Skillsjava and Go
Joined devRant on 12/17/2018
Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
I was talking to a friend, and they were arguing that HTML was in fact a programming language. Their main argument was that you needed HTML to make a website.
I told them you could use something like React, and they said it doesn't count since you're still writing was is basically HTML
Wish me luck12
The IT guy at client made a spaghetti code website to replace their time entry software. I come in to “finish it up in a week to two” (just me). I start by removing 1200+ lines of convoluted data access code that doesn’t work, SQL injection prone too. I quickly gave up and started from scratch; just copyied some of his actually decent HTML.
Friday, he proceeded to try to install node on the server and run main.JS. Now he’s all concerned my repo is too complex because he can’t deploy a static website 🙁
He didn’t ask me how it gets deployed nor did he listen when I said “node is NOT THE BACKEND we have .NET core for that”.🤦♂️
I’m gonna spend a week writing documentation at 5th grade level and hand holding him so he understands how this code works because he’s going to be the one maintaining it.1
Finally a dream hardware project forming shape.
I am not sure about the feasibility of this project and also lack the technical skills, but am excited to see myself take the first step towards a more private presence on the internet.
I am even willing to hire someone who can help me set this up.
For now, I have the architecture and requirement document coming along well.
Most of my identity on internet (except LinkedIn which is for work purpose) is anonymous.
Need to contact Google remove myself from the search results.
I see myself 99% anonymous on internet in next 6 months.
Is Pi-VPN or OpenVPN FOSS? And can I setup VPN and Pi-Hole on same Rasp Pi?33
Remember, remember the fifth of November
Gunpowder, treason and plot
I see no reason why gunpowder treason
Should ever be forgot
Guy Fawkes, Guy Fawkes, 'twas his intent
To blow up the King and the Parliament
Three score barrels of powder below
Poor old England to overthrow
By God's providence he was catched
With a dark lantern and burning match
Holloa boys, holloa boys
God save the King!
Hip hip hooray!
Hip hip hooray!
A penny loaf to feed ol' Pope
A farthing cheese to choke him
A pint of beer to rinse it down
A faggot of sticks to burn him
Burn him in a tub of tar
Burn him like a blazing star
Burn his body from his head
Then we'll say ol' Pope is dead.
Hip hip hooray!
Hip hip hooray!1
The day I became the 400 pound Chinese hacker 4chan.
I built this front-end solution for a client (but behind a back end login), and we get on the line with some fancy European team who will handle penetration testing for the client as we are nearing dev completion.
They seem... pretty confident in themselves, and pretty disrespectful to the LAMP environment, and make the client worry even though it's behind a login the project is still vulnerable. No idea why the client hired an uppity .NET house to test a LAMP app. I don't even bother asking these questions anymore...
And worse, they insist we allow them to scrape for vulnerabilities BEHIND the server side login. As though a user was already compromised.
So, I know I want to fuck with them. and I sit around and smoke some weed and just let this issue marinate around in my crazy ass brain for a bit. Trying to think of a way I can obfuscate all this localStorage and what it's doing... And then, inspiration strikes.
I know this library for compressing JSON. I only use it when localStorage space gets tight, and this project was only storing a few k to localStorage... so compression was unnecessary, but what the hell. Problem: it would be obvious from exposed source that it was being called.
After a little more thought, I decide to override the addslashes and stripslashes functions and to do the compression/decompression from within those overrides.
I then minify the whole thing and stash it in the minified jquery file.
So, what LOOKS from exposed client side code to be a simple addslashes ends up compressing the JSON before putting it in localStorage. And what LOOKS like a stripslashes decompresses.
Now, the compression does some bit math that frankly is over my head, but the practical result is if you output the data compressed, it looks like mandarin and random characters. As a result, everything that can be seen in dev tools looks like the image.
So we GIVE the penetration team login credentials... they log in and start trying to crack it.
I sit and wait. Grinning as fuck.
Not even an hour goes by and they call an emergency meeting. I can barely contain laughter.
We get my PM and me and then several guys from their team on the line. They share screen and show the dev tools.
"We think you may have been compromised by a Chinese hacker!"
