A few years ago when I was still an apple fan boy, friend of mine bragging me about how android is awesome, we were drinking some shots at our local pub and I was starting to get light headed. At one point he showed me so called "terminal emulator" app. I checked it out, and assumed it's an emulation, just like dosbox, so I decided to verify that "rm -rf *"... (the phone was rooted)

The phone shutdown within seconds, I couldn't stop laughing, while my friend was shock that his new phone was longer booting.

Luckily he managed to reflash the ROM. What can I learn from that experience?
1. Don't drink and sudo
2. Don't call your app an emulator if it's the real deal.

How the Fuck do you verify this shit???

A super creepy webcrawler I built with a friend in Haskell. It uses social media, various reverse image searches from images and strategically picked video/gif frames, image EXIF data, user names, location data, etc to cross reference everything there is to know about someone. It builds weighted graphs in a database over time, trying to verify information through multiple pathways — although most searches are completed in seconds.

I originally built it for two reasons: Manager walks into the office for a meeting, and during the meeting I could ask him how his ski holiday with his wife and kids was, or casually mention how much I would like to learn his favorite hobby.

The other reason was porn of course.

I put further development in the freezer because it's already too creepy. I'd run it on some porn gif, and after a long search it had built a graph pointing to a residence in rural Russia with pictures of a local volleyball club.

To imagine that intelligence agencies probably have much better gathering tools is so insane to think about.

Dad: why do these forms ask me to fill those random characters(captcha)

Me: to verify that you are human

Dad: as if animals can use computers

Me: 😅

After listening to two of our senior devs play ping pong with a new member of our team for TWO DAYS!
DevA: "Try this.."
Junior: "Didn't work"
DevB: "Try that .."
Junior: "Still not working"

I ask..
Me:"What is the problem?"
Few ums...uhs..awkward seconds of silence

Junior: "App is really slow. Takes several seconds to launch and searching either crashes or takes a really long time."
DevA: "We've isolated the issue with Entity Framework. That application was written back when we used VS2010. Since that application isn't used very often, no one has had to update it since."
DevB: "Weird part is the app takes up over 3 gigs of ram. Its obviously a caching issue. We might have to open up a ticket with Microsoft."
Me: "Or remove EF and use ADO."
DevB: "That would be way too much work. The app is supposed to be fully deprecated and replaced this year."
Me: "Three of you for the past two days seems like a lot of work. If EF is the problem, you remove EF."
DevA: "The solution is way too complicated for that. There are 5 projects and 3 of those have circular dependencies. Its a mess."
DevB: "No fracking kidding...if it were written correctly the first time. There aren't even any fracking tests."
Me:"Pretty sure there are only two tables involved, maybe 3 stored procedures. A simple CRUD app like this should be fairly straight forward."
DevB: "Can't re-write the application, company won't allow it. A redesign of this magnitute could take months. If we can't fix the LINQ query, we'll going to have the DBAs change the structures to make the application faster. I don't see any other way."

Holy frack...he didn't just say that.

Over my lunch hour, I strip down the WPF application to the basics (too much to write about, but the included projects only had one or two files), and created an integration test for refactoring the data access to use ADO. After all the tests and EF removed, the app starts up instantly and searches are also instant. Didn't click through all the UI, but the basics worked.

Sat with Junior, pointed out my changes (the 'why' behind the 'what') ...and he how he could write unit tests around the ViewModel behavior in the UI (and making any changes to the data access as needed).

Today's standup:
Junior: "Employee app is fixed. Had some help removing Entity Framework and how it starts up fast and and searches are instant. Going to write unit tests today to verify the UI behaivor. I'll be able to deploy the application tomorrow."
DevA: "What?! No way! You did all that yesterday?"
Me: "I removed the Entity Framework over my lunch hour. Like I said, its basic CRUD and mostly in stored procedures. All the data points are covered by integration tests, but didn't have time for the unit tests. It's likely I broke some UI behavior, but the unit tests should catch those."
DevB: "I was going to do that today. I knew taking out Entity Framework wouldn't be a big deal."

Holy fracking frack. You fracking lying SOB. Deeeep breath...ahhh...thanks devRant. Flame thrower event diverted.

The hardest part of being a programmer wasn't the education, the self-teaching, the sleepless nights or the hours of agony trying to fix a bug that would break a program I'd spend weeks working on.

It's the realization that my family, friends, coworkers...nobody understands at all what I do. They don't know of my failures or my triumphs. I can't talk about it with them and it's becoming more apparent to them that it's taking up more of my life. And in a way it feels like a part of myself has just become, well, alien.

Best way I can describe it is, it's like the "Tears in the Rain" scene from Blade Runner.

I'm stuck, I think. I know I've been shutting out people from my life more and more as I don't want to "deal" with people's issues, but I don't think it's been good. I'm can verify that I'm depressed beyond my normal levels.

It's time for me to make an appointment with a therapist.

Remember that you are loved here, and appreciated. Don't let anyone tell you different.

Stay strong.

Hi client,

I am not able to login to your prod server. Can you please verify the following:

Host: x.y.x.y
Port: 1234
Username: ABCD
Password: password1234

Thanks,
My idiotic coworker

Not a rant, but I found this funny enough to share.

About two weeks ago, I’m contacted by a third party development firm that is responsible for building the next iteration of a control board were are developing. Alongside build of the PCB they were scoped to flash the firmware and verify all connected components.

During the call, they tell me they don’t have the resources to build our testing environment with the Ansible script I provided, and they don’t know if the updates they have made will work with our control system. Ugh...really...

I attempt to walk them through the 3 pretty simple commands to launch the playbook. Instead of listening, their project manager insists that I need to load up the environment and send them a ready to go system.

I quickly load up a RaspberryPi and prepare it for shipping. I hand the box to our shipping clerk and fill out the shipping request documentation. Then about a week goes by and this is where the story really begins.

I get an email from the same rep asking where the environment is, and I head down to the warehouse to inquire where the RaspberryPi might be. After speaking with the head clerk, we can’t seem to track down the package. I’m assured that they will find the Pi and send me the shipment update.

I pass the information along and after about a day and a half I still didn’t receive word back from the warehouse team. I load up another Pi and head back down to the warehouse. I follow up with the warehouse staff. They inform me that they have not been able to locate my package and another warehouse worker is called over. He says he hasn’t seen it, but they they were having a food day that day and he thinks more than likely someone ate it.

Like it didn’t even click at first but after a few seconds I realize that these guys have literally been looking for a pie for the past two days...and I JUST DIE.

After the 5 or so minutes of laughing I show them the newly flashed RaspberryPi, and of course they know exactly where the original one was.

It’s shipped out now, but wow. Also, it turns out the PCB manufacturing company didn’t even really need this and it was all a guise to hide that they are behind schedule and that they will not be able to finish the work scoped. FML!

Dear sir,

I'm NOT giving you the information you want because I can't verify you. You can tell me that we're the only company who does it like this and name all companies which do it differently, you can curse me into the ground or completely lose your shit at me but that won't make a difference:
I'm not giving you the information you want.

Sincerely,

Go fuck yourself.

"The customer reports that port 21 is closed on our FTP site. They said that port 443 is open, and wonder if they can use that instead."

"They are entering the wrong server name. Our FTP server is ONLY an FTP server. Port 443 is not open on our FTP server.

Please verify that they are entering `ftp.xxxxxx.com`

Our FTP site supports FTP/SSL if they are concerned about security."

"Customer responds that they would rather use port 443 to send files."

"I'm sure they would. I'd also like to enter our building on the west side when the temperature is below 10º, but there are no doors on the west side, so that's not going to happen, is it?"

Pressing Ctrl + S only once to save your code in the editor is the tech equivalent of locking the door to your mansion and not pulling the knob to check if it has indeed been locked.

How do I un-idiot my users when it comes to clicking on dodgy email-links??

Got a forwarded email just there from a user who said;

Good afternoon,
Is the below ok to open?
I just tried but got a popup saying I've been blocked from opening it.
I'm not sure who it is coming from and I am not waiting on anything but as it says its from dropbox and is important, i know it's okay.
Can you unblock the link ASAP please?
This is really impeding my work-day as I need to know what it is and act accordingly.
Regards... user.

The Original email came from a random jumble of letters with a subject line of 'important dropbox program' - not only does it look dodgy but its english is horrible! It said;

"Hi tu my freind,

You tu still read a pending verrry important document sent by one of your own contact to be vieweddd.

Install "Highly Confidential english.pdf" by clickinggg here

*insert link leading to something called 'viral-update-trojan.exe'*"

I mean, seriously... help!!! 😢
We have sent emails explaining how to hover over links and to not to click them if it looks wrong.
No one does it.
We hired a company to send fake phishing emails to train users in what to do.
It made no difference!
We now make people 'verify' their email addresses when opening any sort of link to try get them to actually look at what they're opening.
We also strip emails of original attachments and create 'safe' html copies as we can't trust them to look at what they're opening.
Everyone complains about it but Jesus Christ, this is why!!!

Its so exhausting!! What is wrong with people!!! Argh!!! 😤

Okay, time to delete my old Skype account
1. Enter Skype name
2. Reset password
3. Captcha
4. Complete email
5. Enter email code
6. You are logged in now, please complete your profile first
7. Enter birth date
8. Add your phone number or second email address
9. Create new outlook mail
10. Got access to profile settings
11. Click on delete profile
12. Stop please first verify your email again
13. Enter code
14. Check all checkboxes that I am really sure to want it deleted
15. Click delete button

Fuck hell and that all again for my second account

Hey, Root? How do you test your slow query ticket, again? I didn't bother reading the giant green "Testing notes:" box on the ticket. Yeah, could you explain it while I don't bother to listen and talk over you? Thanks.

And later:
Hey Root. I'm the DBA. Could you explain exactly what you're doing in this ticket, because i can't understand it. What are these new columns? Where is the new query? What are you doing? And why? Oh, the ticket? Yeah, I didn't bother to read it. There was too much text filled with things like implementation details, query optimization findings, overall benchmarking results, the purpose of the new columns, and i just couldn't care enough to read any of that. Yeah, I also don't know how to find the query it's running now. Yep, have complete access to the console and DB and query log. Still can't figure it out.

And later:

Hey Root. We pulled your urgent fix ticket from the release. You know, the one that SysOps and Data and even execs have been demanding? The one you finished three months ago? Yep, the problem is still taking down production every week or so, but we just can't verify that your fix is good enough. Even though the changes are pretty minimal, you've said it's 8x faster, and provided benchmark findings, we just ... don't know how to get the query it's running out of the code. or how check the query logs to find it. So. we just don't know if it's good enough.

Also, we goofed up when deploying and the testing database is gone, so now we can't test it since there are no records. Nevermind that you provided snippets to remedy exactly scenario in the ticket description you wrote three months ago.

And later:

Hey Root: Why did you take so long on this ticket? It has sat for so long now that someone else filed a ticket for it, with investigation findings. You know it's bringing down production, and it's kind of urgent. Maybe you should have prioritized it more, or written up better notes. You really need to communicate better. This is why we can't trust you to get things out.

*twitchy smile*

I made a script for this group to verify their data, but they didn't want to use it because it's "only 50 lines of code and might miss something".

Before anyone starts going batshit crazy, this is NOT a windows hate post. Just a funny experience imo.

So I was tasked with installing ProxMox on a dedicated server at my last internship. The windows admin was my guider (he could also do debian). (he was a really nice/chill guy)

So we were discussing what VM's we wanted and the boss (really cool dude by the way) said he wanted a VPS for storing some company stuff as well. Fair enough, what would we use? I suggested debian and centos. Then we started discussing what we'd do if the systems would fuck up etc (at installation or whatever).
So I didn't wanna look like a Linux Nazi so I suggested windows. Then the happy/positive guider/windows admin suddenly became dead serious (I was actually like 'woah' for a second) and said this:
No. We're not going to fucking use windows for this. For general servers etc sometimes, fair enough but we're talking about sensitive company data here. I don't want that data to be stored on a proprietary/closed source system, hell what if there's some kinda fucking backdoor build in, who can fucking verify that? We're using Linux, end of discussion.

😓

I was pretty flabbergasted as he's a nice guy and actually really likes windows!

Linux it became.

PEOPLE. DO NOT LIE ON YOUR RESUME. IT. IS. NOT. WORTH. IT. Ok, backstory.

We had a guy apply for this position at work. It really needed to be filled but also required someone with just the right certifications, so hiring the first schmuck to come along Was not an option.

We search high and low and as time passes without an acceptable applicant we become more desperate and open to negotiation. Basically, you name your price, we’ll agree to it at this point.

So finally a guy comes in, got everything we need but one minor certification. No problem. He can get that on the job, he doesn’t need it to start. He’s hired.

So he quotes us a salary 10% above our top range of what we’d usually pay a guy for this position, we don’t care. He gets it. Plus a housing allowance.

So we’re getting him registered with a place to handle his certification process and they call his four year institution to verify his transcript. We work with hazardous materials and a four year degree in a relevant field is required. It’s standard for the certification training institution to check. Especially when it’s a prestigious big name place like this guy had. And here I used to think that was paranoid of them.

They call and tell us the school says they have no record of him. We do some digging. He was never registered there. I’m like “that’s not possible, his professor is a listed reference. We call that reference.

He worked on a project with this man, he never taught him. Is very fascinated to learn this man has been presenting himself as though he attended the university. Asks to be delisted as a reference.

So long story short it comes out this guy did have a degree in this field, just from a less prestigious university.

The insane thing is, he would’ve still gotten the same job and salary package if he’d been honest about his university!

It is a loss for all involved. He doesn’t have a job. We don’t have anyone working in this position. It’s really unfortunate. Don’t lie on your resume people. Your employer will find out and the risks are not worth the benefits.

Disclaimer: I can't 'officially' verify this.

I've been using Firefox as main browser with about 5 addons for added privacy for ages now. When googles (fucking) reCaptcha takes more than a few minutes on Firefox (about 90 percent of the time, I'm estimating), I switch to Chromium (with the same amount of (similar) privacy addons) so I can go on with my stuff.

Now, I recently thought 'why not try to do user agent spoofing on Firefox to see if reCaptcha would start working 'normally'?

So, I installed a user agent spoofing addon on Firefox/Chromium, results:

Without spoofing:

Firefox reCaptcha success rate: 10 percent approx. (mostly 2+ minutes)
Chromium: 90 percent. (mostly instant)

With spoofing:
Firefox: 90 percent approx.
Chromium: 10-20 percent approx.

Again, I can't prove any of this yet but mother of fucking god, whenever using Chromium or spoofing Chromium on Firefox the succession rate skyrockets.

