Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Latest update for the devRant app has some new twists: 1) collabs are now free for all 2) black theme is available for devRant++ members 3) when posting a rant we now ask for you to classify the rant as a specific type of post. RIP !rant :/ To be clear, this isn't meant to say that any posted content needs to be different than what everyone is doing already, just that the extra categorization helps all parties who like or dislike different types of content. This categorization will help better inform the algo and allow for advanced filtering which is coming soon.
If you have any questions, comments or concerns please ask me or @dfox in this thread.
65 -
!security
(Less a rant; more just annoyance)
The codebase at work has a public-facing admin login page. It isn't linked anywhere, so you must know the url to log in. It doesn't rate-limit you, or prevent attempts after `n` failures.
The passwords aren't stored in cleartext, thankfully. But reality isn't too much better: they're salted with an arbitrary string and MD5'd. The salt is pretty easy to guess. It's literally the company name + "Admin" 🙄
Admin passwords are also stored (hashed) in the seeds.rb file; fortunately on a private repo. (Depressingly, the database creds are stored in plain text in their own config file, but that's another project for another day.)
I'm going to rip out all of the authentication cruft and replace it with a proper bcrypt approach, temporary lockouts, rate limiting, and maybe with some clientside hashing, too, for added transport security.
But it's friday, so I must unfortunately wait. :<13 -
Dear all wonderful ranters,
I apologize profusely in advance if over the next few days I cannot contain my anger at people and rant about non-dev things. I promise I will try my best to not do this, but there are very few places (none) other than here where I feel comfortable enough to express myself freely and not censor my words.
I will be working as a security guard (3rd job) for a car show full of pretentious assholes who have a tendency to think I'm their servant. I have wonderful bosses who have my back, and there are truly amazing people in attendance as well, but if someone tries to run me over again after a long ass day, I might need to vent.
I fully accept any and all down votes, and will likely delete the rant after it's out of my system, unless there's a conversation going in comments (I wouldn't do that to you).
Please bear with me while I try boot to strangle everyone I come across. I'm hoping this year is the year everyone is nice, but history tells me that's naive and won't happen.
All my love,
Your (co)queen who may end up arrested for using her bionic arm to rip their balls off and feed them to their wives10 -
Basically finished the notification filter script* already, but there's still some small bugs I want to get to first, so in the meanwhile I created a "subscribe" button script**, that simply posts a pin emoji and "Subscribing to the comments".
On desktop I usually used to post a dot to subscribe to rant comments, but with the new people wave, that was often misunderstood (you emoji users won the evolution of comment subscribing, RIP dot) I'm sure some other people that use the webapp more often, will find it useful too.
* notification filter: https://devrant.com/rants/1424435/...
** subscribe button: https://github.com/7twin/...
17 -
So, I was gonna rant about how it can be difficult to design event-based Microservices.
I was gonna say some shit about gateways APIs and some other stuff about data aggregation and keeping things idempotent.
I was going to do all this but then as I was stretching out the old ranting fingers I decided to draw a diagram to maybe go along with the rant.
Now I’m not here to really rant about all that Jazz...
I’m here to give you all a first class opportunity to tear apart my architecture!
A few things to note:
Using a gateway API (Kong) to separate the mobile from the desktop.
This traffic is directed through to an in intermediate API. This way the same microservices can provide different data, and even functionality for each device.
Most Microservices currently built in golang.
All services are event based, and all data is built on-the-fly by events generated and handled by each Microservices.
RabbitMQ used as a message broker.
And finally, it is hosted in Google Cloud Platform.
The currently hosted form is built with Microservices but this will be the update version of things.
So, feel free to rip it apart or add anything you think should change.
Also, feel free to tell me to fuck right off if that’s your cup of tea as well.
Peace ✌🏼
19 -
'Sup mates.
First rant...
So Here's a story of how I severely messed up my mental health trying to fit in university.
But the bonus: Found my passion.
