Built a software portal that tied in with our schools user management systems (fuck that shit btw, was written in Java that tied back to a JS backend) and I couldnt get password verification working probably so put a test in that just let you put the username in and whatever password and as long as the user wasn't currently in use you login correctly (only used it to track download limits and display the student's name)

Planned on fixing it the following week when my contract was supposed to renew, but they never renewed it and every time they have had me come back I haven't had the chance to fix it ¯\_(ツ)_/¯

First year: intro to programming, basic data structures and algos, parallel programming, databases and a project to finish it. Homework should be kept track of via some version control. Should also be some calculus and linear algebra.

Second year:
Introduce more complex subjects such as programming paradigms, compilers and language theory, low level programming + logic design + basic processor design, logic for system verification, statistics and graph theory. Should also be a project with a company.

Year three:
Advanced algos, datastructures and algorithm analysis. Intro to Computer and data security. Optional courses in graphics programming, machine learning, compilers and automata, embedded systems etc. ends with a big project that goes in depth into a CS subject, not a regular software project in java basically.

Oh boy, this is gonna be good:

TL;DR: Digital bailiffs are vulnerable as fuck

So, apparently some debt has come back haunting me, it's a somewhat hefty clai and for the average employee this means a lot, it means a lot to me as well but currently things are looking better so i can pay it jsut like that. However, and this is where it's gonna get good:

The Bailiff sent their first contact by mail, on my company address instead of my personal one (its's important since the debt is on a personal record, not company's) but okay, whatever. So they send me a copy of their court appeal, claiming that "according to our data, you are debtor of this debt". with a URL to their portal with a USERNAME and a PASSWORD in cleartext to the message.
Okay, i thought we were passed sending creds in plaintext to people and use tokenized URL's for initiating a login (siilar to email verification links) but okay! Let's pretend we're a dumbfuck average joe sweating already from the bailiff claims and sweating already by attempting to use the computer for something useful instead of just social media junk, vidya and porn.

So i click on the link (of course with noscript and network graph enabled and general security precautions) and UHOH, already a first red flag: The link redirects to a plain http site with NOT username and password: But other fields called OGM and dossiernumer AND it requires you to fill in your age???
Filling in the received username and password obviously does not work and when inspecting the page... oh boy!

This is a clusterfuck of javascript files that do horrible things, i'm no expert in frontend but nothing from the homebrewn stuff i inspect seems to be proper coding... Okay... Anyways, we keep pretending we're dumbasses and let's move on.

I ask for the seemingly "new" credentials and i receive new credentials again, no tokenized URL. okay.

Now Once i log in i get a horrible looking screen still made in the 90's or early 2000's which just contains: the claimaint, a pie chart in big red for amount unpaid, a box which allows you to write an - i suspect unsanitized - text block input field and... NO DATA! The bailiff STILL cannot show what the documents are as evidence for the claim!

Now we stop being the pretending dumbassery and inspect what's going on: A 'customer portal' that does not redirect to a secure webpage, credentials in plaintext and not even working, and the portal seems to have various calls to various domains i hardly seem to think they can be associated with bailiff operations, but more marketing and such... The portal does not show any of the - required by law - data supporting the claim, and it contains nothing in the user interface showing as such.
The portal is being developed by some company claiming to be "specialized in bailiff software" and oh boy oh boy..they're fucked because...

The GDPR requirements.. .they comply to none of them. And there is no way to request support nor to file a complaint nor to request access to the actual data. No DPO, no dedicated email addresses, nothing.

But this is really the ham: The amount on their portal as claimed debt is completely different from the one they came for today, for the sae benefactor! In Belgium, this is considered illegal and is reason enough to completely make the claim void. the siple reason is that it's unjust for the debtor to assess which amount he has to pay, and obviously bailiffs want to make the people pay the highest amount.

So, i sent the bailiff a business proposal to hire me as an expert to tackle these issues and even sent him a commercial bonus of a reduction of my consultancy fees with the amount of the bailiff claim! Not being sneery or angry, but a polite constructive proposal (which will be entirely to my benefit)

So, basically what i want to say is, when life gives you lemons, use your brain and start making lemonade, and with the rest create fertilizer and whatnot and sent it to the lemonthrower, and make him drink it and tell to you it was "yummy yummy i got my own lemons in my tummy"

So, instead of ranting and being angry and such... i simply sent an email to the bailiff, pointing out various issues (the ones

Elon musk has shown himself to be a terrible person, a worse manager and someone who hasn't a clue of what a code review is. A summarily fires so many people that he can't find someone to open the doors for his big in person meeting or the vet the badges. He offers 3 months termination pay or you can work 12 hours a day 7 days a week hardcore. But none of the payroll people are around anymore either. Critical subsystems have not a single engineer left to work on them. He's paranoid that employees will sabotage the software. But I think he's doing such a good job it would be impossible to tell that anyone else was helping him.
An engineer wrote a prescient seven page report listing problems ahead including user verification. So Elon twit-fired him.
Also entirely predictable is the stress that the world cup will put on the system beginning today, I believe. He doesn't "like" microservices.
I work for the psychiatrist once who barely needed to sleep. Maybe Elon can function with 12-hour days week in week out. But it's cool to think you're going to squeeze substantially more work out of people by doubling their hours. More likely you will more than double their errors and what will that do to you budget? 50 years ago IBM determined that the best way to improve programmer productivity was to give each one their own office.
I can't believe he's whining over spending 13 million dollars a year on food. That is so far from being a strategic item. Soapbox out.

I hate having too much security, on the user side. I have 2 step verification on anything that allows and also most of my passwords are up to a limit, seriously. This is why I have LastPass but obviously no work I ever been in allowed it. Except Freelancing and my own software / apps.

Is it just me or are graphical software verification libraries useless? I have had to take courses in several is them at uni. Usually, the diagrams end up being externally complex and more prone to errors than the software they are supposed to verify.

The fact that the "final project"of one course was to verify 100 lines of java in 2 weeks. Any beginning programmer could read the java code and confirm it was correct. The diagram my group produced could only be verified by a team of experts over the course of a year. How is it valuable to spend time "verifying"software if the verification needs even more verification than the original software.

Maybe I'm missing the point but I just don't get why there is a market for expensive propratary software in this area.

🐟💩The image i fetch from s3 is of type byte array

I return it to angular as an ArrayBuffer

Which then needs to be somehow converted to an image so i can fucking show it

Then after research i had to convert ArrayBuffer to Blob

And from Blob to URL encoded object which returns a string that now shows the full image in img tag

Somehow, by a sheer of trials and error i have just accidentally made a very secure way of fetching a very sensitive piece of document (verification document with user's personal data on it) and now in browser this is shown as blob:shit-image/random-hash. Not even the file extension. This means nobody can download this image. You fucking cant. Its a Blob motherfucker! Like a Blob Fish. It saves either a .txt when you try to save it (no idea how) and if you try to open the image in new tab it shows gibberish text. This means you can read-only this highly sensitive document image and not manipulate it, not even download it. Perfect. I have just made a very secure software by accident.

(this blob fish looks like my shit)