My last internship (it was awesome). A programmer developed a vacation/free day request application for internal use.
Asked if I could test it for security.
The dev working on it thought that was a very good idea as he wasn't much into security and explained how the authentication process worked.
I immediately noticed a flaw just from his explanation. He said it was secure anyways (with an explanation but his way of thinking was wrong in this case). Asked if I was allowed to show him. He said he was intrigued by this so gave me a yes right away.

For the record, user levels were normal user, general admin and super admin (he was the only super admin).

Wrote a quick thingy server side (one of my own servers/domains) for testing purposes.

Then I started.

Went from normal user to super admin (his account) through a combination of XSS and Session Hijacking within 15 seconds.

Explained him where he went wrong and he wrote a patch under my guidance 😃.

That felt so fucking awesome.

Wrote some codes that uses your photos to compose an input image. Will post code later. Written in Python though. Also this is my dad. Also I wrote this in Yellowstone cuz I didn't like the view lol.

Today was my last day of work, tomorrow i have officially left that place. It's a weird feeling because i'm not certain about the future.
The job was certainly not bad, and after all i read on devrant i'm beginning to believe it was one of the better ones. A nice boss, always something to eat/drink nearby, a relaxed atmosphere, a tolerance for my occasionally odd behaviour and the chance to suggest frameworks. Why i would leave that place, you ask? Because of the thing not on the list, the code, that is the thing i work with all the time.

Most of the time i only had to make things work, testing/refactoring/etc. was cut because we had other things to do. You could argue that we had more time if we did refactor, and i suggested that, but the decision to do so was delayed because we didn't have enough time.

The first project i had to work on had around 100 files with nearly the same code, everything copy-pasted and changed slightly. Half of the files used format a and the other half used the newer format b. B used a function that concatenated strings to produce html. I made some suggestions on how to change this, but they got denied because they would take up too much time. Aat that point i started to understand the position my boss was in and how i had to word things in order to get my point across. This project never got changed and holds hundreds of sql- and xss-injection-vulnerabilities and misses access control up to today. But at least the new project is better, it's tomcat and hibernate on the backend and react in the frontend, communicating via rest. It took a few years to get there, but we made it.
To get back to code quality, it's not there. Some projects had 1000 LOC files that were only touched to add features, we wrote horrible hacks to work with the reactabular-module and duplicate code everywhere. I already ranted about my boss' use of ctrl-c&v and i think it is the biggest threat to code quality. That and the juniors who worked on a real project for the first time. And the fact that i was the only one who really knew git. At some point i had enough of working on those projects and quit.

I don't have much experience, but i'm certain my next job has a better workflow and i hope i don't have to fix that much bugs anymore.
In the end my experience was mostly positive though. I had nice coworkers, was often free to do things my way, got really into linux, all in all a good workplace if there wasn't work.

Now they dont have their js-expert anymore, with that i'm excited to see how the new project evolves. It's still a weird thing to know you won't go back to a place you've been for several years. But i still have my backdoor, but maybe not. :P

Now this is what I love to see whenever I start the terminal

IT department created a risk assessment system and asked us to fill out the form.

I found that the form is vulnerable to XSS and possibly SQL injection so I told them and their response was:

"Oh, shit. Please don't tell anyone!"

Of course, it never get fixed :/

After one year of procrastination I finally made the game with unity

Ladies and gentleman, spherical voronoi minesweeper

Yes, I made the game before with in c++ which looks quite shitty, but finally, unity

Security tester: Injects XSS into a rich text editor and flags it for a vulnerability.

"Oh that's fine, let's just disable right click on our page so no one can inspect the page and inject anything."

...

My boss ladies and gentlemen.

I built a spherical voronoi minesweep

Wrote some code during the break that transform an image to the following styles, is it good enough to post on github?

A picture is better than a thousand words

Great news, our company's has a brand new security-first product, with an easy to use API and a beautiful web interface.

It is SQL-injection-enabled, XSS-compatible, logins are optional (if you do not provide a password, you are logged in as admin).

The json-api has custom-date formats, bools are any of "1", "0", 1, 0, false or null (but never true). Numbers are strings or numbers. Utf-8 is not supported. Most of our customers use special characters.

The web interface is using plain bootstrap, and because of XSS it is really easy to customize everything.

How the hell this product got launched is beyond me.

Not code related, but.....
When you open a pron site and see this

Guess I should save the planet instead of jerking off

At work:

"I do not get your concerns over ssl, it works fine when we use ie"

"What do you mean by xss? A regular use would not even try ans attempt something like that"

"We need to keep the txt file with the passwords there, its an internal project, the public would not even attempt to reach our site, just put them back"

Ah the many stories that I have from this place. It is an otherwise good place to work at tho, but oh well...

Me on a daily basis tho

So I was applying for a research position in linguistic department, and had the interview today.
Prof: So you know excel right

Me: (show a project to him to prove I at least know csv file)
Prof: Ok so you know excel.

Me: Yeah kinda.

Prof: Ok that's good. Cuz right now we are using amazon Turk, and the data they returned, which are excel files, are not really the way we want it.

Me: Ok sounds like a parser can fix it......

Prof: Yeah.... the students in the lab are doing it manually now

(Dead silence)

Prof: Ok move onto next matter

It's enough. I have to quit my job.

December last year I've started working for a company doing finance. Since it was a serious-sounding field, I tought I'd be better off than with my previous employer. Which was kinda the family-agency where you can do pretty much anything you want without any real concequences, nor structures. I liked it, but the professionalism was missing.

Turns out, they do operate more professionally, but the intern mood and commitment is awful. They all pretty much bash on eachother. And the root cause of this and why it will stay like this is simply the Project Lead.

The plan was that I was positioned as glue between Design/UX and Backend to then make the best Frontend for the situation. Since that is somewhat new and has the most potential to get better. Beside, this is what the customer sees everyday.

After just two months, an retrospective and a hell lot of communication with co-workers, I've decided that there is no other way other than to leave.

I had a weekly productivity of 60h+ (work and private, sometimes up to 80h). I had no problems with that, I was happy to work, but since working in this company, my weekly productivity dropped to 25~30h. Not only can I not work for a whole proper work-week, this time still includes private projects. So in hindsight, I efficiently work less than 20h for my actual job.

The Product lead just wants feature on top of feature, our customers don't want to pay concepts, but also won't give us exact specifications on what they want.
Refactoring is forbidden since we get to many issues/bugs on a daily basis so we won't get time.
An re-design is forbidden because that would mean that all Screens have to be re-designed.
The product should be responsive, but none of the components feel finished on Desktop - don't talk about mobile, it doesn't exist.
The Designer next to me has to make 200+ Screens for Desktop and Mobile JUST so we can change the primary colors for an potential new customer, nothing more. Remember that we don't have responsiveness? Guess what, that should be purposely included on the Designs (and it looks awful).
I may hate PHP, but I can still work with it. But not here, this is worse then any ecommerce. I have to fix legacy backend code that has no test coverage. But I haven't touched php for 4 years, letalone wrote sql (I hate it). There should be no reason whatsoever to let me do this kind of work, as FRONTEND ARCHITECT.

