Aboutcybersecurity engineer in aerospace
Skillspython, c++, flask, linux, security, containers, docker, container security
Joined devRant on 5/17/2019
Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Loopback 4 really is pulling me out of the expressjs shithole... It really feels like I'm avoiding a lot of tedious work.
"B-b-bbut you have to use typescript and its a slower"
I've preferred typescript ever since angular 2 came out, and the 'slower' comment is invalidated by the fact that, when working on projects that are distributed between multiple devs, are marked by silent errors and serialization issues, and can change datasource types between customers, then the benefits of typescript and loopback's CLI far outweigh any potential slowdowns that may be caused. If you can find me an alternative that does this better, please let me know.1
The best way to get a kid interested in coding is give them legos. If they hate legos, they most likely wont like programming, or anything that requires you to understand how something is designed in order to build a service or product.
Next is just to see what the kid likes and what they're good at.2
Can you guys let me know how microsoft teams is? Is it good, or is it polluted with fluff and garbage?15
So if you recall, my last rant was about last minute, supposed critical-severity, ASAP due date requests being made, and me telling them to fuck off.
So today the boss' boss' boss called down and said a different task needs to be done by end of the month.
So now my current tasks get pushed to next month, and the person who needed their task done ASAP will now more than likely get it by mid june. Amazing.
And if you've been actively following my other rants, this is the same section manager that sends a quirky email out at the end of every night about what she's been fucking with lately.
I WANT OFF MR TOAD'S WILD RIDE
An actual email thread:
G: I need this done
Me: okay. Whats the priority, when's the due date, who are the stakeholders, what's the sensitivity level of the data?
G: Priority is ASAP, due date is ASAP, stakeholders are ALL OF IT, and i want to be able to control the data sensitivity level
Those arent ANSWERS; they're REQUESTS!!!9
About two weeks ago i posted a rant containing an email from the big boss. Today they held a "virtual town hall" where people could ask questions, get answers, and generally just be online. Went fairly well, good info was handed out, and i think people mostly enjoyed themselves (even if it was at the expense of the higher-ups).
Then comes the email. The same person as last time had this quote:
"I’m good at giving advice, so I need to take some of my own. I intend to take it easy this weekend, watch Netflix, do some household chores, play the piano and maybe even read a book! "
Jesus christ. Remember those memes about zuck being a robot because everything he does it looks and feels like it's an alien trying to blend in? That's what this feels like. On a normal workyear i would hear from this person 10 times TOTAL. I have heard from them this amount in the past 2 WEEKS.
Maybe it's the virus, but this is driving me INSANE. If there's any lesson you can learn from this, it would be:
Dont pretend like you care by not knowing or learning anything about the people you work with.
Jesus they even sent out surveys to see what the telework experience is like... THE RESPONSES ARE RECORDED AND PUBLICLY DISPLAYED!!!
Scenario: Enabling yet another python test suite on vscode. No big deal.
I start the test init and discovery. Says it cant find the test files. Okay; usually the issue is there's no __init__.py in the test directory. It's okay we can fix that.
Oh wait it's still not working. Okay well this isnt good... After about an hour of searching, i finally find out that the file that vscode is discovering tests with doesnt exist... In fact the whole testing directory doesnt exist!
Okay so now what do i do... Reinstall? Doesnt work. Reinstall and delete the extension directory? Yes! Victory!
Dont know how i got a half-baked extension download but hey... Could've beem worse.
In order for you to become well-versed at something you cannot study it at a distance.
In addition, most of the time the best way to learn something is to start trying to do stuff. If you wanna learn a language, start trying to program in it. Just go for it.5
Just posted this in another thread, but i think you'll all like it too:
I once had a dev who was allowing his site elements to be embedded everywhere in the world (intentional) and it was vulnerable to clickjacking (not intentional). I told him to restrict frame origin and then implement a whitelist.
My man comes back a month later with this issue of someone in google sites not being able to embed the element. GOOGLE FUCKING SITES!!!!! I didnt even know that shit existed! So natually i go through all the extremely in depth and nuanced explanations first: we start looking at web traffic logs and find out that its not the google site name thats trying to access the element, but one of google's web crawler-type things. Whatever. Whitelist that url. Nothing.
Another weird thing was the way that google sites referenced the iframe was a copy of it stored in a google subsite???? Something like "googleusercontent.com" instead of the actual site we were referencing. Whatever. Whitelisted it. Nothing.
