*client calls in*

Me: good morning, how can I help you?
Client: my ip is blocked, could you unblock it for me?
Me: certainly! What's your ip address? Then I'll have a look.
Client: I'm not giving you my ip?! That's too privacy sensitive.
Me: 😶
Me: 😶
Me: 😶
Me: sir, I'm very keen on my privacy myself but without that information I can't do much for you 😬
Client: ah so you're refusing to help me?
Me: not like that, it's just very hard to lift an ip block for me when I don't know the ip address.
Client: you just don't want to help, fine.

*click*

😶

Meeting with asshole partner company CEO at restaurant.

Me: "I'm a bit worried about the bugs in your API. There are some ways to retrieve privacy sensitive info from public endpoints"

CEO: "Well, we're a rapidly growing startup!"

Me: "Uh... so?"

CEO: "So... Move Fast and Break Things! Priority is to improve our API further, and we'll fix bugs as they show up"

Me: "Maybe you should stop trying to emulate Zuckerberg in your management style. You know that even Facebook themselves admitted that their slogan was a retarded mistake"

Waiter shows up at table. CEO orders some overly expensive fish salad.

CEO: "Well, they have done something right... they're worth billions"

Waiter asks me: "And you sir, have you made your choice?"

Me: "Do you serve popcorn?"

CEO: "Popcorn for lunch?"

Me: "No, for your congressional hearing"

PM: You know that screen that pops up at the start of the app asking for permission to access health data?

Me: Yeah the iOS HealthKit permission screen. What about it?

PM: Can you take that out. I don't think people are going to agree to it. I want people to use the app.

Me: Well we can't do that, apple says if we want to use HealthKit we have to ask for permission. We shouldn't be touching that data without permission anyway.

PM: Oh no permission is fine I get that, but is it not implied by downloading the app, its clearly a health app. I really don't want people to download it and then uninstall it because they don't like this.

Me: Not really, not everyone will know what data is needed, some of it might be sensitive to them.

PM: Nah I don't buy into that. I asked 5 of my friends on the golf course at the weekend and 3 of them said they wouldn't agree to it, thats 60% of our user base, we can't have that.

Me: ... ok, well I don't agree that your 5 friends is a fair sample to judge the whole world by, either way we have no choice.

Pm: No this isn't going to fly, can we not build our own HealthKit that doesn't have this kind of permission screen? Maybe we could start our own, and invite our partners to use it?

Me: ... no

Pm: why not? We'll have legal draw up something we put in the terms and conditions.

Me: ... it will take months to build for all the different types of devices we have, if they even let us get access to them, and then we will have a different standard to everyone else.

Pm: ... no your not seeing the big picture, i'll run the idea up the ladder.

**It was approved up the ladder, and subsequently cancelled when they realised the scale of the work involved which is both a "thank god" and a "wtf" moment**

(sensitive parts censored)

Friend: Hey, can you hack my (some website) account?
Me: Depends... What's your username?
Friend: (tells username)
Me: (clicks forgot password?)
Friend: I will give $10 if you do it. There is 2 factor authentication enabled.
Me: (silence) Ok.
Website: Please type the class number you were in in 4th grade.
Me: Hey, did you graduated BLAH elementary school?
Friend: Yeah.
Me: Ahh, I remember. You moved to BLAH elementary school in what grade?
Friend: 4
Me: Hmmm, I don't remember seeing you. What class were you in?
Friend: 5
Me: Well, I now remember. Stupid me. (smirks)
Friend: Haha. (continues to play games beside me)
Me: (Types in 8)
Website: We sent you a password to blah@example.com
Me: (uhh, heads to example.com and clicks forget password?)
Email: Please type the class number you were in in 4th grade.
Me: (wtf is this, types 8)
Email: Please type the teacher's name when you were in in 4th grade.
Me: What was the teacher's name?
Friend: Huh?
Me: When you were in 4th grade.
Friend: Ahh! John Smith.
Me: Ahh, he was strict, right?
Friend: Yeah (continues to play games again)
Me: (Types in John Smith)
Email: Set a new password.
Me: (Types "youaresostupid")
Email: Done!
Me: (copies PLAIN TEXT password from email, logs in to website)
Me: Da-da!
Friend: (gasps)
Me: Money plz~
Friend: Nope.
Me: (wtf, then remembers i changed his email password) Fine then.

=====================

1. There is 2 factor authentication enabled. : Got it?
2. The website sent plaintext password.
3. He is just pure idiot.
4. I didn't got the money.
5. I am now a h4x0r

My mom got audited for storing sensitive client information in her gmail account without using a vpn or any other real security.

I had been telling her this was an issue for literally the last three years and shes brushed me off every time.

I got yelled at for not telling her I was serious.

A couple of years ago, I was working in a computer shop as a "technician", I was 15, first job I ever had.
One day an elderly lady came into the shop, probably 50'ish, she and her whole family "suffered" from electromagnetic radiation, and the mother had the worst suffering. She complained about her TV box that just had died.

I accept the tuner and see it's wrapped with 10 layers of aluminium foil, with a tiny hole for the IR receiver.

The whole box smells like burnt electronics, and the foil gets darker for each layer I unwrap. I try explain to her that the box gets warm and overheated by wrapping it like this, and she's lucky that it didn't catch fire.

I further explain to her that she will not get a new box, because the warranty does not cover _this_. The mother tells me she has to wrap it like this, because she gets headaches when she's watching the news.

She then proceeds to go into a rage mode and gets her whole family into the shop, where all of them starts yelling at me, the younger kids start throwing stuff down from the shelves and touching the TVs with sticky fingers (literally, sticky, like yuck!).

Unsure what to do, boss is in a meeting, and my colleague is busy in the back.

So I calmly tell them that in this building there's 4 wireless networks, 3 wireless phones, high voltage cables run in the wall behind me, there's factory tracks 20 meters behind the building, next door business is an electrician, you're standing in front of wall with 30-40 TVs, 5 HDMI splitters, 3 TV boxes and a Blu-ray player. And they've all been standing in front of them for the last 10 minutes.

They all suddenly feel really sick and run out of the store, never to be seen again. From that day, I decided I'll never work in a shop again, and pursued my dreams to become a developer.

TL;DR: Family is "sensitive" to electromagnetic radiation, almost put burnt down their house because of stupidity, yelled at me. I decided to pursue my dream as a developer.

My mentor/guider at my last internship.

He was great at guiding, only 1-2 years older than me, brought criticism in a constructive way (only had a very tiny thing once in half a year though) and although they were forced to use windows in a few production environments, when it came to handling very sensitive data and they asked me for an opinion before him and I answered that closed source software wasn't a good idea and they'd all go against me, this guy quit his nice-guy mode and went straight to dead-serious backing me up.
I remember a specific occurrence:
Programmers in room (under him technically): so linuxxx, why not just use windows servers for this data storage?
Me: because it's closed source, you know why I'd say that that's bad for handling sensitive data
Programmers: oh come on not that again...
Me: no but really look at it from my si.....
Programmers: no stop it. You're only an intern, don't act like you know a lot about thi....
Mentor: no you shut the fuck up. We. Are. Not. Using. Proprietary. Bullshit. For. Storing. Sensitive. Data.
Linuxxx seems to know a lot more about security and privacy than you guys so you fucking listen to what he has to say.
Windows is out of the fucking question here, am I clear?

Yeah that felt awesome.

Also that time when a mysql db in prod went bad and they didn't really know what to do. Didn't have much experience but knew how to run a repair.
He called me in and asked me to have a look.
Me: *fixed it in a few minutes* so how many visitors does this thing get, few hundred a day?
Him: few million.
Me: 😵 I'm only an intern! Why did you let me access this?!
Him: because you're the one with the most Linux knowledge here and I trust you to fix it or give a shout when you simply can't.

Lastly he asked me to help out with iptables rules. I wasn't of much help but it was fun to sit there debugging iptables shit with two seniors 😊

He always gave good feedback, knew my qualities and put them to good use and kept my motivation high.

Awesome guy!

Story time:

I was once working on a project that dealt with incredibly sensitive financial data.

We needed a client’s database to do a migration.

They wouldn’t send it over the internet because it was too big and they didn’t think it would be secure.

They opt to send it in the post on an encrypted usb drive.

(Fair enough thinks I)

USB drive arrives.
Is indeed encrypted.

MFW there’s a post it note in the envelope with the password on.

MFW this is a billion dollar multinational petrochem company.

MFW this same company’s ‘sysadmin’ and ‘dba’ once complained because a SQL script I sent them didn’t work - they’d pasted it twice and couldn’t work this out from the fucking “table already created” error message management studio was throwing at them.

Our current designer is convinced that 00FF44 bright green fits well with the rest of our soft purple/blue color scheme.

I am not a designer, but have worked in a color laboratory, so I've tried time and time again to explain CIE LAB color space, and how at least HCL is a good way to pick & group colors into palettes by using 2-3 luminances for equidistant hues while keeping chroma constant.

I've tried to tell him that the bright green almost physically makes my eyes bleed, because humans are quite sensitive to greens.

He just keeps using the phrase "but it makes the buttons pop nicely".

I just want to pop his skull open with my keyboard. 😫

To developers that make captchas case sensitive... Fuck you!

Dear Microsoft,

Thanks for not completely fucking up Github. At least you didn't integrate Office365, allow only Azure deployments, or force downloading repos through OneDrive or something.

But like most developers, I don't deal well with changes to familiar interfaces.

So please.... STOP FUCKING TWEAKING THE BUTTON PLACEMENTS AND TEXTS ALL OVER THE WEBSITE.

(or at least send me a bottle of cognac and a box of chocolates before every UI experiment, so I can deal with it emotionally. I'm a very sensitive boy, you know).

Fuck open office spaces.

A few months ago I landed a super sweet job as a senior full stack developer, mainly going to work with their Python microarchitecture. The company pays well, has a sweet balance between freedom and responsibility, 30 days vacation etc.

During the recruiting process they walked me around the office that was super cozy with 14 devs in on large room and 10 people from marketing in another. They also mentioned that they would move and merge office with operations and customer service (around 100 more people) in a few months.

Life was good in the old office, I thought that this is the company where I will work for a looooong time.

Now we are in the new office and its fucking shit. No walls or FUCKING CEILINGS between departments. Right above my head there is balcony with customer service talking loud as fuck 24/7. Everyone that is not a developer is just so fucking loud.

I have to use earplugs AND earmuffs to get silence, or blast my ears with way to loud music. Every day around lunch I'm completely done mentally.

I know I'm extra sensitive to noise because of my ADHD, but seriously who the fuck thought this was a good idea?

All the devs have told our boss what needs to be done. If they listen i don't know. In the meantime I will start looking for a new job....

My biggest dev blunder. I haven't told a single soul about this, until now.

👻👻👻👻👻👻

So, I was working as a full stack dev at a small consulting company. By this time I had about 3 years of experience and started to get pretty comfortable with my tools and the systems I worked with.

I was the person in charge of a system dealing with interactions between people in different roles. Some of this data could be sensitive in nature and users had a legal right to have data permanently removed from our system. In this case it meant remoting into the production database server and manually issuing DELETE statements against the db. Ugh.