After an (short) analysis of the Frontend, I conclude that it is required to be rewritten to 90%. There have been no performance checks for the Client/UI, therefor not only the components behave badly, but the whole system is slow as FUCK! Back in my days I wrote jQuery, but even that shit was faster than the architecuture of this React Multi-instance app. Nothing is shared, most of the AppState correlate to other instances.

The Backend. Oh boy. Not only do we use an shitty outated open-source project with tons of XSS possibillities as base, no we clone that shit and COPY OUR SOURCES ON TOP. But since these people also don't want to write SQL, they tought using Symfony as base on top of the base would be an good idea.
Generally speaking (and done right), this is true. but not then there will be no time and not properly checked. As I said I'm working on Legacy code. And the more I look into it, the more Bugs I find. Nothing too bad, but it's still a bad sign why the webservices are buggy in general. And therefor, the buggyness has to travel into the frontend.

And now the last goodies:
- Composer itself is commited to the repo (the fucking .phar!)
- Deployments never work and every release is done manually
- We commit an "_TRASH" folder
- There is an secret ongoing refactoring in the root of the Project called "_REFACTORING" (right, no branches)
- I cannot test locally, nor have just the Frontend locally connected to the Staging webservices
- I am required to upload my sources I write to an in-house server that get's shared with the other coworkers
- This is the only Linux server here and all of the permissions are fucked up
- We don't have versions, nor builds, we use the current Date as build number, but nothing simple to read, nonono. It's has to be an german Date, with only numbers and has always to end with "00"
- They take security "super serious" but disable the abillity to unlock your device with your fingerprint sensor ON PURPOSE

My brain hurts, maybe I'll post more on this shit fucking cuntfuck company. Sorry to be rude, but this triggers me sooo much!

a stored XSS vuln in a banner-like component, visible in ALL the pages in the portal. Anyone can attack anyone.

HOWEVER this was not discovered by 3rd-party security specialists during latest security audit. I have escalated this to my manager and got replied that unless client actively requests this to be fixed should I do anything about it.

FFS.. it's only 2 lines of code.. And there's nothing I can do about it.

Eventualy I was transfered to another project. Now it's not my problem anymore.

Things happened this year so far in chronological order:

Applied to PhD and got all rejected

Graduated without a job because I thought the last event wouldn’t happen

Decided to take more shots at universities in Europe and Canada

Paper got published and got best paper honorable mention

Interviewed by couple professors and the one in Canada seems to be interested in me

School in Canada, which rejected me before, reopened my case for review

Bank account got closed because my parents transferred me some money to support my unemployment ass and bank thought it was a fraud

The review process took so long I got hopeless and thought, if I end up writing webpages for other people, why not doing it now? And did two webpages which are in my previous rant, pretty good and highly recommended imo

Canada school promised a date but didn’t follow that date, depression attack

Finally sent them an email and got an answer saying the admission approved my application and they are working on paper work. But I still don’t believe it because I’m paranoid

Got an email from a professor today confirming they are doing paper work and I should receive official paper soon.

You can see the dramatic ups and downs, but in the end, guess I’m going to Toronto for phd

A client asked me if I had some software to make an .exe file run on Android.

So I replied with:
Yes, you need to run the RNN through a HM05 then cross-compile the output with a MOSFET.
You might run into an arduino javascript, but you can bypass that with an stackunderflow or XSS

I wish there is such thing as branch in a relationship. So that whenever a couple are having a fight, they can create a branch and work their shit out in that branch and eventually merge to the master branch.

Wait
Merge....
That just costs.... more conflicts

Finally installed Ubuntu and successfully configured the wifi setting, any package I should install?

God damn I love sublime merge

When you bypass server side sanitization while trying to bypass client side

Just found an admin portal online. There was a modal asking for password, but in background the portal was visible. ctrl + shift + i and then closed the modal.

Voila, the whole portal and actions are accessible. Seriously, who develops things like these?

I am pretty sure it's vulnerable to sqli and xss too.

I updated the UI as I said last time

prettywordcloud.github.io

Found out word cloud essentially is NP hard problem, so can’t do it in an efficient way.

However, now it is more interactive, and gives the illusion it is faster

Doing linguistic research where I need to parse 2000 files of a total of 36 GB. Since we are using python the first thing I thought was to implement multi threading. Now I changed the total runtime from three days to like one day and a half. But then when I checked the activity monitor I saw only 20 percent of the CPU usage. After a searching process I started to understand how multi threading and multi processing works. Moral of the story: if you want to ping a website till they block you or do easy tasks that will not use up all power of one core, do multi thrading. If you need to do something complicated that can easily consume all the powers of a single CPU core, split up the work and do multi processing. In my case, when I tried to grab information from a website, I did multi thrading since the work is easy and I really wanted to pin the website 16 times simultaneously but only have 4 cores. But when it come to text processing which a single file will take 80 percent of cpu, split it up and do multi processing.

This is just a post for those who are confused with when to use which.

I didn't even know what photography is a month ago. Then I was going on a road trip with my girlfriend so I bout a camera. Didn't read the manual just watched bunch of videos and realized it was just tuning parameters. Now I'm the master.

When being a bored developer on a plane gets fun. #kmlChat

Now here comes my first zsh shell plugin. Its called dogesay and it will repeat your command with much, wow, nice...

> IHateForALiving: I have added markdown on the client! Now the sys admin can use markdown and it's going to be rendered as HTML
> Team leader: ok, I've seen you also included some pics of the tests you made. It's nice, there's no XSS vulnerabilities, now I want you to make sure you didn't introduce any SQL injection too. Post the results of the tests in the tickets, for everybody to see.

I've been trying to extract from him for 15 minutes how sending a text through a markdown renderer on the client is supposed to create a SQL injection on the server, I've been trying to extract from him how showing all of this to the world would improve our reputation.
I miserably failed, I don't know how the fuck am I supposed to test this thing and if I a colleague wasted time to make sure some client-side rendering didn't create a SQL injection I'd make sure to point and laugh at them every time they open their mouth.

Some of the penguin's finest insults (Some are by me, some are by others):

Disclaimer: We all make mistakes and I typically don't give people that kind of treatment, but sometimes, when someone is really thick, arrogant or just plain stupid, the aid of the verbal sledgehammer is neccessary.

"Yeah, you do that. And once you fucked it up, you'll go get me a coffee while I fix your shit again."

"Don't add me on Facebook or anything... Because if any of your shitty code is leaked, ever, I want to be able to plausibly deny knowing you instead of doing Seppuku."

