Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "remote access"
-
*Dev in his 40's from our counter-part office.
Me: Here's my SSH keys.
Dev: What's this?
Me: SSH keys. Give me access to the repository.
Dev: We don't use any version control here. Let's just use FTP or Remote Desktop and just download the codes.19 -
Things have been a little too quiet on my side here, so its time for an exciting new series:
practiseSafeHex's new life as a manager.
Episode 1: Dealing with the new backend team
It's great to be back folks. Since our last series where we delved into the mind numbing idiocy of former colleagues, a lot has changed. I've moved to a new company and taken a step up as a Dev manager / Tech lead. Now I know what you are all thinking, sounds more dull and boring right? Well it wouldn't be a practiseSafeHex series if we weren't ...
<audience-shouting>
DEALING! ... WITH! ... IDIOTS!
</audience-shouting>
Bingo! so lets jump right in and kick us off with a good one.
So for the past few months i've been on an on-boarding / fact finding / figuring out this shit-storm, mission to understand more about what it is i'm suppose to do and how to do it. Last week, as part of this, I had the esteemed pleasure of meeting face to face with the remote backend team i've been working with. Lets rattle off a few facts to catch us all up:
- 8 hour time difference to me
- No documentation other than a non-maintained swagger doc
- Swagger is reporting errors and several of the input models are just `Type: String`
- The one model that seems accurate, has every property listed as optional, including what must be the primary key
- Properties go missing and get removed at the drop of a hat and we are never told.
- First email I sent them took 27 days to reply, my response to that hasn't been answered so far 31 days later (new record! way to go team, I knew we could do it!!!)
- I deal directly with 2 of them, the manager and the tech lead. Based on how things have gone so far, i've nick named them:
1) Ass
2) Hole
So lets look at some example of their work:
- I was trying to test the new backend, I saw no data in QA. They said it wouldn't show up until mid day their time, which is middle of the night for us. I said we need data in our timezone and I was told: a) "You don't understand how big this system is" (which is their new catch phrase) b) "Your timezone is not my concern"
- The whole org started testing 2 days later. The next day a member from each team was on a call and I was asked to give an update of how the testing was going on the mobile side. I said I was completely blocked because I can't get test data. Backend were asked to respond. They acknowledged they were aware, but that mobile don't understand how big the system is, and that the mobile team need to come up with ideas for the backend team, as to how mobile can test it. I said we can't do anything without test data, they said ... can you guess what? ... correct "you don't understand how big the system is"
- We eventually got something going and I noticed that only 1 of the 5 API changes due on their side was done. Opened tickets. 2 days later asked them for progress and was told that "new findings" always go to the bottom of the backlog, and they are busy with other things. I said these were suppose to be done days ago. They said you can't give us 2 days notice and expect everything done. I said the original ticket was opened a month a go *sends link* ......... *long silence* ...... "ok, but you don't understand how big the system is, this is a lot of work"
- We were on a call. Product was asking the backend manager (aka "Ass") a question about a slight upgrade to the new feature. While trying to talk, the tech lead (aka "Hole") kept cutting everyone off by saying loudly "but thats not in scope". The question was "is this possible in the future" and "how long would it take", coming from management and product development. Hole just kept saying "its not in scope", until he was told to be quiet by several people.
- An API was sending down JSON with a string containing a message for the user with 2 bits of data inside it. We asked for one of those pieces to also come down as a property as the string can change and we needed it client side. We got that. A few days later we found an edge case and asked for the second piece of data to be a property too. Now keep in mind, they clearly already have access to them in order to make the string. We were told "If you keep requesting changes like this, you are going to delay the release of the backend by up to 2 weeks"
Yes folks, there you have it, the most minuscule JSON modifications, can delay your release by up to 2 weeks ........ maybe I should just tell product, that they don't understand how big the app is, and claim we can't build it on our side? Seems to work for them
Thats all the time we have for today,
Tune in for more, where we'll be looking into such topics as:
- If god himself was an iOS developer ... not
- Why automate when you can spend all day doing it by hand
- Its more time-efficient to just give everything a story point of 5
- Why waste time replying to emails ... when you can do nothing instead
See you all next week,
practiseSafeHex14 -
"full stack" means "you'll be doing everything from gathering client requirements through data architecture up to the UI design and of course implementing all of it"
"backend" means "you'll be coding everything from database through server-side code and client-side code including html and css"
"we need you on-site all day every day" means "we have no idea how and why we should use repositories with remote access despite being a company developing an internet app, and we don't trust that you would be working anyway"
"interesting challenging projects" means "the same boring crap as every other company, running on an incredibly botched and dezorganized codebase".
"competitive pay" means "actual pay is around 1.5 times the minimum allowed pay, and everything else is being siphoned off into (stupid and useless) 'benefits' like massage and fitness discount coupons"
"friendly collective having fun at numerous company events each years" means "it is mandatory for you to participate on our weekend drinking retreats but you'll only find out when we fire you because you're 'not a team player' after you refused to participate on those"9 -
A quite severe vulnerability was found in Skype (at least for windows, not sure about other systems) allowing anyone with system access (remote or local) to replace the update files skype downloads before updating itself with malicious versions because skype doesn't check the integrity of local files. This could allow an attacker to, once gaining access to the system, 'inject' any malicious DLL into skype by placing it in the right directory with the right file name and waiting for the user to update (except with auto updates of course).
From a company like Microsoft, taking in mind that skype has hundreds of millions of users worldwide, I'd expect them to take a very serious stance on this and work on a patch as soon as possible.
What they said about this: they won't be fixing it anytime soon as it would require a quite big rewrite of skype.
This kinda shit makes me so fucking angry, especially when it comes from big ass companies 😡. Take your fucking responsibility, Microsoft.16 -
This is super childish but it's the gameserver insidstry and karma is a bitch.
TLDR: I hacked my boss
I was working for a gameserver and I did development for about 3 months and was promised pay after the network was released. I followed through with a bunch of dev friends and the guy ended up selling our work. He didn't know that I was aware of this as he tried to tell people to not tell us but one honest person came forward and said he sold our work for about 8x the price of what he owed ALL OF US collectively.
I proceeded to change the server password and when he asked why he couldn't log in I sent him an executable (a crypted remote access tool) and told him it was an "encryption tunnel" that makes ssh and file transfers secure. Being the idiot that he is he opened it and I snagged all of his passwords including his email and I changed them through a proxy on his machine to ensure I wouldn't get two factored with Google. After I was done I deleted system 32 :337 -
Worst thing you've seen another dev do? Long one, but has a happy ending.
Classic 'Dev deploys to production at 5:00PM on a Friday, and goes home.' story.
The web department was managed under the the Marketing department, so they were not required to adhere to any type of coding standards and for months we fought with them on logging. Pre-Splunk, we rolled our own logging/alerting solution and they hated being the #1 reason for phone calls/texts/emails every night.
Wanting to "get it done", 'Tony' decided to bypass the default logging and send himself an email if an exception occurred in his code.
At 5:00PM on a Friday, deploys, goes home.
Around 11:00AM on Sunday (a lot folks are still in church at this time), the VP of IS gets a call from the CEO (who does not go to church) about unable to log into his email. VP has to leave church..drive home and find out he cannot remote access the exchange server. He starts making other phone calls..forcing the entire networking department to drive in and get email back up (you can imagine not a group of happy people)
After some network-admin voodoo, by 12:00, they discover/fix the issue (know it was Tony's email that was the problem)
We find out Monday that not only did Tony deploy at 5:00 on a Friday, the deployment wasn't approved, had features no one asked for, wasn't checked into version control, and the exception during checkout cost the company over $50,000 in lost sales.
Was Tony fired? Noooo. The web is our cash cow and Tony was considered a top web developer (and he knew that), Tony decided to blame logging. While in the discovery meeting, Tony told the bosses that it wasn't his fault logging was so buggy and caused so many phone calls/texts/emails every night, if he had been trained properly, this problem could have been avoided.
Well, since I was responsible for logging, I was next in the hot seat.
For almost 30 minutes I listened to every terrible thing I had done to Tony ever since he started. I was a terrible mentor, I was mean, I was degrading, etc..etc.
Me: "Where is this coming from? I barely know Tony. We're not even in the same building. I met him once when he started, maybe saw him a couple of times in meetings."
Andrew: "Aren't you responsible for this logging fiasco?"
Me: "Good Lord no, why am I here?"
Andrew: "I'll rephrase so you'll understand, aren't you are responsible for the proper training of how developers log errors in their code? This disaster is clearly a consequence of your failure. What do you have to say for yourself?"
Me: "Nothing. Developers are responsible for their own choices. Tony made the choice to bypass our logging and send errors to himself, causing Exchange to lockup and losing sales."
Andrew: "A choice he made because he was not properly informed of the consequences? Again, that is a failure in the proper use of logging, and why you are here."
Me: "I'm done with this. Does John know I'm in here? How about you get John and you talk to him like that."
'John' was the department head at the time.
Andrew:"John, have you spoken to Tony?"
John: "Yes, and I'm very sorry and very disappointed. This won't happen again."
Me: "Um...What?"
John: "You know what. Did you even fucking talk to Tony? You just sit in your ivory tower and think your actions don't matter?"
Me: "Whoa!! What are you talking about!? My responsibility for logging stops with the work instructions. After that if Tony decides to do something else, that is on him."
John: "That is not how Tony tells it. He said he's been struggling with your logging system everyday since he's started and you've done nothing to help. This behavior ends today. We're a fucking team. Get off your damn high horse and help the little guy every once in a while."
Me: "I don't know what Tony has been telling you, but I barely know the guy. If he has been having trouble with the one line of code to log, this is the first I've heard of it."
John: "Like I said, this ends today. You are going to come up with a proper training class and learn to get out and talk to other people."
Over the next couple of weeks I become a powerpoint wizard and 'train' anyone/everyone on the proper use of logging. The one line of code to log. One line of code.
A friend 'Scott' sits close to Tony (I mean I do get out and know people) told me that Tony poured out the crocodile tears. Like cried and cried, apologizing, calling me everything but a kitchen sink,...etc. It was so bad, his manager 'Sally' was crying, her boss 'Andrew', was red in the face, when 'John' heard 'Sally' was crying, you can imagine the high levels of alpha-male 'gotta look like I'm protecting the females' hormones flowing.
Took almost another year, Tony released a change on a Friday, went home, web site crashed (losses were in the thousands of $ per minute this time), and Tony was not let back into the building on Monday (one of the best days of my life).10 -
this.title = "gg Microsoft"
this.metadata = {
rant: true,
long: true,
super_long: true,
has_summary: true
}
// Also:
let microsoft = "dead" // please?
tl;dr: Windows' MAX_PATH is the devil, and it basically does not allow you to copy files with paths that exceed this length. No matter what. Even with official fixes and workarounds.
Long story:
So, I haven't had actual gainful employ in quite awhile. I've been earning just enough to get behind on bills and go without all but basic groceries. Because of this, our electronics have been ... in need of upgrading for quite awhile. In particular, we've needed new drives. (We've been down a server for two years now because its drive died!)
Anyway, I originally bought my external drive just for backup, but due to the above, I eventually began using it for everyday things. including Steam. over USB. Terrible, right? So, I decided to mount it as an internal drive to lower the read/write times. Finding SATA cables was difficult, the motherboard's SATA plugs are in a terrible spot, and my tiny case (and 2yo) made everything soo much worse. It was a miserable experience, but I finally got it installed.
However! It turns out the Seagate external drives use some custom drive header, or custom driver to access the drive, so Windows couldn't read the bare drive. ffs. So, I took it out again (joy) and put it back in the enclosure, and began copying the files off.
The drive I'm copying it to is smaller, so I enabled compression to allow storing a bit more of the data, and excluded a couple of directories so I could copy those elsewhere. I (barely) managed to fit everything with some pretty tight shuffling.
but. that external drive is connected via USB, remember? and for some reason, even over USB3, I was only getting ~20mb/s transfer rate, so the process took 20some hours! In the interim, I worked on some projects, watched netflix, etc., then locked my computer, and went to bed. (I also made sure to turn my monitors and keyboard light off so it wouldn't be enticing to my 2yo.) Cue dramatic music ~
Come morning, I go to check on the progress... and find that the computer is off! What the hell! I turn it on and check the logs... and found that it lost power around 9:16am. aslkjdfhaslkjashdasfjhasd. My 2yo had apparently been playing with the power strip and its enticing glowing red on/off switch. So. It didn't finish copying.
aslkjdfhaslkjashdasfjhasd x2
Anyway, finding the missing files was easy, but what about any that didn't finish? Filesizes don't match, so writing a script to check doesn't work. and using a visual utility like windirstat won't work either because of the excluded folders. Friggin' hell.