As soon as my brain finishes processing the request to venture into that binary minefield and perform rocket surgery on that cursed database my sympathetic nervous system goes into high alert, palms sweaty. Mom's spaghetti.

Alright. Let's do this the safe way. I write the statements needed and do a test run on my machine. Works like a charm 😎

Time to get this over with. I remote into the server. I paste the code into Microsoft SQL Server Management Studio. I read through the code again and again and again. It's solid. I hit run.

....

Wait. I ran it?

....

With the IDs from my local run?

...

I stare at the confirmation message: "Nice job dude, you just deleted some stuff. Cool. See ya. - Your old pal SQL Server".

What did I just delete? What ramifications will this have? Am I sweating? My life is over. Fuck! Think, think, think.

You're a professional. Handle it like one, goddammit.

I think about doing a rollback but the server dudes are even more incompetent than me and we'd lose all the transactions that occurred after my little slip. No, that won't fly.

I do the only sensible thing: I run the statements again with the correct IDs, disconnect my remote session, and BOTTLE THAT SHIT UP FOREVER.

I tell no one. The next few days I await some kind of bug report or maybe a SWAT team. Days pass. Nothing. My anxiety slowly dissipates. That fateful day fades into oblivion and I feel confident my secret will die with me. Cool ¯\_(ツ)_/¯

At my previous job we had the rule to lock your PC when you leave. Makes sense of course.
We were not programmers but application engineers, still, we worked with sensitive data.

One colleague always claimed to be the most intelligent and always demanded the "senior" - title. Which he obviously did not deserve.

multiple times a day forgot to lock his workstation and we had to do it for him.
My last week working there, I've had it. He forgot it again... So I made a screenshot of his current environment. Closed everything. Set his new background with the screen shot and killed explorer (windows). Then finally I locked his PC.

When he came back he panicked that his PC froze. He couldn't do shit anymore. Not knowing what to do... 😂
Which makes him a senior of course.

But seriously, first thing I would do is open the task manager and notice that explorer wasn't running... Thus my background with the taskbar isn't real.... My colleagues must be pranking me!

Nope... The "senior" knew little

Password is not case sensitive, but requires at least two uppercase and two lowercase letters

Motherfucker. It's two thousand fucking seventeen. You can get a free ssl certificate for any website.

Then WHY are there still some fucking websites which contain login portals, sensitive information or anything that SHOULD be protected in transit WITHOUT FUCKING SSL?!

I hope that the people who manage those sites and are AWARE that they can get a free cert but don't do that die in agonising pain.

This really fucking pisses me off.

On another note, EVERY site should have SSL, it's free anyways and protects your visitors from a range of threats.-

Before anyone starts going batshit crazy, this is NOT a windows hate post. Just a funny experience imo.

So I was tasked with installing ProxMox on a dedicated server at my last internship. The windows admin was my guider (he could also do debian). (he was a really nice/chill guy)

So we were discussing what VM's we wanted and the boss (really cool dude by the way) said he wanted a VPS for storing some company stuff as well. Fair enough, what would we use? I suggested debian and centos. Then we started discussing what we'd do if the systems would fuck up etc (at installation or whatever).
So I didn't wanna look like a Linux Nazi so I suggested windows. Then the happy/positive guider/windows admin suddenly became dead serious (I was actually like 'woah' for a second) and said this:
No. We're not going to fucking use windows for this. For general servers etc sometimes, fair enough but we're talking about sensitive company data here. I don't want that data to be stored on a proprietary/closed source system, hell what if there's some kinda fucking backdoor build in, who can fucking verify that? We're using Linux, end of discussion.

😓

I was pretty flabbergasted as he's a nice guy and actually really likes windows!

Linux it became.

Not so much screaming as staring in disbelief, mumbling profanity in his direction...

When my department lead said "I don't think this unit testing hype or code reviews make much sense, it's more efficient to just make a checklist and test the application yourself"

This was the QA department of an aerospace company, we wrote NDT software to do image recognition on xrays of alloy welds and micrometer laser measurements on fuel tank surfaces. Software which is quite mission critical, a single misrecognized welding fault could literally cost up to half a billion dollars — not to mention that it's a very sabotage & espionage sensitive industry.

After raising some hell he was replaced though.

SO GUESS WHAT

IF YOUR SHITTY WIFI CRAPS OUT DURING A VISUAL STUDIO UPDATE, VISUAL STUDIO FUCKING COMMITS SUICIDE

MICROSOFT CAN SUCK A BIG, VEINY COCK. IM SO DONE WITH THEIR SENSITIVE, CONVOLUTED, SLOW IDE.

Humans!

The amount of sensitive, private, and secure information you can get just by asking someone for it is truly astounding.

"We don't need to invest in security - noone is going to hack us anyway" == "We don't need a fire department in our city - fire is not going to start here anyway"

We don't need to invest in security - everything is public anyway" == "We don't need a fire department in our city - our buildings are made out of straws anyway"

-- my thoughts after seing a line in client's spec: "sensitive data is transferred via a secure tcp channel (https) and all the public data is transferred via an unencrypted tcp (http) channel"

Sometimes I wish I was allowed to just strangle my colleagues...

Example from the 'code base':

try:
do_something()
except Exception as e:
log(e)
do_something()

When I asked why they would redo the same call right after it failed I was told that 'It works the second time because it takes time to raise the Exception '.

Bitch, you've got a race condition in your sensitive banking software. You know it's there. Do you really want to trust the time needed to raise your exception will always be enough to synch that dumpster fire you call code?
Show some fucking respect for your craft and fix that shit. But of course they won't, because it will work flawlessly until it suddenly stops working. Taking down who knows what in this damn, undocumenred monolith with it....

Sometimes I'm honestly afraid to trust banks with my money.

Devs: We need access to PROD DB in order to provide support you're asking us for.

Mgmt: No, we cannot trust you with PROD DB accesses. That DB contains live data and is too sensitive for you to fuck things up

Mgmt: We'll only grant PROD DB access to DBAs and app support guys

Mgmt: <hire newbies to app support>

App_supp: `update USER set invoice_directory = 54376; commit;`

----------------
I have nothing left to say....

Worst legacy experience...

Called in by a client who had had a pen test on their website and it showed up many, many security holes. I was tasked with coming in and implementing the required fixes.

Site turned out to be Classic ASP built on an MS Access database. Due to the nature of the client, everything had to be done on their premises (kind of ironic but there you go). So I'm on-site trying to get access to code and server. My contact was *never* at her desk to approve anything. IT staff "worked" 11am to 3pm on a long day. The code itself was shite beyond belief.

The site was full of forms with no input validation, origin validation and no SQL injection checks. Sensitive data stored in plain text in cookies. Technical errors displayed on certain pages revealing site structure and even DB table names. Server configured to allow directory listing in file stores so that the public could see/access whatever they liked without any permission or authentication checks. I swear this was written by the child of some staff member. No company would have had the balls to charge for this.

Took me about 8 weeks to make and deploy the changes to client's satisfaction. Could have done it in 2 with some support from the actual people I was suppose to be helping!! But it was their money (well, my money as they were government funded!).

Had a follow up meeting today to resolve the issue of Product ignoring our comments about possible issues, better ways to do it etc.

New rules:
- We are allowed to suggest to Product that they might be doing something wrong
- We are not allowed to tell product they are doing something wrong
- If Product don’t listen, that’s fine, we will document our comments to protect us later.

Conclusion:
Product are too sensitive to have a conversation with. We are now going to let them fuck everything up, make some notes and say “I told you so” at a later date.

Maturity at its finest ladies and gentlemen.

I remember that time my class (first year of software development) wrote a huge project for a real company as practice for irl stuff.

I was the only Linux user and it would be deployed on a Linux server.

Spent 10 weeks of development and then the moment of deployment on a Linux server began!

.
.
.
.
.

Nothing was case sensitive, everything was programmed for a windows architecture (backward slashes etc) and mssql was used while we would host it on a MySQL server.

The tree core guys spent three days or so to make the entire fucker compatible 😂

It was enjoyable to see them (literally) sweat 😊 (it had been known from the very beginning)

My first testing job in the industry. Quite the rollercoaster.

I had found this neat little online service with a community. I signed up an account and participated. I sent in a lot of bug reports. One of the community supervisors sent me a message that most things in FogBugz had my username all over it.

After a year, I got cocky and decided to try SQL injection. In a production environment. What can I say. I was young, not bright, and overly curious. Never malicious, never damaged data or exposed sensitive data or bork services.

I reported it.

Not long after, I got phone calls. I was pretty sure I was getting charged with something.

I was offered a job.

Three months into the job, they asked if I wanted to do Python and work with the automators. I said I don't know what that is but sure.

They hired me a private instructor for a week to learn the basics, then flew me to the other side of the world for two weeks to work directly with the automation team to learn how they do it.

It was a pretty exciting era in my life and my dream job.

Root rents an office.

Among very few other things, the company I'm renting an office from (Regus) provides wifi, but it isn't even bloody secured. There's a captive portal with a lovely (not.) privacy policy saying they're free to monitor your traffic, but they didn't even bother using WEP, which ofc means everyone else out to the fucking parking lot four floors down can monitor my traffic, too.

Good thing I don't work for a company that handles sensitive data! /s But at least I don't have access to it, or any creds that matter.

So, I've been running my phone's connection through a tor vpn and sharing that with my lappy. It works, provides a little bit of security, but it's slow as crap. GET YOUR SHIT TOGETHER, REGUS.

AND WHILE YOU'RE AT IT, CLEAN THE SHIT OUT OF THE FUCKING BATHROOM FFS.

Ugh. $12/day to work in a freaking wind tunnel (thanks, a/c; you're loud as fuck and barely work), hear other people's phone conversations through two freaking walls, pee in a bathroom that perpetually smells like diarrhea, and allow anyone and everyone within a 50+ meter radius to listen to everything my computer says.

Oh, they also 'forgot' to furnish my office, like they promised. Three freaking times. At least I have a table and chair. 🙄

Desk? What desk?
Fucking hell.

This is the GREAT ROLLING website that I ranted recently. I couldn't share more than this as other parts of the page contains sensitive information that is not out in the internet yet. The whole friggin page is like this. EVERYTHING ROLLS

It's not that I hate PHP, I just hate the lack of consistency in standard function naming and parameter order, nonsensical attribute access, nearly-meaningless comparison operators, reference handling, case (in)sensitivities, and more!

I mean, look at these functions:
strtoupper(...)
bin2hex(...)
strtolower(...)

And look at THESE FUNCTIONS:
array_search($needle, $haystack)
strpos($haystack, $needle)

array_filter($array, $callable)
array_map($callback, $array)
array_walk($array, $callable)

And let me jUST USE SOME ATTRIBUTES:
$object->attr = "No dollar sign...";
Class::$attr = "GOD WHY";

HOW ABOUT SOME COMPARISONS:
(NULL == 0) // true
(NULL < -1) // ALSO true

Functions AREN'T CASE SENSITIVE (at least variables are).

Wanna dereference? TOO BAD, YOU'LL HAVE TO GET OUT THE TNT.

Alright, yeah, I hate PHP.

Me: "Ugh. Soo insensitive.." *angry muttering*

Curious cousin: "Whom? What? Why?"

