bed with a heroic feeling of an open source community contributor that helped saving world. I was horribly wrong. Tomorrow, I got 3 passively agressive responses from owner and other 2 freetards that summed up said <other1>:"oh thats nice, fix i yourself and commit it", <other2>:"have a sex with yourself" in a nice way, and <owner>: "fix my softwate and create mrege request". After replying that I have no experience my Python skills are not on a level requied for such an action, he messaged me on twitter I have linked to my GitHub profile saying even less nicely that I am a "retarded c*nt" and that I should learn Python and fix it myself. This makes me stay with my Windows based Server for some time now, fuck this. I googled his github nickname and guess what. Our main freetard is admin on an <unnamed linux forum> and mebmber of many other "computer help" with literally half of his posts just slightly toxic posts about how everyone should use linux and how supreme it is ober anything other, the other hals was crying why linux has only 1% of market share. Oh boi I am not sure why but ITS MAYBE BECAUSE OF FREETARDS LIKE YOU.
And the funnies thing is, hes not only freetard, he is just fullstack retard. One of his posts is "helping" to some <noob windows user> installing Linux. tl:dr for this las part: Freetard basically wiped all data of that <noob>.

PS: Bless everyone who do not respond "oh nice, now you can do it yourself"

Who the fuck came up with the idea of using SharePoint? What it even is?! Is it a website, wiki, document repo...?

Our version seems to be a broken wiki with no info content, old links, illogical navigation. And somehow word documents are integrated into it. Sometimes you see some weird calendar and timelines (from old projects). You can navigate into a folder, but you cannot get back. There's no ".." button?? You can map it like OneDrive to yourself, but Windows doesn't support any document version control. Where's the check in/out option from explorer menu??? I sure as shit have those for SVN, GIT etc. Is there a new version created everytime I press ctrl-s or only when I close the document?

Well, I could open the document in "online" mode. Ok, the formatting goes weird and everything is super slow. But at least I can fuck up someone elses document by accidentaly copy/pasting stuff, deleting lines, hitting my face into keyboard etc. There's automatically new version added!

Somehow you can enable the forced check in/out for documents. Obviously only the library admin can do that. And since he's just a program manager, he has no clue what the fuck is version control or document management. So he has this thing on his "things to do" list. For him, document management means sending various spec versions as email attachments. And the developers can figure out together who has the most recent one.

How did M$ push shit piece of shit to corporations? They even use this crap for the intranet making it slower than creation of galaxies. Though it's ok, since you cannot find anything from the intranet. It's all just head honchos blogs, seasonal greetings and stock market statuses. Nowhere is seen the downstairs cafeteria menu for the day. Or where to report for broken toilet. You know, stuff that 99% of people would like to see.

I complained to M$ about the SharePoint, but apparently there's no problem. You can code it yourself? Yeiii! So, instead of just updating some line in design spec, I have to take a 3 month class and get a MS sertificate, code some class-based-web-shit for 6 months and maybe, maybe then I can make the page/document look normal?

I am thinking, that I will just start writing my specs on paper. I will put them on the shelf and if you want to read it, you will check it out manually. And if someone else tries to edit it while you are editing it, you just cover the paper with your hands. There might be a requirement to make the document look more like MS Word, but that's easy to do. Just go to WC with the paper and wipe with it a couple of times.

> IHateForALiving: I have added markdown on the client! Now the sys admin can use markdown and it's going to be rendered as HTML
> Team leader: ok, I've seen you also included some pics of the tests you made. It's nice, there's no XSS vulnerabilities, now I want you to make sure you didn't introduce any SQL injection too. Post the results of the tests in the tickets, for everybody to see.

I've been trying to extract from him for 15 minutes how sending a text through a markdown renderer on the client is supposed to create a SQL injection on the server, I've been trying to extract from him how showing all of this to the world would improve our reputation.
I miserably failed, I don't know how the fuck am I supposed to test this thing and if I a colleague wasted time to make sure some client-side rendering didn't create a SQL injection I'd make sure to point and laugh at them every time they open their mouth.

If nobody hates you, you're doing something wrong ~ House MD

Tl;Dr : I'm pissing the right people off and my God I like it

That's what I've known and have confirmed doing my current side project with my gf, we are working on a ratemyprofessors clone with extra spicy features, one in particular is so spicy some teachers will be put in a position in which they would rather grind hot peppers with their butt cheeks.

Don't get me wrong, there are good teachers (some of which actually showed support) but some are not good teachers and some aren't good people either; I've decided it's time to stop complaining and take action.

We recently released an alpha and I presented it to a teacher I had this semester (one of the "not so great" kind) as a DB proyect cuz fuck it I'm not doing 2 projects.

This teacher is your run of the mill "I'm lazy and I don't care" teacher and she ran the classroom like a shitty kindergarten, so much so, one of the teams was presenting a buggy admin site as their project and she started talking on the phone! Right up on their faces!!

My turn, I go up and handle her a 30 page printed thesis of my project and said that unlike my mates, I was going to start presenting the idea and then the actual software...why is it printed?, She said; Because I won't be projecting the PDF ma'am, I actually made a professional presentation and that way you can read more technical details while I give a broad overview...

I started talking about the huge issues students face and my research about it, undisciplined teachers, no class structure ~ abrupt interruption ~ "yeah I know like, you are giving so much statistics and numbahs but where is the database?"

I got pissed off because the whole purpose of printing and giving her the docs was for her to ask specific questions AT THE END! So I told her I was getting there and to ask questions at the end...I start showing off the system's sweetest features... everyone got quiet...a girl on the front row kept looking at the teacher and then back to the board with her eyes wide open, the teacher was visibly upset.

I asked someone to please help me by using the site being projected for everyone to see, he searched the teacher's name and it obviously popped up cuz I scrapped the whole teacher index site... some people gasp and others start murmuring.

