So, some time ago, I was working for a complete puckered anus of a cosmetics company on their ecommerce product. Won't name names, but they're shitty and known for MLM. If you're clever, go you ;)

Anyways, over the course of years they brought in a competent firm to implement their service layer. I'd even worked with them in the past and it was designed to handle a frankly ridiculous-scale load. After they got the 1.0 released, the manager was replaced with some absolutely talentless, chauvinist cuntrag from a phone company that is well known for having 99% indian devs and not being able to heard now. He of course brought in his number two, worked on making life miserable and running everyone on the team off; inside of a year the entire team was ex-said-phone-company.

Watching the decay of this product was a sheer joy. They cratered the database numerous times during peak-load periods, caused $20M in redis-cluster cost overrun, ended up submitting hundreds of erroneous and duplicate orders, and mailed almost $40K worth of product to a random guy in outer mongolia who is , we can only hope, now enjoying his new life as an instagram influencer. They even terminally broke the automatic metadata, and hired THIRTY PEOPLE to sit there and do nothing but edit swagger. And it was still both wrong and unusable.

Over the course of two years, I ended up rewriting large portions of their infra surrounding the centralized service cancer to do things like, "implement security," as well as cut memory usage and runtimes down by quite literally 100x in the worst cases.

It was during this time I discovered a rather critical flaw. This is the story of what, how and how can you fucking even be that stupid. The issue relates to users and their reports and their ability to order.

I first found this issue looking at some erroneous data for a low value order and went, "There's no fucking way, they're fucking stupid, but this is borderline criminal." It was easy to miss, but someone in a top down reporting chain had submitted an order for someone else in a different org. Shouldn't be possible, but here was that order staring me in the face.

So I set to work seeing if we'd pwned ourselves as an org. I spend a few hours poring over logs from the log service and dynatrace trying to recreate what happened. I first tested to see if I could get a user, not something that was usually done because auth identity was pervasive. I discover the users are INCREMENTAL int values they used for ids in the database when requesting from the API, so naturally I have a full list of users and their title and relative position, as well as reports and descendants in about 10 minutes.

I try the happy path of setting values for random, known payment methods and org structures similar to the impossible order, and submitting as a normal user, no dice. Several more tries and I'm confident this isn't the vector.

Exhausting that option, I look at the protocol for a type of order in the system that allowed higher level people to impersonate people below them and use their own payment info for descendant report orders. I see that all of the data for this transaction is stored in a cookie. Few tests later, I discover the UI has no forgery checks, hashing, etc, and just fucking trusts whatever is present in that cookie.

An hour of tweaking later, I'm impersonating a director as a bottom rung employee. Score. So I fill a cart with a bunch of test items and proceed to checkout. There, in all its glory are the director's payment options. I select one and am presented with:

"please reenter card number to validate."

Bupkiss. Dead end.

OR SO YOU WOULD THINK.

One unimportant detail I noticed during my log investigations that the shit slinging GUI monkeys who butchered the system didn't was, on a failed attempt to submit payment in the DB, the logs were filled with messages like:

"Failed to submit order for [userid] with credit card id [id], number [FULL CREDIT CARD NUMBER]"

One submit click later and the user's credit card number drops into lnav like a gatcha prize. I dutifully rerun the checkout and got an email send notification in the logs for successful transfer to fulfillment. Order placed. Some continued experimentation later and the truth is evident:

With an authenticated user or any privilege, you could place any order, as anyone, using anyon's payment methods and have it sent anywhere.

So naturally, I pack the crucifixion-worthy body of evidence up and walk it into the IT director's office. I show him the defect, and he turns sheet fucking white. He knows there's no recovering from it, and there's no way his shitstick service team can handle fixing it. Somewhere in his tiny little grinchly manager's heart he knew they'd caused it, and he was to blame for being a shit captain to the SS Failboat. He replies quietly, "You will never speak of this to anyone, fix this discretely." Straight up hitler's bunker meme rage.

