Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "stupid practices"
I was reviewing one dev's work. It was in PHP. He used MD5 for password hashing. I told him to use to password_hash function as MD5 is not secure...
He said no we can't get a password from MD5 hashed string. It's one way hashing...
So I asked him to take couple of passwords from the users table and try to decode those in any online MD5 decoder and call me after that if he still thinks MD5 is secure.
I have not got any call from him since.20
Guy: I don't trust password managers
Me: so how do you remember passwords?
Guy: oh, I just keep them in a note in the iPhone notes app/iCloud.12
Being a programmer on a non-tech startup company is not too bad. That means aside from coding:
- You have to check if the office printer works
- You need to figure out why the phone lines aren't ringing
- You have to teach a stupid colleague on how to unzip a file
- When they give you a task, they'll say that it's "not urgent", but, they just "need it by tomorrow"
- You have to be a "mind-reader" because if something goes wrong, they don't know how to describe what's going on. Or probably, they're just too lazy being specific. They'll just say, "Hey, I have a problem.", and you will be like "What problem? Your dog is sick? You shit your pants? You lost your faith in God? Fuck what?"
- You don't have a time to "focus", because everyone interrupts you for just about anything related to "technology". Yeah, because you're the IT guy
- You always have learned and applied the latest practices/stacks, but no one gives a fuck
- You will start to re-think your life and devrants make you feel better9
Anyone ever entered a password and it keeps saying wrong password, so you decide to reset the fucking password and now the problem is ....the systems/website tells you that you can't reset the password to your current password or a password you are already using... like okay what the fuck!!!!!.....3
Paranoid Developers - It's a long one
Backstory: I was a freelance web developer when I managed to land a place on a cyber security program with who I consider to be the world leaders in the field (details deliberately withheld; who's paranoid now?). Other than the basic security practices of web dev, my experience with Cyber was limited to the OU introduction course, so I was wholly unprepared for the level of, occasionally hysterical, paranoia that my fellow cohort seemed to perpetually live in. The following is a collection of stories from several of these people, because if I only wrote about one they would accuse me of providing too much data allowing an attacker to aggregate and steal their identity. They do use devrant so if you're reading this, know that I love you and that something is wrong with you.
That time when...
He wrote a social media network with end-to-end encryption before it was cool.
He wrote custom 64kb encryption for his academic HDD.
He removed the 3 HDD from his desktop and stored them in a safe, whenever he left the house.
He set up a pfsense virtualbox with a firewall policy to block the port the student monitoring software used (effectively rendering it useless and definitely in breach of the IT policy).
He used only hashes of passwords as passwords (which isn't actually good).
He kept a drill on the desk ready to destroy his HDD at a moments notice.
He started developing a device to drill through his HDD when he pushed a button. May or may not have finished it.
He set up a new email account for each individual online service.
He hosted a website from his own home server so he didn't have to host the files elsewhere (which is just awful for home network security).
He unplugged the home router and began scanning his devices and manually searching through the process list when his music stopped playing on the laptop several times (turns out he had a wobbly spacebar and the shaking washing machine provided enough jittering for a button press).
He brought his own privacy screen to work (remember, this is a security place, with like background checks and all sorts).
He gave his C programming coursework (a simple messaging program) 2048 bit encryption, which was not required.
He wrote a custom encryption for his other C programming coursework as well as writing out the enigma encryption because there was no library, again not required.
He bought a burner phone to visit the capital city.
He bought a burner phone whenever he left his hometown come to think of it.
He bought a smartphone online, wiped it and installed new firmware (it was Chinese; I'm not saying anything about the Chinese, you're the one thinking it).
He bought a smartphone and installed Kali Linux NetHunter so he could test WiFi networks he connected to before using them on his personal device.
(You might be noticing it's all he's. Maybe it is, maybe it isn't).
He ate a sim card.
He brought a balaclava to pentesting training (it was pretty meme).
He printed out his source code as a manual read-only method.
He made a rule on his academic email to block incoming mail from the academic body (to be fair this is a good spam policy).
