Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "your website sucks"
-
Our website once had it’s config file (“old” .cgi app) open and available if you knew the file name. It was ‘obfuscated’ with the file name “Name of the cgi executable”.txt. So browsing, browsing.cgi, config file was browsing.txt.
After discovering the sql server admin password in plain text and reporting it to the VP, he called a meeting.
VP: “I have a report that you are storing the server admin password in plain text.”
WebMgr: “No, that is not correct.”
Me: “Um, yes it is, or we wouldn’t be here.”
WebMgr: “It’s not a network server administrator, it’s SQL Server’s SA account. Completely secure since that login has no access to the network.”
<VP looks over at me>
VP: “Oh..I was not told *that* detail.”
Me: “Um, that doesn’t matter, we shouldn’t have any login password in plain text, anywhere. Besides, the SA account has full access to the entire database. Someone could drop tables, get customer data, even access credit card data.”
WebMgr: “You are blowing all this out of proportion. There is no way anyone could do that.”
Me: “Uh, two weeks ago I discovered the catalog page was sending raw SQL from javascript. All anyone had to do was inject a semicolon and add whatever they wanted.”
WebMgr: “Who would do that? They would have to know a lot about our systems in order to do any real damage.”
VP: “Yes, it would have to be someone in our department looking to do some damage.”
<both the VP and WebMgr look at me>
Me: “Open your browser and search on SQL Injection.”
<VP searches on SQL Injection..few seconds pass>
VP: “Oh my, this is disturbing. I did not know SQL injection was such a problem. I want all SQL removed from javascript and passwords removed from the text files.”
WebMgr: “Our team is already removing the SQL, but our apps need to read the SQL server login and password from a config file. I don’t know why this is such a big deal. The file is read-only and protected by IIS. You can’t even read it from a browser.”
VP: “Well, if it’s secured, I suppose it is OK.”
Me: “Open your browser and navigate to … browse.txt”
VP: “Oh my, there it is.”
WebMgr: “You can only see it because your laptop had administrative privileges. Anyone outside our network cannot access the file.”
VP: “OK, that makes sense. As long as IIS is securing the file …”
Me: “No..no..no.. I can’t believe this. The screen shot I sent yesterday was from my home laptop showing the file is publicly available.”
WebMgr: “But you are probably an admin on the laptop.”
<couple of awkward seconds of silence…then the light comes on>
VP: “OK, I’m stopping this meeting. I want all admin users and passwords removed from the site by the end of the day.”
Took a little longer than a day, but after reviewing what the web team changed:
- They did remove the SQL Server SA account, but replaced it with another account with full admin privileges.
- Replaced the “App Name”.txt with centrally located config file at C:\Inetpub\wwwroot\config.txt (hard-coded in the app)
When I brought this up again with my manager..
Mgr: “Yea, I know, it sucks. WebMgr showed the VP the config file was not accessible by the web site and it wasn’t using the SA password. He was satisfied by that. Web site is looking to beat projections again by 15%, so WebMgr told the other VPs that another disruption from a developer could jeopardize the quarterly numbers. I’d keep my head down for a while.”8 -
What kind of supercomputer you have to use to get these fucking websites to work smoothly????
I'm on a fucking gigabit connection, ryzen 7 7700x, 32GB ram, and a fucking nvme, all it takes is opening a fucking recipe site and I'm instantly transported back to the 80s. I swear if i see another 4k asset I'm gonna punch something.
WHAT THE FUCK HAPPENED TO FUNCTION OVER FORM????
Oh do you want me to disable my addblocker??? How about: you make a site that works you fuck. No i will not fucking subscribe to your brain-dead newsletter why the fuck would I???
And since when are cookies needed for a fucking plaintext site you asshat??? Tracking??? I swear if you could you would generate metadata from my clipped fingernails if it meant you could stick "Big data" next to that zip-bomb you call a website.
I WOULD like to read your article, possibly even watch a couple of ads on my sidebar for you, but noooooo you had to have the stupid fucking google vinegrette or however the fuck they are calling the fucking thing now.
The age of the web sucks the happiness out of life, and despite having all of this processing power, I am jealous of my fathers RSS feeds.
I'm sorry web people, I know it's not your fault, I know designers and management don't give a shit how long a website takes to load. I just wanted to make a fucking omelette.15 -
Client (not for the first time): Your work sucks. I had to have this email formatting re-done before I sent it out.
