Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "permissions"
Boss: Our customer's data is not syncing with XYZ service anynmore!
Me: Ok let me check. Did the tokens not refresh? Hmm the tokens are refreshing fine but the API still says that we do not have permissions. The scopes are fine too. I'll use our test account... its... cancelled? Hey boss, why is our XYZ account cancelled?
Boss: Oh, "I haven’t paid since I didn’t think we needed it" (ad verbatim)
The nightmare continues.
Currently dealing with a code review from a “principal” dev (one step above senior), who is unironically called a “legendary dev” by some coworkers. It’s painfully obvious he didn’t read the code, and just started complaining and nitpicking.
It’s full of requests to do things that make absolutely no sense, and would make the code an unmaintainable mess.
• Ex: moving the logic and data collection from the module’s many callers into the module instead of just passing in the data.
• Ex: hiding api endpoint declarations by placing them in the module itself, and using magic instance variables to pass data to it. Basically: using global functions and variables instead of explicit declarations and calls.
• Ex: moving the logic to determine which api endpoint to use, for all callers, into the view.
More comments about methods being “too complex” (barely holds water) right next to comments saying “why are these separate? merge them together!”
Incredulously asking how many times I’m checking permissions and how ridiculous it all is. (The answer? Twice.)
Conflating my “permissions” param and method names with a supposedly forthcoming permissions system overhaul, and saying I shouldn’t use permissions because my code will all have to get rewritten. Even if that were true, and it’s likely not, the ticket still needs to use the current permissions. I can’t just ignore them because they might be rewritten someday.
Requests to revert some code cleanup because the reviewer thought the previous heavily-nested and uncommented versions (with code duplication) were easier to read. Unsurprisingly, he wrote them.
On the same ticket, my boss wants me to remove all styling and clientside validation, debouncing, and error messages from a form. Says “success” and “connection failed” messages are good enough. The form in question sends SMS and email using arbitrary user input for addresses. He also says it shouldn’t be denounced on the server, and doesn’t want me to bother checking permissions. Hello, spam!
Related: the legendary dev reviewer says he can’t think of a reason why we would want to disable the feature for consumers, so I should remove the consumer feature flag.
You can’t make this stuff up.9
Worst hack/attack I had to deal with?
Worst, or funniest. A partnership with a Canadian company got turned upside down and our company decided to 'part ways' by simply not returning his phone calls/emails, etc. A big 'jerk move' IMO, but all I was responsible for was a web portal into our system (submitting orders, inventory, etc).
After the separation, I removed the login permissions, but the ex-partner system was set up to 'ping' our site for various updates and we were logging the failed login attempts, maybe 5 a day or so. Our network admin got tired of seeing that error in his logs and reached out to the VP (responsible for the 'break up') and requested he tell the partner their system is still trying to login and stop it. Couple of days later, we were getting random 300, 500, 1000 failed login attempts (causing automated emails to notify that there was a problem). The partner knew that we were likely getting alerted, and kept up the barage. When alerts get high enough, they are sent to the IT-VP, which gets a whole bunch of people involved.
VP-Marketing: "Why are you allowing them into our system?! Cut them off, NOW!"
Me: "I'm not letting them in, I'm stopping them, hence the login error."
VP-Marketing: "That jackass said he will keep trying to get into our system unless we pay him $10,000. Just turn those machines off!"
VP-IT : "We can't. They serve our other international partners."
<slams hand on table>
VP-Marketing: "I don't fucking believe this! How the fuck did you let this happen!?"
VP-IT: "Yes, you shouldn't have allowed the partner into our system to begin with. What are you going to do to fix this situation?"
Me: "Um, we've been testing for months already went live some time ago. I didn't know you defaulted on the contract until last week. 'Jake' is likely running a script. He'll get bored of doing that and in a couple of weeks, he'll stop. I say lets ignore him. This really a network problem, not a coding problem."
IT-MGR: "Now..now...lets not make excuses and point fingers. It's time to fix your code."
IT-VP: "I agree. We're not going to let anyone blackmail us. Make it happen."