My older brother just moved out today. For 18 years I've shared a room with him, and now he's gone. I have a ~30x10 foot room all to myself (it's the entire second floor of my house).

I do love that now I'm able to play music anytime, and with his stuff gone, it'll be less space taken up in general, that type of thing.

I've been in this room with him for over 8 years now, after my oldest brother moved out, and I've always had this feeling that one portion of the room was mine and the other portion was his. Now it's just...weird. I have both portions now. I have this whole big room to maintain myself. I don't have to worry about my stuff conflicting with his for whatever reason.

The past few weeks, when he's talked about moving out, I've always told him that I was looking forward to it, to having the whole room to myself. Now that he's gone, I just...can't. I can't bring myself to move his stuff that he hasn't taken over to the new house yet, or clean his part of the room.

When we were kids we didn't really get along, and I HATED sharing a room with him. But over time, as we grew up, we started to get along better, and for the past couple years, we've always just talked in the middle of the night when we were both awake. And now he's gone (the new house is maybe a 10 minute drive away), and I know he's not coming back. I know that this whole space is mine now.

I'm gonna miss the talks in the middle of the night, and us keeping each other in check (whenever one of us isn't home in the middle of the night we tend to text each other like "bruh where the fuck you at"), and waking up in the middle of the night (when I'm able to actually fall asleep kinda early) to see him playing Skyrim or Fallout. Hell, even coming home from work or wherever to see him passed the fuck out.

I know that I'm gonna have to clean the whole room soon, and that I'll just have to get over it. I've always been the one in my family that doesn't really show emotion very often, unless I get angry, so when people were crying earlier, I just sat there with an emotionless look on my face. But that's also because I wasn't really feeling much at the time, it didn't really hit until I got home and came upstairs to my room. Hell, right now I'm sitting here just expecting to hear his car alarm as he locks his car like I normally hear every night.

NO. NO. A THOUSAND TIMES: NO.

I clicked on this out of genuine curiosity to see if someone was finally trying to discourage people from annoying the shit out of website visitors. A summary of the suggestions in their article as to what to use popups for:

1. Announce new products/services, features, policy updates, new blog posts
2. Promote your sales or coupons (including countdowns)
3. Encourage people to input their e-mail address / subscribe, perhaps also offering some vague thing they will get as a reward for doing so
4. Contact forms (e.g. support etc.)
5. Prompt visitors to confirm their age before showing content
6. Login/register forms
7. Display social media "share" buttons when a visitor has scrolled a certain way through the page content.
8. Display cookie consent prompt.
9. Help guide visitors to the part of the website they want to go to.

Of these: 1, 2, 3, and 7 need to die for sure. If a website does any of these things I'm inclined to immediately leave and never return. 8 is a little annoying but seems a necessity.

Someone even replied to the Tweet saying that popups are annoying, the company responded with "let's change that!"

Blank portions of the screenshot are to avoid promoting the company unintentionally as a result of the rant ;)

I’ve now worked with three Toptal devs. The first one logged time he didn’t actually work and would edit conversation history to conceal commitments he had made. The second one would disappear for days at a time without notice, and the third is incapable of communicating or working together with team members. She has replaced large portions of our codebases without notice or discussion, and now we have to roll all of it back and convince Toptal to refund the time.

Turns out that toptal’s interview process manages to miss things like honesty/trustworthiness and communication. Be careful hiring from there.

I have tried hard to show my ex boss a better way to build web apps. I really tried.
I understand that some people just don't want to lose their investment, and in my opinion classic ASP was bad but not nearly as bad as a lot of people made it out to be. I enjoyed it, was fascinated by the ammount of shit I had to do by hand when using it and the lack of more modern paradigms as the ones found in more mothern languages, but really believed that it microsoft wanted they could have continue to provide updates to the language and ecosystem rather than dropping everything in favor of .net ( which is awesome really)

But his time is ticking and I really liked him as a person, he was kind and willing to adapt to my schedules and pay considerations. I really don't want him to lose clients because his stack does not conform to the new and shiny.

