!rant

Little reverse bot psychology

We're using a ticket system at work that a local company wrote specifically for IT-support companies. It's missing so many (to us) essential features that they flat out ignored the feature requests for. I started dissecting their front-end code to find ways to get the site to do what we want and find a lot of ugly code.
Stuff like if(!confirm("blablabla") == false) and whole JavaScript libraries just to perform one task in one page that are loaded on every page you visit, complaining in the js console that they are loaded in the wrong order. It also uses a websocket on a completely arbitrary port making it impossible to work with it if you are on a restricted wifi. They flat out lie about their customers not wanting an offline app even though their communications platform on which they got asked this question once again got swarmed with big customers disagreeing as the mobile perofrmance and design of the mobile webpage is just atrocious.

So i dig farther and farthee adding all the features we want into a userscript with a beat little 'custom namespace' i make pretty good progress until i find a site that does asynchronous loading of its subpages all of a sudden. They never do that anywhere else. Injecting code into the overcomolicated jQuery mess that they call code is impossible to me, so i track changes via a mutationObserver (awesome stuff for userscripts, never heard of it before) and get that running too.

The userscript got such a volume of functions in such a short time that my boss even used it to demonstrate to them what we want and asked them why they couldn't do it in a reasonable timeframe.

All in all I'm pretty proud if the script, but i hate that software companies that write such a mess of code in different coding styles all over the place even get a foot into the door.

And that's just the code part: They very veeeery often just break stuff in updates that then require multiple hotfixes throughout the day after we complain about it. These errors even go so far to break functionality completely or just throw 500s in our face. It really gives you the impression that they are not testing that thing at all.

And the worst: They actively encourage their trainees to write as much code as possible to get paid more than their contract says, so of course they just break stuff all the time to write as much as possible.
Where did i get that information you ask? They state it on ther fucking career page!

We also have reverse proxy in front of that page that manages the HTTPS encryption and Let's Encrypt renewal. Guess what: They internally check if the certificate on the machine is valid and the system refuses to work if it isn't. How do you upload a certificate to the system you asked? You don't! You have to mail it to them for them to SSH into the system and install it manually. When will that be possible you ask? SOON™.
At least after a while i got them to just disable the 'feature'.

While we are at 'features' (sorry for the bad structure): They have this genius 'smart redirect' feature that is supposed to throw you right back where you were once you're done editing something. Brilliant idea, how do they do it? Using a callback libk like everyone else? Noooo. A serverside database entry that only gets correctly updated half of the time. So while multitasking in multiple tabs because the performance of that thing almost forces you to makes it a whole lot worse you are not protected from it if you don't. Example: you did work on ticket A and save that. You get redirected to ticket B you worked on this morning even though its fucking 5 o' clock in the evening. So of course you get confused over wherever you selected the right ticket to begin with. So you have to check that almost everytime.

Alright, rant over.
Let's see if i beed to make another one after their big 'all feature requests on hold, UI redesign, everything will be fixed and much better'-update.

Actual rant time. And oh boy, is it pissy.

If you've read my posts, you've caught glimpses of this struggle. And it's come to quite a head.

First off, let it be known that WINDOWS Boot Manager ate GRUB, not the other way around. Windows was the instigator here. And when I reinstalled GRUB, Windows threw a tantrum and won't boot anymore. I went through every obvious fix, everything tech support would ever think of, before I called them. I just got this laptop this week, so it must be in warranty, right? Wrong. The reseller only accepts it unopened, and the manufacturer only covers hardware issues. I found this after screaming past a pretty idiotic 'customer representative' ("Thank you for answering basic questions. Thank you for your patience. Thank you for repeating obvious information I didn't catch the first three times you said it. Thank you for letting me follow my script." For real. Are you tech support, or emotional support? You sound like a middle school counselor.) to an xkcd-shibboleth type 'advanced support'. All of this only to be told, "No, you can't fix it yourself, because we won't give you the license key YOU already bought with the computer." And we already know there's no way Microsoft is going to swoop in and save the day. It's their product that's so faulty in the first place. (Debian is perfectly fine.)

So I found a hidden partition with a single file called 'Image' and I'm currently researching how to reverse-engineer WIM and SWM files to basically replicate Dell's manufacturing process because they won't take it back even to do a simple factory reset and send it right back.

What the fuck, Dell.