So I figure out the partner's IP address, and hard-code the value in my service so it doesn't log the login failure (if IP = '10.50.etc and so on' major hack job). That worked for a couple of days, then (I suspect) the ISP re-assigned a new IP and the errors started up again.
After a few angry emails from the 'powers-that-be', our network admin stops by my desk.
D: "Dude, I'm sorry, I've been so busy. I just heard and I wished they had told me what was going on. I'm going to block his entire domain and send a request to the ISP to shut him down. This was my problem to fix, you should have never been involved."
After 'D' worked his mojo, the errors stopped.
Month later, 'D' gave me an update. He was still logging the traffic from the partner's system (the ISP wanted extensive logs to prove the customer was abusing their service) and like magic one day, it all stopped. ~2 weeks after the 'break up'.8
I need a new 'main' language to do all my projects in as java is kind of grinding away at my psyche.
Golang I liked quite a lot when I used it for my job a year ago, I'll give that a try..
Golang installed and up and working fine.
Oh, I know lets see if there are GLFW bindings for golang. And sure there are lets go!
Oh I need gcc and mingwex + mingw32 which I will acquire through cygwin.
hmm.. mingwex + mingw32 not found and my drive is almost full. I'll reinstall on my D:\ drive before continuing troubleshooting.
> Delete C:\Cygwin Access denied.
> cmd rmdir c:\test /s /q Access denied.
> Change permissions Access denied.
No problem I just don't own this object!
> Change to be the 'object owner' Success!
> Change permissions Success!
> Delete C:\Cygwin Access denied.
> cmd rmdir c:\test /s /q Access denied.
> takeown /F C:\Cygwin /A /R /D Y Success!
> cmd rmdir c:\test /s /q Access denied.
At this point it would be more efficient to manually open up my ssd, and using a fridge magnet change every single bit to be exactly what I want it to be.
Or install linux.7
Today I found out when a user logs in in this piece of crap: 59 calls to the api just to get user permissions 😤
Why I love Salesforce 👀
- Run a test method
- failure: no field found
- checks test, queries field
- checks field security (access permissions) visible to user
- runs test again
- failure: no field found
- adds debug log of queried field
- runs test again
Thanks, thanks for fucking with me today 🥲6
After using Linux every day for 3 years today I learned that listing directories requires the execute permission.
In a misdirected attempt to solve my problems I also learned the basic concepts of SELinux before realising that SELinux is disabled on the host and not present on the guest.11
I have an Android app suggestion:
A different alarm clock.
- wakes you up by increasing ring tone, from least to most, each step taking at least two seconds.
- you can give it a stream url (e.g. online radio or yt) and it uses that to wake you up.
- you give it an offline ringtone as well, in case the stream doesn't play.
- has repeated snooze. You hit the off button once and it goes to snooze. You hit it twice or trice and it is off. Otherwise, it rings again in 2-60 minutes. (User preference)
- is free. 😛
Shouldn't take long to make. I'd make it myself if I had the technical capabilities right now. Do link me if you make it or if you know of one already existing. (The existing ones I've found so far, I have issues with unnecessary permissions they ask mostly.)18
In my current company (200+ employees) we have 3 guys who deals with everything related to service desk (format computers, fix network issues, help non-tech people...)
The same team is responsible for the AWS accounts and permissions, Jenkins, self hosted Gitlab... anyway, DevOps stuff.
Thing is: only one of them have enough DevOps background to handle the requests from the engineering team (~15 people). Also, he usually do anything "by hand" clicking trough the AWS interface on each account, never using tools like Infrastructure as Code to help (that's why I started to refer to his role only as Ops, because there's no Dev being done there).
Anyway... I asked my manager why that team is responsible for both jobs, despite the engineering guys having far more experience with those tools. He answered with a shamed smile, as he probably questioned the same to his manager:
- Because they are responsible for everything related to our Infrastructure.
Does it make sense for anyone? Am I missing something here? In what universe this kind of organization is a healthy choice?4
FUCKING MICROSOFT IIS SHIT.
I'm a .NET dev since 13 years and EVERY FUCKING TIME STUPID IIS MOTHERFUCKER AND STUPID WINDOWS SERVER have a different problem setting up because of some permission.