I mute and then die my ass off. Holy shit this is maybe the best thing I've ever done.
My PM, who has seen me use the JSON compression technique before and knows exactly whats up starts telling them about it so they don't freak out. And finally I unmute and manage a, "Guys... I'm standing right here." between gasped laughter.
If only it was more common to use video in these calls because I WISH I could have seen their faces.
Anyway, they calmed their attitude down, we told them how to decompress the localStorage, and then they still didn't find jack shit because i'm a fucking badass and even after we gave them keys to the login and gave them keys to my secret localStorage it only led to AWS Cognito protected async calls.
Anyway, that's the story of how I became a "Chinese hacker" and made a room full of penetration testers look like morons with a (reasonably) simple JS trick.9
Most ignorant ask from a PM or client?
So, so many. How do I chose?
- Wanting to 'speed up' a web site that we did not own, in Sweden (they used a service I wrote). His 'benchmark' was counting "one Mississippi, two Mississippi" while the home page rendered on his home PC and < 1MB DSL connection (he lives in a rural area).
- Wanted to change the sort order of a column of report so it 'sometimes' sorted on 'ABC' (alpha) or '123' (numeric) and sometimes, a mix of both. His justification was if he could put the data in the order he wanted in Excel, the computer should be smart enough to do the same thing.
- Wanted a Windows desktop application to run on an android.
- Wanted to write the interface to a new phone system that wasn't going to be installed for months. Even though we had access to the SDK, he didn't understand the SDK required access to the hardware. For several weeks he would send emails containing tutorials on interfacing with COM libraries (as if that was my problem).
- Wanted to write a new customer support application in XML. I told him I would have the application written tomorrow if he could tell me what XML stands for.4
I really like this book on the basis of the philosophy overall, no this doesn’t solve all problems but it’s a good baseline of “guidelines/rules” to program by. Good metrics or goals to architect and design software projects high and low level projects.
Fight Software Rot
Avoid duplicate code
Write Flexible, dynamic, adaptable code
Not cargo cult programming and programming by coincidence.
Make robust code, contracts/asserts/exceptions
Test, Test, and TEST again and Continue testing.. this is a big one.. not so much meaning TDD.. but just testing in general never stop trying to break your software.. FIND the bugs.. you should want to find your bugs. Even after releasing code the field continue testing.21
So, what's your IT trivia?
One of my favourites is sosumi.
When Apple Computers started up they were sent a "cease and desist" notice by Apple Music (The Beatles).
They reached a settlement that Apple Computers would never publish music and Apple Music would never sell computers.
So when the Mac came out and played a tune on startup, the filename was sosumi.
Wikipedia now appears to dispute this, saying that sosumi wasn't the startup sound, but some other sound - any Mac experts care to comment?1
So, a few years ago I was working at a small state government department. After we has suffered a major development infrastructure outage (another story), I was so outspoken about what a shitty job the infrastructure vendor was doing, the IT Director put me in charge of managing the environment and the vendor, even though I was actually a software architect.
Anyway, a year later, we get a new project manager, and she decides that she needs to bring in a new team of contract developers because she doesn't trust us incumbents.
They develop a new application, but won't use our test team, insisting that their "BA" can do the testing themselves.
Finally it goes into production.
And crashes on Day 1. And keeps crashing.
Its the infrastructure goes out the cry from her office, do something about it!
I check the logs, can find nothing wrong, just this application keeps crashing.
I and another dev ask for the source code so that we can see if we can help find their bug, but we are told in no uncertain terms that there is no bug, they don't need any help, and we must focus on fixing the hardware issue.
After a couple of days of this, she called a meeting, all the PMs, the whole of the other project team, and me and my mate. And she starts laying into us about how we are letting them all down.
We insist that they have a bug, they insist that they can't have a bug because "it's been tested".
This ends up in a shouting match when my mate lost his cool with her.
So, we went back to our desks, got the exe and the pdb files (yes, they had published debug info to production), and reverse engineered it back to C# source, and then started looking through it.
Around midnight, we spotted the bug.
