!Story

The day I became the 400 pound Chinese hacker 4chan.

I built this front-end solution for a client (but behind a back end login), and we get on the line with some fancy European team who will handle penetration testing for the client as we are nearing dev completion.

They seem... pretty confident in themselves, and pretty disrespectful to the LAMP environment, and make the client worry even though it's behind a login the project is still vulnerable. No idea why the client hired an uppity .NET house to test a LAMP app. I don't even bother asking these questions anymore...

And worse, they insist we allow them to scrape for vulnerabilities BEHIND the server side login. As though a user was already compromised.

So, I know I want to fuck with them. and I sit around and smoke some weed and just let this issue marinate around in my crazy ass brain for a bit. Trying to think of a way I can obfuscate all this localStorage and what it's doing... And then, inspiration strikes.

I know this library for compressing JSON. I only use it when localStorage space gets tight, and this project was only storing a few k to localStorage... so compression was unnecessary, but what the hell. Problem: it would be obvious from exposed source that it was being called.

After a little more thought, I decide to override the addslashes and stripslashes functions and to do the compression/decompression from within those overrides.

I then minify the whole thing and stash it in the minified jquery file.

So, what LOOKS from exposed client side code to be a simple addslashes ends up compressing the JSON before putting it in localStorage. And what LOOKS like a stripslashes decompresses.

Now, the compression does some bit math that frankly is over my head, but the practical result is if you output the data compressed, it looks like mandarin and random characters. As a result, everything that can be seen in dev tools looks like the image.

So we GIVE the penetration team login credentials... they log in and start trying to crack it.

I sit and wait. Grinning as fuck.

Not even an hour goes by and they call an emergency meeting. I can barely contain laughter.

We get my PM and me and then several guys from their team on the line. They share screen and show the dev tools.

"We think you may have been compromised by a Chinese hacker!"

I mute and then die my ass off. Holy shit this is maybe the best thing I've ever done.

My PM, who has seen me use the JSON compression technique before and knows exactly whats up starts telling them about it so they don't freak out. And finally I unmute and manage a, "Guys... I'm standing right here." between gasped laughter.

If only it was more common to use video in these calls because I WISH I could have seen their faces.

Anyway, they calmed their attitude down, we told them how to decompress the localStorage, and then they still didn't find jack shit because i'm a fucking badass and even after we gave them keys to the login and gave them keys to my secret localStorage it only led to AWS Cognito protected async calls.

Anyway, that's the story of how I became a "Chinese hacker" and made a room full of penetration testers look like morons with a (reasonably) simple JS trick.

writing library code is hard.

there are sooo many details that go into writing good libraries:

designing intuitive and powerful apis
deciding good api option defaults, disallowing or warning for illegal operations

knowing when to throw, knowing when to warn/log
handling edge cases
having good code coverage with tests that doesn't suck shit, while ensuring thry don't take a hundred years to run

making the code easy to read, to maintain, robust
and also not vulnerable, which is probably the most overlooked quality.

"too many classes, too little classes"

the functions do too much it's hard to follow them
or the functions are so well abstracted, that every function has 1 line of code, resulting in code that is even harder to understand or debug (have fun drowning in those immense stack traces)

don't forget to be disciplined about the documentation.

most of these things are
deeply affected by the ecosystem, the tools of the language you're writing this in:

like 5 years ago I hated coding in nodejs, because I didn't know about linters, and now we have tools like eslint or babel, so it's more passable now

but now dealing with webpack/babel configs and plugins can literally obliterate your asshole.

some languages don't even have a stable line by line debugger (hard pass for me)

then there's also the several phases of the project:

you first conceive the idea, the api, and try to implement it, write some md's of usage examples.

as you do that, you iterate on the api, you notice that it could better, so you redesign it. once, twice, thrice.

so at that point you're spending days, weeks on this side project, and your boss is like "what the fuck are you doing right now?"

then, you reach fuckinnnnng 0.1.0, with a "frozen" api, put it on github with a shitton of badges like the badge whore you are.

then you drop it on forums, and slack communities and irc, and what do you get?

half of the community wants to ban you for doing self promotion

the other half thinks either
a) your library api is shitty
b) has no real need for it
c) "why reinvent the wheel bruh"

that's one scenario,

the other scenario is the project starts to get traction.

people start to star it and shit.
but now you have one peoblem you didn't have before: humans.

all sorts of shit:

people treating you like shit as if they were premium users.

people posting majestically written issues with titles like "people help, me no work, here" with bodies like "HAAAAAAAAAALP".

and if you have the blessing to work in the current js ecosystem, issues like "this doesn't work with esm, unpkg, cdnjs, babel, webpack, parcel, buble, A BROWSER".
with some occasional lunatic complaining about IE 4 having a very weird, obscure bug.

not the best prospect either.

OK< been a long time user of Unity.