As for you, Microsoft, you're going to make it so difficult to use your shit product that I have to choose between an arduous, dangerous, and likely illegal process to reclaim what I ALREADY BOUGHT, or just _not use_ a license key? (Which, there's no penalty for that.) Why am I going so far out of my way to legitimize myself to you, when you're probably selling backdoors and private data of mine anyway? Why do I owe you anything?

Oh, right. Because I couldn't get Fallout 3 to run in Wine. Because the game industry follows money, not common sense. Because you marketed upon idiocy and cheapness and won a global share.

Fuck you. Fuck everything. Gah.

VS Code is pretty good, though.

I just read the rant: "I use base64 to encrypt my passwords". Found it hilarious!

But I can't believe the amount of people taking it seriously in the comments section! I see just one of these possible explanations.

A) They want to show off
B) They are unable to detect sarcasm
C) They have mastered trolling and I'm stupid

In case it's C, wouldn't this rant be considered as reverse trolling? 😎

First rant goes here...
Had an interview for post of android dev at a start-up(please note: they specified they need a full-time android dev for their team, junior role, even freshers would do). Not a single question asked from android- architecture, apps, libraries, not even anything from my resume. They thought that any person who can 'reverse a linked list on paper' can work with them, but not a dev who has a year's experience in android development.
At the end, after asking me about a dozen (quite simple) DS questions, they said they can't provide the opportunity to a fresher, and I can join as an intern for 3-6 months and 'work my way up'.
WHY THE FUCK YOU SAID YOU NEED A FULL-TIME ANDROID DEV WITHOUT MUCH EXPERIENCE? AND WHY DIDN'T YOU ASK ME RELEVANT QUESTIONS?

"Rant/Story"

Dayum.
Prestory and afterstory:
Today I have slept for around <2 hours and had to drive to my college.

The real shit happens right now.

Story:
During these almost 2 hours, I have dreamed about going back in time, but being limited on the same day's hours.
In other words... It was e.g. 16 o'clock and the time travelled back into the past. Like into a "0830 ish" morning. The day would then come to an end and start with the next day. For example from Monday to Tuesday.
I was able to look into the future whenever I wanted to.
Even though I was driving my car in the first gear, it would drive into the reverse direction.
Time suddently switches direction and everything is going as it should be. Greeting people in the streets as I would do normally.
And all of the sudden time decides to switch its direction again and I have to do things in reverse.
At some point I found something like a hidden room which had a door. I opened it and went into the "room" (it was a special place. It had no walls at all). It had a door at the other side of the room. I went through it and saw another one in the last room. It felt like, if I decide to go through that door, I would instantly die. I therefore moved all the doors back into the dream world.
Such a confusion gave me a fucking headache lol.

After waking up from such a fucking complicated dream, time irl felt fucking weird lmao.

My alarm began to do its job. It tried to wake me up at 6:30 am, at 6:45 am and at 6:50 am.
But all the time along it felt like it began to wake me up at 6:50 am down to 6:30 am.

Not quite a rant, but if you came here for a cool way to reverse strings in python then I've got you covered:

backwardsString = string[::-1]

Don't know why you come to devRANT for tips on python string reversal but hey

I thought it was cool at the time ::)))

A few days ago Aruba Cloud terminated my VPS's without notice (shortly after my previous rant about email spam). The reason behind it is rather mundane - while slightly tipsy I wanted to send some traffic back to those Chinese smtp-shop assholes.

Around half an hour later I found that e1.nixmagic.com had lost its network link. I logged into the admin panel at Aruba and connected to the recovery console. In the kernel log there was a mention of the main network link being unresponsive. Apparently Aruba Cloud's automated systems had cut it off.

Shortly afterwards I got an email about the suspension, requested that I get back to them within 72 hours.. despite the email being from a noreply address. Big brain right there.

Now one server wasn't yet a reason to consider this a major outage. I did have 3 edge nodes, all of which had equal duties and importance in the network. However an hour later I found that Aruba had also shut down the other 2 instances, despite those doing nothing wrong. Another hour later I found my account limited, unable to login to the admin panel. Oh and did I mention that for anything in that admin panel, you have to login to the customer area first? And that the account ID used to login there is more secure than the password? Yeah their password security is that good. Normally my passwords would be 64 random characters.. not there.

So with all my servers now gone, I immediately considered it an emergency. Aruba's employees had already left the office, and wouldn't get back to me until the next day (on-call be damned I guess?). So I had to immediately pull an all-nighter and deploy new servers elsewhere and move my DNS records to those ASAP. For that I chose Hetzner.