Me: "My stupid Mac is not case sensitive so I have to mount a Unix partition and reference it from somewhere else. Why wouldn't they just make a case sensitive filesystem like a proper Unix based OS?"

Clearly uninterested cousin: "seriously?! You called your laptop insensitive? I thought you were talking about a guy" ..

Filthy casuals.

Following a conversation with a fellow devRanter this came to my mind ago, happened a year or two ago I think.

Was searching for an online note taking app which also provided open source end to end encryption.

After searching for a while I found something that looked alright (do not remember the URL/site too badly). They used pretty good open source JS crypto libraries so it seemed very good!

Then I noticed that the site itself did NOT ran SSL (putting the https:// in front of the site name resulted in site not found or something similar).

Went to the Q/A section because that's really weird.

Saw the answer to that question:

"Since the notes are end to end encrypted client side anyways, we don't see the point in adding SSL. It's secure enough this way".

😵

I emailed them right away explaing that any party inbetween their server(s) and the browser could do anything with the request (includingt the cryptographic JS code) so they should start going onto SSL very very fast.

Too badly I never received a reply.

People, if you ever work with client side crypto, ALWAYS use SSL. Also with valid certs!

The NSA for example has this thing known as the 'Quantum Insert' attack which they can deploy worldwide which basically is an attack where they detect requests being made to servers and reply quickly with their own version of that code which is very probably backdoored.

This attack cannot be performed if you use SSL! (of course only if they don't have your private keys but lets assume that for now)
Luckily Fox-IT (formerly Dutch cyber security company) wrote a Snort (Intrustion Detection System) module for detecting this attack.

Anyways, Always use SSL if you do anything at all with crypto/sensitive data! Actually, always use it but at the very LEAST really do it when you process the mentioned above!

HR: Hey you really need to be more sensitive with what you say

Dev: What makes you bring this up?

HR: Well we had a concerned employee overhear you telling one of the interns that the Russian word for “approved” is “blyat”.

Dev: Ah.

The password field for our university website isn't case sensitive 🤣.

The gift that keeps on giving... the Custom CMS Of Doom™
I've finally seen enough evidence why PHP has such a bad reputation to the point where even recruiters recommended me to remove my years of PHP experience from the CV.

The completely custom CMS written by company <redacted>'s CEO and his slaves features the following:
- Open for SQL injection attacks
- Remote shell command execution through URL query params
- Page-specific strings in most core PHP files
- Constructors containing hundreds of lines of code (mostly used to initialize the hundreds of properties
- Class methods containing more than 1000 lines of code
- Completely free of namespaces or package managers (uber elite programmers use only the root namespace)
- Random includes in any place imaginable
- Methods containing 1 line: the include of the file which contains the method body
- SQL queries in literally every source file
- The entrypoint script is in the webroot folder where all the code resides
- Access to sensitive folders is "restricted" by robots.txt 🤣🤣🤣🤣
- The CMS has its own crawler which runs by CRONjob and requests ALL HTML links (yes, full content, including videos!) to fill a database of keywords (I found out because the server traffic was >500 GB/month for this small website)
- Hundreds of config settings are literally defined by "define(...)"
- LESS is transpiled into CSS by PHP on requests
- .......

I could go on, but yes, I've seen it all now.

Just wow. I am amazed by what just happened.

A year ago my parents decided to switch from desktop to laptop for convenience. Knowing their needs, i bought them one without an OS and installed Ubuntu 16.04 on it. The thing is that if you do a regular maintenance of the laptop once a year at their partner company, you get additional 4 years of warranty (this offer is amazing).

So today was the day I brought the laptop for this maintenance for the first time. They make you a profile on their support website where you can track shit regarding your device, super convenient. First thing I notice that the login page was not https. Awkward, but there is no sensitive data here so i let it pass. Naturally i forgot my password, so I requested a new one and guess what? I recieved it in plaintext via mail. A tech repair oriented company does this, my god.

I went there, gave them the laptop in question and got a piece of paper, where they wrote that the laptop is in their hands now, and the current physical state of the laptop, and blabla.

I got home and I read what the guy wrote among other things: THE OPERATING SYSTEM IS NOT LEGAL.

How the fuck is Ubuntu not legal??? What the fuck is this shit? I sure as hell didn't torrent it or bought a booteged copy on the streets.

Had a discussion with a developer about security. His software transfers all user data (password and files) unencrypted, so anyone can grab them with wireshark. I told him that this is a severe issue. He said no its no problem because if you get hacked its your own fault, because you probably used an insecure network. NO ! YOU FUCKING MALADJUSTED SHEEP-MOLESTING OBJECT OF EXECRATION, YOU SHOULD ALWAYS ENCRYPT SENSITIVE USERDATA NO MATTER WHAT NETWORK YOU USE. FUCKING KILL ME ALREADY.
Not implementing encryption is one thing but then acting like its no problem is a fucking nother one. Why do people not understand that security of userdata is important???

👀

5 years ago, in my first week of starting this particular job, the CTO casually mentioned they'd been struggling with a bug for years. Basically, in the last few days of the year, it seemed that records were jumping a year ahead, with no rhyme nor reason why. Happened every year, and wasn't linked with them deploying new code. (Their code was a mess with no sane way to unit test it, but that was a separate issue.)

I happened to know immediately what might be causing it - so I ran a case-sensitive search in the codebase for "YYYY", pointed out the issue, explained it, then committed a fix all in about 2 minutes.

I was told I'd officially passed my probation.

(Search for "week year vs year" if you're curious & the above doesn't ring any bells.)

!dev

Me *downloading some weird linux distro to test in VirtualBox - I only do this once a month for like 1 hour*
my brother: Oh my god! Are you downloading something again? Moooom he is downloading something non-stop

every day:
my brother *watching some series/YouTube videos/playing ping-sensitive multiplayer games - all the fucking time, everything he does all day is this + eating and sleeping*
me *retrying multiple times to load anything, including devRant* 😒😠

Christmas lights were blinking randomly IN SECTIONS without any sort of "control brick", just with a plain wall plug and TWO wires coming out of it.

In this house we obey the laws of physics, I immediately called magic on this and started digging. I found out that was like five chains of lights wired in parallel, and every chain contained one special lamp that had a thin plate of some thermal-sensitive material inside. It heats up which makes it go straight, thus breaking its chain until it cools down enough to curl again and make the contacts touch.

Brilliant and really cheap way of making randomly blinking Christmas lights without any kind of controller, with just two wires and some physics. That's what I call "nocode".

I was told that I am too sensitive and afterwards a liability because I couldn’t concentrate in a working space where interns were constantly screaming, running around, hitting and farting each other, throwing shit around and playing games (instead of working)...

I was told by the HR person that “boys will be boys”...

A Month ago...
Me: when are you going to complete the report
Friend: we can do it in minutes
Me: you can't Ctrl + c and Ctrl +v as there is plagiarism check
Friend: we have spin bot
Me: you do that now itself . if something happens? You can join me .
Friend: just chill

Now ...
Me: done with report
Friend: feeding it to spin bot!

Feeds text related to database security....

Spin bot:
Garbage collector == city worker
SQL statements == SQL explanation
SQL queries == SQL interrogation
SQL injection == SQL infusion
Attack == assault
Malicious == noxious
Data integrity == information uprightness
Sensitive == touchy
.....
Me: told you so...
**spin not == article rewriter

TL;DR
A "friend" is a tech fraud. Faking his resume as a software engineer! Only interested on the salary. This is unfair to all of us putting the hours of effort/practice just to improve our craft! 😠😤

I have a "friend" who is faking his resume, putting fake experiences and putting jargons not even related to tech just to make himself smart. He's using his customer service rep experience to talk confidently. His resume fcking long, 3 pages of fakery. I can't help, but to laugh when he sent it to me.

He has a tech degree, but worked in a BPO industry for 4 years, then recently, he quit. He got jealous with the lucrative software development industry and he wants to relearn coding, as a friend and I like sharing my knowledge, I agreed to guide him in the process.

After 3 moths, he got his first job, but unfortunately he got fired after two weeks because he commited sensitive data to the remote repo.

Then after a month, he got his second job and worked there for 6 months, he still don't know what his doing and always ask me solutions when he is stuck.

He got his 3rd job, remote work with high compensation. Fast forward after 3 months, he only got 1 month of salary, the other 2 wasn't given for unknown reason, my best guess is the company noticed his experience on paper does not match on real life.

Currently, he's working on another remote work with same compensation as before, and he still asks me super simple questions from time to time.

This is so unfair to all the devs who truly deserves the opportunity.

!rant
Our lead dev in the company seems to be a smart guy who's sensitive about code quality and best practices. The current project I'm working on (I'm an intern) has really bad code quality but it's too big an application with a very important client so there's no scope of completely changing it. Today, he asked me to optimize some parts of the code and I happily sat down to do it. After a few hours of searching, profiling and debugging, I asked him about a particular recurring database query that seemed to be uneccesarilly strewn across the code.
Me: "I think it's copy pasted code from somewhere else. It's not very well done".
Lead Dev: "Yeah, the code may not the be really beautiful. It was done hurriedly by this certain inexperienced intern we had a few years back".
Me: "Oh, haha. That's bad".
Lead Dev: "Yeah, you know him. Have you heard of this guy called *mentions his own name with a grin*?"
Me: ...
Lead Dev: "Yeah, I didn't know much then. The code's bad. Optimize it however you like. Just test it properly"
Me: respect++;

So my boss booked me a spot at a conference about "the future of online payments" and I received an email with auto created account (there was no sign up) with a clear text password.

I'm feeling pretty confident that I can trust them to guide and advise me on best practices when it comes to handling sensitive information.

Old story, and yeah, it's all true, I shit you not!

So here I am at about age 11 (more or less). At the time, I had an almost brand new 333MHz beast, with 8 MB RAM, 2 (!!!) MB video card and (I think) about 300 MB of storage (yeah, I'm old :)) ).

Connected to this monster was sitting a 14" CRT monitor, mechanical keyboard and a 2 button, ball "powered" mouse.

There was no optical tracking tech at the time.

One evening, I notice my mouse starts lagging. Test it to see if Win95 is stuck. Nope, just mouse problems...

Fiddle with it a little, and at some point it stops working at all.

My room was dark now, so I got up to turn on the lights, sat down in front of the PC, and moved the mouse by instinct.

Surprise! It's working again!

My brother comes in and turnes off the lights. Mouse non responsive.

I tell him to turn them on again, mouse works again.

At this point, we were both scratching our heads at this mystery...

I decided to confirm it again using a desc light.

Conclusion: my 2 button, ball tracking, non light sensitive mouse was working only if light was shining directly oh it AND on my 14" crt monitor at the same time!!!

To this day I have no ideea why.

I kept them both for posterity, and they are still there in my parent's attic.

Fin.

The deeper I go down the infosec rabbit hole, the more I worry about my doctors still using Windows XP. Why would you save sensitive patient info in those....shoe boxes?

PM: Can we have it so the usernames are case-sensitive?

Me: uhh, sure I guess.. But thats like really pointless and adds no real usefulness.. In fact makes the whole logging in thing a tad more complicated for no reason..

PM: Well this one other product we have uses "Admin" for the login versus yours that used "admin" so it needs to be implemented.