Google, what the fuck are you up to?

Mac: Hello welcome please sign in

Dev: Fair enough

Mac: Oh you haven’t signed in in awhile please get get verification from other device

Dev: kk

Mac: Oh you don’t have a dev account, please sign in on this website

Dev: Hm.

Mac: In order to sign up for a dev account you need to download this app

Dev: ???

Mac: Are you sure you want to open this app you just downloaded?

Dev: Sigh.

Mac: In order to sign up for a dev account on this app you need to sign into it

Dev: For the love of god

Mac: Ok now you can build with Xcode.

Xcode: No you can’t. You have to sign in

Dev: fuck sakes.

Mac: Are you sure you want Xcode to access files on your computer?

Dev: …Yup

Xcode: Signing in isn’t enough you have to select the fact you are signed in a dropdown nested 3 menus deep.

Dev: God damn.

Xcode: Build failed please sign in to phone as well.

Phone: New sign in detected, please verify with alternative device.

Dev: Jesus.

Xcode: Build success! Pushing to iPhone.

Dev: Finally.

Xcode: Unknown error occurred. Please go to support.apple.com for help. :)

Dev: …

I saw this in a rant a few minutes ago and I had to verify if it was real.
It's real.

Morning Deployment.

Me: Let's add this application to this server.

Deployer: Alright.

...

D: Done. Please verify.

Me: I'm seeing errors. Send me the logs.

D: Sure. I also updated the framework to a version that wasn't tested.

M: Yeah, that won't work. Roll it back.

D: Fine.

...

D: Done. Please verify.

M: All the applications on the box are broken. Please revert to the snapshot before the Deployment.

D: Oops, I didn't make one.

🙁😟😢😭😤

Well, here's the OS rant I promised. Also apologies for no blog posts the past few weeks, working on one but I want to have all the information correct and time isn't my best friend right now :/

Anyways, let's talk about operating systems. They serve a purpose which is the goal which the user has.
So, as everyone says (or, loads of people), every system is good for a purpose and you can't call the mainstream systems shit because they all have their use.

Last part is true (that they all have their use) but defining a good system is up to an individual. So, a system which I'd be able to call good, had at least the following 'features':
- it gives the user freedom. If someone just wants to use it for emailing and webbrowsing, fair enough. If someone wants to produce music on it, fair enough. If someone wants to rebuild the entire system to suit their needs, fair enough. If someone wants to check the source code to see what's actually running on their hardware, fair enough. It should be up to the user to decide what they want to/can do and not up to the maker of that system.
- it tries it's best to keep the security/privacy of its users protected. Meaning, by default, no calling home, no integrating users within mass surveillance programs and no unnecessary data collection.
- Open. Especially in an age of mass surveillance, it's very important that one has the option to check the underlying code for vulnerabilities/backdoors. Can everyone do that, nope. But that doesn't mean that the option shouldn't be there because it's also about transparency so you don't HAVE to trust a software vendor on their blue eyes.
- stability. A system should be stable enough for home users to use. For people who like to tweak around? Also, but tweaking *can* lead to instability and crashes, that's not the systems' responsibility.

Especially the security and privacy AND open parts are why I wouldn't ever voluntarily (if my job would depend on it, sure, I kinda need money to stay alive so I'll take that) use windows or macos. Sure, apple seems to care about user privacy way more than other vendors but as long as nobody can verify that through source code, no offense, I won't believe a thing they say about that because no one can technically verify it anyways.

Some people have told me that Linux is hard to use for new/(highly) a-technical people but looking at my own family and friends who adapted fast as hell and don't want to go back to windows now (and mac, for that matter), I highly doubt that. Sure, they'll have to learn something new. But that was also the case when they started to use any other system for the first time. Possibly try a different distro if one doesn't fit?

Problems - sometimes hard to solve on Linux, no doubt about that. But, at least its open. Meaning that someone can dive in as deep as possible/necessary to solve the problem. That's something which is very difficult with closed systems.

The best example in this case for me (don't remember how I did it by the way) was when I mounted a network drive at boot on windows and Linux (two systems using the same webDav drive). I changed the authentication and both systems weren't in for booting anymore. Hours of searching how to unfuck this on windows - I ended up reinstalling it because I just couldn't find a solution.
On linux, i found some article quite quickly telling to remove the entry for the webdav thingy from fstab. Booted into a root recovery shell, chrooted to the harddrive, removed the entry in fstab and rebooted. BAM. Everything worked again.

So yeah, that's my view on this, I guess ;P

I had a prospective employer be late to every single interview we had scheduled. I tried to give them the benefit of the doubt, but they simply didn’t value my time.

I was in the process of moving and a recruiter called me to tell me a job I had been submitted for wanted to do a phone interview that day. Even though I was driving across the country in a box truck, I agreed to the interview. We arranged for the employer to call me at 2 PM. I figured it would give me a break from driving in the middle of the day anyway.

I pulled over at 1:45 and waited. At 2:15 I called the recruiter to verify the time. He said he would get in contact with the employer and call me back. At 2:45 I called the recruiter and told him I needed to get back on the road and we’d have to reschedule.

We rescheduled the call for a few days later at 1 pm. This time I got the phone number of the employer, so at 1:15 I called him. He apologized and said he lost track of time. Whatever, let’s just get this interview going.

He liked me on the phone, so he wanted to meet in person the next day. I was a bit irritated by the situation, but I was trying to give them the benefit of the doubt.

I showed up for my in person interview 15 minutes early and checked in with the receptionist. 30 minutes later I asked the receptionist when they were going to be with me as my interview was supposed to start 15 minutes ago. I was finally seen 5 minutes after that.

The interview was supposed to be a several hour affair where they were going to have me sign an NDA and show me some of the issues they were having to see if I could solve them. I had cleared my scheduled meetings for the afternoon so I could attend this lengthy interview.

After about 45 minutes of interviewing, the manager suddenly said that they needed to cut the interview short because he had just realized they needed to get something done that afternoon. He asked me if I would come back the next day to finish the interview.

I shook his hand and left, shaking my head the entire time. When I called my recruiter after I had calmed down, I let him know that I would under no terms be interested in a job with them. If they refused to acknowledge my time was worth something as a candidate, they would never respect it as an employee.

They still offered me the job and couldn’t fathom why I was upset about the situation. I’m very glad I didn’t take that job.

I think the coolest project I did was a few years ago, it was actually a Minecraft plugin.

I decided to learn Java for Minecraft, and a few months after I started learning Java, I was approached by someone who'd like to work with me to create this full-blown Gun Game style gamemode for Minecraft. I made it clear I didn't have the most knowledge, but I was willing to learn.

We began working on the project, the projects main class was bigger than any project I had worked on. Within a few months, it became one of the more popular plugins out there, even though we were still in an alpha mode. Had nearly 1,000 servers running the plugin, over 10k+ players total testing out the plugin.

Cause of this project, I learnt how to properly organize my code, how to make it efficient, learnt how to network, learned how to properly secure and verify anything being sent by the client, working with dependencies, adding features that can support a bunch of other plugins that other developers had, and a bunch more.

Sadly we couldn't finish the plugin anymore, so we gave someone else the source code who has kept it updated to this day. (I know I didn't provide much insight into what I'm saying and just gave a general overview, got a killer headache.)

It's funny to see how a coworker of mine and me are very similar minded on some privacy stuff. He's a very cool/open guy and just a regular consumer (used the default services etc) but he shares quite some of my views. This is a convo we had today:

*got to the WhatsApp subject somehow*
Him: oh right, you didn't use that haha
Me: yeah 😅
Him: why was that again, privacy reasons or something, right? xD
Me: uhm yes *help*
Him: Well fair enough.
Me: so you'd think I'm right? I mean it uses end to end crypto... (I'm entirely with him in the next few lines but I always approach it carefully)
Him: they veeeery probably have some kinda fucking masterkey.
Me: why'd you think that?
Him: it has over a billion users, the owner is facebook, fb is directly integrated with several mass surveillance programs, they are known to work closely with one particular one, the intelligence interests are way too high for letting such an opportunity pass and after all, THE FUCKER IS CLOSED SOURCE AKA NO ONE CAN FUCKING VERIFY THE CRYPTO NOR THE APP ITSELF.
Me: I agree haha 😅
Him: it's not rocket science, it's modern day mass tracking/surveillance logic :)

I like that guy.

Much-security.nl is down.

No, no hack or whatsoever. I just reinstalled the wrong server through my control panel.

The new blog version will hopefully be up tonight. 'you keep promising that' - I don't have a backup of the old version and I only just started using git so I can only upload the new version (or git pull). Next to that, except for the front-end, everything works now.

😐

When you login to a server through ssh for the first time with a specific domain or up address, you get a prompt asking to verify a signature with yes or no (on Linux at least).

That often goes well but sometimes when I already did that....:

ssh user@server
*types yes automatically and presses enter...........*
Neeeeeeeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaammmmmmmmmmmm:
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes
yes^C
user@server: ~$
user@server: ~$ ^C
user@server: ~$ ^C
user@server: ~$ ^C
user@server: ~$ ^C
user@server: ~$ ^C

Nooooo not again 😅

I've had many, but this is one of my favorite "OK, I'm getting fired for this" moments.

A new team in charge of source control and development standards came up with a 20 page work-instruction document for the new TFS source control structure.
The source control kingpin came from semi-large military contract company where taking a piss was probably outlined somewhere.

Maybe twice, I merged down from a release branch when I should have merged down from a dev branch, which "messed up" the flow of code that one team was working on.
Each time I was 'coached' and reminded on page 13, paragraph 5, sub-section C ... "When merging down from release, you must verify no other teams are working
on branches...blah blah blah..and if they have pending changes, use a shelfset and document the changes using Document A234-B..."

A fellow dev overheard the kingpin and the department manager in the breakroom saying if I messed up TFS one more time, I was gone.

Wasn't two days later I needed to merge up some new files to Main, and 'something' happened in TFS and a couple of files didn't get merged up. No errors, nothing.
Another team was waiting on me, so I simply added the files directly into Main. Unknown to me, the kingpin had a specific alert in TFS to notify him when someone added
files directly into Main, and I get a visit.

KP: "Did you add a couple of files directly into Main?"
Me:"Yes, I don't what happened, but the files never made it from my branch, to dev, to the review shelfset, and then to Main. I never got an error, but since
they were new files and adding a new feature, they never broke a build. Adding the files directly allowed the Web team to finish their project and deploy the
site this morning."
KP: "That is in direct violation of the standard. Didn't you read the documentation?"
Me: "Uh...well...um..yes, but that is an oddly specific case. I didn't think I hurt any.."
KP: "Ha ha...hurt? That's why we have standards. The document clearly states on page 18, paragraph 9, no files may ever be created in Main."
Me: "Really? I don't remember reading that."
<I navigate to the document, page 18, paragraph 9>
Me: "Um...no, it doesn't say that. The document only talks about merging process from a lower branch to Main."
KP: "Exactly. It is forbidden to create files directly in Main."
Me: "No, doesn't say that anywhere."
KP: "That is the spirit of the document. You violated the spirit of what we're trying to accomplish here."
Me: "You gotta be fracking kidding me."

KP grumbles something, goes back to his desk. Maybe a minute later he leaves the IS office, and the department manager leaves his office.

It was after 5:00PM, they never came back, so I headed home worried if I had a job in the morning.

I decided to come in a little early to snoop around, I knew where HR kept their terminated employee documents, and my badge wouldn't let me in the building.

Oh crap.

It was a shift change, so was able to walk in with the warehouse workers in another part of the building (many knew me, so nothing seemed that odd), and to my desk.

I tried to log into my computer...account locked. Oh crap..this was it. I'm done. I fill my computer backpack with as much personal items as I could, and started down the hallway when I meet one of our FS accountants.

L: "Hey, did your card let you in the building this morning? Mine didn't work. I had to walk around to the warehouse entrance and my computer account is locked. None of us can get into the system."

*whew!* is an understatement. Found out later the user account server crashed, which locked out everybody.

Never found out what kingpin and the dev manager left to talk about, but I at least still had a job.

Normally when someone calls in and I pick up, they either don't call from an authorized number and get mad when we I don't give information, ask for advice and then say that it isn't logical and ask for a different answer or are just stubborn as a motherfucker.

Then I suddenly get a call from someone who I can verify easily, listens carefully to my answers and thanks me in the end.

Where can I get more of those clients?!

Boss hands over to me an old security audit report and tells me "Go through this and check if all the problems mentioned have been resolved". Quick glance through the report shows all expected issues - SQLi, plaintext transmission and storage etc. I tell him that I need access to the application both from admin and a user with restricted privileges.
He hands me the admin credentials and tells me, "After you login in, just go the "Users" tab. You'll find the profiles of all the users there. You can get the emails and passwords of any user you want from there."
I had to hold back a chuckle. There's nothing to verify. If they haven't resolved storing plain text passwords in the database (AND displaying it IN PLAIN TEXT in the website itself (which to my surprise wasn't mentioned in the audit)), they probably haven't even looked at the report.

One:

Had a stack of harddrives with my important data, two USB drives and a 4.7gb disc, two or three cloud storage accounts.

Needed a restore:
Knocked the stack of hard drives onto the floor (all broken), stood on one of the flash drives, found the other one in a pocket of a pair of trousers which just came out of the washing machine, dvd too scratched to read and couldn't verify my cloud storage account because I lost the password to the connected email account and the backup email account to verify that one didn't exist anymore. Fucking hell.

Two:

Production database with not that much yet but at least some production data which wasn't backupped.
Friend: can I reboot the db machine?
Me: yup!
Friend: what's the luks crypt password?
Me: 😯😐😓😫😲😧😭

End of story 😅

For the record, the first one actually happened (I literally cried afterwards) and that taught me to update my recovery email addresses more often!

Me and co-worker troubleshooting why he can't run the docker container for database.

Me: Check if the port is busy.

Co-worker: To my knowledge, it isn't.

Me: Strange, it just works fine for me and everyone else.

Me: And you're sure you didn't already start it previously?

*We verify that it isn't running*

Me: I'm pretty sure the port is busy from that error message. Try another port.

Co-worker: Already did, it didn't work.

Me: And by any chance restarting your machine won't solve anything?

*It doesn't solve anything*

Me: Alright, I have some work to do, but I'll get back to this. Tell me if you find a solution.

Co-worker: Alright.

*** Time passes, when I get back he has switched to windows, dualboot, same machine ***

Me: I don't think you'll have a better time running the docker image on windows.

Co-worker: Oh, that's not what I'm looking for. You see, I had a database on my windows partition recently and I thought maybe thats why it won't start.