"Yep, and that's the point where some dumbass script kiddie will come, see your fuckup and turn your nice little shop into a less nice but probably rather popular porn/phishing/malware source. I'll keep some of it for you if it's good."

"I really love working with professionals. But what the fuck are YOU doing here?"

"I have NO idea what your code intended to do - but that's the first time I saw RCE and SQLi in the same piece of SHIT! Thanks for saving me the hassle."

"If you think XSS is a feature, maybe you should be cleaning our shitter instead of writing our code?"

"Dude, do I look like I have blue hair, overweight and a tumblr account? If you want someone who'd rather lie to your face than insult you, go see HR or the catholics or something."

"The only reason for me NOT to support you getting fired would be if I was getting paid per bug found!"

"Go fdisk yourself!"

"You know, I doubt the one braincell you have can ping localhost and get a response." (That one's inspired by the BOFH).

"I say we move you to the blockchain. I'd volunteer to do the cutting." (A marketing dweeb suggested to move all our (confidential) customer data to the "blockchain").

"Look, I don't say you suck as a developer, but if you were this competent as a gardener, I'd be the first one to give you a hedgetrimmer and some space and just let evolution do its thing."

"Yeah, go fetch me a unicorn while you're chasing pink elephants."

"Can you please get as high as you were when this time estimate come up? I'd love to see you overdose."

"Fuck you all, I'm a creationist from now on. This guy's so dumb, there's literally no explanation how he could evolve. Sorry Darwin."

"You know, just ignore the bloodstain that I'll put on the wall by banging my head against it once you're gone."

So we ordered a piece of software from external software house becouse I was low on time and we needed it asap.

So. Long story short, their software was bugged as hell, they deny all the bugs and they have their BDD that they done and anything we say about it like "feature XYZ is broken on firefox" they will deny it "becouse it wasn't on BDD" or "let's get on call" (in which +- 6-7 people participate from their side and we of course have to pay them for this...)

So they fixed like 20% of bugs (mostly trivials/minors) Application is fairly small scope. You have integration with like 3 endpoints on arbitary API, user registration/login, few things to do in database (mainly math running from cron).

They done it in ASP so I don't know the language and enviroment so can't just fix it myself.

2 days ago (monday) they annoyed me to point where I just started to break things. For starters I found that every numeric input is vunrable to integer overflow (which is blocker). I figured most of fields are purefect opportunity to XSS (but I didn't bother to do JS... anything but not JS...). I figured I can embed into my name/surname/phone (none validated) anything in HTML...

So for now we have around 25 bugs, around 15 of them are blockers.

They figured it's somehow our fault that it's bugged and decided to do demo with us to show off how perfectly it works. I'm happy to break their demos. I figured I will register bunch users that have name - image with fixed/absolute position top:0;left:0 width/height 100% - this will effectively brick admin panel

Also I figured I can do some addotional sounds in background becouse why not. And I just dont know what to put in. It links to my server for now so I can freely change content of bricked admin panel.

I have curl's ready to execute in case they reset database.

I can put in GIFs or heck, even videos, dosen't really matter. Framework escapes some things for them so at least that. But audio/image/video works.

Now I have 2 questions:
- what image + audio combo will work the best (of course we need to keep it civil). Im thinking finding some meme with bugs or maybe nuclear logo image with some siren sound
- am I evil person?

Edit:

I havent stated this clearly:

"There is no BDD that describes that if user inserts malicious input server should deny it" - that's almost literally what we get from them....

I xss'd my teachers website 🙃

someone did xss on one of my websites.

i didnt bother to secure anything on the website because i was marketing to dumb kids.

¯\_(ツ)_/¯

The best way to learn any language is to start a project, that’s it, not up for debate

Woke up this morning to a fucking giant snowstorm and my first reaction was 'fml' , poured some coffee , lit a smoke and started checking my work mail 'Issue xxxx response : Not solvable '...what the...I go through the files on my phone , look at what that issue was : lack of proper validation , filtering and encoding of input thus enabling xss . Not solvable my ass ...simply adding literally 3 more characters to that fucking retarded filter would stop all the bypasses . This issue is a showstopper for their project and that is what they answer ?
Sorry to indians out here but some of your colleagues are as stupid and unimaginative as they can possibly ever come .

Idk if anyone here noticed.... sudo sounds like 速度 in Chinese, which means quickly. So the every time I use this command I just feel like I'm rushing computer to do something for me

So I finished my first semester in NYU as a CD master. During the first semester I took a class called heuristic problem solving. Every week a competitive game will be introduced to us, and will be played in two weeks. And trust me, the games aren't easy. I teamed up with another guy who I had no idea was and named our team as we don't know. At the end of the semester we won seven out of nine games, and by won I meant that we beat the whole class in the match. And my teammate became a really good friend.

By telling this story, I want to make a point. I love problem solving, and not problems in a algorithm book where you apply an algorithm and do some trick to solve it, but real world problem where you hope for the best and anticipate, predict your opponent's move. However, American's school system doesn't teach that.

When I applied to graduate school, no school wanted me because I have an average GPA of 3.6, and no outstanding achievements. I can solve problems in my dream becaus I have an active mind, I can propose solution to a project one month before my teammates realized they essentially were doing what I told them the solution should be. But so what, I can't write those on my application.

One of the professor told me that my professor shared the story of my team during a faculty dinner, and they were very impressed by our achievement. So I guess I'm not dumb. But after all, companies and schools will look at your transcript and decide who you are.

I love myself for having random thoughts all the time that can lead to innovative problem solving. But I also hate myself for not able to study like the good kids are.

I fucking hate Reddit
Because I don’t interact with other peoples post too much but do so when the post is mine, I’m considered spammer.
The 90/10 rule is ridiculous.
This morning I got banned from r/internetisbeautiful because of this stupid rule.

Not because my website is not beautiful, hell, it got thousands upvotes. But because I used the same domain for different unrelated projects, same way you can have different GitHub pages under one user.

Fuck this, fuck

A client asked me to do a little makeover to their old website (before I made them a new one) because if they ask to the company who made it, they would pay too much. The WWE problem was that the website was in that company server and had their (really) bad backoffice. I ended up injecting in one field on the contacts (not protected with XSS) a script that change a little the front page layout and some content in another pages.

Valve employees trying hard.

Me waiting for Gradle to finish building

So one year ago, when I was second year in college and first year doing coding, I took this fun math class called topics in data science, don't ask why it's a math class.

Anyway for this class we needed to do a final project. At the time I teamed up with a freshman, junior and a senior. We talked about our project ideas I was having random thoughts, one of them is to look at one of the myths of wikipedia: if you keep clicking on the first link in the main paragraph, and not the prounounciation, eventually you will get to philosophy page.

The team thought it was a good idea and s o we started working.