He withdraws money from a different cashpoint everytime to avoid patterns in his behaviour (the irony).
He reported someone for hacking the centre's network when they built their own website for practice using XAMMP.
I'm going to stop there. I could tell you so many more stories about these guys, some about them being paranoid and some about the stupid antics Cyber Security and Information Assurance students get up to. Well done for making it this far. Hope you enjoyed it.34
"I know, I'll set my password as '12345'. No one will guess it because it's too simple right? RIGHT?"6
Today the CEO asked us to create KPIs to follow a junior tasks, daily.
The problem it's he wants KPIs to foretell problems or delays in his tasks.
The junior is analyzing 14 years old C++ code, made by an electrical engineer who had all worsts practices possible when coding.
We explained that we couldn't make real, true KPI that would foretell the advancement due to complexity of the legacy and the fact that the junior had NEVER USED C++.
SO.... He asked to know how many code lines he made daily and an estimate of how many lines he'll have to do to complete the task.... So he could foretell advancement.
It was the 5th time in less than 60 days, that the CEO bypass totally the CTO to ask some stupid useless shit. So now all developpers have resign, complaining about the CEO actions/stupidity.2
Just received a mail from my college that my college's student account password does not contain any special characters and I should change it immediately. Wtf? How did they know that?15
I wonder how many decades it will take until employees stop to fucking stick their passwords to the computer screen at their station. It is a complete fucking nightmare if you are responsible for the network!
Can we bring back the guillotine? But it must be stub!
Those nitwits shall suffer!26
New password cannot be one of your four previous passwords.
Password must conatin upper and lower case characters, at least two numbers and two special characters
Password cannot contain five or more consecutive letters of username.
Password cannot include any _illegal patterns_.
Locked out of your system? Drive over to HQ and ask the admins to reset your password in person.6
So.... We spend most our lives learning languages and methodologies and best practices and all that crap while depriving ourselves of sleep because the rules said if we did that we'd make something cool and have fun doing it...
But then *any company here* comes along and says make this shitty feature in *arbitrary time here* for our stupid *product here*.
You do it working overtime and sacrificing quality to have the client say afterwards that he wants something different (from his own specs).
And then the circle repeats...
I should consider a different profession...
Hey plants don't speak... Maybe I'll be a gardener!
Clip here clip there - done. I'll be a happy fucking script2
So this PR company hired my firm to convert their client's Wix website to WordPress to have better control over content and SEO, not to mention get away from the piss-poor "absolute position everything" setup of Wix. This is a single page design. 2 days later, we deliver it, performing faster than Wix and with a few extra goodies on the UI.
The client's director of IT wants to stay on Wix, because it's "the most secure provider", and will only move their ONE PAGE INFORMATIONAL WEBSITE to another platform and host if they answer a 133 item "security questionnaire". Short of SSNs, they want to basically know everything, including our proprietary and confidential security practices. You aren't Google...stop acting like you are...
How are people this stupid a "director" of anything?3
Why the fuck would you allow special characters in your passwords, when some of them are considered "potentially dangerous!" can't even login ffs!7
“Password length mustn't exceed seventeen characters.”
Why? Why do some Web sites still have this rule? It's 2018. We should be using passwords of at least twenty-four characters. This is crap.17
Microsoft seriously hates security, first they do enforce an numer, upper and lowercase combined with a special character.
But then they allow no passwords longer than 16 characters....
After that they complain that "FuckMicrosoft!1" is a password they've seen to often, gee thanks for the brute force tips.
To add insult to injury the first displayed "tip" take a look at the attached image.16
"The password must have 7 or 8 characters (numbers and/or letters)”
says Movistar, the biggest ISP and telecom company in Spain ... I can't even.7
And another shitty hoster...
“The password is to long. Please choose a password that is not longer than 16 characters”2
Listened for about a half-hour yesterday to DevA ‘beat down’ DevB writing a console app for trying out a proof-of-concept idea he had.