Me (screaming internally) : WTF ARE YOU STUPID, WINDOWS AND LINUX ISNT RUNNING AT THE SAME FUCKING TIME.

Me (actually saying): I don't think computers work like that.

Co-worker: My computer is magical. It does strange things.

Me: That's a logical conclusion.

*** More time passes ***

Co-worker solves the problem. The port was busy because Ubuntu was already running PostgreSQL on that port.

Third co-worker shimes in: Oh yeah, I had the exact same problem and it took me a long time to solve it.

Everyone is sitting in arms reach of each other.

So not only was I right from the start. Someone else heard this whole conversation and didn't chime in with his solution. And the troubleshooting step of booting into windows and looking if a database is running there ???? Wtf

Why was I put on this Earth?

Spotify just asked me for my ZIP code (to verify my family plan again after like a year).

I typed 00000 and they accepted that 🤔

For a week+ I've been listening to a senior dev ("Bob") continually make fun of another not-quite-a-senior dev ("Tom") over a performance bug in his code. "If he did it right the first time...", "Tom refuses to write tests...that's his problem", "I would have wrote the code correctly ..." all kinds of passive-aggressive put downs. Bob then brags how without him helping Tom, the application would have been a failure (really building himself up).
Bob is out of town and Tom asked me a question about logging performance data in his code. I look and see Bob has done nothing..nothing at all to help Tom. Tom wrote his own JSON and XML parser (data is coming from two different sources) and all kinds of IO stream plumbing code.
I use Visual Studio's feature create classes from JSON/XML, used the XML Serialzier and Newtonsoft.Json to handling the conversion plumbing.
With several hundred of lines gone (down to one line each for the XML/JSON-> object), I wrote unit tests around the business transaction, integration test for the service and database access. Maybe couple of hours worth of work.
I'm 100% sure Bob knew Tom was going in a bad direction (maybe even pushing him that direction), just to swoop in and "save the day" in front of Tom's manager at some future point in time.

This morning's standup ..
Boss: "You're helping Tom since Bob is on vacation? What are you helping with?"
Me: "I refactored the JSON and XML data access, wrote initial unit and integration tests. Tom will have to verify, but I believe any performance problem will now be isolated to the database integration. The problem Bob was talking about on Monday is gone. I thought spending time helping Tom was better than making fun of him."
<couple seconds of silence>
Boss:"Yea...want to let you know, I really, really appreciate that."

Bob, put people first, everyone wins.

Guy: We should build a Blockchain based review website.
Me: Why does it have to use a Blockchain?
Guy: That way we can verify that only real people are leaving reviews and not bots.
Me: That's not really how Blockchains work.
Guy: Blockchain!

I'm freaking the fuck out.
After months of learning from bootcamp and on my own, after a month of no resumes replied to, after almost giving up I finally got a job opportunity in front-end web development.
The thing is, I have to pass their online test to verify my JavaScript-fu.
3 hours.
4 tasks.
And I feel like garbage who can't understand even the most basic algorithms.
By the power of Grayskull, I don't think I have the power...
Wish me luck.

I used PHPMailer to send emails to a client's website user. SMTP host is smtp.gmail.com.

web was hosted on Bluehost. I found out that mailer was not working. I enabled verbose output and to my surprise I found out that Bluehost was intercepting my mail and responding with

220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail

when i was explicitly using smtp.gmail.com. Not only they were intercepting but also They were trying my credentials against its own smtp server and then showing me that authentication failed.

When i contacted chat they asked me to tell last 4 characters of Bluehost account password to verify ownership.

Dude do they have passwords in plaintext.🤔

Just wrote a (PHP based) proxy which can cache resources being requested and serve them to clients.

The idea is that (I'm going to write a firefox add-on for it too, yes) you can install the add-on and any resource (js/CSS, general web resources which would be downloaded off of googleapi's etc) hosted with Google would be proxied through the server running the proxy, meaning that one wouldn't have to connect to the mass surveillance networks directly anymore as for static resources.

I think checksum verify stuff would still work as the proxy is literally a proxy, the content will be identical to the 'real' resource. (Not sure about this one, enlighten me if this isn't true)

Input appreciated!

There was a time I made an update on one of our client's e-commerce website sign-up page. The update caused a bug that allowed new users to create an account without actually creating an account.

The code block meant to save user credentials (i.e email address and password) to the database was commented out for some reasons I still can't remember to this day. After registration new users had their session created just as normal but in reality they have no recorded account on the platform. This shit went on like this for a whole week affecting over 350 new customers before the devil sent me a DM.

I got a call from my boss on that weekend that some users who had made purchases recently can't access their account from a different device and cannot also update their password. Nobody likes duty calls on a weekend, I grudgingly and sluggishly opened up my PC to create a quick fix but when I saw what the problem was I shut down my PC immediately, I ran into the shower like I was being chased by a ghost, I kept screaming "what tha fuck! what tha fuck!!" cus I knew hell was about to break loose.

At that moment everything seemed off as if I could feel everything, I felt the water dripping down my spine, I could hear the tiniest of sound. I thought about the 350 new customers the client just lost, I imagined the raving anger on the face of my boss, I thought about how dumb my colleagues would think I was for such a stupid long running bug.

I wondered through all possible solutions that could save me from this embarrassment.
-- "If this shitty client would have just allowed us verify users email before usage things wouldn't have gotten to this extent"
-- "Should I call the customers to get their email address using their provided telephone?... No they'd think I'm a scammer"
-- "Should I tell my boss the database was hacked? Pffft hack my a**",
-- "Should I create a page for the affected users to re-verify their email address and password? No, some sessions may have expired"
-- "Or maybe this the best time to quit this f*ckn job!"
... Different thoughts from all four corners of the bathroom made it a really long bath. Finally, I decided it was best I told my boss what had happened. So I fixed the code, called my boss the next day and explained the situation on ground to him and yes he was furious. "What a silly mistake..!" he raged and raged. See me in my office by Monday.
That night felt longer than usual, I couldn't sleep properly. I felt pity for the client and I blamed it all on myself... yeah the "silly mistake", I could have been more careful.

Monday came boss wasn't at the office, Tuesday, Wednesday, Thursday, Friday not available. Next week he was around and when we both met the discussion was about a different project. I tried briefing him about last week incident, he seems not to recall and demands we focus on the current project.

However, over three hundred and fifty customers swept under the carpet courtesy of me. I still felt the guilt of that f*ck up till this day.

User: Bobby, please update this quality controlled document because I screwed it up.

Me: No there is a process for a reason, multiple people need to sign off on this. Also, we talked about this exact issue a year ago that you did not fix.

User: But its a minor change, several hyperlinks in the Word document need adjusted.

Me: Ok, you do it and submit it through the process again.

User: Can you make the changes to the document? It will take me forever and I'm very busy. I know you can do it much quicker than I can.

Me: I really don't want to edit this document myself. It doesn't apply to my job at all and I cannot verify any of the changes would be correct.

User: Oh it's fine. Make the changes and I'll look over it.

...

I hate my job sometimes.

The solution for this one isn't nearly as amusing as the journey.

I was working for one of the largest retailers in NA as an architect. Said retailer had over a thousand big box stores, IT maintenance budget of $200M/year. The kind of place that just reeks of waste and mismanagement at every level.

They had installed a system to distribute training and instructional videos to every store, as well as recorded daily broadcasts to all store employees as a way of reducing management time spend with employees in the morning. This system had cost a cool 400M USD, not including labor and upgrades for round 1. Round 2 was another 100M to add a storage buffer to each store because they'd failed to account for the fact that their internet connections at the store and the outbound pipe from the DC wasn't capable of running the public facing e-commerce and streaming all the video data to every store in realtime. Typical massive enterprise clusterfuck.

Then security gets involved. Each device at stores had a different address on a private megawan. The stores didn't generally phone home, home phoned them as an access control measure; stores calling the DC was verboten. This presented an obvious problem for the video system because it needed to pull updates.

The brilliant Infosys resources had a bright idea to solve this problem:

- Treat each device IP as an access key for that device (avg 15 per store per store).
- Verify the request ip, then issue a redirect with ANOTHER ip unique to that device that the firewall would ingress only to the video subnet
- Do it all with the F5

A few months later, the networking team comes back and announces that after months of work and 10s of people years they can't implement the solution because iRules have a size limit and they would need more than 60,000 lines or 15,000 rules to implement it. Sad trombones all around.

Then, a wild DBA appears, steps up to the plate and says he can solve the problem with the power of ORACLE! Few months later he comes back with some absolutely batshit solution that stored the individual octets of an IPV4, multiple nested queries to the same table to emulate subnet masking through some temp table spanning voodoo. Time to complete: 2-4 minutes per request. He too eventually gives up the fight, sort of, in that backhanded way DBAs tend to do everything. I wish I would have paid more attention to that abortion because the rationale and its mechanics were just staggeringly rube goldberg and should have been documented for posterity.

So I catch wind of this sitting in a CAB meeting. I hear them talking about how there's "no way to solve this problem, it's too complex, we're going to need a lot more databases to handle this." I tune in and gather all it really needs to do, since the ingress firewall is handling the origin IP checks, is convert the request IP to video ingress IP, 302 and call it a day.

While they're all grandstanding and pontificating, I fire up visual studio and:

- write a method that encodes the incoming request IP into a single uint32
- write an http module that keeps an in-memory dictionary of uint32,string for the request, response, converts the request ip and 302s the call with blackhole support
- convert all the mappings in the spreadsheet attached to the meetings into a csv, dump to disk
- write a wpf application to allow for easily managing the IP database in the short term
- deploy the solution one of our stage boxes
- add a TODO to eventually move this to a database

All this took about 5 minutes. I interrupt their conversation to ask them to retarget their test to the port I exposed on the stage box. Then watch them stare in stunned silence as the crow grows cold.

According to a friend who still works there, that code is still running in production on a single node to this day. And still running on the same static file database.

#TheValueOfEngineers

The PCs in our school have a software called "Dr. Kaiser" which purpose is to prevent changes to the disk. I thought it's working like DeepFreeze for OSX devices; having a copy-on-write feature or something like that. One day a friend of mine (kinda newbie in hacking) said he wanted to create a backdoor in the system so you can login as the local administrator of the device. He replaced the "sethc.exe" in the windows directory with cmd.exe on a live distro and claimed it was working perfectly. It turned out that "Dr. Kaiser" is indeed loading the default image on startup, but doesn't verify checksums for system files (and also doesn't include the files in the default image). Long story short: You now can open a cmd with System permissions on every PC in the building.

This. Is. Stupid. It should be forbidden to sell this software 😖

Other services : Please type your phone number to verify that it is you. It will be only used for verification process.
Me : Sure, why not? (Happily types in my number)

Facebook : Please type your phone number to verify that it is you.
Me : Hmmm (sees help)
Facebook : It will be used for verification process and will be visible to your friends. You can always change the scope settings.
Me : (reads as...) It will be used for verification process and will be visible to your friends and will be automatically sent to the NSA for free. You can always change the scope settings when you become the CEO of Facebook.

#deletefacebook

Wanna attend the developer conference?

White and male? Pay half a grand.
Female? Black? LGBTQIA? You get a free ticket!

Seriously, how would they verify if you are gay?
It appears to me that it's easily exploitable.

Never assume you know better
Never assume others know better
Never assume others know

Never assume

Trust, but verify [doveriaj, no proveriaj]

Only slightly tech related. So proud of my mom.
Many years ago I helped her create a Facebook account. As it happens with most older people, she started sharing false news that she saw on her network.
So I taught her how to verify. Reverse image search. To google it and if no real news site talked about it, it was fake.
Anyway, she listened and started learning.
Now she is telling people when they are posting something untrue and I even taught her how to report false news posts.

I think we're going two sides:

For one, more and more technology is being developed/engineered which is even more and more and more intrusive as for personal privacy, I'm genuinely worried how this'll go as privacy isn't just a about not exposing certain things like passwords/bank account details and so on, it's also about being an individual who has their own thoughts, opinions and so on. If we keep taking that away more and more often, society will change and go towards the Orwell scenario (we're on our way there right now). We can change this as software/design/server engineers but that's up to us and I sadly don't see that happening quickly, also due to the 'nothing to hide' bullshit.

Second one is that were going more and more towards open source.
This is a good thing as this:
- gives freedom to devs around the world to improve software and/or modify it to suit their needs.
- gives people the opportunity to look through the source code of softwares in order to verify it as for backdoors and find security vulnerabilities which otherwise can remain hidden for the general public while spying agencies have way more resources to go vulnerability hunting.

For the people who think this isn't a good idea (even more open source), without it we'd be completely fucked as for moving forward/security/privacy. (I can give examples if wanted).

I was working for a startup that needed to update 300 machines that had just come from the factory. We had to open all 300 boxes and update them one at a time. I made a simple script that would run a folder full of shell scripts then keep track of what it ran so it would not run the same script twice. It made it so we could just plug the machines into the internet, they would query some server, download my program, and run it. It saved me from having to ssh into every machine and run commands. Well the head programmer guy saw what I did and implemented it as the main program that would update the entire machine. I didn't program anything into it to verify updates, the shell scripts did not return any indication of success or failure, and I made it in less than 3 hours. It was supposed to be a temporary program to be used for those 300 machines only, but ended up sticking around for 2 years.

Two years ago: company exec (Mac fan) buys a Surface Pro to show off our .NET application to customers as he travels. Hands it to me (I build releases) and I iron out a few Win 8 bugs since we'd always used Win 7 before. Get it set up, get to like the device a little, he takes it home... and returns it within 24 hours because he didn't mesh well with Windows. (Again, Mac user.)

8 months later he buys a Surface Pro again. I install our latest release, verify that everything is working as expected with hardware we normally don't use, and give him a controlled setup that will just work when he's at a customer site. Once again, he returns the Surface within 24 hours because he can't get used to Windows.

At least we verified Windows 8 compatibility, I guess.

!!oracle

I'm trying to install a minecraft modpack to play with a friend, and I'm super psyced about it. According to the modpack instructions, the first step is to download the java8 jre. Not sure if I actually need it or not, but it can download while I'm doing everything else, so I dutifully go to the download page and find the appropriate version. The download link does point to the file, but redirects to a login page instead. Apparently I need an oracle account to download anything on their site. stupid.

So I make an account. It requires my life story, or at least full name and address and phone number. stupid. So my name is now "fuck off" and I live in Hell, Michigan. My email is also "gofuckyourself" because I'm feeling spiteful. Also, for some reason every character takes about 3/4ths of a second to type, so it's very slow going. Passwords also cannot contain spaces, which makes me think they're doing some stupid "security" shenanigans like custom reversible encryption with some 5th grade math. or they're just stupid. Whatever, I make the stupid account.