I guess he is scared of me offering to rewrite portions in newer tech since he does not want me to leave and leave him without a developer that knows that stuff. So i have offered myself a position along him as a partner, not a worker, since that way it will be my product investment and I will not leave it just like that.

Dude is really wealthy so he can afford it and he knows I will not do him any wrong.

I nust wish he would reconsider promptly since it would suck to have me as competition.

@Wisecrack
Hey where is my favourite crazy mathematician nowadays?!? 😀
I miss your posts, so i demand my portions of Wisecrack, like a proper junkie! 😀
Hope You are ok, and everything is fine

I see. They have to be geeky...mmmmh

I read a lot about biology, chemistry, physics and mathematics.

My two fav subjects are biology and math from the above. And I try to attend to as many lectures as I can.

Biology fascinates me to no end and it helps that one of my closest friends works as a resesrcher in Mexico, we are far but we get to talk about it all the time. He is more than happy to go on large lectures about the subject.

I also read a fuckload of fantasy books as well as manga. I also go on anime binged here and there.

In perspective though, i don't think anything is as nerdy as software development. SPECIALLY if it involves large portions of math(which in my case does for the things we develop for the accounting department)

( . Y . ) <--- chichis

At work I am "the" programmer and is the first time in which I actually enjoy showing different solutions to problems without having a fear of implementing large things without having any form of recognition.

Seeing someone get happy because of something you created is a great feeling and even tho most of us are misantrophic af we can still appreciate bringing happiness through code.

To me, software engineering is the closest thing to magic and I really believe that.

Two days ago I showed my manager a little utility to build small portions of the site we are building and make changes to it in real time without browser refreshes for whatever change she would like to do. She was super happy and excited and it made me feel real happy.

Such great feeling man. Nothing but good vibes brother!!

I’m always tired all the time. Depression and what not but today I am TIRED

Had an interview that requires vanilla javascript but I suck at algos even tho I was getting it done till time ran out. We gelled tho so I hope they see potential and move to next round.

But the good news is. I had a follow up interview based on a challenge. It’s the second I’ve ever had and I did well this time.
So much so that they’re booking another interview for tomorrow.
So I’m done with the technical portions of the process.
This is the first time I’ve gotten this far and I’m so happy. I’m hoping really that this is the one cause I doubt I have the energy and will power to keep going though the processes.

I’m so excited. It’s as if all my work is slowly showing and I’m getting closer and closer

Wish me luck guys. Hopefully I ace it as I come across well In General Chats.

This is my last application. If it doesn’t work I think I’m done with dev life and job hunt.

Fingers crossed I’ve found the one

Hey DevRant, this is my first time working collaboratively on a project with Git and I'd like to know what's the best strategy to adopt.

Is it that every member has their own branch on origin that they push to, then we meet and plan out merges when it's time to release? Or does everyone just push to master, but stash or commit their local changes before they pull?

It's a Greenfield project, with just a bare repository on the central server. It's an MVC app where I've decided to do the View & Controller portions and the other person is doing Models and data services layers.

Was working on a high priority security feature. We had an unreasonable timeline to get all of the work done. If we didn’t get the changes onto production before our deadline we faced the possibility of our entire suit being taken offline. Other parts of the company had already been shut down until the remediations could be made -so we knew the company execs weren’t bluffing.

I was the sole developer on the project. I designed it, implemented it, and organized the efforts to get it through the rest of the dev cycle. After about 3 month of work it was all up and bug free (after a few bugs had been found and squashed). I was exhausted, and ended up taking about a week and a half off to recharge.

The project consisted of restructuring our customized frontend control binding (asp.net -custom content controls), integrations with several services to replace portions of our data consumption and storage logic, and an enormous lift and shift that touched over 6k files.