DevB: “What’s the URL of the development server?”
DevA: “Why? What are you doing?”
DevB: “I’m needing to throw some messages to it so I can capture data for something I’m working on.”
DevA: “How are you calling the service?”
DevB: “I wrote a console app”
- you could almost hear the eye roll -
DevA: “A console app? Why in the world would you write a console app?”
DevB: “Oh..um..no reason. I just need log some test data for something I’m playing around with. How should I do it?”
DevA: “If it’s test data, you should have wrote a unit test. You see, unit tests …”
- yammer on and on for about 5 minutes about the virtues of unit tests…never really explaining anything -
DevB: “Yea, I’m not needing to test the result or anything. I just need to log some data.”
DevA: “Then you should use a unit test for that, not a console app. With a unit test, you’ll be able to validate the data. That’s what unit tests are for. Microsoft should have never put in console apps in Visual Studio. It just leads to bad coding practices.”
DevB: “Um…I don’t care. It’s a console app because I just need data…thanks anyway”
Today, DevC was talking to DevA
DevC: “Charlie is testing the order module, but there isn’t any test data. Do you still have the data generating script?”
DevA: “Oh yea, I’ll send him my console app that populates the database.”
It was all I could do from screaming “You stupid –bleep-er!! What the f–bleep-ck was all that yesterday?!”, but none of my business. Better to devrant about it than start a fight.
Today a task was assigned to a coworker, he is a good guy, but one of those that never complain, never say anything, get there early, go to lunch at the exact same hour everyday, doesnt talk to anybody and gets off at exactly 6pm.
So, the task was submitted by QA, according to them, a disabled input could be enabled by going into the dev tools and enabling it...
So i went over the pm and told her (cos she is a cunt) that the ticket was just bullshit and that first of all, we had no control of it, but if that is the case, we can go over and add event listeners to all the inputs in the platform to avoid people changing them...like wtf?
Since she is a dumb cunt, she 'escalated' the task to the senior dev... he is also a total fucktard who doesnt know a shit. The dude said that the task was ok and we had to do it or not but it was better to do it, justifying the ticket in the most stupid and incoherent way... like wtf is to do with it? Tell the user to not go over the devtools and enable it? The fuckkkk
I felt like i was about to shit my kidney, seriously, but what can i do? It is not the first time things like that happen. The stupid fuck also let one of his friends add several migrations to change several tables columns just because of 'good practices' which in first place left the databas all fucked up and with fucked relations.
I'm just so tired of these fucks, incompetent motherfuckers... I told a friend about it and he said that that was nothing, it is worse when you have to work for banks and that the only thing i could do was to let it go and learn from it, to not do the same mistakes. Im thinking in quitting... what should i do?4
During one of our 'pop-up' meetings last week.
Ralph: "The test code the developers are checking in is a mess. They don't know what they are doing."
var foo = SomeLibrary.GetFoo();
Fred: "Ha ha..someone should talk to HR about our hiring practices. These people are literally driving the company backwards."
Me: "I think unit testing is complete waste of time."
- You could almost see the truck hit the wall and splatter watermelon everwhere..took Ralph and Fred a couple of seconds to respond
Fred: "Uh..unit testing is industry best practice. There is scientific evidence that prove testing reduces bugs and increases code quality"
Ralph: "Over 90% of our deployments are rolled back because of bugs. Unit testing will eliminate that."
Me: "Sorry, I disagree."
- Stepping on kittens wouldn't have gotten a worse look from Fred and Ralph
Fred: 'Pretty sure if you ask any professional developer, they'll tell you unit testing and code coverage reduces bugs.'
Me: "I'm not asking anyone else, I'm asking you. Find one failed deployment, just one, over the past 6 months that unit testing or code coverage would have prevented."
- good 3 seconds of awkward silence.
Ralph: "Well, those rollbacks are all mostly due to server mis-configurations. That's not a fair comparison."
Me: "I'm using your words. Unit tests reduces bugs and lack of good tests is the direct reason why we have so many failed deployments"
Boss: "Yea, Ralph...you and Fred kinda said that."
