Following a conversation with a fellow devRanter this came to my mind ago, happened a year or two ago I think.

Was searching for an online note taking app which also provided open source end to end encryption.

After searching for a while I found something that looked alright (do not remember the URL/site too badly). They used pretty good open source JS crypto libraries so it seemed very good!

Then I noticed that the site itself did NOT ran SSL (putting the https:// in front of the site name resulted in site not found or something similar).

Went to the Q/A section because that's really weird.

Saw the answer to that question:

"Since the notes are end to end encrypted client side anyways, we don't see the point in adding SSL. It's secure enough this way".

😵

I emailed them right away explaing that any party inbetween their server(s) and the browser could do anything with the request (includingt the cryptographic JS code) so they should start going onto SSL very very fast.

Too badly I never received a reply.

People, if you ever work with client side crypto, ALWAYS use SSL. Also with valid certs!

The NSA for example has this thing known as the 'Quantum Insert' attack which they can deploy worldwide which basically is an attack where they detect requests being made to servers and reply quickly with their own version of that code which is very probably backdoored.

This attack cannot be performed if you use SSL! (of course only if they don't have your private keys but lets assume that for now)
Luckily Fox-IT (formerly Dutch cyber security company) wrote a Snort (Intrustion Detection System) module for detecting this attack.

Anyways, Always use SSL if you do anything at all with crypto/sensitive data! Actually, always use it but at the very LEAST really do it when you process the mentioned above!

I swear I work with mentally deranged lunatics.
Dev is/was using TFS's web api to read some config stuff..

Ralph: "Ugh..this is driving me crazy. I've spent all day trying to read this string from TFS and it is not working"
Me: "Um, reading a string from an web api is pretty easy, what's the problem?"
Ralph: "I'm executing the call in a 'using' statement and cannot return the stream."
Me: "Why do you need to return a stream? Return the object you are looking for."
Ralph: "Its not that easy. You can return anything from TFS. All you get back is a stream. Could be XML, JSON, text file, image, anything."
Me: "What are you trying to return?"
Ralph: "XML config. If I use XDoc, the stream works fine, but when I step into each byte from the stream, I the first three bytes have weird characters. I shouldn't have to skip the first three bytes to get the data. I spent maybe 5 hours yesterday digging around the .Net stream readers used in XDoc trying to figure out how it skips the first few bytes."
Me: "Wow...I would have used XDoc and been done and not worried about that other junk."
Ralph: "But I don't know the stream is XML. That's what I need to figure out."
Me: "What is there to figure out? You do know. Its your request. You are requesting a XML config."
Ralph: "No, the request can be anything. What if Sam requests an image? XDoc isn't going to work."
Me: "Is that a use-case? Sam requesting an image?"
Ralph: "Uh..I don't know...he could"
Me: "Sounds like your spending a lot of time doing premature optimization. You know what your accessing TFS for, if it's XML, return XML. If it's an image, return an image. Something new comes along, modify the code to handle it. Eazy peezy."
<boss walks in from a meeting>
Boss: "Whats up guys?"
Ralph: "You know the problem with TFS and not being able to stream the data I had all day yesterday? I finally figured it out. I need to keep this TFS reader simple. I'll start with the XML configs and if we more readers later, we can add them."
Boss: "Oh yea, always start simple and add complexity only when you need it."

Frack...Frack..Frack...you played some victim complaining to anyone who would listen yesterday (which I mostly ignored) about reading data from TFS was this monumental problem no one could solve, then you start complaining to me, I don't fall for the BS, then tell the boss the solution was your idea?

Lunatic or genius? Wally would be proud.