(note that mine accepted "Admin" anyways...) *implemented it*

PM: So there's a problem with the username sort, it sorts by capitals then lowercase.. eg:
alpha
beta
Alpha

Me: Yeah, you asked for case-sensitive usernames..

PM: Well can you fix it?

Me: I could create a second field within the user data that is the username in all lowercase and sort by that. But that negates like all of the whole case-sensitive usernames thing.. OR I could drop all this actually important work I'm doing and do a whole bunch of work on a custom sort for this useless fucking feature you wanted me to put in..

*it's been 2 weeks and still no reply...*

I didn't scream.. just told him to jump off of terrace..
What ticked me?! He was a support guy..slowest mofo ever..
I was in the middle of fixing major fuckup on prod, when our VPN to client disconnected. I rushed over to support to ask if it is 'just' an expired session (which he was in charge of renewing but constantly fucked up) or if there is some other problem, so I know how to proceed..do I need to contact our sysadmins, client's support guys etc..
He
started
to
slooooooooowly
explain
I
am
not
the
only
one
with
VPN
problems
...
Was that what I asked you?! // he had an annoying habit of slooooowly talking and explaining unrelated things & personal stuff that bothered him & most of the times he chose the most time sensitive period to drone off..
So I cut him of saying, that others were probably not 'tinkering' with production and that I need this back ASAP, so if he could tell me when the session will be renewed or if there is something else problematic..
He said he will check..I didn't move.. he looked at me insurprise, you want me to check *NOW*?! Yeah, it's urgent.. He proceeded very very veeeery slooooowly, taking the support phone../* he was even eating sandwich during that, so only one hand free, typing one letter at a min */
I was finaly notified that the session expired and that he will fix it soon (meaning in 15-20mins o.O which should not take him more than 5).. and was like 'can I do sth else for you'?! Yeah, do the backflip.. you know the rest..

My university has impeccable data management. I needed to ssh into their Linux server for an assignment but it refused to accept my login. Which was weird because I could login to the same account on one of our websites just fine. I typed my password into a text file and then copy and pasted it into both logins. The Linux one failed but the website succeeded. After some experimentation it turns out that the Linux server only recognized my username if I typed it in all lowercase, even though when I created the account it had uppercase characters as well.

So let me walk you through the sloppiness that had to have occurred for this to happen. When I first created the account it must have ignored what I entered and just saved the username in all lowercase without communicating that to me. Then the websites that use this account must either ignore case for usernames or lowercase the user input before querying the database. Finally, the Linux server, despite knowing that all the usernames are lowercase, is case sensitive and won't recognize the username as I originally typed it in.

Can you guess what department manages the account, website and Linux server? The Department of Computer and Information Science. Incredible.

Help.

I'm a hardware guy. If I do software, it's bare-metal (almost always). I need to fully understand my build system and tweak it exactly to my needs. I'm the sorta guy that needs memory alignment and bitwise operations on a daily basis. I'm always cautious about processor cycles, memory allocation, and power consumption. I think twice if I really need to use a float there and I consider exactly what cost the abstraction layers I build come at.

I had done some web design and development, but that was back in the day when you knew all the workarounds for IE 5-7 by heart and when people were disappointed there wasn't going to be a XHTML 2.0. I didn't build anything large until recently.

Since that time, a lot has happened. Web development has evolved in a way I didn't really fancy, to say the least. Client-side rendering for everything the server could easily do? Of course. Wasting precious energy on mobile devices because it works well enough? Naturally. Solving the simplest problems with a gigantic mess of dependencies you don't even bother to inspect? Well, how else are you going to handle all your sensitive data?

I was going to compare this to the Arduino culture of using modules you don't understand in code you don't understand. But then again, you don't see consumer products or customer-specific electronics powered by an Arduino (at least not that I'm aware of).

I'm just not fit for that shooting-drills-at-walls methodology for getting holes. I'm not against neither easy nor pretty-to-look-at solutions, but it just comes across as wasteful for me nowadays.

So, after my hiatus from web development, I've now been in a sort of internet platform project for a few months. I'm now directly confronted with all that you guys love and hate, frontend frameworks and Node for the backend and whatever. I deliberately didn't voice my opinion when the stack was chosen, because I didn't want to interfere with the modern ways and instead get some experience out of it (and I am).

And now, I'm slowly starting to feel like it was OKAY to work like this.

All the cunts with their strong cologne mixed with cigarettes smell should have cut off their noses like Voldemort.

When I started university, I was getting out of some really awful situations-- emotionally abusive parents, a boyfriend who was blackmailing me, a truly bizarre rape, etc. My life had been a little rough, and I was dealing with some PTSD.

My first computer science course was great. The professor was clear, patient, everything a sensitive student needed. I was able to concentrate on the curriculum without any problems.

The second 'intermediate' course, though? Not so much. The professor shouted his lectures during the entire class period in a relatively small classroom. Occasionally, he would clasp his hands and move around pretty unpredictably (like jumping out at the class), which spooked me a few times. He also always seemed like he was just hovering on the edge of madness, like he was just barely keeping it together, but he never broke.

I sat in the front row and was absolutely terrified during his lectures because it seemed like he was mad at me. I was half expecting him to start attacking me at any moment. Because, you know, PTSD.

I was also only getting a comp sci minor, so the other students looked at me like I wasn't supposed to be there, which also made me feel pretty uncomfortable, but such is life.

After most classes with him, I would need to take about an hour or two afterwards to calm down, stop shaking, and recompose myself. I looked forward to test days because he wouldn't yell. It was rough.

Later on, I learned that he used to be a gym teacher, which explains the jumping and yelling. Also, his wife, daughter, and dog all died within six months of each other the year prior, which might explain why he always seemed so on edge.

Getting ready for GDPR at work. I had to explain to my bosses what it meant, especially regarding one of our project where we store a lot of user data. Then I heard it: "this crap doesn't regard us. we have no sensitive data. we only save out users' name and generalities.". I have no words.

Well... I feel insanely stupid because I've been using windows for years an just realised that the file system isn't case sensitive... Mother fuckers...

(Yes judge me, I am a twat)

Finally fixed a major bug.....

FUCK YOU C# AND YOUR FUCKING CASE SENSITIVE BULLSHIT.

DAYS
THAT TOOK FUCKING DAYS AND AT NO POINT DUD VISUAL STUDIO BOTHER TO MENTION THAT FUCKING ERROR.

1 CHARACTER, ON ONE LINE, EFFECTIVELY BROKE THOUSANDS OF LINES OF CODE

fuck this, I quit. See you next time you contact the Microsoft live support chat!

Everyone is getting too sensitive. Soon enough you can’t call someone a noob or a junior.

Watch out for these fucking bug bounty idiots.

Some time back I got an email from one shortly after making a website live. Didn't find anything major and just ran a simple tool that can suggest security improvements simply loading the landing page for the site.

Might be useful for some people but not so much for me.

It's the same kind of security tool you can search for, run it and it mostly just checks things like HTTP headers. A harmless surface test. Was nice, polite and didn't demand anything but linked to their profile where you can give them some rep on a system that gamifies security bug hunting.

It's rendering services without being asked like when someone washes your windscreen while stopped at traffic but no demands and no real harm done. Spammed.

I had another one recently though that was a total disgrace.

"I'm a web security Analyst. My Job is to do penetration testing in websites to make them secure."
"While testing your site I found some critical vulnerabilities (bugs) in your site which need to be mitigated."
"If you have a bug bounty program, kindly let me know where I should report those issues."
"Waiting for response."

It immediately stands out that this person is asking for pay before disclosing vulnerabilities but this ends up being stupid on so many other levels.

The second thing that stands out is that he says he's doing a penetration test. This is illegal in most major countries. Even attempting to penetrate a system without consent is illegal.

In many cases if it's trivial or safe no harm no foul but in this case I take a look at what he's sending and he's really trying to hack the site. Sending all kinds of junk data and sending things to try to inject that if they did get through could cause damage or provide sensitive data such as trying SQL injects to get user data.

It doesn't matter the intent it's breaking criminal law and when there's the potential for damages that's serious.

It cannot be understated how unprofessional this is. Irrespective of intent, being a self proclaimed "whitehat" or "ethical hacker" if they test this on a site and some of the commands they sent my way had worked then that would have been a data breach.

These weren't commands to see if something was possible, they were commands to extract data. If some random person from Pakistan extracts sensitive data then that's a breach that has to be reported and disclosed to users with the potential for fines and other consequences.

The sad thing is looking at the logs he's doing it all manually. Copying and pasting extremely specific snippets into all the input boxes of hacked with nothing to do with the stack in use. He can't get that many hits that way.

So you want to collect and save sensitive data from psychologists sessions and use Wordpress. What can go wrong.

Inappropriate experience at work: One of our project managers got arrested one day for fraud. Apparently an employee had been in the middle of an online purchase and walked away from their desk. He happened to see the unmasked entry of the CC info (this was before websites cared about masking sensitive form inputs). I guess the temptation was too great…and he was too stupid to realize he’d get caught…and he jotted it all down. He made thousands of dollars in purchases which, naturally, eventually led back to him.

The same guy, before he got arrested, had made a joke when someone in an office team email said “Feel free to have some cake in the break room.” He replied “No need to do anything to me for the cake.” His first name was “Free”.

Jesus Christ Reddit really is full of some sensitive ass basement dwelling retards. God forbid someone doesn't contribute to the circle jerk mentality that literally every fucking subreddit has.

I bet SO users spend their free time there.

today i was asked to encrypt a public key, because "it's sensitive info".

a PUBLIC key.

smh

it's not even hard (literally 1 line of code), but come on...

Am i the only one who is so sensitive about indentation? It really pisses me off when i see code with bad levels of indentation because it completely overtakes my years of programming experience and i understand nothing. Also indentation level should be 4, not 2. Who the hell uses 2 level indentation, you don't deserve a keyboard.

I can't believe people are willing to scan their faces, fingerprints, and retinas on their phones.

Such data is very sensitive as it can't be changed easily.
CCTV is now everywhere and everyone has his own scanner providing data for tracking people.

Am I too paranoid?

The company that I currently work for has a strict clean-desk policy. So strict, there's even have a little booklet that they have about 1000 copies of lying around the office everywhere. In the booklet is a playful description (with cartoons!) of what can go wrong when sensitive information is lying around, or shared with outsiders through careless talk, etcetera. Employees are encouraged to take a copy of the booklet home.

Also in the booklet is a description of the importance of having a good password. It mentions the required minimum (x) and maximum (x+1) length of passwords, mandatory character classes, and how often the passwords have to be changed.

WELL GEE, IF I KNEW WHAT MY ACCOUNT USERNAME WAS, I WOULD JUST SIGN IN YOU ASSHOLE. -.-

On top of that, they use these fucking anchent capchas that are fucking case sensitive and annoying as hell..

In their defence, I was trying to automate their website (one of those get paid to click sites) in an atempt to get some money, but still!

Trying to explain functions to my coworker and why they should be used even if powershell scrips don't 'need' functions
I've explained it 5 different ways across multiple meetings when they've gotten stuck on something.