Her we go,
Went to university thinking it'll be awesome to learn new stuff.
1st sem was pure shock - Programming was taught at the speed of V2 rockets.
Everything was centred around marks.
Wanted to get a good run in 2nd sem, started to learn Vector design, but RIP- Hospitalized for Staph infection, missed the whole sem and was in recovery for 3 months.
So asked uni for financial assistance as I had to re-register the courses the next semester. They flat out refused, not even in this serious of a case.
So, time to register courses for third semester, turns out most of the 2nd year courses are full, I had to take 3rd year courses like:
Social and Informational Networks
Human Computer Interaction
Image processing
And
Parallel and Distributed Computing (They had no prerequisites listed, for the cucks they are: BIG MISTAKE)
Turns out the first day of classes that I attend, the Image proc. teacher tells me that it's gonna be difficult for 2nd years so I drop it, as the PDC prof. also seconds that advice.
Time travel 2 months in: The PDC prof is a bitch, doesn't upload any notes at all and teaches like she's on Velocity-9 while treating this subject like a competition on who learns the most rather than helping everyone understand.
Doesn't let students talk to each other in lab even if one wants to clear their friend's doubt, "Do it on your own!" What the actual fuck?
Time for term end exams and project submission: Me and 3 seniors implement a Distributed File System in python and show it to her, she looks satisfied.
Project Results: Everyone else got 95/100
I got 76.
She's so prejudiced that she thinks that 2nd years must have been freeloaders while I put my ass on turbo for the whole sem, learning to code while tackling advanced concepts to the point that I hated to code.
I passed the course with a D grade.
People with zero consideration for others get absolutely zero respect from me.
Well it's safe to say that I went Nuclear(heh.. pun..) at this point, Mentally I was in such a bad place that I broke down.... Went into depression but didn't realise it.
But,
I met a senior in my HCI class that I did a project with, after which I discovered we had lots of similar interests.
We became good friends and started collaborating on design projects and video game prototyping.
Enter the 4th sem and holy mother of God did I got some bad bad profs....
Then it hit me
I have been here for two years, put myself through the meat grinder and tore my soul into shreds.
This Is Not Me
This Wont Be The End Of Me
I called up my sister in London and just vented all my emotions in front of her.
Relief.
Been a long time since I felt that.
I decided to go for what I truly feel passionate about: Game Design
So I am now trying to apply for Universities which have specialised courses for game design.
I've got my groove again, learnt to live again.
Learning C# now.
:)
It's been a long hello, and If you've reached till here somehow, then damn, you the MVP.
Peace.9 -
TLDR: crappy api + idiot ex client combo rant // devam si duška
I saw a lot of people bitching about APIs that don't return proper response codes and other stuff..
Well let me tell you a story. I used to work on a project where we had to do something like booking, but better..crossbreed with the Off&Away bidding site (which btw we had to rip off the .js stuff and reverse engineer the whole timer thingy), using free versions of everything..even though money wasn't an issue (what our client said). Same client decided to go with transhotel because it was sooooo gooood... OK? Why did noone heard of them then?
Anyhow, the api was xml based.. we had to send some xml that was validated against a schema, we received another that was supposed to be validated againts another schema.. and so on and so on..
...
...
supposed..
The API docs were nonexistent.. What was there, was broken English or Spanish.. Even had some comments like Add This & that to chapter xy.. Of course that chapter didn't even exist yet. :( And the last documentation they had, was really really old..more than a year, with visible gaps, we got the validation schemas not even listed in the docs, let alone described properly.
Yaaay! And that was not everything.. besides wrong and missing data, the API itself caused the 500 server error whenever you were no longer authenticated.
Of course it didn't tell you that your session was dead.. Just pooof! Unhandled crap everywhere!