We took it to them the next morning, and it was like "Oh". When we asked how they could have tested it, they said, ah, well, we didn't actually test that function as we didn't think it would be used much....
What happened after that?
Not a happy ending. Six months later the IT Director retires and she gets shoed in as the new IT Director and then starts a bullying campaign against the two of us until we quit.5
One week, and it turned out to be worse than that.
I was put on a project for a COVID-19 program in America (The CARES Act). The financial team came to us on Monday morning and said they need to give away a couple thousand dollars.
No big deal. All they wanted was a single form that people could submit with some critical info. Didn't need a login/ registration flow or anything. You could have basically used Google Forms for this project.
The project landed in my lap just before lunch on Monday morning. I was a junior in a team with a senior and another junior on standby. It was going to go live the next Monday.
The scope of the project made it seem like the one week deadline wasn't too awful. We just had to send some high priority emails to get some prod servers and app keys and we were fine.
Now is the time where I pause the rant to express to you just how fine we were decidedly **not**: we were not fine.
Tuesday rolls around and what a bad Tuesday it was. It was the first of many requirement changes. There was going to need to be a review process. Instead of the team just reading submissions from the site, they needed accept and reject buttons. They needed a way to deny people for specific reasons. Meaning the employee dashboard just got a little more complicated.
Wednesday came around and yeah, we need a registration and login flow. Yikes.
Thursday came and the couple-thousand dollars turned into a tens of millions. The amount of users we expected just blew up.
Friday, and they needed a way for users to edit their submissions and re-submit if they were rejected. And we needed to send out emails for the status of their applications.
Every day, a new meeting. Every meeting, new requirements that were devastating given our timeframe.
We put in overtime. Came in on the weekend. And by Monday, we had a form that users could submit and a registration/ login flow. No reviewer dashboard. We figured we could take in user input on time and then finish the dashboard later.
Well, financial team has some qualms. They wanted a more complicated review process. They wanted roles; managers assign to assistants. Assistants review assigned items.
The deadline that we worked so hard on whizzed by without so much as a thought, much less the funeral it deserved.
Then, they wanted multiple people to review an application before it was final. Then, they needed different landing pages for a few more departments to be able to review different steps of the applications.
Ended up going live on Friday, close to a month after that faithful Monday which disrupted everything else I was working on, effective immediately.
I don't know why, but we always go live on a Friday for some reason. It must be some sort of conspiracy to force overtime out of our managers. I'm baffled.
But I worked support after the launch.
And there's a funny story about support too: we were asked to create a "submit an issue" form. Me and the other junior worked on it on a wednesday three weeks into the project. Finished it. And the next day it was scrapped and moved to another service we already had running. Poor management like that plagued the project and worked in tandem with the dynamic and ridiculous requirements to make this project hell.
Back to support.
Phone calls give me bad anxiety. But Friday, just before lunch, I was put on the support team. Sure, we have a department that makes calls and deal with users. But they can't be trained on this program: it didn't exist just a month ago, and three days ago it worked differently (the slippery requirements never stopped).
So all of Friday and then all of Saturday and all of Monday (...) I had extended panic attacks calling hundreds of people. And the team that was calling people was only two people. We had over 400 tickets in the first two days.
And fuck me, stupid me, for doing a good job. Because I was put on the call team for **another** COVID project afterwards. I knew nothing about this project. I have hated my job recently. But I'm a junior. What am I gonna say, no?8
Electronics store clerk: "Can I help you?"
Me: "Good afternoon sir. I'm a developer and lifelong PC gamer. I received a second hand PS4, and might buy a next gen console at the end of the year. People tell me that in front of this soft wide desk chair people call a "couch", you need some sort of large computer monitor to enjoy console gaming"
Clerk: "Yeah, we sell TVs. What TV do you have now?"
Me: "I don't own a TV. I just want a huge 4K computer display with a good response time, excellent refresh rate, and great contrast"
Clerk: "OK so this is an entry level 55" smart TV. It's 120hz, QLED, has full array local dimming. It's great for gaming. It's €1000. We also have this LG OLED smart TV for €1200, which is a step up in terms of contrast and response time..."
Me: "Wait... Smart TV? No, I don't want a TV with an operating system. I want a computer display."