Also -- and rather the point of this rant:
It turns out that some of the files (70 in total, as I eventually found out) have paths exceeding Windows' MAX_PATH length (260 chars). So I couldn't copy those.
After some research, I learned that there's a Microsoft hotfix that patches this specific issue! for my specific version! woo! It's like. totally perfect. So, I installed that, restarted as per its wishes... tried again (via both drag and `copy`)... and Lo! It did not work.
After installing the hotfix. to fix this specific issue. on my specific os. the issue remained. gg Microsoft?
Further research.
I then learned (well, learned more about) the unicode path prefix `\\?\`, which bypasses Windows kernel's path parsing, and passes the path directly to ntfslib, thereby indirectly allowing ~32k path lengths. I tried this with the native `copy` command; no luck. I tried this with `robocopy` and cygwin's `cp`; they likewise failed. I tried it with cygwin's `rsync`, but it sees `\\?\` as denoting a remote path, and therefore fails.
However, `dir \\?\C:\` works just fine?
So, apparently, Microsoft's own workaround for long pathnames doesn't work with its own utilities. unless the paths are shorter than MAX_PATH? gg Microsoft.
At this point, I was sorely tempted to write my own copy utility that calls the internal Windows APIs that support unicode paths. but as I lack a C compiler, and haven't coded in C in like 15 years, I figured I'd try a few last desperate ideas first.
For the hell of it, I tried making an archive of the offending files with winRAR. Unsurprisingly, it failed to access the files.
... and for completeness's sake -- mostly to say I tried it -- I did the same with 7zip. I took one of the offending files and made a 7z archive of it in the destination folder -- and, much to my surprise, it worked perfectly! I could even extract the file! Hell, I could even work with paths >340 characters!
So... I'm going through all of the 70 missing files and copying them. with 7zip. because it's the only bloody thing that works. ffs
Third-party utilities work better than Microsoft's official fixes. gg.
...
On a related note, I totally feel like that person from http://xkcd.com/763 right now ;;21 -
An intern I was supposed to lead (as an intern) and work with. Which sounded kinda crazy to me, but also fun so I rolled with it. But when I met her I quickly found out she didn't even have a coding editor installed and when I advised one she was "scared of virusses". She had Microsoft Edge in her toolbar, and some picture of a cat as a background. We were given some project by our boss, and a freelance programmer helped us set it up on Trello. Great, lets start! Oke maybe first some R&D, she had to reaeach how to use the Twilio API. After catching her on WhatsApp a few times I realised this wasnt gonna go anywere. After a few weeks of coding and posting a initial project to git I asked her if she could show me the code of the API she made so far..
She told me she was using the quickstart guide (the last 3 FUCKING weeks) which contained some test project with specific use cases.
The one that I did 3 weeks ago that same fucking morning.
AND SHE WAS STILL NOT DONE...
A few days later I asked her about the progress (strangly, I wasn't allowed ti give her another task bcs the freelanc already did) and guess what... She got fking pissed at me
Her: "I will come to you when im done, ok?"
Me: "I just want to see how it is going so far and if you are running into any problems!"
Her: "I dont want to show you right now"
She then goes to my fucking boss to tell him I am bothering her.
And omg... Please dear god please kill me now...
Instead of him saying the she probably didn't do shit. He says to me that the girl thinks im looking down on her and she needs a stress free environment to work in. She will show me when its done. ITS A FUCKING QUICKSTART GUIDE YOU DUMB BITCH.
He then procceeded to whine to me about the email template (another project I do at the same time) which didn't look perfect in all of his clients.
Dont they understand that I am not a frontend developer? Can you stop please? I know nothing about email templates, I told you this!!!
Really... the whole fucking internship the only thing the girl did was ask people if they want more tea. Then she starts cleaning the windows, talk to people for an hour, or clean everyone's dask.
all this while I already made 50% of the fucking product and she just finished the quickstart tutorial 😭. Truly 2 months wasted, and the worse thing is I didn't get any apprication. They constantly blamed me and whined at me. Sometimes for being 3 minutes late, the other for smoking too much, or because I drink to much coffee, or that I dont eat healthy. They even forced me to play Ping Pong. While im just trying to do my job. One of the worst things they got mad at me for if when my laptop got hacked bcs it was infected with some virus. He had remote access and bought 5 iPhones 6's with my paypal while I was on break. I had to go home and quickly reset all my passwords and make sure the iPhones wouldnt get delivered. strange this was, this laptop I only used at the company. So it must have been software I had to download there. Probably phpstorm (torrent). Bcs nobody would give me a license. And the freelancer said I * have to *.
the monday after I still had to reinstall windows so I called them and said I would be late. when I came they were so disrepectfull and didn't understand anything. It went a little like this:
Boss: why u late?
Me: had to reinstall my laptop, sorry.
Boss: why didnt you do this in your own time?
Me: well, I didn't have any time.
Boss: cant you do this in the weekend or something? Because now we have to pay you several hours bcs you downloaded something at home.
Me: I am only using this laptop for work so thats not possible.
Boss: how can that even be possible? You are not doing anything at home with your laptop? Is that why you never do anything at home?
Me: uhm, I have desktop computer you know. Its much faster. And I also need to rest sometimes. Areeb (freelancer) told me to torrent the software. He gave me the link. 2 days later this happends
Boss: Ahh okeee I see.. Well dont let it happen again.
After that nobody at the compamy trusted me with anything computer related. Yes it was my own fault I downloaded a virus but it can happen to anyone. After that I never used Windows again btw, also no more auto login apps.8 -
I'm getting ridiculously pissed off at Intel's Management Engine (etc.), yet again. I'm learning new terrifying things it does, and about more exploits. Anything this nefarious and overreaching and untouchable is evil by its very nature.
(tl;dr at the bottom.)
I also learned that -- as I suspected -- AMD has their own version of the bloody thing. Apparently theirs is a bit less scary than Intel's since you can ostensibly disable it, but i don't believe that because spy agencies exist and people are power-hungry and corrupt as hell when they get it.
For those who don't know what the IME is, it's hardware godmode. It's a black box running obfuscated code on a coprocessor that's built into Intel cpus (all Intell cpus from 2008 on). It runs code continuously, even when the system is in S3 mode or powered off. As long as the psu is supplying current, it's running. It has its own mac and IP address, transmits out-of-band (so the OS can't see its traffic), some chips can even communicate via 3g, and it can accept remote commands, too. It has complete and unfettered access to everything, completely invisible to the OS. It can turn your computer on or off, use all hardware, access and change all data in ram and storage, etc. And all of this is completely transparent: when the IME interrupts, the cpu stores its state, pauses, runs the SMM (system management mode) code, restores the state, and resumes normal operation. Its memory always returns 0xff when read by the os, and all writes fail. So everything about it is completely hidden from the OS, though the OS can trigger the IME/SMM to run various functions through interrupts, too. But this system is also required for the CPU to even function, so killing it bricks your CPU. Which, ofc, you can do via exploits. Or install ring-2 keyloggers. or do fucking anything else you want to.
tl;dr IME is a hardware godmode, and if someone compromises this (and there have been many exploits), their code runs at ring-2 permissions (above kernel (0), above hypervisor (-1)). They can do anything and everything on/to your system, completely invisibly, and can even install persistent malware that lives inside your bloody cpu. And guess who has keys for this? Go on, guess. you're probably right. Are they completely trustworthy? No? You're probably right again.
There is absolutely no reason for this sort of thing to exist, and its existence can only makes things worse. It enables spying of literally all kinds, it enables cpu-resident malware, bricking your physical cpu, reading/modifying anything anywhere, taking control of your hardware, etc. Literal godmode. and some of it cannot be patched, meaning more than a few exploits require replacing your cpu to protect against.
And why does this exist?
Ostensibly to allow sysadmins to remote-manage fleets of computers, which it does. But it allows fucking everything else, too. and keys to it exist. and people are absolutely not trustworthy. especially those in power -- who are most likely to have access to said keys.
The only reason this exists is because fucking power-hungry doucherockets exist.26 -
Not really dev as much but still IT related 😂
in college we got some new macs in our class. Before we were allowed to use them the "IT Tech" came in and did something to them all (probably ran some scripts to set stuff up)
Anyway, I was completely new to OS X and accidentally pressed a key combo that opened up a dialogue to connect to a remote file server. I saw the address field was already filled out (from when the IT Tech was running the scripts). So me being me I decided to connect. Low and behold my student credentials got me in.
Taking a look around I found scripts, backups and all sorts of stuff. I decided to look at some of the scripts to see what they did. One of them was a script to add the Mac to the domain. Here's the funny part. The login to do that was hard coded into the script....
To conclude. I now have domain level access to my whole college network 🙃
Tl;Dr: stupid it tech saves password in script. I find it. I now have domain level access to the college network14 -
The stupid stories of how I was able to break my schools network just to get better internet, as well as more ridiculous fun. XD
1st year:
It was my freshman year in college. The internet sucked really, really, really badly! Too many people were clearly using it. I had to find another way to remedy this. Upon some further research through Google I found out that one can in fact turn their computer into a router. Now what’s interesting about this network is that it only works with computers by downloading the necessary software that this network provides for you. Some weird software that actually looks through your computer and makes sure it’s ok to be added to the network. Unfortunately, routers can’t download and install that software, thus no internet… but a PC that can be changed into a router itself is a different story. I found that I can download the software check the PC and then turn on my Router feature. Viola, personal fast internet connected directly into the wall. No more sharing a single shitty router!
2nd year:
This was about the year when bitcoin mining was becoming a thing, and everyone was in on it. My shitty computer couldn’t possibly pull off mining for bitcoins. I needed something faster. How I found out that I could use my schools servers was merely an accident.
I had been installing the software on every possible PC I owned, but alas all my PC’s were just not fast enough. I decided to try it on the RDS server. It worked; the command window was pumping out coins! What I came to find out was that the RDS server had 36 cores. This thing was a beast! And it made sense that it could actually pull off mining for bitcoins. A couple nights later I signed in remotely to the RDS server. I created a macro that would continuously move my mouse around in the Remote desktop screen to keep my session alive at all times, and then I’d start my bitcoin mining operation. The following morning I wake up and my session was gone. How sad I thought. I quickly try to remote back in to see what I had collected. “Error, could not connect”. Weird… this usually never happens, maybe I did the remoting wrong. I went to my schools website to do some research on my remoting problem. It was down. In fact, everything was down… I come to find out that I had accidentally shut down the schools network because of my mining operation. I wasn’t found out, but I haven’t done any mining since then.
3rd year:
As an engineering student I found out that all engineering students get access to the school’s VPN. Cool, it is technically used to get around some wonky issues with remoting into the RDS servers. What I come to find out, after messing around with it frequently, is that I can actually use the VPN against the screwed up security on the network. Remember, how I told you that a program has to be downloaded and then one can be accepted into the network? Well, I was able to bypass all of that, simply by using the school’s VPN against itself… How dense does one have to be to not have patched that one?
4th year:
It was another programming day, and I needed access to my phones memory. Using some specially made apps I could easily connect to my phone from my computer and continue my work. But what I found out was that I could in fact travel around in the network. I discovered that I can, in fact, access my phone through the network from anywhere. What resulted was the discovery that the network scales the entirety of the school. I discovered that if I left my phone down in the engineering building and then went north to the biology building, I could still continue to access it. This seems like a very fatal flaw. My idea is to hook up a webcam to a robot and remotely controlling it from the RDS servers and having this little robot go to my classes for me.
What crazy shit have you done at your University?9 -
Worst thing you've seen another dev do? So many things. Here is one...
Lead web developer had in the root of their web application config.txt (ex. http://OurPublicSite/config.txt) that contained passwords because they felt the web.config was not secure enough. Any/all applications off of the root could access the file to retrieve their credentials (sql server logins, network share passwords, etc)
When I pointed out the security flaw, the developer accused me of 'hacking' the site.
I get called into the vice-president's office which he was 'deeply concerned' about my ethical behavior and if we needed to make any personnel adjustments (grown-up speak for "Do I need to fire you over this?")
Me:"I didn't hack anything. You can navigate directly to the text file using any browser."
Dev: "Directory browsing is denied on the root folder, so you hacked something to get there."
Me: "No, I knew the name of the file so I was able to access it just like any other file."
Dev: "That is only because you have admin permissions. Normal people wouldn't have access"
Me: "I could access it from my home computer"
Dev:"BECAUSE YOU HAVE ADMIN PERMISSIONS!"
