Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "permissions"
My Friend: Dude our Linux Server is not working anymore!
Me: What? What did you do?
My friend: Nothing I swear!
Me: But you were last on it?
My friend: Yes. I just wanted to run a bash file and needed to give it permissions.
Me : WHAT DID YOU ENTER???!
My Friend: Chill man, just this command I found on the internet
chmod -R 600 /
chown -R root:root /
Me: WHY ARE YOU EVEN IN ROOT AND GOD DAMMIT WHY ARE YOU EVEN USING SOME RANDOM COMMAND FROM THE INTERNET. YOU KNOW YOU SHOULD NOT DO THIS OR JUST ASK!
My friend: Ok I did something wrong, how can I fix it?
Me: Did you make a backup or rsync of the server?
My friend: No. I just wanted to run this file.
Me: You holocausted the server. FUCK MY LIFE33
chmod -R 777 /
is not the right way to fix your application permissions issues!!!!!!
sys ad who is not fixing your production server.23
So I maintain a open source PHP app that wraps youtube-dl, providing an UI for it basically. Some guy on a forum DMd me saying it's not working for him. I asked him what php version he used and if the file permissions are correct (the script makes and switches directories, so the permissions can't be root but need to be www-data).
He answers with PHP 7.2 (the newest that's rare) and says the file permissions are correct.
After 2 weeks the problem still persists and ofc I am doubting my code here. We finally get online together and I can use anydesk to work on his machine.
I discovered 2 things.
1) File permissions were just completely wrong.
2) PHP WASN'T EVEN INSTALLED
So what did I learn?
Never trust the user and I am glad that I work as a dev, not as a tech support.10
*permission popup asking for contacts/telephone permissions*
*installs Open Camera*
Really, fucking phone/contact permissions to take pictures?!
Yeah fuck right off.27
My first day in a Linux admin and security course. I went all confident and cocky waiting for some bullshit like "type in your term: ls, cd, pwd, see you tomorrow"
Suddenly the teacher starts to configure lampp, then jumps to bind, and thirty minutes leater , when everyone has their ssl keys under control, I was still struggling to correctly forward my mate. The rest of the day was smooth and easy for those who finished their servers, and there I was, unable to find my own ass in the middle of that mess made of bad assigned permissions and wrong placed addresses. Even worse, he came to me when I asked for help, took my chair and fixed everything in one beautiful single bash line. I started to ask "what's this? Where is that? Is it a config file or a directory?" And with all his patience he keep telling me the obvious answers that where right there at the screen but I couldn't see. Took me two weeks to catch his pace, and another two weeks to understand fully his classes. He never said a word about my terrible first day (first couple weeks). When course finished, I saw he was going to teach a really hard security module, and I signed up without hesitate.6
One reason for tons of android permissions in simple apps.
I recently installed an app that asked for like 12 permissions. The app obviously needed 2 of them. No more.
I was also right next to the guy that made the app and asked him, wtf?!
"We based out app on some other one that needs all that and even though we use just a couple of it's features we can't be bothered to remove the others from the code."
Fuck this guy. Or whoever ordered him to do that.14
My CTO everyone:
"You don't have to assert proper permissions in the backend for this user role, they won't guess the URL anyway. just hide the links"
I am bloody sick of being on my own.
I was the sole dev at the last few jobs I've held, with the exception of API Guy -- who didn't really help much, and who got fired / quit six months after I started. Every other job I've either been the only dev, or the only web dev. (Exception:My boss at my previous job was a Rails dev, but he has zero time to code, and was significantly less experiened so he could only rarely help anyway.)
But now I'm in a company with a bunch of other devs, and they're all ostensibly senior devs, so you'd think I should be able to ask questions, right? And get answers? that actually help? like "Hey, you built this; how does it work?" No bloody way.
So far every time I've asked someone for help, they've been incompetent. I asked about what a few flags did, and got an answer that basically said "you just gotta know. oh, and the labels aren't up to date, so don't trust what they say." I asked the head of the "product team" about a ticket that he wrote, and he changed what it meant four times within two days. I asked about another, and he said "oh, that isn't reproduceable." Thanks. I asked about mailers, and got two very different, very incompete walkthroughs from the more senior devs (9+ years on this codebase) that didn't help. I asked two people about how users and roles work, and still have no idea what kind of user (there are like twelve?) is what, what roles even exist, or how to check for permissions. `@current_user` is a thing, but idfk what it holds since that can change considerably, and there's an impersonation feature that changes how it works, too. I ask the product guy again about where to link something, and he has no idea. I ask said product guy about what this feature needs to do, and he doesn't know. I ask what the legal team needs, and i get nothing. I ask the designer where the goddamn CSS lives, and he doesn't know; he apparently just puts it wherever he feels like, even if it's a completely unrelated stylesheet. As long as it works, right?
I ask very simple and straighforward questions, and it takes them forever to get back to me saying what amounts to "idk, ask someone else."
This feels like the same crap all over again, except now there are a bunch of devs I can ask that give me basically the same answers as the sales people always did. Always "idk" or a confusing mess of an 'answer' that skips most/all of the important bits. At least these people don't [usually] contradict themselves.
So, @Root is all alone, again.
And currounded by incompetence.
For fuck's sake.
Can't I catch a break?21
Dev : Can you change permissions for conf file please ?
Me : Yeah sure, what permissions set do you need ?
Dev : 667
It's maddening how few people working with the internet don't know anything about the protocols that make it work. Web work, especially, I spend far too much time explaining how status codes, methods, content-types etc work, how they're used and basic fundamental shit about how to do the job of someone building internet applications and consumable services.
The following has played out at more than one company:
App: "Hey api, I need some data"
API: "200 (plain text response message, content-type application/json, 'internal server error')"
App: *blows the fuck up
*msg service team*
Me: "Getting a 200 with a plaintext response containing an internal server exception"
Team: "Yeah, what's the problem?"
Me: "...200 means success, the message suggests 500. Either way, it should be one of the error codes. We use the status code to determine how the application processes the request. What do the logs say?"
Team: "Log says that the user wasn't signed in. Can you not read the response message and make a decision?"
Me: "That status for that is 401. And no, that would require us to know every message you have verbatim, in this case, it doesn't even deserialize and causes an exception because it's not actually json."
Team: "Why 401?"
Me: "It's the code for unauthorized. It tells us to redirect the user to the sign in experience"
Team: "We can't authorize until the user signs in"
Me: *angermatopoeia* "Just, trust me. If a user isn't logged in, return 401, if they don't have permissions you send 403"
Team: *googles SO* "Internet says we can use 500"
Me: "That's server error, it says something blew up with an unhandled exception on your end. You've already established it was an auth issue in the logs."
Team: "But there's an error, why doesn't that work?"
Me: "It's generic. It's like me messaging you and saying, "your service is broken". It doesn't give us any insight into what went wrong or *how* we should attempt to troubleshoot the error or where it occurred. You already know what's wrong, so just tell me with the status code."
Team: "But it's ok, right, 500? It's an error?"
Me: "It puts all the troubleshooting responsibility on your consumer to investigate the error at every level. A precise error code could potentially prevent us from bothering you at all."
Team: "How so?"
Me: "Send 401, we know that it's a login issue, 403, something is wrong with the request, 404 we're hitting an endpoint that doesn't exist, 503 we know that the service can't be reached for some reason, 504 means the service exists, but timed out at the gateway or service. In the worst case we're able to triage who needs to be involved to solve the issue, make sense?"
Team: "Oh, sounds cool, so how do we do that?"
Me: "That's down to your technology, your team will need to implement it. Most frameworks handle it out of the box for many cases."
Team: "Ah, ok. We'll send a 500, that sound easiest"
Me: *..l.. -__- ..l..* "Ok, let's get into the other 5 problems with this situation..."
Moral of the story: If this is you: learn the protocol you're utilizing, provide metadata, and stop treating your customers like shit.22
I'm getting ridiculously pissed off at Intel's Management Engine (etc.), yet again. I'm learning new terrifying things it does, and about more exploits. Anything this nefarious and overreaching and untouchable is evil by its very nature.
(tl;dr at the bottom.)
I also learned that -- as I suspected -- AMD has their own version of the bloody thing. Apparently theirs is a bit less scary than Intel's since you can ostensibly disable it, but i don't believe that because spy agencies exist and people are power-hungry and corrupt as hell when they get it.
For those who don't know what the IME is, it's hardware godmode. It's a black box running obfuscated code on a coprocessor that's built into Intel cpus (all Intell cpus from 2008 on). It runs code continuously, even when the system is in S3 mode or powered off. As long as the psu is supplying current, it's running. It has its own mac and IP address, transmits out-of-band (so the OS can't see its traffic), some chips can even communicate via 3g, and it can accept remote commands, too. It has complete and unfettered access to everything, completely invisible to the OS. It can turn your computer on or off, use all hardware, access and change all data in ram and storage, etc. And all of this is completely transparent: when the IME interrupts, the cpu stores its state, pauses, runs the SMM (system management mode) code, restores the state, and resumes normal operation. Its memory always returns 0xff when read by the os, and all writes fail. So everything about it is completely hidden from the OS, though the OS can trigger the IME/SMM to run various functions through interrupts, too. But this system is also required for the CPU to even function, so killing it bricks your CPU. Which, ofc, you can do via exploits. Or install ring-2 keyloggers. or do fucking anything else you want to.
tl;dr IME is a hardware godmode, and if someone compromises this (and there have been many exploits), their code runs at ring-2 permissions (above kernel (0), above hypervisor (-1)). They can do anything and everything on/to your system, completely invisibly, and can even install persistent malware that lives inside your bloody cpu. And guess who has keys for this? Go on, guess. you're probably right. Are they completely trustworthy? No? You're probably right again.
There is absolutely no reason for this sort of thing to exist, and its existence can only makes things worse. It enables spying of literally all kinds, it enables cpu-resident malware, bricking your physical cpu, reading/modifying anything anywhere, taking control of your hardware, etc. Literal godmode. and some of it cannot be patched, meaning more than a few exploits require replacing your cpu to protect against.
And why does this exist?
Ostensibly to allow sysadmins to remote-manage fleets of computers, which it does. But it allows fucking everything else, too. and keys to it exist. and people are absolutely not trustworthy. especially those in power -- who are most likely to have access to said keys.
The only reason this exists is because fucking power-hungry doucherockets exist.27
Me: "Delete this folder"
Windows: "Oki, done."
Me: "How is it still there, F5. Still there! Hey, you forgot to delete this one file. Fix it."
Windows: "Requires permissions."
Me: "Eh, it was my file, but here you are, my admin credentials."
Windows: "None shall pass."
Me: "Wtf, this is my computer. Who owns this file?"
Windows: "No one."
Me: "What do you mean? Oh, time for your reboot pills, ms. Wandows."
Windows: "Noooooo... ... ... Welcome."
Me: "Ha, the file is gone. Glorious victory."
Windows: "It's just a flash wound."
Credit for style: https://mobile.twitter.com/cmurator...4
Worst thing you've seen another dev do? So many things. Here is one...
Lead web developer had in the root of their web application config.txt (ex. http://OurPublicSite/config.txt) that contained passwords because they felt the web.config was not secure enough. Any/all applications off of the root could access the file to retrieve their credentials (sql server logins, network share passwords, etc)
When I pointed out the security flaw, the developer accused me of 'hacking' the site.
I get called into the vice-president's office which he was 'deeply concerned' about my ethical behavior and if we needed to make any personnel adjustments (grown-up speak for "Do I need to fire you over this?")
Me:"I didn't hack anything. You can navigate directly to the text file using any browser."
Dev: "Directory browsing is denied on the root folder, so you hacked something to get there."
Me: "No, I knew the name of the file so I was able to access it just like any other file."
Dev: "That is only because you have admin permissions. Normal people wouldn't have access"
Me: "I could access it from my home computer"
Dev:"BECAUSE YOU HAVE ADMIN PERMISSIONS!"
Me: "On my personal laptop where I never had to login?"
VP: "What? You mean ...no....please tell me I heard that wrong."
Dev: "No..no...its secure....no one can access that file."
VP: "Hmmm...I can see the system administration password right here. This is unacceptable."
Dev: "Only because your an admin too."
VP: "I'll head home over lunch and try this out on my laptop...oh wait...I left it on...I can remote into it from here"
VP: "OMG...there it is. That account has access to everything."
<in an almost panic>
Dev: "Only because it's you...you are an admin...that's what I'm trying to say."
Me: "That is not how our public web site works."
VP: "Thank you, but Adam and I need to discuss the next course of action. You two may go."
<Adam is her boss>
Not even 5 minutes later a company wide email was sent from Adam..
"I would like to thank <Dev> for finding and fixing the security flaw that was exposed on our site. She did a great job in securing our customer data and a great asset to our team. If you see <Dev> in the hallway, be sure to give her a big thank you!"
The "fix"? She moved the text file from the root to the bin directory, where technically, the file was no longer publicly visible.
That 'pattern' was used heavily until she was promoted to upper management and the younger webdev bucks (and does) felt storing admin-level passwords was unethical and found more secure ways to authenticate.7
Waking up, feeling like I have a cold I sit down at my computer and see that my biggest client has asked for a minor change. I haven't had my coffee yet, but I can do what they're asking for in a minute. The site is *gone*. Just a permissions error. Have they been hacked?! Why hasn't the client called me?! The files are there and no changes have been made. It doesn't come up on any browser. 10 panicked minutes later I check it on my phone. It comes up. Wait a minute ... While editing /etc/hosts yesterday I'd accidentally uncommented a line for this site that I'd foolishly left in there. One character later my false alarm is solved. I'm getting my damned coffee now.1
***Interviewing potential sys admins so us devs don't have to build everything and run everything***
Coworker: Do you know how to use cron and cron jobs?
Candidate: Yes I'm familiar with setting up users and permissions.
Boss: We will give you a call have a good day.
If you had just admitted you didn't know but we thought you could learn we might have been open to teaching you but brazenly acting like you know something when you don't is dangerous if you're running a multi thousand user production system.3
Was asked to check the sales team server as it was running slow.
Apart from redundant processes and users with too much permissions I found a "Cobol" folder under one of the sales team member's home folder.
If it weren't the sales people I would immediately disregard this as trolling but with them it's quite possible that this is a real attempt to learn programming...
...most likely from the facebook ads with the hooded guys that offer to teach you to code in 10 days for $800.7
Every step of this project has added another six hurdles. I thought it would be easy, and estimated it at two days to give myself a day off. But instead it's ridiculous. I'm also feeling burned out, depressed (work stress, etc.), and exhausted since I'm taking care of a 3 week old. It has not been fun. :<
I've been trying to get the Google Sheets API working (in Ruby). It's for a shared sales/tracking spreadsheet between two companies.
The documentation for it is almost entirely for Python and Java. The Ruby "quickstart" sample code works, but it's only for 3-legged auth (meaning user auth), but I need it for 2-legged auth (server auth with non-expiring credentials). Took awhile to figure out that variant even existed.
After a bit of digging, I discovered I needed to create a service account. This isn't the most straightforward thing, and setting it up honestly reminds me of setting up AWS, just with less risk of suddenly and surprisingly becoming a broke hobo by selecting confusing option #27 instead of #88.
I set up a new google project, tied it to my company's account (I think?), and then set up a service account for it, with probably the right permissions.
After downloading its creds, figuring out how to actually use them took another few hours. Did I mention there's no Ruby documentation for this? There's plenty of Python and Java example code, but since they use very different implementations, it's almost pointless to read them. At best they give me a vague idea of what my next step might be.
I ended up reading through the code of google's auth gem instead because I couldn't find anything useful online. Maybe it's actually there and the past several days have been one of those weeks where nothing ever works? idk :/
But anyway. I read through their code, and while it's actually not awful, it has some odd organization and a few very peculiar param names. Figuring out what data to pass, and how said data gets used requires some file-hopping. e.g. `json_data_io` wants a file handle, not the data itself. This is going to cause me headaches later since the data will be in the database, not the filesystem. I guess I can write a monkeypatch? or fork their gem? :/
But I digress. I finally manged to set everything up, fix the bugs with my code, and I'm ready to see what `service.create_spreadsheet()` returns. (now that it has positively valid and correctly-implemented authentication! Finally! Woo!)
I open the console... set up the auth... and give it a try.
... six seconds pass ...
... another two seconds pass ...
... annnd I get a lovely "unauthorized" response.
> Pic related.22
Less a rant, more just a sad story.
Our company recently acquired its sister company, and everyone has been focused on improving and migrating their projects over to our stack.
There's a ton of material there, but this one little story summarizes the whole very accurately, I think. (Edit: two stories. I couldn't resist.)
There's a 3-reel novelty slot machine game with cards instead of the usual symbols, and winnings based on poker-like rules (straights and/or flushes, 2-3 of a kind, etc.) The machine is over a hundred times slower than the other slot machines because on every spin it runs each payline against a winnings table that exhastively lists every winning possibility, and I really do mean exhaustively. It lists every type of win, for every card, every segment for straights, in every order, of every suit. Absolutely everything.
And this logic has been totally acceptable for just. so. long. When I saw someone complaining in dev chat about how much slower it is, i made the bloody obvious suggestion of parsing the cards and applying some minimal logic to see if it's a winning combination. Nobody cared.
Ten minutes later, someone from the original project was like "Hey, I have an idea, why don't we do it algorithmically to not have a 4k line rewards table?"
He seriously tried stealing a really bloody obvious idea -- that he hadn't had for years prior -- and passing it off as his own. In the same chat. Eight messages below mine. What a derpballoon.
I called him out on it, and he was like "Oh, is that what you meant by parsing?" 🙄
Someone else leaped in to defend the ~128x slower approach, saying: "That's the tech we had." You really didn't have a for loop and a handful of if statements? Oh wait, you did, because that's how you're checking your exhaustive list. gfj. Abysmal decisions like this is exactly why most of you got fired. (Seriously: these same people were making devops decisions. They were hemorrhaging money.)
But regardless, the quality of bloody everything from that sister company is like this. One of the other fiascos involved pulling data from Facebook -- which they didn't ever even use -- and instead of failing on error/unexpected data, it just instantly repeated. So when Facebook changed permissions on friends context... you can see where this is going. Instead of their baseline of like 1400 errors per day, which is amazingly high, it spiked to EIGHTEEN BLOODY MILLION PER DAY. And they didn't even care until they noticed (like four days later) that it was killing their other online features because quite literally no other request could make it out. More reasons they got fired. I'm not even kidding: no single api request ever left the users' devices apart from the facebook checks.
That's absolutely amazing.9
Start a development job.
Boss: "let's start you off with something very easy. There's this third party we need data from. They have an api, just get the data and place it on our messaging bus."