Afterwards, I try to log in, but apparently my browser-saved credentials are wrong? I try a few more times, try enabling all of the javascripts, etc. No beans. Okay, maybe I can't use it until I verify the email? That actually makes some sense. Fine, I go check the throwaway inbox. No verification email. It's been like five minutes, but it's oracle so they probably just failed at it like everything else, so I try to have them resend the email. I find the resend link, and try it. Every time I enter my email address, though, it either gives me a validation error or a server error. I try a few mores times, and give up. I try to log in again; no dice. Giving up, I go do something else for awhile.

On a whim later, I check for the verification email again. Apparently it just takes bloody forever, but it did show up. Except instead of the first name "Fuck" I entered, I'm now "Andrew", apparently. okay.... whatever. I click the verify button anyway, and to my surprise it actually works, and says that I'm now allowed to use my account. Yay!

So, I go back to the login page (from the download link) and enter my credentials. A new error appears! I cannot use redirects, apparently, and "must type in the page address I want to visit manually." huh? okay, i go to the page directly, and see the same bloody error because of course i do because oracle fucking sucks. So I close the page, go back to the download list, click the link, wait for the login page redirect (which is so totally not allowed, apparently, except it works and manual navigation does not. yay backwards!), and try to log in.

Instead of being presented with an error because of the redirect, it lets me (try to) log in. But despite using prefilled creds (and also copy/pasting), it tells me they're invalid. I open a new tab container, clear the cache (just to be thorough), and repeat the above steps. This time it redirects me to a single signon server page (their concept of oauth), and presents me with a system error telling me to contact "the Administrator." -.- Any second attempts, refreshes, etc. just display the same error.

Further attempts to log in from the download page fail with the same invalid credentials error as before.

Fucking oracle and their reverse Midas touch.

So I just created this Registration GUI (part of a bigger app) for my uni project and was demonstrating how good the app was to all my friends.

Suddenly someone came and said let me verify this. I said go on with a doubtful mind. Obviously I had some verification for all the fields in the GUI but I was closely watching him.

He signed up with this email: " @ . "

😞

Before shutting something down, verify that its the right one ;)

A colleague was testing some performance setting on a server and needed to restart the network driver so he disabled it and was going to enable it when the remote session died ;)

Fast 30 min trip to the datacenter to enable network card.

I've just noticed an app review that I've given and would fit right into the wk123 (that's the insult one, right?).

"Biggest pile of junk that I've ever seen. You have one job! To register the fucking phone number (which you could get with Phone permission) and verify it (which you can do with the SMS permission) and you should either have the user do that once upon installation or you automate it entirely so that it can run in the background! You can fully automate this, and it's not that complicated that it needs 10 whole seconds of loading time in between! Heck, this pile of crap can't even continue into the main view after entering the verification code! You haven't published the source code (and maybe that's for the best) but if it was, I'd probably immediately get cancer by viewing your crappy spaghetti code. Dear developer, please take a step back and (re)join the PC tech support guys. You have no place in the development world."

To top it all off, that app currently only needs phone permission to verify my number (at least they've done that much). So I figured, I've already gone through that authentication flow so let's remove that permission to abide by the principle of least privilege.

Except that the fucking crapp just goes through the "requires phone permission" shit again whenever that permission removal happens. Fucking piece of garbage!!! That such spaghetti code fuckers even have a job, it boggles my mind.

Amazon: you're logged into 53 devices.

Me: ooooh Kay, since when do I have that many devices. let's sign out of em all and change the password for some piece of mind.

Spongebob: * a few hours past *

Spam email: someone in the US has logged into your account - click here to verify through some random URL that doesn't even contain "Amazon" in it 🥳

-

I suddenly have that feeling Amazon sells you're account setting changes and not just your personal details.

Let me paint you a picture.

It's the day after code freeze. Code has been branched. It's time once again to verify tickets and run smoke check so we can begin our 3 days of blitz testing before we deploy.

As a team we all have roles to play in this process. Yet, every stinking release it is like pulling teeth to get everyone to take the initiative and verify tickets and run smoke check. Our principled engineer even reached his limit this morning and blew up on everyone.

When you are being paid good money to do a job, you need be an adult, be responsible, step up and do your job!

Fucking IT and their self signed corporate proxy SSL bullshit getting in the way of anything that needs to verify SSL requests,
Fuck you for making my day a slow and miserable day and having to resort to forcing rest apis and SDKs to work over HTTP instead, all in the name of “Security”.

SM = Scrum Master

SM: "Card #130, you added a comment saying you aren't going to do update the report?"
Me:"Yea, I explained why in the comment"
SM: "Product owner wants it."
Me: "Product owner isn't the manager using it. I talked with Steve, he said the data is accurate and they have to go to the database anyway to verify the error. That report has no way of knowing the message logged could be a false positive."
SM: "That's not our job to decide. If the Product Owner wants the feature, we add the feature."
Me: "It is absolutely is our job. Steve is the user of the report. I could really care less what the product owner said. The only reason he created the card was because Steve told him a specific error logged could be a false positive, and only happens, maybe, once a month. I'm not wasting my time, Steve's time, or this project's time on wild goose chases."
SM: "I'll schedule a meeting this afternoon to discuss the issue with the product owner. Don't worry, if you can't figure out how to filter out the false positives, I'll assign the ticket to me."

fracking fracking kiss ass. I swear, if he goes behind my back again ....I... deep breath....ahhh...OK..Thanks devrant. Work place incident diverted.

Stakeholder: In user profiles, I want users to be able to renew gift memberships for their giftee.

Me: ???

SH: For example, if I buy a gift membership for you and it expires or is about to expire, then I want to be able to renew it for you.

Me: Typically, gifts aren’t the gifter’s responsibility to manage. There’s no reason for you to be able to manage my membership from your account, even if just to renew. You’re opening up Pandora’s box here. If you let users renew for giftees, you’ll eventually have a user ask if they can cancel the giftee’s membership because they got into a fight and want to stick it to the giftee.

SH: But our users aren’t using the gift membership sales flow correctly. That results in all sorts of data issues for our reporting services and we spend so much time fixing it by hand.

Me: Your sales flow is confusing. The website asks users to verify membership for a giftee in case the giftee has or had a membership. How it the gifter supposed to know that? You’re trying to make things easier for you, but you’re expecting the user to know that and comply. That’s unrealistic.

SH: But there must be a something you can do.

Me: No.

Starting my new bot experience together with Discord.
Discord is kinda easier than LINE. You had to create facebook accounts or fake lots of telephone numbers to be able to verify your bot account. They also kept changing the endpoints to avoid people using their bots.
Discord is the opposite. Discord loves bots. And that's why I start feeling love towards Discord.

Funny thing just happened. I called my bank to verify my card with Apple Pay. Here’s how it went:

> Calls bank with number supplied by phone.
> “Thank you for calling [Bank] Bank!”
> ...
> A minute passes and still ringing
> wtf.jpg
> About thirty seconds in and the ring seems fainter than before.
> [2:00] is it just me or is my speaker dying...
> [3:00] no, it’s definitely getting quieter.
> [3:30] why is no one picking up???
> [4:00] now it’s so bad I have to hold it to my ear
> [4:30] now it’s blending in with the white noise
> [4:45] yeah, no. This is only static now.
> [5:00] this’ll be good for DevRant...

> calls again
> same thing happens
> ohwell.mov

Let’s try again tomorrow, I guess.

Edit: like always, I forgot the picture

We should disable the “verify that you are a human” captcha for a day and see if aliens try to contact us via internet.

In the before time (late 90s) I worked for a company that worked for a company that worked for a company that provided software engineering services for NRC regulatory compliance. Fallout radius simulation, security access and checks, operational reporting, that sort of thing. Given that, I spent a lot of time around/at/in nuclear reactors.

One day, we're working on this system that uses RFID (before it was cool) and various physical sensors to do a few things, one of which is to determine if people exist at the intersection of hazardous particles, gasses, etc.

This also happens to be a system which, at that moment, is reporting hazardous conditions and people at the top of the outer containment shell. We know this is probably a red herring or faulty sensor because no one is present in the system vs the access logs and cameras, but we have to check anyways. A few building engineers climb the ladders up there and find that nothing is really visibly wrong and we have an all clear. They did not however know how to check the sensor.

Enter me, the only person from our firm on site that day. So in the next few minutes I am also in a monkey suit (bc protocol), climbing a 150 foot ladder that leads to another 150 foot ladder, all 110lbs of me + a 30lb diag "laptop" slung over my shoulder by a strap. At the top, I walk about a quarter of the way out, open the casing on the sensor module and find that someone had hooked up the line feed, but not the activity connection wire so it was sending a false signal. I open the diag laptop, plug it into the unit, write a simple firmware extension to intermediate the condition, flash, reload. I verify the error has cleared and an appropriate message was sent to the diagnostic system over the radio, run through an error test cycle, radio again, close it up. Once I returned to the ground, sweating my ass off, I also send a not at all passive aggressive email letting the boss know that the next shift will need to push the update to the other 600 air-gapped, unidirectional sensors around the facility.

Fuck recruiters, they are the scum of the earth. I just had one contact me out of the blue about two opportunities with companies I'd never heard off. As I knew nothing about the companies I started asking questions around who they were and what they were looking to do. He suddenly gets all defensive and refuses to answer my questions, then follows up with an email accusing me of being an "underhanded recruiter" looking to poach his clients. Sorry mate, you got in contact with me you absolute fuckwit. Without people like us you wouldn't even have a bloody job you fucking vampire. For someone that supposedly specialises in the tech sector, I had to point out that if he really doubted who I was he could drop my name into StackOverflow or github to verify that im a developer. Recruiters - they're all fucking leeches.

Had an idea for an app. I started writing the prototype in Node since I just had a simple API in mind. Wanted to have some very basoc crud functionality going and then hook up a nice interface to it. It has to do with logistics and analytics so I just wanted to start sketching something small, and being that i have been successful in doing an API like this in the pass with node and mongo for a local company I said why not.

I have finished a good chunk of it. Gotta love that js productivity. But what tripped me out about it was:

Check how big the folder size is: 387mb

EXCUSE ME??!!

I tripped, there was no way in hell this shit was that heavy. I am basically using Koi(to give it a whirl instead of express, gotta start testing koi sometimes right?) And some joi with morgan and winston. That is it. I am using mongo since legit its the only one i know, even with that there really can't be that much right?

Check node_modules size.....10mb....wtf? What
Wait
Did it?

Sure as shit....forgot that i was storing the mongo data folder inside the app's root folder.

This would have been nothing if it would have taken me 30 seconds to figure it out.

I was losing my mind for 30 mins before i decided to properly verify

I need some sleep

Finally finished the screwdriver followup ticket. I think.

I spent almost two full days (14 hours) on a seemingly simple bug on Friday, and then another four hours yesterday. Worse yet: I can’t test this locally due to how Apple notifications work, so I can only debug this on one particular server that lives outside of our VPN — which is ofc in high demand. And the servers are unreliable, often have incorrect configuration, missing data, random 504s, and ssh likes to disconnect. Especially while running setup scripts, hence the above. So it’s difficult to know if things are failing because there’s a bug or the server is just a piece of shit, or just doesn’t like you that day.

But the worst fucking part of all? The bug appeared different on Monday than it did on Friday. Like, significantly different.

On Friday, a particular event killed all notifications for all subsequent events thereafter, even unrelated ones, and nothing would cause them to work again. This had me diving through the bowels of several systems, scouring the application logs, replicating the issue across multiple devices, etc. I verified the exact same behavior several times over, and it made absolutely no sense. I wrote specs to verify the screwdriver code worked as expected, and it always did. But an integration test that used consumer-facing controller actions exhibited the behavior, so it wasn’t in my code.

On Monday while someone else was watching: That particular event killed all notifications but ONLY FOR RELATED EVENTS, AND THEY RESUMED AFTER ANOTHER EVENT. All other events and their notifications worked perfectly.

AKL;SJF;LSF

I think I fixed it — waiting on verification — and if it is indeed fixed, it was because two fucking push event records were treated as unique and silently failing to save, run callbacks, etc.

BUT THIS DOESN’T MATCH WHAT I VERIFIED MULTIPLE TIMES! ASDFJ;AKLSDF

I’m so fucking done with this bs.

Jesus christ what is wrong with this one

12: Colleague deploys something to production (with a second pair of eyes)
14: Asks me why other team isn't seeing the result, I ask whether they have monitored the logs, they have not
17: They finally read the logs and find the problem, change window has ended so tomorrow there's another attempt

Today, they deployed again around 10 and then went away because they had some private responsibilities. Never looked at the logs, never bothered to verify if anything still worked. Just dropped it in a chat.

10 years older than I am, how can you be so irresponsible

"Oh, let's delete no-reply@domain.tld because that's not needed by anything"

Stupid fucking clients...
Now users can't verify their accounts. Nice!

This fcktard client that insist on using an iframe and demands support for browsers like IE7. You are costing me years of my life.

Fucking fuck of a Microsoft trying to protect people against tracking from 3d parties in an iframe in random ways in some versions of IE7. Or IE11 in IE7 compatibility mode.

If you are going to refuse sessions just do it! I got a fucking check and fix for that. Because these fuck faces friendly people at Apple like to refuse sessions on iPads and iPhone too. But we worked that out, because they are at least consistent. So a few dirty little hacks made it all Okay.

But no, Boo Hoo I'm Microsoft and I will throw a tantrum. I like my browsers to be like an magican, instead of an usefull piece of software. If you look in this page, or look here we got them. I got your sessions​, safe and secure.

But when you need me, to verify that the user is allowed to access data we do a little hocus pocus and now they are gone. Nowhere to be seen or found again. Fun times free fucking magic shows all day long.

It's morning but maybe its time for a bottle of scotch. Maybe if I'm in the state as this browser. Where I don't know what I'm doing because I'm shitfaced drunk it will start working.

When in Rome do as the romans do.

Fuck apple for making it as hard as fuck to sign in to my fucking apple id. Because my ex wife was my "trusted" number, I couldn't get an authentication code. Tech support told me it would take 3 days to reset my password.

After 3 hours of fucking around, I finally was able to reset my password.

I've been trying to get my kids to watch stupid Indiana Jones for years. They finally agreed. After going through 3 hours of BS so I could buy the movie, we start watching it. Literally, as the boulder is rolling down toward Dr. Jones, the movie stops suddenly so that Apple can verify my purchase!

Then, it asks me to buy it again!

This is getting annoying.

