The new Dutch mass surveillance law goes into action on the first of May. I'll of course have a good security setup ready but that does not stop the bulk data collection.

I just setup a website which (still in English at the moment) requests a random search result from bing, google or DuckDuckGo every 3 seconds.

Will work on making it more 'real' :)

If stopping the surveillance isn't an option, let's add more data to filter out for them!

The gift that keeps on giving... the Custom CMS Of Doom™
I've finally seen enough evidence why PHP has such a bad reputation to the point where even recruiters recommended me to remove my years of PHP experience from the CV.

The completely custom CMS written by company <redacted>'s CEO and his slaves features the following:
- Open for SQL injection attacks
- Remote shell command execution through URL query params
- Page-specific strings in most core PHP files
- Constructors containing hundreds of lines of code (mostly used to initialize the hundreds of properties
- Class methods containing more than 1000 lines of code
- Completely free of namespaces or package managers (uber elite programmers use only the root namespace)
- Random includes in any place imaginable
- Methods containing 1 line: the include of the file which contains the method body
- SQL queries in literally every source file
- The entrypoint script is in the webroot folder where all the code resides
- Access to sensitive folders is "restricted" by robots.txt 🤣🤣🤣🤣
- The CMS has its own crawler which runs by CRONjob and requests ALL HTML links (yes, full content, including videos!) to fill a database of keywords (I found out because the server traffic was >500 GB/month for this small website)
- Hundreds of config settings are literally defined by "define(...)"
- LESS is transpiled into CSS by PHP on requests
- .......

I could go on, but yes, I've seen it all now.

TFW your client's git policies are so draconian that the dev teams use "develop" as trunk, and completely ignore the release process.

I wrote up 50 pages of git standards, documentation and procedure for a client. Bad indian director 9000 decides the admin (also Indian) who specializes in Clearcase and has no git or development experience is more qualified to decide and let's him set the policy.

FF to today:

- documentation, mostly contradictory, is copy pasted from the atlassian wiki
- source tree is the standard
- no force pushing of any branches, including work branches
- no ff-merge
- no rebasing allowed
- no ssh, because he couldn't figure it out...errr it's "insecure"
- all repos have random abbreviated names that are unintelligible
- gitflow, but with pull requests and no trust
- only project managers can delete a branch
- long lived feature branches
- only projects managers can conduct code reviews
- hotfixes must be based off develop
- hotfixes must go in the normal release cycle
- releases involve creating a ticket to have an admin create a release branch from your branch, creating a second ticket to stage the PR, a third ticket to review the PR (because only admins can approve release PRs), and a fourth ticket to merge it in
- rollbacks require director signoff
- at the end of each project the repo must be handed to the admin on a burned CD for "archiving"

And so no one actually uses the official release process, and just does releases out of dev. If you're wondering if IBM sucks, the answer is more than you can possibly imagine.

Its so weird working in this company. No onboarding, no micromanaging, noone to track your progress or performance. U can basically do what u want and ask what u want and requests will be fulfilled.

Initially was assigned to a random team and started fixing stuff. I hated the scope so after 2 months in requested to switch teams, request approved.

3 months in realized I lowballed myself during the interview and actually am doing better than half of the team, so I asked for a 43% bump, request approved.

4 months in I realized that I did atleast 100hrs overtime in a month during crunchtime, burned out. Asked for a paid week off to recover, request approved.

5 months in realized that we have many MR's piling up in the team and I could help with approving some of them, but they grant MR approval rights only when u work here for a year or are a decent dev from the get go. Requested for MR approval rights, request approved.

Again it feels so weird working on a big product with 6-7 scrum teams. Its like there is no bullshit, just ask what you need you will get what you asked so you can continue working.

On the other hand its kinda weird to keep asking everything, in other companies a good teamlead/manager shows more initiative takes care of stuff like this without even asking.

