Aboutthe kind of person who reflexively tests the limits of the username inputbox but misspells his intended name in the process...
Skillsc#, unity3d, blender, and then php, sql, j, js and rest of that crap pile
Joined devRant on 8/6/2017
Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
The day I became the 400 pound Chinese hacker 4chan.
I built this front-end solution for a client (but behind a back end login), and we get on the line with some fancy European team who will handle penetration testing for the client as we are nearing dev completion.
They seem... pretty confident in themselves, and pretty disrespectful to the LAMP environment, and make the client worry even though it's behind a login the project is still vulnerable. No idea why the client hired an uppity .NET house to test a LAMP app. I don't even bother asking these questions anymore...
And worse, they insist we allow them to scrape for vulnerabilities BEHIND the server side login. As though a user was already compromised.
So, I know I want to fuck with them. and I sit around and smoke some weed and just let this issue marinate around in my crazy ass brain for a bit. Trying to think of a way I can obfuscate all this localStorage and what it's doing... And then, inspiration strikes.
I know this library for compressing JSON. I only use it when localStorage space gets tight, and this project was only storing a few k to localStorage... so compression was unnecessary, but what the hell. Problem: it would be obvious from exposed source that it was being called.
After a little more thought, I decide to override the addslashes and stripslashes functions and to do the compression/decompression from within those overrides.
I then minify the whole thing and stash it in the minified jquery file.
So, what LOOKS from exposed client side code to be a simple addslashes ends up compressing the JSON before putting it in localStorage. And what LOOKS like a stripslashes decompresses.
Now, the compression does some bit math that frankly is over my head, but the practical result is if you output the data compressed, it looks like mandarin and random characters. As a result, everything that can be seen in dev tools looks like the image.
So we GIVE the penetration team login credentials... they log in and start trying to crack it.
I sit and wait. Grinning as fuck.
Not even an hour goes by and they call an emergency meeting. I can barely contain laughter.
We get my PM and me and then several guys from their team on the line. They share screen and show the dev tools.
"We think you may have been compromised by a Chinese hacker!"
I mute and then die my ass off. Holy shit this is maybe the best thing I've ever done.
My PM, who has seen me use the JSON compression technique before and knows exactly whats up starts telling them about it so they don't freak out. And finally I unmute and manage a, "Guys... I'm standing right here." between gasped laughter.
If only it was more common to use video in these calls because I WISH I could have seen their faces.
Anyway, they calmed their attitude down, we told them how to decompress the localStorage, and then they still didn't find jack shit because i'm a fucking badass and even after we gave them keys to the login and gave them keys to my secret localStorage it only led to AWS Cognito protected async calls.
Anyway, that's the story of how I became a "Chinese hacker" and made a room full of penetration testers look like morons with a (reasonably) simple JS trick.5
*windows update gets stuck on a black screen*
MOTHERFUCKING WIND-oh wait it rolled back the update and booted fine on its own.
Gotta hand it to whoever at Microsoft implemented this, was smooth af.5
Fun drinking game: Every time the solution to a coding issue is the one you refrained from trying, take a shot4
Job interview goes really well. Senior Dev 90-100k.
Ok, so for your "test" write up a proposal for a web based bulk email sending system with its own admin panel for building list, tracking emails, and with reporting.
I write up an estimate. Low ball the absolute fuck out of it because I'm trying to get a job. Know a few good libraries I can use to save some time. Figure I can just use sendmail, or PHPMailer, or NodeMailer for the emailing, and DataTables Editor for a simple admin CRUD with reporting. Write the thing up. Tell them they can have it in LAMP or Node.
Come in at 36 hours.
Then these fucking wanks told me they wanted me to actually do the project.
My exact response was:
"I bill $50 an hour, let me know"
They did not let me know.
Young devs, jobless devs, desperate devs. I've seen a fair amount of this. And for the right job I might go as high as maybe 4 - 6 hours of unpaid work for some "programming test". But please be careful. There are those who will try to exploit lack of experience or desperation for free work.14
You know what?
Young cocky React devs can suck my old fuckin LAMP and Objective-C balls.
Got a new freelance job and got brought in to triage a React Native iOS/Android app. Lead dev's first comment to me is: "Bro, have you ever used React Native".
