Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "user story"
-
Oh, man, I just realized I haven't ranted one of my best stories on here!
So, here goes!
A few years back the company I work for was contacted by an older client regarding a new project.
The guy was now pitching to build the website for the Parliament of another country (not gonna name it, NDAs and stuff), and was planning on outsourcing the development, as he had no team and he was only aiming on taking care of the client service/project management side of the project.
Out of principle (and also to preserve our mental integrity), we have purposely avoided working with government bodies of any kind, in any country, but he was a friend of our CEO and pleaded until we singed on board.
Now, the project itself was way bigger than we expected, as the wanted more of an internal CRM, centralized document archive, event management, internal planning, multiple interfaced, role based access restricted monster of an administration interface, complete with regular user website, also packed with all kind of features, dashboards and so on.
Long story short, a lot bigger than what we were expecting based on the initial brief.
The development period was hell. New features were coming in on a weekly basis. Already implemented functionality was constantly being changed or redefined. No requests we ever made about clarifications and/or materials or information were ever answered on time.
They also somehow bullied the guy that brought us the project into also including the data migration from the old website into the new one we were building and we somehow ended up having to extract meaningful, formatted, sanitized content parsing static HTML files and connecting them to download-able files (almost every page in the old website had files available to download) we needed to also include in a sane way.
Now, don't think the files were simple URL paths we can trace to a folder/file path, oh no!!! The links were some form of hash combination that had to be exploded and tested against some king of database relationship tables that only had hashed indexes relating to other tables, that also only had hashed indexes relating to some other tables that kept a database of the website pages HTML file naming. So what we had to do is identify the files based on a combination of hashed indexes and re-hashed HTML file names that in the end would give us a filename for a real file that we had to then search for inside a list of over 20 folders not related to one another.
So we did this. Created a script that processed the hell out of over 10000 HTML files, database entries and files and re-indexed and re-named all this shit into a meaningful database of sane data and well organized files.
So, with this we were nearing the finish line for the project, which by now exceeded the estimated time by over to times.
We test everything, retest it all again for good measure, pack everything up for deployment, simulate on a staging environment, give the final client access to the staging version, get them to accept that all requirements are met, finish writing the documentation for the codebase, write detailed deployment procedure, include some automation and testing tools also for good measure, recommend production setup, hardware specs, software versions, server side optimization like caching, load balancing and all that we could think would ever be useful, all with more documentation and instructions.
As the project was built on PHP/MySQL (as requested), we recommended a Linux environment for production. Oh, I forgot to tell you that over the development period they kept asking us to also include steps for Windows procedures along with our regular documentation. Was a bit strange, but we added it in there just so we can finish and close the damn project.
So, we send them all the above and go get drunk as fuck in celebration of getting rid of them once and for all...
Next day: hung over, I get to the office, open my laptop and see on new email. I only had the one new mail, so I open it to see what it's about.
Lo and behold! The fuckers over in the other country that called themselves "IT guys", and were the ones making all the changes and additions to our requirements, were not capable enough to follow step by step instructions in order to deploy the project on their servers!!!
[Continues in the comments]26 -
First time poster here. Please be nice :)
My biggest workaround is one that's being currently deployed to 40 truck drivers (trucking company here), preventing printers being out of usage while on the road. We also have to use HP ePrint to wirelessly print documents, but that's another story for another time I guess :)
CEO asked us to install wifi printers in our 40-ish trucks which has wifi on board. However he's always picking one of the cheapest options possible, so we got consumer grade printers (Laserjet 1002w). Those printers often disconnects without getting back on the truck wifi network EVER. I have to get physically in the truck, wire the printer via USB onto my laptop and reconfigure Wifi on it with the HP Windows tool. This means lots of printer downtime, which always happens when the drivers are three timezones away from our office
Then I thought: "What if I could sniff what HP sends via USB while I (re)configure the printer, and replay whats being sent later? Our trucks all have an Android tablet with a USB type-A connector with host capability, so I could write a small app that replays the config when plugged in by the user.
Three days of hacking around later, I have a working app. By chance, HP printers (or at least those models we have) uses HTTP POST via USB, so I could easily replay the request.
Edit: the end result is that truck drivers just plug the printer to their tablet, press "reconfigure" in a home made Android app, printer is reconnected to the truck and they're good to go. They don't have access to the network nor know enough to debug themselves anyways14 -
When you try to become over smart with Apple.
Client :- Ask for all user information in registration screen.
Me :- But Apple rejects app if you ask for personal information you don't need. We shouldn't ask it since Apple will reject the application
Client :- "I am more strict than Apple", just do it.
Me :- But...
Client :- Do it!
Developed the app, uploaded on Apple Store for review and the app got REJECTED!!
Reason for rejection :- Don't ask for personal information you don't need !!!
Me :- (Evil laughs)
It's been more than 15 days now, the app is still under review due to multiple other violations already informed by me.
Moral :- Listen to developers, they have more experience than you or DO THE F*****G RESEARCH !!
True story !!!!7 -
My first post on devRant. Hope you like it (is a true story)
User : Hey, can you help me with this thumbdrive? Cannot open it
Me: Sure, let me see...
At this time I noticed that the drive was leaking something and smells funny also...
Me: Did you dropped it into water or something liquid?
User: Ehmm. Yes! Washed it with bleach!
Me: But why?
User : Oh! because of viruses.8 -
And here comes the last part of my story so far.
After deploying the domain, configuring PCs, configuring the server, configuring the switch, installing software, checking that the correct settings have been applied, configuring MS Outlook (don't ask) and giving each and every user a d e t a i l e d tutorial on using the PC like a modern human and not as a Homo Erectus, I had to lock my door, put down my phone and disconnect the ship's announcement system's speaker in my room. The reasons?
- No one could use USB storage media, or any storage media. As per security policy I emailed and told them about.
- No one could use the ship's computers to connect to the internet. Again, as per policy.
- No one had any games on their Windows 10 Pro machines. As per policy.
- Everyone had to use a 10-character password, valid for 3 months, with certain restrictions. As per policy.
For reasons mentioned above, I had to (almost) blackmail the CO to draft an order enforcing those policies in writing (I know it's standard procedure for you, but for the military where I am it was a truly alien experience). Also, because I never trusted the users to actually backup their data locally, I had UrBackup clone their entire home folder, and a scheduled task execute a script storing them to the old online drive. Soon it became apparent why: (for every sysadmin this is routine, but this was my first experience)
- People kept deleting their files, whining to me to restore them
- People kept getting locked out because they kept entering their password WRONG for FIVE times IN a ROW because THEY had FORGOTTEN the CAPS lock KEY on. Had to enter three or four times during weekend for that.
- People kept whining about the no-USB policy, despite offering e-mail and shared folders.
The final straw was the updates. The CO insisted that I set the updates to manual because some PCs must not restart on their own. The problem is, some users barely ever checked. One particular user, when I asked him to check and do the updates, claimed he did that yesterday. Meanwhile, on the WSUS console: PC inactive for over 90 days.
I blocked the ship's phone when I got reassigned.
Phiew, finally I got all those off my chest! Thanks, guys. All of the rants so far remind me of one quote from Dave Barry:7 -
Things have been a little too quiet on my side here, so its time for an exciting new series:
practiseSafeHex's new life as a manager.
Episode 1: Dealing with the new backend team
It's great to be back folks. Since our last series where we delved into the mind numbing idiocy of former colleagues, a lot has changed. I've moved to a new company and taken a step up as a Dev manager / Tech lead. Now I know what you are all thinking, sounds more dull and boring right? Well it wouldn't be a practiseSafeHex series if we weren't ...
<audience-shouting>
DEALING! ... WITH! ... IDIOTS!
</audience-shouting>
Bingo! so lets jump right in and kick us off with a good one.
So for the past few months i've been on an on-boarding / fact finding / figuring out this shit-storm, mission to understand more about what it is i'm suppose to do and how to do it. Last week, as part of this, I had the esteemed pleasure of meeting face to face with the remote backend team i've been working with. Lets rattle off a few facts to catch us all up:
- 8 hour time difference to me
- No documentation other than a non-maintained swagger doc
- Swagger is reporting errors and several of the input models are just `Type: String`
- The one model that seems accurate, has every property listed as optional, including what must be the primary key
- Properties go missing and get removed at the drop of a hat and we are never told.
- First email I sent them took 27 days to reply, my response to that hasn't been answered so far 31 days later (new record! way to go team, I knew we could do it!!!)
- I deal directly with 2 of them, the manager and the tech lead. Based on how things have gone so far, i've nick named them:
1) Ass
2) Hole
So lets look at some example of their work:
- I was trying to test the new backend, I saw no data in QA. They said it wouldn't show up until mid day their time, which is middle of the night for us. I said we need data in our timezone and I was told: a) "You don't understand how big this system is" (which is their new catch phrase) b) "Your timezone is not my concern"
- The whole org started testing 2 days later. The next day a member from each team was on a call and I was asked to give an update of how the testing was going on the mobile side. I said I was completely blocked because I can't get test data. Backend were asked to respond. They acknowledged they were aware, but that mobile don't understand how big the system is, and that the mobile team need to come up with ideas for the backend team, as to how mobile can test it. I said we can't do anything without test data, they said ... can you guess what? ... correct "you don't understand how big the system is"
- We eventually got something going and I noticed that only 1 of the 5 API changes due on their side was done. Opened tickets. 2 days later asked them for progress and was told that "new findings" always go to the bottom of the backlog, and they are busy with other things. I said these were suppose to be done days ago. They said you can't give us 2 days notice and expect everything done. I said the original ticket was opened a month a go *sends link* ......... *long silence* ...... "ok, but you don't understand how big the system is, this is a lot of work"
- We were on a call. Product was asking the backend manager (aka "Ass") a question about a slight upgrade to the new feature. While trying to talk, the tech lead (aka "Hole") kept cutting everyone off by saying loudly "but thats not in scope". The question was "is this possible in the future" and "how long would it take", coming from management and product development. Hole just kept saying "its not in scope", until he was told to be quiet by several people.
- An API was sending down JSON with a string containing a message for the user with 2 bits of data inside it. We asked for one of those pieces to also come down as a property as the string can change and we needed it client side. We got that. A few days later we found an edge case and asked for the second piece of data to be a property too. Now keep in mind, they clearly already have access to them in order to make the string. We were told "If you keep requesting changes like this, you are going to delay the release of the backend by up to 2 weeks"
Yes folks, there you have it, the most minuscule JSON modifications, can delay your release by up to 2 weeks ........ maybe I should just tell product, that they don't understand how big the app is, and claim we can't build it on our side? Seems to work for them
Thats all the time we have for today,
Tune in for more, where we'll be looking into such topics as:
- If god himself was an iOS developer ... not
- Why automate when you can spend all day doing it by hand
- Its more time-efficient to just give everything a story point of 5
- Why waste time replying to emails ... when you can do nothing instead
See you all next week,
practiseSafeHex13 -
One week, and it turned out to be worse than that.
I was put on a project for a COVID-19 program in America (The CARES Act). The financial team came to us on Monday morning and said they need to give away a couple thousand dollars.
No big deal. All they wanted was a single form that people could submit with some critical info. Didn't need a login/ registration flow or anything. You could have basically used Google Forms for this project.
The project landed in my lap just before lunch on Monday morning. I was a junior in a team with a senior and another junior on standby. It was going to go live the next Monday.
The scope of the project made it seem like the one week deadline wasn't too awful. We just had to send some high priority emails to get some prod servers and app keys and we were fine.
Now is the time where I pause the rant to express to you just how fine we were decidedly **not**: we were not fine.
Tuesday rolls around and what a bad Tuesday it was. It was the first of many requirement changes. There was going to need to be a review process. Instead of the team just reading submissions from the site, they needed accept and reject buttons. They needed a way to deny people for specific reasons. Meaning the employee dashboard just got a little more complicated.
Wednesday came around and yeah, we need a registration and login flow. Yikes.
Thursday came and the couple-thousand dollars turned into a tens of millions. The amount of users we expected just blew up.
Friday, and they needed a way for users to edit their submissions and re-submit if they were rejected. And we needed to send out emails for the status of their applications.
Every day, a new meeting. Every meeting, new requirements that were devastating given our timeframe.
We put in overtime. Came in on the weekend. And by Monday, we had a form that users could submit and a registration/ login flow. No reviewer dashboard. We figured we could take in user input on time and then finish the dashboard later.
Well, financial team has some qualms. They wanted a more complicated review process. They wanted roles; managers assign to assistants. Assistants review assigned items.
The deadline that we worked so hard on whizzed by without so much as a thought, much less the funeral it deserved.
Then, they wanted multiple people to review an application before it was final. Then, they needed different landing pages for a few more departments to be able to review different steps of the applications.
Ended up going live on Friday, close to a month after that faithful Monday which disrupted everything else I was working on, effective immediately.
I don't know why, but we always go live on a Friday for some reason. It must be some sort of conspiracy to force overtime out of our managers. I'm baffled.
But I worked support after the launch.
And there's a funny story about support too: we were asked to create a "submit an issue" form. Me and the other junior worked on it on a wednesday three weeks into the project. Finished it. And the next day it was scrapped and moved to another service we already had running. Poor management like that plagued the project and worked in tandem with the dynamic and ridiculous requirements to make this project hell.
Back to support.
Phone calls give me bad anxiety. But Friday, just before lunch, I was put on the support team. Sure, we have a department that makes calls and deal with users. But they can't be trained on this program: it didn't exist just a month ago, and three days ago it worked differently (the slippery requirements never stopped).
So all of Friday and then all of Saturday and all of Monday (...) I had extended panic attacks calling hundreds of people. And the team that was calling people was only two people. We had over 400 tickets in the first two days.
And fuck me, stupid me, for doing a good job. Because I was put on the call team for **another** COVID project afterwards. I knew nothing about this project. I have hated my job recently. But I'm a junior. What am I gonna say, no?7 -
Real Story:
Manager: You have to add an extra section in the app to show more details.
Me: We are already showing so many unnecessary details. These changes are not required.
Manager: No !! You have to do it.
Me : Ok !!! So why can't we show it in the section where we are showing the other details. Why make a separate section for it.
Manager : No !! It won't be clearly visible to the user. Just do it.
So I added another section to show useless information that we are already showing it f**king everywhere else in the app.
So I released a new apk next day with the added features.
In meeting, our CTO goes through the app and ask manager....
" Why we have added an extra section for showing same details that we are showing everywhere else ???
Who approved this ?? This is nonsense !!! "
Here comes the fun part.
Manager : I don't know. I didn't ask for it. These changes were not there earlier.
And ask me.
"Who told you to make these changes ? "
I am like... F***k man you a***ole told me to do it even when i told you it will be nonsense.12 -
I recently joined the dark side - an agile consulting company (why and how is a long story). The first client I was assigned to was an international bank. The client wanted a web portal, that was at its core, just a massive web form for their users to perform data entry.
My company pitched and won the project even though they didn't have a single developer on their bench. The entire project team (including myself) was fast tracked through interviews and hired very rapidly so that they could staff the project (a fact I found out months later).
Although I had ~8 years of systems programming experience, my entire web development experience amounted to 12 weeks (a part time web dev course) just before I got hired.
I introduce to you, my team ...
Scrum Master. 12 years experience on paper.
Rote memorised the agile manifesto and scrum textbooks. He constantly went “We should do X instead of (practical thing) Y, because X is the agile way.” Easily pressured by the client to include ridiculous (real time chat in a form filling webpage), and sometimes near impossible features (undo at the keystroke level). He would just nag at the devs until someone mumbled ‘yes' just so that he would stfu and go away.
UX Designer. 3 years experience on paper ... as business analyst.
Zero professional experience in UX. Can’t use design tools like AI / photoshop. All he has is 10 weeks of UX bootcamp and a massive chip on his shoulder. The client wanted a web form, he designed a monstrosity that included several custom components that just HAD to be put in, because UX. When we asked for clarification the reply was a usually condescending “you guys don’t understand UX, just do <insert unhandled edge case>, this is intended."
Developer - PHD in his first job.
Invents programming puzzles to solve where there are none. The user story asked for a upload file button. He implemented a queue system that made use of custom metadata to detect file extensions, file size, and other attributes, so that he could determine which file to synchronously upload first.
Developer - Bootlicker. 5 years experience on paper.
He tried to ingratiate himself with the management from day 1. He also writes code I would fire interns and fail students for. His very first PR corrupted the database. The most recent one didn’t even compile.
Developer - Millennial fratboy with a business degree. 8 years experience on paper.
His entire knowledge of programming amounted to a single data structures class he took on Coursera. Claims that’s all he needs. His PRs was a single 4000+ line files, of which 3500+ failed the linter, had numerous bugs / console warnings / compile warnings, and implemented 60% of functionality requested in the user story. Also forget about getting his attention whenever one of the pretty secretaries walked by. He would leap out of his seat and waltz off to flirt.
Developer - Brooding loner. 6 years experience on paper.
His code works. It runs, in exponential time. Simply ignores you when you attempt to ask.
Developer - Agile fullstack developer extraordinaire. 8 years experience on paper.
Insists on doing the absolute minimum required in the user story, because more would be a waste. Does not believe in thinking ahead for edge conditions because it isn’t in the story. Every single PR is a hack around existing code. Sometimes he hacks a hack that was initially hacked by him. No one understands the components he maintains.
Developer - Team lead. 10 years of programming experience on paper.
Writes spaghetti code with if/else blocks nested 6 levels deep. When asked "how does this work ?”, the answer “I don’t know the details, but hey it works!”. Assigned as the team lead as he had the most experience on paper. Tries organise technical discussions during which he speaks absolute gibberish that either make no sense, or are complete misunderstandings of how our system actually works.
The last 2 guys are actually highly regarded by my company and are several pay grades above me. The rest were hired because my company was desperate to staff the project.
There are a 3 more guys I didn’t mention. The 4 of us literally carried the project. The codebase is ugly as hell because the others merge in each others crap. We have no unit tests, and It’s near impossible to start because of the quality of the code. But this junk works, and was deployed to production. Today is it actually hailed as a success story.
All these 3 guys have quit. 2 of them quit without a job. 1 found a new and better gig.
I’m still here because I need the money. There’s a tsunami of trash code waiting to fail in production, and I’m the only one left holding the fort.
Why am I surrounded by morons?
Why are these retards paid more than me?
Why are they so proud when all they produce is trash?
How on earth are they still hired?
And yeah, FML.8 -
Gahaa!!! Finally back home, after 7 fucking hours of sitting in busses and trains!
BUT I GOT MY NEXUS 6P!! Yoo-hoo!!! :D
And I've got a nice story about it.
So when I bought it, the guy selling it to me was a nontechnical type (I think?) whose wife was the previous owner. So I thought to myself, cool a nontechnical user used it.. probably no hardware mods or anything to worry about. Apparently they even factory reset it for me :)
Now, when I left to go back home, I of course immediately booted up the thing and did the whole doodad of logging into it, setting up the device etc.
Then it struck me. When I booted up the device and wanted to log in, there was a lock from Google that required me to first authenticate as either a previous account of the device, or their unlock pattern. So I figured, eh fuck it, I'll just flash some AOSP without GApps or send the owner an email asking what the previous pattern is.
But I still had to wait 30 minutes at the bus stop so I thought to myself.. previous owner was a nontechnical woman.. maybe I could crack it. No way to know if I don't try. So I started putting in random unlock patterns.
3 attempts later - I shit you not! - pattern accepted.
Do you want to add this account?
Oh boy Google, of course I do! Thanks for letting me in pal!
3 fucking attempts. That's all it took to crack the unlock pattern of an unknown person. 😎23 -
"Make the feature more useful."
Please write a user story. It's hard to determine what you want.
"As Sales Agent I would like the <feature> to be extended so it's more useful to me."
(ノಥ,_」ಥ)ノ彡┻━┻3 -
This motherfucker tried to fuck me!
Ok, here's the full story.
I applied for a quick job as freelancer. He told me I just had to implement stripe payment gateway. After finishing that he asked to save the user data from payment to the database, too. I added that. All the way he wanted me to work on his ugly project on a rotten server through cpanel. But I refused instead I uploaded a showcase environment on my own server.
After he tested my code and all was working as expected he again tried to make me implement the code right away into his retarded project before payment. When I mentioned that he has to pay me first he started bitching that he won't pay in advance.
At this point I left that fucker. Knowing that my feeling was right and this bitch never had the intention to pay for my work. He just wanted to steel my code.
Fuck you. I hope you get eaten in your bed by very hungry slugs one day. Like this one guy here on devrant.19 -
It's maddening how few people working with the internet don't know anything about the protocols that make it work. Web work, especially, I spend far too much time explaining how status codes, methods, content-types etc work, how they're used and basic fundamental shit about how to do the job of someone building internet applications and consumable services.
The following has played out at more than one company:
App: "Hey api, I need some data"
API: "200 (plain text response message, content-type application/json, 'internal server error')"
App: *blows the fuck up
*msg service team*
Me: "Getting a 200 with a plaintext response containing an internal server exception"
Team: "Yeah, what's the problem?"
Me: "...200 means success, the message suggests 500. Either way, it should be one of the error codes. We use the status code to determine how the application processes the request. What do the logs say?"
Team: "Log says that the user wasn't signed in. Can you not read the response message and make a decision?"
Me: "That status for that is 401. And no, that would require us to know every message you have verbatim, in this case, it doesn't even deserialize and causes an exception because it's not actually json."
Team: "Why 401?"
Me: "It's the code for unauthorized. It tells us to redirect the user to the sign in experience"
Team: "We can't authorize until the user signs in"
Me: *angermatopoeia* "Just, trust me. If a user isn't logged in, return 401, if they don't have permissions you send 403"
Team: *googles SO* "Internet says we can use 500"
Me: "That's server error, it says something blew up with an unhandled exception on your end. You've already established it was an auth issue in the logs."
Team: "But there's an error, why doesn't that work?"
Me: "It's generic. It's like me messaging you and saying, "your service is broken". It doesn't give us any insight into what went wrong or *how* we should attempt to troubleshoot the error or where it occurred. You already know what's wrong, so just tell me with the status code."
Team: "But it's ok, right, 500? It's an error?"
Me: "It puts all the troubleshooting responsibility on your consumer to investigate the error at every level. A precise error code could potentially prevent us from bothering you at all."
Team: "How so?"
Me: "Send 401, we know that it's a login issue, 403, something is wrong with the request, 404 we're hitting an endpoint that doesn't exist, 503 we know that the service can't be reached for some reason, 504 means the service exists, but timed out at the gateway or service. In the worst case we're able to triage who needs to be involved to solve the issue, make sense?"
Team: "Oh, sounds cool, so how do we do that?"
Me: "That's down to your technology, your team will need to implement it. Most frameworks handle it out of the box for many cases."