And the best part?! We handled that login after inspecting what the hell happened, but sent the notification to the company anyways.. We had a conf call, and sent numerous emails explaining to them what a 'try catch' is and how they should handle the not authenticated error <= BTW they should have had a handled xml response for that, we got the schema for it! But they didn't. Anyhow, after two agonizing days talking back and forth they at least set up the server to be available again after the horrified 500 error. Before, it even stopped responding until reset (don't ask me how they managed to do that).
Oh yeah, did I mention this was a worldwide renown company?! Where everybody spoke/wrote English?! Yup, they have more than 700 people there, of course they speak English! <= another one of my ex clients fabulous statements... making me wanna strangle him with his tie.. I told him I am not talking to them because no-one there understood/spoke English and it would be a waste of my time.. Guess who spent almost 3 hours to talk to someone who sounded like a stereotypical Indian support tech guy with a flue speaking Italian?! // no offence please for the referenced parties!!
So yeah, sadly I don't have SS of the fucked up documentation..and I cannot post more details (not sure if the NDA still holds even though they canceled the project).. Not that I care really.. not after I saw how the client would treat his customers..
Anywayz I found on the interwebz some proof that this shitty api existed..
picture + link: https://programmableweb.com/api/...
SubRant: the client was an idiot! Probably still is, but no longer my client..
Wanted to store the credit card info + cvc and owner info etc.. in our database.. for easier second payment, like on paypal (which he wanted me to totally customize the payment page of paypal, and if that wasn't possible to collect user data on our personalized payment page and then just send it over to paypal api, if possible in plaintext, he just didn't care as long as he got his personalized payment page) or sth.... I told the company owner that they are fucking retards if they think they can pull this off & that they will lose all their (potential) clients if they figure that out.. or god forbid someone hacked us and stole the data.. I think this shit is also against the law..
I think it goes without saying what happened next.. called him ignorant stupid fucktard to his face and told him I ain't doing that since our company didn't even had a certificate to store the last 4 numbers.. They heard my voice over the whole firm.. we had fish-tank like offices, so they could all see me yelling at the director..
Guess who got laid off due to not being needed anymore the next day?! It was the best day of my life..so far!! Never have I been happier to lose my job!!
P.S. all that crap + test + the whole backand for analysis, the whole crm + campaign emails etc.. the client wanted done in 6 months.. O.o
P.P.S. almost shat my pants when devRant notified my I cannot post and wanted to copy the message and then everything disappeard.. thank god I have written this in the n++ xD
11 -
General folks reads "!rant" and says grammatical error.. "!" should be in the end..
Developers can only understand.. and often end up using more times as prefix instead of at the end ...
RIP Grammar, we prefer logical operators..2 -
!rant
Stephen Hawking's dead, noooooo
His books were half the reason I chose science and technology, damnit, and I've spent quite a while on black holes and his work on them.
You inspired whole generations of people, sir. Thank you. RIP.
:( -
!rant
if you're someone who grades code, fuck you, you probably suck. Turned in a final project for this gis software construction class as a part of my master's degree (this class was fuck all easy, I had two weeks for each project, each of them took me two days). We had to pick the last project, so I submitted final project proposal that performs a two-sample KS test on some point data. Not complex, but it sounds fancy, project accepted. Easy money.
I write the thing and finish it, it works, but it doesn't have a visualization and that makes the results seem pretty lame, even though its fully functional. SO I GO OUT OF MY FUCKING WAY to add a matplotlib chart of the distribution. To do that, at the very bottom of the workflow, I define a function to chart it out because it made the code way more readable. Reminder, I didn't have to do this, it was extra work to make my code more functional.
Then, this motherfucker takes points off because I didn't define the function at the very beginning of the code... THE FUCK, DUDE? But, noobrants, it's "considered best prac--" nope, fuck you, okay? This class was so shit, not once was code style addressed in a lesson or put on any rubric - they didn't give a shit what it looked like - in fact, the whole class only used arcpy (and the csv mod once), they didn't teach us shit about anything except how to write geoprocessing scripts (in other words, how to read arcGIS docs about arcpy) and encouraged us to write in fucking pythonwin. And now, when the class is fucking over, you decide to just randomly toss this shit in, like it was a specific expectation this whole time? AND you do this when someone has gone out of their way to add functionality? Why punish someone who does extra work because that extra work isn't perfect? Literally, my grade would have been better without the visualization.