Me: "sure, sounds easy enough"
Third party api turns out to have the most retarded conversation protocol. With us needing a service to receive data on while also having a client to register for the service. With a lot of timed actions like, 'send this message every five minutes' and 'check whether our last message was sent more than 11 minutes ago'.
Due to us needing a service, we also need special permissions through the company firewall. So I have to go around the company to get these permissions, FOR EVERY DATA STREAM WE NEED!
But the worst of it all is... This whole api is SOAP based!!
Also, Hey DevRant!5
A faster, better YouTube they said, 'YouTube needs permissions to Contacts, Location, SMS, Microphone, Device ID and information', they said. :/
I'm good with a slower, worse YouTube.22
> Customer logs Jira ticket claiming app is not working
< I restart the app, investigate and explain tht their server has issues
ø Client closes the ticket as Resolved
-- a couple of days pass by ---
> Customer logs Jira ticket claiming app is not working
< I restart the app, investigate and explain tht their server has issues
ø Client closes the ticket as Resolved
-- a couple of days pass by ---
> Customer logs Jira ticket claiming app is not working
< I restart the app, investigate and explain tht their server has issues
ø Client closes the ticket as Resolved
-- a couple of days pass by ---
< I log a JIRA ticket explaining what and how is wrong with the server with suggestions how to fix the problem so the app will not crash any longer (client own the server, has his own sysadmins -- I don't even had permissions to open syslog.. had to hack dmesg on their PROD server to pin-point the issue)
> no reaction from customer for weeks. I ping the ticket
× app crashes again
> no reaction from customer for weeks. I ping the ticket
> customer leaves a comment that their sysadmins are looking at it trying to figure out what might be wrong (ignoring what I wrote in ticket's description??? srsly?)
× app crashes again
< I post detail investigation details: snips from logs, screenshots, everything with crystal clear explanations.
> no reaction for weeks
well that's fun..6
Me: Hey, Android, how do I do [abc]?
Android: Oh, that's actually quite easy! All you need is permissi..
Me: Oh, you know what, nevermind. I'd rather fuck an industrial fan.5
It's enough. I have to quit my job.
December last year I've started working for a company doing finance. Since it was a serious-sounding field, I tought I'd be better off than with my previous employer. Which was kinda the family-agency where you can do pretty much anything you want without any real concequences, nor structures. I liked it, but the professionalism was missing.
Turns out, they do operate more professionally, but the intern mood and commitment is awful. They all pretty much bash on eachother. And the root cause of this and why it will stay like this is simply the Project Lead.
The plan was that I was positioned as glue between Design/UX and Backend to then make the best Frontend for the situation. Since that is somewhat new and has the most potential to get better. Beside, this is what the customer sees everyday.
After just two months, an retrospective and a hell lot of communication with co-workers, I've decided that there is no other way other than to leave.
I had a weekly productivity of 60h+ (work and private, sometimes up to 80h). I had no problems with that, I was happy to work, but since working in this company, my weekly productivity dropped to 25~30h. Not only can I not work for a whole proper work-week, this time still includes private projects. So in hindsight, I efficiently work less than 20h for my actual job.
The Product lead just wants feature on top of feature, our customers don't want to pay concepts, but also won't give us exact specifications on what they want.
Refactoring is forbidden since we get to many issues/bugs on a daily basis so we won't get time.
An re-design is forbidden because that would mean that all Screens have to be re-designed.
The product should be responsive, but none of the components feel finished on Desktop - don't talk about mobile, it doesn't exist.
The Designer next to me has to make 200+ Screens for Desktop and Mobile JUST so we can change the primary colors for an potential new customer, nothing more. Remember that we don't have responsiveness? Guess what, that should be purposely included on the Designs (and it looks awful).
I may hate PHP, but I can still work with it. But not here, this is worse then any ecommerce. I have to fix legacy backend code that has no test coverage. But I haven't touched php for 4 years, letalone wrote sql (I hate it). There should be no reason whatsoever to let me do this kind of work, as FRONTEND ARCHITECT.
After an (short) analysis of the Frontend, I conclude that it is required to be rewritten to 90%. There have been no performance checks for the Client/UI, therefor not only the components behave badly, but the whole system is slow as FUCK! Back in my days I wrote jQuery, but even that shit was faster than the architecuture of this React Multi-instance app. Nothing is shared, most of the AppState correlate to other instances.
The Backend. Oh boy. Not only do we use an shitty outated open-source project with tons of XSS possibillities as base, no we clone that shit and COPY OUR SOURCES ON TOP. But since these people also don't want to write SQL, they tought using Symfony as base on top of the base would be an good idea.
Generally speaking (and done right), this is true. but not then there will be no time and not properly checked. As I said I'm working on Legacy code. And the more I look into it, the more Bugs I find. Nothing too bad, but it's still a bad sign why the webservices are buggy in general. And therefor, the buggyness has to travel into the frontend.
And now the last goodies:
- Composer itself is commited to the repo (the fucking .phar!)
- Deployments never work and every release is done manually
- We commit an "_TRASH" folder
- There is an secret ongoing refactoring in the root of the Project called "_REFACTORING" (right, no branches)
- I cannot test locally, nor have just the Frontend locally connected to the Staging webservices
- I am required to upload my sources I write to an in-house server that get's shared with the other coworkers
- This is the only Linux server here and all of the permissions are fucked up
- We don't have versions, nor builds, we use the current Date as build number, but nothing simple to read, nonono. It's has to be an german Date, with only numbers and has always to end with "00"
- They take security "super serious" but disable the abillity to unlock your device with your fingerprint sensor ON PURPOSE
My brain hurts, maybe I'll post more on this shit fucking cuntfuck company. Sorry to be rude, but this triggers me sooo much!2
The file don't have permissions to do that
Fu*k it chmod 777 script.sh
Haha now you have permissions 😁😁😁6
"I need these permissions that J has"
J has those permissions because he worked on a different team that was granted those, you do not.
"I need it"
"I need it"
Its not within my power to allow you access, you have to talk with R and M.
"Okay well guess what I'm gonna escalate this up thr chain and its gonna come down on you"
*sigh* what do i do when i literally have no authority to give someone something and am clearly doing my jobb right, but someone thinks they can get me... idk... in trouble? Threaten me??? Logic, meet the window5
At a precious employer.
Hire shit-hot contractor.
No technical test at interview stage because he’s so shit-hot.
Is a uni lecturer.
PhD in mathematics.
Me: Shit, this guy must be good!
6 months later and a tragedy of errors and clearly misspent company funds later:
Manager: can you look at what x did and merge it into the product?
Me: Sure. *looks* *yells fuck very loudly*
*walks over to manager*
“Soooo... you know those 6 months and thousands and thousands you spent? It’s all for nought. There’s barely anything there, and none of it works.”
Manager: “Shit. What are we going to do? Can you fix it?”
Me: “To be honest, it would be quicker to just do it from scratch than try to work out what he’s done and failed to do.”
Manager: “Fuck. Ok. Go for it.”
I then had to build this entire new lot of systems, a workflow system, a user management and permissions system.
I got it done inside a month or so.
For context, we (the devs) knew something was afoot when the contractor couldn’t work out why his keyboard wasn’t working (it wasn’t plugged in), and he also *really* struggled to find his way around visual studio and git.
The moral of this tale? *always always* screen your candidates. Even if they seem amazing on paper.15
Unaware that this had been occurring for while, DBA manager walks into our cube area:
DBAMgr-Scott: "DBA-Kelly told me you still having problems connecting to the new staging servers?"
Dev-Carl: "Yea, still getting access denied. Same problem we've been having for a couple of weeks"
DBAMgr-Scott: "Damn it, I hate you. I got to have Kelly working with data warehouse project. I guess I've got to start working on fixing this problem."
Dev-Carl: "Ha ha..sorry. I've checked everything. Its definitely something on the sql server side."
DBAMgr-Scott: "I guess my day is shot. I've got to talk to the network admin, when I get back, lets put our heads together and figure this out."
Me: "A permissions issue on staging? All my stuff is working fine and been working fine for a long while."
Dev-Carl: "Yea, there is nothing different about any of the other environments."
Me: "That doesn't sound right. What's the error?"
Me: "No, the actual exception, never mind, I'll look it up in Splunk."
<in about 30 seconds, I find the actual exception, Win32Exception: Access is denied in OpenSqlFileStream, a little google-fu and .. >
Me: "Is the service using Windows authentication or SQL authentication?"
Dev-Carl: "SQL authentication."
Me: "Switch it to windows authentication"
<Dev-Carl changes authentication...service works like a charm>
Dev-Carl: "OMG, it worked! We've been working on this problem for almost two weeks and it only took you 30 seconds."
Me: "Now that it works, and the service had been working, what changed?"
Dev-Carl: "Oh..look at that, Dev-Jake changed the connection string two weeks ago. Weird. Thanks for your help."
<My brain is screaming "YOU NEVER THOUGHT TO LOOK FOR WHAT CHANGED!!!"
Me: "I'm happy I could help."4
*Downloads 1 crate using cargo*
You are out of storage, please delete some files otherwise your computer might crash.
*Removes rust and cargo*
48% storage remaining
WHAT. THE. FU**??15
N e v e r, fucking e v e r chmod/ chown permissions recursive on the linux /etc folder❗
I did yesterday (, because I am fucking dumb and know little about linux systems) and got the result today. My whole mailserver wasn't working.
After fucking tons of googling and searching and log-digging I found that postfix and opendkim require specific permissions on their respective folders and files.
After changing a fucking amount of permissions on those fucking files the fucking mailserver worked and I can send and receive mails, now. 😤😤😤
What a torture. Lesson learned. Never will repeat this mistake.16
When you type chmod 777 / instead of chmod 777 ./ on an AWS EC2 instance and have to unmount the volume attach it to a new instance reconfigure the permissions unmount it and connect it back to the original instance :)5
This guy has a weird sense of system security if he thinks an SSH MOTD will keep unauthorised people away. Because you know, setting SSH permissions would be too sensible.15
Disclaimer: I do not hate indian developers. There are always really good developers from india, its just my luck for not being to work with any of them.
There's this company that my current employer hired them to develop this web application together.
I managed to develop a module for the application, and I wrote some test cases for the module I was working on.
Each time I commit my work to our staging branch, I'll always run the test cases to make sure I didn't break any existing functionalities.
As they do not have permissions to commit directly to the staging branch, they a required to submit a PR for me to review, before merge them.
I've reminded them to run my test cases to make sure whatever their team has developed, doesn't break my modules. But i'm pretty sure, they never did.
Monkeys: hey, we have submitted multiple PRs for to fix some issues, can you merge them?
Me: did you run my test cases to make sure your changes didn't break anything? (You just have to run `phpunit` on the root project directory)
Me: can you guys run them? Make sure they all passing.
Monkeys: *ran command*
Monkeys: we ran the test cases, and there are some errors.
Me: then fix them.
Monkeys: but they are your work, and we do not wish to make any changes to your work.
Fuck this shit. So they broke stuff that I coded, but I have to fix the stuff?23
The PCs in our school have a software called "Dr. Kaiser" which purpose is to prevent changes to the disk. I thought it's working like DeepFreeze for OSX devices; having a copy-on-write feature or something like that. One day a friend of mine (kinda newbie in hacking) said he wanted to create a backdoor in the system so you can login as the local administrator of the device. He replaced the "sethc.exe" in the windows directory with cmd.exe on a live distro and claimed it was working perfectly. It turned out that "Dr. Kaiser" is indeed loading the default image on startup, but doesn't verify checksums for system files (and also doesn't include the files in the default image). Long story short: You now can open a cmd with System permissions on every PC in the building.
This. Is. Stupid. It should be forbidden to sell this software 😖6
So I made an android app for a client. It's a newspaper type of app for the clients webpage, as he has a lot of traffic on it and about 50-51% is from mobile. Which is all good an everything.
And so I've been working on it for a while now as it wasn't a primary focus, more of a like side project.
I was able to make full working build (publish ready) and sent it to the client for a review.
After about an hour I received an email saying that the app is requesting too many permissions from the user. So I started looking trough my manifest file and all of the 3rd party libs to see what were those permissions.
Well, when I finally installed the app on a physical device and looked trough the permissions in the settings all I found were permissions for the internet and prevent the phone from sleeping.
After asking the client to tell me in detail which permissions raised concerns he told me it were those 2 and if they could be removed.
So I just wasted an hour of my life trying to explain why the app that is losing content from the internet needs internet permissions.
Fml and ignorant people who think they know everything and won't accept anything else.
And all of this because he read on some click bait website how a "real" app doesn't need any permissions and every other is just trying to steal all of your data and money.2
I was called over by a colleague. She needed help because her computer kept telling her that she did not have permission to run certain programs or access certain files.
She logged in to Windows in front of me. The first thing that I noticed that the username was her office email address. I asked her about it.
Me: Why is your username your email address?
Her: It was this way when I got it.
Me: That is impossible. I made every Windows installation here and I always use the same username which is [companyname] as it is our policy.
Her: I'm telling you, this is the way it was when I got it.
Me: Are completely sure?
Her: Well.... someone else must have renamed it.
Me: So someone fired up your laptop, used your password to log in and changed the username to your email?
Her: I don't understand it either. Is it possible that it happened accidentally, on its own?
Then I explained to her that changing the username on Windows 10 may result in problems with file permissions.
I am not mad because she didn't know about this. I am mad because of her idiotic lies.6
Okay we have users and groups. Users have roles, roles have permissions, but groups can also have roles or permissions. Clients have users and these client-users can have special kinds of permissions. Now we need to add projects which have pages and special project users who manage the projects, but only the client-users can set rights for which project owners can manage pages. Pages are coupled to roles, and assigned to workflows, unless the client-user already had the permission to... wait where are you going?"
Me: "Fetching a new SSD. I ran out of hard disk space trying to model the database design. Could you please start from the top when I get back?"5
accedently used chmod on chmod so i no longer had permissions to chmod.
thank goodness for remote server images.5
Trying to exit a bash script with 'halt'
on a friday afternoon
ran w/ root
on a internal prod-vm
which I did not had the permissions to turn on again5
Dev: Can you please tell me why you changed this?
Me: Because we need to handle permissions in the app. The quickest way of doing it, according to the docs, is [insert change log here]
Dev: But we can just check for the user's token.
Me: That's not exactly a permission, because...
Dev: I was only showing the information related to the user according to their token.
Me: I understand. But that means you're filtering data, not authorising users to access it. If a user is logged in, but changes query parameters, they can still access data they shouldn't be able to.
Le me then proceeds to try to push my changes (that took the whole day to implement), gets a "you need to pull first" message from git, doesn't understand why, logs onto GitHub and realises dev has implemented their "permissions".
I was the one responsible for making those changes. Le dev was meant to be doing other things.
How do I even begin to explain?7
Introducing the first (open source) devRant Discord Bot.
- Bot specific permissions
- devrant@<devRant username>
- devrant#<devRant randId>
- !help (Help command)
More features will come soon!
Do not change your '/usr' permissions.
A linux user who's been fucked up(twice) doing this because he wanted to install a fucking font.4
When a colleague left their computer without logging out, I created a shortcut to internet explorer, named it Google Chrome, and changed the icon to Chrome's icon. I couldn't remove Chrome's shortcut from the desktop or modify it because I didn't have permissions, so I turned of icon snapping and dragged it off the screen. I also replaced Chrome in the task bar with my fake icon. I then set the Internet Explorer to open a bunch of useless pages when it opens, set it to the default browser, and changed the search engine to Yahoo!18
Mid-Friday: Boss: Start programming this application.
Me: Cool, how will it be setup? what lang-
Boss: Everything's already setup, just start programming in PHP. Check in and make sure it's done by Wednesday morning before 9.
Me: Cool, it's done. Had some trouble with connecting our database to the clients, some permissions were conflicting.
Boss: Now I need you to pull it, publish it to our other azure portal, change it to ASP.NET Core 2.1 MVC and install it to teams. Also change the database to MySQL.
Me: I thought everything was already setup.
Boss: things change.
*Pulls an all nighter*
Me: Something isn't right...
Me*hasn't slept yet*: It's done.
Boss: Why do you look so tired?
Me: I was working last night
Boss: Well you shouldn't do that.
Me: The deadline is today. only way it was going to get done before 9 was to do it last night.
Boss: Doesn't matter.
Boss: it was easy, no hassle, it's up and running.
Me: no hassle?8
I removed mic permission from Google and Google play Services, and now Everytime I make a call, I get this notification. wtf. Is Google listening to my calls or what.
Any devs here who know why tf does play services requires mic while I am making a call...?21
If I read a plugin description claiming that 777 permissions are required for it to work I swear I am going to fucking punch that idiot "developer" in the face and make sure they never touch a computer again.
If you don't understand the concept of unix system permissions then stay the fuck away from anything related to it and start a carreer at the car wash instead of cluttering the web with your bullshit.4
We have 2 layers of testing environments and production.
I tested the changes on the 1st layer, bud since it was 5min to lunch i did not test on 2nd layer which is connected to the production DB. I pushed to production and caused 5+ websites to go full retard and went to lunch.
Came back to 19emails and 3+ skype msgs about "why the fck would you do that..."
Estimated damages nearly 20k EUR and i lost some permissions for two weeks, but my great boss helped me out and cheered me up by telling stories how he took down multiple servers too
plot twist: im the team leader of our office now :)5
I accidentally surpassed(?) my user permissions and closed some of my classmates browsers and locked up a terminal for me
In school we have 2 primary operating systems: Windows and Ubuntu. Windows is hell in general and but not as hell as the firefox installation on Ubuntu.
"Just loaded this page. Now wait half a minute so that I can render it"
"Woah, woah, woah. Slow there. You just made an input event. Give me those 5 seconds to compute what you just did"
Executing "top" or "htop" shows you a long list of firefox processes with a cpu usage of 99.9%, since the whole school shares that linux environment.
Anyway, one day it was way more servere than normally and I way forced to kill my firefox instances. So I pressed CTRL+ALT+T for that terminal, waited 5 minutes until it accepted input typed "killall firefox" with a delay of half a minute per character and smahed that enter key.
At this very point in time I could hear confusion from every corner of the room. "What happened to firefox?"
Around 30% of the opened browsers where abruptly stopped. I looked back to my screen noticed I was logged out. I couldn't login from that terminal for the rest of that day.
Our network admin, which happened to be there, since the server is just next door, said that this was just convenience, but the timing was too perfect so I heighly doubt that.
I felt like a real hackerman even if it was by accident :)8
New position at work. Lots of power in regards to tech stacks of my choice.
I feel like Neo.
First project was finished in a week using Clojure. A basic application that would automate the process of adding our students into a particular active directory system in which many other things happen at the same time including updates to pins and other shit as well as networking and wifi permissions. Works fast as fuuuuuuuuuck, the alternative existed(somewhat) in php and while there was nothing wrong other than speed I wanted to show the head of my department what i could do.