She freaked and started arguing saying that frontend can't be just HTML and CSS, where did you mentioned x and y feature? admit it's just teacher evaluations! where did you get the teacher names? I want the scripts!....it went on even 10 minutes after class and the next class with a police like interrogation.

So yeah, something tells me I'm not getting an A, but I'm happy after all because that's the kind of reaction I want from those types of professors.

Worth it 😎

My first job was actually nontechnical - I was 18 years old and sold premium office furniture for a small store in Munich.
I did code in my free time though (PHP/JS mostly, had a litte browsergame back then - those were the days), so when my boss approached me and asked me whether I liked to take over a coding project, I agreed to the idea.

Little did I know at the time: I was supposed to work with a web agency the boss had contracted to build their online shop. Only that he had no plan or anything, he basically told them "build me an online shop like abc(a major competitor of ours at the time)"

He employed another sales lady who was supposed to manage the shop (that didn't exist yet). In the end, I think 80% of her job was to keep me from killing my boss.

As you can imagine, with this huuuuge amout of planning and these exact visions of what was supposed to be, things went south fast and far. So far that I could visit my fellow flightless birds down in the Penguin's republic of Antarctica and still need to go further.

Well... When my boss started suing the web agency, I was... ahem, asked to take over. Dumb as I was, I did - I was a PHP kid and thought that Magento, being written in PHP, would be easy to master. If you know Magento, you know that was maybe the wrongest thing I ever said.

Fast forward 3 very exhausting months, the thing was online. Not all of it worked yet, but it was online and fairly secure.

I did next to everything myself, administrating the CentOS box the shop was running on, its (own) e-mail server, the web server, all the coding required for the shop (can you spell 12 hour day for 8 hour pay?)

3 further months later, my life basically was a wreck, I dragged myself to work, the only thing I looked forward being the motorcycle ride home. The system worked though.

Mind you, I was still, at the time, working with three major customers, doing deskside support and some admin (Win Server 2008R2 at the time) - because, to quote my boss, "We could not afford a full time developer and we don't need one".

I think i stopped coding in my free time, the one hobby I used to love more than anything on the world, somewhere Decemerish 2012. I dropped out of the open source projects I was in, quit working on my browser game and let everything slide.

I didn't even care to renew the domains and servers for it, I just let it die without notice.

The little free time I had, I spent playing video games and getting drunk/high.

December 2013, 1.5 years on the job, I reached my breaking point and just left, called in sick at least a week per month because I just could not see this fucking place anymore.

I looked for another job outside of ALL of what I did before. No more Magento, no more sales, no more PHP. I didn't have to look for long, despite what I thought of my skills.

In February 2014, I told my boss that I quit. It was still seven months until my new job started, but I wanted him to know early so we could migrate and find a replacement.

The search for said replacement started in June 2014. I had considerably less work in the months before, looks like he got the hint.

In August 2014, my replacement arrived and I got him started.

I found a job, which I am still in, and still happy about after almost half a decade, at a local, medium sized ISP as a software dev and IT security guy. Got a proper training with a certificate and everything now.

My replacement lasted two months, he was external and never really did his job - the site, which until I had quit, had a total of 3 days downtime for 3 YEARS (they were the hoster's fault, not mine), was down for an entire month and he could not even tell why.

HIS followup was kicked after taking two weeks to familiarize himself with the project. Well, I think that two weeks is not even barely enough to familiarize yourself with nearly three years of work, but my boss gave him two days.

In 2016, the shop was replaced with another one. Different shop system, different OS, different CI. I don't know why and I can't say I give a damn.

Almost all the people that worked at the company back with me have left for greener pastures, taking their customers (and revenue) with them.

As for my boss' comments, instructions and lines: THAT might not be safe for work. Or kids. Or humans in general. And there wouldn't be much left if you put it through a language filter...

Moral of the story: No, it's not a bad thing to leave a place if you're mistreated there. Don't mistake loyalty with stupidity!

And, to quote one of my favourite Bands: "Nothing matters when the pain is all but gone" (Tragedy + Time by Rise Against).

Alright, this my fucking rant right here. Distraction? This whole company is a distraction! Boss decided to throw us all in an open work environment doing jobs that require careful concentration. Straight outta college I'm getting handed vague ideas, (make a desktop app that helps our customers put data on the internet, make an iPhone app) with out so much as an inkling of what technologies to use, just make it work.
Ok I will but when you hit a roadblock with very little resources to draw in it's hard to stay focused.
On top of that since I worked in support for a year I'm our senior support person! But sometimes support just doesn't use their brains and I'm using my time to solve very basic problems.
That brings me to my next point, the goddamn piece of shit that is our telephone. Fuck that thing when it rings it's never good. Moreover, since I don't want to get roasted for not being responsive I have the motherfucker forward to my personal cell. So I answer every fucking call and I get so many spam calls!
Not to mention I'm mainly running the hardware show around here. Shits broke I'm the one fixing it. Need new shit I'm putting the order together.
Tried to get a new guy to be the sys admin, ordered a 6th gen board with a 7th gen proc, had to pull 3 machines apart to get that sorted. Then he left bc family issues, and has been gone for weeks.
The other devs are also slam up busy, and the main product is about 15 people's piss on a plate of garb age spaghetti. (I got a lot of shit going on but at least I'm the only one pissing in my spaghetti) it's a constant run around if who does what with a code first plan later mentality causing confusion and delay.
Nobody wants to help anybody because they are also annoyed with this setup and are getting bitched at by customers or management.
Sales is mostly composed of a bunch of crackhead yes men and women who just want a commission and only half know the shit we sell and have sold 15 new features that had not been discussed. But management always says make it happen. In what priority? It's all a priority they say! Wtf.
So yea, then it brings me to me, dealing with this much chaos at work makes it seem like a high amount of chaos in my life is normal. I'm just now learning to control this.
I've had to do a lot of growing up as a person and as a developer. I've went from being the most junior to about the 3rd most seniors and I've no doubt my efforts have contributed to the growth of the company.
I'm a big believer in coding flow, and that it takes at least 15 mins to get in that flow and about 5 seconds to break it. There is no do not disturb on the company chat, everything always on fire it seems.
So fuck a lot of this, but I've done the research and where I'm at is the best opportunity in a 100 mile radius. So I am thankful for this job. Plus I usually win the horror story contest.