You can't never get a site up in IIS without loosing time and patience having weird 400/500.x errors because every fucking machine have to set up some tweaky and hidden permissions.
I have 2 identical fucking win servers and deploying a .NET core applications and on one works (test server) and obviously, on the production server it gives troubles.
FUCK YOU MICROSOFT FUCK YOU I would take the IIS devs personally here and whip them to death until they don't resolve the fucking thing4
It works locally, it works in Dev, it works in Test, but fails to deploy in UAT. Is it a data issue? I don't know, I don't have permissions to see the UAT database. Literally all I know is that this API is returning 500 instead of what it's supposed to return, but only sometimes.
Guess I'll sit here all day and try to solve the problem telepathically as there is literally no way of troubleshooting other than scrolling through the code and hoping that a cartoon lightbulb appears above my head.2
work laptop without admin permissions to install anything, like a text editor, or IDE
why couldn't i have been born to a rich family instead of being a wageslave4
Im deploying a Machine Learning Model to production. We dont have an automated deployment pipeline for the models, so we do it manually exposing the models through a rest api.
I asked for the model artifact to the DS, they didn't have permissions to download files from Databricks.
I asked their manager for the artifact. He told me that he has the permissions, then bullshitted me with something about the formal process, some shit about proper permissions handling, and that they do no have a standard process for sharing files right now so i should wait.
I was like "bro, share the artifact with me to unblock my work, then stablish your process, i dont care". He said no, and just after that he started a thread involving half of the middle management and data engineers asking for feedback on how to stablish a process for sharing databricks files. Just Wtf.
I got pissed, i reach out to his superior (good friend of mine), that was on vacation btw, and i told him the situation. He opened slack and humiliated him so bad, that i almost felt bad for the manager jajajajaja.
I grabbed my model artifact and got out of there instantly.2
After I get notifications about the final replies to my 6 month quest of updating someones GitLab README, I didn't expect MY fork to have been modified ( and thanks to that, made ugly / they removed all spacing, vertical & horizontal )
Where the fuck even was the option that GitHub offers where it prevents people from just doing whatever to your shit in a PR?
Why the fuck isn't this a permanent setting for either ( lab & hub ) so I don't have to manually turn it off every single time.
I didn't even think about that option up until now, since the maintainers didn't touch anything and everything seemed fine, but now that it was about to be merged, they suddendly got the bright idea of squashing everything into one commit and that on my fork itself, .. really helpful.5
I've gotten used to working in private mode/incognito since all the websites ask for permissions they don't need.
Serves them right.
They can ask those same questions and save preferences for hundreds of people who are just me. 😛8
I want to call out the absolute retard at Oracle who decided that file modes should be read from the envvar called UMASK and be in decimal by default.
They probably never cared about file permissions.1
If you use a Windows system for work and have the permissions to, I highly recommend you learn Powershell if you haven't already.
I've only started learning it a few months, but it's already improved my workflow immensely since it's a decent bit more powerful than batch scripts, but not as 'heavy handed' for small tasks as a programming language like C# feels sometimes.
I kinda regret ignoring it for so long, I noticed it installed on my high school laptop and toyed with it a bit outside of class, but then gravitated more towards python which I can't use at my current job. really wish high school me had the attention span to learn both back then.8
It's incredible how many sites don't check / handle localStorage permissions.. they usually just completely break.
That is they use a div to block the view despite the page usually still working ..
There literally is an API to check for permissions..2
I’m either going crazy or someone just dropped a table from a database I’m actively working in. I don’t have a drop script for any tables in my code, not anywhere. One moment it’s right there, the next it’s gone? Luckily it’s pretty much empty, only generic data. On my way to check permissions.6
So I inherited this buggy application my company developed to process state rosters for health care. The daily process fails often and I haven’t been able to figure out why. Then I notice one little thing... it’s essentially using SQL injection as a method of updating records from a file that we receive from outside... there’s no checking for validity of the statements or making sure they’re safe to execute. Just a for in loop and calling a sp to execute the query text under elevated permissions.