I’m fucking done….
I don’t even know what to tell.
I’m a CTO in a startu. We have pretty good traction, my salary is about average senior dev salary (plus 10%).
I’m good financially.
But I have no more pleasure in work. Like at all.
“This API call performance is bad”
Yeah I know, maybe you shpuldn’t try to call it for 1000 objects at the time ?
“We need to reduce Azure cost”
Yeah I know, but are you ready to live with performances downgrade it will generate ?
“I don’t understand on what thing you worked past week, where is a devops card ?
Fuck you, I’m in extenuating fire mode, I don’t have time for a fucking devops card
“We should migrate whole stack to modern technology, like JavaScript”
Thank you for your imput, Blazor WAS created to avoid JabaScript
“The client has only 1.000.000 records and API doesn’t return them all”
Use fucking paging moron. And BTW, I’m adding “number of authorized requests” shortly.
I can go on and on and on for hours. But the idea is : I completely lost the will or motivation to do anything. I’m considering just to quit and go back to be Junior dev for a random company.

A bot just made 519 pull requests with malicious Makefile code to get a github actions server to send a curl to a random host.

It's gonna be one of those days

I have this project I've inherited, yea I seem to do that a lot, but this damn thing, has to run in php5.4, has deprecated functions for php7 everywhere and a lot of them and there's no classes anywhere beyond some libraries.

Everything is procedural with random scripts being injected left right and center.

I kid you not,

$thisThing = true;
If(x==y)
require "path/to/some/script.php";
else
require "path/to/a/slightly/different/script.php";

If($thisThing === false){
// well it was modified in that small block about 10 different times
}

Those injected scripts then accept data from the parent scope so, looking at file X, you need to have open file A,B, E, and M to understand where variables have been initialised and what there current state could potentially be.

Basically this thing was bandaid after bandaid for feature requests with 0 refactoring.

Here I am trying to implement some basic functionality (should only take an hour or so + a bit of manual testing) but no, I'm literally at the point of hitting the delete button on the entire project and starting again.

Saw this sent into a Discord chat today:

"Warning, look out for a Discord user by the name of "shaian" with the tag #2974. He is going around sending friend requests to random Discord users, and those who accept his friend requests will have their accounts DDoSed and their groups exposed with the members inside it becoming a victim as well. Spread the word and send this to as many discord servers as you can. If you see this user, DO NOT accept his friend request and immediately block him. Discord is currently working on it. SEND THIS TO ALL THE SERVERS YOU ARE IN. This is IMPORTANT: Do not accept a friend request from shaian#2974. He is a hacker.

Tell everyone on your friends list because if somebody on your list adds one of them, they'll be on your list too. They will figure out your personal computer's IP and address, so copy & paste this message where ever you can. He is going around sending friend requests to random discord users, and those who accept his requests will have their accounts and their IP Addresses revealed to him. Spread the word and send this to as many discord servers as you can. If you see this user, DO NOT accept his friend request and immediately block him. Saw this somewhere"

I was so angry I typed up an entire feature-length rant about it (just wanted to share my anger):

"1. Unless they have access to Discord data centres or third-party data centres storing Discord user information I doubt they can obtain the IP just by sending friend requests.

2. Judging by the wording, for example, 'copy & paste this message where ever you can' and 'Spread the word and send this to as many discord servers as you can. If you see this user, DO NOT accept his friend request and immediately block him.' this is most likely BS, prob just someone pissed off at that user and is trying to ruin their reputation etc.. Sentences equivalent to 'spread the word' are literally everywhere in this wall of text.

3. So what if you block the user? You don't even have their user ID, they can change their username and discrim if they want. Also, are you assuming they won't create any alts?

4. Accounts DDoSed? Does the creator of this wall of text even understand what that means? Wouldn't it be more likely that 'shaian' will be DDoSing your computer rather than your Discord account? How would the account even be DDoSed? Does that mean DDoSing Discord's servers themselves?

5. If 'shaian' really had access to Discord's information, they wouldn't need to send friend requests in order to 'DDoS accounts'. Why whould they need to friend you? It doesn't make sense. If they already had access to Discord user IP addresses, they won't even have to interact with the users themselves. Although you could argue that they are trolling and want to get to know the victim first or smth, that would just be inefficient and pointless. If they were DDoSing lots of users it would be a waste of time and resources.