Team: "Ah, ok. We'll send a 500, that sound easiest"
Me: *..l.. -__- ..l..* "Ok, let's get into the other 5 problems with this situation..."
Moral of the story: If this is you: learn the protocol you're utilizing, provide metadata, and stop treating your customers like shit.22 -
I’m surrounded by idiots.
I’m continually reminded of that fact, but today I found something that really drives that point home.
Gather ‘round, everybody, it’s story time!
While working on a slow query ticket, I perused the code, finding several causes, and decided to run git blame on the files to see what dummy authored the mental diarrhea currently befouling my screen. As it turns out, the entire feature was written by mister legendary Apple golden boy “Finder’s Keeper” dev himself.
To give you the full scope of this mess, let me start at the frontend and work my way backward.
He wrote a javascript method that tracks whatever row was/is under the mouse in a table and dynamically removes/adds a “.row_selected” class on it. At least the js uses events (jQuery…) instead of a `setTimeout()` so it could be worse. But still, has he never heard of :hover? The function literally does nothing else, and the `selectedRow` var he stores the element reference in isn’t used elsewhere.
This function allows the user to better see the rows in the API Calls table, for which there is a also search feature — the very thing I’m tasked with fixing.
It’s worth noting that above the search feature are two inputs for a date range, with some helpful links like “last week” and “last month” … and “All”. It’s also worth noting that this table is for displaying search results of all the API requests and their responses for a given merchant… this table is enormous.
This search field for this table queries the backend on every character the user types. There’s no debouncing, no submit event, etc., so it triggers on every keystroke. The actual request runs through a layer of abstraction to parse out and log the user-entered date range, figure out where the request came from, and to map out some column names or add additional ones. It also does some hard to follow (and amazingly not injectable) orm condition building. It’s a mess of functional ugly.
The important columns in the table this query ultimately searches are not indexed, despite it only looking for “create_order” records — the largest of twenty-some types in the table. It also uses partial text matching (again: on. every. single. keystroke.) across two varchar(255)s that only ever hold <16 chars — and of which users only ever care about one at a time. After all of this, it filters the results based on some uncommented regexes, and worst of all: instead of fetching only one page’s worth of results like you’d expect, it fetches all of them at once and then discards what isn’t included by the paginator. So not only is this a guaranteed full table scan with partial text matching for every query (over millions to hundreds of millions of records), it’s that same full table scan for every single keystroke while the user types, and all but 25 records (user-selectable) get discarded — and then requeried when the user looks at the next page of results.
What the bloody fucking hell? I’d swear this idiot is an intern, but his code does (amazingly) actually work.
No wonder this search field nearly crashed one of the servers when someone actually tried using it.
Asdfajsdfk.rant fucking moron even when taking down the server hey bob pass me all the paperclips mysql murder terrible code slow query idiot can do no wrong but he’s the golden boy idiots repeatedly murdered mysql in the face21 -
So, continuing the story, in reverse order, on the warship and its domain setup...
One day, the CO told me that we needed to set up a proper "network". Until now, the "network" was just an old Telcom switch, and an online HDD. No DHCP, no nothing. The computers dropped to the default 169.254.0.0/16 link local block of addresses, the HDD was open to all, cute stuff. I do some research and present to him a few options. To start things off, and to show them that a proper setup is better and more functional, I set up a linux server on one old PC.
The CO is reluctant to approve of the money needed (as I have written before, budget constraints in the military is the stuff of nightmares, people there expect proper setups with two toothpicks and a rubber band). So, I employ the very principles I learned from the holy book Bastard Operator From Hell: terrorizing with intimidating-looking things. I show him the linux server, green letters over black font, ngrep -x running (it spooks many people to be shown that). After some techno-babble I got approval for a proper rack server and new PCs. Then came the hard part: convincing him to ditch the old Telcom switch in favour of a new CISCO Catalyst one.
Three hours of non-stop barrage. Long papers of NATO specifications on security standards. Subliminal threats on security compromises. God, I never knew I would have to stoop so low. How little did I know that after that...
Came the horrors of user support.
Moral of the story: an old greek saying says "even a saint needs terrorizing". Keep that in mind.4 -
So i was working with a small company which were developing software for insurance sector. It was decided then that there should be an app for windows phone community and i was hired to that job.
It took me almost a month to finish the job. Please keep in mind that project was huge and already developed for android counterpart and was a hit in market. This was a chance given to me to prove myself and i proved it.
First month was fantastic for the company as software the company made was not available for windows phone. Price has been set for the software was higher in those time. Almost $15.
Excited by the success i added some more features which were not available on android counter part.
But price was very high. Even i asked management to drop the price because there were less windows phone user but no body listened.
Result : in a year app has made roughly 5000 download in which only 200 paid the actual price. Company asked me to take down the app from store. I was blamed for my over confidence in adding features that this made app less usable. They did not say a word to business managment team. I was fired.
Rough, cruel world.
6 month ago i published my app for same purpose with same feature set and different UI. And made it free. Completely free. Added a link to pay developer $0.5 or Rs 30.
Result: i have now 10 thousands plus download in last 4 month in which almost 3000 users have donated already.
Now i have my resource and my confidence and making an android app for same purpose.
This is my story and is not fake, i am 28 years old. If you think you can, you can.
Amen.4 -
A group of Security researchers has officially fucked hardware-level Intel botnet officially branded as "Intel Management Engine" they did so by gathering it all the autism they were able to get from StackOverflow mods... though they officially call it a Buffer Overflow.
On Wednesday, in a presentation at Black Hat Europe, Positive Technologies security researchers Mark Ermolov and Maxim Goryachy plan to explain the firmware flaws they found in Intel Management Engine 11, along with a warning that vendor patches for the vulnerability may not be enough.
Two weeks ago, the pair received thanks from Intel for working with the company to disclose the bugs responsibility. At the time, Chipzilla published 10 vulnerability notices affecting its Management Engine (ME), Server Platform Services (SPS), and Trusted Execution Engine (TXE).
The Intel Management Engine, which resides in the Platform Controller Hub, is a coprocessor that powers the company's vPro administrative features across a variety of chip families. It has its own OS, MINIX 3, a Unix-like operating system that runs at a level below the kernel of the device's main operating system.
It's a computer designed to monitor your computer. In that position, it has access to most of the processes and data on the main CPU. For admins, it can be useful for managing fleets of PCs; it's equally appealing to hackers for what Positive Technologies has dubbed "God mode."
The flaws cited by Intel could let an attacker run arbitrary code on affected hardware that wouldn't be visible to the user or the main operating system. Fears of such an attack led Chipzilla to implement an off switch, to comply with the NSA-developed IT security program called HAP.
But having identified this switch earlier this year, Ermolov and Goryachy contend it fails to protect against the bugs identified in three of the ten disclosures: CVE-2017-5705, CVE-2017-5706, and CVE-2017-5707.
The duo say they found a locally exploitable stack buffer overflow that allows the execution of unsigned code on any device with Intel ME 11, even if the device is turned off or protected by security software.
For more of the complete story go here:
https://blackhat.com/eu-17/...
https://theregister.co.uk/2017/12/...
I post mostly daily news, commentaries and such on my site for anyone that wish to drop by there19 -
I was in a public place on my laptop, and my laptop went into hibernation to save battery. I switched it back on and then the laptops BIOS came up saying that the battery was critically low, nothing bad here.
Instead of clicking continue, I decided to press "Diagnostics" instead. The diagnostics immediately began to run in the BIOS.
The screen began to show different coloured bars and patterns, obviously a screen test. Then a prompt appeared asking me if coloured bars were displayed. The options were yes and no, and a button saying "Exit" in the top right. Me, not wanting to do a full diagnostics on such a low battery, pressed exit.
The screen turned black, and then flashed red. The beeper on the motherboard began to beep at an ear-piercing volume. It sounded as if it was a bomb about to go off. Everyone around me stared and some people began to even panic. I tried switching it off by holding the power button but nothing was happening. People were just staring all around me.
After about 10 seconds, the beeping stopped and the screen displayed an error message similar to this:
"CRITICAL ERROR: Monitor test FAILED.
No user input was provided."
Moral of the story: Make your program account for all possible options.11 -
We called it "Project Hindenburg".
A huge planning and logistics app with hundreds of screens and dozens of interwoven subfunctions, suddenly needed to be able to support multiple time zones. Our project was to retrofit every area that touched on dates or times, to allow the user to specify, and work in, any time zone.
At this point in the story I can tell whether you have had to work with time zones in code. People who haven't are butting in with something that begins, "that should be fairly simple, you just need to..." followed by some irrelevant noise that betrays their ignorance.
People who have worked with time zones are nodding in shared pain, like fellow attendees of a survivors meeting.
You see, programmers tend to think of time zones as arithmetic; in reality, they are confusing, ambiguous, chaotic, and individual. You can't translate everything into a central time zone (eg UTC) because you lose the user's intent. For example, if you schedule a meeting for 3pm and then move it to the next day, you want it at 3pm even if the clocks have changed.
Project Hindenburg ended up using the entire development staff of the company for well over a year. It smashed our release projections to rubble, made an already tangled code base completely unmaintainable, introduced mind-bending edge case bugs that reduced staff across the company to tears (literally), and led to most of the mid-level and senior developers eventually quitting (including me).
I am @fuckfuckityfuck, and that was the story of Project Hindenburg.11 -
A programmer once explained Nietzsche like this:
A long time ago, god created the world, but forgot to leave a developer documentation, thus the whole world was like legacy code...
And humans are like the end user of this world, and some among them spent time studying it, using the Moral API, hoping to get a result of "http 200 ok" from our world for the peace of mind. But the true operation of this world is still yet unknown...
As time passes, humans begin to find that in Moral API, good and evil are two base classes, and all the other moral properties (like ethic, justice and stuff) are just other classes based on those two classes through multiple inheritance.
One day, when programmer Nietzsche was observing the world's runtime behavior, he came up with a question:
"Did god really use good and evil as base classes? Could it be that they are actually derived classes?"
Most of the world is currently in the favor of mankind, and god must've wrote individual user cases for it's end users, he thought.
This made Nietzsche thinking: if end users are considered into two cases: the strong and the weak, how would the world be designed base on its user story?
Let's think about the strong, they can bully the weak as they please, and there's nothing the weak can do to stop them. In this case whether the Moral API exists or not doesn't fulfill the need of the strong.
But when it comes to the weak, Nietzsche thinks that because the weak cannot fight the strong, they need to belittle bullying and praise the strong for being nice. When the weak does this, it covers their powerless state to some extent, making them look somehow equal to the strong by being capable of commenting.
God might have coded the Moral API to fit the weak's requirement, also adding some public methods for the weak to comment on the strong. If the strong takes care of the weak, they call him nice and good, if the strong bullies people, they call him bad and evil.
That's when Nietzsche realized, that good and evil are both derived classes from the weak, and the base class should be the strong and the weak.
Then he started a series of studies about the Moral API, and got some thesis that persuaded lots of other end users...7 -
!Story
The day I became the 400 pound Chinese hacker 4chan.
I built this front-end solution for a client (but behind a back end login), and we get on the line with some fancy European team who will handle penetration testing for the client as we are nearing dev completion.
They seem... pretty confident in themselves, and pretty disrespectful to the LAMP environment, and make the client worry even though it's behind a login the project is still vulnerable. No idea why the client hired an uppity .NET house to test a LAMP app. I don't even bother asking these questions anymore...
And worse, they insist we allow them to scrape for vulnerabilities BEHIND the server side login. As though a user was already compromised.
So, I know I want to fuck with them. and I sit around and smoke some weed and just let this issue marinate around in my crazy ass brain for a bit. Trying to think of a way I can obfuscate all this localStorage and what it's doing... And then, inspiration strikes.
I know this library for compressing JSON. I only use it when localStorage space gets tight, and this project was only storing a few k to localStorage... so compression was unnecessary, but what the hell. Problem: it would be obvious from exposed source that it was being called.
After a little more thought, I decide to override the addslashes and stripslashes functions and to do the compression/decompression from within those overrides.
I then minify the whole thing and stash it in the minified jquery file.
So, what LOOKS from exposed client side code to be a simple addslashes ends up compressing the JSON before putting it in localStorage. And what LOOKS like a stripslashes decompresses.
Now, the compression does some bit math that frankly is over my head, but the practical result is if you output the data compressed, it looks like mandarin and random characters. As a result, everything that can be seen in dev tools looks like the image.
So we GIVE the penetration team login credentials... they log in and start trying to crack it.
I sit and wait. Grinning as fuck.
Not even an hour goes by and they call an emergency meeting. I can barely contain laughter.
We get my PM and me and then several guys from their team on the line. They share screen and show the dev tools.
"We think you may have been compromised by a Chinese hacker!"
I mute and then die my ass off. Holy shit this is maybe the best thing I've ever done.
My PM, who has seen me use the JSON compression technique before and knows exactly whats up starts telling them about it so they don't freak out. And finally I unmute and manage a, "Guys... I'm standing right here." between gasped laughter.
If only it was more common to use video in these calls because I WISH I could have seen their faces.
Anyway, they calmed their attitude down, we told them how to decompress the localStorage, and then they still didn't find jack shit because i'm a fucking badass and even after we gave them keys to the login and gave them keys to my secret localStorage it only led to AWS Cognito protected async calls.
Anyway, that's the story of how I became a "Chinese hacker" and made a room full of penetration testers look like morons with a (reasonably) simple JS trick.9 -
So, some time ago, I was working for a complete puckered anus of a cosmetics company on their ecommerce product. Won't name names, but they're shitty and known for MLM. If you're clever, go you ;)
Anyways, over the course of years they brought in a competent firm to implement their service layer. I'd even worked with them in the past and it was designed to handle a frankly ridiculous-scale load. After they got the 1.0 released, the manager was replaced with some absolutely talentless, chauvinist cuntrag from a phone company that is well known for having 99% indian devs and not being able to heard now. He of course brought in his number two, worked on making life miserable and running everyone on the team off; inside of a year the entire team was ex-said-phone-company.
Watching the decay of this product was a sheer joy. They cratered the database numerous times during peak-load periods, caused $20M in redis-cluster cost overrun, ended up submitting hundreds of erroneous and duplicate orders, and mailed almost $40K worth of product to a random guy in outer mongolia who is , we can only hope, now enjoying his new life as an instagram influencer. They even terminally broke the automatic metadata, and hired THIRTY PEOPLE to sit there and do nothing but edit swagger. And it was still both wrong and unusable.
Over the course of two years, I ended up rewriting large portions of their infra surrounding the centralized service cancer to do things like, "implement security," as well as cut memory usage and runtimes down by quite literally 100x in the worst cases.
It was during this time I discovered a rather critical flaw. This is the story of what, how and how can you fucking even be that stupid. The issue relates to users and their reports and their ability to order.
I first found this issue looking at some erroneous data for a low value order and went, "There's no fucking way, they're fucking stupid, but this is borderline criminal." It was easy to miss, but someone in a top down reporting chain had submitted an order for someone else in a different org. Shouldn't be possible, but here was that order staring me in the face.
So I set to work seeing if we'd pwned ourselves as an org. I spend a few hours poring over logs from the log service and dynatrace trying to recreate what happened. I first tested to see if I could get a user, not something that was usually done because auth identity was pervasive. I discover the users are INCREMENTAL int values they used for ids in the database when requesting from the API, so naturally I have a full list of users and their title and relative position, as well as reports and descendants in about 10 minutes.
I try the happy path of setting values for random, known payment methods and org structures similar to the impossible order, and submitting as a normal user, no dice. Several more tries and I'm confident this isn't the vector.
Exhausting that option, I look at the protocol for a type of order in the system that allowed higher level people to impersonate people below them and use their own payment info for descendant report orders. I see that all of the data for this transaction is stored in a cookie. Few tests later, I discover the UI has no forgery checks, hashing, etc, and just fucking trusts whatever is present in that cookie.
An hour of tweaking later, I'm impersonating a director as a bottom rung employee. Score. So I fill a cart with a bunch of test items and proceed to checkout. There, in all its glory are the director's payment options. I select one and am presented with:
"please reenter card number to validate."
Bupkiss. Dead end.
OR SO YOU WOULD THINK.
One unimportant detail I noticed during my log investigations that the shit slinging GUI monkeys who butchered the system didn't was, on a failed attempt to submit payment in the DB, the logs were filled with messages like:
"Failed to submit order for [userid] with credit card id [id], number [FULL CREDIT CARD NUMBER]"
One submit click later and the user's credit card number drops into lnav like a gatcha prize. I dutifully rerun the checkout and got an email send notification in the logs for successful transfer to fulfillment. Order placed. Some continued experimentation later and the truth is evident:
With an authenticated user or any privilege, you could place any order, as anyone, using anyon's payment methods and have it sent anywhere.
So naturally, I pack the crucifixion-worthy body of evidence up and walk it into the IT director's office. I show him the defect, and he turns sheet fucking white. He knows there's no recovering from it, and there's no way his shitstick service team can handle fixing it. Somewhere in his tiny little grinchly manager's heart he knew they'd caused it, and he was to blame for being a shit captain to the SS Failboat. He replies quietly, "You will never speak of this to anyone, fix this discretely." Straight up hitler's bunker meme rage.13 -
Long story short, I'm unofficially the hacker at our office... Story time!
So I was hired three months ago to work for my current company, and after the three weeks of training I got assigned a project with an architect (who only works on the project very occasionally). I was tasked with revamping and implementing new features for an existing API, some of the code dated back to 2013. (important, keep this in mind)
So at one point I was testing the existing endpoints, because part of the project was automating tests using postman, and I saw something sketchy. So very sketchy. The method I was looking at took a POJO as an argument, extracted the ID of the user from it, looked the user up, and then updated the info of the looked up user with the POJO. So I tried sending a JSON with the info of my user, but the ID of another user. And voila, I overwrote his data.
Once I reported this (which took a while to be taken seriously because I was so new) I found out that this might be useful for sysadmins to have, so it wasn't completely horrible. However, the endpoint required no Auth to use. An anonymous curl request could overwrite any users data.
As this mess unfolded and we notified the higher ups, another architect jumped in to fix the mess and we found that you could also fetch the data of any user by knowing his ID, and overwrite his credit/debit cards. And well, the ID of the users were alphanumerical strings, which I thought would make it harder to abuse, but then realized all the IDs were sequentially generated... Again, these endpoints required no authentication.
So anyways. Panic ensued, systems people at HQ had to work that weekend, two hot fixes had to be delivered, and now they think I'm a hacker... I did go on to discover some other vulnerabilities, but nothing major.
It still amsues me they think I'm a hacker 😂😂 when I know about as much about hacking as the next guy at the office, but anyways, makes for a good story and I laugh every time I hear them call me a hacker. The whole thing was pretty amusing, they supposedly have security audits and QA, but for five years, these massive security holes went undetected... And our client is a massive company in my country... So, let's hope no one found it before I did.6 -
Apparently, part of being a software engineer means knowing how to read minds and do other people's jobs.
While implementing a user story for marketing, we found some associated features that, according to the database, have not been used for years. We tell them this. We do the courtesy of asking, "Hey, is there anything on the site that is utilizing these features? We'd like to clean up the DB."
"We don't know."
Engineering suggests, "Ok, lets turn the feature off, then, and see if anyone complains. It's been years according to the DB."
Marketing gets angry and hostile and says, "That's not the way to do things!"
I don't vocalize, "Well, not knowing how to do your own damned job is not the way to do things."
-
Marketing asks us to integrate a third party feature to the site. We ask, "Ok, what page do you want it on, and what information do you want to collect, and what should it look like?"
"I don't know. You're engineering. You tell us."
We implement it as best we can.
Marketing says, "HEY! This isn't done right! It's missing this and this and this!"
"Did you ask us to implement that? According to the user story, it passes acceptance criteria."
Marketing says, "I thought you would just know that! I didn't know it was a separate thing. Just put it on all the pages, then. You guys really should know the site better."
Engineering gets angry and hostile
-
Marketing says, "We need this removed from the site."
Engineering replies, "We have a GUI for that. Just go to this URL and you can do it yourself."
Marketing replies, "Well, if that's a really complicated thing, can you just run a script against the DB?"
Engineering says, "If we've built a UI for you, we really shouldn't be executing SQL scripts directly against the DB."
Marketing gets angry and hostile.
-
Engineering tries asking nicely.
"Marketing, if you want us to add new stuff to the site, or change stuff, please tell us what it is and where it should go and what the customer experience should be like."
Marketing replies, "We don't know the site that well. We are leaning on you to tell us."
I do not vocalize, all while trying to keep my eyes from bulging out of my head, my face red with rage, "YOU ARE IN CHARGE OF SELLING SHIT ON A WEBSITE THAT YOU KNOW NOTHING ABOUT. YOU ARE ASKING FOR CHANGES TO SOMETHING YOU DON'T EVEN UNDERSTAND. WHAT IS WRONG WITH THIS PICTURE?"
Engineering is angry and hostile.3 -
Hashedram's compilations #1
List of most annoying website designs.
1) Pages with AUTO PLAYING VIDEOS.
Yes I'm looking at you Netflix. Along with every news website known to man. I'm looking to read a fucking article, so why would you even waste your money and bandwidth trying to shove a video of some shit I don't care about in my face, and make it follow me as I scroll down like a fucking insecure puppy. Also, fuck you Instagram.
2) Pages that redirect once immediately after you visit them, thereby fucking with the browser history and the BACK BUTTON just leads back to the same fucking site.
I mean, just why. Did you think I would just go "Hey the back button doesn't work so let's stay on the site and read their awesome content"?
3) Sites showing things in a SLIDESHOW, when it actually should be in a list.
Slideshows are for progressive stories or for showing lists where you don't care about what's in them. Top 10 foods that reduce weight. Slideshow 1/15. Fuck you.
4) LOOKS LIKE YOU'RE USING AN AD BLOCKER
Yes. Yes I am. No I will not turn it off for you, you narcissistic snowflake fuck. And don't even try to guilt shame me into turning it off, because I know you're just going to bombard me with videos of sexy singles in the area if I do.
5) Pages where I see the first 3 lines of an article and have to SUBSCRIBE to see more.
Yes. Brilliant fucking idea. A user wants to see what your site has to offer, so within the first three seconds, don't show him exactly that.
6) Looking up an article and having to read through the entire motivational life story of the author.
I just want to know how to boil eggs, not read about your journey across Africa learning how to make difference recepies using boiled rhino dung.
7) CLICK BAIT.
Title: School boy designs blockchain machine learning game engine
Actual Content: Tic tac toe program made using linked lists6 -
Hello everyone, this is my first time here so hi! I want to tell you all a story about my current situation.
At 18 while in the military I was able to get my first computer, it was a small hp pavilion laptop with windows 7. The system would crash constantly, even though I would only use it for googling stuff and using fb to talk to people. 5 months after I got it and continuously hated it decided to find out why and who could I blame (other than myself) for the system making me do the ctrl alt del dance all the time....