Tried the latest update as I and others were enthusiastic about creating a joint project of gamers and developers.

As I was building up a started website and we were getting things with Unity ready...BOOM,. They Fuck up the installs.

Not just a minor thing here or there but not finding its own Fucking file locations where it installs shit. You try and say, Hey Unity you fucking twat, install here in this folder.

Boom again, it installs part of it there, and then continues installing shit everywhere else it wants to. Then the assholes at Unity give this Bullshit claim "the bug has been fixed."

Just reinstall.

Fuck you, its never that simple, You have to delete all sorts of fucking files to make sure conflicts from a previous corruption isn't just loaded on top of so it does not fuck up later.

So we did all that from programs, program data, program(x86), AppData Local, Local Low, and Roaming.

For added measure we manually removed all the crap from the registry folders (that was a pain but necessary), and then ran a cleaner to make sure all the left over shit was gone.

Thinking, OK you shit tech MoFo's we are clean and here we go.

HOLY SHIT BALLS, Its fucking worse with the LTS version it recommends and Slow as Fuck with their most recent version which is like 2020 itself, and insane piece of fucking bloated garbage and slower than a brick hard shit without fruit.

So we were going to all go post on the forums, and complain the fix section isn't fixed for shit.

Fuck us running backwards naked through a field of razor grass. Its so overloaded with complaints that they shut down further posts.

What makes this shit worse is we cannot even get the previous fucking versions of the editor before all this to work where our only option is without using the fucking Hub demand is just install 2018.

great if we started coding and testing in that. We cannot get shit where we were at back on track because you cannot fucking backward load an exported saved asset file.

Unity's suggestion? Start over.

Our Suggestion? Stop fucking smoking or using whatever fucking drug you assholes are on, you fucking disabled the gear options so we can resolve shit ourselves, and admit you did that shit and other sneaky piece of shit back stabby, security vulnerable data leak bullshit things to your end users.

Listen to your fucking experienced and long time users and get rid of the Fucking backward stepped hub piece of shit everyone with more brains than whatever piss ant pieces of shit praised that the rest of us have hated from day fucking one!

And while fixing this shit like it should be fucking fixed if you shit head bastards want to continue to exist as a fucking company, overhaul the fucking website or get the fuck out of business with now completely worthless SHIT.

Phew:
Suffice it to say....

We are now considering dealing with the learning curve and post pone our project going with unreal just because of these all around complete fuck ups that herald back to shit games of versions 3.0 and earlier.

So I can see everything thinks CS should be taught differently this week.

Based on all of the ways we could change it, something no one seems to be mentioning much is security.

Everyone has many ways of learning logical processors and understanding how they work with programming, but for every line of code taught, read or otherwise learnt you should also learn, be taught how to make it less vulnerable (as nothing is invulnerable on the internet)

Every language has its exploits and pitfalls and ways of overflowing but how you handle these issues or prevent them occurring should be more important than syntaxually correct code. The tools today are 100000x better then when I started with notepad.exe, CMD and Netscape.

Also CS shouldn’t be focused on tools and languages as such, seeing as new versions and ideals come out quicker then CS courses change, but should be more focused on the means of coming to logical decisions and always questioning why or how something is the way it is, and how to improve it.

Tl;dr
Just my two cents.

Don't you just love it when an official Docker image suddenly switches from one base image to another, and they automatically update all existing tags? Oh you've had it locked to v1.2.3, guess what, v1.2.3 now behaves slightly differently because it's been compiled with OpenSSL 3. Yeah, we updated a legacy version of the software just to recompile it with the latest version of OpenSSL, even though the previous version of OpenSSL is still receiving security fixes.

I don't think it's the image maintainers or Docker's fault though. Docker images are expected to be self-contained, and updating the base image is necessary to get the latest security fixes. They had two options: to keep the old base image which has many outdated and vulnerable libraries, or to update the base image and recompile it with OpenSSL 3.

What really bothers me about the whole thing is that this is the exact fucking problem containers were supposed to solve. But even with all the work that goes into developing and maintaining container images, it still isn't possible to do anything about the fact that the entire Linux ecosystem gives exactly zero fucks about backwards compatibility or the ability to run legacy software.

Best way to avoid procrastination : We tend to avoid commitments or to do large tasks as even visualizing them seems tiring and the longer it takes, the vulnerable we are to distractions

So I use this simple trick
I break my task into numerous sub tasks. For example if I need to finish a feature before day end, I would first list down all the cases I can think of in order and write them down using actual pen and paper.
I then start implementing them step by step.
I mark them checked once done.
It gives me a sense of achievement as I see those checks besides the sub tasks and I can also take breaks between steps.

So all it takes is just first five minutes of planning.
I had to do the above procedure, for this post as well.
Hope it helps fellow developers
:)

I hate people who think they are always right.