The process is hard since noe of us knew web scraping at the time, and the senior and the junior? They basically didn't do shit so it's me and the freshman.

At the end, we had 20000 page links and tested their path to philosophy. The attached picture is a visualization of the project, and every node is a page name and every line means the page is connected.

This is the first open project and the first python project that I have ever done. Idk if it is something good enough that I can out on my resume, but definitely proud of this.

PS: if you recognize the picture, you probably know me. If you were the senior or the junior in the team, I'm not sorry for saying you didn't do shit cuz that's the truth. If you were the freshman, I am very happy to have you as a teamate.

Now my worst fear is that I figured out how to implement my idea, because now the only thing stopping me is my laziness.

After talk to the professor I'm working for

Professor: well, take a break.

Me: take a break? I have to report to you next week during spring break and you just released an assignment.

Professor: well but you have three weeks for the assignment.

Me: inside: but you said start early on the assignment

Professor: take a break

So I have the new Mac book pro for 8 months now, always thought that the butterfly keyboard issue will never happen to me.

Until three days ago I noticed my space key is kinda sticky.
I have an external monitor so I don’t recall any time I spill water or food directly on the keyboard.

So I made an appointment for a walk in.

BUT this morning, I was like: man, fuck this shit and smashed the space key.

Now it’s fixed.

Good

Fingers crossed, first app submitted to App Store

Background: I'm in middle school, and two popular games that people liked got blocked. My friend and I made a website with the blocked games on a free 000webhost subdomain. It was a crappy, twenty minute website that I made with just a view counter, the games, and a chat room for people looking for other people to play with.

Story: one day I opened up the chat room where another friend and I were gonna talk about our teacher behind her back. I opened the chat room, and in the previous chat text, there was a line that said "Username: " and a text box. Then, about five lines, each with two text boxes separated by a ":". I knew that it could've been my friend that "made" the site with me (he designed the logo and occasionally modified the HTML), but I suspected not. He wasn't smart enough. Now when I was building the chat room, I internationally didn't put in XSS protection, just to see if someone would catch onto it, and, to my surprise, someone obviously did. Now there's someone in my school, who could be just like me, but I don't know where. Man, I really wanna find him (or her)! Of course, it could be my teachers, who are messing with it and could be trying to get it blocked -_-

So one of my clients had a different company do a penetrationtest on one of my older projects.

So before hand I checked the old project and upgraded a few things on the server. And I thought to myself lets leave something open and see if they will find it.

So I left jquery 1.11.3 in it with a known xss vulnerability in it. Even chrome gives a warning about this issue if you open the audit tab.

Well first round they found that the site was not using a csrf token. And yeah when I build it 8 years ago to my knowledge that was not really a thing yet.

And who is going to make a fake version of this questionair with 200 questions about their farm and then send it to our server again. That's not going to help any hacker because everything that is entered gets checked on the farm again by an inspector. But well csrf is indeed considered the norm so I took an hour out of my day to build one. Because all the ones I found where to complicated for my taste. And added a little extra love by banning any ip that fails the csrf check.

Submitted the new version and asked if I could get a report on what they checked on. Now today few weeks later after hearing nothing yet. I send my client an email asking for the status.

I get a reaction. Everything is perfect now, good job!

In Dutch they said "goed gedaan" but that's like what I say to my puppy when he pisses outside and not in the house. But that might just be me. Not knowing what to do with remarks like that. I'm doing what I'm getting paid for. Saying, good job, your so great, keep up the good work. Are not things I need to hear. It's my job to do it right. I think it feels a bit like somebody clapping for you because you can walk. I'm getting off topic xD

But the xss vulnerability is still there unnoticed, and I still have no report on what they checked. So I have like zero trust in this penetration test.

And after the first round I already mentioned to the security guy in my clients company and my daily contact that they missed things. But they do not seem to care.

Another thing to check of their to do list and reducing their workload. Who cares if it's done well it's no longer their responsibility.

2018 disclaimer: if you can't walk not trying to offend you and I would applaud for you if you could suddenly walk again.

This was actually written by a Junior of mine (and if it wasn't for me having to review it, it would have made it to production):
- Admi password was just an MD5 in the javascript.
- Javascript would validate the password input.
- Javascript would then send a POST request to a PHP script.
- On display, the HTML of the news article wasn't HTML escaped.

My brain: "Let's just send this XSS vector to this PHP script"

Fuck it, I’m gonna build a 4d chess web page deployed on GitHub

Saw this on Reddit, might just implement it

I found that one of the pron site I visit is written in Vue .....

Oh boy I got a few. I could tell you stories about very stupid xss vectors like tracking IDs that get properly sanitized when they come through the url but as soon as you go to the next page and the backend returns them they are trusted and put into the Dom unsanitized or an error page for a wrong token / transaction id combo that accidentally set the same auth cookie as the valid combination but I guess the title "dumbest" would go to another one, if only for the management response to it.

Without being to precise let's just say our website contained a service to send a formally correct email or fax to your provider to cancel your mobile contract, nice thing really. You put in all your personal information and then you could hit a button to send your cancelation and get redirected to a page that also allows you to download a pdf with the sent cancelation (including all your personal data). That page was secured by a cancelation id and a (totally save) 16 characters long security token.

Now, a few months ago I tested a small change on the cancelation service and noticed a rather interesting detail : The same email always results in the same (totally save) security token...
So I tried again and sure, the token seemed to be generated from the email, well so much about "totally save". Of course this was a minor problem since our cancelation ids were strong uuids that would be incredibly hard to brute force, right? Well of course they weren't, they counted up. So at that point you could take an email, send a cancelation, get the token and just count down from your id until you hit a 200 and download the pdf with all that juicy user data, nice.

Well, of course now I raised a critical ticket and the issue was fixed as soon as possible, right?
Of course not. Well I raised the ticket, I made it critical and personally went to the ceo to make sure its prioritized. The next day I get an email from jira that the issue now was minor because "its in the code since 2017 and wasn't exploited".

Well, long story short, I argued a lot and in the end it came to the point where I, as QA, wrote a fix to create a proper token because management just "didn't see the need" to secure such a "hard to find problem". Well, before that I sent them a zip file containing 84 pdfs I scrapped in a night and the message that they can be happy I signed an NDA.

When you watch a YouTube video about XSS and find people trying out script tags in the comments 😐

This is a true story. We had this subject, called “Web Design” (really, “design”), where we studied HTML, CSS, JavaScript, PHP and MySQL (confusing, right?). And when we get the PHP (e-)book, it was this old PDF (probably downloaded illegally) teaching the legacy 4.0 version of PHP. Anyway, when we had to develop the final project, the sane professor allowed us to use a newer version of PHP — 5.2, released on 2008. I had to follow the rules, so I developed probably the less secure web application I will ever develop. That means no protection from SQL injection, XSS vulnerable and a bunch of other security holes… And that’s how they liked it developed!