At this point I've decided 1. I don't have the patience or brains to be a teacher..., 2. I'm going to have to review every script they ever fucking write, 3. I'm never letting them work on anything critical or time sensitive for big clients. (Small clients ehhh) I'll fight my boss to avoid that headache lol

A colleague of mine had to debug performance problems in a foreign, proprietary application that is ancient.

To be crystal clear: Only reason that thing exists is because some old geezers fear change.

Asked me for help cause it's an _ancient_ MS SQL server that is luckily running on hardware owned by us.

Finding the credentials was already a funny task.

We had to access the vault (not joking here, we have a physical vault for storing sensitive data and critical backups), grab a folder and find the necessary data cause no one ever dares to touch that thing.

The application is btw for a sort of ERP / inventory system that is used in some ancient shops not yet migrated...

Yeah. Story speaks for itself.

Anyway, after dusting off ourselves, we were able to connect.

Was a bit ... Interesting. Everything's in german. The worst kind of german.

After looking at the first tables, I started giggling.

My colleague knew immediately that this was a sign of danger (insert Simpson meme here), raised his eyebrows and asked "How bad is it....".

Me, still giggling, "lemme take a further look, this is gold".

*long sigh from the colleague*

Well... It ended with me putting my hands in front of my eyes, turning around and saying: "I cannot look at it anymore, it hurts too much...."

To summarize:
- German table names
- When a table exceeded 300 plus columns, they added another table with the same plus suffix "_ddd"… where ddd is an zero filled integer sequence like 001
- To join this mess, they created views... Named "generator" - Sequence Number ... Some had the beginning of table names appended, which doesn't make it less confusing.
- the process list was listing queries running longer than 5 mins.

Which isn't at all surprising when generating carrtesian products of N tables with left join.

I've seen shit.... I've seen a lot of shit.

But that shit scared me.

So, among the ridiculously long list of password requirements, password is not case sensitive BUT it has to contain uppercase and lowercase letters?

WTF!!!!! I officially have someone trying to extort me just had this in my email box this morning!

--------

Hello,

My name is [name removed], I'm an IT security expert and I found a security issue on your website.
This email is personal and in no way related to any of my employers.

I was able to access to a lot of files which contains sensitive data.
I attached a screenshot of the files I found to this email.

I would be happy to give you the method I used to access these files in order to let you fix it.
Would be a monetary compensation possible?

Please forward this email to the right person, if your are not responsible for the security of the website.

Best Regards,
[name removed]

---

He can basically see the contents of my wp-config.php. How has he managed this?

Apparently USPS tracking numbers are case sensitive... I missed a delivery today so went online to check the status.

The code was RAxxxxxxxxxxxxxxxxxxxTR
x=numbers

I first typed the letters in lowercase and it said package not found...

Really???!!!!!! Don't you think all those numbers are already too long...

<supervisor>,

I would like to raise a concern of mine to your attention. I would urge you to inform <CIO> because I think he should know as well. In our recorded meeting this afternoon <bad_vendor> exposed another company’s credentials after failing to access our system, and proceeded to demo access into someone else’s system while exposing their client's sensitive data. Others noticed this as well. This is an alarming situation because not only did <bad_vendor> expose someones data to <us>, but to one of our vendors. While it is unlikely that <us> or <helpful_vendor> would abuse this situation, it could have easily been <us>’s data that was exposed to another company and their vendors had the situation been reversed. I understand we are all under tight deadlines and under a lot of stress — by no means am I trying to make waves — but nonetheless I felt compelled make light of this situation and felt in was echoed by <helpful_vendor> during the meeting as well.

Thank you

Did you hear that GitHub is planning to rename racially sensitive terms like "master"?

My two cents: rename master to daddy. xD

Using pokemon exeption handling on some very important and sensitive back end stuff to meet a deadline.

So we have an API that my team is supposed send messages to in a fire and forget kind of style.

We are dependent on it. If it fails there is some annoying manual labor involved to clean that mess up. (If it even can be cleaned up, as sometimes it is also time-sensitive.)

Yet once in a while, that endpoint just crashes by letting the request vanish. No response, no error, nothing, it is just gone.

Digging through the log files of that API nothing pops up. Yet then I realize the size of the log files. About ~30GB on good old plain text log files.

It turns out that that API has taken the LOG EVERYTHING approach so much too heart that it logs to the point of its own death.

Is circular logging such a bleeding edge technology? It's not like there are external solutions for it like loggly or kibana. But oh, one might have to pay for them. Just dump it to the disk :/

This is again a combination of developers thinking "I don't need to care about space! It's cheap!" and managers thinking "100 GB should be enough for that server cluster. Let's restrict its HDD to 100GB, save some money!"

And then, here I stand trying to keep my sanity :/

mangodb's rant reminded me of smth.. Folks from my country might remember this story.

So we have a national e-health system. Millions have been invested, half of the money have never reached the project [disappeared smwhr in between] and its quality is not shiny. It works, sometimes even fast enough. But boy does it have bugs... Let's not get into that. It's politics.

So some time ago one IT guy spotted a bug that allowed him to get sensitive info of other patients. He informed e-health folks and waited for a fix. He waited for a few weeks but the fix had never been released. So he published his findings in soc media [yepp.. Stupid move]. That caused a national scandal. Not to mention he had been pressed with charges.

That guy and our health minister were invited in one of the tv debates. The guy was asked to explained how he found all this sensitive data. And he explained that he hit f12 in his browser, opened a network tab, issued a network request by clicking smth in the webpage analysed received data in the dev tools.

The minister looked somewhat happy, maybe a lil proud of himself - a person who has a "gotcha!" moment has that very glow he had. And he said: "what you did there was obvious hacking. I reckon you should know that true developers do not do those things you have just explained to us" [he was talking about dev tools].

I died inside a little bit.

We live in a world where WEAKNESS has become a virtue.

- I'm oppressed!
- My mental health!
- I need a helper!
- I'm sensitive!
- You're fatphobic!
- <INSERT SJW's IDENTITY term>

In today's world, you score more social points for describing yourself as weak & blaming 'oppressors' for your miserable life

My first interview ever for an internship. The interviewer asked me to rate myself in this language from 1 to 10 as if I'm applying for a lead engineer position at Google. I replied with a number that I thought was appropriate at the time (but now I know it wasn't accurate). The interviewer didn't say anything and moved to the next question. Later, I found out he ranted about my answer on his Twitter, again as if it's expected from an applicant intern at a low tier company to know. Still leaves a bitter taste in my mouth 7 years later.

Our company is changing the default branch on our main repo from master to main.

We're literally on the verge of global genocide and a holocaust, and people are worried about over-sensitive people's feelings. I'm sure a branch change will end racism.

I have a few of these so I'll do a series.
(1 of 3) Public privates

We had a content manager that created a content type called "news item" on a Drupal site. There where two file fields on there. One called "attachments" and the other called "private attachments". The "private attachments" are only for members to see and may contain sensitive data. It was set to go trough Drupals security (instead of being directly hosted by the webserver) but because the permissions on the news items type where completely public everybody had access. So basically it was a slow public file field.

This might be attibuted to ow well Drupal is confusing. Howerver weeks earlier that same CM created a "private article". This actually had permissions on the content type correctly but had a file field that was set to public. So when a member posted the URL to a sensitive file trough unsafe means it got indexed by google and for all to read. When that happend I explained in detail how the system worked and documented it. It was even a website checklist item.

We had two very embarrassing data leaks :-(

Paranoia. Programming affected my life by making me paranoid. Creating a new account on any website that even needs rudimentary information about me has to go quite some vulnerability testing since I've seen enough hack jobs that throw around sensitive data because they're too incompetent to follow simple must dos.

One of my customers' laptop background (removed sensitive information and desktop icons).

Coworker: When you really love Chrome, but don't know what hi-res is!

"Let‘s make a service where the users can enter all of their secrets and sensitive data so that we can warn them if that data has been leaked elsewhere"

What could possibly go wrong?

"Unix filenames are case-sensitive?! Hur hur, that must be really confusing!"

Well, no, if you're not a fucking mouth-breathing cretin it isn't.

Whoever at Zoom decided that this button needed to be at this location on the Touch Bar ought to be fired.

Out of a cannon.

Into the sun.

Or at the very least doomed to have their desktop or webcam shared at random times during sensitive meetings. It is for the grace of God that the client didn’t catch me straining to hear the awful acoustics in their conference room.

Client: MY PASSWORD DOESN'T WORK
Me: our passwords are case-sensitive
Client: YES I USED CAPS LOCK

DXB (airport)'s WiFi doesn't let you call through whatsapp or telegram or even discord. It also does not let you send a whatsapp voice message, which has me very puzzled.

And all I wanted to do was to call my mom. ☹️
(I might also be running a slight fever, which makes me very emotional and sensitive)

This is from the 70s. It can easily be updated to the present day, but it has a certain charm just the way it is:

Three women sat discussing their husbands and their sex lives.

"My husband's a wrestler," said the first. "He's really strong and aggressive in bed."

"My husband's an artist," said the second. "He's really gentle and sensitive."

"My husband's an IBM salesman," said the third. "He sits on the edge of the bed and tells me how good it's going to be when I finally get it."

Some people are a little too sensitive about harmless practical jokes. 😒

Fuck you Intel.
Fucking admit that you're Hardware has a problem!

"Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data"

With Meltdown one process can fucking read everything that is in memory. Every password and every other sensible bit. Of course you can't change sensible data directly. You have to use the sensible data you gathered... Big fucking difference you dumb shits.

Meltown occurs because of hardware implemented speculative execution.
The solution is to fucking separate kernel- and user-adress space.
And you're saying that your hardware works how it should.
Shame on you.

I'm not saying that I don't tolerate mistakes like this. Shit happens.
But not having the balls to admit that it is because of the hardware makes me fucking angry.

I don't want to put anyone to shame here, but this has been the most hilarious password reset in my life.

P.S.
It's an early service with no sensitive data, so I'm not concerned so much, but still, a system for automatic password reset, with the ability to change the temporary one, should be one of the first things in place before you go public. lol

Had a conference call and one of the guys said something along the lines of "I can handle the load (ticket load)" didn't even thought about it my mouth instinctively reacted with "that's what she said".

A couple of guys laughed but the other few just "wooooow"ed like if I had thrown a 9/11 joke.

This is not a rant perse, just a reminder that if I ever launch my own startup I shall look to hire "joke sensitive" people to make my scrum meetings as awkward as possible.

Interesting. A few hours ago I had a nice domestic conversation with my coleague about robot vacuum cleaners. He was talking about iRobot Roomba and I was talking about Xiaomi. Here's the result!

Interesting thing is that we talked in a *voice* conversation. Over Slack. Over Chrome. Over corporate VPN (openconnect).

Where's the spying link? Slack or Chrome?

My bet's on Chrome.

What does that tell you about the privacy of your sensitive conversations? :)
Hide behind VPNs all you like. If you have proprietary software (or hardware in the case of Huawei) - you're being watched and listened to.

EDIT: I'm on Linux, he's on MacOS

The self burn is real

Renting a flat above a kindergarten.
I hate Christmas songs and I am very sensitive to high pitched noises.
It's a bad time in the year to be working from home...

pushing sensitive data to GitHub repo...not realising for days...and then going through the painful process of removing it again 😑

Your guide to passive-aggressive false apologies:

- I’m sorry you’re so sensitive
- I’m sorry that you think I did something wrong
- I’m sorry if you’re mad
- I’m sorry that you made me do it
- I’m sorry you feel that way

And, my most favorite:

- I’m sorry that you’re making such a big deal out of this.