Now at Hetzner I was actually very pleasantly surprised at just how clean the interface was, how it puts the project front and center in everything, and just tells you "this is what this is and what it does", nothing else. Despite being a sysadmin myself, I find the hosting part of it insignificant. The project - the application that is to be hosted - that's what's important. Administration of a datacenter on the other hand is background stuff. Aruba's interface is very cluttered, on Hetzner it's super clean. Night and day difference.

Oh and the specs are better for the same price, the password security is actually decent, and the servers are already up despite me not having paid for anything yet. That's incredible if you ask me.. they actually trust a new customer to pay the bills afterwards. How about you Aruba Cloud? Oh yeah.. too much to ask for right. Even the network isn't something you can trust a long-time customer of yours with.

So everything has been set up again now, and there are some things I would like to stress about hosting providers.

You don't own the hardware. While you do have root access, you don't have hardware access at all. Remember that therefore you can't store anything on it that you can't afford to lose, have stolen, or otherwise compromised. This is something I kept in mind when I made my servers. The edge nodes do nothing but reverse proxying the services from my LXC containers at home. Therefore the edge nodes could go down, while the worker nodes still kept running. All that was necessary was a new set of reverse proxies. On the other hand, if e.g. my Gitea server were to be hosted directly on those VPS's, losing that would've been devastating. All my configs, projects, mirrors and shit are hosted there.

Also remember that your hosting provider can terminate you at any time, for any reason. Server redundancy is not enough. If you can afford multiple redundant servers, get them at different hosting providers. I've looked at Aruba Cloud's Terms of Use and this is indeed something they were legally allowed to do. Any reason, any time, no notice. They covered all their bases. Make sure you do too, and hope that you'll never need it.

Oh, right - this is a rant - Aruba Cloud you are a bunch of assholes. Kindly take a 1Gbps DDoS attack up your ass in exchange for that termination without notice, will you?

!rant

How I think the process for designing a hardware-driver is like

CEO: "Alright everyone, we have designed and created this great product, now let's write a driver for it!"

PM: "Great then! We just code for Windows, create an eye-catching UI but leave the actual at the worst possible case that could work!"

Dev: "B-But isn't there other OSes, like Linux and Android that people use on their computers too?"

PM: "Shut up! We are going to JUST support Windows and f*** no absolutely other OSes!

Dev: "But what if they are also developers, and want to control and use this great product by programming it themselves? We should make the driver open-source, or at least give them some APIs!"

PM: "Nonsense! They are only going to use this product on M$ Windows, and with the program we provide to them, even if it's crappy and crashes most of the time!"

Dev: "But-but..."

PM: "No buts! That's our final decision!"

And some other consumer devs are like, "F*** it, we just reverse-engineer the codes and write a new driver ourselves!"

:|

So I've created this account specifically for this rant. I usually just browse anonymously.

I've recently been hired in a big company that is one of the biggest Microsoft users in the world and my essentially revolves on making it easier for our collaborators to work with SharePoint (and other ms software)

Never in my life have I hit that much of a roadblock. So for the past week I've been trying to integrate what Ms calls webparts. And to modify the default webparts Ms provides you need to their properties (or Metadata). Except here's the big problem these are NOT documented anywhere (unless I failed to find it, if you do know where it is documented please HMU), so I've found myself trying to reverse engineer the js scripts that are served with SharePoint to figure out what the webpart properties are called and what type of data they are! I've been going through endless github repos using the CSOM nuget package (it's the library everyone uses to interact with SharePoint) and I finally found out about this other library called PnP which is a wrapper around CSOM that makes it easier to use. That wrapper has a way for me to load existing page and look at the properties of existing webparts. So here I thought it was the end of my suffering and I could finally get an idea of what it should be. Turns out this method doesn't work because one of the dependencies it has has had breaking changes and they still updated it even though it breaks their code! So for the past two days I've been trying random combinations of key values with different data types and json serialization methods.

Oh and yeah I've also looked at all the http calls via the chrome network tab, the metadata is not served as an individual file but is computed by Ms servers when they're serving you their html files.

So uh yeah run from CSOM if you can..

FML I am an idiot.. might end up in a rant here (well deserved!!) //if you are here reading this I'm so sorry again!!