To which I had to reply to save my honor publicly, "No, but I have like 8 years with Objective-C and 3 years with Swift, and 3 years with Node, so I maybe I'll still be able help. Sometimes it just helps to have a fresh set of eyes."
"Well, nobody but me can work on this code."
And that, as it turned out was almost true.
After going back and forth with our PM and this dev I finally get his code base.
"Just run "npm install" he says".
Like no fuckin shit junior... lets see if that will actually work.
Node 14... nope whole project dies.
Node 12 LTS... nope whole project dies.
Install all of react native globally because fuck it, try again... still dies.
Node 10 LTS... project installs but still won't run or build complaining about some conflict with React Native libraries and Cocoa pods.
Go back to my PM... "Um, this project won't work on any version of Node newer than about 5 years old... and even if it did it still won't build, and even if it would build it still runs like shit. And even if we fix all of that Apple might still tell us to fuck off because it's React Native.
Spend like a week in npm and node hell just trying to fucking hand install enough dependencies to unfuck this turds project.
All the while the original dev is still trying TO FIX HIS OWN FUCKING CODE while also being a cocky ass the entire time. Now, I can appreciate a cocky dev... I was horrendously cocky in my younger days and have only gotten marginally better with age. But if you're gonna be cocky, you also have to be good at it. And this guy was not.
Lo, we're not done. OG Dev comes down with "Corona Virus"... I put this in quotes because the dude ends up drawing out his "virus" for over 4 months before finally putting us in touch with "another dev team he sometimes uses".
Next, me and my PM get on a MS Teams call with this Indian house. No problems there, I've worked with the Indians before... but... these are guys are not good. They're talking about how they've already built the iOS build... but then I ask them what they did to sort out the ReactNative/Cocoa Pods conflict and they have no idea what I'm talking about.
Well, one of these suckers sends a link to some repo and I find out why. When he sends the link it exposes his email...
This Indian dude's emails was email@example.com...
We'd been played.
Company sued the shit out of the OG dev and the Indian company he was selling off his work to.
I rewrote the app in Swift.
So, lets review... the React dev fucked up his own project so bad even he couldn't fix it... had to get a team of Indians to help who also couldn't fix it... was still a dickhead to me when I couldn't fix it... and in the end it was all so broken we had to just do a rewrite.
None of you get npm. None of you get React. None of you get that doing the web the way Mark Zucherberg does it just makes you a choad locked into that ecosystem. None of you can fix your own damn projects when one of the 6,000 dependency developers pushes breaking changes. None of you ever even bother with "npm audit fix" because if security was a concern you'd be using a server side language for fucking server side programming like a grown up.
Mine are still working.24
A piece of advice to all younger folks who are starting or early in the career.
Never take problems to your manager. NEVER.
Always bring solutions. Why? Because:
1. No one wants to dwell on past. No one cares how big the problem is (unless during retrospection), it's about what can be done NOW to fix it and move on.
2. Your manager already has lot to worry about. Bothering them with another thing will only annoy them putting you in bad light as someone who always has problems.
3. You are employed to think, and solve problems. That's your primary job. Coding, design, writing product specs, or singing while you dance naked is just a medium to do so.
4. This approach reflects your proactive attitude towards your job. No matter how shitty the solution. It will reflect that you thought for yourself instead of relying on someone else to solve the problem.
5. Very few people do it which will give you added advantage over your colleagues/peers during reviews.
6. Lastly, this way you'll learn a ton of new things by researching and implementing yourself.23
He: Honzo, you are great coder, but can you please stop using those sexy anime chicks as placeholder images in your templates?
I: Ups, i forgot replace them.
He: Don't worry, client also enjoy it, but he maybe is only one. He also want to know where you found them.
What can i say, i have exciting work.24
Context: Am Sysadmin, occasionally a programming job flies in.
I just told my superiors that i will can no longer program for a specific customer i already poured ~90hrs into due to stress and thus health issues that have been accumulating since the beginning of the year. Everything relating to this customer is giving me chills. I can't even do my other stuff without hinderance anymore.
Because this is in parrallel to an existing customer complaint that came in yesterday i just received a rather rant-y email about what the fuck would be wrong with me, which immidiately disappeared again.
It was revoked as i now know. So far they seem to be understanding, but i still don't feel good with the decision i made.
I really want to finish the project, but i just can't. It drives me insane. I never felt like this.
