Not my mom, but my wife's whole family. I'm a software developer.

So we're invited to her grandmother's 85th birthday celebration with pretty much every family member they could think to invite. 100+ people, and we all sit down in a circle in a huge room to watch a video that my wife's father and aunts/uncles put together.

They start the video and there's no sound. I'm a software developer, so I'm not an expert in hardware issues. I try to turn invisible, because every tech person knows what comes next, and this is in the center of a room of people I don't know.

After about 15 minutes of people struggling to get the audio working, one of the people remembers I "work with computer". Soon I have a dozen people calling me to the center of the room.

I begrudgingly make my way to the computer and projector. Upon inspection, I find that the computer is connected via VGA to the projector.

Me: "This cable only carries video. You need a different kind of cable, or you can hook up an AUX cable--the kind you use for headphones."
Other Guy: "I used this cable earlier and the audio was working."
Me: "...that's weird. Well, can we try plugging in an AUX cable?"
Yet Another Guy: "Will this help?" Holds up an HDMI cable
Me: "Oh, yeah! That should do it."
Other Guy: "I tried plugging that in, but it didn't change anything."
Me: "Hmmm..." Quickly unplug VGA and plug in HDMI, then click play.

The sound comes out in its full cheesy music glory. Everybody cheers, and I walk back to my seat. Throughout the rest of party, I'm approached by various other family members who ask me if I can fix X since I'm a "computer guy". Isn't it great to work in tech?

Crap.. got myself into a fight with someone in a bar.

Hospitalized, turns out that my knee is bruised and my nose is broken. For some reason the knee hurts much more than the nose though.. very weird.

Just noticed that some fucker there stole my keychain USB stick too. Couldn't care less about the USB stick itself, got tons of those at home and hard drive storage even more so (10TB) but the data on it was invaluable. It held on a LUKS-encrypted partition, my GPG keys, revocation certificates, server backups and everything. My entire digital identity pretty much.

I'm afraid that the thief might try to crack it. On the flip side, if it's just a common Windows user, plugging it in will prompt him to format it.. hopefully he'll do that.

What do you think.. take a leap with fate and see how strong LUKS really is or revoke all my keys and assume my servers' filesystems to be in the hands of some random person that I don't know?

Seriously though.. stealing a fucking flash drive, of what size.. 32GB? What the fuck is wrong with people?

them: "This external HD isn't compatible with my Mac."
me: "It is, it probably just needs to be formatted."
them: *hands me box, with HD still in plastic wrap*

So, how do you know it's not compatible?

So, I’ve been given the task of sorting the security out in an application plugging the holes and whatnot as to be honest it’s shocking haha. It doesn’t help that we automate security audits but that’s a different rant for another day.

We’re using devise for authentication (rails standard, ♥️ devise), we have no password resets through the login page, it has to be manually reset by ringing support, why who knows, even though it’s built into the gem and we allow the user to login using an username instead of an email because for whatever reason someone thought it was a bright idea to not have the email field mandatory.

So I hop onto a call with the BAs, basically I go that we need to implement password resets into the login page so the user can do it themselves and also to cut down support calls a ticket is already in place for it. So I go through the standardised workflow for resetting a password. My manager goes.

“I don’t think this will be very secure”

Wait.. what. Have you never reset a password before? It’s following the same protocol as every other app.

We go back and fourth and I said I’ll get it checked with security just to keep him happy.

The issue mainly is well we can’t implement password resets due to 100s of users not having an email on there account.. 🙃 so before we push this change we need to try and notice all users to set a unique email.

Updated the tickets. All dandy.

Looking at the PRs to see what security things have been done if any and turns out one of the devs in India has just written a migration to add the same default email to every user that doesn’t have an email present and yep it got merged. So I go revert the change but talk about taking a “we don’t care about security approach”.

Eventually we want to have the user reset their passwords and login using their email and someone goes a head and does that. Not to mention the security risk.

Jesus Christ I wonder why I bother sometimes.