I wrote to our support I need DP/HDMI cable.. they asked me to take a pic of the cable I'm currently using.. WTF?! Don't you know how connectors look?! Just get me the damn cable.. :/
Ok.. Took a picture.. sent it back.. At that time I still didn't see the problem with what I wrote/demanded..
Got back reply this is not HDMI connector... FML, I was so convinced computer had HDMI ports so even when I took the pic I wasn't paying attention.. Fuck.

And before when I was switching cables behind the computer below desk I was just blindly feeling around, it didn't even occurr to me to actually check what connectors are used..just knew both monitors had the same connector (and not aure why I thought HDMI :/)...so yeah, I'm the idiot who is not paying attention to stuff.. Fuck.. Was on a scavanger hunt for a wrong type of cable the whole time.. Sorry again!! And please don't kill me next time you see me.. o.O

To be honest I forgot completely about the ducks and was kind of disappointed to see them, don't understand me wrong, its a great addition to the shop (especially to support devrant more when buying them and I will probably do too) and trogus (wow it's pronounced t-rogus) deserves a lot of respect for going through the very hard process of developing it, getting somebody to do a decent quality result etc. but I was hoping for the new site that got hyped up some time ago or some update to the app that fixes design issues on phones that have 2k resolution and no statusbar and more. ("just open a github issue" - I don't have one right now and it didn't get much attention anyway, since I am in the niche of people with those kind of setups, most people it seems have phones that can even barely run the app lol). The login still pops up each time you visit the site (basically just click it away, but it's rather annoying to have it pop up), it's nowhere near to the original app (although the native app is written in some sort of wrapper anyway?) - especially what comes to options, customizing, deactivating things, posting into categories (newest feature), getting notifications etc

There is some community builds that try to recreate a better desktop experience, but sadly fail to do so (sorry to devrantron and others, but what the fuck were you thinking when you rounded only the top right and left corner?) - since they always have something that is just thrown out to "be there" or design fails (which devrant just lacks and looks good across the board), that makes me rather cautious if that program doesn't send my credentials to some african prince. ("just look at the sourcecode", yes I have better things to do, thanks)

I could just create my own build, having to reverse engineer the whole website and app (granted, most of it are just api calls), but I simply lack the time (so I understand why my mentioned problems aren't getting really any attention or can't be implemented that fast, yet still its somewhat bugging)

I have listened to the Q&A and I know you guys are working full time at for example adobe (amazing that you both have time to be putting it towards devrant), so its not as much of a rant, just wanted to get out my disappointment about the event I felt personally. Still nice to have seen you and talk with the community a bit (although the time I feel was picked more towards your US audience rather than EU?).

//First rant

So I've been working trying to get a file exporter for a binary file format mostly reverse engineered - 2001 Super Monkey Ball 2 (GameCube) if anyone's interested.

Everything works fine, goals show up in the right places, wormholes work as intended, etc. That is everything, except every single level you create will be invisible, or crash (Depending on which version of Dolphin emu you use).

This happens whenever trying to specify object names for 3D objects. I checked, all the many offsets seem correct, Object names are correct. Tried both null terminated strings and fixed 80 character strings - nothing.

Some other guy also made an exporter that works, however the code is an absolute mess - basically unreadable. It also lacks some newer parts of the file spec, which is the main reason as to why I'm rewriting it.

And as I'm working with an almost entirely unheard of file format, there are few people to go to for help. The 2 I know who are also familiar with the LZ file format have no idea either...

Sigh.

I am trying to reverse engineer a fingernail hardening device for rapid hardware prototyping (becoming some kind of hardware developer I guess)

Since it is a fucking mess (all cables are black) they've chosen a weird construct to operate microcontroller on 240Vac (seems to be possible and made in very low energy consuming devices) i do not find any datasheet for one of the used products. It would help a lot but no. And messing around with high voltage is no fun.

I'm unsure if this fits as a dev rant since most/all I've read so far are software-related.

When you are trying to reverse engineering context free grammar rules from given sentences......
Not possible. Worst assignment yet.

Finally! I can't believe the suffering has finally ended. I managed to fuck over our shiddy build system to produce normal debugging information that can be stepped in gdb. Everything goes so smoothly for me ever since.. jeez feels so good :) When I come home today Ill just lay down on a bed and roll from side to side out of happiness.

Hey I feel the need to commend gmail's web ui. One thing I love is when it's possible to control gui programs with just keyboard and gmail got it done right. I know I know oldfag ahahahaa, whatever may you mouse lovers all get carpal and anal tunnels.