Fred: "No...we need to write good tests. Not this mess."
Me: "Like I said, show me one test you've written that would have prevented a rollback. Just one."
Ralph: "So, what? We do nothing?"
Me: "No, we have to stop worshiping this made up 80% code coverage idol. If not, developers are going to keep writing useless test code just to meet some percent. If we wrote device drivers or frameworks for other developers maybe, but we write CRUD apps. We execute a stored procedure or call a service. This 80% rule doesn't fit for code we write."
Fred: "If the developers took their head out of their ass.."
Me: "Hey!..uh..no, they are doing exactly what they are being told. Meet the 80% requirement, even if doesn't make sense."
Ralph: "Nobody told them to write *that* code."
Boss: "My gosh, what have you and Fred been complaining about for the past hour?"
- Ralph looks at his monitor and brilliantly changes the subject
Ralph: "Oh my f-king god...Trump said something stupid again ..."
At that point I put my headphones on went back to what I was doing. I'm pretty sure Fred and Ralph spent the rest of the day messaging back-n-forth, making fun of me or some random code I wrote 3 years ago (lots of typing and giggling). How can highly educated grown men (one has a masters in CS) get so petty and insecure?6
Logs in to client office 365.
Big recommendation at the top
"Disable password auto expiry, it's currently set to 90 days"
Why is this a recommendation? I suppose there's an argument that making a user change every now and again will weaken their passwords over time, but really?2
When a software improvement organization (cough Scrum.org) does this stupid crap with their passwords, causing us all to be pwned.2
Me: Trying to change my work password to something more complex, chooses multiple random words that are easy to remember.
Software: password does not satisfy complexity requirements due to missing number and uppercase letter.
FUCK. OFF. WITH. THIS. NONSENSE.
When will they learn to accept a long series of actual words? We all know it's more secure and easier to remember. Just fucking why?!4
Not dev per sé but annoys see he'll out of me on a monthly basis... 30 day password expiration, how does that make things more secure?! The thing that makes it worse is that I can't use any previous 28 passwords or anything too similar... Now I'm stuck with a 36 character password which I have to put in everytime my work machine decides to lock out... Which is less than a minute of not touching it.
What's that? No I can't turn around and answer a question because if I do I'll be taking 20mins off of my future career prospects as I'm working on leveling up my inevitable arthritis6
First year on the job. Was already good at writing software, but bad at practices and administration. One such software was being tested live, while still in development. I was developing on the production database... .
I was working on an edit feature of sales records, in a table that already contained hundreds of subsidized sales of very expensive products. Based on that, the supplier had to compensate the shops with half the price of every item.
I forgot to add a where clause to the update. Lost all sales data. On production.
Asked the admin if there are backups and he says yes, checks to discover that the backup script failed for the last week (since it became live)
Whole thing was incredibly stupid. I made a ton of stupid mistakes, and so did the other people involved. The loss was around 1 year of my income. Luckily the client decided to brush it off as losses and claim some tax benefits and it all ended well.2
Does anyone know a good resource for learning how to use Git properly? I've learned piecemeal over the last year, but still run into stupid conflicts when transferring a project between machines that often requires me to redownload the repo and then download the changes from the dev server before starting again.
I'm an independent shop, so I don't have any senior devs or corporate policies to refer to for best practices.
Thanks in advance!2
So I took to try vuejs for a new project and oh god what a fucking mistake I have made... it literally took me less time to write whole backend of 10k lines, than to pass values around in that vue.shit. That useless retarded clusterfuck shitwork is a fucking nightmare, to finally get the result I needed I had to forget all fucking good programming practices I have learnt over years and implement bunch of stupid hacks and workarounds, just to pass values from one component to another... And I am not even talking about runtime compiling... and that stupid documentation that tries to prove you that everything is so fucking amazing, but even basic adapted examples works with motherfucking unexpected side-effects. Fuck that over hyped crap and that sucker who created it.4