Me: "On my personal laptop where I never had to login?"
VP: "What? You mean ...no....please tell me I heard that wrong."
Dev: "No..no...its secure....no one can access that file."
<click..click>
VP: "Hmmm...I can see the system administration password right here. This is unacceptable."
Dev: "Only because your an admin too."
VP: "I'll head home over lunch and try this out on my laptop...oh wait...I left it on...I can remote into it from here"
<click..click..click..click>
VP: "OMG...there it is. That account has access to everything."
<in an almost panic>
Dev: "Only because it's you...you are an admin...that's what I'm trying to say."
Me: "That is not how our public web site works."
VP: "Thank you, but Adam and I need to discuss the next course of action. You two may go."
<Adam is her boss>
Not even 5 minutes later a company wide email was sent from Adam..
"I would like to thank <Dev> for finding and fixing the security flaw that was exposed on our site. She did a great job in securing our customer data and a great asset to our team. If you see <Dev> in the hallway, be sure to give her a big thank you!"
The "fix"? She moved the text file from the root to the bin directory, where technically, the file was no longer publicly visible.
That 'pattern' was used heavily until she was promoted to upper management and the younger webdev bucks (and does) felt storing admin-level passwords was unethical and found more secure ways to authenticate.5 -
The gift that keeps on giving... the Custom CMS Of Doom™
I've finally seen enough evidence why PHP has such a bad reputation to the point where even recruiters recommended me to remove my years of PHP experience from the CV.
The completely custom CMS written by company <redacted>'s CEO and his slaves features the following:
- Open for SQL injection attacks
- Remote shell command execution through URL query params
- Page-specific strings in most core PHP files
- Constructors containing hundreds of lines of code (mostly used to initialize the hundreds of properties
- Class methods containing more than 1000 lines of code
- Completely free of namespaces or package managers (uber elite programmers use only the root namespace)
- Random includes in any place imaginable
- Methods containing 1 line: the include of the file which contains the method body
- SQL queries in literally every source file
- The entrypoint script is in the webroot folder where all the code resides
- Access to sensitive folders is "restricted" by robots.txt 🤣🤣🤣🤣
- The CMS has its own crawler which runs by CRONjob and requests ALL HTML links (yes, full content, including videos!) to fill a database of keywords (I found out because the server traffic was >500 GB/month for this small website)
- Hundreds of config settings are literally defined by "define(...)"
- LESS is transpiled into CSS by PHP on requests
- .......
I could go on, but yes, I've seen it all now.12 -
Worst WTF dev experience? The login process from hell to a well-fortified dev environment at a client's site.
I assume a noob admin found a list of security tips and just went like "all of the above!".
You boot a Linux VM, necessary to connect to their VPN. Why necessary? Because 1) their VPN is so restrictive it has no internet access 2) the VPN connection prevents *your local PC* from accessing the internet as well. Coworkers have been seen bringing in their private laptops just to be able to google stuff.
So you connect via Cisco AnyConnect proprietary bullshit. A standard VPN client won't work. Their system sends you a one-time key via SMS as your password.
Once on their VPN, you start a remote desktop session to their internal "hopping server", which is a Windows server. After logging in with your Windows user credentials, you start a Windows Remote Desktop session *on that hopping server* to *another* Windows server, where you login with yet another set of Windows user credentials. For all these logins you have 30 seconds, otherwise back to step 1.
On that server you open a browser to access their JIRA, GitLab, etc or SSH into the actual dev machines - which AGAIN need yet another set of credentials.
So in total: VM -> VPN + RDP inside VM -> RDP #2 -> Browser/SSH/... -> Final system to work on
Input lag of one to multiple seconds. It was fucking unusable.
Now, the servers were very disconnect-happy to prevent anything "fishy" going on. Sitting at my desk at my company, connected to my company's wifi, was apparently fishy enough to kick me out every 5 to 20 minutes. And that meant starting from step 1 inside the VM again. So, never forget to plugin your network cable.
There's a special place in hell for this admin. And if there isn't, I'll PERSONALLY make the devil create one. Even now that I'm not even working on this any more.8 -
The riskiest dev choice...
How about "The riskiest thing you've done as a dev"? I have a great entry for that. and I suppose it was my choice to build the feature afterall.
I was working on an instance of a small MMO at a game company I worked for. The MMO boasted multiple servers, each of them a vastly different take on the base game. We could use, extend, or outright replace anything we wanted to, leading to everything from Zelda to pokemon to an RP haven to a top-down futuristic counterstrike. The server in this particular instance was a fantasy RPG, and I was building it a new leveling and experience system with most of the trimmings. (Talents, feats/perks, etc. were in a future update.)
A bit of background, first: the game's dev setup did not have the now-standard dev/staging/prod servers; everything ran on prod, devs worked on prod, players connected and played on prod, etc. Worse yet, there was no backup system implemented -- or not really. The CTO was really the only person with sufficient access. The techy CEO did as well, but he rarely dealt with anything technical except server hardware, occasionally. And usually just to troll/punish us devs (as in "Oops ! I pulled the cat5 ! ;)"). Neither of them were the most reliable of people, either. The CTO would occasionally remote in and make backups of each server -- we assumed whenever he happened to think of it -- and would also occasionally do it when asked, but it could take him a week, sometimes even up to a month to get around to it. So the backups were only really useful for retreiving lost code and assets, not so much for player data.
The lack of reliable backups and the lack of proper testing grounds (among the plethora of other issues at the company) made for an absolutely terrible dev setup, but that's just how it was, and that's what we dealt with. We were game devs, afterall. Terrible or not, we got to make games! What more could you ask for!? It was amazing and terrible and wonderful and the worst thing ever, all at the same time. (and no, I'm not sharing the company name, but it isn't EA or Nexon, surprisingly 😅)
Anyway, back to the story! My new leveling system also needed to migrate players' existing data, so... you can see where this is going.
I did as much testing and inspection of my code as I could, copied it from a personal dev script to the server's xp system, ... and debated if I really wanted to click [Apply]. Every time I considered it, I went back to check another part or do yet more testing. I ended up taking like 40 minutes to finally click it.
And when I did... that was the scariest button press of my life. And the scariest three seconds' wait afterwards. That one click could have ruined every single player's account, permanently lost us players ...
After applying it, I immediately checked my character to see if she was broken, checked the account data for corruption or botched flags, checked for broken interactions with the other systems....
Everything ended up working out perfectly, and the players loved all of the new features. They had no idea what went into building them, and certainly had no idea of what went into applying them, or what could have gone wrong -- which is probably a good thing.
Looking back, that entire environment was so fragile, it's a wonder things didn't go horribly wrong all the time. Really, they almost never did. Apocalypses did happen, but were exceedingly rare, and were ususally fixed quickly. I guess we were all super careful simply because everything was so fragile? or the decent devs were, at least. We never trusted the lessers with access 😅 at least on the main servers where it mattered. Some of the smaller servers... well, we never really cared about those.
But I'm honestly more surprised to realize I've never had nightmares of that button click. It was certainly terrifying enough.
But yay! Complete system overhaul and migration of stored and realtime player data! on prod! With no issues! And lots of happy players! Woooooo!
Thinking back on it makes me happy 😊rant deploying straight to prod prod prod prod dev server? dev on prod you chicken migration on prod wk149 git? who's a git? you're a git! scariest deploy ever game development1 -
Hi Dev Ranter,
My name is John Smith and I came accross to your resume on Linked In and I was very impressed. Would you be interested in a 5 min call?
Job Details:
Required skills (all expert levels): C#, JAVA, Clojure, C, PHP, Frontend, Backend, Agile, MVP, Baking, Redis, Apache, IIS, RoR, Angular, React, Vue, MySQL, MSSIS, MSSQL, ORACLE, PostgreSQL, Access, Python, Machine Learning, HTML, CSS, Fortran, C++, Game design, Book writing, PCI - Compliance
Salary: $15/Hours no benefits
Duration: 2 Months (possible extension, plus we can fire you at will)
Place: Remote (with work tracking software)
Hours: 5am - 1pm, 6pm - 11pm
Expect to work on weekends
You will be managing people as well as building applications that had to be running as of yesterday. Team culture is very toxic and no one cares about you.
We care about you though (as long as you deliver)
Looking forward to talk to you.
John Smith
Founder, CEO, Director of Staffing, Entrepeneur
Tech Staffers LLC ( link to a PNG posted on facebook)
Est. 202020 -
I built very involved code with multiple auth systems, async programming, business logic, error handling, and etc. I was asking for the missing environment variables during the call with devops and had a screen share going. Environment variables were the last thing I needed before knowing if it would work. I filled in the config and all the code worked perfectly.
The devs lost their shit. One suggested that I had somehow tested it beforehand because it is impossible that it would work the first time. “How? I didn’t have config details or access to any of the remote APIs until now.”
The dev lead finished the call with, “That was some big brain next level shit.” Then they went and reviewed and tested it after the call and didn’t have much to suggest besides naming nitpicks.
It was at that point I knew I was a hero to the other devs.3 -
I've got a confession to make.
A while ago I refurbished this old laptop for someone, and ended up installing Bodhi on it. While I was installing it however, I did have some wicked thoughts..
What if I could ensure that the system remains up-to-date by running an updater script in a daily cron job? That may cause the system to go unstable, but at least it'd be up-to-date. Windows Update for Linux.
What if I could ensure that the system remains protected from malware by periodically logging into it and checking up, and siphoning out potential malware code? The network proximity that's required for direct communication could be achieved by offering them free access to one of my VPN servers, in the name of security or something like that. Permanent remote access, in the name of security. I'm not sure if Windows has this.
What if I could ensure that the system remains in good integrity by disabling the user from accessing root privileges, and having them ask me when they want to install a piece of software? That'd make the system quite secure, with the only penetration surface now being kernel exploits. But it'd significantly limit what my target user could do with their own machine.
At the end I ended up discarding all of these thoughts, because it'd be too much work to implement and maintain, and it'd be really non-ethical. I felt filthy from even thinking about these things. But the advantages of something like this - especially automated updates, which are a real issue on my servers where I tend to forget to apply them within a couple of weeks - can't just be disregarded. Perhaps Microsoft is on to something?11 -
So I'm moving to a new/bigger place with faster Internet soon so I think it's time to rebuild my current home/remote server setup.
I want to setup the following things:
- vps for server monitoring (open source pushover alternative + netdata)
- Zero tier network for connecting all my servers to the same network
- pihole/pivpn (or the Angristan vpn installer, look it up :)
- second blocking thingy next to pihole to make sure that I literally can't access google/fb etc anymore, even if I really needed/wanted to
- bunch of general servers.
Any ideas?21 -
Inception.
Today I needed to check something in a remote server: this was the easiest way:
1: teamviewer to my home pc from university
2: started a vm on that machine with vpn connection to my work office
3: rdp to a windows server vm
4: ssh to a vm on our hosting cluster
5: from there, ssh to the server that I needed access to7 -
"WTH! Get the fuck out of here, bitch!!".
I started a new job today (remote) and my first task was to improve product sign-up process, basically the UX is shit and the backend is even worse, never felt so bad looking at terrible software design my entire life and career. My first assignment was to introduce some sanity. (Mr. Supervisor's exact words)
Anyway, I report directly to upper management but need to get onboarded by current technology expert who's highly skilled at writing shitty code and is also stupid, literally.
It took the whole day to get him to grant access to the private repo in order to start working but that's not the story.
So, I'm seated, demoralised about the structure of software I have to work on and here I was refreshing localhost:7878 consistently and was consistently getting the message:
"WTH! Get the fuck out of here, bitch!!".
So, this same codebase I have is suppose to be the exact same one that's powering the app in production. I was furious and confused. Is stupid calling me a bitch already??? He wants to fuck??? What the hell!!!
I called him and turns out, I was suppose to switch branches. The branch I had was suppose to show that message intentionally (??!???!???) (His words exactly), I couldn't even muster the words "Why" completely before he hung up.
So basically, I got onboarded today. Quite successfully, I must add, because I know exactly the battlesuit I have to wear to my new remote job going forward!11 -
Me: Boss, i am not qualified for this. This is something totally different that what i do.
Boss: Just do what you can.
* Me does something which seems to work*
-- A few months or even years later:
Boss: Our distributed systems don't longer work. What happened?
Me, after checking different system: Oh, there is a key that expired. I didn't know this key had an expire date. So they can no longer connect.
Turns out we have to visit every remote system (driving distance of a few 100's km) and set a new key. We couldn't do it remotely since we lost access.