Found out that there are people called computer programmers that made software. Decided to give it a go since I had some free time most days. Started out with c++ because it was being recommended in some websites. Had many "oh deeeeer lord" moments. After not getting much traction I decided to move to Java which seemed like an easier step than C++. Had fun, but after some verbosity I decided to move into more dynamic lands. Tried JS and since at the time there was no Node and I was not very into the idea of building websites I decided to move into Python, Ruby, PHP and Perl and had a really great time using and learning all of them. I decided to get good in theoretical aspects of computer programming and since I had a knack for math I decided to get started with basic computer science concepts.
I absolutely frigging loved it. And not only that, but learning new things became an obsession, the kind that would make me go to bed at 02:40 am just to wake up at 04:00 or 06:00 because the military is like that. I really wanted to absorb as much as I could since I wanted to go to college for it and wanted to be prepared since I did not wanted to be a complete newb. Took Harvard CS50, Standford Programming 101 with Java, Rice's Python course and MIT's Python programming class. I had so much fun I don't regret it one bit.
By the time I got to college I had already made the jump to Linux and was an adept Arch user, Its not that it was superior or anything, but it really forced me to learn about Linux and working around a terminal and the internals of the system to get what I want. Now a days I settle for Fedora or Debian based systems since they are easier and time is money.
Uni was a breeze, math was fun and the programming classes seemed like glorified "Hello World" courses. I had fun, but not that much fun, most of my time was spent getting better at actual coding. I am no genius, nor my grades were super amazing(I did graduate with honors though) but I had fun, which never really happened in school before that.
While in school I took my first programming gig! It was in ASP.NET MVC, we were using C#, I got the job through a customer that I met at work, I was working in retail during the time and absolutely hated it. I remember being so excited with the gig, I got to meet other developers! Where I am from there aren't that many and most of them are very specialized, so they only get concerned with certain aspects of coding (e.g VBA developers.....) and that is until I met the lead dev. He was by far one of the biggest assholes I had ever met in my life. Absolutely nothing that I would do or say made hem not be a dick. My code was steady, but I would find bugs of incomplete stuff that he would do, whenever I would fix it he would belittle me and constantly remind me of my position as a "junior dev" in the company saying things as "if you have an issue with my code or standards tell me, but do not touch the code" which was funny considering that I would not be able to advance without those fixes. I quit not even 3 months latter because I could not stand the dick, neither 2 of the other developers since the immediately resigned after they got their own courage.
A year latter I was able to find myself another gig. I was hesitant for a moment since it was another remote position in which I had already had a crappy experience. Boy this one was bad. To be fair, this was on me since I had to get good with Lumen after only having some exposure to Laravel. Which I did mentioned repeatedly even though he did offer to train me in order to help him. Same thing, after a couple of weeks of being told how much I did not know I decided to get out.
That is 2 strikes.
So I waited a little while and took a position inside another company that was using vanilla PHP to build their services. Their system was solid though, the lead engineer remains a friend and I did learn a lot from him. I got contracted because they were looking for a Java developer. The salary was good. But when I got there they mentioned that they wanted a developer in Java...to build Android. At the time I was using Java with Spring so I though "well how hard can this be! I already use Android so the love for the system is there, lets do this!" And it was an intense, fun and really amazing experience.
-- To be continued.10 -
Story time:
At a precious employer.
Hire shit-hot contractor.
No technical test at interview stage because he’s so shit-hot.
Is a uni lecturer.
PhD in mathematics.
Me: Shit, this guy must be good!
6 months later and a tragedy of errors and clearly misspent company funds later:
Manager: can you look at what x did and merge it into the product?
Me: Sure. *looks* *yells fuck very loudly*
*walks over to manager*
“Soooo... you know those 6 months and thousands and thousands you spent? It’s all for nought. There’s barely anything there, and none of it works.”
Manager: “Shit. What are we going to do? Can you fix it?”
Me: “To be honest, it would be quicker to just do it from scratch than try to work out what he’s done and failed to do.”
Manager: “Fuck. Ok. Go for it.”
I then had to build this entire new lot of systems, a workflow system, a user management and permissions system.
I got it done inside a month or so.
For context, we (the devs) knew something was afoot when the contractor couldn’t work out why his keyboard wasn’t working (it wasn’t plugged in), and he also *really* struggled to find his way around visual studio and git.
The moral of this tale? *always always* screen your candidates. Even if they seem amazing on paper.15 -
I did it: I built up another PC identical to my machine (https://devrant.com/rants/2923002/...) for my SO and installed Linux Mint for her, too. That had been my primary motive for an easy and stable distro in the first place.
Now that didn't come out of the blue. We were discussing the end of Win 7 already two years ago where I brought up my concerns with Win 10 - mainly the forced, lousy updates and the integrated spyware, and that I was considering Linux as way out.
I had expected quite some pushback because she had been exclusively on Windows since the 90s. However, I didn't sell Linux as upgrade. It's just that Win 7 is over, progress under Windows as well, and we're in damage control mode. Went down pretty well.
Fast forward three weeks - remember, first time Linux user and no IT-geek:
- it just works, including web, videos, and music.
- she likes Cinnamon.
- nice desktop themes.
- Redshift is as good as f.lux.
- software installation is just like an app store.
- updates work via an easy tray icon.
- quote: "Linux is great!"
- given this alternative, she doesn't understand why people willingly put up with Win 10.
- no drive letters: already forgotten.
- popcorn for upcoming Win 10 disaster stories.
- why do Windows updates take that long?
- why does Windows need to reboot for every update?
- why does Windows hang in that update boot screen for so long?
I'm impressed that Linux has come so far that it's suitable for end users. Next in line is her father who wants to try Linux, but that will be a story for tomorrow.22 -
Hello again, everyone. I've been busy with all the paperwork at my ship (will make a post about it later) but for now, I'll bore you with another story (not navy one, fortunately) to justify my slacking off.
And this story... is the story on how I got into ITSec. And it is pretty damn embarrassing. It all began when I was 16. I was hooked on battleknight.gameforge.com, a browser game. My father had just had ADSL installed at our home, and the new opportunities before me were endless. Well...
After I've had my fill with the porn torrents and them opportunities dwindled to just a few dozens, I began searching for free games, and I stumbled on that game. I played a lot, but as a free-to-play game, it was also pay-to-win. I didn't have a credit card, so I paid for a few gems with SMS messages. Fast forward a couple of years, I got into the Naval Academy. A guy came in to advertise something (I think it was an encyclopaedia or something - yes, wikipedia wasn't a thing back then) and to pay for it, we could apply for a credit card. So I applied. And I resisted the temptation for a year.
Note: prepaid wasn't that known where I live, so using credit cards was the only way for online transactions.
So I made 1 transaction. Just one. After a couple of months my monthly report from the bank came, showing a 2.5$ (I think) transaction on Paypal. I paid no mind, thinking that it was some hidden fee. Oh boy, I shit you not, I was THAT much of an idiot. Six months later, BOOM!
600$ transaction to ebay via paypal. You can imagine all those nice things that came to my mind. In any case, the bank accepted my protest that I filed at their central offices and cancelled the transaction. I promptly cancelled my card, destroyed it right there for good measure, and got to thinking... what the fuck just happened?
As many people here, I am afflicted with a deadly virus, called curiosity. I started researching the matter, trying to figure out how. And, because I didn't like black boxes and "it is just like it is" explanations, I tumbled down the rabbit hole of ITSec. I soon found out that, not only it was possible, but also it was sometimes EXTREMELY easy to steal credit card info. There are sites, to this very day, that store user info (along with credit cards info) IN FUCKING CLEARTEXT. Sometimes your personal, financial and even medical info are just an SQLi away.
So, I got very disillusioned on many things. But I never regretted it. It may cause me to age prematurely and will kill me of stroke or heart attack one day, but as I still tumble down the ITSec rabbit hole, I can say with confidence that
I REGRET NOTHING
Plus, my 600$ were returned, so look on the bright side :)1 -
Received a urgent email from a business client saying that the application we support is completely broken. Their staff said they used the app to send several submissions that day but they did not come through. This is a major issue as these submissions need to occur daily.
I understand that this is a priority so I immediately check everything. I test the app, the server, check the database. Everything seems fine, but there's no record of these submissions. Maybe it's the specific device that was used. I reply saying that everything seems to be in order. Can I please be provided with more information about what occurred? What time were the submissions sent?
Client replies saying that the submissions were definitely sent and that the staff swear by it.
I now know something is up, so I remote into the the devices in question and check the logs. The app was not even used that day! I've got them! Those liars!
I am now quite pissed off, but remain professional and reply saying that we log all app events and that the logs show that the app had not been used at all that day. Now they have to own up to their lie. Right?
Wrong. Client replies with: The issue has been fixed. Thanks.
Can you believe the bloody nerve? The client doesn't even have the decency to apologise but rather insinuates that it was all our fault.
Well I'm not having that. I reply: It is great that the app is functioning correctly. However, I believe it is important to understand the cause of the issue as to prevent it from occuring again.
Client: No reply.
Well, if you want to waste other people's time, here's the fat bill.
Moral of the story. Don't trust anything that the client says and for any issue, debug the user before doing anything else.2 -
Long rant ahead.. so feel free to refill your cup of coffee and have a seat 🙂
It's completely useless. At least in the school I went to, the teachers were worse than useless. It's a bit of an old story that I've told quite a few times already, but I had a dispute with said teachers at some point after which I wasn't able nor willing to fully do the classes anymore.
So, just to set the stage.. le me, die-hard Linux user, and reasonably initiated in networking and security already, to the point that I really only needed half an ear to follow along with the classes, while most of the time I was just working on my own servers to pass the time instead. I noticed that the Moodle website that the school was using to do a big chunk of the course material with, wasn't TLS-secured. So whenever the class begins and everyone logs in to the Moodle website..? Yeah.. it wouldn't be hard for anyone in that class to steal everyone else's credentials, including the teacher's (as they were using the same network).
So I brought it up a few times in the first year, teacher was like "yeah yeah we'll do it at some point". Shortly before summer break I took the security teacher aside after class and mentioned it another time - please please take the opportunity to do it during summer break.
Coming back in September.. nothing happened. Maybe I needed to bring in more evidence that this is a serious issue, so I asked the security teacher: can I make a proper PoC using my machines in my home network to steal the credentials of my own Moodle account and mail a screencast to you as a private disclosure? She said "yeah sure, that's fine".
Pro tip: make the people involved sign a written contract for this!!! It'll cover your ass when they decide to be dicks.. which spoiler alert, these teachers decided they wanted to be.
So I made the PoC, mailed it to them, yada yada yada... Soon after, next class, and I noticed that my VPN server was blocked. Now I used my personal VPN server at the time mostly to access a file server at home to securely fetch documents I needed in class, without having to carry an external hard drive with me all the time. However it was also used for gateway redirection (i.e. the main purpose of commercial VPN's, le new IP for "le onenumity"). I mean for example, if some douche in that class would've decided to ARP poison the network and steal credentials, my VPN connection would've prevented that.. it was a decent workaround. But now it's for some reason causing Moodle to throw some type of 403.
Asked the teacher for routers and switches I had a class from at the time.. why is my VPN server blocked? He replied with the statement that "yeah we blocked it because you can bypass the firewall with that and watch porn in class".
Alright, fair enough. I can indeed bypass the firewall with that. But watch porn.. in class? I mean I'm a bit of an exhibitionist too, but in a fucking class!? And why right after that PoC, while I've been using that VPN connection for over a year?
Not too long after that, I prematurely left that class out of sheer frustration (I remember browsing devRant with the intent to write about it while the teacher was watching 😂), and left while looking that teacher dead in the eyes.. and never have I been that cold to someone while calling them a fucking idiot.
Shortly after I've also received an email from them in which they stated that they wanted compensation for "the disruption of good service". They actually thought that I had hacked into their servers. Security teachers, ostensibly technical people, if I may add. Never seen anyone more incompetent than those 3 motherfuckers that plotted against me to save their own asses for making such a shitty infrastructure. Regarding that mail, I not so friendly replied to them that they could settle it in court if they wanted to.. but that I already knew who would win that case. Haven't heard of them since.
So yeah. That's why I regard those expensive shitty pieces of paper as such. The only thing they prove is that someone somewhere with some unknown degree of competence confirms that you know something. I think there's far too many unknowns in there.
Nowadays I'm putting my bets on a certification from the Linux Professional Institute - a renowned and well-regarded certification body in sysadmin. Last February at FOSDEM I did half of the LPIC-1 certification exam, next year I'll do the other half. With the amount of reputation the LPI has behind it, I believe that's a far better route to go with than some random school somewhere.25 -
Let me tell you a story:
One upon a time poor lil PonySlaystation received a call. It was a nice guy who cried about his WordPress website had been hacked. So the clusterfuck began...
He gave me the login credentials for the hosting back-end, DB, FTP and CMS.
A hacked WP site was not new for me. It was probably the 6th of maybe 10 I had to do with.
What I didn't expect was the hosting back-end.
Imagine yourself back in 1999 when you tried to learn PHP and MySQL and all was so interesting and cool and you had infinite possibilities! Now forget all these great feelings and just take that ancient technology to 2018 and apply it to a PAID FUCKING HOSTING PROVIDER!
HOLY FUCKING ASSRAPE!
Wanna know what PHP version?
5.3.11, released the day before gomorrah was wiped.
The passwords? Stored in fucking plaintext. Shown right next to the table name and DB user name in the back-end. Same with FTP users.
EXCUSE ME, WHAT THE FUCK?!
I have to call Elon Musk and order some Boring Company Flame Throwers to get rid of this.
Long story long, I set up a new WP, changed all passwords and told the nice guy to get a decent hoster.4 -
TL;DR :
"when i die i want my group project members to lower me into my grave so they can let me down one last time"
STORY TIME
Last year in College, I had two simultaneous projects. Both were semester long projects. One was for a database class an another was for a software engineering class.
As you can guess, the focus of the projects was very different. Databases we made some desktop networked chat application with a user login system and what not in Java. SE we made an app store with an approval system and admin panels and ratings and reviews and all that jazz in Meteor.js.
The DB project we had 4 total people and one of them was someone we'll call Frank. Frank was also in my SE project group. Frank disappeared for several weeks. Not in class, didn't contact us, and at one point the professors didn't know much either. As soon as we noticed it would be an issue, we talked to the professors. Just keeping them in the loop will save you a lot of trouble down the road. I'm assuming there was some medical or family emergency because the professors were very understanding with him once he started coming back to class and they had a chance to talk.
Lesson 1: If you have that guy that doesn't show up or communicate, don't be a jerk to them and communicate with your professor. Also, don't stop trying to contact the rogue partner. Maybe they'll come around sometime.
It sucked to lose 25% of our team for a project, but Frank appreciated that we didn't totally ignore him and throw him under the bus to the point that the last day of class he came up to me and said, "hey, open your book bag and bring it next to mine." He then threw a LARGE bottle of booze in there as a thank you.
Lesson 2: Treat humans as humans. Things go wrong and understanding that will get you a lot farther with people than trying to make them feel terrible about something that may have been out of their control.
Our DB project went really well. We got an A, we demoed, it worked, it was cool. The biggest problem is I was the only person that had taken a networking class so I ended up doing a large portion of the work. I wish I had taken other people's skills into account when we were deciding on a project. Especially because the only requirement was that it needed to have a minimum of 5 tables and we had to use some SQL language (aka, we couldn't use no-SQL).
The SE project had Frank and a music major who wanted to minor in CS (and then 3 other regular CS students aside from me). This assignment was make an app store using any technology you want. But, you had to use agile sprints. So we had weekly meetings with the "customer" (the TA), who would change requirements on us to keep us on our toes and tell us what they wanted done as a priority for the next meeting. Seriously, just like real life. It was so much fun trying to stay ahead of that.
So we met up and tried to decided what to use. One kid said Java because we all had it for school. The big issue is trying to make a Java web app is a pain in the ass. Seriously, there are so many better things to use. Other teams decided to use Django because they all wanted to learn Python. I suggested why not use something with a nice package system to minimize duplicating work that had already been done and tested by someone. Kid 1 didn't like that because he said in the real world you have to make your own software and not use packages. Little did he know that I had worked in SE for a few years already and knew damn well that every good project has code from somewhere else that has already solved a problem you're facing. We went with Java the first week. It failed miserably. Nobody could get the server set up on their computers. Using VCS with it required you to keep the repo outside of the where you wrote code and copy and paste changes in there. It was just a huge flop so everyone else voted to change.
Lesson 3: Be flexible. Be open to learning new things. Don't be afraid to try something new. It'll make you a better developer in the long run.
So we ended up using Meteor. Why? We all figured we could pick up javascript super easy.Two of us already knew it. And the real time thing would make for some cool effects when an app got a approved or a comment was made. We got to work and the one kid was still pissed. I just checked the repo and the only thing he committed was fixing the spelling of on word in the readme.
We sat down one day and worked for 4 straight hours. We finished the whole project in that time. While other teams were figuring out how to layout their homepage, we had a working user system and admin page and everything. Our TA was trying to throw us for loops by asking for crazy things and we still came through. We had tests that ran along side the application as you used it. It was friggin cool.
Lesson 4: If possible, pick the right tool for the job. Not the tool you know. Everything in CS has a purpose. If you use it for its purpose, you will save days off of a project.1 -
Summary: Burnout, and everything's broken.
I don't feel like doing a damn thing today. I look at the code and cringe. I look at Slack and think "ugh. i can't." Mental capitals are even too much work.
(I've started reading "Zen and the Art of Motorcycle Maintenance" to try and combat burnout. I'll write a rant/story about it here if I find it helpful. but all I want to do today is drink tea and read.)
But onto the story:
Heroku is deprecating support for and will automatically upgrade any old verisons of Postgres running on its platform after August something (like five days from now).
I performed the upgrade to PG10 on Sunday (and late into the night), provisioning a new follower, blah blah blah.
However, the version of Rails we're using (4.2.x) doesn't support PG10 sequences, so I manually added in support via a monkeypatch. I did this on our QA servers first, obviously, and everything worked as expected. After half a day of no issues, I did the same on production, and again: everything worked as expected.
But today? I keep hearing about new things that are broken. One specific type of alert doesn't work for one specific person (wat). Can't send [redacted] at all. Can't update merchants! Yet there are magically no errors logged.
That last one (well, two) are just great; let me explain: when there's an error concerning merchants, the error gets caught, isn't logged or recorded anywhere so it just disappears, and the rescue block triggers a json response instead and happily exits. This is for an internal admin tool, so returning a user-friendly error is kinda stupid anyway, but masking what actually happened? fuck that dev with an obelisk made from spikes and solidified pain. That json response is also lovely: it's a 200 OK returning {status: 1, data: "[generic message containing incorrect IT jargon]"}. Doesn't even say "error" anywhere. Bloody everything about this pattern is absolutely wrong. Even the friggin' text.
Fucking hell. I want to pipe the entire codebase into shred and walk out the door.
But I digress. So many things are broken, my motivation is wanning to a sliver, and I have a conference call today where I'll undoubtedly be asked why everything is on smoking and/or on fire, and my huge and overly productive week last week will ofc mean nothing by contrast.
Ugh.
`shred ~/dev/work -zfu -n 32 &; ./brew tea --hot && wine ~/takeabreak.exe`rant zen and the art of motorcycle maintenance postgres heroku ship's sinking and the fixer's all fixed out burnout21 -
How many guys have experienced this?
Heard this from a supposed Linux user
Other dev: I have been using Linux for 3 years I'm really good at it.
Then sees me use "cd" and "mv" commands
Other dev: wow that's some complex stuff
Me: 😂😂😂
True story2 -
I starten when I was 12 years old. I got bullied and got interested in computers. One day I crashed my dads computer and he reinstalled it. After that my dad made two accounts. The regular user (my account) and the Administrator user (my dads account). He also changed the language from Dutch to English. Gladly I could still use the computer by looking at the icons :')
Everytime I needed something installed I had to ask my dad first (for games mostly because there was no cable internet at that time). Then I noticed the other user account while looking over my dads shoulders. So I tried to guess the password and found out the password was the same as the label next to the password field "password".
At that point my interest in hacking had grown. So when we finally got cable internet and my own computer (the old one) MSN Messenger came around. I installed lots of stuff like flooders etc. Nobody I knew could do this and people always said; he is a hacker. Although it is not.
I learned about IP-address because we sometimes had trouble with the internet. So when my dad wasn't home he said to me. Click on this (command prompt) and type in; ipcondig /all. If you don't see an IP-address you should type in; ipconfig /renew.
Thats when I learned that every computer has a unique address and I started fooling around with hacking tools I found on internet (like; Subseven).
When I got older I had a new friend and fooled around with the hacking tools on his computer. Untill one day I went by my friend and he said; my neighbor just bought my old computer. The best part was that he didn't reinstall it. So we asked him to give us the "weird code on the website" his IP-Address and Subseven connected. It was awesome :'). (Windows firewall was not around back then and routers weren't as popular or needed)
At home I started looking up more hacking stuff and found a guide. I still remember it was a white page with only black letters like a text file. It said sometime like; To be a hacker you first need to understand programming. The website recommended Visual Basic 6 for beginners. I asked my parents to buy me a book about it and I started reading in the holliday.
It was hard for me but I really wanted to hack MSN accounts. When I got older I just played around and copy -> pasted code. I made my own MSN flooders and I noticed hacking isn't easy.
I kept programming and learned and learned. When I was 16/17 I started an education in programming. We learned C# and OOP (altho I hated OOP at first). I build my own hacking tool like "Subseven" and thats when I understood you need a "server" and "client" for a successful connection.
I quit the hacking because it was getting to difficult and after another education I'm now a fulltime back-end developer in C#.
That's my story in short :)3 -
Hi everyone, long time no see.
Today I want to tell you a story about Linux, and its acceptance on the desktop.
Long ago I found myself a girlfriend, a wonderful woman who is an engineer too but who couldn't be further from CS. For those in the know, she absolutely despises architects. She doesn't know the size units of computers, i.e. the multiples of the byte. Breaks cables on the regular, and so on. For all intents and purposes, she's a user. She has written some code for a college project before, but she is by no means a developer.
She has seen me using Linux quite passionately for the last year or so, and a few weeks ago she got so fed up with how Windows refused to work on both her computers (on one of them literally failing to run exe's, go figure), that she allowed me to reinstall both systems, with one of them being dualbooted Windows 10 + Linux.
The computer that runs Linux is not one she uses very often, but for gaming (The Sims) it's her platform to go. On it I installed Debian KDE, for the following reasons:
- It had to be stable as I didn't want another box to maintain.
- It had to be pretty OOTB, as first impressions are crucial.