So, my raspi, that controls my home automation stopped responding to all web requests, when I got home, I noticed that the wifi dongle was not lighting up, It has worked with no problems for 3 months now, so that was really weird, I plugged in the Ethernet cable, ssh'd in and ran ifup wlan0
And BOOM consoled filled with
MESSAGE FROM SYSLOGD@RASPBERRYPI
And some odd codes, no help from Google either,
Then I checked dmesg, and there were these:
Bad relocation sym offset
Mac82011: unknown symbol
At that point I got paranoid, checked my auth.log and it was FULL of failed logins, the size was well over 1Gig, and first entry was from 2 days ago....
Then some weird shit with www-data running SU
Turns out someone got in somehow ( I'm running on nonstandard port and dynamic ip, I was supposed to disable password login today, as i had enabled it temporarily)
That made me check my wifi driver , it was modified 2 mins after they got in, had a badly made rootkit but chkrootkit didn't say anything about it.
Time to setup IDS!
Any tips for where else they might have their shit in?
Oh, also, it didn't take long to bruteforce in the zombie that got in :p
And yes, it was a compromised server that was also wiped recently, so I just emailed -rf'd IT as it had tons of victim passwords
NOBODY MESSES WITH MY MACHINE AND GETS AWAY😠

I'm getting so fucking tired of frontend development...

I still like part of it, but I really hate CSS, browser compatibility, stupid users, dumb requests from product owners and fucking weird designs. And to top it all, it's the frontend team that handles all the pressure when the deadline comes up and the project's late, even if it was the product/design/whatever phase that took too much time.

Being a frontend developer is very stressful and has so many annoyances and I'm getting sick of it.

My company's been promising giving me some backend work because there are some backend-heavy projects coming up and they know I have the skills, but they just keep giving me frontend work. Also, one of our frontend developers is on leave, which means more work for the rest of us.

Why did I ever decided to do frontend development?

I had a client that used to send emails to detail requests or report bugs on a software.
Now, believe it or not, this was the regular way:
An email with just an introduction and a Word document attached, containing very verbose descriptions (usually not in a human known language) and most importantly, screenshots.
What's so weird about this? Those pictures were captured with printscreen, printed on paper, scanned and then inserted inside the doc 😭😭
Why all this? I don't know, otherwise I wouldn't have posted it as #wk32 ☺

Client asks to point their domain to a new 'squarespace' they just got, then call you bc they cannot access the admin console to their old site and 'it's so weird that all the requests are now going to squarespace !!'

Got demoted, got a pay raise and don't know how to feel about it. A story of how not to drink with your coworkers?

The story begins roughly 8-9 months ago. Me and this coworker (let's name him Tim) go out drinking after a Friday party at the office. We do some rounds and we're both smashed. Tim starts telling me how he's happy with life and that he's earning a nice salary right now. He told me his salary. It was the same as mine. Which was weird - He codes in a more hardcore languages than me and has almost double the time in the company as me. I think after some more drinking I've confessed that I make the same as him. This part is sort of a blur (drinking). I've gotten a pay raise(+30-40%) roughly a few months ago from that point backwards because another company gave be a much higher offer. The company I work for matched to keep me. Anyway, 3 months or so after the drinking,Tim is promoted to team lead, and me and a few other people are added to his team. Conversation slips and he told me his new salary - quite a bit more than me.I think it's safe to assume what happened.

The problem with that is that I was a team lead of 1 person (me) at that time, and I was managing my own time and my own tasks, was working with people individually. I was part of the weekly meetings with the CEO and other team leads. Being stripped of this title wasn't a problem at the beginning, as people still contacted me because of their problems, suggestions, whatever. A few more months pass (to now) and less and less people are contacting me - instead they are talking with Tim, and are asking of his opinion on tasks I should do, where he has no experience and roughly 0 lines in the programming language I code in. This is starting to piss me off.

There are a couple other things to take into consideration as well - The company is hiring a lot of people right now. The whole structure for team leads changed a bit, more team leads then ever right now and new roles added pretty fast.

I've gotten a pay raise a few weeks ago though(10%~).

I'm not sure on how to react to this. Should I comply and just keep on working on these tasks? Or should I still keep contacting people directly on their requests and talk to them directly, take credit for the projects I complete publicly and the stuff I do as I was previously doing? Part of me wants to reroute all of the stupids questions people have to Tim, as he is now responsible for these tasks and get this weight off my shoulders.