It was anticlimactic as fuck. I thought it was gonna take me longer. It fucking didn't and i am glad as shit. It is now working like an absolute powerhouse in its own environment and being monitored by the sys admins, they loved how easy it was to deploy and how well behaved it is.
The head of the department is impressed as fuck and the board of directors got a hold of it. Reason being that I am being displayed as some sort of wizard that used ancient alien tech in the 21st century.
Fuck yes, major win.
I also get to add Clojure to my resumee. Hod even said that if needed be they will rethink my salary to add the fact that i get to use this tech where no one else can.11
My company just migrated our mail servers over to office365. My boss has been excited and could barely contain himself when the migration was done he was having the best day ever after he got a good deal on some new toys...Then I ruined it.
Me (setting up) > WTF!? um...well I guess I don't have email on my phone anymore. These permissions are fucked.
Him > Oh why?
Me > They are ridiculous, I won't give away this much control just to read email.
Him (panicking) > and if buy you a company phone?
Me > Not a fuck it's still a personal device. I'll just sandbox the web version.
Him > Your over reacting, they obviously need them for security blah blah...
Me (sends him the pic) > The minimum system requirement is internet.
I feel kinda bad for killing his vibe - he's a nice guy and he's only trying to do right by us but now he seems down like his toy isn't shiny anymore because he respects me. I wasn't beating on the stack or his choice (mines running on thunderbird). I just can't support this trend of GOD mode permissions for email / calculator and other single feature apps. I'll use the web app instead. You have to draw the line somewhere...
On the other hand I can't deny that I'm loving the irony that Microsoft just made my life easier and have a deep sense of satisfaction that for the first time ever I got fuck up his Friday :/21
So sometime back I was working as an android developer for a startup managed by a guy who wasn't much of a techie. The team wanted a share image to facebook option in the app, which required FB SDK integration into the app, which in turn will increase the app size and request more permissions. On discussing this with them and asking for the app secrets, they said that I'm being ridiculous, and denied me from giving the app secrets, citing the reason 'They're called secrets for a reason'.3
So I have seen this quite a few times now and posted the text below already, but I'd like to shed some light on this:
If you hit up your dev tools and check the network tab, you might see some repeated API calls. Those calls include a GET parameter named "token". The request looks something like this: "https://domain.tld/api/somecall/..."
You can think of this token as a temporary password, or a key that holds information about your user and other information in the backend. If one would steal a token that belongs to another user, you would have control over his account. Now many complained that this key is visible in the URL and not "encrypted". I'll try to explain why this is, well "wrong" or doesn't impose a bigger security risk than normal:
There is no such thing as an "unencrypted query", well besides really transmitting encrypted data. This fields are being protected by the transport layer (HTTPS) or not (HTTP) and while it might not be common to transmit these fields in a GET query parameter, it's standard to send those tokens as cookies, which are as exposed as query parameters. Hit up some random site. The chance that you'll see a PHP session id being transmitted as a cookie is high. Cookies are as exposed as any HTTP GET or POST Form data and can be viewed as easily. Look for a "details" or "http header" section in your dev tools.
Stolen tokens can be used to "log in" into the website, although it might be made harder by only allowing one IP per token or similar. However the use of such a that token is absolut standard and nothing special devRant does. Every site that offers you a "keep me logged in" or "remember me" option uses something like this, one way or the other. Because a token could have been stolen you sometimes need to additionally enter your current password when doings something security risky, like changing your password. In that case your password is being used as a second factor. The idea is, that an attacker could have stolen your token, but still doesn't know your password. It's not enough to grab a token, you need that second (or maybe thrid) factor. As an example - that's how githubs "sudo" mode works. You have got your token, that grants you more permissions than a non-logged in user has, but to do the critical stuff you need an additional token that's only valid for that session, because asking for your password before every action would be inconvenient when setting up a repo
I hope this helps understanding a bit more of this topic :)
Keep safe and keep asking questions if you fell that your data is in danger
Well... I had in over 15 years of programming a lot of PHP / HTML projects where I asked myself: What psychopath could have written this?
(PHP haters: Just go trolling somewhere else...)
In my current project I've "inherited" a project which was running around ~ 15 years. Code Base looked solid to me... (Article system for ERP, huge company / branches system, lot of other modules for internal use... All in all: Not small.)
The original goal was to port to PHP 7 and to give it a fresh layout. Seemed doable...
The first days passed by - porting to an asset system, cleaning up the base system (login / logout / session & cookies... you know the drill).
And that was where it all went haywire.
I really have no clue how someone could have been so ignorant to not even think twice before setting cookies or doing other "header related" stuff without at least checking the result codes...
Basically the authentication / permission system was fully fucked up. It relied on redirecting the user via header modification to the login page with an error set in a GET variable...
Uh boy. That ain't funny.
Ported to session flash messages, checked if headers were sent, hard exit otherwise - redirect.
But then I got to the first layers of the whole "OOP class" related shit...
It's basically "whack a mole".
Whoever wrote this, was as dumb and as ignorant to build up a daisy chain of commands for fixing corner cases of corner cases of the regular command... If you don't understand what I mean, take the following example:
Permissions are based on group (accumulation of single permissions) and single permissions - to get all permissions from a user, you need to fetch both and build a unique array.
Well... The "names" for permissions are not unique. I'd never expected to be someone to be so stupid. Yes. You could have two permissions name "article_search" - while relying on uniqueness.
All in all all permissions are fetched once for lifetime of script and stored to a cache...
To fix this corner case… There is another function that fetches the results from the cache and returns simply "one" of the rights (getting permission array).
In case you need to get the ID of the other (yes... two identifiers used in the project for permissions - name and ID (auto increment key))...
Let's write another function on top of the function on top of the function.
My brain is seriously in deep fried mode.
Untangling this mess is basically like getting pumped up with pain killers and trying to solve logic riddles - it just doesn't work....
So... From redesigning and porting from PHP 7 I'm basically rewriting the whole base system to MVC, porting and touching every script, untangling this dumb shit of "functions" / "OOP" [or whatever you call this garbage] and then hoping everything works...
A huge thanks to AURA. http://auraphp.com/
It's incredibily useful in this case, as it has no dependencies and makes it very easy to get a solid ground without writing a whole framework by myself.
Investigating a "bug"(turned out to be user error) on the production servers, accidently wiped out the permissions for 1,800 users.
Thankfully was able to recover them in under 10min. God bless a solid disaster recovery policy.1
I remember making a product for my customer that was using a db
When I tested the product before showing it to the client, everything was good and fast and clean.
When I gave it to my customer, he was very happy, after few days he emails me about the product was very slow, I checked the database and it had a lot of *testing* shit made by him and when I asked my customer why the db has so much useless things he told me that he was learning how to it. I had no words, can't you just create a database MongoDB, MySQL or whatever you want to learn locally and play with it? Then he emails me later about a fucking refund because HE fucked up with the permissions of the db5
Wtf if anyone ever tells me again that android permissions are great I am gonna hurt him ... probably6
I have been having bad luck...
First, windows kept wiping my arch drive.
Then my phone got fucked up in the middle of rooting so I had to reflash Android.
Then after I successfully rooted, I accidentally turned on bootloader lock which dissabled booting in to any mode (because I modified system files).
So then I had to reflash again.
Then I had problems because Knox is a bitch.
So I reflashed again. (It finally worked).
Then I tried installing arch again and fucked up my graphics drivers.
Then I installed Arch again and it finally worked!
But then I was modifying settings on chrome os and fucked up my Chromebook's graphics driver.
Then I had to reflash my Chromebook and put it back in to developer mode.
Then my phone started having permissions problems so I had to reflash it again.
So I have concluded:
Technology doesn't like me.
At least my arch install looks cool and my Android launcher looks like this:15
sooooooooo for my current graduate class we were to use the MVC pattern to build an IOS application(they preferred it if we did an IOS application) or if you didn't have an Apple computer: an Android application.
The thing is, they specified to use Java, while in their lectures and demos they made a lot of points for other technologies, hybrid technologies, such as React Cordova, all that shit, they even mentioned React Native and more. But not one single mention of Kotlin. Last time I tried my hand at Android development was way before Kotlin, it was actually my first major development job: Mobile development, for which we used Obj C on the IOS part and well, Java on the Android part.
As some of you might now, I rarely have something bad to say about a tech stack(except for VBA which I despise, but I digress) and I love and use Java at work. But the Android API has always seem unnecessarily complex for my taste, because of that, when I was working as a mobile development I dreaded every single minute in which I had to code for Android, Google had a great way to make people despise Java through their Android API. I am not saying it is shit, I am not saying it is bad, I just-dont-like-it.
Kotlin, proves a superior choice in my humble opinion for Android development, and because the language is for retards, it was fairly easy for me to pick it up in about 2 hours. I was already redesigning some of my largest Spring applications using half the code and implemented about 80% of the application's functionality in less than 3 hours(login, fragment manipulation, permissions, bla bla) and by that time I started to wonder if the app built on Kotlin would be ok. And why not? If they specifically mentioned and demonstrated examples using Swift, then surely Kotlin would be fine no? Between Kotlin and Java it is easy to see that kotlin is more similar to Swift than Java. So I sent an email. Their response: "I am sorry, but we would much rather you stick with the official implementations for Android, which in this case is Java for the development of the application"
I was like 0.o wat? So I replied back sending links and documentation where Google touted Kotlin as the new and preferred way to develop Android applications, not as a second class citizen of the platform, but as THE preferred stack. Same response.
Eventually one of the instructors reflected long enough on it to say that it was fine if I developed the application in Kotlin, but they advised me that since they already had grading criteria for the Java program I had to redo it in Java. It did not took me long really, once I was finished with the Kotlin application I basically rewrote only a couple of things into Java.
The end result? I think that for Android I still greatly prefer Kotlin. Even though I am not the biggest fan of Kotlin for anything else, or as my preferred language in the JVM.
I just.......wish....they would have said something along the lines of: "Nah fam please rewrite that shit for Java since we don't have grading criterias in place for Kotlin, sorry bruh, 10/10 gg tho" instead of them getting into an email battle with me concerning Kotlin being or not being the language to use in Android. It made me feel that they effectively had no clue what they were talking about and as such not really capable of taking care of students on a graduate level program.
Made me feel dirty.12
Today, during deployment on server without remote access:
Me (on the phone calling our data centre Admin): "There's a permissions mismatch. The following paths need write access from the following users..."
Admin: "Okay, okay, slow down... I'm still in the elevator." - 10 minutes later - "Okay, ready."
And I gave him the paths and he said: "Try now."
And I tried and it still didn't work. And then we tried all that again. And again. And finally he said:
Admin: "Okay, I give up, I'm going back down to get the screen."12
Two days of running around like a headless chicken because I'm retarded... 😫4
So, tonight I didn't really have much planned (I found out) so when I mentioned a side-remark my boss was quick to suggest an evening phone meeting, which I couldn't turn down...
So tonight we've cleaned and archived in our repositories, weeded out teams, member permissions, and such...
The thing is; I like my boss and he's much more of a friend, so when I mentioned that a cleaning would be good, he suggested to do it over a glass or two of something good :)
We ended up spending an hour or two getting a lot closer to the bottom of things — beer in hand and laughs in the air :)6
Gaming community of mine launched their slick new website with their new "ticket system" where people could put in tickets to get help by volunteers.
2 hours and an approval by one of the admins later I managed to inject forge http request into literally every form on that side. Modify permissions, delete users, edit tickets, put invalid values into every attribute of them... In other words break everything.
Turns out the whole thing was coded as a first time project by a person who has no clue about web development and noone is in charge of anything really. There are no requirements, no beta testing, no version control or backups, but at least they had a hard deadline. 🤣
Still not sure if I wanna fix their shit and do it properly or just enjoy seeing it crash and burn.5
So I fucked up.. I assigned a small wordpress/woocommerce project to myself to avoid my team members from wasting their time on it. I had a two month deadline, which was insane, so I kept postponing it until I forgot about it. Today my client contacted me by email to ask if she could preview the site before our meeting in two weeks..
QUE BULLSHIT EXCUSE:
- “I had to migrate to another server because of some access/permission issues with my current host. They gave me their word that they would be done with the migration thursday or friday, then I have to correct some permissions and database settings, and the DNS update may take up to 24 hours to finish. I will personally make sure that you know as soon as the migration has finished.”
- “Thank you so much! I feel so safe having assigned your company the job! I am really looking forward to our meeting and seeing the site!”
Oh and did I mention that deadline was around 65 days ago? And that I haven’t even started yet? I know what I’ll be doing for the next 6 days..3
I really don't understand how some it recruiters ever got their job... Brainless fucking scaredycat fuckwats!!!
Just finished a mission and i put myself back on the market, been flooded by calls and emails since monday, so far so good.
But all of them wanting you to 'come over the office for a chat', fuck no. 'I will come once a real opportunity gets presented, i propose to do video conference call as to not waste time and transportation'. But noooo... It's like they never heard of that thing being possible before. I propose them to use meet.jit.si (really cool and free to use videoconference software, no software needs to be installed)... 'Yeah sorry but your link doesnt work', 'how come? You just need to go to the url and grant cam and mic permissions for the session'... 'No it asks me to install software (not true) and i simply cant now ... Can you tell me who you are and what you do and what your field of expertise is?'
For fucks sake you got my cv right in front of you you fucking blind maggotpuss! Learn to fucking read!
Tomorrow is another, hopefully better day...
Glad to take that of the chest.2
Never mess with a motivated developer. I will make your life difficult in return.
Me: we need server logs and stats daily for analysis
DBA: to get those, you need to open a ticket
Me: can't you just give me SFTP access and permissions to query the stats from the DB?
*Writes an Excel Template file that I basically just need to copy and paste from to create a ticket*
This process should not take me more than 2mins 👍😁😋🙂😙😙😙😙😙😙😙😙
For them.... 😈😈😈😈😈😈😈😈😈😈😈10
Was implementing sorting algo into an app and it wasnt working even tho i took the code from the app and wired it to just simple wrapper where it worked perfectly.
This was really weird and fucked up.
After 5 hours and 30 times breaking the app just to test it i tried to launch it in Android VM.
And what a fucking suprise it worked.
Wait what ?
Ho .. How ?
Well it seems that my phone had SEpolicy fucked up which im happy that i found out about and it forced closed the app all the time because it was doing something not allowed so i disabled SElinux and it still doesnt work.
Now i was really confused so i took look at permissions and oh god i forgot to give it access to storage.
*/Turns on SElinux and gives it access to storage/*
Boom it works.
At this point i spent 10 hours debugging this piece of shit just to get the algo to work with the app and that isnt the best part.
I was doing this app for my dad since he wanted up for his job schedule and all the apps didnt met the requirement.
Then he walks up to me after i fixed it and says that he doesnt need it anymore since he found one app and did all the stuff and even more.
Ahhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh FFFFFFFFFFS (For fuck fuck fuck....... sake)4
CMS: Library not detected
CMS: Library not detected
Me: Everytime, you F***er!
Download different version
CMS: Library not detect
20 minutes later....
Send over the entire directory for a WordPress site we completely overhauled with new plugins, custom theme, redid content with visual composer, etc. I tell him to backup his site and then put everything I give you as fresh. He tells me he can't just wipe out his entire site that's unacceptable. I ask him what's the problem? he rambles on and says a lot of words that don't really mean anything then says security. so I call him out on it, what security issues do you have? well we have users and permissions setup he says. I explain That I copied his users table over when we did the redesign, so it's the exact same stuff. so I say again, why can't we just replace everything? well that's just not acceptable he says. I ask him again, what EXACTLY is your problem with replacing the site since I already addressed your security concern. he couldn't answer me so now we have another conference call tomorrow morning with more people from their team. I'll let you know how it goes.
tldr; clients are idiots, call them out for the dumb shit they say and have no response.7
Only touching the topic slightly:
In my school time we had a windows domain where everyone would login to on every computer. You also had a small private storage accessible as network share that would be mapped to a drive letter so everyone could find it. The whole folder containing the private subfolders of everyone was shared so you could see all names but they were only accessible to the owner.
At some point, though, I tried opening them again but this time I could see the contents. That was quite unexpected so I tried reading some generic file which also worked without problems. Even the write command went through successfully. Beginning to grasp the severity of the misconfiguration I verified with other userfolders and even borrowed the account of someone else.
Skipping the "report a problem" form, which would have been read at at least in the next couple hours but I figured this was too serious, I went straight to the admin and told him what I found. You can't believe how quickly he ran off to the admin room to have a look/fix the permissions.
WHY WHY WHY WHY WHY YOU FUCKING SPYING SNEAKY LITTLE CUNTS?!?
This is the Calendar app that comes with my phone. Can't disable, uninstall, or change these slightly suspicious permissions. FUCK MY LIFE12
Online applications are so much worse than the classic snail mail ones, because some companies just don't seem to give a single fuck about the quality of their application application (hehe).
This results in such joyous things like:
• "Allowed file types: doc, docx, pdf, jpg, zip"
• "Max filesize 3mb"
• "One of your files does not meet the requirements" (doesn't tell you which)
• "Upload timed out, please try again"
• 403 forbidden
• "Your account does not have the necessary permissions to upload more than 4 files at once"
• clicking the submit button leads to a 404
• "Please explain why you want to work for us." 500 character limit
• Google forms2
I think I prefer to work for smaller companies... I started working in a startup while going to university. It was very chaotic and they paid low, but now while working for my bachelor thesis I am at big company and I am kind of fucked up by a lot more of things... It starts with the fact that I have no admin permissions on my notebook. Then I have to use Windows because legacy stuff. This is also the reason we have to use IE or sometimes Edge. I tried home office this week and after 2h in which I had a 1h phone call with the in-house support, where I tried to figure out why the company VPN doesn't Work on the company notebook, what finally won't work and I will get another notebook next week, I switched to my personal computer and wrote documentation as this was the only thing I could do. Next thing is the fact, that the IT building is actually a few meters in front of the actual company area. I have no access to this area but there is the cantina and the machines I am working with. So every time I want to go there, I have to ask a colleague to come with me to pass the controls at the entrance. I also noticed that my access card is only valid between 7:30 and 17:30 because reasons so I literally can't come early if I want to leave sooner.
All these things are so disturbing..4
My recent hobby is to deny permissions that an android app asks for and see the app break into pieces... I don't know how people can assume that user is going to provide access... 😑4
Windows not powering off when I press the shutdown button.
Mandatory long rant warning
Oh my fucking god, how many times have I lost my shit because of this fucking bullshit.
When I press the shutdown button, I want you to shut the fuck down you sorry excuse for an operating system.