- It had to be easy to use, given her skill level.
- It had to have a GUI abstraction to apt, the KDE team built Discover which looks gorgeous.
She had the following things to say about Linux, when she went to download The Sims from a torrent (I installed qBittorrent for her iirc).
"Linux is better, there's no need to download anything"
"Still figuring things out, but I'm liking it"
"I'm scared of using Windows again, it's so laggy"
"Linux works fine, I'm becoming a Linux user"
Which you can imagine, it filled me with pride. We've done it boys. We've built a superior system that even regular users can use, if the system is set up to be user-friendly.
There are a few gripes I still have, and pitfalls I want to address. There's still too many options, users can drown in the sheer amount of distro's to choose from. For us that's extremely important but they need to have a guide there. However, don't do remote administration for them! That's even worse than Microsoft's tracking! Whenever you install Linux on someone else's computer, don't be all about efficiency, they are coming from Windows and just want it to be easy to use. I use Mate myself, but it is not the thing I would recommend to others. In other words, put your own preferences aside in favor of objective usability. You're trying to sell people on a product, not to impose your own point of view. Dualboot with Windows is fine, gaming still sucks on Linux for the most part. Lots of people don't have their games on Steam. CAD software and such is still nonexistent (OpenSCAD is very interesting but don't tell me it's user-friendly). People are familiar with Windows. If you were to be swimming for the first time in the deep water, would you go without aids? I don't think so.
So, Linux can be shown and be actually usable by regular people. Just pitch it in the right way.11 -
After completing my sprint and some lingering stuff in the backlog
Me: Hey, there's this tiny feature people have really requested, I'll go build it since I got nothing else to do at the moment. It'll only take like 1h
PO: Hmm ok. Don't work on that yet, we need to check with business people and agree on the user stories and bla bla bla
Me: Ok, well there's these bugs I can take care of then, I'll get them fixed, won't be long.
PO: Hmmm, we need to measure the impact first. Let me get back to you on that a bit later
Me: Meh, oh. I'll refactor this bad component meanwhile then.
PO: Have you created a story for that in JIRA? Create the story first and then we'll groom it and take it in when we've time
Me in my head: Dafuq! Im trying to work on your fucking project but you keep throwing all that business bueraucracy shit at me. What am I supposed to do then? Sip coffee in the kitchen and talk about the other fucking billion failed "new business opportunities" with my peers? Fuck this circle jerk of a billion management people all trying to make themselves important. Nothing. Ever. Gets. Fucking. Done!!!
Me: Ah right, I'll do that *proceeds to the water cooler*5 -
I'll use this topic to segue into a related (lonely) story befitting my mood these past weeks.
This is entire story going to sound egotistical, especially this next part, but it's really not. (At least I don't think so?)
As I'm almost entirely self-taught, having another dev giving me good advice would have been nice. I've only known / worked with a few people who were better devs than I, and rarely ever received good advice from them.
One of those better devs was my first computer science teacher. Looking back, he was pretty average, but he held us to high standards and gave good advice. The two that really stuck with me were: 1) "save every time you've done something you don't want to redo," and 2) "printf is your best debugging friend; add it everywhere there's something you want to watch." Probably the best and most helpful advice I've ever received 😊
I've seen other people here posting advice like "never hardcode" or "modularity keeps your code clean" -- I had to discover these pretty simple concepts entirely on my own. School (and later college) were filled with terrible teachers and worse students, and so were almost entirely useless for learning anything new.
The only decent dev I knew had brilliant ideas (genetic algorithms, sandboxing, ...) before they were widely used, but could rarely implement them well because he was generally an idiot. (Idiot sevant, I think? Definitely the idiot part.) I couldn't stand him. Completely bypassing a ridiculously long story, I helped him on a project to build his own OS from scratch; we made very impressive progress, even to this day. Custom bootloader, hardware interfacing, memory management, (semi) sandboxed processes, gui, example programs ...; we were in highschool. I'm still surprised and impressed with what we accomplished.
But besides him, almost every other dev I met was mediocre. Even outside of school, I went so many years without having another competent dev to work with. I went through various jobs helping other dev(s) on their projects (or rewriting them), learning new languages/frameworks almost every time: php, pascal, perl, zend, js, vb, rails, node, .... I learned new concepts occasionally (which was wonderful) but overall it was just tedious and never paid well because I was too young to be taken seriously (and female, further exacerbating it). On the bright side, it didn't dwindle my love for coding, and I usually spent my evenings playing with projects of my own.
The second dev (and one one of the best I've ever met) went by Novo. His approach to a game engine reminded me of General Relativity: Everything was modular, had a rich inheritance tree, and could receive user input at any point along said tree. A user could attach their view/control to any object. (Computer control methods could be attached in this way as well.) UI would obviously change depending on how the user could interact and the number of objects; admins could view/monitor any of these. Almost every object / class of object could talk to almost everything else. It was beautiful. I learned so much from his designs. (Honestly, I don't remember the code at all, and that saddens me.) There were other things, too, but that one amazed me the most.
I havent met anyone like him ever again.
Anyway, I don't know if I can really answer this week's question. I definitely received some good advice while initially learning, but past that it's all been through discovering things on my own.
It's been lonely. ☹2 -
not really a rant, but but i am intrigued...
got an email that my rockstar account (gta) email was changed.
changed the email and password and noticed that all the details were changed (nickname, date of birth etc) and the guy even posted on support asking to remove steam link (probably could not login). But rockstar requires a screenshot of user logged in to steam (as if that is hard to fabricate...), so he gave up :D
i'm not even mad, i'm wondering what's the guy's story. Probly bought a stolen account for cheap, hoping to play :(
Maybe i should just let him play the game, since i'm not... -
!dev
Just went to the pet asylum to look for a cat. There was a shy black one (eh, maybe not a good first but Moar Blacker, Moar Better 😋) and a black and white one which was very open towards me.
Probably I'll get the latter, and build some food, water and litter dispenser systems for it with motors and my esp8266 boards 🙂
The lady who was volunteering there and showed me around had an interesting story though.
Apparently both of those aforementioned cats were wild cats (so they don't come from a proper household or anything). Except that black and white one which apparently came from some rather retarded people.. think average Facebook user.
According to her those previous owners came there with 2 cats including the black and white one as "extremely wild, we found them in the forest, put them in cages (because everyone carries cat cages in their car every day, right?) and brought them here". Nice excuse for average Facebook user level of retard I have to say 😜 but it's not very waterproof, you know?
But on average the people that they get there are even worse than that.. some get a great initial meeting with a cat, but then leave them there because they don't like the stripes on a paw or something stupid like that. As she put it: "you're not fitting pants in a clothing shop, are you?! 😑"
Had to try hard to not burst out in laughter from that description 😂
Point is, the average customers there are awful.. apparently she was very grateful to have a rather down-to-earth customer like me and my home supervisor (who helpfully drove me there 🙂) for once. So terrible clients.. they're everywhere!
It really taught me to be mindful of the hardships of people in any profession who deal with clients.18 -
Story of a penguin fledgling, one of my end users whom I migrated from Win 7 to Linux Mint. She had been on Windows since Win 98 and still uses Windows at work.
Three months before. Me, Linux might not be as good, but Win 10 is even worse. User, mh.
Migration. User, looks different, but not bad.
One month later. User, it's nice, I like it.
Three months later. User, why does Windows reboot doing lengthy stuff?
Six months later. User, I hate Windows. Why is everyone using this crap?
One year later. Malware issues at work. User to IT staff, that wouldn't have happened with Linux. Me, that's the spirit!31 -
As stated in a previous story, I just started an internship using angular and am learning it on the job.
The other day, one of the admins posted an issue in gitlab about how easy it was to delete user accounts via the front end.
He wanted someone to add further confirmation to prevent accidentally deleting anyone. Literally just had to hit the X icon and poof they're gone.
I was like, I can do that! Of course, as I was looking at the platforms account page, accidentally deleted that admins account 😅
He thanked me for resolving the issue, and it became a joke around the office about the irony of the situation.2 -
[ Introduction ]
In Internet culture, the 1% rule is a rule of thumb pertaining to participation in an internet community, stating that only 1% of the users of a website add content, while the other 99% of the participants only lurk.
[ The story ]
A year ago I had a problem with X software.
I opened a ticket on its repository but a week goes by and no one responds. I need it to work! So I opened a pull request and it got merged in a day or two after a quick review.
Seeing that the tickets were many and the maintainers were few, I decided to stay and help.
Today, I am in the top #10 contributors.
I have made 20 commits and edited 4k lines of code. (Honestly, it's not that much, at work I do way more than that, anyway...)
This repository is an alternative to another popular closed-source software and it's massively used by well-known companies
(tech-giants).
[ Stats ]
User base: 20.000 (all of them are devs)
Total contributors: 200 (1%)
Contributors with more than 1 commit: 60 (0.3%)
[ Consideration ]
I would never have believed a year ago that participation could be so low despite the number of dev-users being so high.
The software does not require great technical expertise and if you are using it for work then you already have the skill-set you need to contribute.
Now listen, I know that not everyone wants to contribute. I know right and I respect it ... but really:
The 0.3% ?! Only 60 devs on 20k are active contributors?! Only 200 (1%) devs have ever made a single commit and then they left.
Holy sh**11 -
So we ordered a piece of software from external software house becouse I was low on time and we needed it asap.
So. Long story short, their software was bugged as hell, they deny all the bugs and they have their BDD that they done and anything we say about it like "feature XYZ is broken on firefox" they will deny it "becouse it wasn't on BDD" or "let's get on call" (in which +- 6-7 people participate from their side and we of course have to pay them for this...)
So they fixed like 20% of bugs (mostly trivials/minors) Application is fairly small scope. You have integration with like 3 endpoints on arbitary API, user registration/login, few things to do in database (mainly math running from cron).
They done it in ASP so I don't know the language and enviroment so can't just fix it myself.
2 days ago (monday) they annoyed me to point where I just started to break things. For starters I found that every numeric input is vunrable to integer overflow (which is blocker). I figured most of fields are purefect opportunity to XSS (but I didn't bother to do JS... anything but not JS...). I figured I can embed into my name/surname/phone (none validated) anything in HTML...
So for now we have around 25 bugs, around 15 of them are blockers.
They figured it's somehow our fault that it's bugged and decided to do demo with us to show off how perfectly it works. I'm happy to break their demos. I figured I will register bunch users that have name - image with fixed/absolute position top:0;left:0 width/height 100% - this will effectively brick admin panel
Also I figured I can do some addotional sounds in background becouse why not. And I just dont know what to put in. It links to my server for now so I can freely change content of bricked admin panel.
I have curl's ready to execute in case they reset database.
I can put in GIFs or heck, even videos, dosen't really matter. Framework escapes some things for them so at least that. But audio/image/video works.
Now I have 2 questions:
- what image + audio combo will work the best (of course we need to keep it civil). Im thinking finding some meme with bugs or maybe nuclear logo image with some siren sound
- am I evil person?
Edit:
I havent stated this clearly:
"There is no BDD that describes that if user inserts malicious input server should deny it" - that's almost literally what we get from them....11 -
Sad story:
User : Hey , this interface seems quite nice
Me : Yeah, well I’m still working on it ; I still haven’t managed to workaround the data limit of the views so for the time limit I’ve set it to a couple of days
Few moments later
User : Why does it give me that it can’t connect to the data?
Me : what did you do ?
User : I tried viewing the last year of entries and compare it with this one
Few comas later
100476 errors generated
False cert authorization
Port closed
Server down
DDOS on its way1 -
You know what really grinds my gears? As a junior webdeveloper (mostly backend) I try my hardest to deliver quality content and other people's ignorance is killing me in my current job.
Let's rant about a recent project I had under my hood, for this project (a webshop) I had to restructure the database and had to include validation on basicly every field (what the heck, no validation I hear you say??), apperently they let an incompetent INTERN make this f***king webshop. The list of mistakes in this project can bring you close to the moon I'd say, seriously.
Database design 101 is basicly auto incremented ID's, and using IDs in general instead of using name (among a list of other stuff obv.). Well, this intern decided it was a good idea to filter a custom address-book module based on a NAME, so it wasn't setup as: /addressbook/{id} (unique ID, never a problem) but as /addressbook/{name}, which results in only showing one address if the first names on the addresses are the same. Lots of bugs that go by this type of incompetence and ignorance. Want to hear another joke? Look no further, this guy also decided it was a great idea to generate the next ID of an order. So the ordernumber wasn't made up by the auto incremented id on the order model, but by a count of all the orders and that was the next order number. This broke so many times, unbelievable.
To close the list of mistakes off, the intern decided it was a great idea to couple the address of a user directly to an order. Because the user is able to ship stuff to addresses within his addressbook, this bug could delete whole orders out of the system by simply deleting the address in your addressbook.
Enough about my intern rant, after working my ass of and going above and beyond the expectations of the customer, the guy from sales who was responsible for it showed what an a**hole he was. Lets call this guy Tom.
Little backstory: our department is a very small part of the company but we are responsible for so much if you think about it. The company thinks we've transitioned to company wide SCRUM, but in reality we are so far from it. I think the story below is a great example of what causes this.
Anyway, we as the web department work within Gitlab. All of our issues and sprints are organized and updated within this place. The rest of the company works with FileMaker, such a pile of shit software but I've managed to work around its buggyness. Anyway, When I was done with the project described above I notified all the stakeholders, this includes Tom. I made a write-up of all the changes I had made to the project, including screenshots and examples, within Gitlab. I asked for feedback and made sure to tag Tom so he was notified of my changes to the project.
After hearing nothing for 2 weeks, guess who came to my desk yesterday? F**king tom asking what had changed during my time on the project. I told him politely to check Gitlab and said on a friendly tone that I had notified him over 2 weeks ago. He, I shit you not, blantly told me that he never looks on there "because of all the notifications" and that I should 'tell him what to do' within FileMaker (which I already had updated referencing Gitlab with the write-up of my changes). That dick move of him made me lose all respect for this guy, what an ignorant piece of shit he is afterall.
The thing that triggers me the most in the last story is that I spent so much free time to perfect the project I was working on (the webshop). I even completed some features which weren't scheduled during the sprint I was working on, and all I was asking for was a little appreciation and feedback. Instead, he showed me how ignorant and what a dick he was.
I absolutely have no reason to keep on working for this company if co-workers keep treating me like this. The code base of the webshop is now in a way better condition, but there are a dozen other projects like this one. And guess what? All writen by the same intern.
/rant :P10 -
My first post here, be merciful please.
So, I participate in game jams now and then. About two years ago, I was participating in one, and we where near the deadline. Our game was pretty much done, so we where posted a "alpha" version waiting for feedback.
Just half an hour before the deadline, we got a comment on our alpha alerting us of a rather important typo: The instruction screen said "Press X to shoot" while X did nothing and Z was the correct key. "Good thing we caught that in time, thankfully a easy fix" I thought.
This project was written in python, and built using py2exe. If you know py2exe, the least error-prone method outputs a folder containing the .exe, plus ginormous amounts of dll's, pyc files, and various other crap. We would put the entire folder together with graphics and other resources into a .zip and tell the judges to look for the .exe.
Anyway, on this occasion I committed to source control ran the build, it seemed to work on my quick test. I uploaded the zip, right before the deadline and sat back waiting for the results.
I had forgotten one final step.
I had not copied my updated files to the zip, which still contained the old version.
Anyway, I ended up losing a lot of points in "user friendliness" since the judges had trouble figuring out how to shoot. After I figured out why and how it happened, I had a embarrassing story to tell my teammates.3 -
OMFG I don't even know where to start..
Probably should start with last week (as this is the first time I had to deal with this problem directly)..
Also please note that all packages, procedure/function names, tables etc have fictional names, so every similarity between this story and reality is just a coincidence!!
Here it goes..
Lat week we implemented a new feature for the customer on production, everything was working fine.. After a day or two, the customer notices the audit logs are not complete aka missing user_id or have the wrong user_id inserted.
Hm.. ok.. I check logs (disk + database).. WTF, parameters are being sent in as they should, meaning they are there, so no idea what is with the missing ids.
OK, logs look fine, but I notice user_id have some weird values (I already memorized most frequent users and their ids). So I go check what is happening in the code, as the procedures/functions are called ok.
Wow, boy was I surprised.. many many times..
In the code, we actually check for user in this apps db or in case of using SSO (which we were) in the main db schema..
The user gets returned & logged ok, but that is it. Used only for authentication. When sending stuff to the db to log, old user Id is used, meaning that ofc userid was missing or wrong.
Anyhow, I fix that crap, take care of some other audit logs, so that proper user id was sent in. Test locally, cool. Works. Update customer's test servers. Works. Cool..
I still notice something off.. even though I fixed the audit_dbtable_2, audit_dbtable_1 still doesn't show proper user ids.. This was last week. I left it as is, as I had more urgent tasks waiting for me..
Anyhow, now it came the time for this fuckup to be fixed. Ok, I think to myself I can do this with a bit more hacking, but it leaves the original database and all other apps as is, so they won't break.
I crate another pck for api alone copy the calls, add user_id as param and from that on, I call other standard functions like usual, just leave out the user_id I am now explicitly sending with every call.
Ok this might work.
I prepare package, add user_id param to the calls.. great, time to test this code and my knowledge..
I made changes for api to incude the current user id (+ log it in the disk logs + audit_dbtable_1), test it, and check db..
Disk logs fine, debugging fine (user_id has proper value) but audit_dbtable_1 still userid = 0.
WTF?! I go check the code, where I forgot to include user id.. noup, it's all there. OK, I go check the logging, maybe I fucked up some parameters on db level. Nope, user is there in the friggin description ON THE SAME FUCKING TABLE!!
Just not in the column user_id...
WTF..Ok, cig break to let me think..
I come back and check the original auditing procedure on the db.. It is usually used/called with null as the user id. OK, I have replaced those with actual user ids I sent in the procedures/functions. Recheck every call!! TWICE!! Great.. no fuckups. Let's test it again!
OFC nothing changes, value in the db is still 0. WTF?! HOW!?
So I open the auditing pck, to look the insides of that bloody procedure.. WHAT THE ACTUAL FUCK?!
Instead of logging the p_user_sth_sth that is sent to that procedure, it just inserts the variable declared in the main package..
WHAT THE ACTUAL FUCK?! Did the 'new guy' made changes to this because he couldn't figure out what is wrong?! Nope, not him. I asked the CEO if he knows anything.. Noup.. I checked all customers dbs (different customers).. ALL HAD THIS HARDOCED IN!!! FORM THE FREAKING YEAR 2016!!! O.o
Unfuckin believable.. How did this ever work?!
Looks like at the begining, someone tried to implement this, but gave up mid implementation.. Decided it is enough to log current user id into BLABLA variable on some pck..
Which might have been ok 10+ years ago, but not today, not when you use connection pooling.. FFS!!
So yeah, I found easter eggs from years ago.. Almost went crazy when trying to figure out where I fucked this up. It was such a plan, simple, straight-forward solution to auditing..
If only the original procedure was working as it should.. bloddy hell!!8 -
Let me tell you the story of how a feature request no one asked for got put in an early grave:
PM walks into weekly meeting with a single use case that one user called in about, despite never having this issue during the past year and a half that our app has been in production. PM's boss (genuinely one of the best people i have ever worked with) happens to sit in this particular meeting for no reason other than he felt like he should once in a while.
PM brings up use case and wants to devote 3 weeks' development time and another 3 weeks to test RIGHT NOW while other projects are already in motion. PM's boss speaks up with this: "Listen if this guy is really this upset, we can just tell him to build his own service. All the other end users have no problems with this, so it's not worth spending the resources on, i don't think."
And that is how i went from "this is bullshit" to "i love you" in the span of 20 minutes.2 -
Ticket user story:
“Brown Chicken Report A and B do not include rows for Blue Chickens. I want to see Blue Chickens in both Brown Chicken reports.”
Ticket summary:
“Currently, the Brown Chickens reports mentioned above do not accurately report Blue Chickens. The columns P and Q are incorrect and need to be updated. See below:
<Copy/pasted table from All Animals Report showing a White Chicken>”
———
Are you okay? Do you have brain damage?
(Also: Blue Chickens are not supported and do not exist)6 -
TLDR: crappy api + idiot ex client combo rant // devam si duška
I saw a lot of people bitching about APIs that don't return proper response codes and other stuff..
Well let me tell you a story. I used to work on a project where we had to do something like booking, but better..crossbreed with the Off&Away bidding site (which btw we had to rip off the .js stuff and reverse engineer the whole timer thingy), using free versions of everything..even though money wasn't an issue (what our client said). Same client decided to go with transhotel because it was sooooo gooood... OK? Why did noone heard of them then?
Anyhow, the api was xml based.. we had to send some xml that was validated against a schema, we received another that was supposed to be validated againts another schema.. and so on and so on..
...
...
supposed..
The API docs were nonexistent.. What was there, was broken English or Spanish.. Even had some comments like Add This & that to chapter xy.. Of course that chapter didn't even exist yet. :( And the last documentation they had, was really really old..more than a year, with visible gaps, we got the validation schemas not even listed in the docs, let alone described properly.
Yaaay! And that was not everything.. besides wrong and missing data, the API itself caused the 500 server error whenever you were no longer authenticated.
Of course it didn't tell you that your session was dead.. Just pooof! Unhandled crap everywhere!
And the best part?! We handled that login after inspecting what the hell happened, but sent the notification to the company anyways.. We had a conf call, and sent numerous emails explaining to them what a 'try catch' is and how they should handle the not authenticated error <= BTW they should have had a handled xml response for that, we got the schema for it! But they didn't. Anyhow, after two agonizing days talking back and forth they at least set up the server to be available again after the horrified 500 error. Before, it even stopped responding until reset (don't ask me how they managed to do that).
Oh yeah, did I mention this was a worldwide renown company?! Where everybody spoke/wrote English?! Yup, they have more than 700 people there, of course they speak English! <= another one of my ex clients fabulous statements... making me wanna strangle him with his tie.. I told him I am not talking to them because no-one there understood/spoke English and it would be a waste of my time.. Guess who spent almost 3 hours to talk to someone who sounded like a stereotypical Indian support tech guy with a flue speaking Italian?! // no offence please for the referenced parties!!
So yeah, sadly I don't have SS of the fucked up documentation..and I cannot post more details (not sure if the NDA still holds even though they canceled the project).. Not that I care really.. not after I saw how the client would treat his customers..
Anywayz I found on the interwebz some proof that this shitty api existed..
picture + link: https://programmableweb.com/api/...
SubRant: the client was an idiot! Probably still is, but no longer my client..