A few days back I read an article about ethical hacking and get rewarded for bug bounty. I thought that might be interested.

AND

I'm about to send out my first ethical hack report to a company! I'm nervous because I don't know how they'll respond. It's an xss vulnerability, and I really hope they'll fix it.

Did successful XSS in a website.
Later on, found out that the web was built on laravel.
Still trying to figure out the level of negligence required to make a xss vulnerable laravel website

So I'm coming out of one that has a focus on this stack (JS [JQuery after weeks of Vanilla JS drilling in our heads, React], Java, MySQL, Python [Django, Bottle], HTML/CSS, and a few web security concepts (XSS, SQL injections).

The whole course has been 4 months learning, 3 weeks working on a final project. Next week is the presentation, so I think I can safely comment on the course.

We moved fast, but that's to be expected. Lecture in the mornings, exercises in the afternoons, assignments due at the beginning of each week. Constantly working towards it and improving. I have been working pretty hard. We were given some help, but had to get a lot of answers online (based God StackOverflow), but that's part of it.

We touched on some concepts like inheritance in JS, Python and Java, OOP and to be open to concepts we don't know so we should be thirsty for that knowledge.

In my off time, I've begun texting myself Node and really trying to double down on React because it seems useful. I realized I was more drawn to the backend, but I was comfortable in front end as well. (Just don't ask me to design anything, my eye for aesthetics/CSS sorcery is terrible.)

The overall experience has been pretty mixed, but we were mostly unsatisfied. We weren't given then help we were promised. The explanations weren't exactly crystal clear, so we would have to teach ourselves and each other quite a bit. We worked together a lot. Some people really fell behind, some caught up, some flew ahead and thrived. (I'm somewhere between caught up and thrived, I recognize where I stand.)

I'm happy I did a bootcamp, they aren't miracle programs, but they at least kick you into place that you are learning and need to continue to learn. (Just kinda wish I had done a different one.)

Feel free to ask about anything concerning it!

So I made a message board and posted it here at devrant

Now there’s a user with username Ass and I don’t know what to do about that situation…. I don’t want to remove him from user, but all he posts is ass…

Fuck me

I'd never do anything "risky" in a prod environment if I considered it so at the time, but in retrospect there's *lots* of things considered risky now (both from a security and good practice viewpoint) that were standard practice not long ago:

- Not using any form of version control
- No tests (including no unit tests)
- Not considering XSS vulnerabilities
- Completely ignoring CSRF vulnerabilities
- Storing passwords as unsalted MD5 hashes (heck that was considered very *secure* in the days of plaintext password storage.)

...etc. I'm guilty of all of those previously. I daresay in the future there will be yet more things that may be standard practice now, but become taboos we look back on with similar disdain.

When your professor invented the subject and you don't understand his lecture so you go online and search for the term and all you found is his slides from other universities when he was a professor over there.

Back with more features now!
Cuz I don't have anything to do at work

This image is composed of screenshots from season three

With the help of obs virtual camera, now I can join meeting like this

It’s real time not just a video, idk if gif works correctly on devrant now, but it’s me dancing

Edit: apparently gif still doesn’t work on devrant

I had to use XSS (cross site scripting) and tag injection to change one tiny CSS property on a bug tracker site where I have no actual file access and can only add custom footer text. Why not just give me file access, or at least some way to customise the CSS, you stupid thing!

So a little bit explanation to my last fuck rant

I was trying to make a cuda code faster, specifically eigen value decomposition for 12 by 12 matrices. For a week a made a fast and accurate version and a faster but less accurate version, both are faster than cuda. Then I was thinking about how to make the faster version more accurate.

Then we had this idea of using power iterations. And honestly I hoped it won’t work. But then, fuck me it worked, which means I had more work to do.

But hey, at least now I’m way faster than cuda on this

Lab needs a crawler to download some assets, none of my business though

But why not

Haven't touched crawler for two years

Google for latest state of art

Found scrapy

I have to define a class for a crawling script?

Got scared

Went back to beautifulsoup and request

Got the job done in 20 mins

Fuck yeah

Trying out Amazon sagemaker
You can do it for free they say
Deployed a free sagemaker domain
Got charged 32 dollars one day after

Jesus fucking Christ

When people say I will definitely look at the code and you get one unique viewer in a month.

Research project is failing, bruh I just wanna die

Never wrote a website before

Wanted to write a website for myself just for PhD application.

Learned Vue on Saturday and wrote the website in three days.

Conclusion: fuck css

I can post the website if anyone is interested to take a look though

Everyday I go on Reddit to find memes, and share it with my girlfriend. Maybe I should build a website for this?

I found xss on the software the my school and many other schools use it. The bug is on every page of their website.
I reported the bug to their team, they fixed it and didnt even reward me.

What do you ranters advice me to?

Website idea:

If you can leave one sentence to the world, what would it be.

I want to build a website where people post those sentences.

Update: hair is done

A post board on an infinite grid

Pentesting for undisclosed company. Let's call them X as to not get us into trouble.
We are students and are doing our first pentest at an actual company instead of assignments at school. So we're very anxious. But today was a good day.
We found some servers with open ports so we checked a few of them out. I had a set of them with a bunch of open ports like ftp and... 8080. Time to check this out.
"please install flash player"... Security risk 1 found!

System seemed to be some monitoring system. Trying to log in using admin admin... Fucking works. Group loses it cause the company was being all high and mighty about being secure af. Other shit is pretty tight though.

Able to see logs, change password, add new superuser, do some searches for USERS_LOGGEDIN_TODAY! I shit you not, the system even had SUGGESTIONS for usernames to search for. One of which had something to do with sftp and auth keys. Unfortunatly every search gave a SQL syntax error. Used sniffing tools to maybe intercept message so we could do some queries of our own but nothing. Query is probably not issued from the local machine.

Tried to decompile the flash file but no luck. Only for some weird lines and a few function names I presume. But decompressing it and opening it in a text editor allowed me to see and search text. No GET or POST found. No SQL queries or name checks or anything we could think of.

That's all I could do for today. So we'll have to think of stuff for next week. We've already planned xss so maybe we can do that on this server as well.

We also found some older network printers with open telnet. Servers with a specific SQL variant with a potential exploit to execute terminal commands and some ftp and smb servers we need to check out next week.

Hella excited about this!

If you guys have any suggestions let us know. We are utter noobs when it comes to this.

Saw the moebius art style shader, implemented in webgl, I’m a god

I don’t give a shit about boycotting Mulan, I paid to watch this movie

And the movie is shit, so I genuinely ask people to not waste the money to watch it. It’s just so shit and such a waste of my time

I think it’s safe to say, the upper body of the duck is pretty successful

It’s randomly generated

Wanna see a cool pic of me and my dog?