Maybe, just maybe, when your employee says he isn't qualified for a task, listen and search someone that know what he is doing.2 -
My school just tried to hinder my revision for finals now. They've denied me access just today of SSHing into my home computer. Vim & a filesystem is soo much better than pen and paper.
So I went up to the sysadmin about this. His response: "We're not allowing it any more". That's it - no reason. Now let's just hope that the sysadmin was dumb enough to only block port 22, not my IP address, so I can just pick another port to expose at home. To be honest, I was surprised that he even knew what SSH was. I mean, sure, they're hired as sysadmins, so they should probably know that stuff, but the sysadmins in my school are fucking brain dead.
For one, they used to block Google, and every other HTTPS site on their WiFi network because of an invalid certificate. Now it's even more difficult to access google as you need to know the proxy settings.
They switched over to forcing me to remote desktop to access my files at home, instead of the old, faster, better shared web folder (Windows server 2012 please help).
But the worst of it includes apparently having no password on their SQL server, STORING FUCKING PASSWORDS IN PLAIN TEXT allowing someone to hijack my session, and just leaving a file unprotected with a shit load of people's names, parents, and home addresses. That's some super sketchy illegal shit.
So if you sysadmins happen to be reading this on devRant, INSTEAD OF WASTING YOUR FUCKING TIME BLOCKING MORE WEBSITES THAN THEIR ARE LIVING HUMANS, HOW ABOUT TRY UPPING YOUR SECURITY, PASSWORDS LIKE "", "", and "gryph0n" ARE SHIT - MAKE IT BETTER SO US STUDENTS CAN ACTUALLY BROWSE MORE FREELY - I THINK I WANT TO PASS, NOT HAVE EVERY OTHER THING BLOCKED.
Thankfully I'm leaving this school in 3 weeks after my last exam. Sure, I could stay on with this "highly reputable" school, but I don't want to be fucking lied to about computer studies, I don't want to have to workaround your shitty methods of blocking. As far as I can tell, half of the reputation is from cheating. The students and sysadmins shouldn't have to have an arms race between circumventing restrictions and blocking those circumventions. Just make your shit work for once.
**On second thought, actually keep it like that. Most of the people I see in the school are c***s anyway - they deserve to have half of everything they try to do censored. I won't be around to care soon.**undefined arms race fuck sysadmin ssh why can't you just have any fucking sanity school windows server security2 -
Hmmm there are several
Senior dev would leave for weeks(he was company co owner) and would blame shit not being done on me even though he gave me no access to his codebase. Shit back fired right in his face.
Senior dev called me an idiot(different company) for stating that I learned about MVC from Rails. I have no clue what triggered that reaction, but the way he said it really ticked me off. It was on a remote position, left soon, the dude was s cunt.
Next goes for my office: we yell random shit all the time, from racist to sexist to all around disturbing because we are constantly unsupervised.
Head of department knows:P he laughs with us. -
TLDR: Small family owned finance business woes as the “you-do-everything-now” network/sysadmin intern
Friday my boss, who is currently traveling in Vegas (hmmm), sends me an email asking me to punch a hole in our firewall so he can access our locally hosted Jira server that we use for time logging/task management.
Because of our lack of proper documentation I have to refer to my half completed network map and rely on some acrobatic cable tracing to discover that we use a SonicWall physical firewall. I then realize asking around that I don’t have access to the management interface because no one knows the password.
Using some lucky guesses and documentation I discover on a file share from four years ago, I piece together the username and password to log in only to discover that the enterprise support subscription is two years expired. The pretty and useful interface that I’m expecting has been deactivated and instead of a nice overview of firewall access rules the only thing I can access is an arcane table of network rules using abbreviated notation and five year old custom made objects representing our internal network.
An hour and a half later I have a solid understanding of SonicWallOS, its firewall rules, and our particular configuration and I’m able to direct external traffic from the right port to our internal server running Jira. I even configure a HIDS on the Jira server and throw up an iptables firewall quickly since the machine is now connected to the outside world.
After seeing how many access rules our firewall has, as a precaution I decide to run a quick nmap scan to see what our network looks like to an attacker.
The output doesn’t stop scrolling for a minute. Final count we have 38 ports wide open with a GOLDMINE of information from every web, DNS, and public server flooding my terminal. Our local domain controller has ports directly connected to the Internet. Several un-updated Windows Server 2008 machines with confidential business information have IIS 7.0 running connected directly to the internet (versions with confirmed remote code execution vulnerabilities). I’ve got my work cut out for me.
It looks like someone’s idea of allowing remote access to the office at some point was “port forward everything” instead of setting up a VPN. I learn the owners close personal friend did all their IT until 4 years ago, when the professional documentation stops. He retired and they’ve only invested in low cost students (like me!) to fill the gap. Some kid who port forwarded his home router for League at some point was like “let’s do that with production servers!”
At this point my boss emails me to see what I’ve done. I spit him back a link to use our Jira server. He sends me a reply “You haven’t logged any work in Jira, what have you been doing?”
Facepalm.4 -
🔐How can a manufacturer(Netgear) not allow changing username of the admin user???🔥
That effectively lets anyone bruteforce the damn thing like its being grilled on a BBQ!
Yet they implement remote access router management via 8080 and alley you set up VPN server on the incapable thing.7 -
My tablet is lying on a table 2m away from me and I have to install a new app.. but I don't want to get out of my couch ffs! And I haven't configured dropbear in it yet, and neither do I have adb over TCP/IP. Well fuck it then. My desktop with BlueStacks.. hah, it's running fucking WanBLowS. No remote access there. Too much to ask of that certified pile of crap.
But the point is.. moar remotes, moar better 😋 anything to not have to stand up, taught by my ability to log into a server in Italy from the comfort of my couch. SSH and the sysadmin trade sure is nothing short of amazing ♥️5 -
We had an obligatory training today about security of remote access to company resources.
We sat for an hour listening to some outdated advice regarding passwords and preparing a work environment at home. Finally the instructor said his goodbyes and left. The rest of us stayed in the call to pass some actual recommendations.
Then we received a join request from a waiting lobby. Everyone muted. I let the guy in. For the next 8 minutes we watched the unaware instructor eat his breakfast and sign some documents stamped with a logotype of our competition.
Then I cleared my throat very loudly. He will have to print some of those documents again.4 -
I study software engineering, so that obviously means I'm also free family tech support right?
Apparently some lady that lives nearby believes this, but she replaced family with vague acquaintance.
This lady is very computer illiterate, so much that I have to describe the wifi icon as a dot with two waves above it.
So one day, she calls me because her Outlook isn't receiving mail. I ask her if she has any internet and she confirms she does because she can visit Google. After trying a bunch of possible solutions in Outlook, I ask her to download a remote access program so I can look at what's wrong.
She didn't have internet. Visiting Google means seeing the Chrome logo apparently.4 -
I was asked to look into a site I haven't actively developed since about 3-4 years. It should be a simple side-gig.
I was told this site has been actively developed by the person who came after me, and this person had a few other people help out as well.
The most daunting task in my head was to go through their changes and see why stuff is broken (I was told functionality had been removed, things were changed for the worse, etc etc).
I ssh into the machine and it works. For SOME reason I still have access, which is a good thing since there's literally nobody to ask for access at the moment.
I cd into the project, do a git remote get-url origin to see if they've changed the repo location. Doesn't work. There is no origin. It's "upstream" now. Ok, no biggie. git remote get-url upstream. Repo is still there. Good.
Just to check, see if there's anything untracked with git status. Nothing. Good.
What was the last thing that was worked on? git log --all --decorate --oneline --graph. Wait... Something about the commit message seems familiar. git log. .... This is *my* last commit message. The hell?
I open the repo in the browser, login with some credentials my browser had saved (again, good because I have no clue about the password). Repo hasn't gotten a commit since mine. That can't be right.
Check branches. Oh....Like a dozen new branches. Lots of commits with text that is really not helpful at all. Looks like they were trying to set up a pipeline and testing it out over and over again.
A lot of other changes including the deletion of a database config and schema changes. 0 tests. Doesn't seem like these changes were ever in production.
...
At least I don't have to rack my head trying to understand someone else's code but.... I might just have to throw everything that was done into the garbage. I'm not gonna be the one to push all these changes I don't know about to prod and see what breaks and what doesn't break
.
I feel bad for whoever worked on the codebase after me, because all their changes are now just a waste of time and space that will never be used.3 -
Today, during deployment on server without remote access:
Me (on the phone calling our data centre Admin): "There's a permissions mismatch. The following paths need write access from the following users..."
Admin: "Okay, okay, slow down... I'm still in the elevator." - 10 minutes later - "Okay, ready."
And I gave him the paths and he said: "Try now."
And I tried and it still didn't work. And then we tried all that again. And again. And finally he said:
Admin: "Okay, I give up, I'm going back down to get the screen."12 -
After moving, I don't have DSL yet so I have to use mobile data to get internet access. Additionally I had to finish a freelancing job. In Germany you have one of the most expensive and least reliable mobile networks in europe.
I had to upload my develpoed software to a remote server
So I suddenly was sent back in time. A single call would have disrupted the download (I can't use internet and phone at the same time, might be a phone issue). While my phone has "high speed" volume left and showed at least HSPA, but I still, the upload rate was prehistoric:7 -
Someone at work asking me about whether the controller system for our door security can access the Internet. I'm explaining that the reason they can't access Google on it is that it is on an isolated network for security. They wanted to install some remote desktop software on it that some idiot had recommended.
Then I actually get asked: "If it can't see Google... Maybe can it see Firefox?"
*headdesk*5 -
Have a couple I want to air today.
First was at my first gig as a dev, 4-5 months out of school. I was the only dev at a startup where the owner was a computer illiterate psycopath with serious temper tantrums. We're talking slamming doors, shouting at you while you are on the phone with customers, the works...
Anyways, what happened was that we needed to do an update in our database to correct some data on a few order lines regarding a specific product. Guess who forgot the fucking where-clause... Did I mention this boss was a cheap ass, dollar stupid, penny wise asshole that refused to have anything but the cheapest hosting? No backups, no test/dev/staging environment, no local copies... Yeah, live devving in prod, fucking all customers with a missing semi-colon (or where clause).
Amazingly, his sheer incompetance saved my ass, because even if I explained it, he didn't get it, and just wanted it fixed as best we could.
The second time was at a different company where we were delivering managed network services for a few municipalities. I was working netops at that time, mostly Cisco branded stuff, from Voice-over-IP and wifi to switches and some routing.
One day I was rolling out a new wireless network, and had to add the VLAN to the core switch on the correct port. VLAN's, for those who don't know, are virtual networks you can use to run several separated networks on the same cable.
To add a VLAN on a Cisco switch one uses the command:
switchport access vlan add XYZ
My mistake was omitting the 'add', which Cisco switches happily accept without warning. That command however can be quite disruptive as it replaces all of the excisting VLAN's with the new one.
Not a big deal on a distribution switch supplying an office floor or something, but on a fucking core switch in the datacenter this meant 20K user had no internet, no access to the applications in the DS, no access to Active Directory etc. Oh and my remote access to that switch also went down the drain...
Luckily a colleague of mine was on site with a console cable and access to config backups. Shit was over within 15 minutes. My boss at that time was thankfully a pragmatic guy who just responded "Well, at least you won't make that mistake again" when we debriefed him after the dust settled. -
I was asked to fix a critical issue which had high visibility among the higher ups and were blocking QA from testing.
My dev lead (who was more like a dev manager) was having one of his insecure moments of “I need to get credit for helping fix this”, probably because he steals the oxygen from those who actually deserve to be alive and he knows he should be fired, slowly...over a BBQ.
For the next few days, I was bombarded with requests for status updates. Idea after idea of what I could do to fix the issue was hurled at me when all I needed was time to make the fix.
Dev Lead: “Dev X says he knows what the problem is and it’s a simple code fix and should be quick.” (Dev X is in the room as well)
Me: “Tell me, have you actually looked into the issue? Then you know that there are several race conditions causing this issue and the error only manifests itself during a Jenkins build and not locally. In order to know if you’ve fixed it, you have to run the Jenkins job each time which is a lengthy process.”
Dev X: “I don’t know how to access Jenkins.”
And so it continued. Just so you know, I’ve worked at controlling my anger over the years, usually triggered by asinine comments and decisions. I trained for many years with Buddhist monks atop remote mountain ranges, meditated for days under waterfalls, contemplated life in solitude as I crossed the desert, and spent many phone calls talking to Microsoft enterprise support while smiling.