Holy shit trying to learn flex-box and only when I turn on reverse-row does everything fall out of its containing boxes. Then I find out that because I'm not hardcore enough to roll my own CSS scaffolding and therefore using material design lite that it is also trying to use flex box plus a few floats here and there......
... First real need to rant, glad I had this outlet

#Suphle Rant 3: Road to PHP8, Flow travails

Some primer: Flows is a feature that causes the framework to bypass handling the request now but read it from cache. This cache entry is meant to be populated without warming, based on the preceding request. It's sort of like prefetching but done on the back end

While building Suphle, I made some notes on some chapters about caveats and gotchas I may forget while documenting. One such note was that when users make the Flow request, the framework will attempt to determine who user is, using authentication mechanism defined on the first module (of the modular monolith)

Now, I got to this point during documentation and started wondering whether it's impossible for the originating request to have used a different authentication mechanism, which would result in an empty entry for returning user. I *think* it's possible cuz I've got something else called "route mirroring", where web based routes can be converted to API routes. They'll then return JSON, get served under defined API path, use JWT, all automatically. But I just couldn't connect the dots for the life of me, regarding how any of this could impact authentication on the Flow request

While trying to figure out how to write the test for this or whether it was even necessary (since I had no use case), it struck me that since Flow requests are not triggered by an actual user, any code attempting to read authenticated user will see nothing!

I HATE it when I realize there's ambiguity or an oversight, after the amount of attention and suffering devoted. This, along with a chain of personal troubles set off despondency for a couple of days. No appetite for food or talk. Grudgingly refactored in this update over some days. Wrote some tests, not all passed. More pain. May have to convert them to unit tests

For clarity, my expectation is, I built this. Nothing should be impossible for me

Surprisingly, I caught a somewhat lucky break –an ex colleague referred me to the 1st gig I'm getting in 1+ year. It's about writing a plugin for some obscure forum software. I'm not too excited cuz it's poorly documented and I'll have to do a lot of groping, they use arrays instead of objects etc. There's no guarantee I'll find how to implement all client's requirements

While brooding last night, surfing the PHP subreddit, stumbled on a post about using Rector to downgrade a codebase. I've always been interested in the reverse but didn't have any incentive to fret over it. Randomly googled and saw a post promising a codebase can be upgraded with 3 commands in 5 minutes to PHP 8. Piqued my interest around 12:something AM. Stayed up all night upgrading it, replacing PHPSTAN with Psalm, initializing the guy's project, merging Flow auth with master etc. I think it may have taken 5 minutes without the challenge of getting local dev environment to PHP 8

My mood is much lighter than it was, although the battle is not won yet –image tests are failing. For some weird reason, PHP8 can't read generated test images. Hope I can ride on that newfound lease on life to study the forum and get the features working

I have some other rant but this is already a lot to digest in one sitting. See you in rant #4

I hate this crap and wish people would stop doing it. It makes my brain bleed and doesn't prevent any difficult to find bugs.

if (TERMINAL_COUNT <= index_thing)

English doesn't work that way, and I don't know about you but this crap is just awkward as hell. Sweet Jesus I wish there was less cargo cult programming in the world. Just because you saw something in a blog that convinced you that reverse comparisons is best doesn't mean it actually is. Use a damn static analysis tool to catch accidental assignments in expressions, don't twist my brain to interpret your weird phrasing of comparison operators. Some of your code reviewers may be dyslexic and have enough problems as it is.

And now for the mini-rant that I'm actually here for: You know what makes for difficult to find bugs? (Hint: It sure as hell isn't an assignment in an expression) Releasing an RTEMS semaphore you've never obtained. You'd think that would cause some kind of panic or assert failure but nope. Instead it causes... misaligned address exceptions? In statically allocated global memory? WTF??

!Rant Now for some nice, relaxing (infuriating) reverse engineering.
At least they were kind enough to use .Net

!rant

Looking for some guidance on a final year college research project:

I was going to look into hacking drones/toy helicopters/those Fitbit watch things or whatnot, but I'm not sure if it would go down well! Some technologies I'm looking to explore through this project include reverse engineering, machine learning and container technologies (docker, rkt) if that helps?

Am I along the right lines or should I take a different approach with different topics? If so, an update on what's "hot" or upcoming at the moment would be helpful.

Cheers!