Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "stupid practices"
I was reviewing one dev's work. It was in PHP. He used MD5 for password hashing. I told him to use to password_hash function as MD5 is not secure...
He said no we can't get a password from MD5 hashed string. It's one way hashing...
So I asked him to take couple of passwords from the users table and try to decode those in any online MD5 decoder and call me after that if he still thinks MD5 is secure.
I have not got any call from him since.18
Guy: I don't trust password managers
Me: so how do you remember passwords?
Guy: oh, I just keep them in a note in the iPhone notes app/iCloud.12
Being a programmer on a non-tech startup company is not too bad. That means aside from coding:
- You have to check if the office printer works
- You need to figure out why the phone lines aren't ringing
- You have to teach a stupid colleague on how to unzip a file
- When they give you a task, they'll say that it's "not urgent", but, they just "need it by tomorrow"
- You have to be a "mind-reader" because if something goes wrong, they don't know how to describe what's going on. Or probably, they're just too lazy being specific. They'll just say, "Hey, I have a problem.", and you will be like "What problem? Your dog is sick? You shit your pants? You lost your faith in God? Fuck what?"
- You don't have a time to "focus", because everyone interrupts you for just about anything related to "technology". Yeah, because you're the IT guy
- You always have learned and applied the latest practices/stacks, but no one gives a fuck
- You will start to re-think your life and devrants make you feel better9
Anyone ever entered a password and it keeps saying wrong password, so you decide to reset the fucking password and now the problem is ....the systems/website tells you that you can't reset the password to your current password or a password you are already using... like okay what the fuck!!!!!.....3
Paranoid Developers - It's a long one
Backstory: I was a freelance web developer when I managed to land a place on a cyber security program with who I consider to be the world leaders in the field (details deliberately withheld; who's paranoid now?). Other than the basic security practices of web dev, my experience with Cyber was limited to the OU introduction course, so I was wholly unprepared for the level of, occasionally hysterical, paranoia that my fellow cohort seemed to perpetually live in. The following is a collection of stories from several of these people, because if I only wrote about one they would accuse me of providing too much data allowing an attacker to aggregate and steal their identity. They do use devrant so if you're reading this, know that I love you and that something is wrong with you.
That time when...
He wrote a social media network with end-to-end encryption before it was cool.
He wrote custom 64kb encryption for his academic HDD.
He removed the 3 HDD from his desktop and stored them in a safe, whenever he left the house.
He set up a pfsense virtualbox with a firewall policy to block the port the student monitoring software used (effectively rendering it useless and definitely in breach of the IT policy).
He used only hashes of passwords as passwords (which isn't actually good).
He kept a drill on the desk ready to destroy his HDD at a moments notice.
He started developing a device to drill through his HDD when he pushed a button. May or may not have finished it.
He set up a new email account for each individual online service.
He hosted a website from his own home server so he didn't have to host the files elsewhere (which is just awful for home network security).
He unplugged the home router and began scanning his devices and manually searching through the process list when his music stopped playing on the laptop several times (turns out he had a wobbly spacebar and the shaking washing machine provided enough jittering for a button press).
He brought his own privacy screen to work (remember, this is a security place, with like background checks and all sorts).
He gave his C programming coursework (a simple messaging program) 2048 bit encryption, which was not required.
He wrote a custom encryption for his other C programming coursework as well as writing out the enigma encryption because there was no library, again not required.
He bought a burner phone to visit the capital city.
He bought a burner phone whenever he left his hometown come to think of it.
He bought a smartphone online, wiped it and installed new firmware (it was Chinese; I'm not saying anything about the Chinese, you're the one thinking it).
He bought a smartphone and installed Kali Linux NetHunter so he could test WiFi networks he connected to before using them on his personal device.
(You might be noticing it's all he's. Maybe it is, maybe it isn't).
He ate a sim card.
He brought a balaclava to pentesting training (it was pretty meme).
He printed out his source code as a manual read-only method.
He made a rule on his academic email to block incoming mail from the academic body (to be fair this is a good spam policy).
He withdraws money from a different cashpoint everytime to avoid patterns in his behaviour (the irony).
He reported someone for hacking the centre's network when they built their own website for practice using XAMMP.
I'm going to stop there. I could tell you so many more stories about these guys, some about them being paranoid and some about the stupid antics Cyber Security and Information Assurance students get up to. Well done for making it this far. Hope you enjoyed it.26
Today the CEO asked us to create KPIs to follow a junior tasks, daily.
The problem it's he wants KPIs to foretell problems or delays in his tasks.
The junior is analyzing 14 years old C++ code, made by an electrical engineer who had all worsts practices possible when coding.
We explained that we couldn't make real, true KPI that would foretell the advancement due to complexity of the legacy and the fact that the junior had NEVER USED C++.