So TL;DR the biggest distraction is every fucking thing in this god forsaken place.

Got pulled out of bed at 6 am again this morning, our VMs were acting up again. Not booting, running extremely slow, high disk usage, etc.

This was the 6 time in as many weeks this happened. And always the marching orders were the same. Find the bug, smash the bug, get it working with the least effort. I've dumped hundreds of hours maintaining this broken shitheap of a system, putting off other duties to keep mission critical stations running.

The culprits? Scummy consultants, Windows 10 1709, and Citrix Studio.

Xen Server performed well enough, likely due to its open source origins and Centos architecture.

Whelp. DasSeahawks was good and pissed. Nothing like getting rousted out of bed after a few scant hours rest for patching the same broken system.

DasSeahawks lost his temper. Things went flying. Exorcists were dispatched and promptly eaten.

Enough. No consultants, no analysts, and no experts touched it. No phone calls, no manuals, not even a google search. Just a very pissed admin and his minion declaring blitzkrieg.

We made our game plan, moved the users out, smoked our cigs, chugged monster, and queued a gnu-metal playlist on spotify.

Then we took a wrecking ball to the whole setup. User docs were saved, all else was rm -r * && shred && summon -u Poseidon -beast Land_Cracken.

Started at 3pm and finished just after midnight. Rebuilt all the vms with RDP, murdered citrix studio (and their bullshit licenses), completely blocked Windows 10 updates after 1607, and load balanced the network.

So what do we get when all the experts are fired? Stabbed lightning. VMs boot in less than 10 seconds, apps open instantly, and server resources are half their previous usage state. My VMs are now the fastest stations in our complex, as they should be.

Next to do: install our mxgpu, script up snapshots and heartbeat, destroy Windows ads/telemetry, and setup PDQ. damn its good to be good!

What i learned --> never allow testing to go to production, consultants will fuck up your shit for a buck, and vendors are half as reliable over consultants. Windows works great without Microsoft, thin clients are overpriced, and getting pissed gets things done.

This my friends, is why admins are assholes.

So we are implementing a big and very complete localization management system on my company. The system has great features, indeed, but:

1. We cannot use the browser back button, because it is js and it appears no one cared about it (I am not a js Dev, but you can UAE the back button on my site that has js);

2. It is very customizable, but not intuitive. So you have one million options and you never know where to change what you need;

3. It has a save button everywhere, but most options are saved automatically, so you never know when you need to save. Actually, people from the webapp company use the save button as refresh, once we cannot use the browser refresh button;

4. Combo boxes load the elements while you scroll them, so to scroll to the bottom, you need to keep scrolling several times, waiting it to load the elements;

5. It does not allow you to open more than one tab of it at the same time. So if you need to see more than one information from different items, you need to navigate and wait the loading times to see what you need;

6. Emails are not sent in a different thread. So each action that send emails you need to keep waiting until the emails are sent (sometimes there are several emails sent in one action) to continue using it;

7. They not only store and send back your password by email if you loose it, but, as admin, if I click the button to send the user password to him/her, it keeps a copy of the email with the user password in my sent items;

8. To be able to send emails (they are really necessary), I need to include my SMTP info with login and password. So they have not only the system password saved, but everyone email login and password as well.

I am sure there is more, but I can't remember for now, and we are still trying to figure it out how to back our data, as it appears the only possible backup is their own.

Buffer usage for simple file operation in python.

What the code "should" do, was using I think open or write a stream with a specific buffer size.

Buffer size should be specific, as it was a stream of a multiple gigabyte file over a direct interlink network connection.

Which should have speed things up tremendously, due to fewer syscalls and the machine having beefy resources for a large buffer.

So far the theory.

In practical, the devs made one very very very very very very very very stupid error.

They used dicts for configurations... With extremely bad naming.

configuration = {}
buffer_size = configuration.get("buffering", int(DEFAULT_BUFFERING))

You might immediately guess what has happened here.

DEFAULT_BUFFERING was set to true, evaluating to 1.

Yeah. Writing in 1 byte size chunks results in enormous speed deficiency, as the system is basically bombing itself with syscalls per nanoseconds.

Kinda obvious when you look at it in the raw pure form.

But I guess you can imagine how configuration actually looked....

Wild. Pretty wild. It was the main dict, hard coded, I think 200 entries plus and of course it looked like my toilet after having an spicy food evening and eating too much....

What's even worse is that none made the connection to the buffer size.

This simple and trivial thing entertained us for 2-3 weeks because *drumrolls please* none of the devs tested with large files.

So as usual there was the deployment and then "the sudden miraculous it works totally slow, must be admin / it fault" game.

At some time it landed then on my desk as pretty much everyone who had to deal with it was confused and angry, for understandable reasons (blame game).

It took me and the admin / devs then a few days to track it down, as we really started at the entirely wrong end of the problem, the network...

So much joy for such a stupid thing.

