I recently came across this article with some basic security advices, like use 2fa security key, encrypt your USB keys, don't use untrusted USB chargers / cables / ports (or use a data blocker cable if you need to charge your device). It made me think, how relevant are the USB-related threats and risks today? Do people really still use and carry so many wired USB devices, and just drop or plug them wherever?

The last time I used an USB device to transfer some important data was probably over 10 years ago, and for the love of god I don't know anyone who still carries an USB key with sensitive data with them on a daily basis, much less actively uses it. Besides, whoever still does that probably puts their USB key on the same keychain as their ID / access tag and a bunch of other keys (including a 2fa device if they use one) - they're not going to lose just some sensitive data, they're going to lose authentication and physical access devices as well, and that could turn a small data leak into a full-scale incident, with or without an encrypted USB device.

I'm also not sure about untrusted USB cables and ports, from what I've seen the USB outlets and cables are pretty much non-existent in public places, most places offer wireless charging pads instead (usually built into a hand rest or table surface).

As I keep saying, we should spend less time developing "better, safer" tools and practices and more time making sure the developers that use them know what they're doing. The bugs caused by lack of memory safety are rare (although often more critical) compared to the bugs caused by developers not paying proper attention to what their code does in the first place.

https://theregister.com/2023/01/...

Holy shit did Google become fucking useless

Today I spent a good hour looking to buy replacement / low-light lenses for my googles, and all I got were stores from US, or small stores that don't deliver across the Europe. When I gave up and opened Bing, the first result was the exact product I was looking for, from the brand's official EU store. I'm seriously considering switching to Bing now...

!dev

For a long time, I thought that the most annoying people on the ski slope are kids overestimating their abilities on a difficult piste or speeding down the slope ignoring others. Boy was I wrong; those kids are nothing compared to all the fucking morons who think that buying the most expensive gear at a local sports store makes them better at skiing.

For the love of god, if you ever consider skiing, just buy some reasonably cheap all-mountain gear, and if you think you need something better, do proper research or find a fucking expert. I'm not talking about those "experts" they have at your local sports store, I'm talking someone who provides gear and support for actual ski clubs and teams, or at least someone working at a dedicated outdoors store who actually owns some of the gear they're selling.

"Oh, but I'm an advanced skier" - right, then why don't you tell me what turning radius, width profile, and flex would best fit you? Thought so.

Look, it's clear just by looking at your $1000 "racing" skis that they have a way shorter turning radius than any competition-level skis, and if you were really going as fast as you think you are, you'd probably spin out on every other turn with such a short radius. Your curved skiing poles aren't fooling anyone either; professionals only use those in super-g and downhill because you need to go insanely fast to notice any advantage over regular poles. And people who race that fast use way more protection than I can see on you.

Okay, it's your gear, it's your body; if you're going to buy overpriced stuff that doesn't make sense or neglect protection, that's up to you. Do you know what's not up to you? Being a fucking moron and ruining skiing for everyone else. Just because you got the most expensive "expert-level" gear, you can't just use it for powder, park, or moguls when you feel like it because you don't fucking know how to ride any of these, even if your gear claims to be good for all types of skiing. And let me tell you, that expensive gear you have is much less forgiving than some entry-level gear if you decide to try other styles of skiing.

I'm fucking tired of people like that. If I go to the resort with lots of powder, I want to ride the powder, not spend most of my time avoiding groups of morons who clearly don't have the right gear and skills for the powder. If I go to the resort with a huge park, I want to ride the park, and I can't do anything if the place is covered by dipshits speeding past the objects and braking in front of the jumps. And if I want to race down the piste, I want to race, I don't want to have a bunch of morons constantly switching side in front of me to avoid "rough" parts they can't ride on.

This new trend of platforms spamming with content discovery fucking suck. Nobody wants to follow multiple profiles with the exact same fucking content, especially when most of them are just people jumping on the bandwagon with more generic content and nothing to make it distinguishable. Also if 10 million people saw something on your platform, the it's pretty fucking sure already been posted and shared on every single platform out there, why the fuck would you still keep recommending it weeks or even months later?