Me and my friends want to hang out together, so I shut down my PC and walk over to their house, expecting an intense session of doing programming stuff and debating linux distros. Whatever the fuck we do when we get together.
I get to their house and pull out my laptop,, only its hot as fuck. And then I see it: the battery indicator is red. "What the balls?" I think to myself. I open the lid, and guess what?
WINDOWS DIDN'T FUCKING SHUT DOWN, AND IT STAYED ON THE POWERING OFF SCREEN ALL THIS FUCKING TIME. WHAT THE FUCK?
Now, my laptop has a bomb ass battery, so I didn't even bring a charger with me, and now I'm fucking stuck at a programming session with friends without a computer. FUCKING BULLSHIT.
If this was a one time thing, I wouldn't have cared so much, but this happened countless fucking times. Too many.
I would have deleted this cum socket of an operating system months ago if it weren't for the Windows exclusive software I need for school, and now that Steam supports games for linux, Windows has even less of an excuse to stay on my fucking laptop.
Windows is supposed be fucking simple, but linux takes it by a goddamn long shot. When I type "shutdown now" or "poweroff", linux shuts the fuck down, no questions asked. And if I ever need root permissions, I just type "sudo" instead of restarting the fucking program and requesting admin privileges.
Most of the software I use is compatible with both MacOS and Windows, and I already have Ubuntu installed on my laptop, so what do you guys think, should I butcher Windows off of my SSD and give MacOS a try?
Also, what is this magic? Ranting actually calmed me the fuck down... I need to start ranting more.
FUCK MICROSOFT AND FUCK WINDOWS, I WISH I COULD BURN TO FUCKING OBLIVION6
Fuck I hate bloated app permissions but I guess todo lists that know who you most likely to chat to when taking a dump is what we get for demanding everything for free. I get why Snapchat wants so much, I just find it fucking ironic that this is from a company that founded itself on the concept of privacy 🤦♂️7
Sounds a lot like he's out for some fucked up facebook permissions, thought facebook "removed" all of them?9
Big Company rant #2
As I said before I have no admin permissions on my working Notebook and everytime I want those, I have to call the inhouse support, make an Appointment and then they Access my Computer and type in their root Password. Of Course after I had explained them what I want to do nearly a hundred times.
next Thing is our custom Firewall. It is global in our Network and all the Computers have a custom Root Certificate for SSL installed, BUT this certificate seems to be not recognized by nearly every program I want to use. Git-Bash, npm, python/pip, docker, .. everywhere I have to manually install this cert, but most of the time I Need admin Rights to edit those.
After 3 weeks in this Company I thought I have everything correctly installed and configured.
But Company said no.
I received a mail over the Weekend which said my Notebook will be replaced because the one I had was an Interims device and they only waited for a new delivery of devices.
So now I am sitting here at my desk unproduuctive, configuring my Setup AGAIN7
Today in development: discovered that it's possible via combination of keys to rename a database in SQL Server Management Studio without as much as a dialog box to confirm.
Shout out to the 2000ish users in production that discovered this delightful nugget of info with me.
A) Don't trust Microsoft to create software that makes you confirm potentially catastrophic actions
B) Make sure your user hasn't been granted ALTER DATABASE permissions without your knowledge before you start using it.1
sudo chown <user> -hR /usr/bin/
Tries to run "sudo su" after 12 hours:
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
it was at this moment that he knew, he f'd up10
why do i have an iphone?
well, let's start with the cons of android.
- its less secure. this isn't even arguable. it took the fbi a month or something (i forget) to break into an ios device
- permission, permissions, permissions. many of the android apps i use ask for the not obscure permissions.
· no, you don't need access to my contacts
· no, you don't need access to my camera to take notes
· no, you don't need access to my microphone to send messages
· no, you don't need access to my saved passwords to be a functioning calculator
- not being able to block some apps from an internet connection
- using an operating system created and maintained by an advertising company, aka no more privacy
- i like ios's cupertino more than material design, but that's just personal preference
pros of ios:
- being able to use imessage, at my school if you don't have an iphone you're just not allowed to be in the group chat
- the reliability. i've yet a data loss issue
- the design and feel. it just feels premium
- if i could afford it, ios seems like a lot of fun to develop for (running a hackintosh vm compiled a flutter app 2x as fast as it did on not-a-vm windows)
so that's why i like iphones
- Rooted phone
- Blocked certain apps from obtaining permissions
- Blocked apps from preventing taking screenshots
- Hid the annoying Google search bar
- Installed Debian/Ubuntu in a chroot inside the phone
- Installed vim, git and more inside the chroot
Ahhh, feels so good8
YouMod - Easy Moderation for your YouTube Channel!
We are building a website to allow big YouTubers to add other moderators who help you with your YouTube Channel.
Set Permissions, see what they are doing, and much more!19
I have come across the most frustrating error i have ever dealt with.
Im trying to parse an XML doc and I keep getting UnauthorizedAccessException when trying to load the doc. I have full permissions to the directory and file, its not read only, i cant see anything immediately wrong as to why i wouldnt be able to access the file.
I searched around for hours yesterday trying a bunch of different solutions that helped other people, none of them working for me.
I post my issue on StackOverflow yesterday with some details, hoping for some help or a "youre an idiot, Its because of this" type of comment but NO.
This is the first time Ive really needed help with something, and the first time i havent gotten any response to a post.
Do i keep trying to fix this before the deadline on Sunday? Do i say fuck it and rewrite the xml in C# to meet my needs? Is there another option that i dont even know about yet?
I need a dev duck of some sort :/42
Why is whatsapp just AIDS?!
The privacy thing is big but let's take a look at the app.
It's the only messenger app I've ever used that forces you to save incoming images to your gallery if you want to see them, like wtf?
The UI looks like shit and it's kinda hard to understand from a UX perspective, for example read receipts which Messenger does beautifully. Facebook owns WhatsApp so A it's not really a better choice than fb messenger and B it basically has a shit quality application compared to Messenger. The messaging experience in sketchy Chinese dating apps is better.
Also it basically hacks your phone. It turns on notifications and permissions by itself even when I explicitly turned them off, and sends me notifications for muted conversations.
Speaking of notificatikns. Every time I get 1 notification, notifications from every single chat even an unread messages from 3 years ago gets sent to my phone.
It guzzles battery like a monster.
And they have basically formed a cult in the indian community, so now everyone thinks its the best and no one uses anything else because "it's so convenient" which it's NOT. It has a terrible interface, and the only thing I like about it is the fact that it being so shit gives me an excuse to uninstall it and ignore all the fucking spam on there.
Honestly, the app needs to die ASAP because it is frankly the shittiest of shittiest messaging applications.5
Can anyone tell me what’s going on with Facebook? I haven’t used Facebook in 7 years. Sorry for living under a rock but I don’t get what’s so bad about Cambridge Analytica. It seems the information they scraped is publicly available regardless of permissions. Likes? Who your friends are? I’m not sure..4
I wish my boss would stop revoking my permissions. He's always saying how these slew of things need to be accomplished, yet, everytime I go to do them I'm at a wall because, despite having permissions for a very long time he decided to revoke them entirely.
It's not like I can't be trusted with them, it's been over 2 years with them, so why the sudden revoke?
I finally sent some snot mail to him informing him I'm unable to complete my tasks without the permissions granted to me (I'm a sysadmin, sec guy, boss is vp of tech), and instead of him granting them yet again he's going to run around and try to hack around the permission requirement so he can avoid giving me them.
Seriously? This is stupid. I was the one who wrote the security design and implementation document, and put all that work in. Now I'm being locked out of the system I designed, built and implemented?
Well, time to look for a new job. If you're a manager, please don't revoke your employees permissions without notice, at random, and try to hack around well-documented security policies. It won't end well!3
Microsoft owns github
Microsoft owns windows
Microsoft owns powershell
Why then, why exactly, is it so fucking hard to get ssh private keys for github, up and running on windows powershell.
I tried to change permissions on files but then it broke the git-bash implementation 😭.
Fuck it !! 😭😭8
This was not exactly the worst work culture because the employees, it was because the upper level of the organization chart on the IT department.
I'm not quite sure how to translate the exact positions of that chart, but lets say that there is a General Manager, a couple of Area Managers (Infrastructure, Development), some Area Supervisors (2 or 3, by each area), and the grunts (that were us). Anyway, anything on the "Manager" was the source of all the toxicity on the department.
First and foremost, there was a lack of training for almost any employee. We were expected to know everything since day-1. Yes, the new employees had a (very) brief explanation about the technologies/languages were used, but they were expected to perform as a senior employee almost since the moment they cross the door. And forget about having some KT (Knowledge Transfer) sessions, they were none existent and if they existed, were only to solve a very immediate issue (now imagine what happened when someone quit*).
The general culture that they have to always say "yes" to the client/customer to almost anything without consulting to the development teams if that what was being asked to do was doable, or even feasible. And forget about doing a proper documentation about that change/development, as "that was needed yesterday and it needs to be done to be implemented tomorrow" (you know what I mean). This contributes to the previous point, as we didn't have enough time to train someone new because we had this absurd deadlines.
And because they cannot/wanted to say "NO", there were days when they came with an amount of new requirements that needed to be done and it didn't matter that we had other things to do. And the worst was that, until a couple of years (more or less), there was almost impossible to gather the correct requirements from the client/user, as they (managers) "had already" that requirement, and as they "know better" what the user wants, it was their vision what was being described on the requirements, not the users'...
And all that caused that, in a common basis, didn't have enough time to do all this stuff (mainly because the User Support) causing that we needed to do overtime, which almost always went unpaid (because a very ambiguous clause of the contract, and that we were "non-union workers"**). And this is my favorite point of this list, because, almost any overtime went unpaid, so basically we were expected to be working for free after the end of the work day (lets say, after the 17:00). Leaving "early" was almost a sin for the managers, as they always expected that we give more time to work that the indicated on the contract, and if not, they could raise a report to HR because the ambiguous clause allowed them to do it (among other childish things that they do).
Finally, the jewel of the crown, is that they never, but never acknowledge that they made a mistake. Never. That was impossible! If something failed on the things/systems/applications that they had assigned*** it was always our fault.
- "A report for the Finance Department is giving wrong information? It's the DBA's fault**** because although he manages that report, he couldn't imagine that I have an undocumented service (that runs before the creation the report) crashed because I modified a hidden and undocumented temporal table and forgot to update that service."
But, well, at least that's on the past. And although those aren't all the things that made that workplace so toxic, for me those were the most prominent ones.
* Well, here we I live it's very common to don't say anything about leaving the company until the very last day. Yes, I know that there are people that leave their "2-days notice", but it's not common (IMHO, of course). And yes, there are some of us that give a 1 or 2-weeks notice, but still it's not a common practice.
** I don't know how to translate this... We have a concept called "trusted employee", which is mainly used to describe any administrative employee, and that commonly is expected to give the 110% of what the contract says (unpaid overtimes, extra stuff to do, etc) and sadly it's an accepted condition (for whatever reasons). I chose "non-union workers" because in comparison with an union worker, we have less protections (besides the legal ways) regarding what I've described before. Curiously, there are also "operative workers", that doesn't belong to an union, but they have (sometimes) better protections that the administrative ones.
*** Yes, they were in charge of several systems, because they didn't trust us to handle/maintain them. And I'm sure that they still don't trust in their developers.
**** One of the managers, and the DBA are the only ones that handle some stuff (specially the one that involves "money"). The thing that allows to use the DBA as scapegoat is that such manager have more privileges and permissions than the DBA, as he was the previous DBA2
So some client has their own server with their website that we made and maintain.
Recently they've revoked writing permissions for our user for whatever reason but expect us to change stuff.
This has been the case for a few weeks now and they still haven't given us writing permission back, but insist of us making the changes.1
Our project at work goes live in 3 weeks.
The code base has no automated tests, breaks very often, has never had any level of manual testing
will not be releasing with any form of enforced roles or permissions in our first release now due to no time to enforce, however there is a whole admin api where you can literally change anything in our database including roles.
We also have teams in various countries all working separately on the same solution using microservices with shared nuget packages and they aren't using them properly.
Our pull requests are so big - as much as, 75 file changes - in our fe app that I can't keep up with it and I honestly have no idea if it even works or not due to no automated tests and no time to manually test.
We have no testing team, or qa team of any sort.
Every request into the system has to hit a minimum of 3 different databases via 3 different microservices so 1 request = 4 requests with the load on the servers.
We don't use any file streams so everything is just shoved in the buffer on the server.
Most of the people working on the angular apps cba to learn angular, no one across 2 teams cba to learn git. We use git so they constantly face problems. The guy in charge has 0 experience in angular but makes me do things how he wants architecturally so half the patterns make no sense.
No one looks at the pull requests, they just click approve so they may as well push directly to master.
Unfinished work gets put in for pull request so we don't know if the app is in a release state since aall teams are working independently, but on the same code base.
I sat down and tested the app myself for an hour and found 25 fe only issues, and 5 breaking cross browser issues.
Most of our databases are not normalised. Most of our databases make no sense. 99% of our tables have no indexing since there is no expertise with free time to do it.
Our. Net core microservices all directly use ef in the controller actions so there is no shared code there.
Our customer facing fe app is not dry because no tests so it was decided it was better this way.
Management has no idea on code state, it seems team lead is lieing to them about things like having any level of tests.
Management hire devs that claim to be experts but then it turns out they have basically no knowledge of what they were hired to do, even don't know what json is or the framework or language they are hired for, but we just leave them to get on with it and again make prs too big to review.
Honestly I have no hope that this will go well now but I am morbidly curious to watch. I've never seen anything like the train wreck that we are about to get experience.5
Not only did my boss insist on setting up roles and permissions for our app how he designed them, even after I spent 4 or 5 hours trying to convince him to let me do it differently, but he has now fucked our entire system.
Under this model of roles and permissions you cannot enforce them on the backend by any means, and now we have a service dealing with users including resetting passwords and changing details that does not use authentication. That's right, aurhe tocation and not even talking about authorization now. Good job.
I honestly wish companies like this would get hacked and fucked over as soon as they did it wrong because I can't believe how retarded some people are.3
I accidentally let some malware on my computer and it installed drivers so i couldn't delete the reg Keys or the program itself because I didn't have the proper permissions (super administrator account )
I busted out Linux, used a piece of software to open the register, manually deleted the register key entries, because Linux doesn't care what level of admin you are on Windows, he just sudos that shit.
Rebooted, malware gone.8
I hope this Never happens to anyone :(
On a serious note, Microsoft is talking away all the permissions earlier we use to have during XP.6
My Windows installation has been achting up the last few days. Something with permissions is messing with my gpu it seems.
Of all the errors I have gotten, this must have been the best one5
Windows users can't meme.
>tfw osx is more versatile than windows because of Unix structure
>tfw you don't have admin permissions
>tfw your doing important work but you get a forced update because you can't handle your own system
I am a Linux user myself but OSX is a lot more powerful, I don't understand windows fan boyism? The only thing good about windows is their application and game support and a lot of that can be fixed with wine on OSX and Linux3
Because in #Adobe's utopia world, #everyone is a local admin.. and is super computer literate and knows how to use the terminal to change permissions. Oh wait no, the fact is the world is filled with organisations whose users act like monkeys in a cage and absolutely cannot be trusted with admin rights.
And yes.. the 'repair' does nothing, of course!
Ughhh Adobe.. get your act together.
Switched back to windows because I needed IIS for work and I did miss having a touch screen (could not get driver working on Linux).
A few gripes.
I mean, the standard "oh great, half a day downloading and updating my machine" applies.
The thing I forgot about Windows is that after everything I do it wants to restart. Updating itself forced the computer to restart several times, wtf.
Powershell (ironically) holds a shadow of bash's power
So many "power user" actions are done with a gui, dear lord give me a terminal command and a man page any day over the convoluted way to do some actions. Changing permissions for IIS was several layers of gui dialogues, where it would be a couple of commands in bash.
Sorry to be unoriginal and moan about an OS, as an end user windows is great and a lot more streamlined and arguably prettier, but as a programmer it doesn't make life half as easy as the realm of *nix1
Can someone explain me...
... WHY GOOGLE PLAY SERVICES NEEDS ALL PERMISSIONS FOR WEBAUTHN(U2F)???
NEED MY CONTACTS, CALENDAR, BODY SENSORS, SMS AND SO ON! ALL FOR U2F???
I PROBABLY SHOULD BE GLAD THAT I DON'T NEED MY GOOGLE ACCOUNT FOR THAT?!?!
Using Firefox and testing WebAuthn instead of the typical dialog I get "Firefox has trouble communicating with Google Play Services" when I try to use that.
If someone knows the responsible people at google, tell them to FIX THAT SHIT.17
Okay...not a rant. But my boss's boss is amazing! I've been with this company for about a year, and every time my lowly ass needs permission elevation to do something, I have to practically beg. And then I get elevated one little permission at a time. I have a presentation to the board on Tuesday, and all damn day it's been one network permission problem over the other. It's become insulting that I'm the only team member that has to beg for permission scraps. Today, they take me out to lunch and when I get back, sends an email and copies me on it basically instructing that I'm to receive near-God like permissions on the network. Quite an honor for being everyone's junior by like 20-25 years! I feel like I'm about to receive an Infinity Stone or something...best day ever!
Soo why the fuck am I receiving notifications about someone from my contacts is available on messenger, when you don't fucking have the permissions to read my contacts? I'm looking at you Facebook Messenger.
That's some new level of ignorance. "Oh I see you didn't gave me the permissions to read your contacts. Worry not my friend just let me take a secret peek of it. I will be discreet, I promise!"... Well FUCK YOU!
P.S.: I only use that piece of garbage because unfortunately some of my friends are only available there... Time to convince them to switch.6
When i made a little web prototype platformer game using js and then wanted to show my friends as they all wanted to play.
1. Setup all the files on my phone.
2. Made a web server on my phone with relevant file permissions.
3. Setup a web server on my phone and joined the network
4. Smile as it worked when they all connected through the browser to the relevant IP/port
This post just made me realise i need to get another phone lol1
Sometimes I feel like I am surrounded by idiots. My family are too stupid and lazy to have jobs or do anything involving a skill. They are too dumb to do anything properly so most of the house is fucked.
My co-workers are supposed to be Web devs but cba to learn the frameworks or languages we work on. Some of them have over 5 years experience and don't understand basics like backend verification vs front end.. Or even what json is. Needless to say everything I'm told to do is retarded such as implement roles and permissions where there are no roles, but ot allowed to add roles.
Anyone else surrounded by idiots 90% of the time? How do you not get worn down?3
Let me preface this by saying that I am in no way an experienced Web developer. I've been learning it in my spare time for a little over a year and this is my first job in the industry.