The tale of the asinine Typescript framework guy continues:

>guy makes a framework
>promotes it
>people don't wanna use it because it's mediocre
>doesn't care, he still promotes it
>people started criticizing his framework
>won't listen
>calls his critics haters
>thinks PH tech guys are way behind the world
>says a lot of bad takes in tech himself
>such as NodeJS used as a front-end
>people tryna correct his bad takes
>calls them haters too
>people start complaining
>gets banned in many PH tech communities
>except one
>total windbag in there
>somebody calls him out, explains why they hate him
>he says his framework will be famous and we will all be eating dust
>heckler tells him he is not only the person in the open source community and tells him a famous Filipino open source contributor
>says he doesn't know this famous contributor and he doesn't care
>challenges heckler to confront him face to face
>heckler calls his bluff and gives a place and time to meet
>big guy agrees to meet
>people are clamoring for him to shut up
>admin tells him and the heckler to shut up
>big guy pushes it
>calls the admin (female) a puta (whore)
>gets banned
>goes on Facebook saying that his heckler will not show up in that place despite it being the favorite hangout place of the heckler since 2017
>that he is being banned because of haters
>people call him out on his Facebook posts and he takes them down
>people in the tech community started thrashing his Github with prank forks and PRs
>guy tries to shame them on Facebook
>gets rekt by tech people
>goes on Twitter saying that backward PH devs are oppressing him
>even tagging the famous devs

@marcusignacius I have lost total sympathy for this guy and his framework. Arrogant, petulant, childish, and uncharitable. honestly he brought this on himself.

Somebody honestly slap him this rant on Twitter pretty please.

Windows not powering off when I press the shutdown button.

Mandatory long rant warning

Oh my fucking god, how many times have I lost my shit because of this fucking bullshit.

When I press the shutdown button, I want you to shut the fuck down you sorry excuse for an operating system.

Me and my friends want to hang out together, so I shut down my PC and walk over to their house, expecting an intense session of doing programming stuff and debating linux distros. Whatever the fuck we do when we get together.

I get to their house and pull out my laptop,, only its hot as fuck. And then I see it: the battery indicator is red. "What the balls?" I think to myself. I open the lid, and guess what?
WINDOWS DIDN'T FUCKING SHUT DOWN, AND IT STAYED ON THE POWERING OFF SCREEN ALL THIS FUCKING TIME. WHAT THE FUCK?
Now, my laptop has a bomb ass battery, so I didn't even bring a charger with me, and now I'm fucking stuck at a programming session with friends without a computer. FUCKING BULLSHIT.

If this was a one time thing, I wouldn't have cared so much, but this happened countless fucking times. Too many.

I would have deleted this cum socket of an operating system months ago if it weren't for the Windows exclusive software I need for school, and now that Steam supports games for linux, Windows has even less of an excuse to stay on my fucking laptop.

Windows is supposed be fucking simple, but linux takes it by a goddamn long shot. When I type "shutdown now" or "poweroff", linux shuts the fuck down, no questions asked. And if I ever need root permissions, I just type "sudo" instead of restarting the fucking program and requesting admin privileges.

Most of the software I use is compatible with both MacOS and Windows, and I already have Ubuntu installed on my laptop, so what do you guys think, should I butcher Windows off of my SSD and give MacOS a try?

Also, what is this magic? Ranting actually calmed me the fuck down... I need to start ranting more.

FUCK MICROSOFT AND FUCK WINDOWS, I WISH I COULD BURN TO FUCKING OBLIVION

So recently I installed Windows 7 on my thiccpad to get Hyperdimension Neptunia to run (yes 50GB wasted just to run a game)... And boy did I love the experience.

ThinkPads are business hardware, remember that. And it's been booting Debian rock solid since.. pretty much forever. There are no hardware issues here. Just saying.

With that out of the way I flashed Windows 7 Ultimate on a USB stick and attempted to boot it... Oh yay, first hurdle to overcome. It can't boot in UEFI mode. Move on Debian, you too shall boot in BIOS mode now! But okay, whatever right. So I set it to BIOS mode and shuffled Debian's partitions around a bit to be left with 3 partitions where Windows could stick in one more.

Installed, it asks for activation. Now my ThinkPad comes with a Windows 7 Pro license key, so fuck it let's just use that and Windows will be able to disable the features that are only available for Ultimate users, right? How convenient would that be, to have one ISO for all the half a dozen editions that each Windows release has? And have the system just disable (or since we're in the installer anyway, not install them in the first place) features depending on what key you used? Haha no, this is Microsoft! Developers developers developers DEVELOPERS!!! Oh and Zune, if anyone remembers that clusterfuck. Crackhead Microsoft.

But okay whatever, no activation then and I'll just fetch Windows Loader from my webserver afterwards to keygen my way through. Too bad you didn't accept that key Microsoft! Wouldn't that have been nice.

So finally booted into the installed system now, and behold finally we find something nice! Apparently Windows 7 Enterprise and Ultimate offer a native NFS driver. That's awesome! That way I don't have to adjust my file server at all. Just some fuckery with registry keys to get the UID and GID correct, but I'll forgive it for that. It's not exactly "native" to Windows after all. The fact that it even has a built-in driver for it is something I found pretty neat already.

Fast-forward a few hours and it's time to Re Boot.. drivers from Lenovo that required reboots and whatnot. Fire the system back up, and low and behold the network drive doesn't mount anymore. I've read that this is apparently due to Windows (not always but often) mounting the network drive before the network comes up. Absolutely brilliant! Move out shitstaind, have you seen this beauty of an init Mr. Poet?

But fuck it we can mount that manually after every single boot.. you know, convenient like that. C O P E.

With it now manually mounted, let's watch a movie! I've recently seen Pyro's review on The Platform and I absolutely loved it. The movie itself is quite good too. Open the directory on my file server and.. oh. Windows.. you just put db.thumb on it and db.thumb:encryptable. I shit you not, with the colon and everything. I thought that file names couldn't contain colons Windows! I thought that was illegal in NTFS. Why you doing this in NFS mate? And "encryptable", am I already infected with ransomware??? If it wasn't for the fact that that could also be disabled with something as easy as a registry key, I would've thought I contracted ransomware!