I'm not even mad at my grade - it was fine - I just hate inconsistency in grading practices and the random raising and lowering of expectations depending on how some grader's coffee tasted that morning. I also hate punishing people for doing more - it's this kind of shit that makes people A) wanna rip their eyeballs out, and B) never do anything more than the basic minimum expectation to avoid extra unwanted attention. If you want your coders to step up and actually put work in to make things the best they can be, yell at a grader to reward extra work and not punish it.4 -
!rant
Need some opinions. Joined a new company recently (yippee!!!). Just getting to grips with everything at the minute. I'm working on mobile and I will be setting up a new team to take over a project from a remote team. Looking at their iOS and Android code and they are using RxSwift and RxJava in them.
Don't know a whole lot about the Android space yet, but on iOS I did look into Reactive Cocoa at one point, and really didn't like it. Does anyone here use Rx, or have an opinion about them, good or bad? I can learn them myself, i'm not looking for help with that, i'm more interested in opinions on the tools themselves.
My initial view (with a lack of experience in the area):
- I'm not a huge fan of frameworks like this that attempt to change the entire flow or structure of a language / platform. I like using third party libraries, but to me, its excessive to include something like this rather than just learning the in's / out's of the platform. I think the reactive approach has its use cases and i'm not knocking the it all together. I just feel like this is a little bit of forcing a square peg into a round hole. Swift wasn't designed to work like that and a big layer will need to be added in, in order to change it. I would want to see tremendous gains in order to justify it, and frankly I don't see it compared to other approaches.
- I do like the MVVM approach included with it, but i've easily managed to do similar with a handful of protocols that didn't require a new architecture and approach.
- Not sure if this is an RxSwift thing, or just how its implemented here. But all ViewControllers need to be created by using a coordinator first. This really bugs me because it means changing everything again. When I first opened this app, login was being skipped, trying to add it back in by selecting the default storyboard gave me "unwrapping a nil optional" errors, which took a little while to figure out what was going on. This, to me, again is changing too much in the platform that even the basic launching of a screen now needs to be changed. It will be confusing while trying to build a new team who may or may not know the tech.
- I'm concerned about hiring new staff and having to make sure that they know this, can learn it or are even happy to do so.
- I'm concerned about having a decrease in the community size to debug issues. Had horrible experiences with this in the past with hybrid tech.
- I'm concerned with bugs being introduced or patterns being changed in the tool itself. Because it changes and touches everything, it will be a nightmare to rip it out or use something else and we'll be stuck with the issue. This seems to have happened with ReactiveCocoa where they made a change to their approach that seems to have caused a divide in the community, with people splitting off into other tech.
- In this app we have base Swift, with RxSwift and RxCocoa on top, with AlamoFire on top of that, with Moya on that and RxMoya on top again. This to me is too much when only looking at basic screens and networking. I would be concerned that moving to something more complex that we might end up with a tonne of dependencies.
- There seems to be issues with the server (nothing to do with RxSwift) but the errors seem to be getting caught by RxSwift and turned into very vague and difficult to debug console logs. "RxSwift.RxError error 4" is not great. Now again this could be a "way its being used" issue as oppose to an issue with RxSwift itself. But again were back to a big middle layer sitting between me and what I want to access. I've already had issues with login seeming to have 2 states, success or wrong password, meaning its not telling the user whats actually wrong. Now i'm not sure if this is bad dev or bad tools, but I get a sense RxSwift is contributing to it in some fashion, at least in this specific use of it.
I'll leave it there for now, any opinions or advice would be appreciated.16 -
!dev, !rant
Was thinking about the things I miss thanks to the 'rona whilst coding. Restaurants are a big one (I haven't had an oyster in a dog's age). We've lost a ton of businesses recently, most of which will never be back. As much as I Uber eats and doordash, restaurants lose money on those mechanisms frequently due to the up to 30% order commission.