For the past >half a year I've been chasing windmills. This is what my BAU day looks like:

- We login to client's network
- We start running some Sanity tests before the actual runs (actual runs are hell of an expensive (financially and time-wise) thing to launch) to make sure environment is OK.
- Sanity tests fail. wtf? Nothing's been changed since y-day!
- Spend ~3-4 hours digging logs, code, more logs,... Apparently some genius decided to change a single parameter.
- Spend another 1-2 hours trying to work around that parameter (since apparently that genius did have a task to do that, so we'll most likely have to find a way to live with it)
- Restart the whole env (~30min).
- Launch a Smoke, Sanity tests to verify env state.
- Launch the actual test
- Go home.

Next day:
- We login to client's network
- We start running some Sanity tests before the actual runs to make sure environment is OK.
- Sanity tests pass.
- Run the actual test
- Concurrency on RDS database is sky-rocketing! WTF did that come from??? Nothing's been changed since y-day!!
- Spend ~1-2 hours looking for anything changed, dig some logs for anything unusual. Nothing.
- Escalate to DBA. 2 hours later DBA says "fix the app". thanks for nothing mate....
- Spend remaining 2 hours analysing AWR. Give up, restart the whole RDS instance. Another hour wasted.
- Time to go home. Out of curiosity run Sanity test -- all good. Run the actual test -- all good. wtf??
- Go home

Next day
- We login to client's network
- We start running some Sanity tests before the actual runs to make sure environment is OK.
- Sanity tests fail. wtf? Nothing's been changed since y-day!
- Spend ~3-4 hours digging logs, code, more logs,... Apparently some genius decided to change a single parameter.
- Spend another 1-2 hours trying to work around that parameter
- ..... I think you know where this is going.

And this keeps going on and on, day by day. Spending the better half of the day chasing windmills and doing our actual work on the last hour of the working day or even after that.

We have plenty of interesting tasks in our Jira but we're squirels spinning in the wheel and never being able to touch them.

It feels like I'm wasting my time. I could do so much more with my time!

[just needed to vent ]

My best code review experience?

Company hired a new department manager and one of his duties was to get familiar with the code base, so he started rounds of code reviews.
We had our own coding standards (naming, indentation, etc..etc) and for the most part, all of our code would pass those standards 100%.

One review of my code was particularly brutal. I though it was perfect. In-line documentation, indentation, followed naming standards..everything. 'Tom' kept wanting to know the 'Why?'

Tom: 'This method where it validates the amount must be under 30. Why 30? Why is it hard-coded and not a parameter?'
<skip what it seemed like 50 more 'Why...?' questions>
Me: "I don't remember. I wrote that 2 years ago."
Tom: "I don't care if you wrote it yesterday. I have pages of code I want you to verify the values and answer 'Why?' to all of them. Look at this one..."

'Tom' was a bit of a hard-ass, but wow, did I learn A LOT. Coding standards are nice, but he explained understanding the 'What' is what we are paid for. Coders can do the "What" in their sleep. Good developers can read and understand code regardless of a coding standard and the mediocre developers use standards as a crutch (or worse, used as a weapon against others). Great developers understand the 'Why?'.

Now I ask 'Why?' a lot. Gotten my fair share of "I'm gonna punch you in the face" looks during a code review, but being able to answer the 'Why?' solidifies the team with the goals of the project.

For about 3x years now, we have had 3x generic work email addresses that are used as microsoft accounts for office 2016 licenses.
(The company is dragging its heels on getting office 365 so MS like to make our lives hell.)

Suddenly we can’t get office updates... and when we sign in to see why, it says that because we are apparently only 3 years old we need our parents permission to use the account or we’ll lose access by September.
Never were we forced to enter a DOB when setting the accounts up!!! So it used the account setup date instead.

It turns out that we can’t change our DOB ourselves, as we are a ‘child’ and need a parents permission.
Fine.
I access my personal account and follow the instructions to add the 3x email addresses as my children so i can change the DOB.

‘Ha ha’ i hear microsoft saying, ‘it doesn’t work that way!!’

No, In order for the parent to verify their child’s identity, they are charged 0.50c per child!
Wtf!!
Doesn’t cost a lot but come on Microsoft!!

It’s that, or submit ID, which obviously wont work for a generic support@ email address like we have.
So annoying and we don’t know what to do.
Wonder how much MS are making out of this...

"Let the developers consider a conceptual design,” the King said, for about the twentieth time that day._

“No, no!” said the Queen. “Tests first—design afterwards.”

“Stuff and nonsense!” said Alice loudly. “The idea of writing the tests first!”

“Hold your tongue!” said the Queen, turning purple. “How much code have you written recently, anyway?” she sneered.

“I won’t,” said the plucky little Alice. “Tests shouldn’t drive design, design should drive testing. Tests should verify that your code works as it was designed, and that it meets the customer’s requirements, too,” she added, surprised by her own insight. “And when you drive your tests from a conceptual design, you can test smarter instead of harder.”

I got a new debit card from my bank, jumped online, to activate my new card.

I see a picture of my card, with the last 4 digits of my account number show. A big "activate" button right next to it. Sure thing. Click the button, and guess what piece of information I need to verify I am the true owner of the card. Fucking last four digits.

Fucking hell - you just showed me the digits a page ago.

Don't you just love it when a customer reports a bug in their live system and it's really urgent to correct it; then you go out of your way to fix it ASAP and deploy it to the staging system for them to verify. Three weeks later the customer has still not tested the bugfix...

Can you really trust the security features on your device?

Can you really verify that no one is looking at what you're doing all day, in your house or out and about?

What if I am the one looking at your naked ass right now?

So after 6 months of asking for production API token we've finally received it. It got physically delivered by a courier, passed as a text file on a CD. We didn't have a CD drive. Now we do. Because security. Only it turned out to be encrypted with our old public key so they had to redo the whole process. With our current public key. That they couldn't just download, because security, and demanded it to be passed in the fucking same way first. Luckily our hardware guy anticipated this and the CD drives he got can burn as well. So another two weeks passed and finally we got a visit from the courier again. But wait! The file was signed by two people and the signatures weren't trusted, both fingerprints I had to verify by phone, because security, and one of them was on vacation... until today when they finally called back and I could overwrite that fucking token and push to staging environment before the final push to prod.

Only for some reason I couldn't commit. Because the production token was exactly the same as the fucking test token so there was *nothing to commit!*

BECAUSE FUCKING SECURITY!

\n and \n\r

What a fuckton of issues those two characters brought me today while attempting to verify a signed file.

TL;DR: Google asked me to PROVIDE a phone number to verify connection from a new device, on the said device.

Yesterdayto log into my work Google account from my personal laptop to check emails, calendars update and so on. I opened up a private navigation window, went to Google sign-in page, entered my credentials, all is well.

Google then decided to "verify it's me" and prompted me to PROVIDE a phone number (work account without work phone means no phone number set up) so that they can send a verification code to the number I just provided to make sure the connection is legit.

Didn't want to do that, clicked "use another method" and got asked to fill the last password I remember, which would be my current password thanks to my trusty password manager. After submitting, I'm prompted with an error saying I have to contact my admin to reset my password because they can't log me in with my CURRENT password.

I ain't gonna do that, so went back to login page, provided my phone number, got the code, filled in the code, next thing I know I'm browsing through my emails.

What the duck? Could have been anybody giving any phone number. So much for extra security.

Also don't care that they have my phone number, the issue is more about the way used to obtain it: locking me out of my account and having no other way of logging in.

Here comes the story how I became a DevRanter.
When I was young, I built an expensive gamer-machnine, so I had to crack games. I Got used to computers, so I startet an apprenticeship in IT. I finished with good grades. I left everything and everyone behind and moved in a city, found a parttime job as a PHP developer and started studying CS. After 5 years doing work as developer, studying CS, creeping around as soldier, I finally finished and graduated. After a few months working fulltime (same job), as my life began to settle down and I got bored.
A flatmate (also CS) laughed his ass off about something, then he introduced me to DevRant. It became part of my life to read DevRant, to overcome boredom. But there are not enough new Rants.. I'm f'cked. OK, I resigned my Job, and my flat and signed up for the BS in natural scinces at university in an even bigger city. I will again leave everything behind to begin a new life. Now I'm planing to freelance to pay the bills and challenge me again. Wish me luck :)

So I am beginning this new life with writing this story, how i became a dev. I klick Post, and bang! "please verify your email before ranting.. blah" I got no mail, no span, nothing. Resend.. wait.. nothing. I WAS BORED AGAIN!! FUCK YOU MAIL-SERVER, WHY CAN'T YOU SEND AN EMAIL WITHIN SECONDS OR MINUTES, WE ARE IN 21ST CENTURY AND THE INTERNET CONSISTS MAINLY OF OPTIC FIBER CABLES!!
And this is, dear DevRant community, how i become a Ranter, just then when I wanted to Post my first story.

Here lies an iOS developer. He died waiting for Xcode to verify.

Server Admins:

Don't fucking make changes to the server configuration and assume that it's going to be functional.

Stop fucking breaking shit on client servers then leaving it for the rest of us to clean up.

Verify your goddamn work before you tell them that their issue is resolved.

dude@milotic:~$ vncpasswd
Password:
Verify:
Password too long - only the first 8 characters will be used

WHAT

Google Business Profile is probably not meant for developers. "Help customers find your business by industry." Dev: set primary category to "Web Developer". Google: We didn't understand your category. Please select from the suggestions that appear when typing. Dev, typing: "Web D"... Google suggests: "Web Designer, Web hosting company, Well drilling contractor, Waterbed shop". Okay, Google, nevermind.
Google: "Update your customers. Keep your customers up to date about your business!" Dev clicks "add update", adds info about that customer should use different phone number temporarily due to broken phone. Google: "Your post has been removed from your Business Profile on Google because it violates one or more of our post content policies." Okay Google, at least you let me add an additional phone number on my profile without requiring to verify my primary number that I currently have not access to. Anything else?
Google: "Claim your €400 free advertising credit" Dev: clicks "claim credit" Google: "To access this Google Ads account, enable 2-Step Verification in your Google account." How to combine idiocy and deceptive patterns in a single UI: Google knows! Apart from their search engine, their unique business advantage is simple that they suck a little less than Apple and Microsoft. Sorry, not a day to be proud of our profession, once again.

When the free wifi you just registered for sends an email to verify your account... but you need the wifi to get that email.

Quick vent...

I just hate how other people in my organization keep blaming the systems instead of taking a second to verify if the data that they are feeding the system is accurate!!

It's like adding "4+5" in a ti83 and blaming the TI engineers because the result is not the "4" they wanted! 🤨

! rant

Sorry but I'm really, really angry about this.

I'm an undergrad student in the United States at a small state college. My CS department is kinda small but most of the professors are very passionate about not only CS but education and being caring mentors. All except for one.

Dr. John (fake name, of course) did not study in the US. Most professors in my department didn't. But this man is a complete and utter a****le. His first semester teaching was my first semester at the school. I knew more about basic programming than he did. There were more than one occasion where I went "prof, I was taught that x was actually x because x. Is that wrong?" knowing that what I was posing was actually the right answer. Googled to verify first. He said that my old teachings were all wrong and that everything he said was the correct information. I called BS on that, waited until after class to be polite, and showed him that I was actually correct. Denied it.

His accent was also really problematic. I'm not one of those people who feel that a good teacher needs a native accent by any standard (literally only 1 prof in the whole department doesn't), but his English was *awful*. He couldn't lecture for his life and me, a straight A student in high school, was almost bored to sleep on more than one occasion. Several others actually did fall asleep. This... wasn't a good first impression.

It got worse. Much, much worse.

I got away with not having John for another semester before the bees were buzzing again. Operating systems was the second most poorly taught class I've ever been in. Dr John hadn't gotten any better. He'd gotten worse. In my first semester he was still receptive when you asked for help, was polite about explaining things, and was generally a decent guy. This didn't last. In operating systems, his replies to people asking for help became slightly more hostile. He wouldn't answer questions with much useful information and started saying "it's in chapter x of the textbook, go take a look". I mean, sure, I can read the textbook again and many of us did, but the textbook became a default answer to everything. Sometimes it wasn't worth asking. His homework assignments because more and more confusing, irrelavent to the course material, or just downright strange. We weren't allowed to use muxes. Only semaphores? It just didn't make much sense since we didn't need multiple threads in a critical zone at any time. Lastly for that class, the lectures were absolutely useless. I understood the material more if I didn't pay attention at all and taught myself what I needed to know. Usually the class was nothing more than doing other coursework, and I wasn't alone on this. It was the general consensus. I was so happy to be done with prof John.

Until AI was listed as taught by "staff", I rolled the dice, and it came up snake eyes.

AI was the worst course I've ever been in. Our first project was converting old python 2 code to 3 and replicating the solution the professor wanted. I, no matter how much debugging I did, could never get his answer. Thankfully, he had been lazy and just grabbed some code off stack overflow from an old commit, the output and test data from the repo, and said it was an assignment. Me, being the sneaky piece of garbage I am, knew that py2to3 was a thing, and used that for most of the conversion. Then the edits we needed to make came into play for the assignment, but it wasn't all that bad. Just some CSP and backtracking. Until I couldn't replicate the answer at all. I tried over and over and *over*, trying to figure out what I was doing wrong and could find Nothing. Eventually I smartened up, found the source on github, and copy pasted the solution. And... it matched mine? Now I was seriously confused, so I ran the test data on the official solution code from github. Well what do you know? My solution is right.

So now what? Well I went on a scavenger hunt to determine why. Turns out it was a shift in the way streaming happens for some data structures in py2 vs py3, and he never tested the code. He refused to accept my answer, so I made a lovely document proving I was right using the repo. Got a 100. lol.

Lectures were just plain useless. He asked us to solve multivar calculus problems that no one had seen and of course no one did it. He wasted 2 months on MDP. I'd continue but I'm running out of characters.

And now for the kicker. He becomes an a**hole, telling my friends doing research that they are terrible programmers, will never get anywhere doing this, etc. People were *crying* and the guy kept hammering the nail deeper for code that was honestly very good because "his was better". He treats women like delicate objects and its disgusting. YOU MADE MY FRIEND CRY, GAVE HER A BOX OF TISSUES, AND THEN JUST CONTINUED.

Want to know why we have issues with women in CS? People like this a****le. Don't be prof John. Encourage, inspire, and don't suck. I hope he's fired for discrimination.

RANT:
Google is just a steaming pile of shit!!

I've recently installed LineageOS onto my phone and wanted to degooglify my life.

So my current Smartphone doesn't have any GApps installed and I get along fairly well.

Should I need anything, I should just be able to use it in my browser right?
RIGHT?