Oh and sound to go with that video, let's pair up some Bluetooth headphones with that Bluetooth driver I installed earlier! Except.. haha nope. Apparently you don't get that either.

Right so let's just navigate the system in its Aero glory... Gonna need to flick the mouse for that. Except it's excruciatingly slow, even the fastest speed is slower than what I'm used to on Linux.. and it's jerky as hell (Linux doesn't have any of that at higher speed). But hey it can compensate for that! Except that slows down the mouse even more. And occasionally the mouse driver gets fucked up too. Wanna scroll on Telegram messages in a chat where you're admin? Well fuck you mate, let me select all these messages for you and auto scroll at supersonic speeds! And God forbid that you press delete with that admin access of yours. Oh maybe I'll do it for you, helpful OS I am!

And the most saddening part of it all? I'd argue that Windows 7 is the best operating system that Microsoft ever released. Yeah. That's the best they could come up with. But at least it plays le games!

I remember the first time working with a Windows 2012 R2 server.
Of some reason I couldn't open Windows Powershell as admin and asked another Dev what to do. His response? Try restarting the server.
Can you imagine the look on my face if I told you I only worked on Linux until that point. How can you seriously make a server OS that needs restarting at all? Is it just me or is that just fucking stupid?

Am I the only developer in existence who's ever dealt with Git on Windows? What a colossal train wreck.

1. Authentication. Since there is no ssh key/git url support on Windows, you have to retype your git credentials Every Stinking Time you push. I thought Git Credential Manager was supposed to save your credentials? And this was impossible over SSH (see below). The previous developer had used an http git URL with his username and password baked in for authentication. I thought that was a horrific idea so I eventually figured out how to use a Bitbucket App password.

2. Permissions errors
In order to commit and push updates, I have to run Git for Windows as Administrator.

3. No SSH for easy git access
Here's where I confess that this is a Windows Server machine running as some form of production. Please don't slaughter me! I am not the server admin.
So, I convinced the server guy to find and install some sort of ssh service for Windows just for the off times we have to make a hot fix in production. (Don't ask, but more common than it should be.)
Sadly, this ssh access is totally useless as the git colors are all messed up, the line wrap length and window size are just weird (seems about 60 characters wide by 25 lines tall) and worse of all I can't commit/push in git via ssh because Permissions. Extremely aggravating.

4. Git on Windows hangs open and locks the index file
Finally, we manage to have Git for Windows hang quite frequently and lock the git index file, meaning that we can't do anything in git (commit, push, pull) without manually quitting these processes from task manager, then browsing to the directory and deleting the .git/index.lock file.

Putting this all together, here's the process for a pull on this production server:
Launch a VNC session to the server. Close multiple popups from different services. Ask Windows to please not "restart to install updates". Launch git for Windows. Run a git pull. If the commits to be pulled involve deleting files, the pull will fail with a permissions error. Realize you forgot to launch as Administrator. Depending on how many files were deleted in the last update, you may need to quit the application and force close the process rather than answer "n" for every "would you like to try again?" file. Relaunch Git as Administrator. Run Git pull. Finally everything works.

At this point, I'd be grateful for any tips, appreciate any sympathy, and understand any hatred. Windows Server is bad. Git on Windows is bad.

JUST OPEN AS THE GODDAMN ADMIN - me everyday

I have a pretty successful project on github

Which I don't think is necessarily my best achievement but all the stuff I do at work is not open

I used the project as a way to learn bash scripting and it kinda caught on.
Sadly I'm not a sys admin or anything I'm more of hardware/embedded engineer but it's still cool to have one of my projects being so used. And I got to learn a little of bash along the way 😁 I now feel super comfortable in a terminal and reading man pages to figure things our which was a skill i lacked previously. I definitely learn better by doing and fixing mistakes along the way

Pentesting for undisclosed company. Let's call them X as to not get us into trouble.
We are students and are doing our first pentest at an actual company instead of assignments at school. So we're very anxious. But today was a good day.
We found some servers with open ports so we checked a few of them out. I had a set of them with a bunch of open ports like ftp and... 8080. Time to check this out.
"please install flash player"... Security risk 1 found!

System seemed to be some monitoring system. Trying to log in using admin admin... Fucking works. Group loses it cause the company was being all high and mighty about being secure af. Other shit is pretty tight though.

Able to see logs, change password, add new superuser, do some searches for USERS_LOGGEDIN_TODAY! I shit you not, the system even had SUGGESTIONS for usernames to search for. One of which had something to do with sftp and auth keys. Unfortunatly every search gave a SQL syntax error. Used sniffing tools to maybe intercept message so we could do some queries of our own but nothing. Query is probably not issued from the local machine.

Tried to decompile the flash file but no luck. Only for some weird lines and a few function names I presume. But decompressing it and opening it in a text editor allowed me to see and search text. No GET or POST found. No SQL queries or name checks or anything we could think of.

That's all I could do for today. So we'll have to think of stuff for next week. We've already planned xss so maybe we can do that on this server as well.

We also found some older network printers with open telnet. Servers with a specific SQL variant with a potential exploit to execute terminal commands and some ftp and smb servers we need to check out next week.

Hella excited about this!

If you guys have any suggestions let us know. We are utter noobs when it comes to this.

How to replace rEFInd bcuz M$ locks linux out of your system if M$ installed first.
-----
This will be long so get your salsa ready.
-----

1. Get your rEFInd from sourceforge
Since we are installing INTO windows, dl the zip.

2. extract to a folder.

2-a-: Install themes if you want any or edit the config if you want/need to, at this stage.

3. open a cmd as Admin and cd to the refind's folder.