6. The phrase 'Saw this somewhere' at the end just makes it worse. There is absolutely no proof/evidence of any kind provided, let along witnesses.

How do you expect me to believe this copypasta BS scam? This is like that 'Discord will be shutting down' scam a while back.

Why do people even believe this? Do you just blindly follow what others are doing and without thinking, copy and paste random walls of text?

Spreading this false information is pointless and harmful. It only provides benefits to whoever started this whole thing, trying to bring down whoever 'shaian' is.

I don't think people who copy & paste this sort of stuff are ready to use the internet yet.

Would you really believe everything people on the internet tell you?

You would probably say 'no'.

Then why copy & paste this? Do you have a reason?

Or is it 'just because of 'spread the word''?

I'm just sick of seeing people reposting this sort of stuff

People who send this are probably like the people who click 'Yes' to allow an app to make changes in the User Account Control window without reading the information about the publisher's certificate, or the people who click 'Agree' without actually reading the terms and conditions."

Good morning to everyone, except that one Twitter dev who one day woke up and was like "YOU KNOW WHAT, MY APPLICATION WILL FEATURE BOTH OAUTH1 AND OAUTH2 ENDPOINTS, BUT SOME FEATURES WILL BE EXCLUSIVE TO EITHER OF THE TWO -NOT NECESSARILY THE MOST RECENT, JUST A RANDOM ONE-, AND ALSO THE OFFICIAL TWITTER LIBRARY WON'T COVER ALL THE ENDPOINTS SO PEOPLE WILL HAVE TO RESORT TO RAW HTTP REQUESTS INSTEAD OF USING MY SDK AND ALSO I'MMA MAKE DEVELOPERS FILL 2 VERY DETAILED FORMS, REQUIRING PERSONAL DATA AND ACTUAL REAL PHONE CALLS, JUST TO START DEVELOPMENT WITH 7 DIFFERENT AUTHENTICATION TOKENS, BECAUSE SOME REQUESTS WILL REQUIRE A DIFFERENT AUTHENTICATION METHOD THAN THE OTHER REQUESTS DESPITE ALL OF THEM PERTAINING TO THE SAME FUCKING ENTITY"

Storytime!

(I just posted this in a shorter form as a comment but wanted to write it as a post too)

TL;DR, smarts are important, but so is how you work.

My first 'real' job was a lucky break in the .com era working tech support. This was pretty high end / professional / well respected and really well paid work.

I've never been a super fast learner, I was HORRIBLE in school. I was not a good student until I was ~40 (and then I loved it, but no longer have the time :( )

At work I really felt like so many folks around me did a better job / knew more than me. And straight up I know that was true. I was competent, but I was not the best by far.

However .... when things got ugly, I got assigned to the big cases. Particularly when I transferred to a group that dealt with some fancy smancy networking equipment.

The reason I was assigned? Engineering (another department) asked I be assigned. Even when it would take me a while to pickup the case and catch up on what was going on, they wanted the super smart tech support guys off the case, and me on it.

At first this was a bit perplexing as this engineering team were some ultra smart guys, custom chip designers, great education, and guys you could almost see were running a mental simulation of the chip as you described what you observed on the network...

What was also amusing was how ego-less these guys seemed to be (I don't pretend to know if they really were). I knew for a fact that recruiting teams tried to recruit some of these guys for years from other companies before they'd jump ship from one company to the next ... and yet when I met them in person it was like some random meeting on the street (there's a whole other story there that I wish I understood more about Indian Americans (many of them) and American engineers treat status / behave).

I eventually figured out that the reason I was assigned / requested was simple:

1. Support management couldn't refuse, in fact several valley managers very much didn't like me / did not want to give me those cases .... but nobody could refuse the almighty ASIC engineers. No joke, ASIC engineers requests were all but handed down on stone tablets and smote any idols you might have.