Me: *sees that the email sent matches the work I did exactly with no changes*
Client (months later): I need you to do maintenance on my website.
Me: *does quick maintenance for free but sends update on status of work done and amount left in retainer agreement*
Client: You're too expensive! You started working with me for $X/hr, then you went up to $Y/hr and now you're all the way up to $Z/hr! You're not worth that!
Me: *fires client by refunding the remainder of retainer and sends client a list of local, cheaper providers*
Client: But now I don't have anyone to maintain my website until I find a new provider! Why have you done this to me? Waaaahhhhh!
Me (in the most professional language I can muster): Because you're a biotch and I'm tired of your verbal abuse. Maybe try not to be such a dbag to that next provider, mmm'kay?7 -
EXCEL YOU FUCKING PIECE OF SHIT! don't get me wrong, it's usefull and kt works, usually... Buckle up, your i for a ride. SO HERE WE FUCKING GO: TRANSLATED FORMULA NAMES? SUCKS BUT MANAGABLE. WHATS REALLY FUCKED UP IS HTHE GERMAN VERSION!
DID YOU HEAR ABOUT .csv? It stands for MOTHERFUCKING COMMA SEPERATED VALUES! GUESS WHAT SOME GENIUS AT MICROSOFT FIGURED? Hey guys let's use a FUCKING SEMICOLON INSTEAD OF A COMMA IN THE GERMAN VERSION! LET'S JUST FUCK EVERY ONE EXPORTING ANY DATA FROM ANY WEBSITE!
The workaround is to go to your computer settings, YOU CAN'T FUCKING ADJUST THIS IN EXCEL!, change the language of the OS to English, open the file and change it back to German. I mean, come on guys, what is this shit?
AND DON'T GET ME STARTED ON ENCODING! äöü and that stuff usually works, but in Switzerland we also use French stuff, that then usually breaks the encoding for Excel if the OS language is set to German (both on Windows and Mac, at least they are consistent...)
To whoever approved, implemented or tested it: FUCK YOU, YOU STUPID SHITFUCK, with love: me7 -
You realize you complain too much about shitty websites when even your wife, while surfing from her phone, begins saying "this website sucks"...1
-
I find it annoying when non-tech savvy people criticize the Parler devs for using AWS because "it's Amazon they had it coming", I don't know the devs or company behind that website, I've never used it, but wtf man do you have any idea what's involved in building, deploying and maintaining a platform like that or any other similar? ffs you would barely be able to write an HTML blog by yourself and you dare judge devs for using AWS. fuck off.
I agree with the sentiment, it sucks, if my platform was removed from AWS I probably would keep it that way because I don't have the money to afford the hardware nor am I somewhere that's readily available and that's what is really sad it would suck that just because Amazon doesn't like you or you don't have the influence to fight it you and your userbase can go fuck off. Very bad precedent, it is discouraging.68 -
"Some settings are managed by your organisation"
I understand the necessity for companies to be able to remotely manage their devices, but my god, I hate working on company laptops sooo much!!
Fun fact, even Chrome can be managed! The can manage everyting. It's called Microsoft Intune. It sucks!! And fucking 45 day PW change policy! And fuck you, Windows Defender Real-time protection which I can't turn off and It's high CPU consumption. Also fuck you Microsoft Teams for scanning. Every. Single. Link. I. Click. On. From. A. Chat. Before. Redirecting. Me. To. The. Actual. Website. Always takes a couple of seconds. Waste of time. Those accumulate over time you know! AND to Windows Update! You already know what is coming next: stop force-updating while I'm in the middle of fucking meeting! I have shit to do! Another fun fact: you can postpone Windows Update by turning the clock back. LIKE PLAYING AN OLD TIME-BASED STRATEGY GAME ON PC IN 1999. (12h work best.) And this fucking weak ass VPN. WHY I PAY FOR 1Gbps WHEN COMPANY VPN ONLY 10Mbps?!! What Am I? A fucking snail! Go faster!! pls!
But, thank god, we can email shit and open attachments in Outlook.10 -
I wrote a node + vue web app that consumes bing api and lets you block specific hosts with a click, and I have some thoughts I need to post somewhere.
My main motivation for this it is that the search results I've been getting with the big search engines are lacking a lot of quality. The SEO situation right now is very complex but the bottom line is that there is a lot of white hat SEO abuse.
Commercial companies are fucking up the internet very hard. Search results have become way too profit oriented thus unneutral. Personal blogs are becoming very rare. Information is losing quality and sites are losing identity. The internet is consollidating.