Clerk: "There aren't a lot of big computer displays. We have this ASUS ROG 55" computer monitor. It's also 120hz. Very similar response time, but the brightness and contrast aren't as great, it's edge-lit"
Me, trying really hard to make out the contrast differences under ugly fluorescent lights of the store: "So it's a worse big couch display, without smart OS. How much is it?"
Me: "So what you're saying is that while the displays are similar or even better, the operating system on all these TVs is so incredibly bad, you have to give €2500 discount for people to even buy it?"31
So, a couple of weeks ago I started a temporary job writing code mostly for DB purposes. I noticed during that time there was a specific person just copying my code and not giving credit in the meetings. So I decided to put a small, quirky, joke in my last code just to see if the person reviewed it before presenting.
FF to yesterday, the person did not check the code and he presented a table with a field called PENIS Contract Length in our zoom meeting.
Not sorry at all9
Boss: Can we add a [Close] button at the top right of the modal instead for all the items, the back at the lower left seems out of place.
Me: What modal? You mean move the back button to the top right of the page?
Boss: And make it say [Close]
Me: But it navigates Back. It's not a modal so it doesn't close. [Back] makes more sense than [Close].
Boss: Change the [Back] on the modal to [Close].
Me: But... fine...
Buttons all now say "Close", they all have double quotes. No one has said anything.20
Surround yourself with good bosses, mentors and colleagues. And then talk to them, develop trust. When I feel like an imposter, thinking back of all the times my mentor told me that I'm good makes me feel better about myself and my skills.
Also, keep some sort of portfolio of your successes. And be sure to remind yourself that the portfolio would be empty of you weren't good at what you do.
Slowbro: Do you have time tonight?
Me: No sorry, I can't stay late tonight, I have a thing with my wife.
S: Oh yeah, I'm not staying late either.
M: Oh, so what do you want?
S: Can you help me install linux?
M: Uh no, I can't stay late -
S: No, no you don't have to stay, you can do it from home.
M: What? No I don't have time tonight. Wait you want me to take your computer home?
S: No, no I need to use my computer tonight.
M: So... What do you want me to do?
S: You can do it on your computer.
M: You want me to install an OS on your computer, but on my computer??
S: No, no *sigh* just try it on your computer so we know it will work on my computer. It is a proof of principle.
M: Reinstall my OS?
S: As a proof of principle. So tomorrow when we do it on my computer, we need not waste any time.
M: ... No I'm not going to reinstall my OS just as a test for you.
S: Not a test, a proof of principle.
M: What are you.. I'm sorry, I don't have time for this tonight.
S: Just a proof of principle!!
M: Ok see you.13
Fucking 20 hour days. Third one this week.
Been at work since 6am, it is now midnight. Spent the morning fixing bush league code mistakes from "expert" onshore developers, and explaining how-to-wipe-your-ass level concepts to some rude cunt who is absolutely going to take credit for my work after I leave.
Now I'm just waiting on this slow boat scp to finish because the invalids the customer hired to manage their infra can't figure out the 3 minute exercise that is standing up a registry, so the container deployment process is fucking export multiple 500mb Redhat images as a tar and ship it across the cripplenet they call a datacenter. And of course the same badmins don't understand rsync and can't manage to get network throughput in a datacenter with a $300M annual budget over 128kbps. I guess that's fast for whatever jugaad horseshit network they're used to.
I've said it before, but it bears repeating. Fuck IBM. They're a cancer and at this point I question the moral compass of anyone who works for them.8
How does google map get the ever changing streets data? Be it traffic or general street map? It's accurate af! If a street is shut temporarily, it knows that and reroutes.
I understand that if there are others who are using Google maps in the area, it can aggregate and make an educated guess for every other user. But I am pretty sure it just can't rely on other users opening the app and having their gps on. Eg: live traffic data.. not everyone on the road is using maps!2
- have a look at the project
- brake it down into smaller stories
- estimate the time
- multipy it with 1.5
- add 1-3 days of testing
- add 15% project management
- add a 2 days buffer
= be happy with being done in 2 weeks, present it in 4