I'm starting to shift to learning a new programming language and thinking of jumping ship. Thoughts?

So my boss run 2 different companies, the one that hired me and the one that I work for like 40% of the time (through the first one).

This second company is now having a client that's asking for educational qualification for both my boss and me (?)

I mean, even if I didn't study, why would you need that? The product is up and running and works, so wtf do you want?

Long long time ago when recharge coupons we a thing, I used to try out more codes in the series and waste my time. After failing a lot over this, I started trying out different USSD codes to see what other stuff is out there. This got me to stumble upon facebook and twitter on USSD. I'm not sure now but, twitter was probably *515# from my carrier.

Facebook. I remember chatting for quite a long period using this. Very slow and limited yet, fun. The USSD message expires within ~60secs. so you have to type the chat message before that or you lose everything you typed. The phone was no smartphone that would allow me to copy the text from the USSD input. On top of that panic, was a character limit to these messages. I remember hitting send while being midway through a message just so I don't lose what I typed, on a T-9 keyboard. Still miss those!

The person on the other side would receive a half message due to this, and would start replying without any patience, to which I panicked as now there's a new thing to respond to, and a half message which I'm waiting to complete.

Later over the weekend when I was allowed to visit the cyber cafe for an hour or two with 15-30 INR, reading the chat threads, being able to use the five sticker packs:) and thus continuing on a computer was fun. But, as the time at the cafe expires, I had to immediately shut off my session or I'd be charged more. Thus, I was left in the middle of a conversation again, and had to continue over USSD.

Using social media without any internet like this was quite fun in a weird way. If I get a new message, I'd get a USSD alert, and then an sms if I didn't reply in some 10-15mins!

This had all the features like like and comment. Friend requests too. For the posts in a "timeline" which was new and fancy in those days, all you see is the caption of a post which also gets truncated quite a bit as USSD also has to show it's options like:
1. Like
2. Comment
3. Next Post
4. Main Menu

This was around '13 or '14 I guess. After which I later got my first computer- a laptop. Anyways, the tactile feel of pressing the buttons on a T-9 keypad is nostalgic to me. 😅 And if you were a pro at texting, u must hv used shrtcts lyk dis too w/ emojis lyk :-) <3

We're all on gradle and we had a new guy who started a project with Maven. He also used atom editor for Java/Scala code (even though we had a license for Intellij), and refused to use anything with code completion (or turned it off if there was an option). My boss had to explain basic git branching to him, his pull requests were missing build files, READMEs and he'd check in tons of scripts to run things instead of using maven/gradle.

I just thought he was weird, but I didn't look at his pull requests close enough to realize how bad his code was, until they fired him earlier this week.

Sorry, need to vent.

In my current project I'm using two main libraries [slack client and k8s client], both official. And they both suck!

Okay, okay, their code doesn't really suck [apart from k8s severely violating Liskov's principle!]. The sucky part is not really their fault. It's the commonly used 3rd-party library that's fucked up.

Okhttp3

yeah yeah, here come all the booos. Let them all out.

1. In websockets it hard-caps frame size to 16mb w/o an ability to change it. So.. Forget about unchunked file transfers there... What's even worse - they close the websocket if the frame size exceeds that limit. Yep, instead of failing to send it kills the conn.

2. In websockets they are writing data completely async. Without any control handles.. No clue when the write starts, completes or fails. No callbacks, no promises, no nothing other feedback
3. In http requests they are splitting my request into multiple buffers. This fucks up the slack cluent, as I cannot post messages over 4050 chars in size . Thanks to the okhttp these long texts get split into multiple messages. Which effectively fucks up formatting [bold, italic, codeblocks, links,...], as the formatted blocks get torn apart. [didn't investigate this deeper: it's friday evening and it's kotlin, not java, so I saved myself from the trouble of parsing yet unknown syntax]

yes, okhttp is probably a good library for the most of it. Yes, people like it, but hell, these corner cases and weird design decisions drive me mad!