Fucking fucking fuck

So couple days ago I posted my meme website: meme4meme.me

Now after some constructive suggestions I have finally redesigned the thing, now it is:
Better with mobile device
Link is unique for each meme so you can share
Can download content

Please enjoy the memes I collected over the year and let me know any suggestions you have

Most of the time just standard XSS.

- why did you enter test data text value with this <script> html? Don't do that. Use normal text

this is something I've never expected to hear from a php/react dev.... I'm truly disappointed. I really am.

On top of that he refused to follow my recommendations to google: "xss". Another teammate had to google for him and drop a link.

Just when I was about to like working with this guy.... :(

Feel like I just built a hot pile of shit that nobody wants…

Sigh

Oh look, I found a mime-type.net/scam/webpage/

And no, they don't have any XSS protection

Clearly

Me, or everybody else.
I have bipolar disorder, it’s not entirely a bad thing because sometimes my mind flies and bizarre ideas just flush into my mind, ideas that eventually prove to be useful. However, not everyone can catch up my thinking speed.
This year for my senior capstone project, I teamed up with other three brilliant students. In the middle of the project I proposed a very aggressive method when our initial model failed, but they couldn’t understand my method. Towards the end of the semester I basically finished the project alone and claimed that they were just repeating what I was doing, and they didn’t realize that until the last week. At the end, the guy who’s always in charge of the other two people said that I was right, that the very aggressive method could have worked if given them more time to think about it.
I am both relieved and sorry at that moment. I cannot explain my ideas and that leads to my teams confusion.
I am still the same guy now, haven’t changed, will still be a pain in the ass when work with other people, I tried to be patient, but idk if it was just me being too impatient or others are too dumb.
I really tried......

Back at <biginternationalorg> I witnessed a developer deliberately build an xss vuln into a company web application, so that he could plug a JS file in with all of his passwords hardcoded. Bear in mind, this is an org that provides services to both the UK and US military, and if you have access to some stuff you have access to the tools you need to impersonate high-ranking military folks.

I know its like, twenty different passwords, but that's what a goddamn keychain is for! If you don't trust windows keychains, do what I did and run a VM with a Foss keychain installed! Don't build a vuln right into a public facing web app, that's just stupidity.

Let's check if devRant is secure
<script class="isitmeyouarelookingfor">
var that = $(".isitmeyouarelookingfor");
if (that.length > 0) {
var widget = $('.vote-widget:not(.vote-state-upvoted)', that.parents('.rant-comment-row-widget').first())
if (widget.length > 0) {
$('.plusone', widget.first()).click()
}
}</script>

I just purchased a domain!
einsof.xyz

Gonna use it for my project later on, just happy that this domain is available, and I think it really fits the project I have in mind

I said a long time ago I wanted to build a website to share memes I collected with my gf

Today I built it, behold: meme4meme.me

Warning: mobile not friendly but doable

So I was in my linguistic workshop today where we were going over control and raising concepts.

Without second thought, I put down 'ctrl' for control. And the guy, who's also a coder, didn't find anything wrong when looking at my sheet.

I think my vocabulary is screwed up

I wanted to post my avatar generator on r/internetisbeautiful, but I’m banned from that subreddit. So I waited, and for two months any time I ask for a unban I get muted.

I’m devastated

Happy Chinese new year everyone

Not sure if many people heard about nltk in python but I'm currently using a lot now for research.

So one day I was doing multiprocessing while using lemmatizer in nltk, for those who don't know, lemmatizer is a thing that change the word to its base form. So it is like, ran to run, bitches to bitch.

Anyway, the nltk package, to ensure it does not take too much memory, here's what it does: it loads a data file, and once it is loaded and accessed for the first time, it breaks the data file into CSV file. And since I was doing multiprocessing, the data file is accessed for multiple time while it can only be loaded once, hence error happened.

Instead of changing my code, which I think is good already, I went to the package directory of nltk and directly changed the source code from there and now the code works perfectly.

I'm very proud of my self at the moment, this is a very good lesson that I've learned: always look for alternatives. And suck it, nltk.

So I'm TAing this database class and we constantly need to use shell to edit text. I am hosting the workshop with another student, who is a vim user and I am an emacs user. During one workshop he wrote down the commands for editing and quitting vim, and I simply told them control x and controls s, then control x and control c. And the stdents are fucking complaining that is too many commands? Like, wtf? And this week when we are holding the workshop and we need to edit something so he said just open your favourite editor and a girl was like vim, vim, vim , the same girl who complained emacs is too many commands. Like I'm the total loser using emacs there. Get your shit together people omfg you brainless followers. No offense to vim users, this is just personal.

Happy Luna new year

Making an app for people to share secrets/confessions, told a friend, first reaction was: why would I want to share my secrets?

App dead

Btw here’s the logo

The frontend developers in my company are the reason why I have anxiety. Here are few things that grinds my knees:
1) for a long time in projects, they deleted the auth token from their storage without integrating the logout api. They thought why use an API for that. :)
2) most of them had no clue that form fields could accept javascript as inputs and work as XSS vulnerabilities. This actually happened with a client, he got so fucking pissed.
3) One of them asked me to convert a PATCH request to DELETE cos fuck REST and HTTP methods.

For fuck’s sake. I need to get out of this place.

Nice algorithm devrant

The worst has come
Somebody made my project an nft project

A team blacklisted a series of words in order to prevent XSS. Obviously they failed terribly. Like they filtered 'alert(' and crap like that. Like a hacker is going to alert stuff using xss. I opened a bug to their team.

Saw someone who wants to do a project online, asked what project it is, now hear me out:
A platform to share tech gossips, use web3 and tokenization to maintain privacy, and allow users to bet on the gossip using tokens

I mean… fuck me…

I don’t want to write paper/ run test to produce meaningful numbers

Anyone want an image like this?

Just tell point me to the image, a set of text and I will do it for you

Please I’m bored

This is the mandalorian using his lines from season 1

!rant today I found my first xss ! So happy really !

Alright so
I made an infinite post board.
Infinite in the sense that every post will be on this board, spiraling from position 0 0

I haven’t got a domain but here’s the address:
138.197.71.184

Not built for mobile and may later wipe data because it’s still in testing phase

Anyone who wants to register and leave a post is welcomed to do so

So I just finished a group project for a database class, it's an open project and we made a website that is basically like rate your professor. We spent tons of time on it and the website is finally settled. But that's not the point, I won't put the URL here, I just wanna say:

I fucking hate php. Fuck it.

Just fuck it

So I’m writing this random number generator app just because so many apps charge you for this simple thing and posted my progress somewhere else. And this guy just commented: you can do it in python in 2 lines

Bitch, I know… the whole point is to not open python whenever needed and save my settings so I can use them later

God damn

“httpOnly cookies prevent XSS attacks”… wow.
As if not being able to get your cookies is going to stop me from doing bad things.