4. mount system volume
`mountVol S: /S` will mount it to S:

5. use xcopy to copy as system
`xcopy /E refind-bin-x.xx.x\ S:\EFI\refind`

6tynice: go to System volume and to the refind folder
`S:`
`cd EDI\refind\refind`

7:Set rEFInd as Windows Boot Manager
`bcdedit /set {bootmgr} \EFI\refind\refind\refind_x64.efi`
(It's possible to use ia32 or aa64 for different architectures)

At this point, try plugging a linux thumb drive and restart your computer. Windows Boot Manager should be deactivated and should show refind.
You can use mouse and keyboard to select an OS boot or just set config to start one automatically unless you are holding a "power" button.
rEFInd also offers "fallback" boot for linux, which boots the efi from rEFInd and not from syslinux.

Malwares are nasty applications, that can spy on you, use your computer as an attacker or encrypt your files and hold them on ransom.

The reason that malware exists, is because how the file system works. On Windows, everything can access everything. Of course, there are security measures, like needing administrator permissions to edit/delete a file, but they are exploitable.

If the malware is not using an exploit, nothing is there to stop a user from unknowingly clicking the yes button, when an application requests admin rights.

If we want to stop viruses, in the first place, we need to create a new file-sharing system.

Imagine, that every app has a partition, and only that app can access it.

Currently, when you download a Word document, you would go ahead, start up Word, go into the Downloads folder and open the file.

In the new file-sharing system, you would need to click "Send file to Word" in your browser, and the browser would create a copy of the file in a transfer-partition. Then, it would signal to Word, saying "Hey! Here's a file that I sent to you, copy it to your partition please!". After that, Word just copies the file to its own partition, signals "Ok! I'm done!", and then the browser deletes the file from the shared partition.

A little change in the interface, but a huge change in security.

The permission system would be a better UAC. The best way I can describe it is when you install an app on Android. It shows what permission the app wants, and you could choose to install it, or not to.

Replace "install" with "grant" and that's what I imagined.

Of course, there would be blacklisted permissions, that only kernel-level processes have access to, like accessing all of the partitions, modifying applications, etc.

What do you think?

When you forget to open cmd as admin and it blocks your commands for lack of credentials

Can I please rant? So my Acer Computer started misbehaving and turned my firewall off by itself a few weeks ago. After that, the dumb thing decided to revoke my admin rights, and since I was the ONLY admin, I have zilch admin privileges, can't download any apps, and can't make any new user profiles.

How in the living fu*k am I supposed to do my schoolwork and homework for school on a piece of sh*t computer I paid lots of money for? I have tried the built-in admin trick, and it did NOT work. My other user account I can NOT open, as Windows 10 states that "you need an app to open this".

When the CTO/CEO of your "startup" is always AFK and it takes weeks to get anything approved by them (or even secure a meeting with them) and they have almost-exclusive access to production and the admin account for all third party services.

Want to create a new messaging channel? Too bad! What about a new repository for that cool idea you had, or that new microservice you're expected to build. Expect to be blocked for at least a week.

When they also hold themselves solely responsible for security and operations, they've built their own proprietary framework that handles all the authentication, database models and microservice communications.

Speaking of which, there's more than six microservices per developer!

Oh there's a bug or limitation in the framework? Too bad. It's a black box that nobody else in the company can touch. Good luck with the two week lead time on getting anything changed there. Oh and there's no dedicated issue tracker. Have you heard of email?

When the systems and processes in place were designed for "consistency" and "scalability" in mind you can be certain that everything is consistently broken at scale. Each microservice offers:

1. Anemic & non-idempotent CRUD APIs (Can't believe it's not a Database Table™) because the consumer should do all the work.
2. Race Conditions, because transactions are "not portable" (but not to worry, all the code is written as if it were running single threaded on a single machine).
3. Fault Intolerance, just a single failure in a chain of layered microservice calls will leave the requested operation in a partially applied and corrupted state. Ger ready for manual intervention.
4. Completely Redundant Documentation, our web documentation is automatically generated and is always of the form //[FieldName] of the [ObjectName].
5. Happy Path Support, only the intended use cases and fields work, we added a bunch of others because YouAreGoingToNeedIt™ but it won't work when you do need it. The only record of this happy path is the code itself.

Consider this, you're been building a new microservice, you've carefully followed all the unwritten highly specific technical implementation standards enforced by the CTO/CEO (that your aware of). You've decided to write some unit tests, well um.. didn't you know? There's nothing scalable and consistent about running the system locally! That's not built-in to the framework. So just use curl to test your service whilst it is deployed or connected to the development environment. Then you can open a PR and once it has been approved it will be included in the next full deployment (at least a week later).

Most new 'services' feel like the are about one to five days of writing straightforward code followed by weeks to months of integration hell, testing and blocked dependencies.

When confronted/advised about these issues the response from the CTO/CEO
varies:

(A) "yes but it's an edge case, the cloud is highly available and reliable, our software doesn't crash frequently".
(B) "yes, that's why I'm thinking about adding [idempotency] to the framework to address that when I'm not so busy" two weeks go by...
(C) "yes, but we are still doing better than all of our competitors".
(D) "oh, but you can just [highly specific sequence of undocumented steps, that probably won't work when you try it].
(E) "yes, let's setup a meeting to go through this in more detail" *doesn't show up to the meeting*.
(F) "oh, but our customers are really happy with our level of [Documentation]".

Sometimes it can feel like a bit of a cult, as all of the project managers (and some of the developers) see the CTO/CEO as a sort of 'programming god' because they are never blocked on anything they work on, they're able to bypass all the limitations and obstacles they've placed in front of the 'ordinary' developers.