But the next day, I lost my shit.
I had been working out quite a bit too so I could have probably flipped around ten large tables before I got tired. And I’m talking long tables you’d need two people to move.
For context, unresolved comments in our pull request process block the ability to merge. My code was ready and I had two other devs review and approve my code already, but my dev lead, who has never seen the code base, gave up trying to learn how to build the app, and hasn’t coded in years, decided to comment on my pull request that upper management has been waiting on and that he himself has been hounding me about.
Two stood out to me. I read them slowly.
“I think you should name this unit test better” (That unit test existed before my PR)
“This function was deleted and moved to this other file, just so people know”
A devil greeted me when I entered hell. He was quite understanding. It turns out he was also a dev.3 -
Week 1 of the new job, and it seems I have some pretty low expectations to meet.
Seriously, I just did the math. Let's say one works an average of 48 hours per week, 50 weeks per year. Just as an average. That's 2400 hours in a year.
In the Micro-scale, a manager would mess up their team once every 2.4 hours (2h24m) or about 4 times per day (assuming 5 working days per week).
That is a pretty low bar to clear. It easy not to be an antsy brat that are-we-there-yet's a professional dev four fucking times a day.
And yet... that is what the complete moron who previously sat on my chair used to do.
Seriously, apparently he used to remote access the team's dev envs *while they were working* and even mess up some of their code. Just as a "monitoring measure". He logged their "keystroke time" in a day (using a primitive windowing method, I must add).
At least 7 requests for updates per person per day. I have his slack history, I checked. Dude literally did nothing else but be an annoying anxiety death pit.
And then there is his bulshit planning...
He created tasks out of his stupid whims, no team review or brainstorming, not even a fucking requisites tallying interview.
He prioritized those out-of-nowhere tasks using panic-driven-development practices and assigned them by availability heuristics.
No sizing method, just arbitrary deadlines for tasks.
I think I will need to have daily standup meetings and an open door policy (that is to say, do no actual work) for a couple months until I can instill some sense of autonomy on my new team. Shit.
Someone has another idea? How do I bring some confidence&autonomy back to devs that are used to be treated like dogs?!?7 -
!rant
Need some opinions. Joined a new company recently (yippee!!!). Just getting to grips with everything at the minute. I'm working on mobile and I will be setting up a new team to take over a project from a remote team. Looking at their iOS and Android code and they are using RxSwift and RxJava in them.
Don't know a whole lot about the Android space yet, but on iOS I did look into Reactive Cocoa at one point, and really didn't like it. Does anyone here use Rx, or have an opinion about them, good or bad? I can learn them myself, i'm not looking for help with that, i'm more interested in opinions on the tools themselves.
My initial view (with a lack of experience in the area):
- I'm not a huge fan of frameworks like this that attempt to change the entire flow or structure of a language / platform. I like using third party libraries, but to me, its excessive to include something like this rather than just learning the in's / out's of the platform. I think the reactive approach has its use cases and i'm not knocking the it all together. I just feel like this is a little bit of forcing a square peg into a round hole. Swift wasn't designed to work like that and a big layer will need to be added in, in order to change it. I would want to see tremendous gains in order to justify it, and frankly I don't see it compared to other approaches.
- I do like the MVVM approach included with it, but i've easily managed to do similar with a handful of protocols that didn't require a new architecture and approach.
- Not sure if this is an RxSwift thing, or just how its implemented here. But all ViewControllers need to be created by using a coordinator first. This really bugs me because it means changing everything again. When I first opened this app, login was being skipped, trying to add it back in by selecting the default storyboard gave me "unwrapping a nil optional" errors, which took a little while to figure out what was going on. This, to me, again is changing too much in the platform that even the basic launching of a screen now needs to be changed. It will be confusing while trying to build a new team who may or may not know the tech.
- I'm concerned about hiring new staff and having to make sure that they know this, can learn it or are even happy to do so.
- I'm concerned about having a decrease in the community size to debug issues. Had horrible experiences with this in the past with hybrid tech.
- I'm concerned with bugs being introduced or patterns being changed in the tool itself. Because it changes and touches everything, it will be a nightmare to rip it out or use something else and we'll be stuck with the issue. This seems to have happened with ReactiveCocoa where they made a change to their approach that seems to have caused a divide in the community, with people splitting off into other tech.
- In this app we have base Swift, with RxSwift and RxCocoa on top, with AlamoFire on top of that, with Moya on that and RxMoya on top again. This to me is too much when only looking at basic screens and networking. I would be concerned that moving to something more complex that we might end up with a tonne of dependencies.
- There seems to be issues with the server (nothing to do with RxSwift) but the errors seem to be getting caught by RxSwift and turned into very vague and difficult to debug console logs. "RxSwift.RxError error 4" is not great. Now again this could be a "way its being used" issue as oppose to an issue with RxSwift itself. But again were back to a big middle layer sitting between me and what I want to access. I've already had issues with login seeming to have 2 states, success or wrong password, meaning its not telling the user whats actually wrong. Now i'm not sure if this is bad dev or bad tools, but I get a sense RxSwift is contributing to it in some fashion, at least in this specific use of it.
I'll leave it there for now, any opinions or advice would be appreciated.question functional programming reactivex java library reactive ios functional swift android rxswift rxjava18 -
TL;DR Dear boss, firstly, you always get someone to review anything important done by a fucking intern.
Secondly, you do not give access to your fucking client's production server to an intern.
Thirdly, you don't ask your fucking intern to test the intern's work that has not been reviewed by anyone directly on your client's fucking production server.
Last week, the boss and one of the lead devs (the only guy with some serious knowledge about systems and networking) decided to give me (an intern who barely has any work experience) the task of fixing or finding an alternate solution to allowing their support team access to their client machines. Currently they used a reverse SSH tunnel and an intermediary VH but for some reason, that was very unreliable in terms of availability. I suggested using OpenVPN and explained how it would work. Seemed to be a far better idea and they accepted. After several days of working through documentations and guides and everything, I figured out how OpenVPN works and managed to deploy a TEST server and successfully test remote access using two VMs. On seeing my tests, the boss told me that he wanted to test it on the client network. I agreed. Today he comes to me and he tells me to prepare testing for tomorrow and that the client technician is going to give me access to one of their boxes. And then he adds, "It's a working prod server. We'll see if we can make it work on that" and left. I gaped at him for a while and asked another dev guy in the room if what I heard was right. He confirmed. Turns out, the lead dev and the boss's son (who also works here) had had a huge argument since morning on the same issue and finally the dev guy had washed it off his hands and declared that if anything goes wrong from testing it on production, it's entirely the boss's own fault. That's when the boss stepped in and approached me. I ran back to his office and began to explain why prod servers don't top the list of things you can fuck around with. But he simply silenced me saying, "What can go wrong?" and added, "You shouldn't stay still. You should keep moving". Okay, like firstly what the fuck and secondly, what the fuck?.
Even though OpenVPN client is not the scariest thing to install, tomorrow's going to be fun.4 -
Ok, first rant, about my struggles getting reliable internet over the past 6 years. It's not too interesting of a topic, but here we go:
I'm living in a more rural part of Germany and internet here is shit. I pay more than 50 bucks a month for 700kb/s downstream (let's just not talk about upstream...), which is meh by itself but it gets worse. Before this I had roughly 230kb/s downstream using DSL. My provider came out with a new oh-so-fucking-fancy solution for giving people faster internet without upgrading their lame ass fucking backbone and POS infrastructure from 70 years ago: they sell you hybrid internet which combines your shit DSL and an LTE connection using TCP Multicast. Not only do I get only 6 of my promised (and payed for) 50 Mbit, no, It's also a fucking piece of nonworking shit!!!
Let me illustrate:
You constantly have problems with web content (or any remote content) not loading because the host server does not support TCP Multicast. It either refuses connection altogether or it takes about 30-50 seconds to establish a connection. Think about your live when it takes two or three fucking minutes to load 5 YouTube thumbnails or load new tweets at the bottom of the Twitter page! Also, you never know if you a) have an error in your implementation of a new API or if b) the remote host doesn't support TCPMC (there's never an error for that! Fuck you!), your SSH sessions ALWAYS drop in the most inopportune fucking moments because the LTE thing lost connection, you always have to turn on a VPN if you want to visit specific websites (for example your school's website) and so on....
Oh and also, my provider started throttling specific services again these days with Netflix and YouTube struggling to display 240p, fucking 240p video without buffering when I get 600kbit down on steam (ofc the steam download is paused when watching videos). When using a VPN, YouTube 720p and Netflix HD work like a charm again. Fucking Telekom bastards
Then there is the problem with VPNs. The good thing about them is that they solve all the TCP Multicast problems. Yay. Now for the bad things:
First of all, as soon as I use a VPN, access times to remote go up by like fucking 500%. A fucking DNS lookup takes 8-15 seconds!!! The bandwidth is there but it takes forever.. because reasons I guess. Then the speed drops to DSL speeds after a while because the router turns off my LTE connection when it is unused and it does not detect VPN traffic as traffic (again because... Reasons?) And also, the VPN just dies after an hour and you have to manually reconnect (with every VPN provider so far)
And as if that wasn't enough, now the lan is dying on me, too, with the router (the fucking expensive hybrid piece of shit, 230 bucks..) not providing DHCP service anymore or completely refusing all wifi connections or randomly dropping 5Ghz devices, or.....
You get the point.
The worst thing is, they recently layed down 400mbit fiber in my neighborhood. Guess where the FUCKING PIECE OF SHIT CABLE ENDS??? YEAH, RIGHT IN FRONT OF MY NEIGHBORS HOUSE. STREET NUMBER 19 IS SERVED WITH 400MBIT AND MY HOME, THE 20, IS NOT IN THEIR FUCKING SERVICE REGION. Even though there is a fucking cable with the cable companies name on it on my property, even leading up to my house! They still refuse to acknowledge it! FUCK YOU!!!!
Well anyways thanks for reading. Any of you got the same problems? :/2 -
IT description of remote access tool on IT wiki page:
"Support for latest Mac and Windows release"
Also same page:
"macOS Mojave is not yet supported (...) Please do not upgraded until instructed"
No comments... -
I got a median-pay front-end job through a contractor (after a contract from hell...but yeah I didn't learn...) and I'm getting zero assignments after a month and nobody seems to know what my role is.
I'm one month in, and every week I have to email my boss to remind her to sign my paycheck, which is stressful because I'm charging for my time because my assignments are like "Research this" or "look at this Wordpress theme or brand guide". The team never communicates but once a week, and I'm beginning to believe that I'm not a good fit for the team because they are impossible to get a hold of and the sysadmin won't give me access to anything even when I CC my boss. (I don't want to grief this guy...) Despite this, I've been told privately by higher-ups on a few occasions that they plan to hire me full time by November...
My SO thinks that the reason people are so dodgy toward me is because they literally do nothing and I'm breaking the flow of that by asking for things. I'm used to agency output, which can be toxic and where everything is 'due yesterday', and I'm watching this team work on assignments ten times slower than normal. ("You want to change a phone number on a website footer? You'll get it next week...maybe." I can't step on toes because I don't have access...) I'm perfectly fine with having to wear several hats at a low-stress job, but I can't even get my first assignment and I'm still being asked who I am in weekly meetings, or asked things like, "Would you even be willing to relocate here?" (I actually live DOWN THE STREET FROM THE OFFICE!! WHY DO I HAVE TO BE REMOTE? Why am I being asked this question?) It feels like my boss impulse hired me, with zero input from the team, and had no real reason to hire me in the first place...
It could also be another issue: Yeah, my experience is in PHP/JS/React, "but here have a seven year old .NET project and a company laptop with zero documentation and make this form import data to a database we know nothing about." Lead dev won't even talk to me.
I feel like a joke.2 -
Programmer: "Places : instead of ;"
Javascript: "What the fuck did you just fucking post about me, you absolute beginner? I'll have you know I worked for ten of the biggest silicon-valley industry companies, and I've been involved in over two hundred top secret projects including NodeJS. I am trained in refactoring the most fucked up code, and I'm the top C++er in the entire fucking internet-connected universe. You are nothing to me, but just another IP. I will fucking revoke your commits from your gitlab account with absolute dedication using only one Rasperry Pi client. Mark my fucking words. You think you can get away with posting that shit on one of my numerous very personal blogs? Your devices are fucking bricked, kid. My attack software can be anywhere, anytime, and it is tasked to remove your entire git contributions from planet earth. Not only am I extensively trained in remote cross-firewall device-hacking, but I have access to over 100 of the United States CIA and NSA git repositories. If only you could have known what doom-bringing C-one-liner you have raised from my fucking hands, maybe you would have held your fingers. But you could not. You did not. And now you're paying the price, noob. I will hail havoc upon your puny online-presence and you will drown in your own badly designed software. You're fucking offline, kiddo."11 -
We have a bunch of legacy applications that runs on Windows only. I'm pretty much the only dev here who doesn't use a Windows machine.