SO.... He asked to know how many code lines he made daily and an estimate of how many lines he'll have to do to complete the task.... So he could foretell advancement.
It was the 5th time in less than 60 days, that the CEO bypass totally the CTO to ask some stupid useless shit. So now all developpers have resign, complaining about the CEO actions/stupidity.2
This is more of a wishful thinking scenario......but language/tech stack/whatever bashing.
Look, I get it, we like development, we would not be here if we didn't like it. But as my good friend @Stuxnet has mentioned in the past, making this a personality trait is fucking retarded, lame, small, and overall pathetic. I agree with this sentiment 100%
Because of this a lot of people have form some sort of elitist viewpoint concerning the technologies that people use, be it Java, C#, C++, Rust, PHP, JS, whatever, the same circle jerk of bashing on shit just seems completely fucking retarded. I am hoping for a new mentality being that most of us are younger, even if you are a 50+ year old developer, maturity should give you a different perspective, but alas, immaturity and a bitchy attitude carried throughout years of self dick sucking implications would render this null.
I could not give two fucks if the dude next to me is coding his shit in whatever as long as best practices are followed, proper documentation is enforced, results are being brought to our customers(which regardless of how much you try to convince us, none of your customers are fucking elite level) and happiness is ensured, then so fucking be it.
Gripes bitches and complaints are understandable, I dislike a couple of things about my favorite tools, and often wish certain features be involved in my particular tech stacks, does this make stuff bad? no, does it make me or anyone else less of a developer,? no so why give a fuck? bitch when shit bites you in the ass when someone does not know what the fuck they are doing with a language that permits writing bullshit. Which to be honest ALL of them fucking allow. Not one is saved from this. But NOT knowing how to work a solution, or NOT understanding a tech stack does not give you AUTOMATIC FULL insight on how x technology operates, thinking as such is so fucking arrogant and annoying.
But I am getting tired of looking at posts from Timmy, a 18 year old "dev" from whothefuckcares bitch about shit when they have never even made a fucking penny out of their "development" endeavors just because they read some dickhead's opinion on the internet regarding x tech stack and believes that adopting their bullshit troll ass virgin ideas makes them l337.
Get your own fucking opinion on things, be aggressive and stand fucking straight, maybe get some fucking pussy(or dick, whatever) and for fucks's sake learn to interact with other fucking human beings, take a fucking run, play games, break out from your whinny bitch ass shell, talk to that person that intimidates you, take a run, do yoga, martial arts anything that would break you out from being such a small little bitch.
Just fucking do something that keeps you from shitting on people 24/7 365/ a year.
We used to bitch about incompetent managers, shit bosses, fucking ludicrous assignments. Retarded shit that some other dev did, etc, etc. Seems like every other fucking retard getting into this community starts with stupid ass JS/PHP/Python/Java/C#/ whatever jokes and you idiots keep upvoting that shit. Makes those n00bs gain credability. Fuck me shit is so pathetic.
basically, make dev rant great again.
No fuck off and have a beer, or tea or whatever y'all drink.18
"I know, I'll set my password as '12345'. No one will guess it because it's too simple right? RIGHT?"5
Just received a mail from my college that my college's student account password does not contain any special characters and I should change it immediately. Wtf? How did they know that?15
So.... We spend most our lives learning languages and methodologies and best practices and all that crap while depriving ourselves of sleep because the rules said if we did that we'd make something cool and have fun doing it...
But then *any company here* comes along and says make this shitty feature in *arbitrary time here* for our stupid *product here*.
You do it working overtime and sacrificing quality to have the client say afterwards that he wants something different (from his own specs).
And then the circle repeats...
I should consider a different profession...
Hey plants don't speak... Maybe I'll be a gardener!
Clip here clip there - done. I'll be a happy fucking script2
New password cannot be one of your four previous passwords.
Password must conatin upper and lower case characters, at least two numbers and two special characters
Password cannot contain five or more consecutive letters of username.
Password cannot include any _illegal patterns_.
Locked out of your system? Drive over to HQ and ask the admins to reset your password in person.6
I wonder how many decades it will take until employees stop to fucking stick their passwords to the computer screen at their station. It is a complete fucking nightmare if you are responsible for the network!
Can we bring back the guillotine? But it must be stub!
Those nitwits shall suffer!25
So this PR company hired my firm to convert their client's Wix website to WordPress to have better control over content and SEO, not to mention get away from the piss-poor "absolute position everything" setup of Wix. This is a single page design. 2 days later, we deliver it, performing faster than Wix and with a few extra goodies on the UI.
The client's director of IT wants to stay on Wix, because it's "the most secure provider", and will only move their ONE PAGE INFORMATIONAL WEBSITE to another platform and host if they answer a 133 item "security questionnaire". Short of SSNs, they want to basically know everything, including our proprietary and confidential security practices. You aren't Google...stop acting like you are...