Wanted to store the credit card info + cvc and owner info etc.. in our database.. for easier second payment, like on paypal (which he wanted me to totally customize the payment page of paypal, and if that wasn't possible to collect user data on our personalized payment page and then just send it over to paypal api, if possible in plaintext, he just didn't care as long as he got his personalized payment page) or sth.... I told the company owner that they are fucking retards if they think they can pull this off & that they will lose all their (potential) clients if they figure that out.. or god forbid someone hacked us and stole the data.. I think this shit is also against the law..
I think it goes without saying what happened next.. called him ignorant stupid fucktard to his face and told him I ain't doing that since our company didn't even had a certificate to store the last 4 numbers.. They heard my voice over the whole firm.. we had fish-tank like offices, so they could all see me yelling at the director..
Guess who got laid off due to not being needed anymore the next day?! It was the best day of my life..so far!! Never have I been happier to lose my job!!
P.S. all that crap + test + the whole backand for analysis, the whole crm + campaign emails etc.. the client wanted done in 6 months.. O.o
P.P.S. almost shat my pants when devRant notified my I cannot post and wanted to copy the message and then everything disappeard.. thank god I have written this in the n++ xDundefined venting big time issues no documentation idiot xml security api privacy ashole crappy client rant11 -
We have to use this tool in work for classifying new and existing projects for GDPR. Long story short you have to fill out a REALLY long questionnaire, then it gets reviewed by someone in legal. The tool will also assign you tasks and suggest actions to common issues (e.g. suggesting a banner to explain cookie policy if you tick a certain box).
I have spent about an hour trying to re-assign the assessment I started, as i'm due to leave the company in a few days, to the guy taking over from me.
1. There is a “generate shareable URL” button, with the ability to click a button that says “replace me with the logged in user who opens this”. All it does is duplicate the name and description fields and send a new copy to that person, with no access to any of my other content or answers.
2. I did find a re-assign button eventually, again all it does it create a duplicate, and throws and error saying names must be unique when I try to save it.
3. While I couldn’t find a way to do that, I did find another button to at least assign the reviewer. It told me i’m forbidden to change the reviewer on assessments i’ve created.
This is THE WORST piece of nonsensical shit on earth. The entire application is absolute garbage and sssssssooooooo slow.
When you first create an assessment it brings you to a page that has all the questions, makes sense right? Wrong. All the questions are in read-only mode, and they are simply there as a "this is what you can expect to see later on", telling you whether or not they will be freeform, multiple choice etc.
The way to actually answer the questions is to click the "start survey" button hidden in the "status" dropdown.
I don't have much advice to anyone around GDPR, but please stay the hell away from TrustArc. -
so i had the "miscommunication" meeting with PM today. he criticized me for "not following his orders", allegedly having worked on stuff during this sprint that did not help fulfill his sprint goal, and that i should have aligned my work with him. i didn't even realize this exact goal existed specifically for my user story (even though it was at least mentioned with one single word in story description, must have read over it). however, during the whole fucking sprint, he never mentioned a single time i should align with him. every daily i'm explaining what i'm going to do, every day he sees subtasks that i created for this story, and he never disagreed or mentioned this topic, so i assumed i'm on track. and now suddenly, when sprint is over, he blames me for the misalignment?
he also criticized me for having said something rude to him during a team meeting, but he couldn't rephrase or specify what i had said, he couldn't give any details at all, and also i couldn't understand or remember what he meant. what shall i respond to that?🤷♀️
also, aligning my work with that of a colleague and brainstorming with him about how our API could look like for our stakeholders was "not on track / following his orders" for him, even though i had announced it in the daily and he hadn't disagreed.
either this guy has alzheimer's or he has a down on me, dunno what to make out of all that.
and then he mentions i appear "somewhat aggressive" to him.
hmm weird, why should someone become aggressive when they have to deal with this bullshit all the time 🤦♀️12 -
What the hell happened to devRant?
So we have this person who is digging up old posts, harassing people (@LotsOfCaffeine here, me as well, probably more) and some fucking how is getting 14 updoots while obviously being, or at least portraying themselves as a misogynistic hater of everyone and everything. What the actual hell is up with devRant? How are there FOURTEEN OTHER PELPLE who AGREE WITH THIS PERSON. How many active users are we here? I'm sure 14 users is a pretty significant percentage of the active user base.
People, I feel bad for this person. I've been a bit of a dick to them and so have many more, but what the hell happened to devRant, the place where you went to rant about stupid colleagues and bosses, share funny coding stories and other bulshittery? We're turning into fucking 4chan with politics, sexism and racism being the main story line here. I dont fucking get it. I'm on the brink of just leaving. I'm so fucking tired of this shit...35 -
!rant but story
https://devin.xyz (v.0.0.1)
My quick and semi-ugly solution to save amazing rants and comments forever and more organized.
What it is and it will be:
- archive of rants and comments from devrant that I found very good
- the original ranters will be informed when their rants are archived
- the original ranters and/or the management team of devRant has the right to request the archive content's total deletion
- every single thing on there will be accessible by anyone anytime anywhere (as log as server is healthy)
- open-source
What it may become:
- anyone can register and save their archive
- dev content archive from other sources
- dev articles blog
What it will never have/be:
- any form of payment
- ads
- tracking (I don't even wanna know how many users are viewing)
- non dev related content
- devRant
I'm willing to create user accounts for anyone interested in very near future. So please buzz me here if you want one.
So far it's a website of Laravel + Voyager + bulma with very minimal custom codes (I had to write below 100 lines of code in total). It is on Vultr server.
I'm gonna maintain and update as much as I can on my spare time. Hence I don't consider this as a collab. However, the code is on gitlab private repo. I'll make the repo public soon as well. Any contribution is gladly welcome. 😄10 -
So I joined this financial institution back in Nov. Selling themselves as looking for a developer to code micro-services for a Spring based project and deploying on Cloud. I packed my stuff, drove and moved to the big city 3500 km away. New start in life I thought!
Turns out that micro-services code is an old outdated 20 year old JBoss code, that was ported over to Spring 10 years ago, then let to rot and fester into a giant undocumented Spaghetti code. Microservices? Forget about that. And whats worse? This code is responsible for processing thousands of transactions every month and is currently deployed in PROD. Now its your responsibility and now you have to get new features complied on the damn thing. Whats even worse? They made 4 replicas of that project with different functionalities and now you're responsible for all. Ma'am, this project needs serious refactoring, if not a total redesign/build. Nope! Not doing this! Now go work at it.
It took me 2-3 months just to wrap my mind around this thing and implement some form of working unit tests. I have to work on all that code base by myself and deliver all by myself! naturally, I was delayed in my delivery but I finally managed to deliver.
Time for relief I thought! I wont be looking at this for a while. So they assign me the next project: Automate environment sync between PROD and QA server that is manually done so far. Easy beans right? And surely enough, the automation process is simple and straightforward...except it isnt! Why? Because I am not allowed access to the user Ids and 3rd party software used in the sync process. Database and Data WareHouse data manipulation part is same story too. I ask for access and I get denied over and over again. I try to think of workarounds and I managed to do two using jenkins pipeline and local scripts. But those processes that need 3rd party software access? I cannot do anything! How am I supposed to automate job schedule import on autosys when I DONT HAVE ACCESS!! But noo! I must think of plan B! There is no plan B! Rather than thinking of workarounds, how about getting your access privileges right and get it right the first time!!
They pay relatively well but damn, you will lose your sanity as a programmer.
God, oh god, please bless me with a better job soon so I can escape this programming hell hole.
I will never work in finance again. I don't recommend it, unless you're on the tail end of your career and you want something stable & don't give a damn about proper software engineering principles anymore.3 -
Not a Story about an actual hack, but a story about people being dumb and using hacks as an excuse.
A few weeks ago my little cousin would reach out to me because "his Account was hacked...". Supposedly his League of Legends account was hacked by a guy of his own age (14) and this guy was boasting about it.
So i asked the usual things: "Has the email account been hijacked? Did anyone know about details to your acvount access? Etc..."
Turns out that one if his "friends" knew his password and username, but suppsedly erased these Informationen. And that was the part i didn't buy.
This was the point where he lost. Just because i am a programmer does not mean i can retrieve an account he lost because of a dumb mistake that could have easily been avoided. And that guy who was boasting about hacking LoL Account was coincidentally freinds with the friend who had the user credentials and password.
Moral of the Story? The biggest security weakness is almost always the user or a human in between... -
A bit different than wk93, but still connected and a fun story.
Back in high school when it began to digitalize everything, so began our teachers journey with technology. We, as IT class were into these things, but as far as I can say, others in the school including both teachers and students were like cave mans when it came to IT.
Most of them kept the different wifi networks password on the windows desktop, in a file 'wifipassword.txt'. When we were on robotics seminar, we had to use a teacher's laptop. The wifi network was incredibly fast and powerful,, yet so poorly configured that even the configuration page user/pass was the default admin/admin, because the IT admin wasn't the most skilled one.
We got the idea to sell the password of the wifi network to other students. Not much, for about 1 dollar a week. The customer came to us, we took the phone, took note of the MAC address, entered the password, and if the guy were to stop paying every week, we just blacklisted that MAC on the next robotics course.
Went well for months, until a new sysadmin came and immediately found it out, we were almost fired from the school, but my principal realized how awesome this idea was. You may say that we were assholes, and partially that is true, I'd rather say we made use of our knowledge.2 -
Sad story of how software die 👻!
When do you call a technology obsolete 👴?
Mac user: when you have something new and costly 💰!
Linux user: when it is old and free 🆓 open source alternative are released!
Windows user: when antivirus 🕵 can no longer protect you!1 -
My designer just had an user interview where the user is a developer and my designer showed him the mock-ups of a no code tool that we are building, asking the dev for his input.
She literally had a session with a guy announcing him that we are building a tool that will put him out of work and moreover asked him for inputs so that we miss no use case.
And in another story, one of my dev lead decided to decommission an entire feature and replace it will a hacky solution because the devs in her team were not comfortable using the current design in their development stage. Hence, without user research, any strong use case, or considering business implications, she went ahead and drafted the entire approach on how to fuck everyone.
I am out of my honeymoon phase at my new org and I am scared. Shit scared.16 -
"Can you review this pull request?"
Ok, sure
- Description in broken English
- HTML/CSS changes seemingly just for the fuck of it
- No user story listed OR
- User story listed has no description
- Mockup does not specify what should be changed
- Owner is offline because this entire team operates out of India
- Requirements said to exist but their location is unknown8 -
Aaarrrrghhhh! I am frustrated.
My manager keeps cancelling our 1:1, which I look forward to as a potential platform for
- Me to build a rapport
- Discuss key decisions
- Slowly gain her trust that I can lead the entire product
And whenever we connect once in a blue moon, she started inviting two other team members in. Who the hell does that!!!
My colleague, she is nice and hard-working. But she fucking talks a lot. A FUCKING LOT.
1:1 and such key connects are not meant for status updates and this colleagues goes into every minor detail and explains the shit for 15 minutes each. Non-stop. No one really cares or bothers for that level of statuses.
Today she spoke for 30 minutes without a breather break. Everyone went numb.
But whatever, fuck it. I am getting things done by her so let her talk. I'll get my way through manager and skip level guy.
On the other side, they recruited a half witted potato for training. That was completely unnecessary. I am not putting in my time and efforts on someone who isn't willing to learn and contribute.
I spent more than a week explaining her basics of how to write a god damn user story and detailed functional requirements.
And even after 5 rounds of feedback (45 minutes each) the potato is stuck on colour of the button and alignment.
GOD DAMN FUCK! SOMEONE KILL ALL THE MORONS WHO CANNOT UNDERSTAND BASICS AFTER SO MUCH EXPLANATION.
I was really an impatient guy in past but over the years, I developed to be more calm and forgiving. Yet some people manage to get on my every nerve.
How the fuck am I supposed to grow when I am being dragged down instead being with smart colleagues where we can just accelerate to success!!!!1 -
Oh boy I got a few. I could tell you stories about very stupid xss vectors like tracking IDs that get properly sanitized when they come through the url but as soon as you go to the next page and the backend returns them they are trusted and put into the Dom unsanitized or an error page for a wrong token / transaction id combo that accidentally set the same auth cookie as the valid combination but I guess the title "dumbest" would go to another one, if only for the management response to it.
Without being to precise let's just say our website contained a service to send a formally correct email or fax to your provider to cancel your mobile contract, nice thing really. You put in all your personal information and then you could hit a button to send your cancelation and get redirected to a page that also allows you to download a pdf with the sent cancelation (including all your personal data). That page was secured by a cancelation id and a (totally save) 16 characters long security token.
Now, a few months ago I tested a small change on the cancelation service and noticed a rather interesting detail : The same email always results in the same (totally save) security token...
So I tried again and sure, the token seemed to be generated from the email, well so much about "totally save". Of course this was a minor problem since our cancelation ids were strong uuids that would be incredibly hard to brute force, right? Well of course they weren't, they counted up. So at that point you could take an email, send a cancelation, get the token and just count down from your id until you hit a 200 and download the pdf with all that juicy user data, nice.
Well, of course now I raised a critical ticket and the issue was fixed as soon as possible, right?
Of course not. Well I raised the ticket, I made it critical and personally went to the ceo to make sure its prioritized. The next day I get an email from jira that the issue now was minor because "its in the code since 2017 and wasn't exploited".
Well, long story short, I argued a lot and in the end it came to the point where I, as QA, wrote a fix to create a proper token because management just "didn't see the need" to secure such a "hard to find problem". Well, before that I sent them a zip file containing 84 pdfs I scrapped in a night and the message that they can be happy I signed an NDA.2 -
This week I got a promotion after being a junior for a year. Boss said Im a medior now and my monthly salary raised with 400 euro per month
Feels good but what feels bad is that a coworker of mine which has been contracted recently without any development experience is still making 400 more a month..
The thing is that this "developer" wanted to become a Java developer, he has been given time during work to study Java and in the meanwhile join the team thats working on a saas product (my team, where im lead dev)
During the 3 months ive counted a maximum of 10 commits and i was done with him which conflicted in a very bad vibe at the office.
During a refinement I asked if everybody understood what needs to be done, no questions asked. Next day when i was working at a clients office on another project 9 am i git a Skype message "Can you tell me What to do? I have no idea" where I replied "you should have asked me yesterday, i am not going to help you unless u come up with a question that makes sense.. what have u tried urself?".. Well then he got mad and stopped doing what he was trying to do.
The next morning i talked with him and we agreed to have a 1hour session to talk him through the user story. When we were done, he said that he understood and was going to work on it.
Next day I check, no commits, so during stand up i confronted hmj with this and he admitted hes been lacking and wanted to talk with the boss and me after stand up.
Well he admitted things were going to fast to keep up for him because he is doing some sysadmin stuff aswell.. the plan of becoming a Java dev was now history and he left the team..
Now he is just doing some sysadmin stuff but its been 3 days that hes been saying today ill setup a tomcat on the servers and give you SSH acces to deploy your .war files, today I finally gained access but he couldnt figure out how to move the war to the webapps folder.. And i wasnt allowed to transfer it to there..2 -
A couple of years ago, we decide to migrate our customer's data from one data center to another, this is the story of how it goes well.
The product was a Facebook canvas and mobile game with 200M users, that represent approximately 500Gibi of data to move stored in MySQL and Redis. The source was stored in Dallas, and the target was New York.
Because downtime is responsible for preventing users to spend their money on our "free" game, we decide to avoid it as much as possible.
In our MySQL main table (manually sharded 100 tables) , we had a modification TIMESTAMP column. We decide to use it to check if a user needs to be copied on the new database. The rest of the data consist of a savegame stored as gzipped JSON in a LONGBLOB column.
A program in Go has been developed to continuously track if a user's data needs to be copied again everytime progress has been made on its savegame. The process goes like this: First the JSON was unzipped to detect bot users with no progress that we simply drop, then data was exported in a custom binary file with fast compressed data to reduce the size of the file. Next, the exported file was copied using rsync to the new servers, and a second Go program do the import on the new MySQL instances.
The 1st loop takes 1 week to copy; the 2nd takes 1 day; a couple of hours for the 3rd, and so on. At the end, copying the latest versions of all the savegame takes roughly a couple of minutes.
On the Redis side, some data were cache that we knew can be dropped without impacting the user's experience. Others were big bunch of data and we simply SCAN each Redis instances and produces the same kind of custom binary files. The process was fast enough to launch it once during migration. It takes 15 minutes because we were able to parallelise across the 22 instances.
It takes 6 months of meticulous preparation. The D day, the process goes smoothly, but we shutdowns our service for one long hour because of a typo on a domain name.1 -
(long post is long)
This one is for the .net folks. After evaluating the technology top to bottom and even reimplementing several examples I commonly use for smoke testing new technology, I'm just going to call it:
Blazor is the next Silverlight.
It's just beyond the pale in terms of being architecturally flawed, and yet they're rushing it out as hard as possible to coincide with the .Net 5 rebranding silo extravaganza. We are officially entering round 3 of "sacrifice .Net on the altar of enterprise comfort." Get excited.
Since we've arrived here, I can only assume the Asp.net Ajax fiasco is far enough in the past that a new generation of devs doesn't recall its inherent catastrophic weaknesses. The architecture was this:
1. Create a component as a "WebUserControl"
2. Any time a bound DOM operation occurs from user interaction, send a payload back to the server
3. The server runs the code to process the event; it spits back more HTML
Some client-side js then dutifully updates the UI by unceremoniously stuffing the markup into an element's innerHTML property like so much sausage.
If you understand that, you've adequately understood how Blazor works. There's some optimization like signalR WebSockets for update streaming (the first and only time most blazor devs will ever use WebSockets, I even see developers claiming that they're "using SignalR, Idserver4, gRPC, etc." because the template seeds it for them. The hubris.), but that's the gist. The astute viewer will have noticed a few things here, including the disconnect between repaints, inability to blend update operations and transitions, and the potential for absolutely obliterative, connection-volatile, abusive transactional logic flying back and forth to the server. It's the bring out your dead approach to seeing how much of your IT budget is dedicated to paying for bandwidth and CPU time.
Blazor goes a step further in the server-side render scenario and sends every DOM event it binds to the server for processing. These include millisecond-scale events like scroll, which, at least according to GitHub issues, devs are quickly realizing requires debouncing, though they aren't quite sure how to accomplish that. Since this immediately becomes an issue with tickets saying things like, "scroll event crater server, Ugg need help! You said Blazorclub good. Ugg believe, Ugg wants reparations!" the team chooses a great answer to many problems for the wrong reasons:
gRPC
For those who aren't familiar, gRPC has a substantial amount of compression primarily courtesy of a rather excellent binary format developed by Google. Who needs the Quickie Mart, or indeed a sound markup delivery and view strategy when you can compress the shit out of the payload and ignore the problem. (Shhh, I hear you back there, no spoilers. What will happen when even that compression ceases to cut it, indeed). One might look at all this inductive-reasoning-as-development and ask themselves, "butwai?!" The reason is that the server-side story is just a way to buy time to flesh out the even more fundamentally broken browser-side story. To explain that, we need a little perspective.
The relationship between Microsoft and it's enterprise customers is your typical mutually abusive co-dependent relationship. Microsoft goes through phases of tacit disinterest, where it virtually ignores them. And rightly so, the enterprise customers tend to be weaksauce, mono-platform, mono-language types who come to work, collect a paycheck, and go home. They want to suckle on the teat of the vendor that enables them to get a plug and play experience for delivering their internal systems.
And that's fine. But it's also dull; it's the spouse that lets themselves go, it's the girlfriend in the distracted boyfriend meme. Those aren't the people who keep your platform relevant and competitive. For Microsoft, that crowd has always been the exploratory end of the developer community: alt.net, and more recently, the dotnet core community (StackOverflow 2020's most loved platform, for the haters). Alt.net seeded every competitive advantage the dotnet ecosystem has, and dotnet core capitalized on. Like DI? You're welcome. Are you enjoying MVC? Your gratitude is understood. Cool serializers, gRPC/protobuff, 1st class APIs, metadata-driven clients, code generation, micro ORMs, etc., etc., et al. Dear enterpriseur, you are fucking welcome.
Anyways, b2blazor. So, the front end (Blazor WebAssembly) story begins with the average enterprise FOMO. When enterprises get FOMO, they start to Karen/Kevin super hard, slinging around money, privilege, premiere support tickets, etc. until Microsoft, the distracted boyfriend, eventually turns back and says, "sorry babe, wut was that?" You know, shit like managers unironically looking at cloud reps and demanding to know if "you can handle our load!" Meanwhile, any actual engineer hides under the table facepalming and trying not to die from embarrassment.36 -
These ignorant comments about arch are starting to get on my nerves.
You ranted or asked help about something exclusive to windows and someone pointed out they don't have that problem in arch and now you're annoyed?
Well maybe it's for good.
Next comes a very rough analogy, but imagine if someone posts "hey guys, I did a kg of coke and feeling bad, how do I detox?"
It takes one honest asshole to be like "well what if you didn't do coke?".
Replace the coke with windows.
Windows is a (mostly) closed source operating system owned by a for profit company with a very shady legal and ethical history.
What on earth could possibly go wrong?
Oh you get bsod's?
The system takes hours to update whenever the hell it wants, forces reboot and you can't stop it?
oh you got hacked because it has thousands of vulnerabilities?
wannacry on outdated windows versions paralyzed the uk health system?
oh no one can truly scrutinize it because it's closed source?
yet you wonder why people are assholes when you mention it? This thing is fucking cancer, it's hundreds of steps backwards in terms of human progress.
and one of the causes for its widespread usage are the savage marketing tactics they practiced early on. just google that shit up.
but no, linux users are assholes out to get you.
and how do people react to these honest comments? "let's make a meme out of it. let's deligitimize linux, linux users and devs are a bunch of neckbeards, end of story, watch this video of rms eating skin off his foot on a live conference"
short minded idiots.
I'm not gonna deny the challenges or limitations linux represents for the end user.
It does take time to learn how to use it properly.
Nvidia sometimes works like shit.
Tweaking is almost universally required.
A huge amount of games, or Adobe/Office/X products are not compatible.
The docs can be very obscure sometimes (I for one hate a couple of manpages)
But you get a system that:
* Boots way faster
* Is way more stable
* Is way way way more secure.
* Is accountable, as in, no chance to being forced to get exploited by some evil marketing shit.
In other words, you're fucking free.
You can even create your own version of the system, with total control of it, even profit with it.
I'm not sure the average end user cares about this, but this is a developer forum, so I think in all honesty every developer owes open source OS' (linux, freebsd, etc) major respect for being free and not being corporate horseshit.
Doctors have a hippocratic oath? Well maybe devs should have some form of oath too, some sworn commitment that they will try to improve society.
I do have some sympathy for the people that are forced to use windows, even though they know ideally isn't the ideal moral choice.
As in, their job forces it, or they don't have time or energy to learn an alternative.
At the very least, if you don't know what you're talking about, just stfu and read.