In order to run those applications, I need use remote desktop to a Windows VM.
I use a Mac. And I use a lot of keyboard shortcuts. Case in point, CMD + L to go to the address bar in the browser.
This happens every time when I need to access those applications.
me: *remote desktop to the VM
me: "oh I need to get to the index/landing page"
me: *CMD + L
VM: "I'm locked now"8 -
I'm the company's git guy. Here's an actual, typical, interaction:
[Coworker] 12:08 PM:
Hi jallman112, good afternoon
[Coworker] 12:08 PM:
I get this error -
[Coworker] 12:08 PM:
git.exe clone --progress -v "[path to local SVN checkout]\repoName" "[path to local git folder]\repoName"
Cloning into '[path to local git folder]\repoName'...
fatal: '[path to local SVN checkout]\repoName' does not appear to be a git repository
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
git did not exit cleanly (exit code 128) (515 ms @ 3/14/2019 12:07:26 PM)
[Me] 1:38 PM:
Looks like [path to local SVN checkout]\repoName is not a git repo1 -
Was going through tech training and using tight VNC to access remote machine. A colleague was also accessing the same machine.
When instructor walked around to view my progress, my colleague closed my tab and opened sites like 'church of satan' and porn sites.
😐 -
that moment when you're driving home and suddenly figure out your bug and don't know when you are able to come back to your code (and have no remote access)...6
-
Old story, happened some way back. I worked part-time for a small web development company that did between other things something called SharePoint development, basically .net webforms with shit glitter on top of it.
The most weird part of it, was the fact that we were working on vms that hosted the app, it was our dev, test and staging environment, as well as were we showed the client the polished turd.
Did I say that it was on a vm? Well it was on a remote vm, that each of use had access to it, through our domain accounts, and they couldn't configure the windows server to accept more than two or three users at once to be connected.
That was our test enviroment and dev enviroment, sooo showing the app to the client meant for the rest of us to not write any code because it might crash or get stuck.
The app was accessible and discoverable by url and through google search from outside, I dont think that should have been allowed.
The most disastrous part was that we had NO source versioning whatsoever, just plain old copy and paste in different folders.
Deploying to client meant remoting to the clients host or whatever it was, and manually copying the source files
If someone wanted to debug the application you had to shout, and you also could hear it, in the office: "I'm debugging!" or "I'm deploying!". Because we were on the same machine, there was only one process with the server and it meant that if you debug or deployed it would block it for the others.
Should I talk about code quality? Maybe not.1 -
Gotta love the IoT.
They set up a new surveillance camera in the company, that can stream live footage over the network and that little shit picked the IP adress of a coworker one day AFTER being set up.
Hurray for static routing. Hurray to the person who didn't disable DHCP on the router (Should probably configure my PC to use a static IP as well lel)
Anyways, this happened outta nowhere when I, the only guy who knows shit about IT and is usually present at yhe office, wasn't there and could not connect remotely.
The other, remote programmer, who set up the network, could guide the coworker to get a new IP but, he was worried that we got ourselves an intruder.
Since nobody told me yet that we (should) have static routing, I thought there was a mastermind at work who could get into a network without a wifi-access point and spoof the coworker in order to access the some documents.
The adrenaline rush was real 😨
Scanning the network with nmap solved the mystery rather quickly but thought me that I need to set up a secure way to get remote access on the network.
I would appreciate some input on the set up I thought of:
A raspberry Pi connected to a vpn that runs ssh with pw auth disabled and the ssh port moved.
Would set up the vpn in a similar fashion. -
Worst mistake I have made is accidentally wiping a database table by messing up a SQL script. This was caught after it had been deployed to around 30 customer sites, most of which had no technical staff on site, and we didn't have remote access to. I bought our support team cookies for fixing that one.1
-
Started a new job as a dev. First days revealed no local admin rights, no right to use Linux locally and a very limited set of Software. Negotiated compromise to get a remote VM with Linux and a user who is part of sudo. VM turned out to be isolated by proxy, so I can not install anything new. At least Docker is pre-installed and I hoped it could work out. But guess what no access to dockerhub and I can not pull any images. Admin told me to copy manually the images with scp.
I'd never thought that there could be any companies out there who treats devs like that. What puzzles me most, there're lot of devs staying with that company for years, even decades already and they're good guys, please don't get me wrong.
Did you encounter anything like that? Could you make any difference there, where you met anything like it.
I reached the point after 3 weeks where I do not think I can make any difference and when it'll take ages to move people and company policy.
I do not want to give up, but I fear it is pointless to fight for change there. I am out of options and about to leave asap. Can you recommend me anything else?
Thanks in advance and for your time :)
Felt good to write it down.12 -
At my previous job I was working with cliets as a support for our application. One client had problem printing invoice so they caled. Was web application so invoice was first converted to PDF then you would print it.
I ask client if they have Abobe Reader installed. Her response was some thing like that: " I don't know what are you saying. Its is like you are talking chines."
I asked for remote access, fix problem.
Still don't know how they managed to use application. -
God damnit!!
Just got a team assigned for the course I follow and the codebase they work looks like someone shit on the floor and dragged it all over place. No consistency, no clear structure.
The project has to be built in PHP (which is fine by the way) following the principles of MVC. Did I say the codebase looks like shit all over the place? Well that's exactly what it is!!
They use $_SERVER['DOCUMENT_ROOT'] everywhere!! In every fucking file!! Why the FUCK would someone possibly want to do that??
I know I'm not perfect, but what the fuck!!
Now comes the most weird thing. They have to work on a remote server without SSH access, so working with FTP is mandatory. This is because the school won't setup ssh. That's fine by me, but because of that they don't use git!! They upload files directly to the production server. They merge everything manually. I asked why they didn't use git and the answer was so fucking SHIT!! "Because the teacher wants to see who uploaded to the server.."
First off all: what happened to git blame? Second: Later I heard that there is only one FTP account, so all the things they said where just bullshit!!
The fuck.
Tomorrow I'm going to try and convince them to use git..1 -
Trying to use authenticate a JWT token from an Azure service, which apparently needs to use Azure AD Identity services (Microsoft Entra ID, Azure AD B2C, pick your poison). I sent a request to our Azure admin. Two days later, I follow up, "Sorry, I forgot...here you go..."
Sends me a (small) screenshot of the some of the properties+GUIDs I need, hoping I don't mess up, still missing a few values.
Me: "I need the instance url, domain, and client secret."
<hour later>
T: "Sorry, I don't understand what those are."
Me: "The login URL. I assume it's the default, but I can't see what you see. Any shot you can give me at least read permissions so I can see the various properties without having to bother you?"
T: "I don't see any URLs, I'll send you the config json, the values you need should be in there."
<10 minutes later, I get a json file, nothing I needed>
<find screenshots of what I'm looking for, send em to T>
Me: "The Endpoints, what URLs do you see when you click Endpoints?"
<20 minutes later, sends me the list of endpoints, exactly what I'm looking for, but still not authenticating the JWT>
Me: "Still not working. Not getting an error, just that the authentication is failing. Don't know if it's the JWT, am I missing a slash, or what. Any way I can get at least read permissions so I don't have to keep bugging you to see certain values?"
T: "What do you need, exactly?"
Me: "I don't know. I don't know if I'm using the right secret key, I can't verify if I'm using the right client id. I feel like I'm guessing trying to make this work."
T: "What exactly are you trying to get working?"
<explain, again, what I'm trying to do>
T: "That's probably not going to work. We don't allow AD authentication from the outside world."
Me: "Yes we do. Microsoft Teams, Outlook, the remote access services. I can log into those services from home using my AD credentials."
T: "Oh yea, I guess we do. I meant what you are trying to do. Azure doesn't allow outside services to authenticate using a JWT. Sorry."
FRACK FRACK FRACK!!
Whew! Putting the flamethrower away.
Thanks devrant for letting me rant.3 -
Does that look like a bug ? Or a feature ? It requires a considerable amount of time and effort to develop unattended remote access. How do these people develop such a feature as "mistake".5
-
How to get everyone to return to the office:
Cripple remote access so badly that you can't get anything done due the frequent lags...
Been trying type your an email reply for the last hour but keep lagging out and losing my chain of thought...4 -
Fuckin McAfee tried installing it and asks me for a restart. After that the application fails to open up a process is clearly running in the background however nothing to show.
Tried the have you turned it off and on again procedure atleast 5 times but nothing.
Finally tried contacting McAfee support. Asks me to give them remote access via their application. The link stayed there like a dummy. Clicking it opened nothing. After the chat got disconnected 3 times.
Then when i try reinstalling it it says we are in the middle of an installation and we'll open that up. It opens a fuckin take a tour box and ypu can fuckin click anywhere and everywhere on the window but it stays there sitting, waiting, watching
Fuckin intel and fuckin McAfee get your shit together2 -
Either a really big coincidence, or I'm officially creeped out.
I've been looking into buying a vps, so researching that a lot. Then today, I went to work, at a monitoring station, so we have to use remote desktops to access anything other than very specific sites.
Then I looked at an article about c#, and there was a Google ad, about a vps.. Keep in my mind, I'm at work, on a remote desktop, that gets cleared every time it's closed.
I know a vps isn't the most unpopular thing, but haven't seen an ad for it before.3 -
So apparently, Remote Desktop via Citrix via Virtual Machine via Remote Desktop is how we access other servers in 2016 !1
-
I actually do have something to rant about!
The people I've decided to work with... are complete and utter fools. They don't want to keep updated with new practices and merely talk about awesome stuff... Let me elaborate.
The first person is someone I spent really many hours just writing with, I've helped him build on his personal project, which has now become our project (which I've done most of the work on now). He keeps writing about things that aren't fucking relevant for the current task - furthermore, he completely refuses to use any type of collaboration software in order to keep an eye on tasks we want to, and already have completed. He likes Git but doesn't provide helpful git messages, sometimes even stuff like 'forgot this'.. never any freaking description of what's actually been done! Not even after agreeing it should be done, he just doesn't understand what a helpful message is apparently.
I might be a bit special regarding wanting to follow practices, but how the fuck do you make any amount of money by being so ignorant!? He was a WP 'developer' a while ago, and has since changed to JS and are using a framework which he doesn't understand - he can't even remember what the documentation states.
So why do I 'work' with him? He knows a lot of phrases he's read in books, blogs, and the likes. That makes him really inspirational and positive and he really wants to become successful(like me!). But over the last few months, I've realized how bad he is at programming - he doesn't know basic programming concepts and have a hard time applying any sort of knowledge to his programming. If it's not pre-built, he can't use it, not even if the documentation has specific examples. He barely grasps the concept of binding data to a variable. He wouldn't know how to access it again though, it's just for the sake of binding it to some existing functionality.
The other guy really likes his old style. He hired me to maintain some application. Which has turned out to be a hell of several small tasks he needs to be finished or reworked - with no clear definition of the task. Most of the time, he'll do some initial changes, show the changes to me, vaguely explain what they do (not what he's trying to achieve) and first THEN ask me to do these changes, most often in some files that don't exist (he uses the wrong filenames so I have to guess/ask where the changes need to be made).
To top it all off, old syntax is used and don't get me started on the spaces+tabs for indenting lines... Because I've already added a great ESLint+Prettier conf and everything should be nicely formatted according to pre-defined rules.
But he won't take the time to install some plugins in his editor and I'm left with sometimes buggy, badly formatted code (the code I have to make changes with!) - that's while he several times have agreed that I can do what I want and that he even questions his own ways when looking at my changes which he calls by-the-book.
So why the motherfucking fuck do I keep working with him?
Well, he keeps paying so that's really nice - I haven't been able to properly execute the bigger tasks(which pays more) though, due to a lack of information or some badly written code I couldn't quite figure out how works (at a glance).
He also keeps talking about these new projects he wants to make.. he even has these freaking papers with descriptions and data-structures and we converse really good about these new awesome projects. He also likes cryptocurrencies(which is an interest of mine he has inflamed quite a bit) and lastly, he seems like a genuinely nice guy who I'd like to spend some time with even besides coding and work.
So now I stand here - stuck with people that make me feel like a demi-god or something because I use a git style-guide and ESLint+Prettier with the Airbnb style-guide.