2. The engineers trusted me. It was that simple.

They liked to read my notes before going into a meeting / high pressure conference call. I could tell from talking to them on the phone (I was remote) if their mental model was seizing up, or if they just wanted more data, and we could have quick and effective conversations before meetings ;)

I always qualified my answers. If I didn't know I said so (this was HUGE) and I would go find out. In fact my notes often included a list of unknowns (I knew they'd ask), and a list of questions I had sent to / pending for the customer.

The super smart tech support guys, they had egos, didn't want to say they didn't know, and they'd send eng down the rabbit hole. Truth be told most of what the smarter than me tech support guy's knew was memorization. I don't want to sound like I'm knocking that because for the most part memorization would quickly solve a good chunk of tech support calls for sure... no question those guys solved problems. I wish I was able to memorize like those guys.

But memorization did NOT help anyone solve off the wall bugs, sort of emergent behavior, recognize patterns (network traffic and bugs all have patterns / smells). Memorization also wouldn't lead you to the right path to finding ANYTHING new / new methods to find things that you don't anticipate.

In fact relying on memorization like some support folks did meant that they often assumed that if bit 1 was on... they couldn't imagine what would happen if that didn't work, even if they saw a problem where ... bro obviously bit 1 is on but that thing ain't happening, that means A, B, C.

Being careful, asking questions, making lists of what you know / don't know, iterating LOGICALLY (for the love of god change one thing at a time). That's how you solved big problems I found.

Sometimes your skills aren't super smarts, super flashy code, sometimes, knowing every method off the top of your head, sometimes you can excel just being more careful, thinking different.

Dealing with a Salesforce (what else,heh) bug that caused batch payment requests to be fired off at seemingly random intervals. Pretty big consequences to that one.

Of course, the problem is that no-one assumes it's a Salesforce bug, and you have to spend an eternity proving that it's not your fault...

Dear LinkedIn recruiters, have you ever learned how to fucking read ?!!?!!

Just wanted to code some better public transportation route calculator (better ux) and found out that the pt company offers an API.

EVERY FUCKING REQUEST HAS TO BE SENT AGAINST THE SAME FUCKING ENDPOINT IN A POST REQUEST WITH THE ORIGINAL REQUEST AS FUCKING XML IN THE FUCKING BODY. At least they offer xsd files... BUT THATS NO FUCKING HELP. At least not that much of a help. AND THE DOCUMENTATION DOES NOT STATE A SINGLE FUCKING EXAMPLE OF HOW TO USE THAT FUCKING ENDPOINT. I FOUND THIS OUT BY SENDING RANDOM REQUESTS TO THE ENDPOINT TRYING TO REVERSE ENGINEER THE EXISTING FUCKING FRONTEND AND NOW I NOTICED THAT 80% OF THE FUCKING DOCUMENTED FEATURES ARE DISABLED BECAUSE: NOT FUCKING SUPPORTED!!!

MAAAN WHY DO YOU DO THIS.

Alternatively I'd use the GTFS files they provide but THEY ARE FUCKING INCOMPLETE AND DONT STICK TO THE EXISTING STANDARD GOOGLE DEFINED... They also offer a different propietary format... BUT THATS FUCKING UNDOCUMENTED AND FUCKING INCOMPLETE...

PM: Page load times are up. It might be your API blocking requests.

Me: Possible, though most of my load testing was performed against a random sample of requests at nearly 5 times the expected average per minute rate. I can add some logs but I think this is a red herring theory.

PM: Yes add logs, and New Relic and get it released ASAP.

Me: To confirm, you want me to make a bunch of diagnostic changes to a mission-critical API the day before Holiday break...

I felt like that guy from the Apollo 13 team warning Gene Kranz that the LEM was not built for this and I can make no guarantees... Released an hour before we went home for the weekend.

This weeks question fits me well, as I am still unsure about the full details of how the fuck this all came together and was about to just rant about it anyway.