But I don't have one bit of sympathy for the rest.
I didn't even talk about arch itself.
Holy fucking shit, these people that think arch is too complicated.
What in the actual fuck.
I know what the problem is, the arch install instructions aren't copy paste commands.
Or they medium tutorial they found is outdated.
So yeah, the majority of the dev community is either too dumb or has very strong ADD to CAREFULLY and PATIENTLY read through the instructions.
I'll be honest, I wouldn't expect a freshman to follow the arch install guide and not get confused several times.
But this is an intermediate level (not megaexpert like some retards out there imply).
Yet arch is just too much. That's like saying "omg building a small airplane is sooooo complicated". Yeah well it's a fucking aerial vehicle. It's going to be a bit tough. But it's nowhere near as difficult as building a 747.
So because some devs are too dumb and talk shit, they just set the bar too low.
Or "if you try to learn how to build a plane you'll grow an aviator neckbeard". I'll grow a fucking beard if I want too.
I'm so thankful for arch because it has a great compromise between control and ease of install and use.
When I have a fresh install I only get *just* what I fucking need, no extra bullshit, no extra programs I know nothing about or need running on boot time, and that's how I boot way faster that ubuntu (which is way faster than windows already).
Configuring nvidia optimus was a major pain in the ass? Sure was, but I got it work the way I wanted to after some time.
Upgrading is also easy as pie, so really scratching my brain here trying to understand the real difficult of using arch.22 -
Background story:
One of the projects I develop generates advice based on energy usage and a questionare with 300 questions.
Over 400 different variables determine what kind of advice is given. Lots of userinput and over a thousand textblocks that need to show or not.
Rant:
WTF do you want me to do when you tell me. It's not giving the right advice for the lights.
Why the for the love of.. do I need to ask you everytime. If something is not working. Tell me what and for wich user. Don't tell me calculation whatever is not working, I don't know that calculation. Your calculations are maintainable in your cms.
And how, like I really wonder, do you expect me, when not telling me what user is having this problemen to find and fix it, You just want me to random guess one of the thousands users that should be given that specific advice?
FCK, like 80% of my time solving problems is spend trying to figure out wtf your talking about.
And then what a miricale the function is doing exactly what is it doing but you forgot a variable. It's not like the code I write suddenly decides it does not feel like giving the right answer.3 -
Have you ever had the moment when you were left speechless because a software system was so fucked up and you just sat there and didn't know how to grasp it? I've seen some pretty bad code, products and services but yesterday I got to the next level.
A little background: I live in Europe and we have GDPR so we are required by law to protect our customer data. We need quite a bit to fulfill our services and it is stored in our ERP system which is developed by another company.
My job is to develop services that interact with that system and they provided me with a REST service to achieve that. Since I know how sensitive that data is, I took extra good care of how I processed the data, stored secrets and so on.
Yesterday, when I was developing a new feature, my first WTF moment happened: I was able to see the passwords of every user - in CLEAR TEXT!!
I sat there and was just shocked: We trust you with our most valuable data and you can't even hash our fuckn passwords?
But that was not the end: After I grabbed a coffee and digested what I just saw, I continued to think: OK, I'm logged in with my user and I have pretty massive rights to the system. Since I now knew all the passwords of my colleagues, I could just try it with a different account and see if that works out too.
I found a nice user "test" (guess the password), logged on to the service and tried the same query again. With the same result. You can guess how mad I was - I immediately changed my password to a pretty hard.
And it didn't even end there because obviously user "test" also had full write access to the system and was probably very happy when I made him admin before deleting him on his own credentials.
It never happened to me - I just sat there and didn't know if I should laugh or cry, I even had a small existential crisis because why the fuck do I put any effort in it when the people who are supposed to put a lot of effort in it don't give a shit?
It took them half a day to fix the security issues but now I have 0 trust in the company and the people working for it.
So why - if it only takes you half a day to do the job you are supposed (and requires by law) to do - would you just not do it? Because I was already mildly annoyed of your 2+ months delay at the initial setup (and had to break my own promises to my boss)?
By sharing this story, I want to encourage everyone to have a little thought on the consequences that bad software can have on your company, your customers and your fellow devs who have to use your services.
I'm not a security guy but I guess every developer should have a basic understanding of security, especially in a GDPR area.2 -
GWT.
Let me explain:
Tl;dr : someone fucked up, I took shit, it was a gwt project. In a sense I don't hate GWT because of the framework itself but because how I was introduced and forced to "work" with it.
Context:
Was working as a paid intern at a small company there were 3 devs 2 interns and one senior employee that only worked from home handling the shit ton of legacy VB6 code he wrote over several year and a boss with no technical knowledge. (Other unimportant people as well)
I was working with their DBA (cool dude) because I was writing statistic and report generating software.
Story:
The other intern was tasked of doing a gwt app that was supposed to use a input file.
Rather than asking the user to upload it with a file picker (I guess they exist in gwt I didn't got to dig in the framework) he was trying to load the file with a http request directed at the same host the app was running on.
It did not work.
Then his contract was other and the app was left in an unfinished state.
The boss then tried to have the app deployed, the remaining dev dodged the bullet invoking some bullshit because he was clearly incapable of doing it.
So it fell on me, couldn't deploy the app because it was not even close to working.
Tried to fix things and make it work.
Turns out he thought it would take me 3h to deploy when I clearly explained that the other guy didn't finish the app.
Boss got mad, threatened to ruin my studies and my future career.
Couldn't because my uni had my back.
Didn't want to see me anymore.
Couldn't break my contract.
Told me to work from home for the end of my internship.
I got 3 weeks early vacation and got paid, fuck him, fuck GWT, fuck his company.
Still got well marked for the internship as my supervisor was the DBA who was happy with my work.
Morality:
Don't let your intern unsupervised, don't let your main dev work from home when you don't know shit, don't piss me off and send me work from home. -
Widget "hack" in secondary.
When I was around 13 or 14 I was enrolled at a public school in the UK. In an effort to try be eco friendly, the students and a IT technicain teamed up to try and create a widget that would track the consumption of printer credit used by all users (staff and students).
At first, I was just playing around with the homepage source code but eventually noticed the widget had separate code within the page.
Because all of the computers were interconnected, I grabbed the source code of the home page and put it into a notepad editor.
I used the intranet to look up staff names and student login usernames. I replaced my user ID with several staff members.
Boom, I could see how much paper they had used, how much they owed the library etc. May not be as impressive as others exploits but some staff were in debt by hundreds and never paid back a penny.
Hope you liked my story.2 -
Contex: Working on a c++ frankenstein code (mixture of legacy and new stuff whith things depending on the client using it)
User Story: Migration from oracle to SQLite for half of the DB data
Summoner: One client wants to keep using legacy for now, therefore we need an strategy chooser templated singleton...
Satan 666 = Singletons + Static methods + Different compilation units
Result: 3/4 of the files of the full backend being modified for the migration.
Conclusion: When will be loaded on production company will probably lose many clients due to unspected bugs everywhere.
Insert potato here2 -
I am a mechanical engineer first and my companies go to sysadmin second. So software developing isnt really my main field of expertise buuttt:
WHY IS SLOOPY SOFTWARE WRITING A VIABLE EXCUSE?
Story:
Yesterday i started to migrate some stuff from our old Win 2008 Server to the new 2016. Turns out there are some MS SQL Express Servers running. Quick check for what they are turns out that they are activly used. So far so good. For other reasons we have a new MSSQL 2017 Core Licence. So i thought, hey it would be nice to just move those 2012, 2008 and 2014 Express Servers to a real one that can use the entire machines capabilities.
After some try & error with exporting one of the softwares (where i had to elevate one the user rights to sysadmin for reasons) the entire system stopped working. I didnt deleted anything or changed anything! Well, i elevated user rights. After 2 hours of support call it turns out that the software stopped working cause i gave the database user sysadmin rights. I dont know enough about MSSQL to judge wether that is logical or not, but it sounds super illogical and i suspect sloopy software writing on the manufacturers part. One way or another, the excuse from the telephone support was "yeah, our software is a very fragile child"
Okay.
After i told all that my coworkers two of them were also "yeah, that is just how the [company] software is, you have to be careful with it"
Apparently it broke in the past for other minor stuff.
As an engineer i cannot build bridges that collapse when you use the left and the right lane at the same time. For an architect it isnt okay to build an house where the front door explodes when you open a window. It is not okay for a power tool to go out in a fireball when you accidently drill plastic with it. But for some weird reasons its socially acceptable for programs to be sloopy, buggy and only working under specific conditions. Since when is it okay for a car only to work when you know specific steps to make it run? Like, throwing your spare key in the gas tank, the kick the left wheel exactly three times and finally tapping the steering wheel 5 times left, 4 times right. What? That would be ridiculous? But that is exactly how that software works. You have to follow a specific step guide to make it work, EVERY TIME.
I. JUST. DONT. GET. IT3 -
I'm ashamed of it, but I want to share my tifu-story:
My colleague asked me if I could rename his windows user name because he married and changed his last name. I changed it in the Active Directory, but he got some problems when he wants to log on. On every startup his old name appears. Simpliest task. Let me google that.
Easy going, let me just change this registry entry. Reboot. Old behaviour. Okay, I changed some of the other entries. Reboot. Yeah, his new name appears. But wait a moment. Windows just nulled his entire user profile and deleted all the data. "oh, haha you have a backup, right?" - "no, I saved everything on the desktop, all my work is gone!"
But at the end, the boss was mad at HIM, because he doesn't used the file server or any backup system.
i am not a smart man5 -
I'm writing a devrant like site, so a kind of forum that supports live chat under every article. Login will be just username and password to stay anonymous. Email is optional for password reset. Also it won't have password requirements. Who cares if user uses insecure password. I do like the devrant avatar thing. I will use the ducky generator instead. So everyone on the site is a custom duck. K-SASS prolly never expected his generator to be used anywhere. The requirement of this site is that it scales very well. I have db calls of 0.006s, this is for persistent data only and will be used by all site instances. I expect that it can handle many clients concurrent as long I do not return more than 30 rows or so. Events get handled by a self written pubsub server.
All sounds great and development goes fine. But why is this a rant? Because the same thing as always is biting me, I can't design a site at all. I know how but I don't have any feeling for design at all making me almost incapable of building an attractive site. The only thing I can 'design' is an application in bootstrap or smth. I spend so much time one design while I don't like to do it ironically. But looks of site is almost as important as an good working site. Good working site doesn't get used if looks bad in many casee. This is since the start of my career an issue and it sucks that I appearantly can't deliver a whole site on my own meeting my standards.
My backend work is top notch tho. Btw, this application is not to be an alternative for devrant. I do not think I can attract more users than it already has and I've seen two communities disappearing once because someone decided to make a new one, took half of community with him and both communities died after short while.
End product of this project is a working project, not a live site hosted somewhere. It's pure about mixing mostly self written tech to get the best performance. Reinventing wheel on many levels. I wanted maybe to do the site in C but decided that it's way to much work for the value. I change the site so rapid since I don't have decent plan that python aiohttp is the best choice in amount of writing it yourself and fast. It's very lightweight.
More a story than a rant, sorry27 -
This is a story about my disappointment in modern GUI editors for desktop applications.
Well, first of all, I grew up with Delphi 5. Delphi has an awesome form editor. It's intuitive and works without any problem. It always does what you want it to do. Prototyping is really a problem of seconds here, even for people that never used it (I guess).
But the problem is that it is Delphi. Its so old, bloated, and most problems you'll ever have have been solved (through a hack) 20 years ago in some weird forum.
So I looked on and tried many other drag'n'drop gui editors.
The one for java is the biggest pile of crap I've ever seen. It slows down eclipse /intellij and does almost never do what I want. At least its not really intuitive.
Right after that, the one for C# (this xml Designer ) is okay-ish, but it's also not really intuitive and does not always what the user wants.
I also tried other ones. But I still miss an intuitive one that works without weird side effects.
I now can understand why the Web dev stack grows in the region of desktop apps. I can prototype stuff even faster in angular than in Delphi.
But shouldn't we improve the desktop stack instead of taking some bloated stack using a language that should have never existed?9 -
(Part 2/2?)
THE RAT-RACE ARC:
I get a mail 2 months into this fiasco telling me to register on their website and take up another test. I was already over with my emergency and was working my full-time default. (Fortunately I found another internship during this time which was one of the best initiatives I've worked with).
It asks me to register as a new user, take up the test and "share" my results. Not pushing it on insta/fb but legitimately share my test results link to my friends manually like a referral code. The more shares the more marks I'll get in the test. Why the test you ask. Of course to sign you up for the same Whatsapp trickery bullshit.
Luckily these nutcases didn't know they could be bypassed. I simply opened the link in incognito and logged in with my own account and that counted as a point. So I automated that shit.
Surprise surprise. The same fucking "Hello everyone" message into my mail. To my surprise I was relatively lucky to get ghosted after my attempt. This story is quite depressing in general cases. You're supposed to do this assignment shit for 2 months and then they ask for 2000 INR for a training period, past which you are paid between 1000/- and 7000/-. Though I didn't get the chance but I'm willing to bet you get 1000/- per month in a 2-MONTH INTERNSHIP. WTF.
You also have the other option of ranking first in their 3 consecutive competition that they hold. The theme is again to create chunks of their actual outsourced work.
WHY NOW:
The reason why this rant sparked is because I recently received an email with my results of the aptitude exam that I first took before the Whatsapp fiasco. I imagine they just pushed out a new update to their test thingy and forgot to set it's limit.
THE CORRECTION ARC:
I pushed this message to Internshala. They were kind enough to remove them from their website. I also shot down their Angel and Indeed listings. I sent a strongly worded email counting their con-artist operations and how I've alerted authorities (obviously a bluff but I was enjoying it). They most probably are not affected by this though. They might still be continuing their operations on their website.
I'm sharing the story here with the moral of:
Don't do jackshit if they're not compensating you for it
Always check for reviews before you start working at a place.
Be cautious of bulk messages (and the infamous HEY GUYS!! opening)
Don't do anything outside your work specification at least while doing an assignment.
You're free to question and inquire respectfully about the proceedings.
If you're good at your job you'll get good working place. No need to crush yourself with an oppressive job due to external restrictions.
And if you manage a company, please don't take advantage of helplessness.
There's no good ending to this tale as I have not received a follow-up. Though I want to see scumbags of their calibre shot down without remorse.
Good bye and thank you for listening.2 -
So we have this really annoying bug in our system that customers keep complaining about. I've explained in detail, multiple times, why the part they think is a bug is not a bug and the workaround they keep asking me to apply doesn't make sense, won't fix the issue, and won't even stick (the system will notice that the record they want me to delete has been removed and it will repopulate itself, by design).
I've told them what we need to do as an actual workaround (change a field on the record) and what we need to do to properly fix the bug (change the default value on the record and give proper controls to change this value through the UI). We've had this conversation at least three times now over a period of several months. There is a user story in the backlog to apply the actual fix, but it just keeps getting deprioritized because these people don't care about bug fixes, only new features, new projects, new new new, shiny shiny new.
Today another developer received yet another report of this bug, and offered the suggested workaround of deleting the record. The nontechnical manager pings everyone to let them know that the correct workaround is to delete the record and to thank the other developer for his amazing detective work. I ping the developer in a private channel to let him know why this workaround doesn't work, and he brushes it off, saying that it's not an issue in this case because nobody will ever try to access the record (which is what would trigger it being regenerated).
A couple hours later, we get a report from support that one of the deleted records has been regenerated, and people are complaining about it.
🙄🙄🙄🙄🙄🙄🙄🙄🙄🙄🙄3 -
Well well well.
Story time.
Since we are working from home for the past 4 months, I finally decided to install a Microsoft SQL server on my home server. (Mostly was using Azure)
My server is running Windows Server 2012 R2.
Tried installing SQL 2019 : fail, 2016 : Fail, 2012 : Fail. Some obscure message about some DLLs not being at right version. (And a warning that it is no recommended to install SQL server on domain controller, but I know, it is my home setup, not roduction)
“Ok fine, I’ll install it on my PC instead”. Windows 10 PC. NOPE. “Cannot install on a compressed drive”. Welp, wtf ? (Of course you cannot select destination install folder, I could’ve put it on another drive).
So here I am. Working 100% on Windows, installed Ubuntu server 20 LTS in Hyper-V, Installed Microsoft SQL server on it (BTW, install is very easy compared to windows). And that shit is working. And new “Terminal” app does support SSH out of box, no need to add Putty !
So as a Windows user, I needed Linux to make Microsoft SQL techno work.
Nothing will ever surprise me anymore. (BTW it’s fucking fast. I like SQL server on Linux)2 -
Yet another thing i think is fucking stupid.. GDPR btw.
So, a guy in Denmark owns a grocery store and has an issue with people stealing from him a lot the last couple of years. He catches them on tape and shares it on social media to try and prevent it.
Im not sure why it didn't work to go to the cops, but it didn't.
What the owner ended up doing, was hang a note on the front of the store so people could see it before they entered, see attached image.
However, now he has been notified what hes doing is illegal, because the "user" doesn't consent clearly enough.
I dont understand GDPR, but if you do, you're probably gonna find mistakes in what i wrote.
Source for story: https://bt.dk/erhverv/...
Its his fucking store, if people steal from him he should be allowed to post it on pornhub if that was his desire.
It's illegal to kill someone, but if you're threatened on your life, you may kill in selfdefense.
To me, those are the same, just one is on a much more serious level of course.
Fuck me.13 -
I had a ticket to enhance the loading of a page.
So instead of doing 40K requests to a MySQL DB in order to generate a tree and display it to to the user on each page visit, the initial query was optimized and moreover, the results are saved in a MongoDB which will then are served to the user on each page visit.
Long story short, after a code review the code got shipped to production and there was a bug which got fixed in a Hotfix shortly afterwards.
I got all the blame for the bug.
I don't deny I have a responsibility for the bug.
Do you guys think the code reviewer also has a shared responsibility for the bug?4 -
How to kill Jira Backlog in one simple step:
1) put '-∞' to Storypoints
2) enjoy
(Bottom line: it can be fixed from User Story Map to something normal) -
Product owner and scrum master prioritized a not important user story. We are just new to the assigned team without proper turn over, KT, vague user story(one sentence) and no time to prepare our local environments. Then after sprint 1 the client wants a demo by next month but the PO and SM had prioritized the wrong user story so now they are pressuring the developers on finishing fast the other correct important user story. They mismanaged it and now they say the development was slow thus blaming us?! WTF. We hit the deadline of the first user story with unpaid overtimes.
The other PO was always asking us on how to fast track the development lol.
I'll tell them all their faults in the next meeting. As usual we are just high paid corporate slaves with golden hand cuffs trying to escape the rat race.5 -
I recently started learning Erlang. This is the story of how I got trapped into it.
When I code, I usually use my trusty text editor and a terminal to either compile my code or run tests in the language interpreter. The interpreter, erl, works fine, but when I wanted to close it, I ran into a small issue.
Because I never know what the command is to close an interpreter, I usually use the EOF character (^D), that is widely recognized. Except erl does not react to it, not even a tiny message saying it won't close or doesn't recognize the output.
Alright then, let's try quit. That's an atom, it does not behave how I want.
quit() is an undefined shell command, exit() terminates the shell process but the interpreter automatically starts a new one...
But I get the welcome message, telling me to abort with ^G! Some progress, finally... except ^G redirects from Erlang interpreter to user switch command. Damn, another interpreter...
I ended up killing the process from an other terminal.4 -
I don't like many sudden unplanned meetings appearing during your estimated development hours. It consumes some development time and destroys your momentum.
We follow the 2 weeks sprint that contains sprint ceremonies like sprint planning, demo, retro, daily stand ups and backlog grooming meetings. My capacity should be less then 80 hours since there are sprint ceremonies and unplanned meetings that happen during development hours. Unfortunately, my capacity is still set to 80 hours and meetings hours are not deducted. This puts me to a disadvantage as I need to do unpaid OT/weekend work just to make up for the lost time consumed by meetings.
Those 1 hour/30 minutes meeting piles up thus consuming development work hours. So a simple example is that you have 32 hours estimated to finish a big user story but sudden unplanned meetings and sprint ceremony meetings will consume some of that 32 hours. I will bring this up in our next retrospective meeting.12 -
Not 1 Business Unit in Company: We need this feature immediately.
My Team: Anyone object to this 2 hour old merge request?
Me: Well, yeah, I found a couple things that we should probably go ahead and address.
My Team: we'll fix that in a future release
Me: But you said that last release...
My Boss: MR Accepted
Also My Boss: Can you make a new user story to fix this?1 -
I really hate it when I work on a user story consisting only of a cryptic title: "Implement feature X".
Esp. when I missed planning during a holiday and can only wonder who in their right mind would have given it 3 points.
Why thank you.
Sometimes, just pulling the acceptance criteria out of somebody's nose takes days. It doesn't get better once I realize that not all external dependencies have been properly resolved. It's worse if there are other departments involved, as then you get into politics.
Me: "We are dependent on team X to deliver Y before we should have even planned this ticket. I'm amazed that our team was even able to estimate this ticket as I would have only raised a question mark during estimation meeting. We could have thrown dices during estimation as the number would have been as meaningful and I'd have more time to actually figure out what we should be doing."
Dev lead / PO: "I understand. But let's just do <crazy workaround that will be live until hell freezes over> temporarily."
It's borderline insane how much a chaotic work flow is branded as agile. Let's call it scrum but let's get rid of all the meaningful artefacts that make it scrum.1 -
Me: Wrote and unit testing code for a user story.
Day of a Merge
PO: We need to back out the code you wrote. We have not gotten approval from legal.
Me: Uhhh well it's not going live for 4 weeks still and not harming anything but if you insist, ok.....
2 Days Later
PO: Ok legal approved the changes can you put that back in?
Me: 😡🖕🏻1 -
This literally happened in my current team, and I'm not even an experienced dev yet.
Incident happened like this :
Our team is working on a RCP based on eclipse plugins, which has a headless mode and a GUI mode. Now, in the GUI mode, my manager cum architect thought there are no need of user log files (long story) because the user can see the info on screen, whereas in the headless mode, she wanted me to print the logs onto the console and a log file as well.
Now it just so happened that our team had got a recent addition as a replacement to our lead developer (she left the company) who claimed she had 3 years of expertise and a masters degree, and she was assigned a task. The task was to format a custom file we were generating out of the product (basically dumping info in a file) in a human-readable format. Miss new-addition-masters-degree decided it would be a very good idea to redirect the standard java output stream to a file output stream ( which she used for generating the formatted file ) but somehow never realized that she needed to reset the output stream back to standard output.