I know spamming users with random (statistically more engaging) content leads to improved customer engagement as people sooner or later click these thing out of curiosity or boredom, but eventually they get tired of it altogether and leave for good. What happened to Netflix will also happen to YouTube, Instagram, and all other platforms unless they significantly improve the balance between content discovery and content continuity (i.e. the content each user follows and is coming back for).

Today on "How the Fuck is Python a Real Language?": Lambda functions and other dumb Python syntax.

Lambda functions are generally passed as callbacks, e.g. "myFunc(a, b, lambda c, d: c + d)". Note that the comma between c and d is somehow on a completely different level than the comma between a and b, even though they're both within the same brackets, because instead of using something like, say, universally agreed-upon grouping symbols to visually group the lambda function arguments together, Python groups them using a reserved keyword on one end, and two little dots on the other end. Like yeah, that's easy to notice among 10 other variable and argument names. But Python couldn't really do any better, because "myFunc(a, b, (c, d): c + d)" would be even less readable and prone to typos given how fucked up Python's use of brackets already is.

And while I'm on the topic of dumb Python syntax, let's look at the switch, um, match statements. For a long time, people behind Python argued that a bunch of elif statements with the same fucking conditions (e.g. x == 1, x == 2, x == 3, ...) are more readable than a standard switch statement, but then in Python 3.10 (released only 1 year ago), they finally came to their senses and added match and case keywords to implement pattern matching. Except they managed to fuck up yet again; instead of a normal "default:" statement, the default statement is denoted by "case _:". Because somehow, everywhere else in the code _ behaves as a normal variable name, but in match statement it instead means "ignore the value in this place". For example, "match myVar:" and "case [first, *rest]:" will behave exactly like "[first, *rest] = myVar" as long as myVar is a list with one or more elements, but "case [_, *rest]:" won't assign the first element from the list to anything, even though "[_, *rest] = myVar" will assign it to _. Because fuck consistency, that's why.

And why the fuck is there no fallthrough? Wouldn't it make perfect sense to write

case ('rgb', r, g, b):
case ('argb', _, r, g, b):
case ('rgba', r, g, b, _):
case ('bgr', b, g, r):
case ('abgr', _, b, g, r):
case ('bgra', b, g, r, _):

and then, you know, handle r, g, and b values in the same fucking block of code? Pretty sure that would be more readable than having to write "handeRGB(r, g, b)" 6 fucking times depending on the input format. Oh, and never mind that Python already has a "break" keyword.

Speaking of the "break" keyword, if you try to use it outside of a loop, you get an error "'break' outside loop". However, there's also the "continue" keyword, and if you try to use it outside of a loop, you get an error "'continue' not properly in loop". Why the fuck are there two completely different error messages for that? Does it mean there exists some weird improper syntax to use "continue" inside of a loop? Or is it just another inconsistent Python bullshit where until Python 3.8 you couldn't use "continue" inside the "finally:" block (but you could always use "break", even though it does essentially the same thing, just branching to a different point).

How the fuck is Firebase still a thing? I just spent hours debugging a random "not authorised" error, only to find out you need to enable a deprecated API even if you're only using the new (recommended) one. Do they tell you about it? Fuck no, they keep it disabled by default, they tell you to only use the new API, and they make it pretty much impossible to find the deprecated API you need to enable without a direct link.

And why the fuck does the official SDK send image URL as { "imageUrl": "http://..." }, when the endpoint expects it to be { "image": "http://..." }? Why the fuck does the documentation mention both options interchangeably, while only the latter one actually works?

Idiots. Idiots everywhere. The next big trend in software engineering is to take a whole bunch of idiots, give them the basic knowledge to write code, and then dedicate a whole lot of competent developers' time to either fixing errors made by those idiots, or attempting to make "safer" tools so those idiots don't screw up as easily.

It's sad how easy it is to fool people by switching between absolute and relative values.

3 million people did this, 3 million people own that, 3 million people agree on those things, it all seems significant - but 1% of US population sounds completely marginal and irrelevant...

What's with so many developers using shitty hardware? It's literary the one tool you need for your profession, there should be absolutely no objection to having the best one available. Stop bitching about some software using 50% of your CPU when you're on the bare entry-level HW ffs! And don't give me that "can't afford it" bullshit. If you take your car to the repair shop, you're also paying for the tools needed for the job; the same way, your customers need to pay for the tools you need as a developer. If you can't afford that, there's clearly not enough demand for the work you do, so go find a different job.

