Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "pii"
-
Hahaha, the DPC (Data Protection Commission) has asked Facebook in a letter to stop transferring Europeans' data to the US.
Since the Privacy Shield agreement is off the table, it's illegal regardless to send any kind of PII data from the EU to the US.
How about we stop nicely asking and start giving fines in the form of millions every time PII data is transferred from the EU to the US by Facebook?
If the EU could grow some balls, that'd be fucking great.17 -
my habit to inspect any nicely done apps to understand how they achieve such greatness, I never felt more welcome when I visit the console, until i found Quizlet.
great place to leave easter eggs.. :)6 -
I'm fixing a security exploit, and it's a goddamn mountain of fuckups.
First, some idiot (read: the legendary dev himself) decided to use a gem to do some basic fucking searching instead of writing a simple fucking query.
Second, security ... didn't just drop the ball, they shit on it and flushed it down the toilet. The gem in question allows users to search by FUCKING EVERYTHING on EVERY FUCKING TABLE IN THE DB using really nice tools, actually, that let you do fancy things like traverse all the internal associations to find the users table, then list all users whose password reset hashes begin with "a" then "ab" then "abc" ... Want to steal an account? Hell, want to automate stealing all accounts? Only takes a few hundred requests apiece! Oooh, there's CC data, too, and its encryption keys!
Third, the gem does actually allow whitelisting associations, methods, etc. but ... well, the documentation actually recommends against it for whatever fucking reason, and that whitelisting is about as fine-grained as a club. You wanna restrict it to accessing the "name" column, but it needs to access both the "site" and "user" tables? Cool, users can now access site.name AND user.name... which is PII and totally leads to hefty fines. Thanks!
Fourth. If the gem can't access something thanks to the whitelist, it doesn't catch the exception and give you a useful error message or anything, no way. It just throws NoMethodErrors because fuck you. Good luck figuring out what they mean, especially if you have no idea you're even using the fucking thing.
Fifth. Thanks to the follower mentality prevalent in this hellhole, this shit is now used in a lot of places (and all indirectly!) so there's no searching for uses. Once I banhammer everything... well, loads of shit is going to break, and I won't have a fucking clue where because very few of these brainless sheep write decent test coverage (or even fucking write view tests), so I'll be doing tons of manual fucking testing. Oh, and I only have a week to finish everything, because fucking of course.
So, in summary. The stupid and lazy (and legendary!) dev fucked up. The stupid gem's author fucked up, and kept fucking up. The stupid devs followed the first fuckup's lead and repeated his fuck up, and fucked up on their own some more. It's fuckups all the fucking way down.rant security exploit root swears a lot actually root swears oh my stupid fucking people what the fuck fucking stupid fucking people20 -
These moronic idiots wrote a scientific paper, and did not bother explaining the acronym they've used. 😐
https://sciencedirect.com/science/...
How am I supposed to know which fuckin CART it means? Huh? Who the fuck told you that was acceptable? Also fig 3 can get fucked too.
Your approach seemed interesting for all of two whole fuckin seconds before you fucked it with your unscientific explanation of your results in SIXTEEN FUCKING DIGITS after zero. Fuck you and fuck this and fuck that. Am I clear?
... The straw that broke the camel's back. 😑14 -
Interviewer: Oh ...we don't really use version control here..it's too hard to get the different offices on the same page.
Me: ...6 -
Inspiration to code kicks in!
Kids asleep, everybody’s asleep, house is quiet. The kind of peace ive always wanted and wished! (Parents here will understand.)
Get to my laptop, opened up code editor, start fresh and clean! Created new file, about to type my first code and.........blood dripping from my nose. It doesn’t stop there, its like flowing for a while!
I noticed it keeps flowing while im projecting the inner excitement to code. When my mind drifted a bit, the nose bleeding stops. Wth? Its like my body is ejaculating when im excited to code, yeah.. it ls blood shot out of my nose, wtf!
...and i have to stop what im doing. Then the ideas just spoofly gone. Suddenly i dont know why im staring at an empty code editor.. (what was im about to code again?) i totally cant recall, it simply gone. Damn it. That could be a million dollar apps! Wish i can go back to an hour ago and record myself when i received that historic inspirational moment. 😔9 -
Data Disinformation: the Next Big Problem
Automatic code generation LLMs like ChatGPT are capable of producing SQL snippets. Regardless of quality, those are capable of retrieving data (from prepared datasets) based on user prompts.