So, I decided to write something to help me give this situation the middle finger.
I wrote this because I consider the ability to block specific sites a basic universal right. If you were ripped off by a website or you just don't like it, then you should be able to block said site from your search results. It's not rocket science.
Google used to have this feature integrated but they removed it in 2013. They also had an extension that did this client side, but they removed it in 2018 too. We're years past the time where Google forgot their "Don't be evil" motto.
AFAIK, the only search engine on earth that lets you block sites is millionshort.com, but if you block too many sites, the performance degrades. And the company that runs it is a for profit too.
There is a third party extension that blocks sites called uBlacklist. The problem is that it only works on google. I wrote my app so as to escape google's tracking clutches, ads and their annoying products showing up in between my results.
But aside uBlacklist does the same thing as my app, including the limitation that this isn't an actual search engine, it's just filtering search results after they are generated.
This is far from ideal because filter results before the results are generated would be much more preferred.
But developing a search engine is prohibitively expensive to both index and rank pages for a single person. Which is sad, but can't do much about it.
I'm also thinking of implementing the ability promote certain sites, the opposite to blocking, so these promoted sites would get more priority within the results.
I guess I would have to move the promoted sites between all pages I fetched to the first page/s, but client side.
But this is suboptimal compared to having actual access to the rank algorithm, where you could promote sites in a smarter way, but again, I can't build a search engine by myself.
I'm using mongo to cache the results, so with a click of a button I can retrieve the results of a previous query without hitting bing. So far a couple of queries don't seem to bring much performance or space issues.
On using bing: bing is basically the only realiable API option I could find that was hobby cost worthy. Most microsoft products are usually my last choice.
Bing is giving me a 7 day free trial of their search API until I register a CC. They offer a free tier, but I'm not sure if that's only for these 7 days. Otherwise, I'm gonna need to pay like 5$.
Paying or not, having to use a CC to use this software I wrote sucks balls.
So far the usage of this app has resulted in me becoming more critical of sites and finding sites of better quality. I think overall it helps me to become a better programmer, all the while having better protection of my privacy.
One not upside is that I'm the only one curating myself, whereas I could benefit from other people that I trust own block/promote lists.
I will git push it somewhere at some point, but it does require some more work:
I would want to add a docker-compose script to make it easy to start, and I didn't write any tests unfortunately (I did use eslint for both apps, though).
The performance is not excellent (the app has not experienced blocks so far, but it does make the coolers spin after a bit) because the algorithms I wrote were very POC.
But it took me some time to write it, and I need to catch some breath.
There are other more open efforts that seem to be more ethical, but they are usually hard to use or just incomplete.
commoncrawl.org is a free index of the web. one problem I found is that it doesn't seem to index everything (for example, it doesn't seem to index the blog of a friend I know that has been writing for years and is indexed by google).
it also requires knowledge on reading warc files, which will surely require some time investment to learn.
it also seems kinda slow for responses,
it is also generated only once a month, and I would still have little idea on how to implement a pagerank algorithm, let alone code it.4 -
Having to work for clients sucks. They are so rude. "We sent an issue over yesterday and it's still not fixed". You think you're our only customer? You think this shit is automated and takes no time to fix? You think you have resources working on you stuff 24/7. You don't man. Get in the queue and be grateful a load of time and effort goes in to your website. Sit down and stfu. Ahhh... that's better.1
-
Why the fuck nobody talks about Multi-page apps?! We went from a Web where everything was Multi-page server-rendered, and now everything for Web developers is "Single-page apps".
What about websites who can't do that? Not everything can be a single-page app. Only my uncle's restaurant website, or something which is TRULY a full app. No half choices.
If your website is a multi-page app/portal which actually PRELOADS data, instead of doing 100 fetch to an API within a page that is full of loading bars, well, your life is a pain.
When you want a first contentful paint which isn't a white page, well, your life is a pain.
What are React, Vue, Ember, Angular (let's exclude Svelte and Marko) going to do about Multi-page apps and SSR?
React-router sucks to me. It's performance is weak and it's useful only when you have an SPA with multiple sections which can be treated as pages (e.g. A single SPA divided in tabs).
Server-side rendering is the worst pain ever made by humanity, in React (and prob Vue, I didn't try but I can bet). And even when made easier from libs like Svelte and Marko, I (personally) can't get it to be faster enough compared to a traditional website without a JS framework and with a templating engine.