Infrastructure took away our read access in S3 to data that we own and our ability to manually delete/upload to S3 in that prefix (which we own). Without waiting for us to confirm that we have alternative means to read and change what is in there. And I had no warning about this, so here I am doing a midnight mod on an existing solution of mine in hopes that I can finish it before tomorrow morning for some legal reporting deadline.
Things would be so much easier if the infrastructure team let the emergency support role have those permissions for emergencies like this, but they didn't. I guess "least privilege" means "most time spent trying to accomplish the most trivial of things, like changing a file".8
Today spent 20min in a senior android dev interview debating an ex backender CTO about the importance of final classes where he tried to pull out some sort of perfect answer from me about it. Ironically this is the same CTO who failed managing a previous android contractor who was supposed to rewrite old app and ended up with an even shittier new app in 6 months of time. Now they are insecure and are looking for a new contractor who will be micromanaged this time.
But hey I guess he knows the importance of final classes. Some CTO's need a reality check and at least some business training, because your perfectly written app is useless if it doesnt fulfill business needs.
Their app is based on heresdk and built around navigation. The biggest bottleneck is that it works shitty on low end devices so their competition solved this problem by using a whitelabel rooted tables with a custom ROM wher u have full control over hardware, permissions and battery management. However this startup thinks they can build a perfect navigation app which will work perfectly on all devices while at the same time while also relying on a poorly optimized navigation sdk. Poor initial strategy I'd say and they didnt learn from previous 2 failures, now they are searching for the next savior android contractor who will have to solely implement evrything.
Jesus christ I need my VP and CIO to get their hands out of Azure and GCP and just let me work.
Yes, governance and security and IAM are big deals. That's why you have infraops people like me to deal with that.
I'm literally working with one hand tied behind my back because just about every button press or CLI command I need to do my damn job as a professional cloud fluffer requires me to go bother an executive and ask permission to pretty please can I deploy a new container, can you go press the shiny button? No not that one, move your mouse up...up..now UP..ok over lef-no..can I have mouse control? Sigh fine, do you see where it says "Approvers", no that says "Release Pipeline"
Look I actually kinda like this job, I do, in as much as when I have something to do I get left the fuck alone to do it. Meetings are minimal, aside from the odd days when one of our app services decides to yeet itself into the river Styx, there's little distractions.
Yeah, developers do dumb shit but that's probably best left to the notion of job security and never talked about again less they go to HR and complain that the ops guy was very stern and direct and made the developer take some accountability for their work product.
It's so intergalactically stupid that I have to go ask permission just to do ops tasks by the same people barging down my goddamn door asking why the ops task isn't done yet.
"Because you won't give me permissions in GCP to actually DO anything".
Okay. Rant over. Time for lunch. Good meeting, see you all at the holiday party.2
Client be like:
Pls, could you give the new Postgres user the same perms as this one other user?
Then I find out that, for whatever reason, all of their user accounts have disabled inheritance... So, wtf.
Postgres doesn't really allow you to *copy* perms of a role A to role B. You can only grant role A to role B, but for the perms of A to carry over, B has to have inheritance allowed... Which... It doesn't.
So... After a bit of manual GRANT bla ON DATABASE foo TO user, I ping back that it is done and breath a sigh of relief.
Oooooonly... They ping back like -- Could you also copy the perms of A on all the existing objects in the schema to B???
Ugh. More work. Lets see... List all permissions in a schema and... Holy shit! That's thousands of tables and sequences, how tf am I ever gonna copy over all that???
Maybe I could... Disable the pager of psql, and pipe the list into a file, parse it by the magic of regex... And somehow generate a fuckload of GRANT statements? Uuuugh, but that'd kill so much time. Not to mention I'd need to find out what the individual permission letters in the output mean... And... Ugh, ye, no, too much work. Lets see if SO knows a solution!
And, surprise surprise, it did! The easiest, simplest to understand way, was to make a schema-only dump of the database, grep it for user A, substitute their name with B, and then input it back.
What I didn't expect is for the resulting filtered and altered grant list to be over 6800 LINES LONG. WHAT THE FUCK.
...And, shortly after I apply the insane number of grants... I get another ping. Turns out the customer's already figured out a way to grant all the necessary perms themselves, and I... No longer have to do anything :|
Joy. Utter, indescribable joy.