Nono!! As soon as I want to log into a third party Service using Google (older acccounts with the other choice only being Facebook) I need to "verify my identity". And the only option are my old smartphone who still have Gapps on it but are slow and don't accessible when I'm away!

For those who say: "Google is just beeing secure. They don't want anyone to steal your account.". I USE 2FA AND HAVE BACKUP CODES.
BEFORE DEGOOGLING MY DEVICE IT NEVER ASKED SUCH A THING!!! WHAT A PILE OF SPYING SHIT!!!

And the best part, after I remotely started my PC at home and just want to take a screenshot of the message for this post before just using a working session, the message didn't appear.
Somehow google decided that me logging in 15 mins later (same ip) proves my identity?!?!?!

IF THIS CAN BE ATTRIBUTED TO AI. FUCK THIS SHIT. GOOGLED SHOULD BE TREATED LIKE AN ONLINE CASINO BECAUSE THE CHANCE OF JUST GETTING LOGGED SEEMS COMPLETELY RANDOM!!!

(I also had this prior when using my smartphone browser. There I couldn't "circumvent" this and I was at home. But having this shit on my browser which should've a session is unacceptable.)

*making payment online*

Website: Your bank wants to verify something. Redirecting to their page

Me: fair enough

Bank: we are increasing security by sending you a security code via text...
*bank redirects me before I can finish reading*

Website: payment successful

Tf kinda security is that???

Hmm. So have you ever argued in a job interview? Like really standing your ground? In a technical interview?

Today I had a live coding session with a company I'm interested in. The developer was giving me tasks to evolve the feature on and on.

Everything was TDD. Splendid!

However at one point I had to test if the outcome of the method call is random. What I did is basically:
```
Provider<String> provider = new SomeProvider("aaa", "bbb", "ccc", "ddd", "eee", "fff")

for(int i=0; i<100; i++) {
String str = provider.get();
map.put(str, incrementCount(str));
}
Set<Integer> occurences = new HashSet(map.values());
occurences.removeIf(o -> o.equals(occurences.get(0)));
assertFalse(occurences.empty());
```
and I called it good enough, since I cannot verify true randomness.
But the dev argued that this is not enough and I must verify whether the output is truly random or not, and the output (considering the provider only has a finite set of values to return) occurences are almost equal (i.e. the deviation from median is the median itself).

I argued this is not possible and it beats the core principle of randomness -- non-determinism. Since if you can reliably test whether the sequence is truly random you must have an algorithm which determines what value can or cannot be next in the sequence. Which means determinism. And that the (P)RNG is then flawed. The best you can do is to test whether randomness is "good enough" for your use case.

We were arguing and he eventually said "alright, let's call it a good enough solution, since we're short on time".

I wonder whether this will have adverse effect my evaluation . So have you ever argued with your interviewer? Did it turn out to the better or to the worse?

But more importantly, was I right? :D

Interesting thing. Ya know how when turning on your phones hotspot it has to verify that you are in fact allowed to use a hotspot. Well if you have Unlimited Data like myself, hotspotting is not allowed. HOWEVER, if you spam the hotspot button, it after several tries, gives up and lets you hotspot. THIS IS MY LITTLE TRICK. NO BUG BOUNTY. BESIDES, youd need my carrier.

Printer strikes again!
Boss is pissed off that the printer is not working for him but works for the accounting department. He slammed the "photocopy cover thingy" with a "putain" (which I doubt will make it work). I had told him multiple times last week that the credentials he entered is wrong and he needs to verify that first. He will hopefully eventually realise it. Till then
Printer: 01
Human: 00

Me: *Making a very trivial suggestion, that every person with 1 working eye and 1 functional lobe can come up with*

Corporate managers: *Ponder. Verify competitors didn't implement it yet*. Great idea! let's patent it!

My terminal (Tilix) didn't have a header bar for a quite a while now. I had grown to live without it even though I missed looking at the terminal title to figure where I was.

Today I my hand accidentally hit F11 and I was in for a surprise. I actually exclaimed aloud in the office.

I waited to test, confirm and verify that the header bar itself was not a bug before I facepalmed myself

As a legal thing at work I need to have someone verify my citizenship by filling out a form for my I-9. They ask the person for their title. My husband can’t be serious, so he put that his title is “Keeper of the Swans”.

Here’s hoping I don’t have an awkward convo with legal over the validity of verification by a man claiming the title “Keeper of the Swans”

In his _defense_, the form didn’t let him leave “Title” blank.

Man....I keep up with this strange love hate relationship I have with Python....

Last night it was python that literally wrote my homework: define all possible equivalent partition tables with cause and effect analysis and boundary value checks for a program. The whole thing wrote itself and all I had to do was verify the inputs. Something that I was able to do using jupyter with pandas and numpy. On one hand, I despise the lack of static typing and use of whitespace as a block delimiter. On the other I cannot but help feeling a high level of gratitude over the language and its high availability and ease of use for this.

Sure, I could have used other tools, but this language has dominated hardcore in this regard enough to the point of not considering it being a crime against humanity.

What the fuck is wrong with Google?!!

Trying to log into Gmail.
Forgot password.
Gmail: To reset, code from authenticator app is required.
Me: Super. Good thing I set it up.
Enters code.
Gmail: Recovery email.
Me : Uh... Forgot that too.
Gmail: Some email address to communicate.
Me: Super!
Enters some other email address.
Receives mail with a link.
Me: Finally!
Opens link

Gmail: "When did you create your account?"
Me: Uh... If I had that kind of memory, we wouldn't be dancing right now.
.
.
.
Gmail: Sorry we couldn't verify you.

WHAT THE FUCK, GOOGLE?!
What sort of sadist play is this?!

Dropped them a mail to get access back. Got a link in the auto reply that explains how to repeat the above process. WTF?!

What the actual fuck?!

I would like to rant one more time about my internship.

I began in July, the first. That's my sister who helped me to find this internship and I was a little scared about how bad it could be.
I came at the office, my boss told me that I would work in an "Innovation lab", an apartment where people works on projects that are less corporate than the enterprise's ones.

To me, it was amazing. So I came in this apartment, it was like a dream. I didn't know that I would have such luck to be in this environment : kitchen, sofas, beds, many decorations for all political ideologies, ideas. There was some decorations that were about weed and many cool things for the young guy I am.

The lab's leader told me that it was a very free environment and all the awesome stuff I could use.
Then they showed me where I would work.

We were two interns employed as web developers. We had a complete room for us.
Then we began to work there, and I was presented to my internship tutor.
He gave me some instructions but told me that I had a week before the project begin.

Here began the troubles.

We waited a complete week without having any instructions. Then we began to build something in PHP with our knowledge and the informations someone from the lab gave us.
When finally we had news from the project, two weeks later, we learned that the project would be built with ASP. NET.
Here we go, I learn ASP. NET alone. I have many problems and nobody helps (even if the problem comes from enterprise's API/Framework). I finally make something usable with no help, after I discovered that my mate wasn't developer at all and just took an option for her classes which forced her to get an internship.

She had 3 month left, I had 6.
Then when the project really began, nobody came to verify what I was doing and on a meeting, they said that I was doing nothing.

The boss even became mad on us because he couldn't see what we were doing (we're back end developers).
I asked for help to the developers of the enterprise and someone came, sad to have to help an internship, and learned some tricks but nothing else.

To have a concrete explanation of what DDD was, I had to ask 4 times for help.

Finally I had something that could receive data from the connected hives we are working on and store them into a database in the architecture of the enterprise.

Then, they wanted me to try an API for them. I tried, and it wasn't working at all. So they make me still wait to change my whole architecture when the API will be released.

Recently, I was told that I would never do the front-end of the project (which was an horror because of the fantasm of the lab leader). Then they realized that my late wasn't a programmer. So they asked me to make a prototype for the front-end. I did for a presentation.

Then they didn't tell me the device they would use for the presentation and it was an iPhone 7. Idk why, safari couldn't display what IE can.

They blamed me for having done a bad work. It wasn't my job. I did it to help because they can't find a fucking front-end developer with a little more experience than me.

Actually, I am an alone developer since my mate is gone and the lab leader don't want me to show up because she considers me as a shame.
I asked to be moved back in the office of the enterprise, they agreed and said it was a 2-weeks delay. It's the Thursday of the second week and I have no news. I send mails to my tutor, even SMS, he doesn't answer me. They didn't call me to give me my pay with a week late. And the person who is responsible doesn't answer me neither. I came to see her, but she wasn't available. I'm now alone in a desk, waiting the time to pass.

Fucking this shit.

I'm in France.

EDIT : I forgot to say that I can't use the sofas or bed because I'm allergic to cats and there were 3 cats. Now there is still one and this beast vomits and poos everywhere in the house...

Google simply can't knock off harrassing their users with security theatre.

A friend of mine has a small personal YouTube channel. He has recently been bombarded with several phone verification requests a week: "Verify it's you. To continue your session, complete a brief verification. This extra step helps us keep your account safe by making sure it’s really you. "

While frequent verifications may be understandable on YouTube channels with millions of subscribers, channels with only a few dozen subscribers are not attractive hacking targets. A verification would be justified before a potentially harmful action such as deleting videos or deleting a channel. But not for normal everyday use.

What's next? Will they ask users to "verify it's them" every ten minutes, "just for extra security"? Just to verify that it is "really, really, really, really, really" them?

It's not security. It's security theatre.

Sorry, Google, but users are not in the mood of doing a phone verification every other day.

Has this been Google's perverted wet dream all along?

WTF IS WITH ALL THESE MESSAGING SERVICES... ALL NEED TO LOGIN OR VERIFY USING MY PHONE. WHAT IS IT'S LOST OR BROKEN....

DUMBASS IDIOTS....

You work as IT for a private investigation agency.

You find YOUR name in a list of investigated people.

😲😲😲😲😲

You verify the Insurance ID.

😱😱😱😱

It's an homonym.

😂😂😂😂😂

After seeing it in a demo, the customer didn't like their first loading gif and they sent another one.
I go to open it to verify it's good and Gimp won't open it; Chrome, Firefox, IE, even MS Paint fails miserably. Eventually I ran file on it and it's an html doc.
So I changed the extension and loaded it up. He saved his slack window as a gif.

I've noticed looking at the card exit of a building that most people a) just carry their laptop without putting it in the backpack because the carpark is a jump away anyway, b) that stickers on said laptops can leak your infrastructure

No idea what made me interested in that, but if you take the average of people's laptop stickers (sadly not everybody had their laptop or maybe even a laptop at all, so I've got just 20) - you could probably tell what tools and what services the company is running.

Could be a funny coincidence and I was able to verify later by googling their company, but it's an interesting non trackable way to know what services and tools need to be exploited/emulated to possibly gain access to some high security network.

I feel like somebody had to have a talk/presentation about this, so I wonder, had anybody else seen something like that? or how far could this actually go?

It all started with an undelivereable e-mail.

New manager (soon-to-be boss) walks into admin guy's office and complains about an e-mail he sent to a customer being rejected by the recipient's mail server. I can hear parts of the conversation from my office across the floor.

Recipient uses the spamcop.net blacklist and our mail was rejected since it came from an IP address known to be sending mails to their spamtrap.

Admin guy wants to verify the claim by trying to find out our static public IPv4 address, to compare it to the blacklisted one from the notification.
For half an hour boss and him are trying to find the correct login credentials for the telco's customer-self-care web interface.
Eventually they call telco's support to get new credentials, it turned out during the VoIP migration about six months ago we got new credentials that were apparently not noted anywhere.

Eventually admin guy can log in, and wonders why he can't see any static IP address listed there, calls support again. Turns out we were not even using a static IP address anymore since the VoIP change. Now it's not like we would be hosting any services that need to be publicly accessible, nor would all users send their e-mail via a local server (at least my machine is already configured to talk directly to the telco's smtp, but this was supposedly different in the good ol' days, so I'm not sure whether it still applies to some users).

In any case, the e-mail issue seems completely forgotten by now: Admin guy wants his static ip address back, negotiates with telco support.
The change will require new PPPoE credentials for the VDSL line, he apparently received them over the phone(?) and should update them in the CPE after they had disabled the login for the dynamic address. Obviously something went wrong, admin guy meanwhile having to use his private phone to call support, claims the credentials would be reverted immediately when he changed them in the CPE Web UI.

Now I'm not exactly sure why, there's two scenarios I could imagine:
- Maybe telco would use TR-069/CWMP to remotely provision the credentials which are not updated in their system, thus overwriting CPE to the old ones and don't allow for manual changes, or
- Maybe just a browser issue. The CPE's login page is not even rendered correctly in my browser, but then again I'm the only one at the company using Firefox Private Mode with Ghostery, so it can't be reproduced on another machine. At least viewing the login/status page works with IE11 though, no idea how badly-written the config stuff itself might be.

Many hours pass, I enjoy not being annoyed by incoming phone calls for the rest of the day. Boss is slightly less happy, no internet and no incoming calls.

Next morning, windows would ask me to classify this new network as public/work/private - apparently someone tried factory-resetting the CPE. Or did they even get a replacement!? Still no internet though.
Hours later, everything finally back to normal, no idea what exactly happened - but we have our old static IPv4 address back, still wondering what we need it for.

Oh, and the blacklisted IP address was just the telco's mail server, of course. They end up on the spamcop list every once in a while.

tl;dr: if you're running a business in Germany that needs e-mail, just don't send it via the big magenta monopoly - you would end up sharing the same mail servers with tons of small businesses that might not employ the most qualified people for securing their stuff, so they will naturally be pwned and abused for spam every once in a while, having your mailservers blacklisted.

I'm waiting for the day when the next e-mail will be blocked and manager / boss eventually wonder how the 24-hours-outage did not even fix aynything in the end...

Boss: so we've got to call an app to verify data in this project. But I've got no more info and I'm on holiday next week. Please contact GuyA next week.
Me: ok I guess?
*writes email to GuyA*
GuyB: GuyA is on holiday please hold the line
*1 week later*
GuyA: we need more time it's not ready yet
*2 weeks later?
Me: so?
GuyA: yeah it's ready here's the wsdl etc your client already has the password
*1 week later*
Me: yeah so I got the data but the api says my auth isn't working
GuyB: yeah your user isn't activated on the test system. I'm gonna forward that and come back at you
*1 week later*
GuyA: so we're going live in about 2 weeks hows testing going?
Me: well I'm still waiting for the response and activation
*suddenly it works*
Me: yeah so auth is working but i can't find any data. Is there any special test data?
GuyA: oh no there is NO test data on the test system. You need to wait for GuyB but he us not here today...
Me: are you fking kidding Me?????

... no response since then and it's been days....

its day 4 of updating documentation and consolidating data.

The webclient has broken on average 4 times a day.