So, I'm working with a client who's a friend of the boss. He's had a developer friend of his build him a WordPress site (using fucking Visual Composer no less but that's not important).
He's asked us to host it on AWS, which took this 'developer' to have to use a cloning software to move across. I had to access the server myself to set this up, which was fine but considering I gave him the .ppk and .pem he needs to ssh into it. He then says the file permissions aren't right. So again, I say he can ssh and change that. He says nope and makes me do it. So I do it. I give him IN DEPTH instructions on how to do it. He says it isn't working, he can't change the hyperlinks. He's had to quote unquote "bypass the database to change the config file". That was this morning. I'm trying to be as civil as I can with this guy, considering he's a Certified Apple Instructor and Educator, yet he clearly doesn't understand ssh or ftp for that matter.
We're not getting paid for the work by the way.2
I worked at a firm that had an infernal off the shelf CRM system that they collaborated with the dev company to customise.
They were seriously behind the competition, and didn’t have any app or web presence for interacting with their system, instead relying on people calling (fine for the nature of the business, but competition was leaving them in the dust).
They decided that they needed to redevelop it in-house, with a focus on supporting the web and apps.
I was hired for this purpose.
It was me and one other dev, who was also the head of IT.
He’d built a small prototype, and was new to the whole WPF / MVVM thing for the in-house app, so with my previous experience it was clear it needed to serve as an example only, and that it would need redeveloping.
I was only there three months.
In that time I singularly (he was pulled away to troubleshoot their VOIP installation - yes, for three months as other companies kept dropping the ball) built:
- A WebAPI with JWT auth
- An MVC skeleton frontend
- A WPF desktop app
It had all sorts of cool shit in it, 2FA, Reactive UI, Reactive extensions, server push to desktop, a custom workflow and permissions system.
It was pretty dang cool.
End of the three months rolled around, and the non-technical managers were concerned about time to market, so they decided to drop me as I’d “not made enough progress”.
I’d also had a bit of absence which they were aware of and were supposedly supporting me through.
But MFW three months is assumed to be enough time to build such a system with one dev.2
#define useless unnecessary
Fuck off Zuckerman and any dev who codes such shit for useless permissions and especially FUCK YOU CLIENT for asking your dev to ask for all useless permissions for your fucking app just because you think it's cool ;
SharePoint things that I get yelled at by customers for:
Setting up page permissions wrong (even though the real problem is that a coworker didn’t check the page in)
Writing the workflow wrong and nobody is getting emailed (even though they didn’t select who to send the email to)
Not magically knowing that they wanted the new intern (who started Tuesday) to be given full design rights on their page
Not magically knowing that their discussion mod quit a year ago (before I started here) and now nobody can feature a post
Not spinning up an entire new site so that they could post a link to a single sign up sheet for their team (of 10 people) barbecue
Somehow making it so MS Edge can’t handle high res images correctly (because I totally created Edge (which isn’t even a supported browser here))
Not responding immediately when they submitted a ticket at 7:00pm (I’m off at 5) asking me to change one word on a page they have edit rights to
Not giving their admin assistant global design rights for our entire organization
Not giving them access to a confidential folder that has nothing to do with their job
Telling the owner of aforementioned folder that they’re not allowed to store confidential data in SharePoint
Making workflows too confusing for them to figure out
Fixing shit workflows that their ex coworker built wrong
Generally having the word SharePoint associated with my name2
Ahh.. there is nothing like the joyous feeling of writing a working piece of code for your own personal projects.
I spent several weeks and a few hours today to finally get my Python automation script working and I am very proud of myself.
Here's what it does:
* open a text file, extract a specific string from it using rather complicated xpath
* open another text file and do the same
* replace result 1 with result 2
* log results
* close file
* automate the process
Even though it looks easy, I had to mess around with a lot of problems such as permissions, indentation, stream writing, file status, etc.
Now, instead of having to manually do this job, I can just let my machine do it!2
I have a Yahoo app on my phone for some legacy purposes. I just allowed the storage access permissions when it was asking for it during the installation or something, cause like, who doesn't? I checked my Yahoo Mail on the browser tonight and saw copies of my mobile photos in it! It's through the Attach Icon > Insert animated GIF. WTF? So that's how you can easily get hacked from apps?
Tried the "Ubuntu Bash on Windows" feature today. After restarting the computer for about 300 times (needed to install the whole anniversary update too) i could finally use the bash, resulting in crashing after the 3rd command being entered.
Simply creating a symlink (Windows ssh folder to the home folder) brought it down to it's knees, resulting in being unable to restart the whole thing at all.
Gladly I was able to restart the computer again for about 300 times (it's a windows feature, reinstalling is again a restart parade).
As it worked by then I noticed, that the mounted windows ssh folder contains files with 777 permissions, which you can't change and are thus unusable by the ssh command.
So long story short, today I was able to look at my computer being restart ~600 times for one hour with the result that I'm still sticking to Babun (and sometimes Putty)7
Windows makes me genuinely angry. Why is it that when I boot my computer, I am expected to wait 10+ minutes for windows to launch 5 startup applications, most of which are already patches for things that should be there to begin with, before I can even begin to use explorer to open GeForce experience because for some reason, windows said "Graphics drivers?! Who needs those?!" And threw them out the window! And then I get notifications about apps needing permissions to things, BUT IT WONT TELL ME WHICH ONE! I clicked the update driver notification 5 minutes ago and the installer literally just now opened up. This is a computer with a r3 processor and gtx970! It may not be the best, but it is by no means underpowered! Why must Halo online not have a Linux version? :(4
So like a couple days ago I was trying to clear the Var directory of my Symfony project.
rm ./* -R
Linux: are you sure you want to delete write protected blah blah blah?
Me:AHA! SO ITS A PERMISSIONS ISSUE
sudo rm ./* -R
Quickly realized I was no longer in my project directory.
Took a fat L. Had to reinstall.2
Am I the only developer in existence who's ever dealt with Git on Windows? What a colossal train wreck.
1. Authentication. Since there is no ssh key/git url support on Windows, you have to retype your git credentials Every Stinking Time you push. I thought Git Credential Manager was supposed to save your credentials? And this was impossible over SSH (see below). The previous developer had used an http git URL with his username and password baked in for authentication. I thought that was a horrific idea so I eventually figured out how to use a Bitbucket App password.
2. Permissions errors
In order to commit and push updates, I have to run Git for Windows as Administrator.
3. No SSH for easy git access
Here's where I confess that this is a Windows Server machine running as some form of production. Please don't slaughter me! I am not the server admin.
So, I convinced the server guy to find and install some sort of ssh service for Windows just for the off times we have to make a hot fix in production. (Don't ask, but more common than it should be.)
Sadly, this ssh access is totally useless as the git colors are all messed up, the line wrap length and window size are just weird (seems about 60 characters wide by 25 lines tall) and worse of all I can't commit/push in git via ssh because Permissions. Extremely aggravating.
4. Git on Windows hangs open and locks the index file
Finally, we manage to have Git for Windows hang quite frequently and lock the git index file, meaning that we can't do anything in git (commit, push, pull) without manually quitting these processes from task manager, then browsing to the directory and deleting the .git/index.lock file.
Putting this all together, here's the process for a pull on this production server:
Launch a VNC session to the server. Close multiple popups from different services. Ask Windows to please not "restart to install updates". Launch git for Windows. Run a git pull. If the commits to be pulled involve deleting files, the pull will fail with a permissions error. Realize you forgot to launch as Administrator. Depending on how many files were deleted in the last update, you may need to quit the application and force close the process rather than answer "n" for every "would you like to try again?" file. Relaunch Git as Administrator. Run Git pull. Finally everything works.
At this point, I'd be grateful for any tips, appreciate any sympathy, and understand any hatred. Windows Server is bad. Git on Windows is bad.10
Thanks for all the ++ notroot. One day, I hope your permissions are elevated beyond your wildest dreams.2
Yea...I built the system. That doesn't mean I want to spend all day using it to perform administrative tasks for you and your team. I only have permissions to do things because it's the nature of the beast...not because I should be assigning leads, granting permissions, etc. Please! Someone take the reins and use the shit I built!3
Frigging corporate antivirus updated its definitions and decided a class generated by Gradle on my debug builds is an infection risk. And as it's an intermediate output and it's deleted and recreated every time, it sends a new alert every time. And sometimes it can't quarantine it because it's deleted faster than it's processed by the antivirus, so it's getting a higher and higher risk level each time. And I can't add it to the exclusion list because of a permissions issue. Oh well...6
At work one morning, I was asked in chat for a way to edit an xml file on a Mac. They couldn't open it due to permissions. I told them to open Terminal and run sudo vi /path/to/file.xml. Never got a message back about it, so I assumed everything was OK. Later that afternoon, I received another question: "I'm in, I've made the changes, now what? How do I get out?" It wasn't funny until I realized how many memes existed for this. I'd imagined they'd quickly opened and edited it and spent hours unable to exit it; though, realistically, it probably wasn't attempted until the afternoon. Truthfully, I was new to it, too, and have no idea why I suggested vi over something else.
I want to call out the absolute retard at Oracle who decided that file modes should be read from the envvar called UMASK and be in decimal by default.
They probably never cared about file permissions.1
I just gave snapchat access to my contacts permissions, i cant wait to see what they will do with that. so exciting!!8
CMake. Because as always, it's even worse that it looks.
1. There is a nearly-undocumented variable for determining the permissions for implicitly created directories in the install path.
2. This variable is used for install(TARGET), install(FILES), but not for install(DIRECTORY). Why? Because fuck me I have no idea.
I can't even imagine how they could have implemented this functionality and yet have this behaviour. Unless it was written by Koppipasta the drunken lemur intern.
Don't accept merge requests from drunken lemurs. Just say no.4
That very moment! when your app is ready
Android Marshmallow has gone live
and every pips has updated their phones
and you forgot to implement about runtime permissions4
I remember when my module lead left a bug... he immediately went to the client location. He managed to go in the room where only restricted people were allowed.. (even I need to take many permissions to go inside) he confidently asked to check some logs to get the access to the machine, fixed the bug and came back in heroic style.
I was really impressed.
Google keeps reaffirming what I keep telling everyone... it's not 1995 any more. They just ripped Symantic over using 7-year old (un-updated) open-source components in Norton. These are massive zero-day exploits that are wide the hell open. If you're really concerned, use MSE on Windows. If you're on a Mac, grow a brain cell and actually look at what you grant permissions to, and you won't even need AV.3
Malwares are nasty applications, that can spy on you, use your computer as an attacker or encrypt your files and hold them on ransom.
The reason that malware exists, is because how the file system works. On Windows, everything can access everything. Of course, there are security measures, like needing administrator permissions to edit/delete a file, but they are exploitable.
If the malware is not using an exploit, nothing is there to stop a user from unknowingly clicking the yes button, when an application requests admin rights.
If we want to stop viruses, in the first place, we need to create a new file-sharing system.
Imagine, that every app has a partition, and only that app can access it.
Currently, when you download a Word document, you would go ahead, start up Word, go into the Downloads folder and open the file.
In the new file-sharing system, you would need to click "Send file to Word" in your browser, and the browser would create a copy of the file in a transfer-partition. Then, it would signal to Word, saying "Hey! Here's a file that I sent to you, copy it to your partition please!". After that, Word just copies the file to its own partition, signals "Ok! I'm done!", and then the browser deletes the file from the shared partition.
A little change in the interface, but a huge change in security.
The permission system would be a better UAC. The best way I can describe it is when you install an app on Android. It shows what permission the app wants, and you could choose to install it, or not to.
Replace "install" with "grant" and that's what I imagined.
Of course, there would be blacklisted permissions, that only kernel-level processes have access to, like accessing all of the partitions, modifying applications, etc.
What do you think?7
Just writing this because i’m stressed as fuck and i’m currently having my second sleepless night in a row...
Like i mentioned earlier i have 4 projects on my name. Two are on a real tight deadline, the other two are smaller, more support like issues.
Last week i got asked basically to get about 20 storypoints done in two hours by my Scrum master. Ehh no. Impossible. Wish i could do magic...
Yesterday i had to make a quick hotfix between the two bigger projects. Tried to reject this but had to do this any way. (It was basically the clients fault/content)
Also, f’d it up because there are current changes that are ready for deploy but haven’t been approved yet.
Do i get a f’ckin email this morning about how the progress wasn’t followed and the git permissions aren’t right.
You fucking twat! If i i did have ANY freaking minute in my planning to actually take the time for this damn hotfix this didn’t happen any way! You’re fucking restrictions only make things harder you goddamn motherfucking morron!8
I fucking HATE our hospitals EHR.... They pushed out an update that stripped user group permissions, corrupted files, redirected paths, and who the fuck knows what else. And the update description.... “Update version: XX.XXX” FUCK YOU!!!!!!!3
So everyone here has probably seen many posts ranting (or should that be rants posting) about windows updates in the lastest version of Windows. I have seen one too many rants about losing work due to this well it happened to me to. ..almost.
Since I have an editor that saves work automatically I didn't lose anything but just had to restart by applications and set my windows how they were again. It wasn't planned and I had previously manually disabled windows updates but they still ran and rebooted my machine...grrrrr!
Doing some more research I found my previous fix which worked in Windows 10 1511, and 1607 versions (anniversary update and prior) doesn't work in version 1703 or 1709 the Creator's and Fall Creator's updates respectively.
If you have version 1511 or 1607 you can just disable the windows update service and windows store service and appxpackage services to completely stop windows updates and unexpected reboots. I ran it like that for over a year from 2015 well into 2017. After being impressed with the newer Fall Creator's update I decided to manually update to 1703 and then to 1709 which is the latest version.
The problem is, the old disable service fix isn't enough now in these newer versions. To disable updates in the newer versions you have to stop the usoclient which is the update orchestrator. Simply disabling the services doesn't work anymore.
Changing the file permissions of the usoclient will work and stop the scheduled tasks from firing.
Here ya go, no more unscheduled reboots. YOU pick when you want Windows to update:
Project requirements include a database. I don't have permissions to create a new database on the server, so I go to the person that spins up new servers and deals with group policy. They rustle some papers around, looking aggravated, throws up hands and says, "I guess I'm the DBA now..." Well, what the fuck am I supposed to do shithead? Ask the web team to do it? We don't have a DBA. My boss has been gone all week and, really, this isn't a hard task. You check a fucking box.
Whatever, I'll remember this when they need a favor from me.6
Fuck Google! I'm trying to write a fucking parential app that I can install on my little sisters phone, because I won't download something that is meant to monitor activity on a child's phone when I am capable of writing one. Problem is, I test it on my phone which has Android 10, because I am not keen on testing with a slowpoke out of wood brick that the target phone is. Android 10 does not let you do a single shit that is needed for a parential software. You try to turn on airplane mode to prevent messages from arriving and such? Well.... nope, you can't. Okay... airplane mode is too drastic. Let's try turning off WiFi and Data. Fuck me, you can't do that either. I gave the app fucking system permissions and It laughs in my face when I try to access some simple shit like... WiFi state. Miserable. I wonder if it will let me mute the fucking volume on the phone. I guess It won't, because "You shouldn't set these things on a user's phone.". Well, fuck that. That's exactly what I need. That old brick does not have built in parental settings. Jesus.27
I love Docker but I'm almost always screwing around with permissions and file ownership when it comes to secrets, bind mounts and making sure shit doesn't run as root while also making sure secrets are exposed and volumes aren't owned by root
Perhaps my frustration comes from the fact that I'm still learning and sometimes get impatient when things don't work within an hour or two, but still10
Motherfucker, do you even review your own code, never mind getting anyone else to do it?
"Hi" randomly added on a new line in the middle of a switch block, a syntax error, as the only change in a file?
Breaking two methods by misunderstanding which database object a variable identifies- but making no other change to those functions? And not adding permissions checks to the new API methods you added in that file?
Overwriting the email template that goes out to users who were added straight to the CRM, by reusing the same file for a template for users that have been invited to an event?
Adding your new fields to the old CRM sync code, again leaving me to figure it out, thereby leaving users' changes likely to be overwritten every morning?
And pushing this to master, supposedly tested, without a heads-up?
How often does your mum need to buy you a new box of crayons? Because these ones are chewed to pieces.
Suck my balls. Or rather don't, you probably don't know you're not meant to use your teeth.
...just download our new app! NO! FUCK YOU! What do you think you deserve storage space and permissions on my phone? Make a responsive site or webapp or I will not use your service. Why does everything need a fucking app? Oh, you bought a new car? Download an app! New appliance? DOWNLOAD A FUCKING APP! Just bought a new Samsung phone, but already use all of Googles empireware? WELL HERE IS ANOTHER CALENDAR/MAIL/EVERYTHING APP FROM SAMSUNG THAT YOU CAN'T COMPLETELY DELETE! This needs to stop.
Thank you for listening2
Okay, I really need some help here.
We're building quite a large application that will serve as the backbone for the whole company. We have to implement some sort of role system. We're debating whether or not to store roles in the DB or in code (some sort of config file). Personally I don't see any reason to do so. What's your thoughts?13
Fucking shit cheap wifi router with fucking shitty UI, or it was probably my own stupidity,
Enduring the warm (fuckin hot) coastal climate, I ran back and forth in my house continuing my ordeal from last night, trying to figure what the fuck’s wrong with my wifi,
So far I’ve known that, the main access point doesn’t work with any device, but I can connect via cable, and hardwired extended router also works, so the problem must be with the main wifi AP,
I’ve given up earlier in the morning and tried calling the ISP, and the lady on the other side was about to instruct me on how to change the wifi password, I politely decline as I’ve already tried it many times, then she proceeds to register an issue ticket and I’m to wait for the technician to come,
I spent some time making lunch (a very nice spaghetti, and baked some almonds, gonna make some salted caramel after this), until I grew impatient, and back in front of my laptop again,
Then it hit me, rather than changing the password, I made the connection to be open, then I tried to connect, still no avail, so something else must be blocking it,
I spent some time figuring out what could be the problem, I tried to translate all the technical jargons in the router, until I found
Mode: (a dropdown selection)
- permit (this one is selected)
[input for mac address]
[Some table to list registered devices]
Then it hits me like a brick, I tried adding my iphone’s mac address into the input, registered it, and voila, suddenly I am able to connect,
After that I tried setting the mode to disabled, nothing changed, the list is still there, I can still add more devices, but poof, my laptop suddenly able to connect,
After some experiment, what I concluded is that,
Disabled means the access control option is disabled, no restrictions or permissions (as intended as the default settings probably)
Restrict means allow all devices to connect except the ones registered in the list
Permit means restrict all device connections except for the ones registered in the list
Fuck it, now the problem is solved, everything went back to normal, well, back to my lunch I guess2
Weeks ago, a change went into production. For some reason, we can't implement our own changes or create new databases in production, we have to have a whole different department do it. This would be great except for one thing:
THEY CAN'T THINK FOR THEMSELVES. I've had to tell them how to run scripts I wrote. I've had to tell them how to fix problems that arise.