There's definitely a potential market for an epic games-store style player in that segment who wants to compete on cost and fees. Hard part would be the political weight that's coming down on those businesses now. It's a really shitty time to be in most businesses.
Tl;Dr There will never be a better name for a donut shop than "Hole Foods." RIP2 -
Last rant was about games and graphics cards (admittedly not received too well), time for a rant about game development houses.. especially you EA.
So yesterday a friend of mine showed me in one of our Telegram chats that he'd modified some cheats in an old FPS game by editing these scripts (not Lua for some reason) that the game used as a.. configuration language I guess? He called the result a tank cemetery 🙃
Honestly the game looked a lot like Medal of Honor to stoned me at the time, so I figured, well why not fire up that old nx7010 I had laying around for so long, get a new Debian installation on that and rip the Medal of Honor: Allied Assault war chest that I still had, and play it on one of my more modern laptops? Those CD's are now very old anyway, maybe time to archive those before they rot away.
So I installed Debian on it again, looked up how to rip CD's from the command line, and it seemed that dd could do it - just give /dev/cdrom as the input file, and wherever you want to store your copy as the output file. Brilliant! Except.. uh, yeah. It wasn't that easy. So after checking the CD and finding that it was still pristine, and seeing another CD in that war chest fail just the same, I tried burning and then ripping a copy of Debian onto another CD.. checksummed them and yes, it ripped just fine, bit for bit equal. So what the fuck EA, why is your game such a special snowflake that it's apparently too difficult to even spin up the drive to be copied?
So I looked around on plebbit and found this: https://reddit.com/r/DataHoarder/... - the top comment of that post shattered all my hopes for this disc to be possible to rip. Turns out that DRM schemes intentionally screw up the protocols that make up a functioning disc, and detecting those fuck-ups is part of the actual DRM.
"I also remember some forms of DRM will even include disc mastering errors/physical corruption on the actual disc and use those as a sort of fingerprint for the DRM. The copied ISO has to include them at the exact same place in the ISO as on the IRL disc and the ISO emulator has to emulate the disc drive read errors they cause."
So yeah. Never mind that I already own this goddamn game, and that it's allowed by law to make one copy for personal use, AND that intentionally breaking something is very shady indeed.. apparently I don't really own this game after all. So I went onto the almighty search engines, and instantly found a copy of this game for download. You know EA.. I wanted to play nice. You didn't let me. Still wondering why people do piracy now? Might take your top suits that suggested these fucked up DRM schemes another decade to figure out maybe.. even given the obvious now.
But hey I wouldn't even care that much if the medium these games are stored on wouldn't be so volatile (remember these discs are now close to 20 years old, and data rot sets in after 30 years or so). You company decided to publish these on CD. We've had cartridges in many forms before, those are pretty much indestructible and inherently near impossible to duplicate. And why would you want to? But CD is what you chose because you company were too cheap to go to China, get someone to make some plastic molds and put your board and a memory chip in that. Oh and don't even get me started on the working conditions for game devs.. EA and co, aren't you ashamed of yourselves? No wonder that people hate game development houses so much.
Yay, almost finished downloading that copy of Medal of Honor! Whatever you say EA.. I've done everything I could to do it legally. You are the ones who fucked it up.9 -
I can't make progress on my private project.
I just started and already refactoring my code.
Yesterday I started to refactor my tests -.-'
I'm sure I will lose the interest in this project because I start a new one I can refactor to death.8 -
At a "guided internship".
Task: Develop a complete web application form
Was assigned to a team of 7 where all are "Frontend Developers" who have never heard terms like "bootstrap" or "mobile-first web pages".