There's been several instances where the CTO/CEO will suddenly make widespread changes to the codebase (to enforce some 'standard') without having to go through the same review process as everybody else, these changes will usually break something like the automatic build process or something in the dev environment and its up to the developers to pick up the pieces. I think developers find it intimidating to identify issues in the CTO/CEO's code because it's implicitly defined due to their status as the "gold standard".

It's certainly frustrating but I hope this story serves as a bit of a foil to those who wish they had a more technical CTO/CEO in their organisation. Does anybody else have a similar experience or is this situation an absolute one of a kind?

South Africa Release notes version v3.0.2

In 1994 SA underwent one of the biggest system upgrades since 1948. In this new rolling release since the system update called apartheid the system has been annexing resources, locking it down, making it closed source, closing it off community updates and from global updates and minimizing services across the board. On 27 April 1994, the new democratic system update was released with a new system monitor, release resources and balancing efficiency in the system. Though there were remnants of the old code in the system, it was being rewritten by a new generation of users, open source resources were established, giving users the right to choose among themselves how to grow the system , and how to better the experience for all.

In 1999 a new system monitor was created by the users, it wasnt as popular as the ground breaking Madiba release but it was a choice by the community to move forward and grow. The system was stable for a few years, new users were able to develop more on the system, making it more lucrative monetary wise. There were still remnants of the apartheid code but the new generation of developers worked with it making it there own, though they had not yet had admin rights to help change the system, they created a developer culture of their own. A new system resources balancer was introduced called BBEE, that allowed previous disadvantage users more admin rights to other system resources, helping the user base to grow. Though the balancer was biased, and flawed it has helped the system overall to grow and move forward. It has major holes in security and may flood some aspects of the system with more outdated software patches, users have kept it in its system releases until the resource balancer moved the system into a more stable position.

The next interim system monitor release was unexpected, a quiet release that most users did not contribute towards. The system monitor after that nearly brought the system down to a halt, as it was stealing resources from users, using resources for its own gain, and hasn't released any of it back to the system.

The latest user release has been stable. It has brought more interest from users from other countries, it had more monetary advantages than all other releases before. Though it still has flaws, it has tried to balance the system thus far.

Bug report as of 16 Feb 2018
*User experience has been unbalanced since the 1994 release, still leaving some users at a disadvantage.
*The three tier user base that the 1948 release established, creating three main user groups, created a hierarchy of users that are still in effect today, thought the 1994 release tried to balance it out, the user based reversed in its hierarchy, leaving the middle group of users where they were.
*System instability has been at an all time low, allowing users to disable each others accounts, effectively
killing" them off
*Though the infrastructure of the system has been upgraded to global standards ( in some aspects ) expansions are still at an all time low
*Rogue groups of users have been taking most of the infrastructure from established users
*Security services have been heightened among user groups though admins were still able to do as they pleased without being reprimanded
*Female users have been kicked off the system at an alarming rate, the security services have only kicked in recently, but the system admins and system monitor has not done anything about it yet

Bug fixes for a future release:
*Recreating the overall sysadmin team. Removing some admins and bringing others in
*Opening the system more globally to stabilize it more
*Removing and revamping the BBEE system, replacing it with more user documentation, equalizing the user base
*Giving more resources to users that were at a disadvantage during the first release
*Giving the middle group of users more support, documentation and advantages in the system, after removing the security protocols from the user base
*Giving new users who grew up with the post 1994 release more opportunities to help grow the system on a level playing field.
*Establishing the Madiba release principles more efficiently in the current system

I hate that when developing on Windows I need like four different terminals. CMD, MINGW64/Cygwin/MSYS2, PowerShell. Each one has different functionality:
CMD - basic Windows commands
MINGW64 - emulates Linux terminal with frequent Linux commands and great support for Git
Powershell - access Windows COM, .NET etc.

Now there are solutions that attempt to solve this like Cmder (which is just more user-friendly ConEmu). These are console emulators which wrap all these in one window (with multiple tabs). But they are slow as hell. I have to wait like 10 seconds each time I start a terminal in Cmder, because the emulators need to run some huge startup scripts. But I just need to run one command from this one freaking folder!

Eventually I end up having like 30 different terminal windows open, each one different in functionality and each time I need to do something I must think about which terminal I need and in which folder. Furthermore I have to think about whether to run the terminal as administrator, but I usually forget that, so I have to close the terminal and reopen as admin. Why don't you just add something like su or sudo, Microsoft?

This is the story of probably the least secure CMS ever, at least for the size of it's consumer base. I ran into this many years ago, before I knew anything about how websites work, and the CMS doesn't exist anymore, so I can't really investigate why everything behaved so strangely, but it was strange.

This CMS was a kind of blog platform, except only specially authorised users could view it. It also included hosting. I was helping my friend set it up, and it basically involved sending everybody who was authorized a email with a link to create an account.

The first thing my friend got complaints about was the strange password system. The website had two password boxes, with a limit of (I think) 5 characters each. So when creating a account we recomended people simply insert the first 5 characters in the first box, and the rest in the second. I can not really think of a good explanation for this system, except maybe a shitty way to make sure password are at least 5 characters? Anyway, since this website was insecure the password was emailed to you after the account was created. This is not yet the WTF part.

The CMS forced sidebar with navigation, it also showed the currently logged in users. Except for being unreadable due to a colorful background image, there where many strange behaviors. The sidebar would generally stay even when navigating to external websites. Some internal links would open a second identical sidebar right next to the third. Now, I think that the issue was the main content was in an iframe with the sidebar outside it, but I didn't know about iframe's back then.

So far, we had mostly tested on my friends computer, which was logged in as the blog administrator. At some point, we tried testing with a different account. However, the behavior of sidebars was even stranger now. Now internal links that had previously opened a second, identical sidebar opened a sidebar slightly different from the first: One where the administrator was logged in.