Sorry for the wall of text and any errors. I'm really not having a good time right now.4
We have this one professor in a mathematics course.
He sits there having no plan of what he's doing. He literally opens his python Jupiterbook with latex enabled, writes a complex equation and tries to solve it in 10 minutes. Makes mistakes every few steps and deletes his formatted equation that isn't even interpreted yet (we see the cdot etc. instead of * which makes it even harder to read). Every few minutes some student corrects him and he deletes it again.
Why can't you just think first and then write and try to teach us?
Use as much time as you want as long as you don't have to keep reverting back the humanly unreadable latex equation.
Hell, you are also allowed to use a basic pen and paper. Trust me, that shit is more readable, even if you have a bad handwriting, than your squeezed in complex untranslated latex equation in Jupiterbook.
Btw. he also streams with no zooming in I might add.
Am I supposed to trying to read your small as shit, focus on what you're teaching while you keep making mistakes or write it down on paper and practice the given tasks?
On top of that, he records the zoom conference but he doesn't share it anywhere on the college forum so that people who have missed it can download it and rewatch it.
Everything he does makes no sense. How did he become a mathematics professor with a PhD?3
Wrote this on another thread but wanted to do a full post on it.
What is a game?
I like to distinguish between 1. entertainment, 2. games, 3. fun.
both ideally are 'fun' (conveying a sense of immersion, flow, or pleasure).
a game is distinct (usually) from entertainment by the presence of interaction, but certain minimalists games have so little decision making, practice, or interaction-learning that in practice they're closer to entertainment.
theres also the issue of "interesting" interaction vs uninteresting ones. While in broad terms, it really comes down to the individual, in aggregate we can (usefully) say some things, by the utility, are either games or not. For example if having interaction were sufficient to make something a game, then light switches could become a game.
now supposed you added multiple switches and you had to hit a sequence to open a door. Now thats a sort of "game". So we see games are toys with goals.
Now what is a toy?
There are two varieties of toy: impromptu toys and intentional toys.
An impromptu toy is anything NOT intended primarily, by design, to induce pleasure or entertainment when interacted with. We'll call these "devices" or "toys" with a lowercase t.
"Toys", made with the intent of entertainment (primarily or secondarily) we'll label with an uppercase T.
Now whether something is used with the intent behind its own design (witness people using dildos, sex toys, as slapstick and gag items lol), or whether the designer achieves their intent with the toy or item is another matter entirely.
But what about more atmospheric games? What about idle games? Or clickers?
Take clickers. In the degenerate case of a single button and a number that increases, whats the difference between a clicker and a calculator? One is a device (calculator) turned into an impromptu toy and then a game by the user's intent and goal (larger number). The second, is a game proper, by the designers intent. In the degenerate case of a badly designed game it devolves into a really shitty calculator.
Likewise in the case of atmospheric games, in the degenerate case, they become mere cinematic entertainment with a glorified pause/play button.
Now while we could get into the definition of *play*, I'll only briefly get into it because there are a number of broad definitions. "Play" is loosely: freely structured (or structured) interaction with some sort of pleasure as either the primary or secondary object, with or without a goal, thats it. And by this definition you can play with a toy, you can play a game, you can play with a lightswitch, hell you can play with yourself.
This of course leaves out goals, the idea of "interesting decisions" or decision making, and a variety of other important elements.
But what makes a good game?
A lot of elements go into making a good game, and it's not a stretch to say that a good game is a totality of factors. At the core of all "good" games is a focus on mechanics, aesthetics, story, and technology. So we can already see that what makes a good game is less of an either-or-categorization and more like a rating or scale across categories of design elements.
Broadly, while aesthetics and atmosphere might be more important in games like Journey (2012) by Thatonegamecompany, for players of games like Rimworld the mechanics and interactions are going to be more important.