Back to that script ran three weeks ago or so. It didn't add permissions to allow me, the system and application developer to see the stored procedure, much less run it. Application can't run it. Thankfully the application works without it.
Fast forward to tonight. My change that I'm attempting to implement is the creation of the stored procedure, because nothing could see it, I assumed it didn't exist... reasonable, right? Database folks tells me it exists. They then tell me they can't give me nor the application permissions because it doesn't ask for it in the change plan.
Excuse me.... WHAT FUCKING WORLD DOES IT MAKE SENSE TO CREATE SOMETHING AND HIDE IT FROM THE CREATOR LET ALONE THE APPLICATION SO IT CAN'T USE IT?! FUCKING THINK. WHY WOULD I WASTE MY FUCKING TIME TO TALK TO YOU OFFSHORE PIECES OF SHIT AT 10PM WHEN I'D RATHER PLAY VIDEO GAMES.
I'm so fucking done with enterprises. Someone with reasonable job security at a startup, please hire me. You will probably pay me more fucking money than this company does anyway.
Now on to my second change of the night. Thankfully I don't have to rely on anyone outside of me... so I won't be wasting my fucking time.
Getting a location in android is so complicated:
First there's the permissions. Ok add it to the manifest. Oh wait, run-time permissions.
Gotta check if user has allowed the specific app to use location or ask for the permission.
Ok. That's done. Why am i not getting a location? Of course, user can turn it off from settings. Gotta check for that aswell. Or ask for it somehow.
Finally i should be able to get the location! Now, how to I use the Location service to get location in the most efficient way that suits for me? Or should I use the Google api.
Every answer in stackoverflow uses a different method. Oh well, gotta try out them all :).2
I'm in the first semester at my third college, working on my B.S. degree. I get a job in the finance and operations IT department doing web development. I get to use lots of tech I've never used before, like Python Flask, Docker, Redis, Azure, Slack, Microsoft VSTS, Portainer, MongoDB, Oracle database (weeeeeeeeeeee), and who knows what else awaits me. It took a week to get me access permissions to various systems but that's fine. I expected that.
* It's the first time I've ever touched Docker. I manage to break it so badly (somehow) that I BSOD my Win10 machine. Everyone in the office congratulates me on such a feat.
* I get assigned to an internal app management site to not only patch because it's currently broken but also improve. Coming from a PHP background, I've seen some nasty code. What I didn't expect was the same exact same anti-patterns and coding "practices" (examples: everything in a single file, all forms on a page POSTing back to itself for submission, sloppy, mostly uncommented, densely packed code) in a Python Flask project. I was told it was thrown together quickly by a previous employee who made this as his first Flask app, but this was not what I envisioned.
It's as if everything I do in my career is to prepare me to untangle the next monster code base I come across. I feel like the universe is mocking me.
That's cool. Bring it on. I'm ready. I'm enjoying this job anyway. 😎3
Just as an extension of last rant to explain how much fun it is to keep up with Apple's security through obscurity bullshit.
AFAIK this full disk access (FDA) feature was touted to protect a user's data on macOS. Programs that want to access those files need to request the user's permissions to do so. Now to the fun part: Apple is not providing any API. A staff member suggested, that you should only try to access the files your app needs and if you can't as for the user's allowance. One should not use some fixed files and try to access them, because their locations might change, as well as their (UNIX file) access rights (ACL), or if they fall under FDA. Not to speak about the other security features that might hinder you accessing files (you might be sandboxed, or the files might be subject to SIP/rootless).
Honestly, you should be starting to take drugs, if you want to stay sane. I mean UNIX ACL are weird enough: e.g. you can make a directory only readable for root such that a user cannot list the files inside, but you can place files inside that the user can read (if she knows about their existence). On macOS you'll never know. You may have all the rights to access a file,.. but Apple will only give you the finger.
As they always do to us developers.2
There are days I imagine what my life would be like as a farmer instead of being a developer.
Two major sets of fully manual tests due on one day, after I've been alone in the office for two weeks handling all development, testing and support requests; inbox full of dumb questions that are answered in docs; people at my desk asking for shit that won't get done; and although the other devs are all back, one is "working" from home, one has no permissions to SVN, and the other is still learning how to do anything useful.
To top it all off, I've a meeting in twenty minutes, and I've managed to get coffee on my shirt and in my ear buds in a curious incident involving my headphones getting dunked in my coffee and going towards me at high speed.
Oh, and my wife just called saying the baby is screaming like a banshee at home, so I have that to look forward to.
Just went to whatthefont on my phone and uploaded an image and it asked me for microphone permissions lol
I'm so annoyed.
I sent a request to be given permissions for something and I specified which permissions I already have and what else is missing so they know exactly what not to mess up while they're adding this. They granted me the missing ones and revoked the ones I already have.
It takes them a day or two to respond to requests and no matter how specific you are, they still manage to waste your fucking time by doing shit you didn't request for and not doing what you asked for. I already feel like crap about my tasks not having much progress.
Now I feel like I'm gonna get blamed for not re-testing the permissions I had when I tested the new ones they granted me. What the fuck, man. I feel so fucking useless right now.6
I've just spent the last hour or so banging my head against a brick wall trying to figure out why I'm unable to retrieve some data via AJAX even though I know data is being returned as I can see it in my error log.
Turns out the permission system I wrote a few days ago actually works and because I didn't specify a permission it automatically denied my user from retrieving the data. One thing I forgot to add was an error message to tell me when I don't have sufficient permission to do something. Adding a message could have just saved me a lot of time :/2
Don't understand file perms?
No prob...just sudo chmod -R 0777 /
and don't forget to make all your S3 buckets public!3
So I kept running into permission problems last night when trying to use move_uploaded_file() in php to upload images to my virtual server. Maybe today I'll finally figure it out.
My boss keeps looking into the system log file and being scared of some totally irrelevant messages (for him). Time to introduce permissions in the control panel...1
Fixing the npm permissions..
This should be covered by a giant red light and skulls.
If you don't see the warning you broke sudo1
I'm at a hospital waiting and the tv is so loud so I thought I'd find a remote app to turn it down.
I found this app, one with no ads but look at all the damn permissions it needs....
What the hell,
Anyone know a good remote app that doesn't want to steal my identity?6
As we all know(or suppose) that Google is silently listening to us, is there any way to stop him without covering the microphone physically (I know it can be a suggestion)?
Like some trustable app to take the mic permissions so that Google will not be able to use that resource, or something else.16
I just ran "sudo chown 755 /my/file" and couldn't run...
I checked the file and it said "-rw-r--r-- 1 755". And I was like: That looks like a 644, why does it say it is 755. I stared at it for a minute until it suddenly clicked. Hey, normally that does not show me a bitmask! It only shows it as r,w,x!
Yep... I ran chown instead of chmod. The 755 was my user now. Fuck I need vacation.1
Spent the better part of an hour trying to figure out why nginx was throwing a permission error even though I had the proper user/group permissions. Ends up that the entire path to the web root must have +x applied to it, not just the webroot!!2
Smart me.. Updated OS X from 10.10 to the ‘new’ 10.12 just before leaving on my vacation. I’m currently at the boarding gate, wanting to develop some bits and pieces.
Apparently, the update fucked me once more.. My XAMPP server, the Git commands, my permissions, .. Nothing works.. Now I have to google all this stuff to get everything working again, but the Wifi is sooo damn sloooow.
Doubted so many times to install ubuntu on my macbook, but I have no idea how Ubuntu handles the battery life, the led keyboard, the function buttons, … The whole OS X works for me, but once in a while, it fuckes me so hard, I would've liked it if it took me out for dinner once in a while.. :D3
So I broke my beloved Fedora Dist. instead of doing a little "sudo chmod -R 754 ./" on a development folder, I did it on root folder ( / )
Now, OS crashed, and I'm getting infinite loops when booting.
But I'm not even mad. I'm impressed :o7
Monday morning: "Hey uuuh the client receives 3 mails instead of one and only one of them is good, there's a problem, go fix it"
Yesterday, me: - "Hey I've been looking everywhere, made hundreds of tests, there's a problem with the files attached to the mail, they're unreadable"
-" I told you it's in the code, you didn't look deep enough"
This evening: "Umm it seems that there's indeed a permission issue. So I'm gonna rollback everything you've done since Monday"
One year. One year and I live this hell.
Question about permission in `docker-compose`
So far, I've usually used vagrant for local dev. It was nice, as I was able to specify `wack:wack` as owner of all files. However with docker compose, if I connect with exec and use `/bin/bash` I'm logged in as `root`. When I then run composer, it kind of fucks with the file permissions, as after it all new files are owned by root and thus can't be edited with an ide on the "host" system.
One hack that I found suggested creating an user and a group with same uid as on the host and use that instead of root. This just doesn't sound right to me. Any advice on how to handle this situation?6
So I inherited this buggy application my company developed to process state rosters for health care. The daily process fails often and I haven’t been able to figure out why. Then I notice one little thing... it’s essentially using SQL injection as a method of updating records from a file that we receive from outside... there’s no checking for validity of the statements or making sure they’re safe to execute. Just a for in loop and calling a sp to execute the query text under elevated permissions.
So our project decided to create a newsletter. For some reason, I was tasked with writing it, includig layout, recepient database etc.
It is the first newsletter, it is urgent and it is supposed to be send to all the people who so far participated. Means: there was never a "sign up here for a newsletter" thingy on the website. Hence, there is also no "unsubscribe" button.
One could kind of "hotfix" this by making a field, like "enter your email adress here to unsubscribe" and then I get a notification and remove the people from the list. Fine by me. Not so many ppl atm so we got time to set it up properly then.
My boss decides it is my job now to implement the stupid unsubscribe button... I am not the website admin. I have nothing to do with the goddamn website. We have ppl in another city, being paid to manage the goddamn website and it would take them just a few minutes to set the stupid button up, since they know what they are doing and I am not.
I told them from the start: I don't do websites. I have nothing to do with them, I don't want to have anything to do with them. We have people for this.
Why the F is it my job now to implement that stupid button?!
And even when I tried to look into how the other formulas which do similar things are set up: oh you don't have permissions to access that. Lovely!
FAK this shiet <.< It is not my fking job.5
I spent hours trying to figure out why imagettftext() in PHP wasn't working...
Damn file permissions!!3
One week in as an intern and all I've been doing is installing shit and acquiring permissions... The learning curve is fucking high, I don't know how I will manage to just start working with 20 products I've never seen before :/6
Ugh am so done with linux.
I dualbooted ubuntu 16.4 LTS alongside win10 on my new laptop 3 years ago. Back then , the whole os and kernel stuff were new for me, but once i understood how things work in it, i always found linux to be a superior alternative for doing any development related task than windows.
The way terminal gives us sheer raw power to handle services and applications ourselves makes everything easy in linux.
Wanna run a lamp server? Install all parts by yourselves. Problems with the lamp server? You are just 1 command away to know which service/package is causing issue. Some python module fucked up? You can go on checking every package present anywhere on your disk. No permissions? Sudo.
But recently i got so much fed up of its gui. I have gone from 16.4 to 18.4 to 20.4 , but no version seems to handle multiple gui s/w running parallely .
I usually have the requirement to open 2-3 windows of chrome with 30-40 tabs, 1-2 projects of Android studio and studio emulator. But this shit blows even with just 1 project open on studio and nothing else! The even the keyboard and mouse gets stuck when i studio is making a built.
And don't get me started on how slow my system becomes when switching b/w AS and chrome :''( . Maybe there's issue with the dual boot or because i gave very large swap/root partitions when i first dualbooted or something else , but i am in so much pain :/
Finally i went back to win10 a month ago and was a little surprised to find that it sucks a little less now. Aside from the ugly forceful updates, it has been a breeze for working . The builds take longer time (fuck windows defender), but My Android studio (and everything else) does not lag when switching between multiple processes. I even once ran an emulator instance and it was still working fine . The process management of windows is very good.
I have heard that mac is kind of in middle of the 2 and better than both providing rich process management and powerful terminal commands . Waiting for the day when i have enough money(or no longer require my kidney) to buy and maintain a MacBook :/19
Motherfucking windows 10 upgrades. Fucking hell no! They added that piece of shit that they sell as a browser again. Edge? More fucking end me. And why the fuck that shit have all permissions my default. Even those I don't want the OS to have.
But what's even worse...
THE FUCKING MOUSEPAD DRIVER DOESN'T SUPPORT MULTITOUCH AGAIN
I wish I had the time to finally configure get away Form these micro$uckers.3
So today's conversation with my co-worker who built our build system...
Me:OS X build server is not building valid installs.
Him:What's the problem?
Me:The KEXT is not rebuild... I think that Jenkins isn't capable of updating the file because of the permissions the script set when you test compiled it manually... Could you please add Jenkins user to sudoers file or something?
Him:Yes of course, but what should I google?
WTF dude? Do you even think yourself? And for some reason no-one has acces to the build servers configs exept for him and he shows up like 3 times a week...
Company created an FTP account for me on one of their servers as they were lazy to fix file permissions.
24 hours later, they monitored a breach and closed the FTP account.
Just to add that the initial password that they sent me was super weak.1
Question: where on the web can you post questions that do solicit debate (the anti SO)?
I want an opinion on something from outside my own development sphere that likely does not have a right answer.
I've tried Quora but they want permissions to manage my contacts (which is just too scary for me).
Thanks in advance.23
Salesforce is like a great bridge with awesome design... But made of wood and aluminum, it tends to fail and doesn't present any good improve... Fuck you Salesforce and your fucking communities profiles and permissions!!!14
Day 2 of being a Linux (Mint Cinnamon) user. What I like the most is that there's a solution or customisation available for every problem and it's usually straightforward. And let's not forget that you don't have to fight the OS for folder permissions when you're in admin mode.
Migrated my data over from my old drive, installed Steam, got some work done. I like Cinnamon a lot. Need more RAM but that has been years in the making for me.
Just need to get Wine running and find some more cool open source games and tools and I'll be good to go.
Working on a library for a discord bot I'm gonna make.. the library is about 80% done and I can already build a working bot with it. But now all those new questions appear in my head about things I am going to make like "how do I design permissions" and similar stuff.... AM I OVERTHINKING THIS TOO MUCH?!4
I normally have my Windows desktop and my Kubuntu laptop, but I’m on “holiday”, and I only brought my laptop. “I can write a simple research proposal on it, right?”, I thought. Ahahahaha, no. Turns out Libre Office and Mendeley are fucking useless on Linux. I had to give up and use my mum’s prehistoric Windows 7 laptop... Also Snap is “great” in theory (basically a Linux setup.exe, rendering packages pointless), but nothing I’ve tried worked so far. Docker can’t figure its permissions out, Chromium cursors break, and Mendeley doesn’t even detect Libre Office as installed. What a fucking shit show. I love Linux for dev, but no fucking surprise that no sane human being uses it for everyday tasks.16
I cannot understand the reasoning behind anyone using Gitlab instead of Github
I have to use it (gitlab) for a project, and these are my observations:
- clicking on one of the tabs on a project throws an internal server error
- under activity, the creation of the repo is listed under issues activity??
- cannot manage to push, even though I have the developer role (permissions broken?)
Ps: when choosing tabs, typing "gitlab is a" comes up with "gitlab is a joke" as autocompletion ;)6
on live server
me: these root server files have loose permissions.
sudo chmod -rf 644 /*
me: well... 'cd' works, but nothing else.
A customer just asked why my app required certain permissions...
Do people really read permissions before downloading an app?7
The best moments are when you've been struggling with an implementation for a few days, and then things start to work. I had this happen last week. I have a Windows desktop app processing product dimensional data from multiple warehouses, then sending that data across the country and transposing into a data lake, joining several databases, and sending detailed reports. It was a struggle from start to finish, with lots of permissions issues, use cases to consider, and data accuracy. Finally, I break through and when I step back, I get to see this well-oiled machine of conjoined ideas run through to its eloquent, seemingly fleeting, conclusion. That feeling you get that makes you throw your hands in the air for a job well done! It's very exciting.
In the past, apps I've written have used a flat file backend. It's very fast, but obviously clunky to have a big structure of flat files for an app. It ran circles around framework-based RDBMS backends, as performance is concerned, but again, it was clunky. Managing backups and permissions on tens or hundreds of thousands of small files was no fun. Optimizing code for scaling was fun- generating indexes, making shortcuts -but something was still missing. Early in 2017 I discovered redis. A nosql backend that just stores variables and lives almost entirely in memory. Excellent modules and frameworks for every language. It was EXACTLY what I'd needed, even though I didn't know I did. I spent a good deal of time in 2017 converting apps from flat files to redis, and cackled with glee as they became the apps I wanted them to be. Earlier this week, I started building my first app that started with redis, instead of flat files, and I can't stop gushing to anyone who will listen. Redis for president!
I am just student looking for job, and got this pre interview test:
Develop an Android or iOS app with login and password input field, download button, place for image we prvided.
... reading further:
What we are looking for in the code ?
-consistent formatting of the source code
-clean, robust code without smells
-consistent abstractions and logical overall structure
-no cyclic dependencies
-code organized in meaningful layers
-low coupling and high cohesion
-descriptive and intention-revealing names of packages, classes, methods etc.
-single small functions that do one thing
-truly object-oriented design with proper encapsulation, sticking to DRY and SOLID principles, without procedural anti-patterns
-lots of bonus points for advanced techniques like design patterns, dependency injection, design by contract and especially unit (or even functional or integration) tests
-the app should be fully functional, with every state, user input, boundary condition etc. taken care of (although this app is indeed very small, treat it as a part of big production-ready project)
-the app should correctly handle screen orientation changes, device resources and permissions, incoming calls, network connection issues, being pushed to the background, signing deal with the devil :D and other platform intricacies and should recover from these events gracefully
-lowest API level is not defined - use what you think is reasonable in these days
-bonus points if the app interacts with the user in an informative and helpful way
-bonus points for nice looks - use a clean, simple yet effective layout and design
... I mean really ? and they give me like 2 days ?4
For the love of god developers/programmers, don’t put version numbers to your softwares file paths!
It’s the worst when you have to configure permissions and rules, then the folder path changes in every update!2
Crated a small program that would make life with an external hard drive easier.
Part of it includes copying music. Since I didn't have the EHD on me I decided to test this part on my music folder.
After going though circles because of a directory not found folder, I decided that the problem was that I workout one 0 in the spelling of my user directory. Finally, I thought that it was fixed, I was all excited and then "access to directory denied (I'm paraphrasing)", this is my music folder we are discussing here... 😓😒
Samba 4.7.? What the hell?