We even looked at other solutions like opening the whitelist completely for a span of time to test to see if we could get it to work without the whitelist, as the dev was convinced that the whitelist was the issue. It STILL didnt work!
Because of this development i got more frustrated because this wasnt tested beforehand, and finally asked the question: do other web template sites have this issue like squarespace or wix?
Nope. Just google sites.
We concluded its not an issue with the whitelist, but merely an issue with either google sites or the way the webapp is designed, but considering it works on LITERALLY ANYTHING ELSE i am unsure that the latter is the answer.2
Me: I want to make all our application directories a separate virtual disk for easy resizeability
Project lead: Why? We have lvm!
I might stab somebody, myself included.6
Fuck me Doom: Eternal is brilliant. People said what they liked and disliked about Doom 2016 and they just listened. Imagine that!10
Just a reminder that Terraform is insecure by design and if you even THINK about using it to execute CI/CD deployments not built into the cloud (Jenkins, on-prem CI/CD, etc...), then you're a DOUBLE fool. God i hate my infra team sometimes...16
It's hard for me sometimes to tell the difference between a dev who actually got fucked and a dev who just didn't know how to budget their time correctly...
I've had freelance web friends who will go out partying twice a week... I've also had freelance web friends who shutter themselves indoors the moment a project of significance comes up. Both types have complained to me about crunch time.
Obviously i can't tell a whole story from just a devRant thread, but for a select few of them i really feel like this person just had no idea what they were doing, were negligent, or estimated their time way under the cut.
I'm not calling anyone out, I'm just saying that when you post about crunch when the item is something fairly obvious you should've been able to catch within the first week of the project, it makes me doubt your sensibilities.
Obviously I'm not making any judgements or saying that i know even half of what you know about the project and the job, but I'm just saying a little more detail couldnt hurt...7
They're re-working all the teams tomorrow. Hopefully i dont get put somewhere absolutely dead-end.
Wish me luck, boys.2
Couldnt fix a bug that conflicted with an unrelated codebase. A 1 in a million issue on github.
Had a wank.
Bug fixed, pushed, and deployed 30 minutes later.4
Normal people when they see the word 'Helo': Helicopter, misspelled "hello", nothing too complicated
Me when I see the word 'Helo': MALFORMED SMTP GREETING; EXPECTED DOMAIN
Optimization concepts/patterns or instances?
For pattern its gotta be any time i can take a O(n^2) and turn it into O(n) or literally anything better than O(n^2).
Instance would probably be the time that we took an api method that returned a json list made up of dictionaries CSV-style and changed it into a dictionary with the uid as the key and the other info as key-value pairs in a sub-dictionary. So instead of:
We now return:
Which can, if done right, make your runtime O(1), which i love.
TL; DR: Bringing up quantum computing is going to be the next catchall for everything and I'm already fucking sick of it.
Actual convo i had:
"You should really secure your AWS instance."
"Isnt my SSH key alone a good enough barrier?"
"There are hundreds of thousands of incidents where people either get hacked or commit it to github."
"Well i wont"
"Just start using IP/CIDR based filtering, or i will take your instance down."
"But SSH keys are going to be useless in a couple years due to QUANTUM FUCKING COMPUTING, so why wouldnt IP spoofing get even better?"
"Listen motherfucker, i may actually kill you, because today i dont have time for this. The whole point of IP-based security is that you cant look on Shodan for machines with open SSH ports. You want to talk about quantum computing??!! Lets fucking roll motherfucker. I dont think it will be in the next thousand years that we will even come close to fault-tolerant quantum computing.
And even if it did, there have been vulnerabilities in SSH before. How often do you update your instance? I can see the uptime is 395 days, so probably not fucking often! I bet you "dont have anything important anyways" on there! No stored passwords, no stored keys, no nothing, right (she absolutely did)? If you actually think I'm going to back down on this when i sit in the same room as the dude with the root keys to our account, you can kindly take your keyboard and shove it up your ass.
Christ, I bet that the reason you like quantum computing so much is because then you'll be able to get your deepfakes of miley cyrus easier you perv."10
Are there any off-limits items for weeklys (other than politics)? Like could we get a "bad dev pickup lines" weekly or should i just start a thread?3
Literally tabs vs. spaces. The joke is everywhere, and the people taking stances have clearly never used find+replace.9
Should linting and syntax highlighting be separate options in editors? It seems to me that anytime i just want a nice syntax highlighting extension in vscode i end up with a shitton of linter errors that i didn't ask for... I just wanted to see my keywords, dammit!7