What should I do? I'd really like some remote work and have a desperate need for money... So much so, that I might even have to pick up a fulltime job, in order to save my sorry ass - all because I like speaking with people who just like the thought of programming...
I'm actually quite lonely with my thoughts and they are the two only people I've had some sort of relationship with - who has an invested interest in programming/dev... I really like that, despite having to follow their thoughts as they surely can't follow mine.
Please be my friend or give me some paid work lol.
Also, I've been moving the last couple weeks - those weeks has been the most stressful of my life and have not contributed to my overall wellbeing and relations with people... It's good to be back at the computer again and be reading some devRant though!1 -
More network/hardware than dev but anyway: I use OPNsense as a firewall at home on an embedded system. Had everything set up nicely and appearing to be working fine, quite a lot of things set up (static leases, VLANs with various firewall rules etc. - a fair bit of stuff involved). I noticed my remote system was failing to back up to my local one. Turned out port forwarding wasn't fully working (initial packet got through but nothing else). I noticed this at midnight.
Ran an update to see if that helped - nope. Reboot time then! It made its shutdown noises and I waited 15 minutes before giving up (no noises, no ping response). Took SD card out. Copied a fresh install onto it, thus wiping all settings. Booted up fine, set up my internet connection, all good. Proceeded to configure it. Noticed I couldn't access the internet from my PC, but could from the firewall itself. Rebooted the firewall. It didn't come back up. Argh!
Reinstalled AGAIN. Attached a serial cable and it was complaining about something which sounded like it couldn't read the SD card. Tried another. Nope. Looked online (using phone): known issue to do with boot delays.
Gave up and went to bed at this point (4am).
Next day: Installed it in a VM instead. Still no internet from my PC! Another known issue to do with default gateway not being the PPPoE interface. Got into shell, manually changed the default route. Was then able to update to the latest version which fixes the gateway issue. Rebooted the VM. All good.
Put all my settings back in, this time taking a backup afterward.
Only to discover....
....port forwarding wasn't working properly. Back to square 1.
Poked around with some NAT settings (outbound ones), made no difference, undid those changes and suddenly it started working.
WTF? /waves arms in the air
OPNsense folk were very helpful, producing a new build for me to try within a couple of hours of me asking about the problem.
But days like that, I start to question whether I really enjoy technology as much as I thought I did... -
Fucking remote db doesn't want to work with me and workbench. DB is on an empty test server, no firewall issues on the network, powershell on my pc says ping ok, tcp failing though, server firewall not running, server up and running.
Tried to modify network access on db configs like bind-adress, set my db user "host" value to wildcard. Now I can log in on workbench with my user, yet root somehow fails, wtf?
And of course once the connection is live, no db us visible, accessible, nothing works. I'm so frustrated. About to nuke it and restart ... again!13 -
Finally decided to get myself some remote server on DO, faffing around and setting things up, and suddenly I decide to look at my access logs, someone was trying to figure out how to connect to mysql, phpMyAdmin and what's not... Too bad for him I won't have any of those installed until I know how to properly secure all this :)
Heh... Welcome to the real world I guess?4 -
Hey guys. I am in a situation where I need to decide wether to take on a new project or not. And if not, how to turn down that client so that I would not burn any bridges. So I need your opinions on this matter in order to make the final decision.
To make things clear heres some background info. 10 months ago I quitted my fulltime position in another EU country and went back to my own home country. 10 months forward till today and I have my own ltd company which currently has 5 projects. Its doing pretty well money wise. All projects combined, I already earn more then I ever did and I need to work max 10 hours a week since all projects are remote projects so I dont waste time on useless meetings and etc. However I dont feel fulfilled or challenged anymore because surprise surprise doing well paid projects doesnt guarante your sense of fulfillment.
So I noticed that I have lots of spare time which I spend diving into rabbitholes with hobby projects. I decided that its time to scale my company and take on more projects and maybe even hire more people.
So I started searching for other projects I could work on (prefferibly remote projects or flexible ones where I could come in 2-3 days a week in office and work remotely rest of the week). Reason being that I am already out of sync with fulltime position lifestyle and I am totally result oriented, not punch in my hours and go home oriented.
For exampleIf i get my weekly tasks I prefer to do them in 1-2 days (even if it requires doing double shifts which rarely but happens) but then I want to have rest of the week off. Thats how my brain works and thats how Im wired. I cant stand fulltime positions especially in enterprise bigger companies where I come in and do maybe 2 hours of actual work everyday because of all useless meetings and blockers from backend/etc. Its soul crushing to me.
So I posted linkedin ads and started searching for new clients/projects. One month ago I went to an interview for an android project in a startup.
The project looked interesting enough. Main task was to rewrite their android app from java to kotlin. Apparently their current current app was built by a backend developer who wants to focus solely on backend.
So during the interview they showed me their app which was quite simple frontend wise but not so simple backend wise from what I was able to figure out.
Their project lead (also a backed guy) asked me my estimation of price and completion of task. I told them maybe 2-3 months to do everything properly.
Project lead was basically shocked because all other candidates told him they can rewrite the app from java to kotlin in 2-3 weeks. I told him that everything is possible but his app quality will suffer and for a better estimation he would we would need to sign an NDA so I could evaluate the costs. So we ended the interview.
After that we kept in touch for one month (it took them one month to google a generic NDA and sign it digitally with me).
So heres the redflags I noticed:
1. They dont respect my time. Wasted 1 month of my time and after signing NDA gave me 2days to estimate their project and go to a meeting and give them detailed info about what I can offer. I thats not a brain rape then I dont know what it is
2. They are changing initial conditions we talked about. We agreed on rewriting the codebase and be done with it. Now they prefer a fulltime worker who would be responsible for android app as his own product. So basically project lead was not able to find a fulltime dev so now hes trying to convert me (a company owner) to his fulltime worker.
3. Lack of respect. During the interview he started speaking in his own native language to me with some expression (he seemed pissed off at that moment when he switched languages).
4. Bad culture fit. As I said Im used to relaxed clients and projects where I dont need to be chained to a desk a monitored and be micromanaged. I mean lets sign a contract give me access to your codebase and tell me what to do, I will produce results and lets be done with it.
5. Project lead is a backend guy who doesnt understand how complicated android apps can be. No architecture and no unit tests are in his frontend app. He doesnt care about writing proper app since he ships it in his own device so he doesnt need to worry about supporting custom devices or different api levels of android and etc. But not having any architecture? Cmon.
So basically I am confused. Project lead needs a fulltime dev but hes in contact with me in hopes that I would sign a fulltime contract. But how I can work fulltime if all what I can see are redflags?
Basicaly I thinkthis was a misundersanding. Im searching for fulltime remote projects and hes offering fulltime inhouse projects. Project lead never outsourced so hes confused as well.
As you can see decision is already basically made to turn him down, I just need to know how to tell him to fck off in the most polite manner and thats it.6 -
It's 2022 and mobile web browsers still lack basic export options.
Without root access, the bookmarks, session, history, and possibly saved pages are locked in. There is no way to create an external backup or search them using external tools such as grep.
Sure, it is possible to manually copy and paste individual bookmarks and tabs into a text file. However, obviously, that takes lots of annoying repetitive effort.
Exporting is a basic feature. One might want to clean up the bookmarks or start a new session, but have a snapshot of the previous state so anything needed in future can be retrieved from there.
Without the ability to export these things, it becomes difficult to find web resources one might need in future. Due to the abundance of new incoming Internet posts and videos, the existing ones tend to drown in the search results and become very difficult to find after some time. Or they might be taken down and one might end up spending time searching for something that does not exist anymore. It's better to find out immediately it is no longer available than a futile search.
----
Some mobile web browsers such as Chrome (to Google's credit) thankfully store saved pages as MHTML files into the common Download folder, where they can be backed up and moved elsewhere using a file manager or an external computer. However, other browsers like Kiwi browser and Samsung Internet incorrectly store saved pages into their respective locked directories inside "/data/". Without root access, those files are locked in there and can only be accessed through that one web browser for the lifespan of that one device.
For tabs, there are some services like Firefox Sync. However, in order to create a text file of the opened tabs, one needs an external computer and needs to create an account on the service. For something that is technically possible in one second directly on the phone. The service can also have outages or be discontinued. This is the danger of vendor lock-in: if something is no longer supported, it can lead to data loss.
For Chrome, there is a "remote debugging" feature on the developer tools of the desktop edition that is supposedly able to get a list of the tabs ( https://android.stackexchange.com/q... ). However, I tried it and it did not work. No connection could be established. And it should not be necessary in first place.7 -
Just curious, how do remote workers onboard with their company?
And I guess basically now all offices are closed, what happens after your hired, your first day of work?
At my company to work remotely, you would need a token card and access permissions.1 -
Sometimes in our personal projects we write crazy commit messages. I'll post mine because its a weekend and I hope someone has a well deserved start. Feel free to post yours, regex out your username, time and hash and paste chronologically. ISSA THREAD MY DUDES AND DUDETTES
--
Initialization of NDM in Kotlin
Small changes, wiping drive
Small changes, wiping drive
Lottie, Backdrop contrast and logging in implementation
Added Lotties, added Link variable to Database Manifest
Fixed menu engine, added Smart adapter, indexing, Extra menus on home and Calendar
b4 work
Added branch and few changes
really before work
Merge remote-tracking branch 'origin/master'
really before work 4 sho
Refined Search response
Added Swipe to menus and nested tabs
Added custom tab library
tabs and shh
MORE TIME WASTED ON just 3 files
api and rx
New models new handlers, new static leaky objects xd, a few icons
minor changes
minor changesqwqaweqweweqwe
db db dbbb
Added Reading display and delete function
tryin to add web socket...fail
tryin to add web socket...success
New robust content handler, linked to a web socket. :) happy data-ring lol
A lot of changes, no time to explain
minor fixes ehehhe
Added args and content builder to content id
Converted some fragments into NDMListFragments
dsa
MAjor BiG ChANgEs added Listable interface added refresh and online cache added many stuff
MAjor mAjOr BiG ChANgEs added multiClick block added in-fragment Menu (and handling) added in-fragment list irem click handling
Unformatted some code, added midi handler, new menus, added manifest
Update and Insert (upsert) extension to Listable ArrayList
Test for hymnbook offline changing
Changed menuId from int to key string :) added refresh ...global... :(
Added Scale Gesture Listener
Changed Font and size of titlebar, text selection arg. NEW NEW Readings layout.
minor fix on duplicate readings
added isUserDatabase attribute to hymn database file added markwon to stanza views
Home changes :)
Modular hymn Editing
Home changes :) part 2
Home changes :) part 3
Unified Stanza view
Perfected stanza sharing
Added Summernote!!
minor changes
Another change but from source tree :)))
Added Span Saving
Added Working Quick Access
Added a caption system, well text captions only
Added Stanza view modes...quite stable though
From work changes
JUST a [ush
Touch horizontal needs fix
Return api heruko
Added bible index
Added new settings file
Added settings and new icons
Minor changes to settings
Restored ping
Toggles and Pickers in settings
Added Section Title
Added Publishing Access Panel
Added Some new color changes on restart. When am I going to be tired of adding files :)
Before the confession
Theme Adaptation to views
Before Realm DB
Theme Activity :)
Changes to theme Activity
Changes to theme Activity part 2 mini
Some laptop changes, so you wont know what changed :)
Images...
Rush ourd
Added palette from images
Added lastModified filter
Problem with cache response
works work
Some Improvements, changed calendar recycle view
Tonic Sol-fa Screen Added
Merge Pull
Yes colors
Before leasing out to testers
Working but unformated table
Added Seperators but we have a glithchchchc
Tonic sol-fa nice, dots left, and some extras :)))
Just a nice commit on a good friday.
Just a quickie
I dont know what im committing...3 -
I'm feeling burnt due to the lack of direction at my job instead of overwork.
I'm working as a data scientist at a large corporation and have been remote for a little over a year. I'm very savvy at programming and other technical skills but my manager wants me to develop my leadership skills and want me to move to a management role eventually. So he's been kinda "grooming" me to take on more leadership responsibility in the projects I'm currently involved in.
However, to be honest, I'm a little torn about getting more management or leadership responsibilities. I'm an extreme introvert and absolutely abhor meetings and having the same thing to people all the time and this sort of things stresses me out very easily. My manager seems set on pushing me towards pursuing a path towards leadership and just basically assumed that this is what I want out of my career and started putting me in the deep end without asking me what I want.