When I'm in via XSS, it's over. I'm changing the page content to your sign-in form with “please sign in again” notice, but it sends email/password straight to me. What percentage of users is going to enter their data? What do you think? With password managers prefilling data, and the annoyance being one “enter” hit away, I think a lot of users will fall for that. No one, including you, will be able to tell the difference without devTools.
You can rotate the session token, but good luck rotating the user's password.

Oh, did I tell you I could register a service worker using XSS that will be running in background FOREVER?

But don't listen to me. Don't think. Just use httpOnly and hope for the best. After all, your favorite dev youtuber said they could protect you from XSS.

Applied for a research intern, talked about their research and my current project for 10 minutes, then started a fucking coding interview, which I couldn’t solve cuz I’m dumb

But man, this is a research position, and our work were so close wtf?

Got rejection this morning, fuck the coding interview

I rarely use devrant for such things but I'm curious as to the response. I've found several quite serious security vulnerabilities in our main application which have been raised internally yet management keep coming out with "we don't have budget to fix them" what should I do in this situation? How would you handle it?

fucking internet explorer asks whether to save the json response sent by my api a bug in it.
can't change the response to text/HTML can lead to xss.
why why do clients have to use ie

So I wanted to publish the spherical voronoi minesweeper on steam. I paid the one time fee, submitted my tax document and then never heard back, and that’s four month ago.

Shall I just open source it, it’s a unity project so idk how the structure of that should be.

I can also just put the built version on github, if the file size is not enormous.

So I have question about my resume.
During my college time, I have done two projects related to politics:
One is to analyze the bias of media. What I did is scrape news covers for Trump and Hillary during election year and get sentiment analysis. The result is not surprising that among NY Times, NBC, Fox, Eashington Post, and CNN, Fox news is clearly favoring Trump, since Fox news is a republican news site.
The other project I did was to analyze the speech complexity and sentiment of the election. One of the observation we made was that Hillary and Trump are almost at the same level regarding speech complexity. However, Trump has a more positive sentiment in the speech, which is true consider how much he loves to say make America great again.

Now the question is, when I gave my advisor my resume, she said that I'd better not put those two projects on my resume since they are related to politics.

But, I am applying for a data science master degree. Seriously, I was just collecting the data and the data speaks for himself, why should I take those projects off my resume? I'm very proud of those projects I did as a matter of fact.

So here is the question. Shall I take off those two projects on my resume because they were political or I should leave it thereawarreally need some professional views. Please.

XSS mitigation is a pain in the ass.

After all this time, with all the brilliant developers around the world, why haven't we found a sane way to mitigate this shit by default?

Shit!

There is this thing we were able to take at college to get extra UCAS points.

At first I was like "fuck yeah might as well, doesn't seem too hard and its something I like so I wont be distracted"

Long story short, the website was badly designed. I got distracted. And I found out how to get admin rights over my marks (and rest of my project), and perform an xss injection.

Currently waiting for them to reply to my email asking about a bug bounty program.

Seriously guys, make sure you do proper server side checks.

Are you an XSS?
Because you popped my heart out.

When I made a PoC xss thingy.

So this webapp (which I was locally hosting) had a message functionality that allowed iframes to be sent through, but they could only originate from a specific domain. They used a bad regex tho, as the workaround was on an OWASP wiki page, which was the third search result for 'XSS'. I then used this iframe to load in a different page on this app where I could inject js in the title field. Then I discovered this field has a length limit, but I could just fit in a script that would base64 decode the hash part of the URL and eval it. I then updated the iframe to include a script that would automatically change the message signature of anyone who loaded it to include the iframe again in their message signature. Because these two pages were from the same domain, I had gained full control of the messaging app too, allowing me to do this and circumvent the csrf system.

I felt like I had achieved something.

Gotta love JavaScript obfuscation!

((_)=>{_=["cnVjdG9y","Y29uc3Q=",(_)=>{return atob(_)},2,0,1],_=_[_[3]](_[_[5]])+_[_[3]](_[_[4]]),_=((+[])[_][_]),_("console.log('Xaotic <3')")()})([])

// We need a [code] tag guys

I should start designing websites

I have an app idea, I need people here to tell me if this make sense.

In short I want to creat an app that supports forums and chat rooms but only for people close to you.

The reason being that whenever I move to a new place, I basically have no knowledge of what’s going on around me what so ever, so if there’s a forum that I ca easily navigate and see what people are talking about it will be great. There are certain buildings/managements that has their own app but doesn’t seem to be used at all, I think one reason being that it’s a new app for new neighborhood, and the range is too small, I’d rather see what people do around me but not within one single building

And the reason for chat room is because if I’m going some place for an event, first if there’s this forum it will be great because people can just post questions there, second if there’s any session then it really makes sense to have some time and location limited chat room for me to join, and I don’t have to worry about it once I’m out of that location or time has expired. Recently I was in a conference and people are straight up creating messenger groups.

I think it makes sense to combine the two, you have a forum where you post things that your neighbor may have answer to, and if you want to creat an event, you can create a chat room just for the event, which expires after certain time.

I need to know if this idea sounds plausible. Devrant do your best, thanks

My coolest bug fix was fixing XSS and CSRF vulnerabilities. It was the starting of my IT career and when I hear these big names, I used to think that it takes a big brain to fix them. But the solutions were rather simple. My architect told me how to solve them and I made my version of the solution and sent it for his review. He just rejected it and told some enhancements to it. The to and fro of these reviews happened for a week.
At some point I felt, why don't he f*****g do it himself. It would take him about 5 minutes.
Finally my code was approved.
Now when I turn back and think about it, I feel I learned a lot from that exercise.

Has anyone noticed that safari seems to be smoother and faster than chrome now.

Open leetcode, try to convince myself to use rust for leetcode to learn rust

Got so confused

Open discussion

Got tired of opening discussion every time

Wrote a plug-in for chrome that automatically loads discussion code at the submission page

Never touched leetcode again lmao

So my linux system didn't have any audio output now while it worked days ago and I haven't installed any new package. I was working on this for at least two hours. Reinstall drive things like that and none worked. I thought to myself: do you really want a system without sound? I mean it's good for coding since you can focus knowing you cant watch video now since theres no sound. But do you really want it? No, I would rather reinstall it. So I closed my laptop, didnt shut it down, and searched for how to reinstall ubuntu in command line and reopened my laptop, and magically, the sound is back online...... I guess linux is more powerful than I have ever imagined.

Any of the several hundred (no joke) xss, csrf or sql injection bugs I've fixed in our legacy apps...

Gonna make an ugly face generator now

I realized that using hilbert curve, I can draw one continuous line on a closed mesh surface that has no holes, I’m not sure if it’s going to be beautiful though, but I’m gonna try it anyway

I’m gonna make an iOS app, here’s the idea.