As usual a rather clickbait title, because only the chrome extensions (as always) seem to be vulnerable:

"Warning – 3 Popular VPN Services Are Leaking Your IP Address"

"Researchers found critical vulnerabilities in three popular VPN services that could leak users' real IP addresses and other sensitive data."

"VPN Mentor revealed that three popular VPN service providers—HotSpot Shield, PureVPN, and Zenmate"

"PureVPN is the same company who lied to have a 'no log' policy, but a few months ago helped the FBI with logs that lead to the arrest of a Massachusetts man in a cyberstalking case."

"Hijack all traffic (CVE-2018-7879) "
"DNS leak (CVE-2018-7878)"
"Real IP Address leak (CVE-2018-7880)"

Dont become a dev if you:

- Cant sit in the office for 8-10 hours a day

- Dont know how to google information/ errors, instead you interrupt your teammates with stupid questions every 5 minutes

- Are a perfectionist and don't like constant change.

- Are neurotic and give up easily. If you get triggered about broken or messy things to the point where it ruins your day to you and everyone else around you. You need to separate your work from your life.

- Don't have good communication skills. Worst I saw was a guy who speaks with a stutter(nobody understands him) and also writes very poorly (nobody understands his emails). Also he gets very angry when you ask additional questions to clarify what he said. How can you work with someone like that?

- Are very sensitive to critique. I prefer someone telling me that my code is shit and telling me why, instead of feeding me delusions and false validation.

- Dont know how to balance working in team and working solo. Nobody likes lone wolfs who are arrogant and not in sync with the team. But also nobody likes to drag teammates who cant think for themselves and even after years of spent in the field are required constant spoonfeeding because they are unable to google and teach themselves with trial and error.

I'm a TA myself and just yesterday wanted to defend my fellow TAs and CS/IT teachers from some of the rants here. Of course not all of the rants are but I found a few quite unfair towards us and I can fully understand a TA getting confused and tired after 5-7 hours of helping and wrapping your head around some of the harder problems the students run into.

However, I'm also a student myself and right now I'm fucking fed up with the shit my supervisor gives me regularly .. So let the rant flow!
(disclaimer: the following text uses “you” to address the rant recipient. So, dear reader, don't feel offended)

First of, why do you fucking care when and especially where I'm working on your project when you know I'm only working part time since I'm usually tutoring students by daylight. Having me come in after my TA shift to work on your project instead of letting me go home, get some rest and food, and start working with a fresh head is neither helping you nor very productive. Also, if you want me to be productive and use your fucking tools to get going faster you better not make me fucking debug your fucking tools. For instance, I don't even have the same first name so all your fucking paths are invalid on my fucking machine! Also, I get that your machine is more powerful than mine and I don't really care about it as long as you don't fucking push convoluted messy timing sensitive scripts and make me search for the correct values on my machine. And, if a file your script is trying to delete is not there aborting is not an valid exception handling!

And don't get me started on the scripts that actually do some work besides setting up your fucking toolchain!

Had anyone experienced with an impatient boss who require you to complete the project in the month you just recently got hired?

Here's the story, I recently got hired by a company, joined on 1st April 2022, the boss expect me to complete the app for Android and iOS by the end of this month. (An e-commerce applications exactly like shopee.com) Without providing me the Backend ApI , that they mentioned. They just gave me a and expect me to know what's happening at the backend.

He require me to give him a specific date that I can launch the app to play store and Apple store. (From my experience, it take days, weeks or months). He need a milestone of what I need , did , and will do (which predictably that they will reject any new ideas proposed) .

I even considering to quit, but I need opinions. Am I just too sensitive or there's something wrong?

I came around the corner in the corridor where a senior PM talked with an engineer.

PM: ... and that's why a good team is so important and we also need sensitive people.
Me: do we have some here?
PM: oh yes, I'm highly sensitive.
Me: one learns something new every day. :-)

Does anybody here know of some sort of blackout glasses? (which cover the entire eyes, not sunglasses which do exist in high filters, but leak sunlight at the bottom, top and sides)

My recent lifestyle has lead me to absolutely dying at the morning when I go sleep, because of the extreme sunlight, peaking through all cracks.

I am just fine during the day when I do my walks or drive to the store etc, but after a long night I just get very light and sound sensitive.

I think a decent amount of years ago, I saw somebody use some sort of small scale welding goggles for something similar, but I can't find any that are dark enough or aren't costing like buying a beach house in malibu.

Also "photophobia glasses", which actually seem to be for that purpose, cost like two malibu beach houses and a helicopter to top it off, because they abuse and cash on the fact that it has remote help to people that suffer from it.

I did also try just using blackout curtains for that purpose, but as said, there's always that one small crack where it leaks through and absolutely flashbangs me.

So it would be nice to have some glasses that filter pretty much 99% of light, but still allow me to navigate through my appartment, without having to break a leg or crack my neck (which would solve the problem atleast)

Whelp. I started making a very simple website with a single-page design, which I intended to use for managing my own personal knowledge on a particular subject matter, with some basic categorization features and a simple rich text editor for entering data. Partly as an exercise in web development, and partly due to not being happy with existing options out there. All was going well...

...and then feature creep happened. Now I have implemented support for multiple users with different access levels; user profiles; encrypted login system (and encrypted cookies that contain no sensitive data lol) and session handling according to (perceived) best practices; secure password recovery; user-management interface for admins; public, private and group-based sections with multiple categories and posts in each category that can be sorted by sort order value or drag and drop; custom user-created groups where they can give other users access to their sections; notifications; context menus for everything; post & user flagging system, moderation queue and support system; post revisions with comparison between different revisions; support for mobile devices and touch/swipe gestures to open/close menus or navigate between posts; easily extendible css themes with two different dark themes and one ugly as heck light theme; lazy loading of images in posts that won't load until you actually open them; auto-saving of posts in case of browser crash or accidental navigation away from page; plus various other small stuff like syntax highlighting for code, internal post linking, favouriting of posts, free-text filter, no-javascript mode, invitation system, secure (yeah right) image uploading, post-locking...

On my TODO-list: Comment and/or upvote system, spoiler tag, GDPR compliance (if I ever launch it haha), data-limits, a simple user action log for admins/moderators, overall improved security measures, refactor various controllers, clean up the code...

It STILL uses a single-page design, and the amount of feature requests (and bugs) added to my Trello board increases exponentially with every passing week. No other living person has seen the website yet, and at the pace I'm going, humanity will have gone through at least one major extinction event before I consider it "done" enough to show anyone.

help

A good life lesson:
1. DON'T DELETE FILES YOU MAY WANT TO RECOVER

And if you DO delete them and then recover them, then
2. DON'T SEND THE RECOVERED FILES TO A·N·Y·O·N·E

Today I found a lost µSD card in the street. I did what every sane person would do -- plugged it into my laptop :)

There I found a directory with recovered pictures. I figured, some of them may contain the author's info in metadata, so I ran a quick plaintext search for @gmail.com.

Turns out, inside some of the recovered picture files I could find embedded company director's emails in plain-text. I mean, open the picture with a text editor and read through those emails - no problem! And these emails contain some quite sensitive info, e.g. login credentials (lots of them).

Bottom line, if you delete and recover your files, then do your best to keep them close: don't share them, don't lose them. You might be surprised what these recovered files may contain

I need someone to make me a list of things I am not allowed to say and who I’m not allowed to say them to at work. This is getting ridiculous. Every time I turn around someone is making this face at me 😬 and saying “Don’t say that to that team” or “Don’t say that to this person”. I can’t do my work right if I have to keep censoring myself on everything people find organizationally sensitive.

A while back we had some time sensitive work I was doing in overtime, the work was purely functional and the front end had not yet been done. It went to QA to test the functionality and the only feedback I got was UX oriented.

I tried to explain on 3 occasions that the looks was not important in the slightest at this stage, and just try to break it. I then got a lecture that it wasn't an optimised layout and was shown the AA route finder as an example of how the tester thought it should look.

Long time no rant.

Rant::beginRant();

How do people who are, I think, supposed to have a knowledge of what the fuck they're doing, keep their work without knowing what the fuck they're doing?
You're telling me that you have been hired as a "full-stack developer", yet you can't build a motherfucking Vue page over SSH (not even talking about automated deployment, just the most bare bones approach)? You don't know how to deploy a Laravel project? You don't know that Linux server paths are case sensitive? You can't read the log files?!

Rant::commitRant();

Having to rely on individuals who frequently use the words "thing" or "thingy" to convey important time sensitive information.

Nothing is more infuriating.

System.out.print
"S"
Case sensitive

In today's episode of kidding on SystemD, we have a surprise guest star appearance - Apache Foundation HTTPD server, or as we in the Debian ecosystem call it, the Apache webserver!

So, imagine a situation like this - Its friday afternoon, you have just migrated a bunch of web domains under a new, up to date, system. Everything works just fine, until... You try to generate SSL certificates from Lets Encrypt.

Such a mundane task, done more than a thousand times already... Yet... No matter what you do, nothing works. Apache just returns a HTTP status code 403 - Forbidden.

Of course, what many folk would think of first when it came to a 403 error is - Ooooh, a permission issue somewhere in the directory structure!

So you check it... And re-check it to make sure... And even switch over to the user the webserver runs under, yet... You can access the challenge just fine, what the hell!

So you go deeper... And enable the most verbose level of logging apache is capable of - Trace8. That tells you... Not a whole lot more... Apparently, the webserver was unable to find file specified? But... Its right there, you can see it!

So you go another step deeper and start tracing the process' system calls to see exactly where it calls stat/lstat on the file, and you see that it... Calls lstat and... It... Returns -1? What the hell#2!

So, you compile a custom binary that calls lstat on the first argument given and prints out everything it returns... And... It works fine!

Until now, I chose to omit one important detail that might have given away the issue to the more knowledgeable right away. Our webservers have the URL /.well-known/acme-challenge/, used for ACME challenges, aliased somewhere else on the filesystem - To /tmp/challenges.

See the issue already?

Some *bleep* over at the Debian Package Maintainer group decided that Apache could save very sensitive data into /tmp, so, it would be for the best if they changed something that worked for decades, and enabled a SystemD service unit option "PrivateTmp" for the webserver, by default.

What it does is that, anytime a process started with this option enabled writes to /tmp/*, the call gets hijacked or something, and actually makes the write to a private /tmp/something/tmp/ directory, where something... Appeared as a completely random name, with the "apache2.service" glued at the end.

That was also the only reason why I managed fix this issue - On the umpteenth time of checking the directory structure, I noticed a "systemd-private-foobarbas-apache2.service-cookie42" directory there... That contained nothing but a "tmp" directory with 777 as its permission, owned by the process' user and group.

Overriding that unit file option finally fixed the issue completely.

I have just one question - Why? Why change something that worked for decades? I understand that, in case you save something into /tmp, it may be read by 3rd parties or programs, but I am of the opinion that, if you did that, its only and only your fault if you wrote sensitive data into the temporary directory.