I really want to voice my honest thoughts about what I really want to do in my career (to be a technical specialist rather than a manager) but I've kinda procrastinated over the past year when he first started "grooming" me for a leadership role and it's my bad that I didn't tell him earlier.
Right now, I'm thrown in the deep end. I'm given a lot of projects without much of any direction and I'm asked to figure out the people I need to reach out to, the types of meetings I need to set with them, the relationships I need to develop both in and out of my department, etc. However, my real passions lie in writing code, fixing bugs, building models, understanding new technologies and applying them to the business, etc.
On paper, I'm involved in a ton of projects and I seem to be a really busy worker. But right now, I'm having a lot of difficulty reaching out and developing relationships with people that I barely have any actual work to do during the day, because I'm constantly waiting for replies from people or for permission or red tape to get some key information or access to a system in order for me to build something like a model or a program for a particular project. I'm spending maybe 1 or 2 hours of my workday actually "working" which is attending meetings, reading emails, etc., reaching out to someone for the n-th time (even though they continue to ignore me), etc. And that's because I'm blocked on all of my projects - I need an essential piece of information, data, or access to a system or server and the person I'm reaching out to to get this isn't responding. I brought this up with my manager and he says he's gonna try to reach out to these people to help me but so far, it doesn't seem like his help has been effective as I'm continuing to wait.
Though I get paid pretty well, I feel guilty logging in to work everyday and doing very little work, not because I'm lazy but because there really isn't much work for me to do because I'm waiting on so much here and I'm at a point where I can't make any progress in any of my projects without the approvals or other critical information that others aren't providing me.
I know I probably should find another job and I'm currently looking but in the meantime, is there anything else that I should be doing at my current job to hopefully make this situation better? -
Gaining root in Macs by not using a password, a vulnerability in HomeKit devices allowing unauthorized remote access.
https://9to5mac.com/2017/12/...
Next you tell me FaceID isn't as secure as you want me to believe.
Oh, wait...1 -
!rant
I currently don't have access to my good computer, so I installed a remote control software on it. I also made sure I could turn it on over the internet (Wake on LAN).
This worked well for some time: I powered it on remotely and after a few seconds I was able to connect to it.
Now what I didn't know was that WoL only works if the computer has been shut down completely. It does not work if it's in standby mode.
So I turned it on today, but didn't establish a connection immediately, and after a few minutes, it apparently fell asleep (standby). Now I can't reach it remotely, and I also can't wake it up again with WoL. And as I don't have physical access to it for about a month, so my only hope is that there is a power cut and it will be shut down the hard way.2 -
git push # via a slow network
> ssh: connect to host github.com port 22:
> Connection timed out
> fatal: Could not read from remote repository.
>
> Please make sure you have the correct access rights
> and the repository exists.
yes, if I have to wait for your server to time out, I can waste more time checking my permissions and that the repo still exists - as if ...1 -
Hey, been long time without ranting, but here I am.
So nowadays the schedule on my project is really tight, and nothing is ready on every party, including mine.
Worse is, since this week, I've had to contact another team that learned on what we were working on like a month ago, and they really have a bad habit to ask us to see them on Skype. Yeah, sure, Skype is no use if it's just to tell me something to use that actually won't work (they don't know about that I guess, but still, just for less than 5 minutes while I have things on short time....)
So today, I arrived, I have a bugfix to do, but short after I arrived, I got a new task of providing access to our work to another team, which implied some minors modifications, wouldn't take so much time.
But right when I was doing it, I had someone from that team that I mentionned earlier that asked me to see some specific code. I actually don't have that code since I am using remote call, so calling their code directly and not using some placeholder code. The guy told me "but that shouldn't work." Okay, but I've been entering in your application several times and giving you errors that I got from trying to entering it, so you KNOW that it works. And then, he asked me to go see them again. No way, I have plenties of things to do, use a fucking email.
Now that I released that rant from my mind, I'm gonna get a hot beverage, calm down and go back to those tasks. -
I have never encountered a better wrapper for graphical remote access than remmina. I have yet to find one for Mac that I really like, and I haven't found one for Windows that I like at all.
I have used chicken and finder's built-in client, but neither particularly impress me. Do you have one for Mac that you swear by?4 -
To have some Backups on your NAS in the Office is awesome... to have no Access from Remote Location if you need it...#$/$##!
-
So as a personal project for work I decided to start data logging facility variables, it's something that we might need to pickup at some point in the future so decided to take the initiative since I'm the new guy.
I setup some basic current loop sensors are things like gas line pressures for bulk nitrogen and compressed air but decided to go with a more advanced system for logging the temperature and humidity in the labs. These sensors come with 'software' it's a web site you host internally. Cool so I just need to build a simple web server to run these PoE sensors. No big deal right, it's just an IIS service. Months after ordering Server 2019 though SSC I get 4 activation codes 2 MAK and 2 KMS. I won the lottery now i just have to download the server 2019 retail ISO and... Won't take the keys. Back to purchasing, "oh I can download that for you, what key is yours". Um... I dunno you sent me 4 Can I just get the link, "well you have to have a login". Ok what building are you in I'll drive over with a USB key (hoping there on the same campus), "the download keeps stopping, I'll contact the IT service in your building". a week later I get an install ISO and still no one knows that key is mine. Local IT service suggests it's probably a MAK key since I originally got a quote for a retail copy and we don't run a KMS server on the network I'm using for testing. We'll doesn't windows reject all 4 keys then proceed to register with a non-existent KMS server on the network I'm using for testing. Great so now this server that is supposed to connected to a private network for the sensors and use the second NIC for an internet connection has to be connected to the old network that I'm using for testing because that's where the KMS server seems to be. Ok no big deal the old network has internet except the powers that be want to migrate everything to the new more secure network but I still need to be connected to the KMS server because they sent me the wrong key. So I'm up to three network cards and some of my basic sensors are running on yet another network and I want to migrate the management software to this hardware to have all my data logging in one system. I had to label the Ethernet ports so I could hand over the hardware for certification and security scans.
So at this point I have my system running with a couple sensors setup with static IP's because I haven't had time to setup the DNS for the private network the sensors run on. Local IT goes to install McAfee and can't because it isn't compatible with anything after 1809 or later, I get a message back that " we only support up to 1709" I point out that it's server 2019, "Oh yeah, let me ask about that" a bunch of back and forth ensues and finally Local IT get's a version of McAfee that will install, runs security scan again i get a message back. " There are two high risk issues on your server", my blood pressure is getting high as well. The risks there looking at McAfee versions are out of date and windows Defender is disabled (because of McAfee).
There's a low risk issue as well, something relating to the DNS service I didn't fully setup. I tell local IT just disable it for now, then think we'll heck I'll remote in and do it. Nope can't remote into my server, oh they renamed it well that's lot going to stay that way but whatever oh here's the IP they assigned it, nope cant remote in no privileges. Ok so I run up three flights of stairs to local IT before they leave for the day log into my server yup RDP is enabled, odd but whatever let's delete the DNS role for now, nope you don't have admin privileges. Now I'm really getting displeased, I can;t have admin privileges on the network you want me to use to support the service on a system you can't support and I'm supposed to believe you can migrate the life safety systems you want us to move. I'm using my system to prove that the 2FA system works, at this rate I'm going to have 2FA access to a completely worthless broken system in a few years. good thing I rebuilt the whole server in a VM I'm planning to deploy before I get the official one back. I'm skipping a lot of the ridiculous back and forth conversations because the more I think about it the more irritated I get.1 -
I know a lot of people aren't fans of Microsoft here, but does anyone have some extended experience with using powershell?
I've been using it for creating a script that handles quite a large set of tasks for setting up and configuring some application servers and so far I have been really digging the language. Being able to invoke the script against remote hosts in parallel like ansible has been a really cool learning experience.
Admittedly it's verbose as fuck, so getting the same thing done in something like python/perl might be like half the lines of code. And I know that some of the commands illicit a "WTF?" every now and again. But I think one of the powershell tutorials I watched early on in attempting this helped make using powershell not suck ass.
Every command is basically 'verb-noun'. You don't know what the command or switches are:
> get-help "command" -showwindow
It will give you a list of options if you didn't select the exact command with get-help.
It feels* amazingly buttoned up as a scripting language and it's really cool to be able to take advantage of lower level stuff, like you can run alternative shells (we have cygwin installed on some of our servers), you can run C# code, you have access to interfacing with .NET api's. I haven't messed with anything azure yet, but being able to interface with products and services like SQL/Exchange/O365/azure/servers/desktops from the same language seems pretty cool.
Admittedly, the learning curve feels terrible though. I felt like a dunce for the first couple weeks, couldn't navigate the language at all, and was always in the docs trying to figure stuff out. I think I just needed to understand how the people developing powershell intended for it to be used. Once I was able to put two-and-two together about the verb-noun structure and how to find information/examples about the cmdlets it's been quite easy to work with it.
If anyone else has any extended experience with it, please share your thoughts/opinions. Curious to see if your experiences are/were similar to mine.
If you don't have Powershell experience, please feel free to share your opinions of Micro$haft and me for using Micro$haft products too! It's all good 😎9 -
People who do remote work, what's your stance on making calls to get together to do things?
In my case, I have this tech lead boss now who's always available to start calls so I can share my screen and point at what problems I'm having, and I really appreciate that.
Other people at my job are really hard to get into contact with, they're never available when you need them, so if there's some conversation by the nature of which there needs to be a lot of back and forth exchange to get both parties on the same page, more than a day or more can be spent before work based on that conversation can be done.
I'm not talking about distribution of tasks, but rather "person with access to X, I need you to do Y". I invite them to have a call so we can explore how to do Y together, because neither of us know it too well, but they just do whatever, ask how it went, and it turns out wrong. In this particular case, I've got a marketing guy who has access to the company's business account in a social media platform. I need them to add me there as a developer, and make sure I and another developer have all privileges necessary to create and configure an application which will use the social media platform's APIs. Marketing guy just takes hours to respond and generally acts like we're not worth his time, but can't do the things we asked and dedicate the time to see with us if things are working before he sets out to do other work.
This isn't an isolated case, we've got other people who don't look at their messages and are just generally unavailable. Not sure if I have incorrect expectations. Everyone in the company works remote, but we're all in the same time zone.6 -
WSL GUI... WHY?!?!
I have an assistant(no better defined title) in Myanmar who we've ruined from ever being a "normal" 21yr old Burmese kid again... First non-android computer experience was remote access to our local RHEL server; He's gonna be a dev... being a blank slate, started him primarily on CLI.
Yesterday he tells me wsl stopped working and he can't figure out why. I ofc asked what the last thing(s) he did was... simple wget. I tunnel in, check processes... one of the catch-all wsl ones had hulked out.
Despite very limited abilty to trace whatever was going on, I found what I thought may be responsible. Quickest way to know, kill it...
Whatever will we do without GUI for wsl debian?!?!?
Seriously... the wsl Deb culled things like systemd for simplicity... but arrives loaded with numerous GUI functionalities. I reeeeeallly want to know what advanced practical applications are coming from this -
II encountered this problem today with a user who couldn't access internet on their own home network or on their company. Everytime they try to access the site. Firewall and Anti-virus settings have blocked the access . Couldn't remote into their PC due to them not being on the domain to setup the VPN client. Reset Browser settings and disabled all Firewall and Anti-virus protocols. User still could not get to any sites..... What did I miss?1
-
Spent a couple of hours setting up an old laptop with opensuse leap and trying to learn the basics of using it so I can simulate a small network (my desktop, a couple of old laptops for specific tasks, and my school laptop) with that laptop as the ‘hub’ Put syncthing on there as a pseudo-cloud system, teamviewer for remote access, and did all required updates for the OS. But literally no idea where to go from there What all should/can I do with this setup useful or otherwise. This is meant to be a learning experiment with a hope for some usefulness from it2
-
In the war on bandwidth consumption, work has cut out torrent access. So I, like a child look for porn (actually I was doing that too), found a way around. I use http://filestream.me to cache my torrents. Then go to http://Uptobox.com file host and login to my account, that i created with my fake mailinator.com email address, where I use the remote URL upload feature to download my files from filestream. Change the file name to VM-update.dll (I don't know why I chose a DLL originally, but I release no one asks why you were downloading a DLL). The download. All of this, except the downloading is done in Opera Web Browser with VPN on (a little extra paranoia goes a long way).2
-
Sticking with emacs as my favorite editor. Navigation within files is easy. Working on multiple files also. I don't have to leave my editor to use the shell and can manage my filesystem as well. And the most important feature for me is tramp. When working with distributed systems it is pretty nice to access the remote filesystems from your local machine.