In fact going a little deeper, mechanics are usually (but not always) equivalent to interactions. And we see this dichtonomy arise when looking at games like Journey vs say, Dwarf Fortress. But, as an aside, is it possible to have atmospheric games that are also highly interactive or have a strong focus on mechanics? This is often what "realistic" (as opposed to *immersive*) games try to accomplish in design. Done poorly they instead lead to player frusteration, which depending on player type may or may not be pleasureable (witness 'hardcore' games whos difficulty and focus on do-overs is the fun the game is designed for, like roguelikes, and we'll get to that in a moment), but without the proper player base, leads to breaking player flow and immersion. One example of a badly designed game in the roguelike genre would be Early Access Stoneshard, where difficulty was more related to luck and chance than player skill or planning. A large part of this was because of a poorly designed stealth system, where picking off a single enemy alerted *all enemies* nearbye, who would then *stay* alerted until you changed maps, negating tactics that roguelike players enjoy and are used to resorting to. This is an important case worth examining because it shows how minor designer choices in mechanical design can radically alter the final quality of the game. Some games instead chose the cheaper route of managing player *perceptions* with a pregame note: Darkest Dungeons and Amnesia TDD are just two I can think of.11
Wrote my first line of Java since I was 12 or 13. A basic hello world line. I then got the error that reminded me of why I disliked programming in general that time. Fucking semicolon9
Every employer: “We're an equal opportunity employer. All applicants will be considered for employment without attention to race, colour, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.”
Me: Cool. *clicks on next*
Employer: What's your race? What's your gender? Are you fucking handicap? Do you randomly explode? What's your nationality? Do you bang granny hookers? Do you drink goat milk or camel milk?
WTF!!!! If you are so much about equal employment then why the fuck do you care about this crap and why can you not hire me on my merit?10
Deliberately disgusting chocolate. Looks like normal chocolate, but with all the sugar removed and possibly some additives to make it taste even worse. Designed so that you can give it to kids, and they'll never want to touch chocolate again.12
Support for an app that long handed over. This time, a customer is supposed to be deleted. The client probably wants me to delete the customer from the live database.
Why can't he delete the customer himself? Well, the button is disabled. And apparently, he doesn't want to pay for my time to figure out why the button is disabled. Or that's normal, who knows. I don't know the app.
I open up the database. Try to generate a model of all connected tables to the customer table. No luck. The tables aren't connected, the ORM handles relations. I hate that. Probably have to go through and delete all of those manually in a live database. Argh!
Okay, let's see why we cannot just click the button. Alright, yeah, there is a disabled on the button. Hmm... I wonder. Removed the disabled in the web browser inspector and hit the button. Seconds later, the entry disappears from the database.
My predecessors were sloppy. Probably thought it's the admin menu. We don't have to protect our customer from himself.
That just saved me a lot of time.
when you cant be arsed to do icons so you just use emojis for button icons.
btn.textContent = "🗑️"
because icon sets now have their own apis (like what ever happened to icon fonts?), and documents explaining what scripts and commands to run to *install fucking plugins* on software written to *supplement* doc servers. plugins and software whos host site returns an SSL error. nice.
to use web icons. downloaded only on request. from other sites.
seems kind of eh, tower-of-baylon to me. like a bird landing on the electrical lines near your house might cause a blip and break one or two icons on your slick 2020 web app.
idk just seems unnecessary, like if you're small, your gonna want to embed your fonts on the webpage instead of overcooking things and hosting *a fucking server* just to serve an api for fucking *icons*. and if you're large you're gonna reduce those requests anyway12
A recruiter on call, going through my GitHub project with MIT License: "but it is taken from MIT, is it?"12
This week Im firing a guy who I hired 5 weeks ago. I cant take it anymore. I setted up a nice environment for him and he keeps taking whole day sometimes two or three to do a 2 hour task. He came from electrical engineering background and never had a software dev job. As a person hes more creative type not logical based type. I dont have nor patience nor resources nor time to teach him basics that be could google but simply doesnt have the mindset to do. Sorry bill gates not everyone can learn how to code, or at least not everyone should.
Advice to other people hiring new hires: test the shit out of them before hiring, dont hire from gut. This guy was giving out a nerd vibe, but the only nerd thing that he has is nerdy puns, other than that as a software dev he know less than I did when I was 12 years old.28
I feel retarded. Just spent a good solid 15 minutes trying to figure out what was wrong:
<input id="#example" type="text">
let data = $('#example').val()
And I was sending data to the backend and wondering why it always came across as undefined...6
While talking to hostile managers, don’t say “doesn’t work in chrome” and “works in Firefox”. Say “doesn’t work in blink” and “works in gecko”. Don’t say “we need sync”, say “we’re currently choosing between a CmRDT and a CvRDT”. Don’t say “code was slow”, say “oof, an unacceptable big-o and a huge runtime penalty”.