The database took 20+ seconds on updating a password entry.

I explained to my boss the real cost of interrupting my attention with these pauses. I figure it's caused my productivity to go from record high last week to being literally losing about 4 hours a day lost, plus extra time in having to go back through and verify things worked.

The technicians and developers who are working on fixing the database system are apparently quitting left right and center; their company acquired it awhile back, so they don't actually have native developers on it. Yet they still are pushing out new integration features rather than fixing anything.

Yesterday, one of the other people on the documentation project lost half a days work due to the angular updating the local cache, but it never reaching the backend. He came back from lunch, reopened his browser, and all his work was gone. (at least thats what we think happened). So we are hard resetting the program every 10 minutes or so just to make sure it is updating the backend.

The good news is that when it is done, we theoretically will be able to use this to cut back onboarding time and update times by about half, and it'll mean our new nano-server deployment project should be able to spin out with standards that can be referenced properly by everyone, not just the guy with the powershell script that he tinkered with for a particular project and never told anyone else what he did.

Theoretically.

College degree.

I don't have it. Not because I don't like to study or don't like to evolve.

I tried several times go back to college, but unfortunately I don't see myself wasting money and time inside a classroom hours per day for something I can read on a book and learn by myself in few days / hours.

I know there's some subjects it's quite hard and we need some guidance for help us, but, we have the community to ask, forums and a lot information on internet.

OK, but why I'm doing this rant?

Recently I got a good job offer in a good country but my potencial employer and me is facing issues to go trough the process because the country to give me the IT visa requires the college degree.

Sometimes I regret to not have enough cold blood to finish the damn college just becuase of the piece of paper (which doesn't proff anything and we cannot even use to clean the $_@#$"@).

My home country (which is a third world country) is already noticed that and they start doing some laws and visas to ease the hiring IT professionals and they're leaving at companies expanses and responsabilities to verify is a good professional or not, but, the price is high for that. But at least the companies there's a way now to get someone.

And also I start see a loot excelent and genius programmers and others IT professionals which are skipping the degree to see and face same issues as me.

I hope our field finally put a end to this burocracies.

God I hate when dev work gets all political.
Our team had a technical meeting with a difficult partner/customer, that wants to connect to our internal service, so we are writing an Integration Service for this.
Apparently the project is very important on both sides and highly political so in the meeting there was a member of the Board of directors of them. We just wanted to check one feature to verify they can connect, etc.
After some minor bugs showed up, that guy goes on ranting about how this is all a joke ("Verarschung" literally) and how we did not deliver all features yet as promised (Note : that was not promised) and basically indirectly personally attacked us, our company and our team.

It's incredible how such assholes can stay in such positions.

I'd love if devRant had a search for user name when writing a rant, so if I type @dfox, it'll at least verify the name before I post.

Got contacted by a potential client whose job I had bid on. Spent a couple of minutes frantically studying his specification and preparing my discussion.

Turns out the job was fake. He wanted me to create a new profile, verify it with my white European identity and then let him use it to approach Western clients.

The best part? I'm as Asian as he is, and all my profile pictures bear witness to that fact.

Some people smoke some really special stuff...

Today when registering myself for a website I was asked to validate my email address. Literally I was sent an email with only "Please verify your email" in the body. So I responded with "ok". Lets see how long it takes for them to realise their mistake.

I am a Technical Lead in the department in my company that writes code for our clients that have money but doesn't have the technical expertise to handle the complexities of our own software.

Part of my tasks involve taking care of a few projects written by employees that have left after using third-party tools rather than using our own software. No one else in this department knows these third-party tools, they only know our own, and my *still limited* web development experience means I get dumped these things in my lap.

And I'm SO pissed at these projects and their authors and the manager that let these ex-employees write these things. There is this one project that was managed by two different "developers" (I don't know they deserve this title) at two different times, and it is so riddled with different technologies it makes me want to throw up almost daily.

Don't believe me? Here is a complete list of the dependencies listed in the package.json of this project: babel-polyfill, body-parser, cookie-parser, debug, edge, edge-sql, excel-to-json, exceljs, express, html-inline, jade, morgan, mssql, mysql, pug, ramda, request, rotating-file-stream, serve-favicon, webpack, xlsx, xml2js

What this doesn't even show, is that one part of this project (literally one page) is made using react, react-dom, react-redux, and jade. The other part (again literally one page) is made using Angular and Pug. In case you missed it while picking up your jaw, there's also mssql, mysql, edge and edge-sql. excel-to-json, exceljs, xlsx.

Oh you want *more* juicy details? This project takes the entire data object used by the front-end, stringifies it into JSON, and shoves it into the database *as a single field*. And instead of doing WHERE clauses in the SQL queries, it grabs the entire table, loops, parses the json, and does a condition on it. If even one of those JSON entries gets corrupted, the entire solution breaks because these "developers" don't know what try/catch is.

The client asked for a very simple change in their app, which was to add a button that queries the back-end for a URL, shows it in a modal dialog, after which a button is clicked to verify the link by doing a second query to the back-end before modifying a couple of fields in the page.

This. Took. Me. Two. Months*. Save me. Please, save me.

*between constant context switches between this and other projects that were continuously failing because of their mistakes.

Prequel to my previous post:

I received an offer from a startup that did not meet the originally advertised salary range. In every other aspect this place seemed like where I'd enjoy working the most and each previous interaction made a very good impression on me. So needless to say this was quite a shock.

They immediately apologised and explained the situation. They only now started to expand to and hire from my location (which can be verified) and I would be the very first person from this location (seems true too but I could only really verify this after joining). They explained the salary range I had seen was for their main hub location (accurate too) and said that the recruiter who posted the ad did not adjust it to mine. I asked why tf they didn't notify me of this earlier and they said they are super busy with everything, are new to location based salaries and normally don't check the recruiters posts as it should be her work.

Now, even if this is totally true, it was an awful sudden shock and felt a bit like a scam - totally contradicting my previous impressions.

Here are a couple of other points that I'll just sum to save time:
- before seeing the job ad I had a *reasonable* salary expectation even lower than their actual offering
- on the ad, the bottom end of their salary range far exceeded my reasonable exp.
- the relative level of my position would be even higher up the range that I have seen realised would be top 5%
- having had seen the ad, I started to have an *ideal* expectation being the bottom of the range
- in first interview I told them my exp. is the bottom end of their range +- a bit
- I told this to a dev guy who has no fucking idea about this stuff and I don't blame him but he noted this down to higher management
- generally I have not been very precise of my expectation as previously I only had lower class dev jobs, this would be the first decent.
- Hence I have seen an enormously high variation in salaries offered to me so this advertised range whilst high seemed possible

Now, with all this in mind I posted here a question about what some of you would do in my position.

I received the following group of responses:

- it's a scam, bad place, run
- it's an intentional (common) trick
- people make mistakes like this esp. startups so find out if this is intentional or not
- just decide if their current offering is reasonable for the position and location, ignore the rest
- just decide if the amount is enough
- location based salaries are retarded, don't work there (I kinda agree and also don't)
- if they can afford the higher pay in another place they should have no prob. meeting the range
- it's more important that you'd enjoy it there if the pay is sufficient for general needs
- company culture is generally more important these days
- fuck recruiters and hr people (amen to that btw)

Here is what I did:

Regardless of whether I believe them or not I hyperfocused on the potential scam/trick aspect.
I told them that every other interaction with them was positive and would love to join them but this was a really bad impression and feels like they are playing with me. I made up some bullshit previous examples of companies trying the same trick on me (which obv. never happened).

Then I said that I think to resolve this they should invite me to their main office for a day (all interviews had been online) and if after that they are still not ok to offer me at least the bottom of the adv. range then we can part ways. Otherwise this should ensure both of us that we are a good match, etc.

They seemed to love the idea and said that I should go there for x till y (3 days) and if we don't hate each other by the end I'll get the amount at the bottom of the range and they apologised again about it looking like a scam, etc.

So thanks a bunch again to those of you who provided valuable input.

After building some automated regression tests to verify parts of the company website were working, it was discovered that a test case was missing.
Instead of a constructive meeting about fixing the issue and adding a test, I was reamed and my manager was reamed that we "missed this case".
Nevermind that the automation caught several issues before release in nearly every other aspect of coverage.
Nevermind that the missing test case was a useless feature added after the automation was completed.
Nevermind that automation was meant to be the last stop in the gate, not the first...

I was so livid after that meeting I nearly resigned on the spot. My manager was so livid over being told to write me up he was ready to resign.

Company started automated testing recently, and the devs need to review the test scripts.

The tester assigned to my component writes script to trigger button click and nothing else to verify the result.

I couldn't​ even. I just left work for the day.

My trying to login to my email account my.email.address@example.com via web:

Site: You need to verify that you are really you. We sent a verification email to my.email.address@example.com please click the link in this email to verify your identity.

The global joke of Information Security

So I broke my iPhone because the nuclear adhesive turned my display into a shopping bag.

This started the ride for my character arc in this boring dystopia novel:

Amazon is preventing me from accessing my account because they want my password, email AND mobile phone number in their TWO.STEP Verifivation.
Just because one too many scammers managed to woo one too many 90+y/o's into bailing their long lost WW2 comrades from a nigerian jail with Amazon gift cards and Amazon doesn't know what to do about anymore,

DHL is keeping my new phone in a "highly secure" vault 200m away from my place, waiting for a letter to register some device with a camera because you need to verify your identity with an app,

all the while my former car insurance is making regress claims of about 7k€ against me for a minor car accident (no-one hurt fortunately, but was my fault).

Every rep from each of the above had the same stupid bitchass scapegoat to create high-tech supra chargers to the account deletion request:

- Amazon: We need to verify your password, whether the email was yours and whether the phone number is yours.

They call it 2-step-verification.

Guess what Amazon requests to verify you before contacting customer support since you dont have access to your number? Your passwoooooord. While youre at it, click on that button we sent you will ya? ...

I call this design pattern the "dement Tupi-Guarani"

- DHL: We need an ID to verify your identity for the request for changing the delivery address you just made. Oh you wanted to give us ANOTHER address than the one written on your ID? Too bad bro, we can't help, GDPR

- Car Insurance: We are making regress claims against you, which might throw you back to mom's basement, oh and also we compensated the injured party for something else, it doesn't matter what it is but it's definitely something, so our claims against you just raised by 1.2k. Wait you want proof we compensated something to the injured at all? Nah mate we cant do that , GDPR. But trust me, those numbers are legit, my quant forecasted the cost of childrens' christmas wishes. You have 14 days or we'll see you in court haha

I am also their customer in a pension scheme. Something special to Germany, where you save some taxes but have to pay them back once you get the fund paid out. I have sent them a letter to terminate the contract.

Funniest thing is, the whole rant is my second take. Because when I hit the post button, devrant made me verify my e-mail. The text was gone afterwards. If someone from devRant reads this, you are free to quote this in the ticket description.

Fuck losing your virginity, or filing your first tax return, or by God get your first car, living through this sad Truman dystopia without going batshit insane is what becoming a true adult is.

I am grateful for all this though:

Amazon's safety measures prevented me from spending the money I can use to conclude the insurance odyssey, and DHLs "giving a fuck about customers" prevention policies made me support local businesses. And having ranted all this here does feel healthy too. So there's that.

Oh, cherry on top. I cant check my balance, because I can only verify my login requests to my banking account wiiiiiiith...?

apple is an IT company..

"New apps and app updates will not be accepted December 23–27 (Pacific Time), so any releases should be scheduled, submitted, and approved in advance."

Ah yes, because ofcourse the servers can go home and spend the holidays with their applets.

(yes i know apple says they verify by hand, yes i know in reality they actually automate it)

Fucking java library publishing. It's a nightmare. You have to fucking own a domain to publish a shit onto jcenter/bintray/whatever. You have to own the domain, that your lib's package name is. And you MUST verify it, otherwise you won't publish anything. Or you can shit allover your lib with package name like com.github.dumbcoder.mycoollib.

You must to create a ticket for some shitheads that are going to verify your shit for two weeks. They gonna ask you for source.jar, docs.jar and whatever shit.jar they need.

What THE fuck? Who was the asshole that decided name packages in reverse domain name? No FUCKING more ecosystem has such a bullshit. In .net you just make a lib, create a free nuget account, fill some basic info and boom! you have .net package published. Same for npm and rust for example.

Because the fucking package name should be just for structure not for a some dick to own it. Namespace is name-fucking-space.
FUCK JAVA.

Any JavaScript developers out there willing to help me out with something?

I have an interview question that I like to ask candidates that no one ever seems to get right. But, to me, it seems pretty basic, so I expect MOST JavaScript developers at almost any level of expertise to get it, and I like it generally because it demonstrates some core knowledge of JavaScript concepts and syntax.

But I want to verify that my feelings about it are reasonable, because give how few ever seem to get it right (and I'm talking across literally hundreds of interviews, MAYBE 2 people have ever gotten it right), I'm starting to wonder if I'm right or not.

Look at this code, and then answer the question after. Please do so off the top of your head and without testing anything since that's normally the experience a candidate would have. I'll give the answer after some time for anyone who gets it wrong but is curious.

But this isn't about YOU getting it right or not, and it's not about whether it's the best way to do something in JavaScript or anything like that, it's just about whether it's a reasonable question and whether my expectation that MOST JavaScript developers should get it right is fair.

const O = {
sayHello : function() { alert("Hello"); }
};
const S = "sayHello";

Question: using ONLY the variables O and S (and you MUST use both), write code that executes the sayHello function.

Thanks!

* Developing a new "My pages" NBV offer/order solution for customer
_Thursday
Customer: Are we ready for testing?
Me: Almost, we need to receive the SSL cert and then do a full test run to see if your sales services get the orders correctly. At this point, all orders made via this flow are tagged so they will not be sent to the Sales services. We also still need to implement the tracking to see who has been exposed to what in My Pages.
Customer: Ok, great!

_Friday
Customer: My web team needs these customers to have fake offers on them, to validate the layout and content
Me: Ok, my colleague can fix this by Tuesday - he has all the other things with higher prio from you to complete first
Customer: Ok! Good!

_Sunday
Me: Good news, got the SSL cert installed and have verified the flow from my side. Now you need to verify the full flow from your side.
Customer: Ok! Great! Will do.

_Monday
*quiet*

_Tuesday
Customer: Can you see how things are going? Any good news?
Me: ???
*looks into the system*
WTF!?!
- Have you set this into production on your side? We are not finished with the implementation on our side!
Customer: Oh, sorry - well, it looked fine when we tested with the test links you sent (3 weeks ago)
Me: But did you make a complete test run, and make sure that Sales services got the order?
Customer: Oh, no they didn't receive anything - but we thought that was just because of it being a test link
Me: Seriously - you didn't read what i wrote last Thursday?
Customer: ...
Me: Ok, so what happens if something goes wrong - who get's blamed?
Customer: ...
Me: FML!!!