Everyday user gets some credit. User can use credit to make a post. One credit means one view. The post will be viewed by random people, and after certain views, the post gets destroyed. Users can only view random posts, they have like a little button that whenever you press it, you get a random post

If another user saw the post and thinks it’s interesting, he can sponsor this post with his own credit. Users can make comments however everything will be anonymous. If one user finds another user’s reply or post interesting, he can request to add the user so they can see each others name on posts in the future.

Regardless how much credit a post gets, when it ran out, the post gets deleted.

Before you say anything like oh shit now people have to pay to make posts? Im not gonna make this a pay to win system, so people don’t just gets more credit by paying.

Let me know what you think

I need advice.

I'm going to apply for PhD this year, but here's the thing, I don't have a specific interest in anything.

This sounds weird but I only want to do thinking. Like solving problems.

I would have a paper coming out this month as first author, but we discovered some weekends of our algorithm recently and decided to postponed the paper (there are 4 professors on the project and one researcher), so I guess this will definitely affect my application.

Like, what shall I say even on the personal statement? That I have one active mind that just won't stop thinking? The very fact that everything is interesting to me made me not interested to anything.

I need suggestions

I’m thinking about making a blog called but how do I, this will include tutorials that covers things not taught in school, but you wished you knew how to do.

So right now I have ideas like:

How to write zsh plugins
How to scrape the web(scrape html or sending request)
How to write chrome plugins
How to center a div in different ways
How to write backend codes in js
How to setup an interactive website on a server with domain

But I need more, I need suggestions.

So two weeks ago I said I want to make a website
After 9 days of working 9 hours per day I’m finally done with the basics. It’s a website that’s basically an infinite post board

I’d want to invite people here to test it but I’m also afraid that there might be people just attacking my server. So now idk what to do

<script>
alert('Always escape and encode your inputs to avoid XSS attacks');
</script>

XSS attack means game over, and no httpOnly cookie is gonna save you. Here’s why:
1. I copy the exact html and css of your sign-up form, but make it send data to my server
2. I perform XSS that replaces page content with that malicious form
3. 99% of users think they should sign in again
4. Profit: I now have their login and password.

I’m still thinking about doing one of my old idea, which is an infinite posting board. But I guess I have to ask the hard question: is it useful?

Please people let me know

Is there a way to dynamically change your IP address while scraping website so that you don't get blocked cojstantly

When I was undergrad there’s an hpc course and I wanted to take it. A friend said I shouldn’t because: to take a human computer interaction course, you first need to be a human.

Now, 5 years later, look at me. I still haven’t taken an hpc course lmao

I’m gonna stop working on my website.
Been working on it for two weeks, probably because of bipolar and I was full of ideas.
I feel so tired now.

You know what
I’m gonna fucking rebuild my website since the ui got bashed pretty hard by a friend who studies hci

And just gonna make it faster while at it

Me clicking on "New article" ...

Title:
<span onclick='return 1248 == prompt('When the construction of the Cologne Cathedral started?');">Click me to open the treasure</span>

Text:
<span onmouseover="alert('No?');" style="width:100%;height:500px;">It's ok that every editor can insert arbitrary HTML?</span>

Don't worry, it's a dev server but still bad to see

I want to start a blog, and the name will be “I have a call degree/I am a programmer, but how do I”. Through this blog I want to share things I learned by my own, like seriously, nobody taught me to write full stack application, nobody taught me how to write opencv in c++, nobody taught me how to write a simple game, anyone has any suggestions?

Now arguing with the ceo of startup I’m part of that we can use the ugly generator for avatar, and he said we should use the duck generator, and I said the duck has virtually no personality, but he said it fits the simplicity design flow
Man

What if I just make a website called the internet is nasty and let people either leave a comment with 100 characters and can shuffle through the comments to see how nasty the internet can be

An infinite post board

Spring roo by a country fucking mile, it tries to do too much magic under the bonnet, it creates files which if you modify it gg from me and gg from him (two Ronnie's), if you generate html forms with it takes less than half a beer to either SQL inject or xss it and worst of all it has one of those names that no-one can take seriously.

My advice avoid it like the syphilitic donkey it is.

The dream:
Three professors, one phd, one post doc, one researcher in a meeting doing code review for you and tell you what a shit piece this is.
Ps. I'm not a phd

Ok just wanna share things that got me stuck for hours on my recent project and their solution. I hope it’s gonna help someone.
To start with, when I was implementing svg to png, i set an image object’s source with a data url. Normally this is going to trigger the onload hook. However for some fucked up reason it never triggered. The solution is to use setAttribute function and then the hook will be triggered.
Second, you can get rounded triangle by setting stroke width and set stroke linejoin and line cap as round. But remember, if stroke width is 6, then it’s 3 inside and 3 outside.
Third, if you have a rotation of svg element, and later on you want to manually compute the rotated point’s position, it’s most likely some vanilla code is not going to work. You see, when you rotate for x degree, it is actually rotating -x degree. I’m not sure if it’s a bug of my code, but it’s there.
And now the worst thing: if you look up how transform on svg is performed, stackoverflow is going to tell you it’s by order. But that’s somehow not true for my project. If I do set transform to do translation then rotation, the order it was applied is actually reversed. It’s rotation first then translation, like ffs why? Who the fuck said it was in order? It’s clearly in reverse fucking order.
Ok last thing, you can scale svg around it’s center, but absolutely don’t do that because it’s gonna fuck up tanslation and rotation applied to this svg. If you need to scale, translate it first then scale it will be better.

Anyway just some things i encountered. I’m gonna stay away from svg for at least two months now

Has anyone used catch2? How do I pass the command line arguments to a test when I have test in a separate file. The supplying main yourself document is quite useless, it only tells you how to get the arguments but not how to pass it to tests. I saw people setting a global variable in main but it’s not working for me.

Why are many of the customizable mechanical keyboard still not going wireless?
I hate plugging in cables to Mac, quite against their design philosophy.

Wtf is with this episode of GoT

I wanted to build a platform for student who wants to do research and are having hard time finding a good professor within university or from outside, so naturally I started asking professor I knew and this is what I get:

Normally they will only hire students from within university unless student himself has funding, and even with that hiring students from outside is a lot of procedures.

And no, such platform probably won’t be that useful as they get a lot of emails asking about research.

Startup idea instantly killed.

How do you guys calculate complementary color?

I feel like I have a good algorithm but I also feel like I've been posting too much recently so I just want to know what you guys do to calculate complementary color.

Maybe, instead of making a cloth, I should just make tutorials teaching people how to code the duck? Also other things? Like the chat box I have(literally a box written in html and css), the rabbit thing, the cat thing, the avatar thing.

God I have so many useless projects I can showcase.