When you touch this much code in such a short period of time it’s difficult to code review, to not introduce bugs, and _to not stop thinking about what potential problems your changes may be causing in the background_.

120fps and 240fps filming isn't just for slow motion playback, but recent smartphones have 120 Hz screens so those videos can finally be watched as ultra-smooth motion with audio.

If only all smartphones encoded high-framerate videos in real-time with the same framerate recorded from the image sensor instead of stupidly slowing down when encoding.

Granted, this is a thing Apple has always done right: they encoded their "slow motion" videos in real-time and let the user select the slowed-down portions during playback!

Let the user set their preferred playback speed in the video editor, don't dictate that 1× playback speed is 1/4 of real-life speed. 1× playback speed must be 1× real-life speed to clear up all confusion.

Besides, laptops with 120 Hz screens existed as early as 2011 (Samsung 700G7A)!.

Every day I ask myself at least 5 (not too difficult) questions about programming (for instance "Can I compile Java in runtime?")
If I don't know them - I find their answer somewhere
It is like continuous integration, but with my knowledge - small portions of info are saved well in my brains))

So I am working on some xslt code I use to generate html. Technically xslt is supposed to be Turing complete? So it is producing html. Am I programming or not since it is generating html?

Yes, I have loops and branching logic in my xslt file. Though I am not really touching those portions right now. Just generating more output from more data input provided to the source xml data.

Is this still a better love story than Javascript?

Is it wrong that I hate Java?
I tried learning it before, couldn't get myself to, I thought there was something wrong with me, maybe im not open to learning new languages

Then I got introduced to F#, Loved it! Even moved portions of pet projects to it
Looked at Java again
Still hate it.
Advice?

Anyone find it a little worrying the when amazon AWS goes down a large portion of sites goes down. Just my opinion but shouldn't there be more than one company or subset of that company handling smaller portions of sites?

I have a good friend who wants to learn the basics of web development so she can leave her job. We used hang out frequently before the pandemic, so this would be a way for us to talk more. Unfortunately, I’m not sure how I can really help, since I don’t think I’m a good teacher.
My current plan is to send her through the free portions of Codecademy, and then find one-hour code challenges where we can code together via video chat, and then I can show her how I’d do certain parts differently when she’s done.
I feel like this is an OK foundation, but it doesn’t get into much of the other things web developers need, like CMS training and other stuff that just pops up as you work. Do you have any suggestions for 1) how to flesh out this training, 2) how to keep this fun, and not shift the dynamic of our friendship, and 3) how to eventually prove to a future employer that this training is actually useful?

Big ask, so big thanks to those with suggestions!

i am so excited learning. now i'll start refactoring my plate of spaghetti into object portions. both are new topics to me.

!rant

Can anyone recommend me a good book or course to start learning spring framework 4??

Am tired of struggling with it, I have to
Work with the thing and I barely know what am doing most of time.

I managed to resolve a couple
Of spring security issues we had at
Work but that was through sheer dogged googling around, I want to spend some
Time learning it from Bottoms up...

I know its quite vast but what am going for is trying to learn the basics and a few of the most commonly used bits of the advanced portions then expanding my knowledge.

So any suggestions?

I hear spring in action 4 by craig wells
is nice but some reviews criticises it about not being appropriate for newbies like me.

So damn tired of silently screaming
"what the F*** is all this shit?!?" when am given spring related stuff to work on 😔

So in my Freshmen year I was required to take beginner computer science...
Past it with flying colors.. It was just simple Javascript.
Come Sophomore year I took AP Computer Science. I got lower grades, not from the code, but from the Technical Writing that the teacher wants in our reflections and other writing portions, not apart of the course.
The code itself was easier then intro. We had block code... Why is that AP? Not Scratch, but very similar.

Choose wisely...

I want the ability to create an ai that will self replicate and form the pyramid of my scrum so I can spend all my time reviewing and designing and coding the portions I want to code.