Is there any actual security reason for disabling inheritance in Postgres? (14.x) I'd think that if an account got compromised, it doesn't matter if it has the perms inherited or not, cuz you can just SET ROLE yourself to the granted role with the actual perms and go ham...3
ah yes. have to add the permission for literally any specific endpoint on AWS for my root user... love it5
To give my own old rant here a bit more background:
Cloud solutions offline for some customers, a bit longer than a week...
Bamboo release fucked up...
They've withdrawn the new release 8.2.0 and instead went for 8.2.1 ...
Well just because you had to give everyone admin rights in an minor release as they fucked up permissions, who cares.
Dev goals for 2022? Best and worst DX in the past?
Wish to prioritize customers with useful business goals who are open to sustainable web dev, usability and accessibility.
Want to use even more CSS and find a way to use new features like parent selectors without sacrificing compatibility.
Continue learning and using Symfony, but also continue with my full-stack side project using JS or even better TypeScript for the backend also for the backend.
Best developer experience: getting new customers for my own business after leaving a company last winter.
Worst developer experiences:
Corporate customers with large budgets and design agencies seem to fancy all the antipatterns I thought bad and obsolete, like carousel content, animations everywhere, and autoplay videos on the home page. Poorly written, poorly thought, and sometimes contradictory, requirements. Customers and agencies changing their mind halfway through a project.
"Agile" daily meetings, not giving devops necessary repository permissions, and making Webpack mandatory for no real reason.2
The worst thing about cookies is that almost all pages forget / don't realize you have to handle cookie ( -> localstorage ) permissions!6
I had the funniest thing today... So our company has some servers off somewhere in a VPN, as well as one server in our own office.
So, for simplicity, S1 is my own laptop, S2 is our office server, S3 is one VPN server, and S4 another.
I want to get a file from S2 to S4. S1 can SSH into S2 and S3, S2 can't ssh into any server, S3 can ssh into S2 and S3, and S4 can't ssh into any server.
So to get a file from S2 to S4, I took the path
S1 pull from S2 -> S1 push to S3 -> S3 push to S4
Part of it was preexisting keys meaning it was easier to send S1 to S4 via S3 than get my pubkey from S1 onto S4, but also S2 not being on the VPN meant I couldn't go straight from S2 to S3 or S4, so I had to route through S1, which I could add to the VPN (I'd sshed into S2 from home and thus couldn't put it on the VPN not to mention permissions, whereas I could put S1 easily onto it)
Twas certainly a fun time :P
Plus, port forwarding from a Docker container on S2 to S2's port to S1's port via ssh was fun to get set up.
Time to document this process :)2
Situation - I am responsible for refactoring and performance improvements in a company with several teams. This means I gotta do static analysis on code, run compliance tools and make changes in code or in the deployment pipeline, make sure the cloud is configured properly etc.,
Here is the catch when it comes to working on a ticket- the Azure team does not give my team permissions to make the necessary changes in the cloud. The Azure team won't pick up the ticket and do it themselves either.
Instead, we take the ticket, read the docs, take a guess on what's right or wrong. Then proceed to inform the Azure team who then go on to make that change. It is very hit or miss and often the ticket comes back to us and we do the same process again. Sometimes I have to spin up resources on my personal Azure account to tinker with settings to see which knobs are there for making changes to a resource.
Either pick up a ticket and work on it yourself, or give us azure with sufficient rights for us to be able to make the change. This midway status is infuriating, super unproductive and painful for us. Is this common? I am so frustrated.2
Sometimes I have to connect to production database and alter my dev environment so I can “log in” as a user and see what’s wrong with their account. Once in a while there is a legitimate website issue that is unique to that user’s profile. Other times it’s user error, like the user not understanding that they have to connect their membership to their online account (they think signing up for an account will connect it automatically).
I don’t like circumventing the user’s log in like this, but sometimes it’s necessary since the website is so confusing. I inherited this website, so many of the problems were formed way before I took over.
My stakeholders want a log in as user feature for website admins to use. My manager and PM don’t think that’s a good idea right now since there are over two dozen people with admin access and admin access means access to everything in the admin (there aren’t options to give permissions as needed).1