And as far as I am aware, by default, Apache does not actually write anything even remotely sensitive into /tmp, so...

Why. WHY!
I wasted 4 hours of my life debugging this! Only to find out its just another SystemD-enabled "feature" now!

And as much as I love kidding on SystemD, this time, I see it more as a fault of the package maintainers, because... I found no default apache2/httpd service file in the apache repo mirror... So...

I'm trying really hard not to be sensitive, but my manager is making it difficult with their "constructive criticisms" ...

Just finished up a call with them. And I'm so tired. I'm not even angry or upset, I just feel so tired of their bullshit.

I set up a meeting as a courtesy to get them up to date on all the code changes I made. Last night I stayed up late to try and get things in before the deadline and this morning just killed me when they say.

"I don't think I should have given you this."

"I was right, you weren't ready to start doing this."
(Then don't even bother giving me anymore tasks then, I don't fucking care.)

"you clearly don't understand how branches work"
(Absolutely fucking false, I fixed that shit and am very familiar with how to understand the structure of the fucking repo)

"you are rushing and I don't need you messing up the website"
(I'm being proactive you twat, not rushing, making it very difficult for me to do the work and being productive)

Like seriously bro! Don't fucking patronize me for the work I was trying to get out. And trust me this fucking meeting is done in order to get ahead of potential issues, not a time to be condescending of my skills or lack there-of as you seem to so keenly think.

If you had this much doubt about my abilities then why give me the fucking Sr. title? Fucking trust that I'm being honest, and I'm trying to get us to a good spot, not fucking sabotage the company. God fucking damn.

One of our customers wants our mobile app to log out the user after 15 minutes of inactivity because of SeCuRiTy…

Why? The phones protect the apps with their hardware encryption from any malicious access.
And we are not dealing with super sensitive data here like some banking app or so.

Why do some people want to have bad UX for no reason?

Do you know what angers me more than anything else ?

Wasted potential. Thats what. That there are people out there that look at their bank account and see a large number and spend large amounts of time finding ways to push people down during sensitive times where they could be learning and growing and have the right attitude and energy to do so, just because it makes their horrible selves feel secure knowing how 'superior' daddy made them, not to mention likely factories filled with half naked Chinese kids sewing shoes and soccer balls and separating out precious metals with blow torches.

I cannot help but think about this again as I'm frustrated that I had to relearn something just now which created more questions which I once everything is dashed to pieces again I won't think to or know to look into, if the information even exists, all so some easily duped younger people can form the next generation of well... us, and fall for the same tricks while I feel like I'm falling behind.

Ah transports

Minding my own business in a crowded train, listening to full blast music. As the song changes I sort of heard an announcement but didn't get the subject.

Guy in front of me does a 180° and starts talking to me. I thought he wanted some guidance, so I removed my headset and never did I regret more doing that, that guy just went on and on about his life and stuff that I don't care about, until he got off his stop. Ironically, before he left off he said "you know my mama always told me that you should ignore people you're not interested in" (Forest Gump Swiss edition? He didn't have a box of chocolates though)

I was like "yes, fuck off, not interested in your bullshit", but well, noticed he might be sensitive.

After he left some teens just came and pretended I didn't exist as they invaded my corporal space. Pushed one gently as he was leaning on to me a bit too much.

People must see me as a help point, you know those terminals where you can browse stuff... That's me. The Father of them all.

Are rants time sensitive? 🙄

Speaking of.. What in your opinion would be an appropriate way to warn someone about security problems, like db passwords in git?

I once came across dozens of extremely sensitive services' infra accesses: alibaba/aliexpress, natuonal observatories, gov institutions, telecomms, etc. I had dozens [if not hundreds] routers' and firewalls' credentials along with addresses. I tried one to confirm validity - it worked. I wanted to warn them but did not want to get in trouble.

If it were servers, I'd set a motd or append some warning messages in .profile. But not sure how to do it for non-server devices

what would you do? How would you warn them?

P.S. Deleting that record was a smart move, buddy ;)

p.P.S. Sorry, wrong category... Can't edit now :(

When you’re use to dark theme and the lights in your car are too bright, you black electrical tape all the things...

I’m either more sensitive to light, or I’ve adapted to dark theme-ing all the things.

How it started:

Need to replace in a lot of SQL files certain stuff...

find . -type f -iname '*.sql' -exec sed -i 's|new|old|g' {} \;

12 hours later that find executed a shell script containing roughly 120 lines of text pipelining.

The jolly of inconsistent workflows.

Different SQL format stylings... Makes fun when single line string replace needs to be extended to multiline RegEx handling. Or matching SQL comment configuration..

Different line endings. MacOS, Windows, Unix, Bukkake.

Different charsets / collations. Anyone wants latin1_swedish_ci... utf8... utf16... :/

Realizing some people even left sensitive data inside the SQL files (e.g. API Tokens..... Yayyyyyyy).

...

Ugh. It's never a one liner. It's never easy. -.-

I hate cleaning up messy shit.

I just remembered an annoying experience I once had,

Wanted to know cli version asap (due to some bug introduced in a certain version):

-v (output: view --help for command)
--version (output: view --help for command)
FUCK
--help (revealed: -version)

Wanted to know it's dependency version:

-version (output: view --help for command)
FUCK
--help (revealed: version)

You could call me lazy for not always typing --help first but there must be a standard for this time sensitive command.

!rant

I was playing with adb logcat some apps and I saw some sensitive info from my bank app. So I decided to go deeper , I saw my entire banking information , WHAT THE FUCK? I feel unsafe now using this bank.

Btw this bank is using react native and forgot to obscured their code in production

Very eventful day, please see enclosed several smaller rants.

===================

My college's systems are shit and not only do they use HTTP for everything, even the stores and financial aid purchase system, they have homebrew JS shit for PGP site encryption (nifty...), but they exchange the PRIVATE KEYS instead of the public keys. Over HTTP. Not even HTTPS. Also if you log in more than 10 times in 24 hours it's supposed to lock you out of your account until you call... except it locks EVERYONE out. Found this out when on campus, trying to get my textbooks, when suddenly everyone had login lockouts because i'm a "paranoid bastard" and "afraid of idiot college students" for not telling a PUBLIC PC to remember the one password (enforced by password auto-sync across all their shit, not ideal, no) guarding my SUPER-SENSITIVE FINANCIAL AND ACADEMIC DATA... among the other hundreds of issues this college has. I now see why this college is the only one I can afford...

===================

Can't pass-through raw DVD drive access to VMs as VM managers crash when I try (yes, even QEMU...) so i've gotta install Windows on a shitty 80GB laptop HDD for literally one quick project. On the bright side, if my theory proves correct, you'll no longer need modchips for PS2s.

===================

Found a couple odd lines in my xscreensaver config:

GetViewPortIsFullOfLies:False
nice: 10
pointerHysteresis: 10

the first 2 I can't seem to figure out what do, and the last taught me a new word. Fun!

===================

that's it, it's over, why are you still here

So today I found a file share containing some super super sensitive information accessible to what I think was our entire user base (6,500 users) if you knew the server name and had an interest in nosing around.

I reported it to our head of IT and heard nothing after, although 5 mins after reporting I could no longer access...

I suspect the infrastructure lead is going to be a dick (because his one of them awkward non team player kind of guys) and not thank me for preventing our company from being in national news papers... but try to spin it on why am I nosing around his servers in the first place..

I actually feel 50/50 about if I should of told or not.. but on flip side, I guess the access logs of me listing the files as I flick through to confirm my suspicions would of caused s bigger headache.

Fucking useless infrastructure engineers!

So new job started.
Just for context- old company was shit.
Promised the world but.
No benefits.
Terrible project management.
High pressure.
But green field interesting work (except by now it’s a few years in so it’s a ‘browning’ field but I was on it from the start).

New company first impressions..
Seems a fantastic company.
True to their word they have money for tools.
Making time for personal development.
Much bigger development community/department.
Seems like the term are under far less pressure so far at least.

But a MASSIVE amount of tech debt.
People seem to want to do the right thing and they’re making time to try and deal with it.
But one or two are very opinionated as to how to deal with it.

So this could go either way and only time will tell I guess.
Trying not to over analyse every little thing they say but I’m hyper sensitive to it at the minute while in the early days.

As always the real challenge in IT is the people not the tech. I count myself as part of the problem, sure I will form some opinions and sharing them too.

When Amazon asks if my email address is all lower case... The desire to make it an informative moment that email addresses are not case sensitive is outweighed by my desire to resolve my issue as fast as possible.

A conversation between an offshore developer and his manager at a fortune 500:

I'm a software developer and the company I work for is a vendor for $manager's and $offshore_dev's company. They provide endless hours of entertainment/terror. Recently, we've been trying to convince them that they need to stop sending sensitive information plaintext over HTTP and set up TLS/HTTPS which has led to tons of fun conversations such as this one they had during a conference call:

* $manager: "Did $offshore_dev implement TLS1.2?"
* $offshore_dev: "Yes, we enabled a parameter in the code to enable TLS1.2 in the code but according to $me's email, this requires HTTPS in order to work."
* $manager: "No this works, we're using TLS in $other_application right now."
* $offshore_dev: "Well, $manager, it's implemented but it currently doesn't encrypt anything as such."
* $manager: "Okay, HTTPS is in the roadmap in the next quarter, we can move forward without this for now."

Just found out today via Reddit that Wells Fargo, American Express (not personally confirmed), and Chase login passwords are NOT case sensitive!

I would check your bank too!

”We’re not going to shuffle you (devs) around from project to project and definitely not taking on any new time-sensitive projects with the limited resources we have, seriously understaffed as we are atm” - that was the promise.

So today I got assigned to a time-sensitive project (unconditional deadline by the end of the year) on a product I am not at all familiar with... I almost believed 2 projects underway was enough so that it would not get assigned to me. Oh well, there’s always room for a 3rd.

At least I get to pick my tools so I get to try out Fable... a silver lining there, and not really a thin one.

I had to do a double take... Needless to say I can't sign in for shit, fucknows what mental finger dance I did on the shift key when signing up to these guys...

Also: forgotten password is "please type your email, if there's an account associated to this email address we'll fucking email it with password reset instructions"...

Fucking arsehole fucks, I just wanna pay my fucking energy bill.

Ibwish I had remembered this when the weekly theme was office pranks.

In the first or second year of high school we covered basic internet security. Stuff like don't follow suspicious urls, don't open suspicious emails and such.

Our teacher let us play around with some sort of simulated desktop environment, where we could execute some hacks like ad popups and such on each other's environment, if we fell for the trap.

Anyways, one hack I found interesting was a hack, that lockes a user out of their virual desktop, until he enters a password, that will be displayed on his environment.

Yes, a very interesting hack, because it contains two obvious yet major design flaws, which I could exploit 😈

1. It's case sensitive
In itself not a problem, but combined with #2, it's fatal.
2. "IlIlllIlI"
Depending on your font, you probably have no idea what exactly I just typed.

Let's just say, the font displayed uppercase i and lowercase L completely undifferentiable.

Guess whom I let suffer.

It was our teacher, who had to demonstrate us some things and who was connected to the same network.