Consequences were devastating. I wrote the logic for the logger ( yes, apparently any available logging mechanism won't do it, again, long story ) and had it printing to a file in tmp directory. The logs seemed to be working fine initially but after a few logs, specifically from the point where the formatter started working, all the logs got printed in the formatted file. And this file was supposed to be used by our clients to develop something on top of it. Naturally, I got the heat of it and then naturally, worried and nervous and curious and in a frenzied state of mind, I started debugging.
When I got to the actual fault, I seriously could not decide whether to cry or laugh or call up miss masters and scream at her. I decided to ask her about what the hell she had written and her answer was most of it was written by the developer she replaced, so she didn't know it would cause this much problem. Anyway, I fixed the leak after that and averted the catastrophe.
And that, fellow devs, is the story of how I solved a crisis in my first year at corporate.1 -
TL;DR Calendar services sucks.
Imagine yourself as startup. You don't want to spend fortune on paying $5 per user per month for Google Services. Also you don't want to pay that to Microsoft for O365. You want to run it itself because you already have droplet running with your other services (ERP for example. Funny story too btw.) Ok, decision has been made, let install something.
I have pretty good experience with OwnCloud from past as Cloud file sharing service. Calendar is not bad for single user purpose (understand it as personal calendar, no invitations to others, sharing is maximum I tried) What can possibly go wrong when I deploy that and use its Calendar?
Well, lot. OwnCloud itself runs well (no rant here) but Calendar is such pain in ass. Trouble is with CalDav under hood and its fragmented standards. So, you want to send invitation to your team for recurrent meeting. Nothing weird. It sends as one invitation to each one, good. Now you realize you have a conflict, so you need to change time of one occurence. Move it, send update. And here comes shitstorm. It is not able to bisect one occurence from series. So it splits it to separate events and send invitation for every single one. 30 INVITATIONS IN 2 SECONDS! Holy sh*t! You want to revert that. Nope, won't do. So you accept your destiny and manually erase every single one with memo in head about planning recurring events.
Another funny issue is when SwiftMailer library (which is responsive for sending e-mails from OwnCloud) goes to spamming mayhem. It is pretty easy to do. When e-mail doesn't comply to RFC, it is rejected, right? So if because of some error CalDav client passes non-compliant e-mail (space as last character is non-compliant btw) and SwiftMailer tries to send it to multiple recepients (one of them is broken, rest is fine), it results in repetitive sending same invitation over and over in 30 minute interval. Sweet.
So now I am sitting in front of browser, looking for alternatives. Not much to choose from. I guess I'll try SOGO. It looks nice. For now.5 -
!rant. Story from my college abt 6 months old.
We had to make projects for our course.
One team made a very nice project. One part of that was mobile no. verification using OTP.
And the student who was supposed to to that, did it by sending the required otp to the frontend page, and when user enters it, validate it using javascript.
The prof got mad about it and the rest of the class couldn't stop laughing.
Just remembered. Thought it would be worth sharing. -
A personal sad short story:
Pull request opened on 20 November 2020.
+1 -1
Descriptions: Fix xyz issue
Comments (12):
- User 1: When it will be merged? (December 2020)
- User 2: When it will be merged? (January 2021)
- User 3: When it will be merged? (February 2021)
- ...
- User 11: When it will be merged? (July 2021)
- Official team: Sorry for the time it took, watch the PR for any update on this. (July 2021)
Today, after 7 months, it's still not merged.
I love the open-source community.4 -
2nd part to https://devrant.com/rants/1986137/...
The story goes on...
After I found more bugs that seem to be related to the communication break, and took a closer look, I sent detailed logs of my research and today we had a conference call.
"We have 2,5 million user, our system is widely-used and there is no plan to change it" they said.
And "We cannot reproduce the issue, but even if there is one, you will have to work around the problem, because we cannot make changes on our side" was one answer
As well as "If we would make changes, we will have to re-certify everything"
So I said we told 'em about the issue to let them improve their system. And I can work around it, I already figured out a solution for my side, but if there is a bug, they'd better fix it for future releases.
And with my additional research I have a bad vibe of some kind of memory leak involved on their "certified" implementation, and that could trigger various other problems.
But it is as always, if I try to be nice, I just get kicked in the ass. I should really be more of an asshole. -
My first job as a '"dev"' (I really need some kind of super quotation mark for this).
I was young and too stupid too know how stupid I really was, I jobbed at a small recruiting firm and one day my boss complained about her database system and that she needed to hire a student to remake it. Suffering from the problem to be too incompetent to even recognise I'm incompetent I obviously offered my services as a python wizard I mean I could write a program that saves fibonacci numbers to a csv file, how much more could there possibly be? Fast forward two months and I proudly presented a GUI written in VB (it had an wysiwyg GUI editor) that was loosely frankensteined onto a bunch of together copy pasted python scripts running on a Windows Server. No web interface just accessible via vnc. It was slow, sluggish and soo ugly but it worked and did exactly what she wanted it to do. Sure the database was a bunch of csv files but non the less, to say it in pm, it resolved the user story. I quit shortly after because of her tendency to not pay the last bill after something was done (and tbh i deserved it) but she never removed my account from the server. So I copied my "magnus opus" from there... Let's just say whenever I look back at it I feel ashamed and yet it serves as a reminder to never be content with how good you are. -
It occurred to me that I'm making actual money now and I can pay for my shit, so I tried Youtube Premium, but their background play is poorly implemented and defaults to a floating window that I need to cancel in a finnicky, android-vendor-specific way. How do you consistently make something that much less usable than an unpaid open-source developer who also has to reverse-engineer your API and circumvent your anti-user-choice obfuscation measures? NewPipe would be a success if it could just play the videos in full screen with no controls, and yet it has a better background play story than the actual provider. Fuck centralised software12
-
Today I completed my first user story as a developer, an feature to edit and update comments posted. It passed the test too.
I'm proud of myself about the achieving this given my actually development experience is very minimal :)
More challenges to conquer..
Thanks1 -
i often do tech support in chat rooms in my free time (because i like spreading good will,) so here's a tech horror story
"""
"hey, can you help me fix something?"
sure?
"so i dug my old XP machine out of my closet and replaced the bad Ethernet card with a different one and when i plug in the ethernet cable the PC bluescreens."
# oboi
did you install the drivers? Sounds like it needs drivers
"no"
then install them
"no"
why not?
"it doesn't need any"
why do you say that?
"it said \"This device is set up and ready to use.\" in the balloon in the corner"
it has generic drivers to deal with devices before the real drivers can be found
"shouldn't they work?"
some devices need the extra support provided by the intended drivers, so the generic ones cause issues in those cases
"ok, well, where do I find them?"
do you have a model number?
"yes, it's " # scrubbed for... privacy? i dunno
gimme a few minutes
<insert 45 minutes of aggressive Googling for (str(DEVICE_MODEL_NUMBER) + " xp drivers")>
alright i have the drivers, go here:
# again, removed for... idk.
"they don't work"
# oh here we go
why not?
"These drivers are not compatible with your system architecture."
what version of XP are you using?
"XP Pro"
x86 or x64?
"x64"
# fucking...
ok so this is gonna get real complicated real fast: use x86 XP or I can't help you, none exist for x64 XP.
"oh ok"
<User left the IRC channel.>
"""4 -
Cargo cult programming at its finest. I need to build a separate project twice, and restart visual studio to get this one to work.
Why? No one knows anymore and there is not user story for "Unfuck the dev environment" so we're not allowed to spend time fixing it. -
Okay then, ex-android user there.
It started with Xperia TX - it was flagship Sony phone back then. It blew my mind when I touched it for the first time. You know, exploring android for the first time in my life was amazing.
It ran just well for about a year. Then it started to fall apart. I need to clarify that I kept it non-rooted, full stock. I'm not into that customization things.
At first, I noticed significant lags. They were everywhere. The longer I used smartphone, the more lags I encountered. I did factory reset, but lags haven't gone anywhere.
Year 2. Front camera stopped working. Battery became unreliable as fuck, going down to 40% and then instantly to zero. What?
Year 3. Camera broke. It refused to start, just giving me "Camera is not available" error.
I tried factory reset again. It helped at first, but month have passed and all that issues came back. And it also became sluggish as fuck.
Got Meizu m3s year ago. The exact same story. Long story short, in one year I got this:
1. Black spots on every picture I take. Much likely a matrix issue.
2. Camera also became slow as fuck, requiring about 10 seconds to even start.
3. Vertical stripes all along the screen. I never dropped my phone, it just appeared once and became brighter and brighter every day I used the phone.
4. Two huge yellow spots on screen. I think it happened because phone's cpu heat up the screen and it broke.
But the most important thing is that fucking lags chased me in every app, they were everywhere. Fucking tiny-ass lags. And they're not going anywhere, they're become more and more significant with time.
Don't say me about oneplus, samsungs and other top android phones. They are conceptually the same, the only different thing is hardware.
That's why I switched. IPhone has its downsides, but it's silky smooth. And my friend's iPhone 4 (not s) feels just as smooth as my brand new se.
I'm not going to jailbreak it. I don't need customizing the hell out of it.
I just needed quick and reliable phone, and SE seems to be exactly what I wanted.
Peace to android folks tho✌️17 -
our team are responsible to build backend restful API for other team to look up data in DB.
the consumer team just sit beside us.
the interface definition came from our pm in a different time zone. btw he did not have any programming background.
and he insisted that just build what he said and ignore the noise from the consumer team. because each interface change should be considered as new features and need him to prioritize and create user story and he will review the schema with the pm from consumer team and so called architecture who did not coding real shit for years.
we ended up with building shit code not useable by our real consumer.
yes he do manage to keep our team busy building worthless shit and accomplishmented lots of jira items to show we have value to change a useless shit into very hard to use shit1 -
Just found the most embarrassing security hole. Basically a skelleton key to millions of user data. Names, email addresses, zip codes, orders. If the email indicates a birthdate, even more shit if you chain another vector. Basically an order id / hash pair that should allow users to enter data AND SHOULD ONLY AUTHORIZE THEM TO THE SITE FOR ENTRING DATA. Well, what happend was that a non mathing hash/id pair will not provide an aith token bit it will create a session linked to that order.
Long story short, call url 1 enter the foreign ID, get an error, access order overview site, profit. Obviously a big fucking problem and I still had to run directly to our CEO to get it prioritized because product management thought a style update would be more important.
Oh, and of course the IDs are counted upwards. Making them random would be too unfair towards the poor black hats out there.1 -
!rant && story
tl;dr I lost my path, learned to a lot about linux and found true love.
So because of the recent news about wpa2, I thought about learning to do some things network penetration with kali. My roommate and I took an old 8gb usb and turned it into a bootable usb with persistent storage. Maybe not the best choice, but atleast we know how to do that now.
Anyway, we started with a kali.iso from 2015, because we thought it would be faster than downloading it with a 150kpbs connection. Learned a lot from that mistake while waiting apt-get update/upgrade.
Next day I got access to some faster connection, downloaded a new release build and put the 2015 version out it's misery. Finally some signs of progress. But that was not enough. We wanted more. We (well atleast I) wanted to try i3, because one of my friends showed me to /r/unixporn (btw, pornhub is deprecated now). So after researching what i3 is, what a wm is AND what a dm is, we replaced gdm3 with lightdm and set i3 as standard wm. With the user guide on an other screen we started playing with i3. Apparently heaven is written with two characters only. Now I want to free myself from windows and have linux (Maybe arch) as my main system, but for now we continue to use thus kali usb to learn about how to set uo a nice desktop environment. Wait, why did we choose to install kali? 😂
I feel kinda sorry for that, but I want to experiment on there before until I feel confident. (Please hit me up with tips about i3)
Still gotta use Windows as a subsystem for gaming. 😥3 -
The Odyssey of the Tenacious Tester:
Once upon a time in the digital kingdom of Binaryburg, there lived a diligent software tester named Alice. Alice was on a mission to ensure the flawless functionality of the kingdom's latest creation – the Grand Software Citadel.
The Grand Software Citadel was a marvel, built by the brilliant developers of Binaryburg to serve as the backbone of all digital endeavors. However, with great complexity came an even greater need for meticulous testing.
Alice, armed with her trusty testing toolkit, embarked on a journey through the intricate corridors of the Citadel. Her first challenge was the Maze of Edge Cases, where unexpected scenarios lurked at every turn. With a keen eye and a knack for uncovering hidden bugs, Alice navigated the maze, leaving no corner untested.
As she progressed, Alice encountered the Chamber of Compatibility, a place where the Citadel's code had to dance harmoniously with various browsers and devices. With each compatibility test, she waltzed through the intricacies of cross-browser compatibility, ensuring that the Citadel would shine on every screen.
But the true test awaited Alice in the Abyss of Load and Performance. Here, the Citadel's resilience was put to the test under the weight of simulated user hordes. Alice, undeterred by the mounting pressure, unleashed her army of virtual users upon the software, monitoring performance metrics like a hawk.
In the end, after days and nights of relentless testing, Alice emerged victorious. The Grand Software Citadel stood strong, its code fortified against the perils of bugs and glitches.
To honor her dedication, the software gods bestowed upon Alice the coveted title of Bug Slayer and a badge of distinction for her testing prowess. The testing community of Binaryburg celebrated her success, and her story became a legend shared around digital campfires.
And so, dear software testers, let the tale of Alice inspire you in your testing quests. May your test cases be thorough, your bug reports clear, and your software resilient against the challenges of the digital realm.
In the world of software testing, every diligent tester is a hero in their own right, ensuring that the digital kingdoms stand tall and bug-free. -
Who actually started the reign of mixed character passwords? because seriously it sucks to have an unnecessarily complex password! Like websites and apps requesting passwords to contain Upper/Lower case letter, numeric characters and symbols without considering the average user with low memory threshold (i.e; Me).
Let's push the complaint aside and return back to the actual reason a complex password is required.
Like we already know; Passwords are made complex so it can't be easily guessed by password crackers used by hackers and the primary reason behind adding symbols and numbers in a password is simply to create a stretch for possible outcome of guesses.
Now let's take a look into the logic behind a password cracker.
To hack a password,
1) The Password Cracker will usually lookup a dictionary of passwords (This point is very necessary for any possible outcome).
2) Attempts to login multiple times with list of passwords found (In most cases successful entries are found for passwords less than 8 chars).
3) If none was successful after the end of the dictionary, the cracker formulates each password on the dictionary to match popular standards of most website (i.e; First letter uppercase, a number at the end followed by a symbol. Thanks to those websites!)
4) If any password was successful, the cracker adds them to a new dictionary called a "pattern builder list" (This gives the cracker an upper edge on that specific platform because most websites forces a specific password pattern anyway)
In comparison:
>> Mygirlfriend98##
would be cracked faster compared to
>> iloveburberryihatepeanuts
Why?
Because the former is short and follows a popular pattern.
In reality, password crackers don't specifically care about Upper-Lowercase-Number-Symbol bullshit! They care more about the length of the password, the pattern of the password and formerly used entries (either from keyloggers or from previously hacked passwords).
So the need for requesting a humanly complex password is totally unnecessary because it's a bot that is being dealt with not another human.
My devrant password is a short story of *how I met first girlfriend* Goodluck to a password cracker!6 -
Call me a novice, but isn't the point of a user story to be concise, limited in scope and only concerning one purpose? Kind of like a class should only have one responsibility.
This stupid other reviewer developer comes whining at me saying I broke some shit in my user story and that I need to fix it. The weirdest part is that I didn't break anything. I wrote all my tests, they all passed and yep, this guy has the nerve to come and say that I broke other shit. Well genius, if it's OTHER SHIT, then it belongs as a bug in ANOTHER STORY. What the fuck man, seriously.
A few minutes of debugging later, I found out it was someone else who broke some code earlier on a piece that was part of my part of the application.
Why are others so quick to blame? This is unprofessional. OMG I DISCOVERED AN ERROR, YOU'RE PROBABLY THE ONE TO BLAME BECAUSE YOU'RE AN IGNORANT GUY BECAUSE YOUR TITLE IS JUNIOR DEVELOPER!
Right.
Companies like these, people, have bad communication. Bad companies.2 -
Friends, gather round for a story of "the user".
Two days ago I assisted a friend in reviving their scammed Instagram account with final confirmation it was back in their possession yesterday. I stated "make sure you clean out phone numbers, emails and change the password. WHATEVER YOU DO DON'T USE THE SAME PASSWORD"....I bet you know where this is going....
Queue 6:45am: "HELP! THEY DID IT AGAIN! THEY TOOK MY FACEBOOK THIS TIME TOO!" as a safety measure, I told her to link them for recoverability.....not thinking you just created a bridge to the facebook...
Now We're going through EVERY account BY HAND and changing EVERY password for EVERY service and enabling MFA. We've also learned the power that the forgot password button wields for everyone.
ProTip: If your friend was "hacked" be patient, friendly and soft to get every detail...sometimes you learn more and can position them better.
Now I'm upset with myself because I couldn't save their accounts and at this point we've lost the only footing we had to them. Social Media is a curse.1 -
I cannot remember having seen a more unethical and pushy user interface than the one of viagogo.
I'm a frustrated to close the entire tab within the first 10 seconds. It's a sad story on on how it tries to instill a sense of urgency to BOOK NOW!
100 people are looking RIGHT NOW at the YOUR offer! Stop thinking, act fast! BUY IT, YOU FOOL OR IT IS GONE!
Here, see all those other options are already sold out m( Oh look, that option over there? Just sold out in this very instant you lazy ass.
I have seen something similar on booking.com and airbnb, yet this egregious implementation truly gets my blood boiling and sets a new low.
I'll take my business elsewhere.
If you develop a web shop, treat your customers as actual adults. Let them breathe. Let them make an informed decision.
If you need to rush them, your business model is broken.
If my employer would ask me to develop something like that, I'd escalate hard. If that wouldn't suffice, I'd reject implementing that anti-feature and would look for a new job out of principle.rant 13337 devs are looking at this rant right now unethical behavior book now why are you slacking off upvote now pushy fraud ui2 -
I love devRant, show new prespective and many related story around me and my job.
For me devRant is like medicine, help me smile and make my good mood sometime.
But, also like medicine I only open the app on spare time or when I need it.
I just curious why so many people so addicted to this, also I see some user maybe like 90% exist and continously comment on every rant that I open.
Maybe our reference/priority is different, I prefer playing game mostly.
Well that what I think, just random spawning before go to sleep mode.13 -
Can there be a happy rant?
This is going to be a bit of a rambling semi coherent story here:
So this customer who just doesn't know what their data schema is or how they use it (they're a conglomeration of companies so maybe you get how that works out in a database). For every record there's like a ton of reference number type things mapped all over the DB to fit each companies needs needs.
To each company the data means something different, they use the data differently, and despite their claims otherwise, I think there are some logical conflicts in there regarding things like "This widget is owned by company A, division B, user C.". I'm also pretty sure different companies actually don't agree on who owns what... but when I show them they just sort of dance around what they've said in the past...
So I write a report (just an SQL query that outputs ... somewhere ... I mean what isn't that?) that tells them about all the things that happened given X, Y, Z.
Then every damn morning they'd get all up in arms about how some things are 'missing' but sometimes they don't know what or why because they've no clue what the underlying data actually is / their own people don't enter the data in a consistent way. (garbage in garbage out man...)
So I've struggled with this for a few weeks and been really frustrated. Every morning when I'm trying to do something else ... emails about how something isn't working / missing.
In the meantime I'm also frustrated by inquiries about "hey this is just a simple report right?" (to be clear folks asking that aren't being jerks, and they're not wrong ... it really should be simple)
Anyway my boss being the good guy he is offers to take it over, so I can do some things. Also sometimes it helps just to have someone else own something / not just look it over.
So a few days into this.... yup, emails coming in about things 'missing' or 'wrong' every day.
Like it sucks, but it's nice to see it suck for someone else too as validation. -
Web browsers removed FTP support in 2021 arguing that it is "insecure".
The purpose of FTP is not privacy to begin with but simplicity and compatibility, given that it is widely established. Any FTP user should be aware that sharing files over FTP is not private. For non-private data, that is perfectly acceptable. FTP may be used on the local network to bypass MTP (problems with MTP: https://devrant.com/rants/6198095/... ) for file transfers between a smartphone and a Windows/Linux computer.
A more reasonable approach than eliminating FTP altogether would have been showing a notice to the user that data accessed through FTP is not private. It is not intended for private file sharing in the first place.
A comparable argument was used by YouTube in mid-2021 to memory-hole all unlisted videos of 2016 and earlier except where channel owners intervened. They implied that URLs generated before January 1st, 2017, were generated using an "unsafe" algorithm ( https://blog.youtube/news-and-event... ).
Besides the fact that Google informed its users four years late about a security issue if this reason were true (hint: it almost certainly isn't), unlisted videos were never intended for "protecting privacy" anyway, given that anyone can access them without providing credentials. Any channel owner who does not want their videos to be seen sets them to "private" or deletes them. "Unlisted" was never intended for privacy.
> "In 2017, we rolled out a security update to the system that generates new YouTube Unlisted links"
It is unlikely that they rolled out a security update exactly on new years' day (2017-01-01). This means some early 2017 unlisted videos would still have the "insecure URLs". Or, likelier than not, this story was made up to sound just-so plausible enough so people believe it.50 -
I can't help it sounding bitter..
If you work some amount of time in tech it's unavoidable that you automatically pick up skills that help you to deal with a lot of shit. Some stuff you pick up is useful beyond those problems that shouldn't even exist in the first place but lots of things you pick up over time are about fixing or at least somehow dealing or enduring stuff that shouldn't be like that in the first place.
Fine. Let's be honest, it's just reality that this is quite helpful.
But why are there, especially in the frontend, so many devs, that confuse this with progress or actual advancement in their craft. It's not. It's something that's probably useful but you get that for free once you manage to somehow get into the industry. Those skills accumulate over time, no matter what, as long as you manage to somehow constantly keep a job.
But improving in the craft you chose isn't about somehow being able to deal with things despite everything. That's fine but I feel like the huge costs of keeping things going despite some all the atrocities that arose form not even considering there could be anything to improve on as soon as your code runs. If you receive critic in a code review, the first thing coming back is some lame excuse or even a counter attack, when you just should say thank you and if you don't agree at all, maybe you need to invest more time to understand and if there's some critic that's actually not useful or base don wrong assumptions, still keep in mind it's coming from somebody that invested time to read your code gather some thoughts about it and write them down for you review. So be aware of the investment behind every review of your code.
Especially for the frontend getting something to run is a incredibly low bar and not at all where you can tell yourself you did code.
Some hard truth from frontend developer to frontend developer:
Everybody with two months of experience is able to build mostly anything expected on the job. No matter if junior or senior.
So why aren't you looking for ways to find where your code is isn't as good as it could be.
Whatever money you earn on top of your junior colleagues should make you feel obligated to understand that you need to invest time and the necessary humbleness and awareness of your own weaknesses or knowledge gaps.
