Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "read the privacy policy"
-
I realize I've ranted about this before, but...
Fuck APIs.
First the fact that external services can throw back 500 errors or timeouts when their maintainer did a drunk deploy (but you properly handled that using caching, workers, retry handlers, etc, right? RIGHT?)...
Then the fact that they all speak a variety of languages and dialects (Oh fuck why does that endpoint return a JSON object with int keys instead of a simple array... wait the params are separated with pipe characters? And the other endpoint uses SOAP? Fuck I need to write another wrapper class around the client...)
But the worst thing: It makes developers live in this happy imaginary universe where "malicious" is not a word.
"I found this cloud service which checks our code style" — hmm ok, they seem trustworthy. Hope they don't sell our code, but whatever.
"And look at this thing, it automatically makes database backups, just have to connect to it to DigitalOcean" — uhhh wait...
"And I just built this API client which sends these forms to be OCR processed" — Fuck... stop it... there are bank accounts numbers on those forms... Where's that API even located? What company?
* read their privacy policy *
"We can not guarantee the safety of your personal data, use at your own risk [...] we are located in Russia".
I fucking hate these millennial devs who literally fail to get their head out of the cloud.
Somehow they think it's easier to write all these NodeJS handlers and layers around some API, which probably just calls ImageMagick + Tesseract on the other side.
If I wasn't so fucking exhausted, I'd chop of their heads... but they're like hydra, you seal one privacy breach and another is waiting to be merged, these kids just keep spewing their crap into easy packages, they keep deploying shitty heroku apps... ugh.
😖8 -
Everyone is updating their privacy policy because of GDPR while my mom still busts into my room without knocking.... She hasn't read the GDPR has she?5
-
Paranoid Developers - It's a long one
Backstory: I was a freelance web developer when I managed to land a place on a cyber security program with who I consider to be the world leaders in the field (details deliberately withheld; who's paranoid now?). Other than the basic security practices of web dev, my experience with Cyber was limited to the OU introduction course, so I was wholly unprepared for the level of, occasionally hysterical, paranoia that my fellow cohort seemed to perpetually live in. The following is a collection of stories from several of these people, because if I only wrote about one they would accuse me of providing too much data allowing an attacker to aggregate and steal their identity. They do use devrant so if you're reading this, know that I love you and that something is wrong with you.
That time when...
He wrote a social media network with end-to-end encryption before it was cool.
He wrote custom 64kb encryption for his academic HDD.
He removed the 3 HDD from his desktop and stored them in a safe, whenever he left the house.
He set up a pfsense virtualbox with a firewall policy to block the port the student monitoring software used (effectively rendering it useless and definitely in breach of the IT policy).
He used only hashes of passwords as passwords (which isn't actually good).
He kept a drill on the desk ready to destroy his HDD at a moments notice.
He started developing a device to drill through his HDD when he pushed a button. May or may not have finished it.
He set up a new email account for each individual online service.
He hosted a website from his own home server so he didn't have to host the files elsewhere (which is just awful for home network security).
He unplugged the home router and began scanning his devices and manually searching through the process list when his music stopped playing on the laptop several times (turns out he had a wobbly spacebar and the shaking washing machine provided enough jittering for a button press).
He brought his own privacy screen to work (remember, this is a security place, with like background checks and all sorts).
He gave his C programming coursework (a simple messaging program) 2048 bit encryption, which was not required.
He wrote a custom encryption for his other C programming coursework as well as writing out the enigma encryption because there was no library, again not required.
He bought a burner phone to visit the capital city.
He bought a burner phone whenever he left his hometown come to think of it.
He bought a smartphone online, wiped it and installed new firmware (it was Chinese; I'm not saying anything about the Chinese, you're the one thinking it).
He bought a smartphone and installed Kali Linux NetHunter so he could test WiFi networks he connected to before using them on his personal device.
(You might be noticing it's all he's. Maybe it is, maybe it isn't).
He ate a sim card.
He brought a balaclava to pentesting training (it was pretty meme).
He printed out his source code as a manual read-only method.
He made a rule on his academic email to block incoming mail from the academic body (to be fair this is a good spam policy).
He withdraws money from a different cashpoint everytime to avoid patterns in his behaviour (the irony).
He reported someone for hacking the centre's network when they built their own website for practice using XAMMP.
I'm going to stop there. I could tell you so many more stories about these guys, some about them being paranoid and some about the stupid antics Cyber Security and Information Assurance students get up to. Well done for making it this far. Hope you enjoyed it.26 -
" this page uses cookies"
"We've updated our privacy policy"
*30 sec full screen ad* OR "please turn off your adblocker and refresh"
"Would you like to take a survey?"
"Click to read more"
"You've reached your free articles for the month. Please subscribe!"