Ever since this companies network equipment and cabling has been updated, a lot of vital tools went down and bug out every now and then, at seemingly random times.

The codebase is a horrible mess to begin with and random things execute at random times and at random places spread all over different resources that get random hooks from random physical values etc.

Turns out (or at least what it so far seems like) all of them somehow sync their clock and other variables based on how many (valid-?) requests it gets per measured time and similar oddities, so when the network equipment got updated, that meant that multiple processes now could reach each other much faster and therefore threw off thousands of values and internal clocks.

There's a total of like 600 systems that are all "separate" from each other but all need to communicate in-sync for the production chain to properly work. Thankfully I didn't sign anything yet, so might actually just redirect them to somebody else, I am not ready to age 20 years, even for the amount that would pay.

Random recruiter from LinkedIn sends an “opportunity” in a well stablished German company in Madrid ..

.. has three entries in requirements for jquery, associated with, and I quote “OOP, Object Programming, and other frameworks” ..

Goes on to require knowledge of “css, scss and saas”, along with “Don HTML” ..

And requests “experience with the principles of agile user interface methodologies” ..

And Angular 1 ..

How would you respond to this one!?

I actually did, corrected the mistakes, told what other mistakes were at the differences between libraries and frameworks, .. and that I don’t like Angular and I’m not interested in learning the old one at all ..

What the fuck is this trend of pricing cloud services by the minute? I mean It's fucking great and all that I buy 2 minutes with a sql db but who the fuck actually does that?

After another night working on a server I (strongly) suggest we move our shit to a cloud service. It's cool providing I promise the costs don't rape us blind folded. Seems easy enough, right? Nope it's not.

6 hours later, halfway to becoming a fucking network engineer and I'm more lost than ever.

Seriously can't the fuck AWS and google cloud show a monthly price - even an estimate for generic shit like $x for the average crappy wp blog!

If anyone has some helpful info / experience on the true cost of hosting generic web apps - the retardedly simple app I'm trying to price is:
1 php web application with 150 domains, 3gb mysql db and 30gb ssd.

I gets has 45000 sessions with 250000 page views.

Your help would be greatly appreciated. Currently I'm leaning towards deploying a clone sending 250 000 random requests and praying my $300 cloud platform credit will cover the bill.

TL;DR I have to bump a Redis cluster from t3.medium to m6g.large just to get enough network bandwidth even though I have no need of the extra memory.

Debugged an interesting issue today.
I am adding Elasticache to a project to reduce strain on the single node postgres DB.
Deployed a Redis replication group with 2 shards, with multi-AZ replication for resilience.

Everything was going well. We arent caching that much atm so was barely using 100Mb of memory.

Suddenly, when our US region comes online, latency skyrockets and the logs are full of Jedis timeout errors.
Still no issue with memory or node CPU.

The cause? Arbitrary network bandwidth throttling by AWS. The app currently processes about 3,000 requests per second so we were exceeding Amazons random ass allowances which arent documented anywhere.

Sigh millions fail
Millions make up bad ideas
Millions more commit crimes
Millions more squabble and weaponize laws to steal the lives of others unsuspecting and innocent or evil
Millions fail at everything
And stress is overwhelming

If we wrote software like this country works random servers would turn off
Coding teams would give up
Make code that didn’t do anything
Redirect requests from one service to another service randomly
And turn off peoples comps

Not to mention set server rooms on fire

Why is it so hard to fix the basis of
Our society so we don’t have to view the same failed commercials with some hyper method yelling about “you want to learn to code !”

And all this other regard shit

Some random weird shit is happening with my Facebook account, I'm getting 2 - 3 new friend requests per hour and I'm not even a celebrity yet, or am I? But seriously what the fuck is that shit, I don't know half the people adding me up and they either have just a profile photo and two posts or are just totally inactive.

God.

God..

Remember that time I said I was lonely and wanted a new clique of friends? I wasn't asking for anything like this.

This is just so fucking annoying and if I get one more of these requests I'll be deactivating this account forever.

*angry faced emoji goes here*