Anyways, if there's anything that I learnt from React, is to stay away from Next.js. Perfect, beautiful, mess.
All JS frameworks just seem to bloat the code and make it worse and slower, even though they're REALLY helpful.
Why? Why everyone loves them if their downsides are so clear? Why 3 projects out of 3 I made (1 React SSR, 1 Vue, 1 Marko SSR) are and will stay painfully slow and bloated, full of shit, even if in 2020 we should have evolved with the famous three shaking, with the famous lazy loading, etc.?
I am just frustrated.
And let's not even talk about Webpack, Rollup, Lasso, those module bundlers shit which are harder to configure and understand than finding a needle in a haystack.
Lasso was the easiest to configure but I anyways can't understand it. Webpack seems it was made to handle SPAs, as any tool in this freaking world, and not even considering an easy way to integrate multiple bundles for multiple pages (I know it's pretty easy, but with component sharing between pages and big unique bundles Next.js handles it soooo bad it feels like hell).
Am I the only one?
Sorry for the long rant. I just needed to rant right now.17 -
QT Creator and openframeworks on Windows 10 fucking suck!
- Qt creator keeps getting issues with the system. Missing DLLs etc. Fuck you, Qt Creator! They aren't missing. I double checked them. Redownloaded them and installed them.
- Besides of that your inbuilt compiler sucks big time. It takes me a fucking minute to see a complete program with a simple text on a GUI.
Now back to openframeworks.
- OF doesn't use the pre-installed codecs on Windows. You have to install K-Lite codecs to play mp4 n shit.
- If you want to embed a video or an image on the GUI, you keep getting a layer on top of the canvas. Yellow colors turn blue etc. Fucking weird.
- OF isn't a fan of Windows. Tried to install and run OF on VS 2019. It is not supported.
How about we follow the documentation of OF and install it their way? Great. Let's do it.
It says install VS 2017.
Ok, let's try it on VS 2017. Doesn't work.
I realize that they use VS 2015 in the video of their documentation.
Geez. Ok, let us try it with VS 2015.
Tries to download it, but with no success. Microsoft isn't supporting it anymore. Thus no way to download it from the official website.
- How about OF on Code::Blocks?
Not supported. Doesn't work.
I reinstalled everything. Made a Windows update. Rebooted it. Still a big nope.
To both dev teams: Get your fucking shit together, you bloody morons!4 -
I have fucking HATED Windows 10 from day one. Now I'm hearing there are new vacillations of this genius programming train wreck that I think is designed to force monetize Microsoft's business model.
After a short while I managed to get to a point where I can maintain W 7. In fact, I'm using my old computer right now. Because I could not get this rant to load onto Devrant website. If you are reading this we know that it is because 10 sucks consistently.
I save my files onto a backup hard drive so I can find 'paper file' type solution for whatever random crap might block me at the keyboard. In fact, I still use paper and file cabinets so "technology" doesn't bring me to a screeching halt every time something like "no record of that account" or "wrong password".
Why the hell does my PASSWORD work from W7 but not from W10?! And it's getting WORSE by the day! I'm about to take a fucking hammer to my new fucking computer. And to that guy who smarmy says something to the effect of 'don't be such a pussy... just fix it and you will be happy.' Well. Fuck you too!
Now. That being said. Anybody have a suggestion on what to try next? And don't say something like, 'take your computer to Micro Center or Geek Squad'. I've done those guys twice each. And for a small phenomenal fee they have each time made things slightly worse plus lost parts of my saved data each time.
Oh. And "reset to previous" doesn't work either.
Suggestions?
Probably better at this point to attempt to solve my own problems wrong for free at this point. Maybe I'll learn to program in Linux or some such thing.
Forrest
for suggestions please contact me at
res0naza@yahoo7 -
It sucks when the Project Manager assigned to you ruins your website and you get all the blame like you're not doing your job properly. It even more sucks when the Designers /PM / TL gets mad at you changing /adding something on the website that is not in the slices they submitted. Yes, I respect your work but the boss and the clients want to have their website more interactive. We're not doing brochures and magazine, people.
-
Where have i been? the answer is Yes. im still alive, caught rona 3 times never been better.
as a OKAY not pro developer i can create what i want.
and if you're wondering. Yes i have deleted my rants.
i use typescript. i will not go back to js.