Looking at code, that compiles, runs and even provides the complete functionality of the user story and still feeling the needs do be stuff you don't know how to do it at the moment.
I feel like we've gotten to a point, where there are so few skilled developer, that have worked at a place that told them certain things matter a lot Whatever makes a Senior a Senior is to a big part about the questions you ask yourself about the code you wrote if if's running without any problems at all.
It's quite easy to implement whatever functionality for everybody across all experience levels but one of your most important responsibilities. Wherever you are considered/payed above junior level, the work that makes you a senior is about learning where you have been wrong looking back at your code matters (like everything).
Sorry but I just didn't finde a way to write this down in a more positive and optimistic manner.
And while it might be easy to think I'm just enjoying to attack (former) colleaues thing that makes me sad the most is that this is not only about us, it's also about the countless juniors, that struggle to get a food in the door.
To me it's not about talent nor do I believe that people wouldn't be able to change.
Sometimes I'm incredibly disappointed in many frontend colleagues. It's not about your skill or anything. It's a matter of having the right attitude.
It's about Looking for things you need to work in (in your code). And investing time while always staying humble enough to learn and iterate on things. It's about looking at you
Ar code and looking for things you didn't solve properly.
Never forget, whenever there's a job listing that's fording those crazy amount of work experience in years, or somebody giving up after repeatedly getting rejected it might also be on the code you write and the attitude that 's keeping you looking for things that show how awesome you are instead of investing work into understanding where you lack certain skills, invest into getting to know about the things you currently don't know yet.
If you, like me, work in a European country and gathered some years of industry experience in your CV you will be payed a good amount of money compared to many hard working professions in other industries. And don't forget, you're also getting payed significantly more than the colleagues that just started at their first job.
No reason to feel guilty but maybe you should feel like forcing yourself to look for whatever aspect of your work is the weakest.
There's so many colleagues, especially in the frontend that just suck while they could be better just by gaining awareness that there code isn't perfect.6 -
So this is the story of myself getting from hating vim to find it pretty good.
When i started fiddling around with linux i was literally overrun by vim. I mean how the fuck should i remember all these stupid commands.
So there we go ... nano was my favourite (and only) editor i used.
Everything was fine in my little nano world. I saw some colleague editing every damn thing in vim. I asked him "man what the fuck are you damn crazy"? And thats where till that moment the deepest conversation about an editor in my life began. He told me he could do that much with vim, its almost everywhere nowadays and a must for any admin.
So after letting him tell me about every thing you can do he promised me he is going to help me getting started quicker. And i must say boi vim is really awesome. But for "real" development i still use a ide. Although i find myself programming go, python or bash scripts entirely in vim and its not that bad.
So if you find your way through the deep shit of that single damn command input down there you can get a pretty decent editor.
Dont get me wrong i am forced to use nano sometimes, when i help some of friends with their servers or so and they litterally uninstalled vim because they were to frustrated.
So as i am started to go into the devops area you get more and more towards you have to edit a file on a server, or just tweak around before automating the shit out of it.
And i must say vim has become a solid alternative for me to a full blown ide, or any other text editor.
So yeah i am gone from freaking hating vim to using it almost everyday. But why some people out their treat vim like a religion is not understandable to me in any way.
So whats your story why do you hate/love vim? Or are you just like me a "happy user" that would switch to another editor anytime it would be a better fit?3 -
This is the story of probably the least secure CMS ever, at least for the size of it's consumer base. I ran into this many years ago, before I knew anything about how websites work, and the CMS doesn't exist anymore, so I can't really investigate why everything behaved so strangely, but it was strange.
This CMS was a kind of blog platform, except only specially authorised users could view it. It also included hosting. I was helping my friend set it up, and it basically involved sending everybody who was authorized a email with a link to create an account.
The first thing my friend got complaints about was the strange password system. The website had two password boxes, with a limit of (I think) 5 characters each. So when creating a account we recomended people simply insert the first 5 characters in the first box, and the rest in the second. I can not really think of a good explanation for this system, except maybe a shitty way to make sure password are at least 5 characters? Anyway, since this website was insecure the password was emailed to you after the account was created. This is not yet the WTF part.
The CMS forced sidebar with navigation, it also showed the currently logged in users. Except for being unreadable due to a colorful background image, there where many strange behaviors. The sidebar would generally stay even when navigating to external websites. Some internal links would open a second identical sidebar right next to the third. Now, I think that the issue was the main content was in an iframe with the sidebar outside it, but I didn't know about iframe's back then.
So far, we had mostly tested on my friends computer, which was logged in as the blog administrator. At some point, we tried testing with a different account. However, the behavior of sidebars was even stranger now. Now internal links that had previously opened a second, identical sidebar opened a sidebar slightly different from the first: One where the administrator was logged in.
We expirimented somewhat, and found that by clicking links in the second sidebar, we could, with only the login of a random user, change and edit all the settings of the site. Further investigation revealed these urls had a ending like ?user=administrator2J8KZV98YT where administrator was the my friends username. We weren't sure of the exact meaning of the random digits at the end, maybe a hash of the password?
Despite my advice, my friend decided to keep using this CMS. There was also a proper way to do internal links instead of copying the address bar, and he put a warning up not to copy links to on the homepage. Only when the CMS shut down did he finally switch to a system where formatting a link wrong could give anybody admin access. -
Guy blackmails the whole scrum team that he wants to work on a python user story, because he loves python and that's what he's good at.
Then in a week writes about a hundred lines of code, didn't hear about pep8 and complains about the speed of the code.
Used re.seach instead of re.match. In half an hour there is a 100x speed-up. He loves python.3 -
Previously, I've shared a story about the internship at an IT department for a local "center for student guidance". This was back when I was in high school.
Since nearly everyone was incompetent with tech, we often got a call for dumb IT errors. We got a call that a user had a black screen and could not work anymore with her computer.
So we went to troubleshoot, she was correct... A black screen but her computer was still booted. So we moved the mouse and the mouse showed up. We pressed escape and she could continue...
She called the IT department because she was on the last dia of her powerpoint and the text for "press escape to close the dia presentation" has disappeared. She never touched her keyboard or tried anything :D -
Back in school projects, I used to take way too much tasks in a user story because I knew that at one point, if it was someone else working on it I would end up fixing it anyway. Now I have trust issue -_-2
-
So, this is a story of an experience a friend of mine had with Android Studio.
As part of our semester, we are required to make an application through Android Studio, and had no previous experience with it. We started to download and install it all which were a nightmare on its own to make it work.
While i got it to work in the end, she encounterred a big issue. Her pc was named after her name, which contained letters android studio did not understand (æ,ø,å) and made it absolutely useless.
After installing and uninstalling multiple times, she ended up making and entire new user called "F#ck Android Studio" just to make it work.
No idea if there was an easier way, but damn its been hell for her4 -
Jfc why do phone meetings always have like 20 cumulative minutes of radio silence? I swear, I ask a question and I may as well be listening for a pin to drop over there because no one in team leadership is saying a n y t h i n g.
It's upsetting because it makes me painfully anxious because Oh God What Did I Say but more than that, it feels like this huge waste of time to just...sit there. On the phone. And then when we go over time later in the middle of pointing a user story leadership's like, "Hey, can we wrap this up?" like sorry? That's not...my fault? I'm...
And I totally get it if you can't answer my question immediately, but if it takes you more than like a minute to come up with something just gimme a, "I'll get back to you on that," and move on. No need to wait for the end days, dude. We've got lives to live and better things to do, Clearly.3 -
This story happened to everyone, and i am sure that if i search, i will find dozens of similar stories, but the different here is, i tried, i really tried, in a hundred different ways to achieve my goal !
When you are stuck on a problem, let's say, that you have a program, project, website ... and need to achieve something technically weird (or hard) and need some help to save you time on experimentations. The first thing a lot of people do is : Google.com && put search dorks.
But, at a moment, google gets "dirty", you use it so often that he always think to know better then you what you are looking for.
It reminds of "Ted", the movie (for thows who know it) where they asked : "Hey ! Why does google always suggest us to look for black dicks ??"
It is exactly what happened to me, i got results who doesn't have anything to do with what i was looking for !
You can give it a try now : type "semantic web RDF to RDB"
You won't find anything, except results related to : NOSQL DBs, which is totally annoying.
Something else, i once google swift to get some updates, what results did i got ? Taylor Swift ... (musician)
I often get 2 or 3 results from google, which made me thinking that i somewhat reached the end of internet, or that people are so dumb that i will have spend hours trying to figure my solutions, but, before doing that, other solutions had to be tested.
1- TOR : Google tracks his users and uses its algos and bullshits to return results as close as possible to the user's demand (big fail ...) so how about moving to a different country ? DL TOR browser, open, setup, go to US, open google (got us version YAY !) enter my keywords, and, nothing, still nothing, more results for sure, but nothing related to what i was looking for.
2- VM
Pop a VM, launch TOR, use Hidden mode, delet all cookies and stuff (it is a new VM but who knows).
Use keywords (now in UK). Here they are !! my results !!! i finally found some decent results about my keywords !
But, i have the required knowledge to do this kind of stuff, but how about people who rely heavily on google ? they can't change country, clear everything, trick google to think you are a new user, they have almost biased and flawed results. I tried duckduckgo (i love them) but they are not that efficient.
Google says not to anything evil, but they ARE EVIL, miss guiding people, suggesting corrections who have nothing to do with the keywords, or results totally unrelated in any way to the keywords while results exist in other countries ???
Ever since, i don't pay attention to google at all, and started thinking that google's algos are manipulating people, i don't know if it is done on purpose or not, but the result is the same, people have biased results based on their country, on their tag, on their ID, and the recent keywords.
During that period i was cursing google every funcking day, and i am still doing it, too much trackers, too much manipulation, i will end-up enclosing myself in darknet.4 -
Do you all sometimes have this strange feeling, that.. actually humanity would not lose anything, if we killed all that useless tech we earn our money with?
Yeah, we get all that propaganda how technical prowess is empowering and sure we all know it's a nice feeling if you can apply the right clicks and bit flips to make the machine do as you want so you feel like the apprentice's sorcerer.
BUT even if you believe your user story adds some business value to some abstract package - what do these devices mostly do? Distract, diffuse your focus, envy other eye-porn provider, endless aberration of clips.
Fuck social media!
(Yes, I know I am on one, but this is because I haven't given up hope on this one.)6 -
what would you guys think of a user-controlled news app? like people would posts stories, and users would control what content would be featured in their respective categories. then you would have a feed of all the categories you follow. story integrity will be controlled by users approval and by corroboration.
sound cool?7 -
I’m having this issue for the online marketplace I’m working on the side. It’s blockchain tech where you can purchase normal goods and services(no, not like Amazon or Fiverr, eww, this one’s more inclined with promoting organic growth for small businesses and freelancers).
I’m stuck with what solution is in the best interest of the user and the business for the long-term.
The dilemma about anonymity, online freedom and privacy is yes, it protects users from predators and attackers, but then, it’s harder for authorities to hunt down people who uses platforms for malicious intent, and also, digital footprint is helpful during litigation as evidence.
You don’t know who to trust.
-There is nothing to differentiate normal users with spammers, scammers, etc.
-There is no accountability for if they break the rules. They can easily delete and create a new account.
Platforms, communities big or small are plagued with these.
There are a lot of people out there who would rather project their insecurities on other people than to seek therapy.
Also, how platforms uses psychology tricks to make platforms addicting, it’s safe to assume that it’s bound to get toxic. Fixation on these platforms, leads to other needs being neglected or people forget to stay present.
Another thing, automated moderation is not that effective as there are still biases in data and human verification is still required. But then, human moderators get exposed to extreme violence, gore, etc that leads to poor mental health. (see Facebook got sued by moderators)
Also, I’ve had a recent experience where some unstable dev was stalking and harassing me. During that turmoil, I’ve found the many loopholes in every platform out there and how crappy their support is. Like they’ll just say, “make your account more secure”, bitch it’s your platform not providing enough security, your blocking feature means nothing coz anyone can still create accounts and message anyone.
It happened like February-August (it ended coz I quit going online and made private all my accounts). UGH I MISS ALL MY FRIENDS THO. FUCK THAT DUDE. He deserves to be in jail TBH
Lol if this product booms, now u know the back story lololol -
Some information in advance:
I developed a Word AddIn for automatic document creation. This AddIn pulls data from various systems, transforms them, if necessary and fills them into templates.
The AddIn gets rollout by another department. And by now there is version 1.3.3 out.
Now the story:
Since several months I have heard of users which have some reoccuring problems with the AddIn and I couldn't understand why. The first level support always helped them with some workarounds.
Now, I helped one user by myself and what did I see?
The user had version 1.0.5 installed!!!! WTF!? The version info is very prominent for the first level support and they should know, that this is not the correct version!
I think I have to implement a version check now, if the rollout is so great working...maybe I should have done this since the beginning... -
That time you would have used to test that code in postman, bravely muster the werewithal to write automated tests instead. It's a onetime investment that keeps malfunction in check until code is altered
I acknowledge the fact that it's not always possible. You may have gotten thrown in headfirst into unfamiliar territory ie tech stack, or inherit a monolith where no tests were pioneered. Or you may be strongly constrained for time. But in events that you can, it's worthwhile
Whether automated or manual, Testing your work the least professional thing to do before handover. Might as well swallow the bitter pill of avoiding the gui shortcut, and write those certifications once and get it over with
My preference is to write a boilerplate that gets generated each time I create a new module/resource management classes. Another strategy is to write them immediately after completing implementation of each endpoint/user story/feature, even if they're not run immediately. That way, they don't pile up in the end
Or you could try the tdd that everyone else cherishes. Whatever works for you, the end justifies the means4 -
Recently joined a company (as a fresher), don't even know java spring but have been assigned user stories to be done in java spring batch. I know how to do my story normally in java but in batch it's like a nightmare.I am just unable to do it and today on my way back home,I started questioning if i am good at coding or not....Never felt so low about myself...
-
I’m really getting fed up with the situation I am in!
I was brought in as a development lead, which in my eyes and from the sound of it leading on the technical delivery, inspiring and leading technical development decisions and generally leading my team (one additional dev) in the delivery of work items and user stories which the PM or Business analyst produces..
Then it “evolved” into what felt more like a development manager where I was reporting to senior management on KPIs and stuff, I sucked it up and did it.
Then they brought in two new people which they call application specialists. These people spend all their time managing existing off the shelf applications, communicating with the vendor, running user groups where they work with our users on moving the product forward and planning the configuration and enablement of new functionality.
Because they are “developing” the application (in the same way a child develops, or the same way a story line develops and evolves) they fall under me..
So now I spend a split amount of time developing software and also managing what I can only explain as project managers, product owners...
Oh but then it gets better!! Now they want me(as well as our info sec lead and our infrastructure lead) to be a kind of all round delivery lead, gauging the requirements of a project, reporting in its risks to senior management, resource planning, everything a PM does! And also be the technical person delivering these projects!
Honestly, it’s seriously starting to take the fucking piss!
I am a technical programmer, a pretty good one if I say so myself, the developer reporting to me is good but needs hand holding which I am ok with! But would never be able to deliver an element of a product by himself in line with what we expect in quality of code..
Why would anyone think you take a person built and only interested in doing a technical role and make then a generic all round manager of a project??
I know why they did it! It’s because there are other managers in our department paid the same “level” as me, but because of their management responsibility’s , I however feel I am paid this much for my technical experience and abilities, thy are just blanket covering everyone the same at this level.
You would never get a manager at this salary scale with the technical skills they need, and you would never get a technical person with the skills interested in doing that type of management at this salary scale!
I’m just a mug and they know it!
So fucking angry!3 -
I'm developing an app based on user stories and stuff. The business team used Trello to share them with the devs. Everytime they changed a comma, they'd upload a new file. We got to the point where a simple 1 page story had like 15 versions..
So a couple of days ago I suggested my project's PO she could use Confluence for that, I explained her the benefits like how it'd be easier to track changes and the best part: no 30 effing word files.
I checked it today and turns out she started using, but instead of writing stories on pages, she just downloaded everything from Trello and uploaded the documents there 🤦♂️🤦♂️🤦♂️🤦♂️🤦♂️🤦♂️🤦♂️🤦♂️🤦♂️1 -
Newbie Linux User - Story about not working GUI
I am a proud Opensuse user for about a year, still struggling with some basic stuff, terminal, etc.
The story begins when a few days ago I try to login to the system. To my trusty Gnome. I get stuck on login loop;
successful login - > black screen for a second - > back to login screen.
Zero feedback, not a single error message
Stress level increases taking in count that I am at a climax at my university with tons of projects on my computer.
I assemble the Team A:
Me, Google, Stackoverflow, and for desperate times Russian Stackoverflow
Over 4 hours, found out that my user is affected by this, tried restoring default Gnome configuration, went through bunch of logs only to find out that every user gets the same errors, still only my not working. Even KDE denied to cooperate with the same result.
So what went wrong you may be thinking.
One line in file replaced by miniconda, that changed the PATH.
Linux is the best detective game that I've ever played.
Is it something that I should get used to?2 -
Hate it when clients told you a specific requirement but then changes it the last minutes. You can't justify or argue. Can't do nothing about it but only follow. Just a high paid slave.
Example:
Client-verbal: background color of all 5 pages
Me-with email verification: ok. I will bg color of all pages will be red based from our last meeting.
Client email reply: ok
After a few days
Client: I think we have misunderstanding. What I meant was 4 pages red only. The 5th page should be maroon.
Me in my mind: wtf. Of course I can't argue but just agree and follow. The demo is near and he'll just inform the last minute. I will not win this argument.
Also, there are no acceptance criterias in the user story.6 -
Worked on a project, where the goal is to fit whatever can be shipped based on the days estimated and funds allocated for the product to be completed. End story is that the user/customer have a product that nobody knows and wants how to use.
Approached leadership team and told them to right the ship, but due to numerous bureaucracies and levels of approvals required, project was shelved and a new project (again with allocated fund and deadline) is being cooked.1 -
Hey fellow devs,
i finally did it! i applied as a junior dev in a software company for inHouse projects. the job interview is today in one week.
little background story for those of you who are just procastinating at this time:
i have started coding when i was in school. just little stuff - nothing special. after i finished school i edjucated in the business field (did not found the english word. something like office person or in our words "user").
after that my company changed the ERP System and i wanted to do that so badly. and i got that job. i worked my ass of to get that baby running. from entering the orders to production to shipping and billing, i made that all happen by myself. as we had some very specific requirements i also wrote applications myself. after about three quarters of a year we switched to the new system and it ran smoothly (company is producing windows and doors). i was so proud when the first windows were finished.
BUT there was one problem. I was alone. no second it person i could talk to. no one i could learn from and no one who could learn from me. i then decided to change the company. same product, same job - but within a team. It was a whole other experience. i really enjoy the exchange with my colleagues. we learn from each other and we solve problems together. we can rely on each other. As i worked there i also wrote applications for inHouse usage and i even launched my own first app (not related to company - private commercial project)
BUT there is one problem. I am still the only dev. so i try to code the lease i can at my current job so that the team still works and the whole system stays maintainable for everyone. I do not feel good holding back the desire to code something. so after two years (and with a lot of talks with my cousin) i finally applied for a job as a "real" developer.
I have no bachelor, so the invitation for the job interview made me so damn happy. i really hope that i can transmit my passion for this job and if everything fits that they take me.
The next rant will then be about the result of my job interview :)
PS: even if i do not get the job. i am proud of myself that i applied!
Thanks for reading, potato potato1 -
why the hell would you set a router's default user/pass to nothing?! like to blank... WHY!!! spent about 2 hours trying to find this fricking thing online and of course, there's no documentation, who need that shit anyways
long story short: @router_manufacturers, set the default user/pass to "admin" AND PUT IT ON YOUR WEBSITE!!!!!!!!2 -
Completed an 8h user story to spec, to Beta 1 stage in under 7h. Just waiting for the "last tweaks"...
-
PO: "Remember guys, protect your scope!"
.. moments later, after the PO meeting..
PO: "I want you to do user story x but I want it changed this way"
me: "Ok"
*pling* notification: PO changed jira story
*I work on it for a few hours*
me: "Is this what you wanted?"
PO: "Yeah, actually I made up my mind. I want you to implement it totally different and scrap what you added now"
me: "Thanks for wasting my time bro"
me: *codes*
.. a few hours later, mid-coding..
PO: "Uh, yeah, changed my mind. The way you did it now is ok, but I want something else added"
*3 iterations of the same crap later*
me: "Sigh, make up your minds!"5 -
Searching in Confluence sucks so bad it was faster for me to check out a branch of my code to find a url in a comment for a particular user story than it was to type the query, go through pages of unrelated results only to give up and hope I got the details right.
-
Look at this beautiful perfectly targetted at that showed up under my rant over poker. I stated where I've played and what my conclusions about poker were. It repeats those parts in his story and advises a different poker site. This is targeting 2.0. It's not even annoying, it could've been useful actually. The annoying part of advertisement is repeating because we're just not that interested and they hope to get you on a weak moment. But imagine if the strategy was targeting so good, that it has a conversion rate of 20 - 30% that a user clicked on it. You won't be needing to have adblock and consider the ads even interesting. Maybe the future of advertisement is bright. Imagine that the mindset becomes "Oh, an add, interesting" and regularly clicking on it8
-
Our sprints are 3 weeks. The first sizing for an user story is 1.5 weeks/1person. 2 sprints (6 weeks) after 2 of us are still working on that undersized shit...
-
How does your organisation and team balance PR comments demanding changes and dev time?
Here, while fixing PR comments we sometimes end up wasting as much time as we took in actually developing the feature... As a result, almost every major user story overshoots the estimation and almost every sprint gets delayed.
Yes, to each his own; but talking in general, why do you think this time wasting happens?
Do you think that happens because some of us are not as experienced as the others, the existing code not being up to the mark giving a bad example, or just a skewed review process?2 -
Sent a User Story link to a senior that he had requested (10+ years of exp)...
Me: Sir, why do we need this US?
Him: Why
Me: Yes sir, why do we need that?
Him: Yes, that's what I'm asking you, why do we need this?
Me: But sir I asked first 🙄1 -
TL;DR
I'm looking for a good cloud based python IDE. Let's hear suggestions...
Full Story
My employer provides me with a MacBook to use at work, however they use a custom OS X image that has whatever security configuration they decided was essential. Something about the configuration prevents me from running third party Python packages.
During those times that I'm "waiting for work things to compile", I'd love to tinker with a little Python project I'm messing with. Does anyone have any suggestions on cloud based IDEs for Python?
Yes I've Googled it, plenty of results. But anyone have suggestions based on their own user experience?
Thanks ahead of time!6 -
Got a new user story for code refactoring of my previous stories.To motivate myself i am trying to think like
" it's much better to clean my own shit then others."