Some update broke all my plugins and shares.
And now windows refuses to open the fricken shared folder.
At least I can connect to the server again.
But still, wtf!
This thing is keeping me from enjoying my 40Gbit RDMA infiniband network, that little piece of fucken shit SAMBA.9
Some noob in some part of the world responsible for migrating a DB used by an application I developed forgot to migrate permissions apparently and now I can't access the db and he's sleeping while I get a million mails from clients😑😑😑
I’ve 2 great job opportunities and would like to get some opinions from you guys..
The first position is in my home country, I’ve passed the first interviews and (highly advanced) coding test.
I’d have the possibility to contribute to something big that really matters nowadays.
I would learn about lots of stuff that really interests me (security, embedded systems...)
The second position is in another country, I’ve passed the first interview and just received the coding test.
There I could work on a cool project and I’d definitely learn a lot there, too. But more important is that I love the county, there I really feel like “home”, I love the people and culture.
In case both of them want me, it would be really Hard to make my decision..
What would you do in my situation?
- dream job in a country I don’t necessarily like, neither dislike
- cool job in a country I totally wanna settle down sooner or later (but currently wouldn’t have problems getting the permissions and stuff..)?
Thanks in advance:)1
me: *opens dev env using Docker*
me: *makes changes*
project: *permission error*
me: *fixes permissions*
Git: *Can't find a compatible repo*
Lodging a ticket in system A...
Citing the ticket number from A to access the password in system B...
Using the password from B to log into database C...
Then doing our work in C, in which all our DDL and DML permissions have been revoked.
Day #1 on THE other project. Nothing fancy, just setting up my dev env. Got a decent pc with all the required network permissions. And this time I got w10 [last year I was working there on w7 pc via rdp from another w7 laptop. Dont ask...]
of course no localadmin rights to set shit up. Downloaded all the installs, found someone who has admin rights to run them. I even managed to get admin powershell!
Ran all installers, enabled long paths support, env vars, tweak here, tweak there,... Installed git bash to at least have a taste of shell. Decided to try out wsl. Enabled the feature, didnt reboot right away.
Rebooted. 2xclick on ubuntu setup and I get an error claiming wsl is not ebabled. Wtf? Did I do it wrong? I see bash command is there now so I must have done it right. After some googling I found out that even though I can enable wsl, it doesnt work on my version of windows. It's too okd they say. Yeah, tx MS, that's very intuitive and user friendly!
Allright, my hopes to habe a decent sub-os died. Git bash it is :( but I miss tmux soooo much. Then I came across smth that caught my eye. Msys2 it's called. Apparently it's based on cygwin and has a pacman package manager! ´pacman -S tmux´ -- hippee-ka-yay motherfuckers! It's not the best terminal emulation, but it works quite allright and it has tmux. And netcat!
Banished to mouseclickerland still managed to find a good enough shell. Yayy!
So there it is. My first day's ups and downs, disappointments and discoveries.
If you know a better shell I could set up on w10, please, share
I was writing some JS files, and each time I tried to run them, the browser gave me errors on multiple lines. After looking at the source code, editing tons of lines and still not getting any result, I opened the source through the Chromium console and noticed it was different from mine. I thought there was a problem saving the file. Checked folder permissions, restarted Atom and Chromium, but still nothing.
What happened? I had opened the backup file in Chromium. 😩3
Executed chown -R www-data:www-data /var/www on my server without even thinking.
Not long after I panicked for a few seconds while checking if everything was still working. I didn't know if this command would break stuff or not.
So glad all websites are still working.
Now I'm sitting here thinking: was I braindead while executing the command??
All I wanted to do was set the right permissions for certain folders because images couldn't be uploaded with PHP.6
I am not an 'M$ Hater', this isn't anything about their business practices. I'm just a developer who wants to get shit done. Maybe the JVM ecosystem has spoiled me, but I'm on a C# based project right now. Writing the Application logic was fine, C# is a solid language, WCF is an absolute fucking nightmare of a framework; it just seems completely incoherent mash of config files and things you have to do programmatically, all of it catered to super complex use cases leaving a dozen hoops to jump through for even the simple ones. The object model just seems arbitrary to me. But none of that prepared me for the deployment. Just trying to get a Middleware to auto start with the web-server is a whole new level of pain, I've configured the App Pool, the Website, Used ACL to set the permissions, condfigured OWIN keys in several places and still the fucking thing won't start. Also can you believe that just auto starting something is a 'Windows feature' that has to be separately installed? Fuck those guys.
If by any chance someone is reading this who worked on WCF: get bent.
Bring back Kotlin/Ktor, I deployed a simple web-app in about an hour using gretty, the documentation had about 5 easy steps.7
I was looking around an internal app that we use, and found this under group permissions.
Glad they're paying attention.
At one of my first jobs, we were tasked with building a new website for the company. Since we were the first in-house web development team (everything done prior to us had been contracted out), we had NO relevant software or tools available to use because the company had never needed them before.
On top of that, our computers were on complete lockdown: we had no permissions to install anything ourselves, and any software installation requests had to go through a formal review process that took a minimum of a few months for approval.
So: for the first couple of months, we coded everything in Notepad (!) on Windows (so no autocomplete, no syntax highlighting, etc.)...and tested only in IE6, the sole browser we had at our disposal 😮2
My afternoon has been worse than pulling teeth:
Me: "Hey services admin group, I need a ClientSecret generated."
Services Admin: "We can't do that, but we talked to the original dev team and they can. Go to their Slack channel and someone there will do it for you."
Me: "Hey original dev team, can you create a ClientSecret for me?"
Dev Team: "Does your team lead sign off on this?"
Team Lead: "Give him whatever permission he needs!"
Dev Team: "You should be able to give him whatever permissions he needs"
Team Lead: "I cannot"
Dev Team: "We just gave you permissions to give him permissions"
Team Lead: "I don't know how to give him the permissions he needs. Why didn't you just give him permissions"
Dev Team: "This scales better"2
Sometime last year I had an internship at a small company.
Test servers weren't a thing, and after local testing, it would go to production with a backup of the files that we would put back as soon as we notice something was broken or off.
We used symfony and sonata admin was part of the bundle.
One day, boss asks me to show all the items in a table on the admin page instead of 30 rows.
Me being good guy intern say "sure no problem" so after finding the magic number, I set it to 0 instead of 30.
I gave my work reviewed by my supervisor (senior dev there) and he approved it.
I try to upload the file over FTP. No permissions.
Ask the other dev what it's about, his response: "no idea"
So he tries, fails and decides to try SSH.
Somehow, after fiddling for 20 minutes with ssh, we managed to upload the file.
As soon as we did we hear a scream from the boss's office, we refresh the site, and no matter what page we went to, all we saw was white and the logo of the company in the top left corner.
So this time, we fiddled around with ssh to restore the file for 20 minutes.
Finally succeed all goed back to normal.
A little while later, we call a meeting with the bosses and ask to rewrite the website, BAM, we get approval.
We said "two weeks tops", well that lasted 3 months.
In the end bosses are Uber happy with the work and everything ended well.
Also, development speed has multiplied.
when you get mad at your dumb mac laptop and 777 your user directory because apple does dumb things with permissions.1
The moment when you just wanna fetch data from instagram API and they ask for "Instagram User Experience Video" for permissions. #FU Facebook #FU Instagram
Currently working on the most frustrating Wordpress build I’ve ever worked on. The page template I’m trying to access isn’t in the page page-templates directory with all the others. I have no ability to upload via FTP as my permissions won’t allow it. The Wordpress editor has been disabled but I can’t see how. I also don’t have the ability to upload any plugins to help me at least find where this file is.
Fuck this shit. Fuck Mondays.4
What is your experience; Is GitHub worth (feature-wise) the 7$/month in the basic plan?
I am currently running my own GitLab on an Odroid because I need unlimited private repos for freelance work. This basically works great, but updating GitLab and fixing "server" issues emerged to be quite a lot of work. Also, I prefer the GitHub UI over the new GitLab one and GitLab is (may be due to my low-spec Odroid) terribly slow for me.
On the other hand, it gives me ultimate freedom on groups, repo-permissions, client-accounts for bug-tracking, ...
How much freedom does the GitHub "Developer"-option offer? Is someone using it for freelance projects and has some experience to share? Thanks in advance!4
Built an application real fast that rename files you drag into a specified folder and spits them out into a folder on your desktop. I had a bunch of file permissions issues because it was in a “while(true)” loop and it constantly watched the folder. Instead of checking whether Windows was done moving the file or whatever so I could take control of it, I just threw a try/catch block in there.
It worked perfectly.2
I'm currently using team viewer to access a computer of a colleague because only they have access to a vpn I need. So once I'm on the VPN I can then ssh into a ec2 instance. There are several ec2s I need to access but I've only been given direct access to one. Once inside that ec2 I can use it to ssh into the other ec2s....
Life isn't supposed to be this hard2
A question, because we currently discussing it at work:
We want to add a permission role system and we will have kind of fixed permission roles like a role without any permissions, a support role with some permissions and an admin role with all permissions. Should I add role entries in migrations?
The role system wouldn't be very generic anymore.
But we need e.g. a default role for new users and I don't know how to do it, without a fixed role in db.
Maybe you all have an opinion on it.2
Windows should ask you how computer literate you are upon its installation. That way, advanced users wouldn't need to see beginner level advice and would get easier access to 'complicated' stuff, without needing to go through countless permissions. Inspired by @coder67's post.2
Why is linux such a bitch when it comes to mounting ntfs partitions >_> Every time I tried it it either had the wrong permissions or it failed. In the end I simply decided to format it as ext4, luckily there was nothing on it yet.6
What are the different ways by which an Android can play an audio?
I was recently doing a research on Android audio. And i wanted to know which libraries are responsible for audio/video play.
As far as i know media player and exo player are the two libraries which can be used to play user variety of audio/video files, application's raw/asset files and online stream files. Are there any other sounds beside system sounds which i forgot or other libraries which are also used for media playing?
And also what about these system files? Can we access system ringtones and notifications/ alarm tunes in a normal, non-rooted phone? I remember that my previous phone's music player (android kitkat maybe) was able to pick some system ringtones. Is it still possible now(android lollipop nd above) ?
Although i guess music in Android assets or raw files of some other app won't be accessable to my app, unless i am having screen record permissions?
pip kept screwing me up with permission issues in /usr/local etc. Changed permissions for respective python folders, still got pip permission errors,did a chgrp - R user /usr.
Have to reinstall :/4
Saw a movie related to Data Security and Data privacy. The movie ended 1 hour ago and i am now terrified how my data is going to end up somewhere where it can be misused .Frantically removed all app permissions from my mobile. Wonder how many days it will last. But now after hearing such gory details , i wonder how i can keep my interests safe in this world. I am now even afraid to give my laptop for changing its battery.. Thinking of wiping all possible compromisable data. But dont know how to.
How will technologies like blockchain affect this ? Will it make it worse or is it trying to make it better..?11
AWS ECS UI wasn't designed for machines or humans.
Created a task/service/cluster with default suggested Roles.
Service task fails to get image from ECR repository using the said permissions suggested in the docs defined in the default roles.
You only had one job. 😠
How not GTD.
Useful tool spotted:
I got tired of having to take ownership and grant administrator privileges for protected Registry keys and files during the various tests I perform on my Windows PC. I coded ExecTI, a lightweight, tiny software, which allows you to execute a program as TrustedInstaller, then you are able to access protected resources like certain Registry keys and files owned by TrustedInstaller.Starting with Windows Vista, even if an app is running elevated, it may have no access to certain Registry keys and files. A new security model introduced in Windows Vista comes with a special user account, TrustedInstaller, which is set as the owner for such files and Registry keys.
“It can be done manually or via RegOwnershipEx”
…or you could simply open the registry editor with TrustedInstaller privileges (I have in mind the ExecTI tool) and then to directly delete the TLD key, i.e. without needing to first change permissions and take ownership (my guess is you know this, sorry; adding it for general knowledge mostly)
Amazon alexa is here for plex.
(You can yell at plex to play something)
But it seems it might need some permissions or something.
Anyone tried sudo <command> yet?
This happened to me sometime back.
I want to try out a WordPress plugin in my local machine before installing on a production server. It is an Ubuntu machine. Downloaded and installed Xampp, then setup WordPress with MySQL. Now tried uploading the plugin zip file, it throws some permission error, asking to fix permissions or use FTP. I thought of just chmod 777 recursively for the WordPress directory to fix this easily.
Ran the command, looks like it is hung. Terminated using Ctrl+C and then ran the same command. Again it is taking much time. It should not take so much time to recursively change the permission of just a WordPress directory. Thought something was wrong. Before I realized the damage is already done.
Looks like I ran the command
sudo chmod -R 777 /
sudo chmod -R 777 ./
Fuck, I missed a dot in the command and it is changing permissions of everything in my machine. Saw the System monitor, CPU usage spiked to 100%. I can't close or open any program. Force shutdown the machine using the power key. It didn't boot again. Recovery mode didn't help. Looks like there is no easy way to restore back from this damage. Most of the files I need are backed up in the cloud, still, need a few more personal files so that I can format and reinstall Ubuntu. Realised I have Windows in dual booting. Boot into Windows and used some ext4 reader to recover the files, formatted and reinstalled the OS. Took a few hours to get back to my previous setup.
Lesson Learned: Don't use sudo unnecessarily.
Double check the command while executing.
Running a wrong command with root permission can fuckup your entire machine.
Thanks google for making it so fucking damn difficult to authenticate G Apps users and check their groups/org unit. Makes my fucking work so much harder! To make matters worse you decided that that if I want to get the information in a seprate call I have to use a seprate admin account to do it because apparently letting the user see it is to fucking hard.
Need opinions: When your knowledgeable colleague backend-developer chooses 1,2,4,8,16 as enum values instead of 1,2,3,4,5 (for roles associated with permissions, which may be cumulatable) in order to be able to do bitwise operations, is it a sound decision for this scenario? Is it a best practice, just as good, or pedantic?
I want to master bitwise but have a hard time grasping such operations as quickly as logical ones.12
Dashlane password manager is my workflow nemesis. I have dozens of sites to manage and my only way into them is through this buggy and unreliable crap software. So much time is lost having to delete an entry that inexplicably stopped working, then waiting for someone with share permissions to reshare it, only to find that it still isn’t working, another reshare and then it suddenly does work. But then the Chrome extension won’t sync unless I log out and log back in. And then I have multiple entries for the same site with no clear indicator of why nor which one is the real one that actually works.
Can’t get rid of it because the company has standardized on it. Not my decision to make.5
Getting pissed off with eBay and Amazon APIs! eBay’s is completely screwed and the sandbox site doesn’t even work.
Amazon have great API’s but getting accounts to link and have the right permissions is a complete joke!
Thank you so effing much for telling me "Insufficient permissions in the host operating system", VMWare.
Care to be more specific about what permissions are missing? Apparently not...
I love how my boss wants to use libraries for everything, even the most minor task needed he looks up for a library to do it, I think that sometimes he even spends more time looking for a library than the time he would spend writing the functionality
e.g. Roles for routes permissions, dude, you have the users role in session you can just write a middleware with ~15-20 lines of code to get them rid of the route come on
Are native Android apps easier to write now than like back in KitKat days?
I need a app that gets root permissions and reads a db file of another app (Yes my phone is rooted).
Anyone can give a gist, I forget do I need to create a Service background worker to do the DB reads... Or just need to send the op to a bg thread with a UI callback sorta like Node...
I did try writing a ReactNative app maybe last year just to try it out but can't seem to easily get root access... And the SQLite package is buggy, couldn't npm install on Win10...14
> Be me
> Fresh out of school
> Do some volunteer work for 1 year before starting to work
> Start work at local hospital
> One day get assigned new task
> "We have this directory where there is a file for every employee who has a key - File contains legal stuff"
> Current naming scheme "MaxMustermann"
> Desired naming scheme "Max Mustermann"
> Task: rename every file.
> 1974 Files
> Hol up buddy
> A repetetive automatable task?
> I know this
> Im a hackerman
> Let's write a script....
> *SMASHES WINDOWS BUTTON*
> No results
> I could have guessed that
> *SMASHES WINDOWS BUTTON*
> No Java compiler
> OH no
> *SMASHES WINDOWS BUTTON*
> "tHe eXEcUTIon oF poWeRsheLL sCriPts Is dIsAbLeD"
> *SMASHES WINDOWS BUTTON*
> "YOu dO noT haAV thE rEqUiReD peRmIsSionS To oPeN tHis proGrAm"
> Wait this is windows.
> Windows ships with .NET
> *SMASHES WINDOWS BUTTON*
> No results
> mfw I have to rename 1794 files by hand.
( Please send help )7
I like the people I work with although they are very shit, I get paid a lot and I mostly enjoy the company but..
Our scrum implementation is incredibly fucked so much so that it is not even close to scrum but our scrum master doesn't know scrum and no one else cares so we do everything fucked.
Our prs are roughly 60 file hangers at a time, we only complete 50% of our work each sprint because the stories are so fucked up, we have no testers at all, team lead insists on creating sql table designs but doesn't understand normalisation so our tables often hold 3 or 4 sets of data types just jammed in.
Our software sits broken for months on end until someone notices (pre release), our architecture is garbage or practically non existent. Our front end apps that only I know the technology have approaches dictated by team lead that has no clue of the language or framework.
Our front end app is now about 50% tech debt because project management is so ineffectual and approaches are constantly changing. For instance we used to use view models for domain transfer objects... Now we use database entities, so there is no commonality between models but the system used to have shared features relying on that..sour roles and permissions are fucked since a role is a page regardless of the pages functionality so there is no ability to toggle features, but even though I know the design is fucked I still had to implement after hours of trying to convince team lead of it. Fast forward a few months and it's a huge cluster fuck to enforce.
We have no automated testing of any sort or manual testing in place.
I know of a few security vulnerabilities I can nuke our databases with but it got ignored.
Pr reviews are obviously a nightmare since they're so big.
I just tried to talk to scrum master again about story creation since any story involving front end ui as an aspect of it is crammed in under one pointed story as sub tasks, essentially throwing away any ability to calculate velocity. Been here a year now and the scrum master doesn't know what I mean by velocity... Her entire job is scrum master.
So anyway I am thinking about leaving because I like being a developer and it is slowly making me give up on doing things to a high standard and I have no chance of improving things, but at the same time the pay is great and I like the people.
One of the worst practices in programming is misusing exceptions to send messages.
This from the node manual for example:
> fsPromises.access(path[, mode])
> fsPromises.access('/etc/passwd', fs.constants.R_OK | fs.constants.W_OK)
> .then(() => console.log('can access'))
> .catch(() => console.error('cannot access'));
I keep seeing people doing this and it's exceptionally bad API design, excusing the pun.