Jesus fucking Christ! Is it such a sin to read articles in peace? How does anybody use your shitty site. How does anybody PAY for your shitty site?! Fuck your articles. Why do companies think this is a good model?!5 -
GDPR is about to happen.
Has anyone read the provisions?
It's like they put some flat earther anti-vaxers in a room and made them scribble up a law.
For those who don't know - it's a new, EU-wide "data privacy" law that's about to take effect on May 25th.
The gist of it is that if you fuck up even a little bit, you get to personally pay a fine of up to 10 Million Euros (for companies there's a separate clause, this is for employees only), or/and 2-3 years in jail if that fuck-up has caused material damages.
That little fuck-up can be as simple as losing a tiny amount of data between back-ups, or entrusting a third party with full access to some data (which is not prohibited) without controlling 100% what he can do with that data (which IS prohibited).
I shit you not, these are the explicit articles of that law.
If it is enforced in this way, it is the swift death of European economy. Just because some retards didn't read the privacy policy before agreeing to it, and then made a shit storm, everyone has to suffer.50 -
ARGH!
Since that privacy cookie policy change thingy, every goddamn site pops up the dialog asking about it.
I just want to fucking read the page, quickly; get off my screeeeeeen!
There should be a standard to add something that lets the browser tell the page if you accept cookies or not, and which options to use; or at least make all the sites use a specific attribute for the elements of the div, so it can be automated (I know this is a dream).5 -
I just used booking.com and good fucking god is the whole website a shit infested hell hole. They use scammiest and pushiest techniques to make you book a place asap without giving you space to breathe and read details.
They try to obfuscate what's actually necessary with what they want to take from you. For example just before reserving a room there's a checkbox that's close enough to words "terms and conditions" and "privacy policy" for unsuspecting user to habitually check it to proceed. However, you clicking "reserve" is considered your consent and that checkbox simply adds your email to their spamming list.
There are countless examples of absolute asshole design within every inch of that place and I don't even want to imagine what they do with my data.
Suffice to say this was the first and last time I will use their services and if I were to give any advice, is "don't be the dick responsible for website/app/service similar to booking.com"5 -
Problably Reposting (like 10M times)
Fking Playstore
Uploading my first app
took me almost a hour to make the App
Its taking FOREVER to create everything required to post an App
Privacy Policy only to use the cam to read a qrcode...
Damn -
I'm currently sitting in a hockey arena owned by my city, they offer free wifi, and cause I'm privacy conscious, I try to download a VPN for my computer. The motherfuckers block the download under the vague "violation of use policy" bullshit. Even better, I read the ToS they give you when you connect, and it says sweet fuck all about prohibiting downloads. What the fucking fuck do you have to gain from me not using a god damn VPN. It just makes no god damn sense.3
-
Fucking Hetzner, I am definitely not sending you copy of my ID after I read the privacy policy. Data-hungry cunts. I just hope you send back that 20 euros, you requested on account creation.13
-
This is a continuation of my previous rant about admob being not very informative when it comes to invalid traffic and the resulting restriction in ad delivery.
I then wanted to use admob mediation to hang in facebook ads. My app is written with Xamarin.Forms.
So first I needed to make some facebook configuration - create an account, let my app review, create some ad placements and other shit. I came to the point where I had to put in a link to my privacy policy and the link could not be accepted due to some SSL fuckup -.-'
I then found out that there is an issue with my SSL Chain. With the help of whatsmychaincert.com I solved that issue. Little side note here: I have limited knowledge of that stuff and my cousin helped me set up my homepage so I had no idea what I was doing. Did a snapshot and luckily I did not needed that as everything worked :)
This took me around half an hour just so I can paste the fucking link to activate my app in facebook developer portal.
After that I made the whole mediation configuration shit - not an issue as google documented this quite well but it took some time.
Now comes the shitty part. To use admob mediation you need adapters to the other ad network. I found a nuget package with exactly what I needed just to find out that it is outdated. So I pulled the repo and saw that this thing is an aar binding library. Never did that stuff so I read some docs again. Updated the package and consumed it in my app.
The google docs then said "Use this mediation test shit to check if you did everything correct before going prod" - aar binding nr. 2 (but I am now familiar with that :P). This thing then told me that facebook ads could not be loaded because the SDK version is outdated -.-' SDK version comes from another nuget package which is referenced by the first aar thingie. I tracked that thing back to a repo where I found out that they are indeed totally behind. So I downloaded the aar, made a binding lib and bound that to my first aar binding lib as that depends on this.
Put that all back in my app - tested mediation and fucking finally after 6 hours everything comes together! all lights are green and things work.
Sorry if this is not quite a rant but it was quite a journey and I just had to share it.