RUST IS SUPERIOR TO C++
(i still use C++ because i am a mad cheater in android games this is gonna probably come to a halt soon i haven't been on my mobile a while)
all i literally had to do was sit at a computer for hours. stick to one language and just build projects on my own i stopped coding on mobile after one of my unstable projects had got access to my devices files. oh and last but not least tampermonkey sucks and my favorite game moo moo.io and sploop.io is full of macroers, cheaters and now nobody wants to play legitly in the game. i forgot this website and decided to take things slowly. time goes fast when your mind really be dazed.5 -
a friend of mine sent me some hobby drama and it reminded me of this innate fear I have that's difficult to explain and nor do I really know where it's from or how to describe it
honestly, fuck, I don't know how to describe it
because the issue is every time you do something good for the world, the world ends up vilifying you for it
I saw this when I was growing up and making mods for games, I'm seeing it now in this hobby drama to such a striking degree
this person outdid the community, became famed and god-like a figure due to their personal drive being different, and now... even the people describing the drama are editorializing them into a hated villain of the arc. I literally can't find their original posts, people just say rumoured things about them but won't link them which is super suspicious. even if they do link to a post of theirs the account is banned so I can't read the posts, the website link is 404, etc
the community quotes their backtalk to the person instead of what the person actually said and celebrates it and it's making my stomach churn
this feels like a hit job
then they make fun of this person for being "paranoid everyone is against them" um yeah you literally shit talk them, probably are making things up about them, vilifying them at literally every opportunity, trying to use cheap gotchas to feel superior... I'm starting to think this person is correct, and I want to read what they wrote instead (because of the few quotes they had actual insight into the hobby-sphere) but it seems like you've somehow scrubbed it off the internet, wtf?
I like building things but my fear is exactly this. I've done it in the past when I was little and in my experience if you build something people love, somehow it is a gateway to them mistreating you because they feel entitled to you. so why would you ever contribute to humanity if this is what happens? ever since I was a kid I wanted to keep these things to myself. fame is terrifying. does it even make sense? I can't even put it into words
it would be nice if you could do things and make humanity better but somehow by doing things you literally bring out the worst in them. and yeah, you can tank it and endure it, but it makes you ask why are you doing it if it's so evil onto them? why does this happen? it also frankly sucks, like who wants all this drama? you give people stuff and they spit in your face? that's just depressing. how are you to sleep at night, wrestling with that sort of community integration, doubting if that's your place in life, your purpose? why even? does it even make the world better, or are you making it worse by a chemical reaction of your existence combining with the masses generating vitriol fluids in the collective consciousness? it's just somehow so fucked up6 -
Ugh. So for one of my classes (Projects In Computer Science) we have to break up into groups; Around 4-6 people per group and build some software for different local companies in the city that I live in.
Well.... the company that my group chose is so damn frustrating. Essentially we are making a glorified Applicant Form system for their website (there's more to it than just that). So you would think that the company knew what sort of fields would be needed for these forms.... Well no, we are over a month into this project and still have barely began coding shit because they are so fucking slow to respond to our emails, don't pick up our calls, or put off doing absolutely anything related to our project! Our professor asked that we would have a written copy of the project requirements made and signed off by the client within the first 2 weeks of classes starting. Took them over a month to get around to that, and still even after signing off on the requirements said that they were missing key forms that we needed to account for... Its your damn fault for not telling us that. We completely wasted our time planning out the database and structuring the front-end/back-end to work for the forms they had given us, and now there's yet another one with inconsistent fields, meaning we need to rethink out most of our system to account for this data. We only have 3 months total, 1 which is already gone and practically wasted, and even still we don't have any sort of confirmation on what form fields we have to account for.
Fucking hell just spend a little bit of time for both our sake, and your own to get us the finalized forms fields and requirements for this project. Honestly at the rate things are going we probably wont be able to finish, which sucks ass since this project is perfect resume material.
Seriously this company desperately needs us to make them this program since their current system is absolute shit. They are literally getting a system that would cost upwards of $20,000 for free, yet they don't seem to care much that we probably wont be able to finish due to their faults. If we didn't have a time cap on this project I wouldn't really care, but the fact that we only have 3 months, plus school work in other classes, exams and a personal life, its making this project a lot more stressful than it needs to be.
Its not like we have a project manager either, so all the emailing and communication is being done by myself. Honest to god, all they have/had to do was sit down for 1 hour of time to decide what they all needed and we would probably have been able to finish this project.5