Before you start pulling the code down for an API and debugging why a POST to it isn't persisting in SQL, verify your JSON is well-formed... 😒

That missing squiggly brace at the top is a buzzkill.

Fucking LinkedIn.

I created a new account with my main e-mail, and suddenly it was restricted. I sent an ID verification, I received an e-mail saying it was now back, but then it was fucking restricted again, and I CANNOT HAVE IT BACK BECAUSE THE TO GET HELP FROM THEM IS A HASSLE. Sometimes it asks me for a phone number, but then, and error appears saying the session is invalid.

I created a support ticket, their response takes hours with a new link to verify again, but when I send again a new ID, for some reason, my verifications do not reach them, and they send the same link again. FUCK'S SAKE.

Finally, I subscribed to Premium just to talk to someone, but they can't help with this matter. At least left a note to Jenny.

Why the hell is a newly created account being restricted? Fix your systems.

So this happened when I was interning. We were developing an online application for hospitals. Now as it is with any new product. We had a lot of small issues popping up related changing of text or design colors. Now this piss kissing product manage of ours who has had no prior experience of a product of the scale we were developing started posting issues in the company’s internal whatsapp group. It was fine initially when the issues were less and small. However, when the amount and intensity grew, I suggested that he be given access as a issue poster on the git repo of the code.
Now I couldn’t comprehend his level of douchiness before hand but this guy started posting issued there but only a link to a google doc with the issue described there.
Then when came the time to change the status of these issues, I asked him to verify for his satisfaction that the issue is resolved and mark it as such. So Mr. Shitmenot started to maintain a fucking google sheet to maintain the status of issues and asked us to do the same. And upon demarcation he would manually change the color of the cells representing the issue. Like what the fuck dude.
I complained about this to my mentor who also happened to be he CEO but he couldn’t care less as if it was some debt that he owed the guy.
Safe to say I left the company shortly after things started to get out of hand and more shit began to happen. Yes there was more stuff that happened!!!

I have been trying to wrap my head around authentication in hapi for the last 6 hours...
Fuck this shit... when did simple,
I HAS A USERNAME
I HAS A PASSWORD
CAN HAS SESSION?
become:
- you magically get a token from somewhere
- you magically verify that token
- you respond with { credentials } //magic
- by some fucking black magic the server probably creates a session without you knowing about it...
- you freak out and write your own authentication scheme only to find out that you cannot read payload of POST requests in the authenticate method
- you get angrier and depressed and write a rant

(to be clear: there is @hapi/basic but I don't think sending a GET request with the URL looking like username:password@domain.tld is very safe...)

I'm such a fucking idiot

I'm setting up an api and to prevent unwanted fields or circular dependencies from showing up I define what fields should appear in a few serialization yaml files.

These files define what fields should appear in a given context. The default context for every field is to always show the id, and only a call to /posts will give you all the fields of the posts for example. This means that if you retrieve a comment with a linked post, the post will only show up as an id, but the comment will have all its fields.

I've been struggling with a stupid problem for 2 hours, I could verify that the yaml files were loaded in, all entities had such a file and the configuration was exactly according to the docs.

Guess why my api calls still caused circular errors?

Because I forgot to do the $view->setContext$this->defaultContext); call that determines what context should be used for the response.

FUCK ME WHY DID IT TAKE SO FUCKING LONG TO FIGURE THAT OUT OMG

Google you say? Ofcourse I hunted google results! But I was unknowingly part of an XY problem and was looking for what the problem wasn't >:(

At least it works now, ugh

Was working on a system we planned on to deliver to a hospital
basically it was meant for controlling and monitoring pactions coming in and attendance time from the staff

Got it off the ground well and got to where the system was supposed to update room status
occupied/free then horror started
the db was not setting the room free after clearing a client off the list... room remained occupied and this kept on happening for 6 months and I was so focused on fixing the db models thinking thats where the problem was....

1 day after leaving the project for several months i just revisited the project randomly and started going through the whole code base trying to make sense of what was happening as there where no errors generated..
I had to verify the whole system logic... and that day i figured out what was happening...
upon adding a client to a room the system was also creating a duplicate room so when the function for setting the room free executes it would set the duplicate room free and not the actual room and the system would pick the room with occupied state causing the user not being able to assign new pactions to the room

Solving this brought so much relief coz it required so much work just to solve what seemed to be a minor issue

Brave Browser.

There’s a reason why brave is generally advised against on privacy subreddits, and even brave wanted it to be removed from privacytools.io to hide negativity.

Brave rewards: There’s many reasons why this is terrible for privacy, a lot dont care since it can be “disabled“ but in reality it isn’t actually disabled:

Despite explicitly opting out of telemetry, every few secs a request to: “variations.brave.com”, “laptop-updates.brave.com” which despite its name isn’t just for updates and fetches affiliates for brave rewards, with pings such as grammarly, softonic, uphold e.g. Despite again explicitly opting out of brave rewards. There’s also “static1.brave.com”

If you’re on Linux curl the static1 link. curl --head
static1.brave.com,
if you want proof of even further telemetry: it lists cloudfare and google, two unnecessary domains, but most importantly telemetry domains.

But say you were to enable it, which most brave users do since it’s the marketing scheme of the browser, it uses uphold:

“To verify your identity, we collect your name, address, phone, email, and other similar information. We may also require you to provide additional Personal Data for verification purposes, including your date of birth, taxpayer or government identification number, or a copy of your government-issued identification
Uphold uses Veriff to verify your identity by determining whether a selfie you take matches the photo in your government-issued identification. Veriff’s facial recognition technology collects information from your photos that may include biometric data, and when you provide your selfie, you will be asked to agree that Veriff may process biometric data and other data (including special categories of data) from the photos you submit and share it with Uphold. Automated processes may be used to make a verification decision.”

Oh sweet telemetry, now I can get rich, by earning a single pound every 2 months, with brave taking a 30 percent cut of all profits, all whilst selling my own data, what a deal.

In addition this request: “brave-core-ext.s3.brave.com” seems to either be some sort of shilling or suspicious behaviour since it fetches 5 extensions and installs them. For all we know this could be a backdoor.

Previously in their privacy policy they shilled for Facebook, they shared data with Facebook, and afterwards they whitelisted Facebook, Twitter, and large company trackers for money in their adblock: Source. Which is quite ironic, since the whole purpose of its adblock is to block.. tracking.

I’d consider the final grain of salt to be its crappy tor implementation imo. Who makes tor but doesn’t change the dns? source It was literally snake oil, all traffic was leaked to your isp, but you were using “tor”. They only realised after backlash as well, which shows how inexperienced some staff were. If they don’t understand something, why implement it as a feature? It causes more harm than good. In fact they still haven’t fixed the extremely unique fingerprint.

There’s many other reasons why a lot of people dislike brave that arent strictly telemetry related. It injecting its own referral links when users purchased cryptocurrency source. Brave promoting what I’d consider a scam on its sponsored backgrounds: etoro where 62% of users lose all their crypto potentially leading to bankruptcy, hence why brave is paid 200 dollars per sign up, because sweet profit. Not only that but it was accused of theft on its bat platform source, but I can’t fully verify this.

In fact there was a fork of brave (without telemetry) a while back, called braver but it was given countless lawsuits by brave, forced to rename, and eventually they gave up out of plain fear. It’s a shame really since open source was designed to encourage the community to participate, not a marketing feature.

Tl;dr: Brave‘s taken the fake privacy approach similar to a lot of other companies (e.g edge), use “privacy“ for marketing but in reality providing a hypocritical service which “blocks tracking” but instead tracks you.

Me and new guy are working on something. We're both in different countries.

New guy just graduated a couple of months ago. Thinks he's better than us, egoistic, refuses to accept his mistake. Cannot work well in a team and arrogant. Basically a package.

I fucking spent 3 hrs trying to look for a bug in my code, which doesn't exist in the first place. Because he's a lazy fuck and refuses to even accept that he might've made a bug (evident from the fact that his first reaction was to blame me and second reaction was to verify his code)

And he doesn't have the decency to admit that he made a mistake.

What's even more sad is that I've to babysit him cuz he's incompetent.

It's fucking obnoxious.

Got to love when the on-call takes their sweet-fucking time with the back-up. All this because the lazy douche did not what to verify the back-up was complete.

NOTE TO SELF:

Verify with your coworkers about how you plan to attack a certain feature if you’re unsure, especially since you work remotely. If not, you’ll have to fucking redo a feature three times

Just had the worst exam of my life today in system development at my university. This cock sucking bitch of a sensor claimed I was wrong in various assumptions about Extreme Programming. Such as: saying XP is an incremental process and not iterative. Claiming UP is more iterative than XP and that various analogies about what iterative means compared to incremental was wrong and even disrupting me while I was talking. Mind you I've been studying these subjects closely the last week and have been reading most of The Pragmatic Programmer to verify various things she disagreed upon. Result grade? In the middle of the fucking scale. Fuck this shit. I'm just glad the grade won't appear on my final graduation papers. And yes, I'm a perfectionist when it comes to this and programming, so if I'm in the wrong please correct me.

This is how security bugs get introduced into open source. This comment came into a project I'm watching today, and I don't have the time to follow up on how bad of an idea that is:

"If you are still interested, I got it working by removing verify=True"

My phone suddenly is stuck in a reboot loop.
all solutions did not work (Safemode, Recoverymode etc)

It was time for a new phone.

well... most of my logins have now 2 factor authentication. That got me thinking:

imagine that you lost all your trusted devices in a house fire.
you cannot get in your email because of you need to verify.
you cannot buy stuff online because your phone gets a message.
and in certain cases you cannot even get in your password manager of the same reason.

I know that there are recovery codes and other solutions to this.. oh boy you are F*cked when you don't have your phone.

Everything turned out okay, Sim Card in different phone for messages. And new phone works like a charm :)

Some context about me. Close to 3 years experience as a java developer. 1st class honours in Computer science plus oracle java 8 professional certified.

Today while discussing to a senior developer about a technical solution, he asked me a question.

Are you familiar with 'extends'?

He was talking about the keyword. I am so disturbed by it. Here I was thinking I was doing a great job. And he felt the need to verify if I knew inheritance keyword..

God knows what he and his fellow senior colleagues talk about me.. I must be looking like an absolute idiot in their eyes all this time..

For those of you who are riding the crypto currency train I have a question. I'm looking to colocate a few antminer s9s and I'm unsure how to verify that the cooling will be adequate.

What is the best way to verify this?

"Hey guys we originally set the demo date to August 5th and thus far I have not seen any previews before that, what's going on here?"

Ok see, that is the kind of thing that I would take to me own lil broken heart IF:
1 It was coming from a product manager at where I work

2 He would never get any sort of updates or would just plain not know about us

3 He would be I dunno....fucking paying us?

This is the thing, a friend offered the chance to help him build a product for a business man somewhere down in the land of tacos. Being in a "fuck it" mood and not wanting to say no since it sounded interesting enough I said yes. The "owner" said that he would not be able to pay since he already had hired a team of developers before that did not deliver and as such he was instead offering a part of the company.....sounds familiar?

Not wanting to let my friend down, I told the owner that I would help just as long I get complete CTO power over the product and not crying about the stack being used or ME NOT GIVING THE PRODUCT MY FULL ATTENTION BECAUSE HE WAS NOT FUCKING PAYING.

He said ok.

Of course he did not like it, but he said ok.

He has been asking for the code, the platform, demos and a bunch of other shit which I continue to refuse since he has not offered me or my boy a copy of the legal documents that we require.

Him: "You will get them soon enough, I still need to see the product just to make sure everything is ok"

Me: "You wouldn't even know where to begin looking unless you have a third party that could verify the code, last time I checked I was to be the only one good for this"

Him: "Yeah and you and <friend> are, but I just need to see the product"

Me: "I send you videos and demos, sorry dude, but no binding document == no code. I know you think I am young, give me some fucking credit because this is not my first rodeo"

Him: "I am not trying to play you or anything, you can trust me"

Me: "No, not really. Talk to me about this when you get the documents"

Him: "Well its cuz this is taking too long...."

Me: "Tssss I know!!! It sucks right? Want a good product, built with all the bells and whistles and YOU DON'T WANT TO PAY? guess what dude, I do have a full time job, your product gets my minimal attention, right there at the bottom next to taking a shit, meaning that I will give your product the same time and attention as I would going to the throne. Aye don't feel that bad, I normally take about 1 hour on the shitter, you get that for fucking free."

To be fair ladies and gents I normally don't just explode on people like this. But I just can't fathom not paying someone for a rather large software product, with only a promise that "it will sell" and then telling them to hurry up.

Far as I am concerned this product will flop, but he seems to think it is the next big thing(of course).

He can go choke on some chode.

Fucking prick.

I'm a workaholic.
My boss literally told me I've only used 1 PTO day this year and with only 2 weeks left I HAVE to take at least the rest of this week off.

Guess... I'm getting a really long weekend, took tomorrow thru Friday off, Monday and Tuesday are holiday, so only 3 days left of the year after 5 today.

Not taking the last 3 days next week because I don't trust my one co-worker to do end of month/year procedures without me there to verify they didn't fuck up anything.

Now I just have to get through that time stressing about things I'm responsible for breaking while I'm not there.

My first exposure to computers was when i was 7 in 98. Hp Palvillion with windows 98. Got it from walmart and it cost around $1100. Brought it home and i hooked it up on my own on the living room floor. First program installed was "who wants to be a millionare", fitting that a game be the first thing installed since it was for homework. I lived 16 miles from town at the time so i really had no friends and the isolation made it hard for me to adjust in school to the point that i was a loud kid seeking attention. Then we got dialup and i found invisionfree forums which my first programing experiance with javascript started. And no I'm not talking about jquery I'm talking about the real thing.

Fast foward a year. I find an opensource arcade and learn php while writting an arcade from scratch that uses curl to mitm login to verify the user. Later that month i create a small project that dynamicly creates a signature image for the top 1000 posters on a coding forum i liked.

Then all hell broke loose when i found osdev.org, thought i was going to be a badass and make the ultimate operating system that would combine linux, windows, and mac where it could run anything. Reality Check hit me like a semi and train hitting at full force trying that and made me look into hacking. Spent alittle while breaking windows in so many ways and talking to others on irc until i was about to turn 18. Switched to ubuntu 12.04 my senior year while that was occuring.

When you've worked on a project for a whole week, and finaly verify it against the hardware and everything works!