How are people this stupid a "director" of anything?3
Why the fuck would you allow special characters in your passwords, when some of them are considered "potentially dangerous!" can't even login ffs!6
*logs in to pc*
- Your password will expire in 3 days. Consider changing it.
+ yeah sure...
*tries to change password*
- Your password must be different from your old 25 passwords
+ What the fuck?!? I mean, really, what the fuck is this bullshit? You force me to use EXACTLY 8 char long passwords and this? Fuck you!6
“Password length mustn't exceed seventeen characters.”
Why? Why do some Web sites still have this rule? It's 2018. We should be using passwords of at least twenty-four characters. This is crap.17
Microsoft seriously hates security, first they do enforce an numer, upper and lowercase combined with a special character.
But then they allow no passwords longer than 16 characters....
After that they complain that "FuckMicrosoft!1" is a password they've seen to often, gee thanks for the brute force tips.
To add insult to injury the first displayed "tip" take a look at the attached image.16
"The password must have 7 or 8 characters (numbers and/or letters)”
says Movistar, the biggest ISP and telecom company in Spain ... I can't even.7
I'm so fed up of this shitty ultra-ortodox industry
I've worked on many different projects, been in many different teams. It's an ever changing industry, but, surprisingly, it's so orthodox. Dev industry nowadays have some rules, that everybody adopts them as "best practices". You have to work on pull requests, and several of your teammates have to review your shit (as if they have nothing better to do).
I'm sick of people using fucking DTOs in shitty frameworks like Laravel. Using DTOs in Laravel is like putting mustard in a fucking chocolate cake.
I'm so fed up of SPAs and node.js. I've yet so see a single SPA that handles jwt tokens correctly. I'm tired of spending hours and hours, days and days, struggling with thousandls of layers of abstractions instead of being productive and getting the shit done.
Damnit. I say. Now. I now feel better. Thanks for listening :)14
And another shitty hoster...
“The password is to long. Please choose a password that is not longer than 16 characters”2
Listened for about a half-hour yesterday to DevA ‘beat down’ DevB writing a console app for trying out a proof-of-concept idea he had.
DevB: “What’s the URL of the development server?”
DevA: “Why? What are you doing?”
DevB: “I’m needing to throw some messages to it so I can capture data for something I’m working on.”
DevA: “How are you calling the service?”
DevB: “I wrote a console app”
- you could almost hear the eye roll -
DevA: “A console app? Why in the world would you write a console app?”
DevB: “Oh..um..no reason. I just need log some test data for something I’m playing around with. How should I do it?”
DevA: “If it’s test data, you should have wrote a unit test. You see, unit tests …”
- yammer on and on for about 5 minutes about the virtues of unit tests…never really explaining anything -
DevB: “Yea, I’m not needing to test the result or anything. I just need to log some data.”
DevA: “Then you should use a unit test for that, not a console app. With a unit test, you’ll be able to validate the data. That’s what unit tests are for. Microsoft should have never put in console apps in Visual Studio. It just leads to bad coding practices.”
DevB: “Um…I don’t care. It’s a console app because I just need data…thanks anyway”
Today, DevC was talking to DevA
DevC: “Charlie is testing the order module, but there isn’t any test data. Do you still have the data generating script?”
DevA: “Oh yea, I’ll send him my console app that populates the database.”
It was all I could do from screaming “You stupid –bleep-er!! What the f–bleep-ck was all that yesterday?!”, but none of my business. Better to devrant about it than start a fight.
Today a task was assigned to a coworker, he is a good guy, but one of those that never complain, never say anything, get there early, go to lunch at the exact same hour everyday, doesnt talk to anybody and gets off at exactly 6pm.
So, the task was submitted by QA, according to them, a disabled input could be enabled by going into the dev tools and enabling it...
So i went over the pm and told her (cos she is a cunt) that the ticket was just bullshit and that first of all, we had no control of it, but if that is the case, we can go over and add event listeners to all the inputs in the platform to avoid people changing them...like wtf?
Since she is a dumb cunt, she 'escalated' the task to the senior dev... he is also a total fucktard who doesnt know a shit. The dude said that the task was ok and we had to do it or not but it was better to do it, justifying the ticket in the most stupid and incoherent way... like wtf is to do with it? Tell the user to not go over the devtools and enable it? The fuckkkk
I felt like i was about to shit my kidney, seriously, but what can i do? It is not the first time things like that happen. The stupid fuck also let one of his friends add several migrations to change several tables columns just because of 'good practices' which in first place left the databas all fucked up and with fucked relations.