I swear, nothing beats that feeling when your tearcher has go come to you and embarrassingly ask you to "unhack" them, because they can't type it 😂

when TS does its job and team mates complaining that TS is too sensitive!

it does its job you douche, now you do yours!

Our biggest competitor has just been hacked. All their sensitive data, including passwords and client data, has been compromised.

It is not yet in the news, but someone forwarded their internal communication to us. :D

(fixed mistranslation)

TLDR;
How much do you earn for your skill set in your country vs your cost of living?
BONUS;
See how much I & others earn.

Recently I became aware of just how massive the gap in developers earnings are between countries. I'd love to calculate a fixed score for income vs cost of living.

I know this stuff is sensitive to some so if you prefer just post your score (avg income p/m after tax / cost of living).

I'm not shy so I'll go first:

MY RATES
Normal Rate (Long term): $23
Consulting / Short term: $30-$74
Pen Test: $1500 once off.
Pen Test Fixes: consulting rate.
Simple work/websites: min $400+
Family & Friends: Dev friends are usually free (when mutually beneficial). Family and others can fuck off, even if they can pay (I pass their info to dev friends with fair warning).

GENERAL INFO
Experience: 9 years
Country: South Africa
Developer rareness in country: Very Rare (+-90 job openings per job seeker).
Middle class wage in country: $1550 p/m (can afford a new car, decent apartment & some luxuries like beer/eating out).
Employment type: Permanent though I can and do freelance occasionally.
Client Locality: Mostly local.
Developer Type: Web Developer (True web dev - I do anything web related from custom HTTP servers to sockets, services, advanced browser api's, apps & more).

STACKS / SKILLSETS

I'M PROFICIENT IN:
python, JavaScript, ASP classic, bash, php, html, css, sql, msql, elastic search, REST, SOAP, DOM, IIS, apache

I DABBLE WITH:
ASP.net, C++, ruby, GO, nginx, tesseract

MY SPECIALTIES:
application architecture, automation, integrations, db's, real time data, advanced browser apps/extensions (webRTC, canvas etc).

SUMMARY
Avg income p/m after tax: $2250
Cost of living (car+rent+food): $1200
Score: 1.85

*Note: For integrity when calculating my cost of living I excluded debt repayments and only kept my necessities which are transport, food & shelter.

I really hope you guy's post your results, it would be great to get an idea of which is really the worst / best country to be a developer in.

I don't consider myself a guru in JavaScript (hell I studied theoretical chemistry), but I do hate much of the rationalization behind building a Jenga stack of libraries, frameworks, dependencies... for building everything web related.

Many of the problems I see people solving with these giant stacks could be easily solved understanding how websites work (html, css, js and how interact with each other) with no dependencies giving smaller (for end users at least) and more maintainable code (in the sense it would not require updating dependencies that may be discontinued...)

I do imagine situations where these are ideal... Since there are not absolutes and developing is very context sensitive, but man if I have js article fatigue for ridiculous scenarios.

I haven't said anything yet, but an AltRant notification server exists. Support for it will arrive very very soon on the AltRant app. It will run locally on the end user's personal computer, and it does not require a constant connection to the phone. Both devices need to be connected to the same local network on first connection, but after that you can wander out of your house or disconnect from the local network and still receive notifications.

DISCLAIMER: ALL SENSITIVE USER CREDENTIALS ARE NOT STORED *ANYWHERE* EXCEPT ON THE LOCAL USER'S MACHINE. NO DATA IS SENT TO ME. THE SERVER IS OPEN-SOURCE, HAS NO RELEASE BINARIES AND RUNS ON PYTHON.

Note to @dfox: if you want this to not exist or not be supported inside AltRant, please tell me or send me an email about it.

Is it safe to store sensitive passwords like servers root on chrome?

I was waiting for my wife in the shopping centre and noticed a shop sellung e-scooters. My my, what monsters can you buy with a few k€ :o I'm genuinely surprised!

The baddest monster: 3k: dual-notor, can carry >150kg of your fat ass. Takes ~12hours to charge, but, read this: with a single charge you can travel 150km! Max speed is 90km/h

i mean... I'm feeling quite confident riding a motorcycle at that speed, because I can bend down, because it weights a few hundred kilos and is not that sensitive to wind and road bumps.

But riding standing at that speed... Without any cover, with a vehicle weighting 50kg,.. Would you?

It seems like sensitive websites that need more priority to work fine are the ones that do not. I'm talking about government, school, bank, & service provider sites. Or it's just my retarded country.

sAleSfoRce aPEx is a hot wet garbage fire. How can I make this actually make this work right when I need to compare case sensitive strings?

Never had a truly bad experience with a designer but once one mentioned offhand that the unique keys that we were using to secure access to sensitive information should be only 4 characters long because it looks better that way...

I kept them at 16

Has any of the women in here dealt with "too politically correct" in the office that it's awkward? My boss refuses to just say guys even though I told him I feel singled out when he adds "gal". Or that I can't be better at social skills bc that tends to be stressed more if you're a female; nope i need to find a different reason now. Or telling me how I need to be involved in women's rights movements, those women are actually doing something to make a difference. I mean I'm glad that he's trying to fight for equality, and I know it can be so much worse, but I feel like I'm being corrected on how I should be as a female. Any suggestions? Or am I just being sensitive?

Worst part of coding lang I love?

C# being case-sensitive.

Not a C# language thing, but I hate the vilification and anti-coding standard of not 'allowing' prefixes. Interfaces are allowed (ex. IUpdateCustomer), why not classes? Why can't I have a DTO and declare it a TCustomer and the zealots not scream "HE'S USING HUNGARIAN NOTATION!!! TAKE HIM TO THE STAKE!!"?

I love working on legacy products. You just need a good shower and possibly a therapist after.

- Sensitive data sent over the internet encrypted with DES (not even 3DES). Guess it doesn't matter that the key (singular, for the last decade) is basically 0123456789ABCDEF.

- Client databases with open default port, admin/admin superuser.

- Critical applications (potential for substantial property damage, maybe loss of life) with a single point of failure and without backup.

Suggestions, to slow down a bit with sales, so we have time to rewrite this steaming pile of crap are met with the excuse: be more pragmatist, this is standard industry practice.

Some of this shit can be fixed on my own time if my conscience nags too much, but others would require significant investment of time from multiple developers, which would slow down new business.

Guess the pay is ok, so that's something...

Open office plans are a GREAT idea. Nothing says productivity like hearing a pin drop from across the building. Who needs good acoustics anyways? And you bet your ass the moment anything sensitive to background noise is going on you're no longer allowed to communicate at all, because even a potato plugged into an audio jack can hear you whisper from 50 feet away. Good thing we don't do that often - only on days that end in Y, I assume.

document.getelementbyid("myid");

Runtime error !
must be "ById"
:/

also same problem with elem.innerHtml
(Correct: elem.innerHTML )

Trying to implement a dynamic data masking solution for our databases, to filter out sensitive data.

This seems like a problem which should've been solved decades ago. But it isn't. All DDMs, proxies, seeders, maskers... they all suck balls.

Which makes me wonder, how many devs walk around with MacBooks with half a million credit card numbers on them...

why are humans so sensitive?

Print("Hello World")

When people design a brand new Postgresql schema (case sensitive) using a mix of upper and lower case letters.
Only to then proceed and escape every single table and column name in every single query.

Coolest bug is less of a bug and more of a feature. I've been working on a medical app and I used an open source backend which had almost everything I needed. To be hipaa compliant you have to encrypt all sensitive data - full db encryption was not something this backend was capable of.

So my solution was to encrypt the data on the client side and create a secondary server - that can only be accessed on my app server - to store and retrieve the keys.

If anyone's thinking of working on a HIPAA project - you're welcome

Sometimes when I drink water out of a glass bottle I knock the edge of it against my overly sensitive front teeth just to feel something once again.

Why do we rant here? Why can’t companies allow a safe space for their employees to vent out their woes? Or does that just add tension/make the workplace heated coz managers or co-workers could be sensitive to criticism? Or we’re just too stressed and overwhelmed that our woes don’t make sense(and we know it) but we gotta let it out some times? Lol

Been a mobile developer since April, liking the experience and the amount of projects that I've been a part of.

And one of the things that I've learned about this is that sometimes the client doesn't even know what he really wants. I mean for fucksakes, we implement everything, and new functionalities and there's always something that works on every other app (and is basically a standard) and he thinks is not suppose to be like that...

And another thing. Fuck Apple Store. At the company we've developed an app that practically shows information that only users should see (in our logic is sensitive information from our clients) and they DECLINED 4 FUCKING TIMES THE APP. Reason? Since the app's purpose "isn't correlated" with the basical information we show, the user can navigate through the app without going through login.
We basically added an "explore option" that shows basically nothing and they've accepted. FUCK APPLE FOR WAISTING OUR TIME AND THE CLIENTS TIME

Pm orders me to integrate data from several closed systems into a new CRM, problem is... corporate security won't allow me to push data between these networks as there are extremely sensitive data on these systems. So I disobey PM or corporate if I do it and ive told both the issues. 4th round with this exact issue now.

Dear programming languages,
If you had to be case sensitive, then why the fuck can't you settle on whether to use an S or an s for a
S/string declaration.

To all websites requiring at least one upper case, one lower case, one number, one special character, 25 emoji and 49 unicorns in the password when signing up.

If you say something is required, then your regex BETTER be checking ONLY for those things. You should not have hidden requirements for passwords that users are supposed to dream about and know. Especially if it's a super time-sensitive thing that they should have opened 2 Fridays ago.

I had to pull my hair out for 20 minutes (that felt like an hour) before looking at their code and reading their regex. The regex was different from what the page said the requirements actually were. What were they even thinking? 😑

The rest of everything related to this organization uses an SSO system, why can't they just use it? Isn't the whole point of SSO to avoid a different login for every tiny part of the system?

I wonder what the other less technically inclined people using the system are doing right now. Sadly, I have no way of letting them know.

I sincerely hope the dev that made that website faces the same thing while picking a password for creating an account somewhere else and realizes what he/she did.

I really needed to let it out.
I feel much better now.

Time to take out the stress ball :)

I can't come to terms with people's terrible reasonings.

You read a news about something. Let's assume it has to do with a sensitive topic, like race, gender, culture, religion, something polarizing, that makes you pick 1 of 2 sides.

So what do some people do? They ask themselves "ok what group do I adhere? How do I label myself?".

Then they ask "what do other people in said group/label think about the matter?", sometimes it's people in the media, friends,

sometimes people even create a mental construct of a stereotypical person of said group, a hypothetical one, and use the opinion of said construct as representative.

And final step is a knee jerk reaction of "I believe that too!!!!!!".

Obviously, all of this can't bring no one closer to the theorical truth or the least flawed conclusion.

What does? Case by case basis.

You judge every case as if every case was its own thing.

But why does some people have a hard time doing that? Just general ignorance maybe?

Maybe this tends to occur in families where parents don't teach their kids to challenge their beliefs, or teach them that doing so could result in lack of parental acceptance.

People also have peer pressure, the need to belong and feel accepted. That means sharing the same points of view with close people and considering the opposite taboo.

There's also the very ignorant people that have conspiracies for lunch.

In any case, I feel some people don't even fucking try to be neutral.