This spec makes assumptions that not being able to access something is an error condition.
This is a mistaken assumption. It should return either true or false unless a genuine IO exception occurred.
It's using an exception to return a result. This is commonly seen with booleans and things that may or may not exist (using an exception instead of null or undefined).
If it returned a boolean then it would be up to me whether or not to throw an exception. They could also add a wrapper such as requireAccess for consistent error exceptions.
If I want to check that a file isn't accessible, for example for security then I need to wrap what would be a simple if statement with try catch all over the place. If I turn on my debugger and try to track any throw exception then they are false positives everywhere.
If I want to check ten files and only fail if none of them are accessible then again this function isn't suited.
I see this everywhere although it coming from a major library is a bit sad.
This may be because the underlying libraries are C which is a bit funky with error handling, there's at least a reason to sometimes squash errors and results together (IE, optimisation). I suspect the exception is being used because under the hood error codes are also used and it's trying to use throwing an exception to give the different codes but doesn't exist and bad permissions might not be an error condition or one requiring an exception.
Yet this is still the bane of my existence. Bad error handling everywhere including the other way around (things that should always be errors being warnings), in legacy code it's horrendous.6
After dealing with npm libs access permissions for an hour, glorious chmod -R 777 came to the rescue.3
"No, the Client doesn't like stored procedures so we have done all our TL parts of the ETL using a bunch of views on top of views on top of views."
Wish I could have been here at the start so I could have pushed back, sigh.
Siiiggghhhh, yet the client is anal about performance and even consistency in SSIS packages.....siiiggghhhhhh but we dont have SHOWPLAN permissions or even sp_who2 access...siiiigggghhhhhh.
If i expanded one of the final views, would be like 1k lines. For the amount of data, we move, there shouldn't be any noticeable processing time but it can take anywhere from 10mins to an hour.2
Need some advise from all you clever devs out there.
When I finished uni I worked for a year at a good company but ultimately I was bored by the topic.
I got a new job at a place that was run by a Hitler wannabee that didn't want to do anything properly including writing tests and any time I improved an area or wrote a test would take me aside to have a go so I quit after 3 months.
Getti g a new job was not that hard but being at companies for short stints was a big issue.
My new job I've been here 3 months again but the code base is a shit hole, no standardisation, no one knows anything about industry standards, no tests again, pull requests that are in name only as clearly broken areas that you comment on get ignored so you might as well not bother, fake agile where all user stories are not user stories and we just lie every sprint about what we finished, no estimates and so forth, and a code base that is such a piece of shit that to add a new feature you have to hack every time. The project only started a few months back.
For instance we were implementing permissions and roles. My team lead does the table design. I spent 4 hours trying to convince him it was not fit for purpose and now we have spent a month on this area and we can't even enforce the permissions on the backend so basically they don't exist. This is the tip of the iceberg as this shit happens constantly and the worst thing is even though I say there is a problem we just ignore it so the app will always be insecure.
None of the team knows angular or wants to learn but all our apps use angular..
These are just examples, there is a lot more problems right from agile being run by people that don't understand agile to sending database entities instead of view models to client apps, but not all as some use view models so we just duplicate all the api controllers.
Our angular apps are a huge mess now because I have to keep hacking them since the backend is wrong.
We have a huge architectural problem that will set us back 1 month as we won't be able to actually access functionality and we need to release in 3 months, their solution even understanding my point fully is to ignore it. Legit.
The worst thing is that although my team is not dumb, if you try to explain this stuff to them they either just don't understand what you are saying or don't care.
With all that said I don't think they are even aware of these issues somehow so I dont think it's on purpose, and I do like the people and company, but I have reached the point that I don't give a shit anymore if something is wrong as its just so much easier to stay silent and makes no difference anyway.
I get paid very well, it's close to home and I actually learn a lot since their skill level is so low I have to pick up the slack and do all kinds of things I've never done much of like release management or database optimisation and I like that.
Would you leave and get a new job?2
Another great website error code fail (dumped its full error output to the website):
Traceback (most recent call last):
File "/usr/lib/python2.4/site-packages/trac/web/api.py", line 436, in send_error
File "/usr/lib/python2.4/site-packages/trac/web/chrome.py", line 808, in render_template
template = self.load_template(filename, method=method)
File "/usr/lib/python2.4/site-packages/trac/web/chrome.py", line 768, in load_template
self.templates = TemplateLoader(
File "/usr/lib/python2.4/site-packages/trac/web/chrome.py", line 481, in get_all_templates_dirs
for provider in self.template_providers:
File "/usr/lib/python2.4/site-packages/trac/core.py", line 78, in extensions
return filter(None, [component.compmgr[cls] for cls in extensions])
File "/usr/lib/python2.4/site-packages/trac/core.py", line 213, in __getitem__
component = cls(self)
File "/usr/lib/python2.4/site-packages/trac/core.py", line 119, in maybe_init
File "/usr/lib/python2.4/site-packages/authopenid/authopenid.py", line 157, in __init__
db = self.env.get_db_cnx()
File "/usr/lib/python2.4/site-packages/trac/env.py", line 335, in get_db_cnx
File "/usr/lib/python2.4/site-packages/trac/db/api.py", line 90, in get_read_db
return _transaction_local.db or DatabaseManager(env).get_connection()
File "/usr/lib/python2.4/site-packages/trac/db/api.py", line 152, in get_connection
return self._cnx_pool.get_cnx(self.timeout or None)
File "/usr/lib/python2.4/site-packages/trac/db/pool.py", line 172, in get_cnx
return _backend.get_cnx(self._connector, self._kwargs, timeout)
File "/usr/lib/python2.4/site-packages/trac/db/pool.py", line 105, in get_cnx
cnx = connector.get_connection(**kwargs)
File "/usr/lib/python2.4/site-packages/trac/db/sqlite_backend.py", line 180, in get_connection
return SQLiteConnection(path, log, params)
File "/usr/lib/python2.4/site-packages/trac/db/sqlite_backend.py", line 255, in __init__
TracError: The user apache requires read _and_ write permissions to the database file /home/trac/morituri/db/trac.db and the directory it is located in.
Tried to explain to the department lead that having devs spend more time documenting what we spend time on, asking for permissions to do anything doesn't make the project go faster.
Leads might feel good about having better overview for themselves, but in reality you just slowed down, demotivated and annoy the entire team of people doing the actual work. Noone wants to or will do overtime because we have to ask for permission first. And you took away one good dev to spend his entire days in meetings instead of actually doing any real work on the project.
Last nite, one of my projects started crashing with a ClassCastException because it couldn't cast a string to a boolean, inside an if. This is Java. You can't even run a project if you evaluate a string inside an if. Has anyone seen such a thing before? I'm running BBQLinux which at least for me it has a lot of permissions issues and somehow things got so f'd up that it even messed up the Android image to a point that the compiler couldn't find a method to set a string into a TextView. I'm not kidding.2
!rant && advice
Shall I use EasyPermissions library from google to handle permissions or do the permissions native way?
My app will not be available on Google Playstore, so for the SDK version below 23 they'd have to manually give permissions or so I know...
Please help me
Is there a good way to refresh user permissions in an ASP.MVC app? Right now our solution is to save the updates and have the user close out of their browser/clear the cache so the updates can take place but wonder if there's a way to refresh the application itself.1
😢... Built a mobile app with React Native, the app implements Navigator api in JS to get coordinates. It works perfectly on 6.0 and below, but fails on 7.0 to be specific, Nokia 2 (it returns the same coordinates regardless of the location). How to go about this? What other library can I use to get coordinates?
PS: I have checked the permissions and they are set.
My sister (12 years my senior) was the first to get a PC that I got access to. Played a lot of Transport Tycoon in it. I still remember the commands to start the game from dos. She showed me Windows 95 one time but I never liked it. Why would anyone need a GUI if the CLI is available?
My love for code started back then I would say.
A year later I got a PC at home. I would be up all night browsing the local BBS until my mother for the first bill... Let's say we were among the first family in our town that got ISDN and a bit later DSL.
Never got a single virus. Partially because I never could understand how people would click the random button and partially because I setup the account for my mother without admin permissions. She was happy with that arrangement until I moved out
Work email conversation with a COTS app support tech:
Tech: Could you provide me the following from Sql Server? (instructions followed)
Me: I am not the DBA, but I've sent them the request.
Tech: Could you send me the following from Sql Server while we wait? (Instructions followed)
Me: As I said, I don't have permissions to access what you want.
Tech: Oh, I see now, you most likely don't have proper access to be able to retrieve the information.
Me: ..yeah. Thanks.
Wtf do some tests before releasing your software! Changing /tmp permissions to 600 is not supposed to happen you i***t!4
My new team for some reason always ask me to shelve (TFS) the biggest changes before making checkins to STAG.
I don't even have permissions to create branches and they don't want me to make multiple checkins just a big one at the end of the feature because they say it's confusing, which is something strange for me as I am used to commit frequently.
I had already told them why I wanted a branch but they don't want it...
Today was the day!
The guy that was testing my feature unshelved my changes to his local folder and then proceeded to click on undo changes.
It took a week of hard work to do it...
He asked me if it wasn't me, he doesn't even admit.
Now he's asking me if I can do it today....6
Hey y’all! I’m having a good time with golang so far! However, it’s so damn frustrating to have to give it admin permissions every time I need to restart my program when making anything with networking. Is there any work arounds to this without giving my account admin?7
Permissions service that allows users completely unknown to the system full access.
If you happen to be a known user, but just happen to hate being restricted, just remove the connection configuration on the client side, you get full permissions anyway.
Fucking Samsung should get their shit together. I can't even disable default apps on my phone I had to individually disable permissions for all my app settings.
PS: If anyone received any nude pics of mine, it was totally not intentional. ^_^
Thanks have a great day. :)4
Don't fucking force your skewed rationale into a forum app.
Need immediate help!
Developing a camera dependant website that runs in an android container but struggling to access camera as it is android kit kat (old permissions model) ! If anyone knows anything you might save my skin!5
I threw some random android adware i found into a virtual device on my laptop (while swapping like a motherfucker, ofc) and it turns out, aside from the Draw over Other Apps, Install Apps, Location, and Storage permissions, and the blank name/icon, it's an honest-to-God working global ad blocker via VPN. It's shipping your traffic to China and filling your device full of more malware, but it's blocking ads too, so...? Is it worth gutting to remove the bullshit? (Can Android Studio do that?)5
Ok, so for past 1 whole day I am trying to make vhost work on my brand new laptop, running Ubuntu 16.04 LTS... When I installed OS, I've set hard disk encryption, and on top of it - user home folder encryption. Don't ask me why I did both.
Setting up vhost is simple and straight forward - I did it hundreds, maybe thousands of times, on various Linux distros, server and desktop releases alike.
And of course, as it usually happens, opposed to all logic and reason - setting up virtual host on this machine did't work. No matter what I do - I get 403 (access not allowed).
All is correctly set - directory params in apache config, vhost paths, directory params within vhost, all the usual stuff.
I thought I was going crazy. I go back to several live servers I'm maintaining - exactly the same setup that doesn't work on my machine. Google it, SO-it, all I can see is exactly what I have been doing... I ended up checking char by char every single line, in disbelief that I cannot find what is the problem.
And then - I finally figured it out after loosing one whole day of my life on it:
I was trying to setup vhost to point to a folder inside my user's home folder - which is set to be encrypted.
Aaaaaand of course - even with all right permissions - Apache cannot read anything from it.
As soon as I tried any other folder outside my home folder - it worked.
I cannot believe that nobody encountered this issue before on Stackoverflow or wherever else.9
How do you protect your team's git remotes?
We tend to protect the master and stage branch from force pushing and only allow merging pull requests after successfull recent tests and successfull review by someone with proper permissions. Depending on the project the Dev branch is only protected from force pushing though. All other branches are free to handle however wanted.
We recently had someone do a "git push -f --mirror" without understanding the command. Quick reminder what that does: it mirrors all your local branches to the remote so that the remote will be a mirror of your local repo. Branches that exist on remote but not on your machine will be removed from the remote.
A then needed to work from B's feature branch but of course that was gone... So while the idiot didn't fuck up our protected branches he still fucked over other people's workflow with that.
Is there an alternative to outright blocking force pushes which could have prevented that (except force pushing intelligence into his brain)?7
Have you ever stuck between user permissions, docker, Jenkins and Linux?
Running a docker with a particular user that doesn't have permission to folder inside container. user permissions should be same on host and inside container. When I did that container user does have permission of certain file on the host.
Successfully wasted my day on fucking things.
I have to again start with this tomorrow wish me a luck.4
Someone asked me to check on his Wordpress site. Can't upload media. 'Failure to write to disk' Updating fails too. Directory and file permissions are ok. Server has enough space. Cleared tmp. Any more ideas?9
Hmmm, I cant upload rant with image by Nougat. Ok, I gave permissions to local storage manually, but still I can see only spinning loading wheel and after few second it just disappear. Whyyyyyy?2
Does anyone know why I'm not getting any notifications anymore? I have them activated in the settings and I haven't changed anything in the system settings (i.e changing android permissions).
I recently upgraded my S7 to android 8 if that helps8
Wasted 3 hrs on this today:
-Wanted to control pi gpio pins from php web server
-shell_exec(gpio write x x) wasnt working for me
-made a python script for gpio toggling which i wanted to execute with shell_exec
-still not working. Changed permissions, changed code , did everything possible SO MANY TIMES!
-Turns out if i had added a '-g' in the gpio write command..it would have worked in the first place!
When work says here you know java fix this Javanese application, you have to use this editor with these tools we will give you java 7 your tools need java 8 but that's okay we will install that later not give you admin on your box and not set your path to use the java 8 Jew included with the JDk and wouldn't give the standard Jre because I don't have a business case even though I just need java 8 to jun the tools. Oh well I guess I get paid for trying to figure out how to get it to run without permissions and with a virtualized development application1
Even if i normally don't belive thoose things, since i heard from the devil i cannot execute chmod 666...
I have been working on a long time, low progress project of mine that keeps on giving and giving.
Let's begin like two years ago where I dipped my toes into "more then gigabit" networking thanks to a Linus Techtips video about infiniband.
I had the dream of booting my Workstation from my NAS, a so called diskless setup.
Well, since I run FreeNAS on my Nas , a very nice Freebsd based Nas OS, everything's gonna be good.
In the beginning, there was no infiniband support.
Turns out, you don't need it, since the mellanox CX2 nics can do ETH too.
Just took me a few weeks of anger.
So, to be able to boot something over the network, you need firmware that finds the bookable stuff and loads it.
That protocol and firmware is called PXE.
PXE needs a DHCP telling it what to do, and what is where and etc.
Freenas here I come! Installing dnsmasq on the actual freenas install turned out to be not that great of an idea because freenas thinks of itself as being an "appliance" that you don't fiddle with. So things work, until you update/ upgrade when everything will basically be wiped, except what you have done through the ui.
Ok. So I gona use a jail, a container like thing for that.
Everything is great, jail has internet, everything Installs fine, what could go wrong?
Dnsmasq can launch and work, but not as dhcp server. Some thing about permissions.
Turns out, jails have permission like things.
A few days of head scratching later, it has ALL the permissions.
Dnsmasq still can't work as DHCP server though, why you ask?
Because it needs a specific kernelmodule that isn't contained in the jail. Since jails are kind of like a docker container, they run on the same OS kernel, who does not have this module, I'd need to patch the freenas, which is an appliance, so fuck that.
Like a year later, freenas has finally added good VM support, so why not make a VM for the dhcpserver?
Well, about a year ago, I didn't know that the virtual Intel nic is a fucken unstable piece of garbage, crashing nearly any OS at some point.
So that was it for a while again.
Now to the last few weeks.
Finally dnsmasq is running in a freebsd VM with a good and working configuration which is rather simple, if those tutorial fuckers out there would explain shit instead of just telling you to copy, paste and replace X.
Now back to the PXE side.
I'm using iPXE because I have no clue how to boot anything over tftp so iSCSi it is, since that is what I can relate too.
The idea behind iscsi is to fake a SCSI disk over the network. Attached devices appear as if they are actually directly connected to the machine instead of over the network.
iPXE gets a lease from the server, can connect to it, everything is fucken great. Finally.
Except that if it "sanBoots" the iscsi drive, it can't find anything to boot.
If I attach a Linux live USB over iscsi, it boots, finds grub, and crashes because the live iso isn't configured for network-boot.
But it boots.
So what's so different?
Well iPXE is booted in legacy mode, where as the content of the target is windows 10 in efi mode.
Ok. Can I get iPXE to boot in EFI mode?
Well yes, after like 3 days fiddling with it.
But it only finds the onboard Intel nic instead of the new Mellanox CX3 cards, and can't even connect to the target....
Sooo, I guess my options are as follows.
Either, get PXE efi to work on the network cards directly, its called flexboot and might be able to since I just found some firmware options for that.
Or give up on efi and install windows in legacy mode.
Which isn't that easy when it has to end up on a drive on my nas.
I made an Android app that has Root permissions but when I upgraded from 9 to 10, the OS wouldn't allow it to be installed. All my ..... Just fuck and fill it out and non-root apps were fine though.
Anyone know when changed and how the new way of getting root is?2
Is their a better way than ASP Identity Claims to verify permissions before accessing a page? Refreshing claims in every page load doesn’t seem to be a great solution. Thinking about some sort of permissions middleware. I need to check those IsAdmin roles before any admin area data is accessed. What techniques are you using for authorization in your code base?3
I really like devRant's community. I just don't feel very well using the closed-source app, which is very well done and works nice, but I'd feel more comfortable using an open source app with a public repository that everyone can look at instead of a closed-source app with storage and location permissions access. Indeed I would be fine enough with a mobile version of the web app too, but it doesn't seem to be in devRant's developers plan. I've once seen someone creating its own devRant app. Is there any public APIs? Is someone already thinking about this?1
Using Sudo to run a node script that interacts with GPIO pins on Ubuntu (Minnowboard). The permissions suck.
React native: Is a bare workflow better or Expo for my first time building with it? I've already gone with expo quite a bit of the ways and im finding that I have to use expo's libraries (location, permissions, ext) if i want my life to be made easy. Cause i cant use react-native cli to link libraries automatically or open them in xcode to link manually sense they're not technically xcode apps.
Is that the only answer with expo is to just use all the expo libraries in effort to stay compatible and not handle more overhead ?4
how do you deal with permissions? more about giving user specific features with optional limitations. connectable to billing...
Idea - possibly a bad one - visual studio extension that hits a database to display possible values to supply as a method argument. With caching of course..
I'm thinking along the lines of permissions in a database that at some point have to be hard coded against code to enforce them. Stuff like that.
Possible or beyond stupid?7