Aboutcybersecurity engineer in aerospace
Skillspython, c++, flask, linux, security, containers, docker, container security
Joined devRant on 5/17/2019
Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
The titles - some of these events have the most insufferable titles. If it's not some cringey pop-culture acronym like AVNGRS then it's a super nondescript, mysterious title like "The Bakeoff", which helps nobody and doesnt do the event justice.
I would much prefer "MIT Anual CTF, 2021" than the usual bullshit fanfare referencing the Matrix.1
Had a meeting with about 5 people, 4 of which showed up, 1 of which did not.
Guess which one was the subject matter expert without whom we spent 55 minutes positing what-if's that could've been easily answered if that individual was there?
Yup. Never rescheduled, and that was the end of that conversation.
Learning from the smart people; in every workplace there are drones and leaders, each have their own selective intelligence. Pick the ones that are the most intelligent to learn from, and you'll be going along happily while learning at breakneck speed from the best.
Just finished moving all my python code documenation from hand-written wikis to API docstrings and set it up to autodeploy to github pages with each commit. Feeling really hopeful about this, although its going to be frustrating going back to other languages that dont have inline docstrings.1
The fact that there's only two characters between "run this job every 10 minutes" and "run this job every hour on the tenth minute" was the fix for the particular problem i just spent 5 hours on :facepalm:8
"I need these permissions that J has"
J has those permissions because he worked on a different team that was granted those, you do not.
"I need it"
"I need it"
Its not within my power to allow you access, you have to talk with R and M.
"Okay well guess what I'm gonna escalate this up thr chain and its gonna come down on you"
*sigh* what do i do when i literally have no authority to give someone something and am clearly doing my jobb right, but someone thinks they can get me... idk... in trouble? Threaten me??? Logic, meet the window6
Loopback 4 really is pulling me out of the expressjs shithole... It really feels like I'm avoiding a lot of tedious work.
"B-b-bbut you have to use typescript and its a slower"
I've preferred typescript ever since angular 2 came out, and the 'slower' comment is invalidated by the fact that, when working on projects that are distributed between multiple devs, are marked by silent errors and serialization issues, and can change datasource types between customers, then the benefits of typescript and loopback's CLI far outweigh any potential slowdowns that may be caused. If you can find me an alternative that does this better, please let me know.1
The best way to get a kid interested in coding is give them legos. If they hate legos, they most likely wont like programming, or anything that requires you to understand how something is designed in order to build a service or product.
Next is just to see what the kid likes and what they're good at.2
Can you guys let me know how microsoft teams is? Is it good, or is it polluted with fluff and garbage?15
So if you recall, my last rant was about last minute, supposed critical-severity, ASAP due date requests being made, and me telling them to fuck off.
So today the boss' boss' boss called down and said a different task needs to be done by end of the month.
So now my current tasks get pushed to next month, and the person who needed their task done ASAP will now more than likely get it by mid june. Amazing.
And if you've been actively following my other rants, this is the same section manager that sends a quirky email out at the end of every night about what she's been fucking with lately.
I WANT OFF MR TOAD'S WILD RIDE
An actual email thread:
G: I need this done
Me: okay. Whats the priority, when's the due date, who are the stakeholders, what's the sensitivity level of the data?
G: Priority is ASAP, due date is ASAP, stakeholders are ALL OF IT, and i want to be able to control the data sensitivity level
Those arent ANSWERS; they're REQUESTS!!!9
About two weeks ago i posted a rant containing an email from the big boss. Today they held a "virtual town hall" where people could ask questions, get answers, and generally just be online. Went fairly well, good info was handed out, and i think people mostly enjoyed themselves (even if it was at the expense of the higher-ups).
Then comes the email. The same person as last time had this quote:
"I’m good at giving advice, so I need to take some of my own. I intend to take it easy this weekend, watch Netflix, do some household chores, play the piano and maybe even read a book! "
Jesus christ. Remember those memes about zuck being a robot because everything he does it looks and feels like it's an alien trying to blend in? That's what this feels like. On a normal workyear i would hear from this person 10 times TOTAL. I have heard from them this amount in the past 2 WEEKS.
Maybe it's the virus, but this is driving me INSANE. If there's any lesson you can learn from this, it would be:
Dont pretend like you care by not knowing or learning anything about the people you work with.
Jesus they even sent out surveys to see what the telework experience is like... THE RESPONSES ARE RECORDED AND PUBLICLY DISPLAYED!!!