Their ego is too much to ask what this means. And you’re still sound perfectly understandable by your fellow tech guys.
Don’t lie. There is no need. Just present your ideas in a professional way.
Also if a hostile manager is willing to break their ego and ask and finally educate, you can make a good colleague who understands. And the knowledge and the willingness to understand the problems of “tech guys” would spread much quicker from your fellow educated manager to other managers than from you to them.
i know you mean well, but please stop getting me laptops for my birthday. i spend countless hours fixing wifi and graphics card and other drivers because of this.
After almost a year of watching and experimenting (and not wanting to believe), I’ve learned something about the people i work with:
They don’t consider ideas based on the idea’s own merit, nor does a good idea improve their views of the person proposing it. They instead give the idea merit based entirely on who proposed it. It’s backwards.
• If they like or revere someone, their ideas cannot be bad, and they are never questioned even if they don’t make sense.
• If they sort of like someone, but that person challenges someone they like more, the ideas are dismissed and picked apart, and sometimes even reworded by the group and then accepted, with credit then given to the group. The person is still seen as wrong.
• If they dislike someone, none of their ideas are good, or they’re ignored, or ridiculed for reasons such as stating what is (only now) an abundantly obvious good idea.
(There is some overlap from the execs, where they occasionally consider an idea for its merit and then restate it, which means the idea is now coming from an exec, and is therefore readily accepted. Occasionally the original person gets some credit for this.)
It also applies to pictures of food in the cooking channel. If people like you more, they like your food more, while a professional-looking plate from a social leper gets ignored.
It’s like office politics, but applies to virtually every aspect of company life instead of just promotions, requests, and project assignments. It’s like replacing common courtesy and reason with a social FICO score: your contributions are only acceptable if you agree with your coworkers, laugh at their jokes, etc. And if you appear to like the same music, have recently posted more pictures of tacos or brownies than usual, etc.? Well, you had better do that before suggesting something you actually care about.
It’s social credit.
And it’s stupid.50
So as usual I received some call from telemarketer and I started from other perspective this time.
I asked how I can be sure that the person on the other side is telling the truth.
That pissed the telemarketer that started challenging me by reading my company data but I calmly responded that it doesn’t proof anything cause I don’t know anything about you - the person who are calling me.
I know who I am but how I can trust who you are ? You just provided me your name that I don’t know it’s true cause I have no methods to verify that.
That pissed telemarketer so much.
Some time ago before you put money in bank you know the banker. If someone was stealing this money you probably know from your police who is it and where he’s probably hiding.
The future we’re trying to go right now with this machine stuff that makes job for us is completely different.
We’re more and more separated from reality that is our planet dying. More and more animals and plants are dying, nobody cares about it.
Despite me working a lot with new tech I am more and more sceptic of how technology is shaping us. We sooner or later wont be able to shit without computer ( lots of us is probably already there bringing cellphones as companions for good nice shit rolling ).
Is it the future we want ?
The future where you need to beat computer to have contact with nice people. Cause I see it everywhere now. The technology is stupid and not perfect so lots of us is forced to align to this crap right now. Use the technology and beat the algorithms to connect with human. That’s the future we want ? Really ?
Some idiotic algorithms that are trying to tell us that this is what you need to watch ? This is what you need to eat ?
This is where you need to be ?
Take our time and turn it to view count slash likes and subscribes shit hole ?
The technology power show that everyone wants to buy but you won’t even use 10% of it’s capabilities cause it’s blocked by company that sells it ?
I’m more and more disappointed by this world.
Anyway Telemarketer didn’t want to admit that is alien robot who is trying to kill humans by selling me this machine so I hanged up cause I had nothing more interesting to say.
I think they will finally stop calling me.2
So, This new company I joined, My first task was to revamp the codebase. have ended up cleaning up the garbage so much that I have lost all my touch with innovation. I am just doing regular and tedious feature replication. I hope I finish this soon and get into real things!! building something from scratch.
Comment on a GitHub issue on one of my repos:
"Almond I posted this feature request last month, please start to work on it in your free time"
Dude, that's just made it a whole lot less likely I'll even give that feature request the time of day. Take your entitled arse attitude to the bank and pay me to do it if you care that much.
Also, free time?!?! Hahahaha.4