That data may, however, be garbage. This will lead to garbage decisions by lowly literate stakeholders.
Like with network neutrality and pii/psi ownership, we must act now to avoid yet another calamity.
Imagine a scenario where a middle-manager level illiterate barks some prompts to the corporate AI and it writes and runs an SQL query in company databases.
The AI outputs some interactive charts that show that the average worker spends 92.4 minutes on lunch daily.
The middle manager gets furious and enacts an Orwellian policy of facial recognition punch clock in the office.
Two months and millions of dollars in contractors later, and the middle manager checks the same prompt again... and the average lunch time is now 107.2 minutes!
Finally the middle manager gets a literate person to check the data... and the piece of shit SQL behind the number is sourcing from the "off-site scheduled meetings" database.
Why? because the dataset that does have the data for lunch breaks is labeled "labour board compliance 3", and the LLM thought that the metadata for the wrong dataset better matched the user's prompt.
This, given the very real world scenario of mislabeled data and LLMs' inability to understand what they are saying or accessing, and the average manager's complete data illiteracy, we might have to wrangle some actions to prepare for this type of tomfoolery.
I don't think that access restriction will save our souls here, decision-flumberers usually have the authority to overrule RACI/ACL restrictions anyway.
Making "data analysis" an AI-GMO-Free zone is laughable, that is simply not how the tech market works. Auto tools are coming to make our jobs harder and less productive, tech people!
I thought about detecting new automation-enhanced data access and visualization, and enacting awareness policies. But it would be of poor help, after a shithead middle manager gets hooked on a surreal indicator value it is nigh impossible to yank them out of it.
Gotta get this snowball rolling, we must have some idea of future AI housetraining best practices if we are to avoid a complete social-media style meltdown of data-driven processes.
Someone cares to pitch in?14 -
The whole javascript / java thing (which i suppose is an easy mistake to make to the uninitiated ).
The bright side is, it functions as a good litmus test.3 -
Got my first legit side-gig as a developer (like had to write an SOW and everything): my kids' pediatrician is amazing, but shes switching to a concierge practice, meaning she wont take any insurance, and shes going from about 1500 patients down to about 200. I already pay my mortgage-worth in insurance on a monthly basis, so we were prepared to say adios to her. At my daughter's last appointment, she pulled me aside and said "what can we do to keep you guys as patients?" and i somewhat jokingly suggested "I dunno, need any websites written?"
As a matter of fact, she did: she just fired her practice's web developer, who gave her a shitty wordpress site and fought like hell to avoid any further maintenance or updates for her. She hates the site's current layout (no surprise there) so she is basically giving me full control over a rewrite.
No user logins, no worries about compliance with PII or any of that. Literally just turning a brochure wordpress site into an angular app, hosting it on her own server and eventually building an admin page where she can change the banner text and upload new images.
And my kids will get free, top-notch health care.1 -
Friend of mine who has a job that uses MS office at most, sent me a message saying "I want to make my own AI, any good python books?"...no previous programming experience other than playing video games...slow down there bud1
-
Modifying a depracated wordpress theme with visual composer does not make you a developer. Doing so does not give you the authority to scope development projects. it just sets everyone up for a really awkward, potentially insulting, conversation.
-
PM: How long do you think this will take...
Me: When does it need to be done?
PM: good question.... last Tuesday...
Me: ... -_- -
You "following up" and "just checking in" doesn't actually make anything go faster...quite the opposite actually..
-
"Do it right do it light..do it wrong do it long"
My old peewee football coache's sage advice on the pitfalls of technical debt..1 -
Thoughts on Session as a secure messenger? It looks fine at a glance, especially not using PII like a phone number, but I haven’t delved into it — and honestly don’t have the mental energy to.
What’s everyone’s thoughts on it?7 -
No matter what right thing you did, what right cause you fought, in the end, you will always have to lose..you will always be the bad guy.
-
Oh its ok Mr. "Senior PM"...its totally ok to take a week of PTO during crunchtime...a week before launch...that wont cause any issues at all....
-
Just had the opportunity to watch movie Searching on Netflix.
It was a seriously intense movie, until this scene.. 😂😂😂😂😂😂😂😂😂😂😂😂😂