A coworker who seemed to be a friend turns out to be an emotionally needy narcissist who seems to think that he is a perfect human being and is the best example of how to live.

Long story short is that we did some bonding via alcohol and smoking cigarettes. Especially when I was in a bad period in my life where I had little self confidence, was in a bad financial situation and overshared many details abound my personal life.

And yeah we also work as software devs in the same team but I started avoiding working with him directly, because due to his seniority he overcomplicates things a lot to the point where stuff gets postponed for months. Meanwhile I am a simple guy, I do my tasks and if they are not up to the standard I just work on the feedback until Im up to the standard, thats it. Its just a job for me, for him its a way of life and he considers himself to be basically an artist.

Hes always trying to prove me something, showing that the "long way" is the best way and so on. In reality I dont give a fuck about him. I live my own life and I have my own priorities. I work fulltime in one job, also I work part time as a freelancer and in total I make about 20 percent more than he does. Previously before this job I owned my own company where for 2 years I ran my own projects which generated a decent revenue. I know what is hard work and how to sacrifice myself in order to achieve results. I am more pragmatic and I have some limitations of what I can be good at (since I have a shitty working memory due to my ADHD). So I have systems in place and bottom line is that I earn a decent living and my skillset is different. Yeah I agree that in some ways he is better than me, but dude has such a massive inflated ego that now he thinks that he unlocked some sort of universal wisdom and now hes suddenly experienced in every field of life and his opinion is the right one.

This guy takes a massive pride in how good software engineer he is and in every topic or interaction he tries to one up me. Which most of the time is just his preference or in order to gain a 0.0001 percent performance increase. Dude is basically a big walking ego and since "we are close now" his ego started bleeding into personal relationship.

In my personal life, Im in a stable relationship, thinking of proposing soon and getting married. I already co-own an apartment with my current girlfriend. Everything is serious and planned, Im soon to be 30 years old. He is the same age but he still thinks hes young hot shit and all he cares about is getting shitfaced a couple times a week after work and he doesnt really have any other hobbies. He has a girlfriend but I dont see any future in there TBH.

So what I did now is I started putting some distance between us. No more drinking every week with him, maybe maximum once in 2 or 3 weeks. I started working from home more. Also I stopped sharing my personal life with him. Each time when he thinks he is right I just go along with it and dont even pay attention to his emotional manipulations. I just hope one day he fucks off completely and I wont give in to his gaslighting. Maybe in a few months I will be leaving this job, so I will never have to deal with him again.

Lesson learned: dont be vulnerable to coworkers who you bond together only via alcohol.

I miss psychological safety. I'll define it as the willingness to be vulnerable to criticism and the belief that contrary opinions are embraced and judged on their merit.

When I first entered the startup scene my manager had exceptional candor. He had no qualms talking about how kids and personal projects caused his investment in his work to wax and wane.

He always made time to talk to me when I was frustrated and made me feel like he truly listened to what I had to say, even if he didn't act on it.

At the time, I attributed the safety to the company culture created by the CTO. The startup failed and eventually, I found my way to that CTO's next startup.

Completely different experience. I find myself in despair as I hear "I'm more senior and therefore am right and don't have time or interest in your ideas" blatantly stated.

When I disagree with people, I try to ask clarifying questions to identify where the divergence occurs. Sometimes I'm surprised and learn something new, sometimes my questions prompt reconsideration.

With the CTO (now CEO), we go in circles where he squirms, deflects, and outright refuses to respond to my questions. He cancels 75% of 1:1's and when we do talk he suggests that if I disagree I "should introspect which of my beliefs is holding me back from embracing his superior way of doing things"

Multi-hour slack wars suck the life out of anyone trying to ask questions. It's so exhausting to ask questions it's often cheaper and faster to wallow in despair for an hour and hack something together than descend into people shouting preferences at each other and shaming me for not already knowing the answer.

Perks, pay, and tech-stack are all cool. It feels selfish to be unhappy because I can't innovate or challenge the status quo. Having tasted that safety though, I'm left with an unquenched thirst that grows stronger with every conflict.

Summing up my cynicism.

I live on a big shit pile in the middle of nowhere where biggest achievement is travel around the globe. It doesn’t matter that you can do it under a day using special piece of paper that everyone is bragging about.

At the same time I am trapped inside sack of meat that is slowly putrefy and is highly vulnerable to everything on this fucking place. Sooner or later I will shit under myself again.

And I even didn’t stared cause the real problem is that I can’t get the fuck out of here and everyone try to convince me that what I do is “important” and I need to start a family and shit like that, yet everyone believes in some higher power that says you don’t need all of this shit. Like what the fuck people ?!!?!!

How the fuck did I get here ? I must have been making jokes from someone important. If it’s true I’m really really sorry and now please get me out of this nightmare. I know I did something wrong and I sincerely apologize. Are we good now ?

Fucking hell !!!