I'm just so tired of these fucks, incompetent motherfuckers... I told a friend about it and he said that that was nothing, it is worse when you have to work for banks and that the only thing i could do was to let it go and learn from it, to not do the same mistakes. Im thinking in quitting... what should i do?3
During one of our 'pop-up' meetings last week.
Ralph: "The test code the developers are checking in is a mess. They don't know what they are doing."
var foo = SomeLibrary.GetFoo();
Fred: "Ha ha..someone should talk to HR about our hiring practices. These people are literally driving the company backwards."
Me: "I think unit testing is complete waste of time."
- You could almost see the truck hit the wall and splatter watermelon everwhere..took Ralph and Fred a couple of seconds to respond
Fred: "Uh..unit testing is industry best practice. There is scientific evidence that prove testing reduces bugs and increases code quality"
Ralph: "Over 90% of our deployments are rolled back because of bugs. Unit testing will eliminate that."
Me: "Sorry, I disagree."
- Stepping on kittens wouldn't have gotten a worse look from Fred and Ralph
Fred: 'Pretty sure if you ask any professional developer, they'll tell you unit testing and code coverage reduces bugs.'
Me: "I'm not asking anyone else, I'm asking you. Find one failed deployment, just one, over the past 6 months that unit testing or code coverage would have prevented."
- good 3 seconds of awkward silence.
Ralph: "Well, those rollbacks are all mostly due to server mis-configurations. That's not a fair comparison."
Me: "I'm using your words. Unit tests reduces bugs and lack of good tests is the direct reason why we have so many failed deployments"
Boss: "Yea, Ralph...you and Fred kinda said that."
Fred: "No...we need to write good tests. Not this mess."
Me: "Like I said, show me one test you've written that would have prevented a rollback. Just one."
Ralph: "So, what? We do nothing?"
Me: "No, we have to stop worshiping this made up 80% code coverage idol. If not, developers are going to keep writing useless test code just to meet some percent. If we wrote device drivers or frameworks for other developers maybe, but we write CRUD apps. We execute a stored procedure or call a service. This 80% rule doesn't fit for code we write."
Fred: "If the developers took their head out of their ass.."
Me: "Hey!..uh..no, they are doing exactly what they are being told. Meet the 80% requirement, even if doesn't make sense."
Ralph: "Nobody told them to write *that* code."
Boss: "My gosh, what have you and Fred been complaining about for the past hour?"
- Ralph looks at his monitor and brilliantly changes the subject
Ralph: "Oh my f-king god...Trump said something stupid again ..."
At that point I put my headphones on went back to what I was doing. I'm pretty sure Fred and Ralph spent the rest of the day messaging back-n-forth, making fun of me or some random code I wrote 3 years ago (lots of typing and giggling). How can highly educated grown men (one has a masters in CS) get so petty and insecure?7
Logs in to client office 365.
Big recommendation at the top
"Disable password auto expiry, it's currently set to 90 days"
Why is this a recommendation? I suppose there's an argument that making a user change every now and again will weaken their passwords over time, but really?2
When a software improvement organization (cough Scrum.org) does this stupid crap with their passwords, causing us all to be pwned.2
Me: Trying to change my work password to something more complex, chooses multiple random words that are easy to remember.
Software: password does not satisfy complexity requirements due to missing number and uppercase letter.
FUCK. OFF. WITH. THIS. NONSENSE.
When will they learn to accept a long series of actual words? We all know it's more secure and easier to remember. Just fucking why?!4
Not dev per sé but annoys see he'll out of me on a monthly basis... 30 day password expiration, how does that make things more secure?! The thing that makes it worse is that I can't use any previous 28 passwords or anything too similar... Now I'm stuck with a 36 character password which I have to put in everytime my work machine decides to lock out... Which is less than a minute of not touching it.
What's that? No I can't turn around and answer a question because if I do I'll be taking 20mins off of my future career prospects as I'm working on leveling up my inevitable arthritis6
First year on the job. Was already good at writing software, but bad at practices and administration. One such software was being tested live, while still in development. I was developing on the production database... .
I was working on an edit feature of sales records, in a table that already contained hundreds of subsidized sales of very expensive products. Based on that, the supplier had to compensate the shops with half the price of every item.
I forgot to add a where clause to the update. Lost all sales data. On production.
Asked the admin if there are backups and he says yes, checks to discover that the backup script failed for the last week (since it became live)
Whole thing was incredibly stupid. I made a ton of stupid mistakes, and so did the other people involved. The loss was around 1 year of my income. Luckily the client decided to brush it off as losses and claim some tax benefits and it all ended well.2
Does anyone know a good resource for learning how to use Git properly? I've learned piecemeal over the last year, but still run into stupid conflicts when transferring a project between machines that often requires me to redownload the repo and then download the changes from the dev server before starting again.
I'm an independent shop, so I don't have any senior devs or corporate policies to refer to for best practices.
Thanks in advance!2