And it's not like I could swap it with anynother lib.. I don't depend on it -- other libs I need do!

For a new microservice we were designing, I recently had a design discussion with a team member on creating REST endpoints for a new entity. This discussion went on for almost 3 hours, most of the time was spent on why to have two endpoints for getting this resource, one is a POST using a graphQL-like query and another one is a GET using unique ID. I said, the client-side use case is different, one is a dashboard where search results need to be shown based on multiple fields and the unique ID won't be available there because it is a system generated value, second one will be used when the unique ID is present in the client as a result of previous search result. Their responses will be similar, first returns a list of entities, second returns a single entity of the same structure.

Then came the next argument: if both APIs are returning same response, why do we need two different requests ?

It was like saying, because 5+6=11, any sum of two numbers resulting in 11 should always use 5 & 6.

Are people so frustrated of working remotely all the time that they come with such weird arguments ?

Dev: [does some weird code to make test pass]
Me: this won't work. Literally the documentation says what you did won't work once we move towards our end goal architecture.
Dev: [shows middle finger and requests merge and somehow managed to get code merged]
.... One Sprint later nothing works...
Dev: [does some weird code to make test pass]
Me: no. You need to solve underlying problem.
Dev: [shows middle finger and requests merge and somehow managed to get code merged]
.... One Sprint later nothing works...
Me: please stahp
Dev: [shows middle finger and requests merge and somehow managed to get code merged]
Me: WTF man do your fucking job
Scrum Master: stahp lowering our velocity
Me: wut? 😒

Okay, so I'm developing a system for a global rent-a-car broker. Basically website + a bunch of third party APIs + analytics, it's been running in production for over 4 years now.

Anyway, we had to connect our system to an external rental insurance API, nothing too complicated, got it to production in a month and it seemed to work okay, except the insurance provider claimed they're not getting any analytics data, which was weird, because there were no errors with API calls, and customers had no problem with the insurance.

After going back and forth for a month, we finally figured what's going on: after each API request, the insurance provider expected us to send the exact same data to their analytics API, because for whatever dumb reason they were unable to internally log requests in their analytics database.

tl;dr: we're doing 2 API calls with the exact same data to different endpoints, because a large rent-a-car insurance provider can't log their own analytics data.

My team is pretty small right now. It's myself and two other guys. One lead, who's been here for five years. A senior who we brought on 2 weeks ago. And me, a regular app dev. The lead put his two weeks in last week and has been trying to brain dump as much as he can onto us.

I've been building a list of prioritization to compensate for when he leaves based on what he was saying was the most important. This list has gotten pretty massive after reviewing most of the processes in place.

I was hired mainly to quell new requests coming in and not to maintain our systems, so that's what I did. I didn't examine our prod code base too closely. I wish I had. It's in a sorry state. I'm pretty sure I have about 2 years of tech debt for a crew of two guys constantly working on it.

I've been trying to prioritize based on what gets the most bug fixes and change requests. These apps will see the biggest changes and will undergo the most maintenance.

Since I'm just a regular app dev it feels weird trying to come up with this and try to prioritize this and come up with a plan. It feels like someone else should have. If it needs done then I guess it needs done. I need to be able to collaborate and work with my co worker and be able to plan for what projects are coming next.

If anyone has any suggestions to tackle tech debt please make them. Or if there's any help for managing priorities in a different manner that may prove helpful I'm open. Honestly, I don't want to tackle this completely blind, it feels like a lot.

Some random weird shit is happening with my Facebook account, I'm getting 2 - 3 new friend requests per hour and I'm not even a celebrity yet, or am I? But seriously what the fuck is that shit, I don't know half the people adding me up and they either have just a profile photo and two posts or are just totally inactive.

God.

God..

Remember that time I said I was lonely and wanted a new clique of friends? I wasn't asking for anything like this.

This is just so fucking annoying and if I get one more of these requests I'll be deactivating this account forever.

*angry faced emoji goes here*