That aside, all are seniors in age and qualifications, hence me telling them something to do is "ordering them around". And if I tell them to leave things to me, they be like "No, we wanna contribute and do the Frontend, as these things don't matter, inline css just works fine". 🤷🏻♂️🤷🏻♂️🤷🏻♂️🤷🏻♂️🤷🏻♂️
Why Lord? Just why?4 -
i hate you, you and you AHHHHHH
This doesnt have to make sense.
This is a freakin rant for god's sake, not a pull request. I'm not tryna be the best ranter?? Dont mind this rant. Just scroll. B if u can only hear my scream right now from the other side of the world, it sure can cause another big bang.
F u, this sht, (oh ya it's profanity, i got no better term for what im feelin, gahh please rip my head off) and that too, and this one too, all of u
I HATE ALL OF YOU. I BLAME ALL OF YOU FOR ALL MY INCONSISTENCIES. YE, IM TIRED OF TAKING ACCOUNTABILITY. F THAT SHT COZ IT JUST RAISES EXPECTATIONS. I CAN'T EVEN MEET THE DEADLINES I SET FOR MYSELF.
The hell are ambitions and all that "dream life" they tryna sell. Those won't even matter when I can barely get my sht together. UGH. I haven't even seen my friends, the SUN, trees and all normal people things. Dang, I want fried chicken. I haven't had one for a while. I guess I should end this rant here and order one.
I must just be hungry, no?3 -
I kinda hate brand bias, when people don't have an open mind when judging new products.
some people are ready, up late, waiting for next apple keynote just so they have stuff to rip off.
"animoji is so pointless"
then don't use it buddy :)
"apple tracks you"
https://maps.google.com/locationhis...
"apple product limits you, google products allow you to do a lot more"
- apple iphone:
· download apps
· surf the web
· make calls and send texts
· do things offline
· use the native devRant app
pixelbook/chromeos:
· browse the fucking web
· there's a fucking 'write protect' screw in the motherboard so you can't fuck anything up
(yes I know, generally android is more customizable, but you'd expect more from a laptop over a computer)
I'm not an apple fanboy, I could make this rant about android hate, too, but because a product isn't for you doesn't mean it's not for everyone.6 -
!rant
Yep another drinking warning, my mates and I plan on making an Aussie flag of VB and great northen that's the size of a shed, RIP2 -
Pfff come on
Its like u wanted them to update and manage ms paint
From xp onwards to win 10 i hav never seen a difference to ms paint
So those who rant about "rip ms paint" can go fuck themselves2 -
That time when you ask colleague on different project to paste their code, pastes 2000 lines of code with no indents...whyyyyy?!?
-
!dev && rant
So yesterday we landed in 'Nam and started our journey from the south to the north (applied for a Visa online and still waited 2 hours in the airport for the officer to approve it)..
We tried to catch a Grab (Vietnamese Uber) to the hotel but obviously 99% of locals don't speak English so it was impossible to communicate with them (they call you and just start yappin Vietnamese). Eventually we gave up and tried the local cabs. Of course they try to rip you off for more than triple the price but that's cool. Vietnamese cab meters measure distance not time so the first cab just told us to get off after 100m or so but at least he stopped another cab for us and didn't charge us.
Ho chi Minh City is quite nice though a bit too dirty for me. Every breath you take feels like 3 cigarettes.
Vietnamese war museums like to victimize and praise their legendary leader Ho Chi Minh.
The reason I'm telling you all this is because at the moment I'm traveling to Dalat from Ho Chi Minh City via a sleeper bus and it is fucking terrible. 6 hours drive, bumpy ride, I sleep by the friggin engine so it's always hot. AC is shit and there are 5 more hours to go. I hid Uncle Benjamin in my underwear so I won't get robbed during the night. He is not happy about it. Fuck me. Btw this whole experience was just day one.
The only reason I'm even willing to go through all of this is because me and the miss celebrated 7 years in Aug (no ring yet fyi).
If you made it this far congrats.
I might post follow ups so stay tuned.3
Top Tags
Weekly Rant
View