Scenario: Enabling yet another python test suite on vscode. No big deal.
I start the test init and discovery. Says it cant find the test files. Okay; usually the issue is there's no __init__.py in the test directory. It's okay we can fix that.
Oh wait it's still not working. Okay well this isnt good... After about an hour of searching, i finally find out that the file that vscode is discovering tests with doesnt exist... In fact the whole testing directory doesnt exist!
Okay so now what do i do... Reinstall? Doesnt work. Reinstall and delete the extension directory? Yes! Victory!
Dont know how i got a half-baked extension download but hey... Could've beem worse.
In order for you to become well-versed at something you cannot study it at a distance.
In addition, most of the time the best way to learn something is to start trying to do stuff. If you wanna learn a language, start trying to program in it. Just go for it.5
Just posted this in another thread, but i think you'll all like it too:
I once had a dev who was allowing his site elements to be embedded everywhere in the world (intentional) and it was vulnerable to clickjacking (not intentional). I told him to restrict frame origin and then implement a whitelist.
My man comes back a month later with this issue of someone in google sites not being able to embed the element. GOOGLE FUCKING SITES!!!!! I didnt even know that shit existed! So natually i go through all the extremely in depth and nuanced explanations first: we start looking at web traffic logs and find out that its not the google site name thats trying to access the element, but one of google's web crawler-type things. Whatever. Whitelist that url. Nothing.
Another weird thing was the way that google sites referenced the iframe was a copy of it stored in a google subsite???? Something like "googleusercontent.com" instead of the actual site we were referencing. Whatever. Whitelisted it. Nothing.
We even looked at other solutions like opening the whitelist completely for a span of time to test to see if we could get it to work without the whitelist, as the dev was convinced that the whitelist was the issue. It STILL didnt work!
Because of this development i got more frustrated because this wasnt tested beforehand, and finally asked the question: do other web template sites have this issue like squarespace or wix?
Nope. Just google sites.
We concluded its not an issue with the whitelist, but merely an issue with either google sites or the way the webapp is designed, but considering it works on LITERALLY ANYTHING ELSE i am unsure that the latter is the answer.2
Me: I want to make all our application directories a separate virtual disk for easy resizeability
Project lead: Why? We have lvm!
I might stab somebody, myself included.6
Fuck me Doom: Eternal is brilliant. People said what they liked and disliked about Doom 2016 and they just listened. Imagine that!10
Just a reminder that Terraform is insecure by design and if you even THINK about using it to execute CI/CD deployments not built into the cloud (Jenkins, on-prem CI/CD, etc...), then you're a DOUBLE fool. God i hate my infra team sometimes...16
It's hard for me sometimes to tell the difference between a dev who actually got fucked and a dev who just didn't know how to budget their time correctly...
I've had freelance web friends who will go out partying twice a week... I've also had freelance web friends who shutter themselves indoors the moment a project of significance comes up. Both types have complained to me about crunch time.
Obviously i can't tell a whole story from just a devRant thread, but for a select few of them i really feel like this person just had no idea what they were doing, were negligent, or estimated their time way under the cut.
I'm not calling anyone out, I'm just saying that when you post about crunch when the item is something fairly obvious you should've been able to catch within the first week of the project, it makes me doubt your sensibilities.
Obviously I'm not making any judgements or saying that i know even half of what you know about the project and the job, but I'm just saying a little more detail couldnt hurt...7
They're re-working all the teams tomorrow. Hopefully i dont get put somewhere absolutely dead-end.
Wish me luck, boys.2
Couldnt fix a bug that conflicted with an unrelated codebase. A 1 in a million issue on github.
Had a wank.
Bug fixed, pushed, and deployed 30 minutes later.4
Normal people when they see the word 'Helo': Helicopter, misspelled "hello", nothing too complicated
Me when I see the word 'Helo': MALFORMED SMTP GREETING; EXPECTED DOMAIN
Optimization concepts/patterns or instances?
For pattern its gotta be any time i can take a O(n^2) and turn it into O(n) or literally anything better than O(n^2).
Instance would probably be the time that we took an api method that returned a json list made up of dictionaries CSV-style and changed it into a dictionary with the uid as the key and the other info as key-value pairs in a sub-dictionary. So instead of:
We now return:
Which can, if done right, make your runtime O(1), which i love.