We expirimented somewhat, and found that by clicking links in the second sidebar, we could, with only the login of a random user, change and edit all the settings of the site. Further investigation revealed these urls had a ending like ?user=administrator2J8KZV98YT where administrator was the my friends username. We weren't sure of the exact meaning of the random digits at the end, maybe a hash of the password?

Despite my advice, my friend decided to keep using this CMS. There was also a proper way to do internal links instead of copying the address bar, and he put a warning up not to copy links to on the homepage. Only when the CMS shut down did he finally switch to a system where formatting a link wrong could give anybody admin access.

personal projects, of course, but let's count the only one that could actually be considered finished and released.

which was a local social network site. i was making and running it for about three years as a replacement for a site that its original admin took down without warning because he got fed up with the community. i loved the community and missed it, so that was my motivation to learn web stack (html, css, php, mysql, js).

first version was done and up in a week, single flat php file, no oop, just ifs. was about 5k lines long and was missing 90% of features, but i got it out and by word of mouth/mail is started gathering the community back.

right as i put it up, i learned about include directive, so i started re-coding it from scratch, and "this time properly", separated into one file per page.

that took about a month, got to about 10k lines of code, with about 30% of planned functionality.

i put it up, and then i learned that php can do objects, so i started another rewrite from scratch. two or three months later, about 15k lines of code, and 60% of the intended functionality.

i put it up, and learned about ajax (which was a pretty new thing since this was 2006), so i started another rewrite, this time not completely from scratch i think.

three months later, final length about 30k lines of code, and 120% of originally intended functionality (since i got some new features ideas along the way).

put it up, was very happy with it, and since i gathered quite a lot of user-generated data already through all of that time, i started seeing patterns, and started to think about some crazy stuff like auto-tagging posts based on their content (tags like positive, negative, angry, sad, family issues, health issues, etc), rewarding users based on auto-detection whether their comments stirred more (and good) discussion, or stifled it, tracking user's mental health and life situation (scale of great to horrible, something like that) based on the analysis of the texts of their posts...

... never got around to that though, missed two months hosting payments and in that time the admin of the original site put it back up, so i just told people to move back there.

awesome experience, though. worth every second.

to this day probably the project i'm most proud of (which is sad, i suppose) - the final version had its own builtin forum section with proper topics, reply threads, wysiwyg post editor, personal diaries where people could set per-post visibility (everyone, only logged in users, only my friends), mental health questionnaires that tracked user's results in time and showed them in a cool flash charts, questionnaire editor where users could make their own tests/quizzes, article section, like/dislike voting on everything, page-global ajax chat of all users that would stay open in bottom right corner, hangouts-style, private messages, even a "pointer" system where sending special commands to the chat aimed at a specific user would cause page elements to highlight on their client, meaning if someone asked "how do i do this thing on the page?", i could send that command and the button to the subpage would get highlighted, after they clicked it and the subpage loaded, the next step in the process would get highlighted, with a custom explanation text, etc...

dammit, now i got seriously nostalgic. it was an awesome piece of work, if i may say so. and i wasn't the only one thinking that, since showing the page off landed me my first two or three programming jobs, right out of highschool. 10 minutes of smalltalk, then they asked about my knowledge, i whipped up that site and gave a short walkthrough talking a bit about how the most interesting pieces were implemented, done, hired XD

those were good times, when I still felt like the programmer whiz kid =D

as i said, worth every second, every drop of sweat, every torn hair, several times over, even though "actual net financial profit" was around minus two hundred euro paid for those two or three years of hosting.

So i'm currently working on my PiStation..
(look at my previous post if you're interested)
I'm imaging over RetroPie over to the SD card, screw back together the housing, and it boots up fine. As soon as i configured my XBOX-controller i got to the wifi-settings. And when i try to access my wifi, guess what, it doesn't connect to my f**kin wifi. So i double check my wifi-settings in the router i just bought to get over my roommates paranoia (that's a whole another story. Just in short, he's got no idea of IT-security and tries to be an admin, which results in a HUGE amount of bulls**t), confirm that the settings are alright, double check the PSK too, anything is fine. So i go through the whole process again, download the image (from their goddamn slow servers), open up the PiStation, image it over to the SD card, close it back up, anything boots up fine and works, except this f**king wifi. And the thing is, i COULD connect it with a patchcable, but i dont want cables going anywhere through my room. Currently imaging over recalbox OS, will keep you updated. I just want to play some old retro games ._.

Which ons is less risky and which one Is most profitable to succeed ?

0- telling the admin you forgot your password and as he's logging in, sniff his password (you already placed sslstrip)

1- gain access to router using its vulnerabilities and redirect the traffic to a fake page and get the password.

2- exploiting smb port of admin's system and placing a krylogger or stealing his cookies if available

3- brute forcing admin password :/

4- pressing forgot password on admin account and staying close to him and sniff the SMS containing the otp using rtl-sdr (and of course you will be prompted to set a new password)

5- any other way .

Also the website itself is almost secure.
It is using iis 8.5 and windows server 2012
Only open ports are 80 and 443.

Hi devRant!
I'm here asking for your advice!
I'm a MSc student in my mid 20s, I took a gap year to work as an IT consultant and I'm planning on going back to studying, keeping at the same time a part-time job.

I already have some experience as a data engineer, developer and sys admin. I'm also mastering in applied statistics and data science and have a BSc in physics. I'm planning to relocate around Europe. All I want is a salary I can live with and a good work/study/life balance (perhaps work 24-30hrs a week?).

So far I've checked out a few IT jobs website and I've found some suitable positions. Problem is most of them are fulltime.

Where would you search for such a job? Is there any website/portal I should prefer? How would you proceed?
Should I prefer any place in particular (i.e. Northen countries)?

Thank you in advance <3

Note: I know it's a very broad question, that's because I'm open to any piece of advice you are willing to give me