Well fuck me sideways and call me Suse

So apparently jupyter / ipython adds the current workdir to kernel library path, and it crashes if you happen to have a file named something like "tokenize.py" in your workdir because it gets prioritised over ipython's builtin module with the same name. What a great design for something which is specifically made to run isolated chunks of code, that it can't even properly isolate itself from the workdir.

Not entirely dev related, but...

I'm getting tired of (electrical, mechanical) engineers complaining about HW limitations like "oh this board only has 12 KB of flash memory" or "I can't make this thing move smoother because my CPU is only 16 MHz" Bitch, you can spend $500 on 3 servo motors, but you can't afford to pay extra $5 to get a board with better specs to control them?

"note that the package name is different from the importable name"

God I hate Python dependency management

Being rejected as "unprofessional" for explaining that I don't want to rush a decision 2 days before Christmas. By the guy who, I kid you not, showed their EKS credentials on screen during a recorded online interview. Kinda glad I dodged that one now that I'm looking back...

A customer specialising in identification and security solutions called today, claiming "they" found malware on their website. Then they provided a weird link to some shady malware scanner, and the "malware" turned to be a <noscript> tag which adds ?noscript to the page url, so we can serve no-JS optimised content. As a bonus, the scanner only detected it on two URLs, even though every single page on the site contains that same line of code.

Joke's on them, have fun paying for priority support outside of the business hours for nothing.

Follow-up on https://devrant.com/rants/5001553/...

How the fuck are Jupyter notebooks so popular in research? Like some dude had an idea to take perfectly good markdown and python code, add a whole lot of transitional properties to make version control impossible, encode it as JSON on the assumption that a human could somehow look at it and make sense of countless escaped characters and base64 encoded data, create dedicated software people need to install in order to read what used to be simple plain text, and think "This. This is what 99% of data researchers will use from now on." And somehow, overwhelming majority of researchers agreed that this extremely inefficient data format is the best there is and they should develop all their tools around it.

Hey Python, why in the ever loving readability universe I can't break the following command across multiple lines?

df.replace(...).apply(...).reset_index().drop(...)

Oh, but I hear you say "Hitko, why you can break it into multiple lines if you break within brackets!"

To which I ask you, does this shit look any more readable?

df.replace(...
).apply(...
).reset_index(
).drop(...)

The most common mistake people do is trying to learn some complex cutting-edge technology from scratch. Cutting-edge technology is just combining old technology in new ways to solve new problems. To learn it, first learn existing technology. Existing technology is here to stay, it's well-explained, and it's usually much simpler to understand. Then the rest will just click.

You don't.

Why can't managers understand that functionality changes and UX changes should be two separate epics? There's a huge fucking difference between composing an UI from existing components vs. having to figure out new components while at the same time paying attention to 12234234 new scenarios while at the same time duplicating existing components because existing portion of the app has to keep old UX.

And then they say bullshit like "we need solutions, not problems". Fuck you. Solution is to keep existing UX and focus on functionality, and do complex UX changes when functionality is well-defined and STABLE. But no, you fuckers won't listen even when the fucking lead dev tells you to.

I knew recruiters and online "academies" were full of crap, but this is a new low...

Dear X. There's an obvious error with the way you're merging arrays; instead of conditionally adding items to the existing array, each condition overrides any items added by the previous conditions, which is clearly not the desired behaviour. I'd love to add a test to illustrate this behaviour, but you're not using them. I'd also love to create a simple pull request, but for some fucking reason you're using the worst possible version control system so I can't do that. I've submitted a support ticket along with all the code needed to fix this silly mistake, but apparently you either don't understand 2 lines of your own fucking code, or you didn't even bother looking at it before posting a shitty generic reply about "needing more information". There is no such thing as more information. There are two IFs, and they are supposed to add items to the array, not override any previous items. It's written in your own comments, and it's pretty obvious from the way the rest of the function merges those items.

Also, use a fucking linter, your code is a mess.

!dev

How do smart (and, I presume, well-educated) people get an idea like "Oh, I know what this world needs, another video where someone scientifically disproves a story from the Bible" or "I should commemorate the new year by telling everyone how insignificant this day is for the universe"? How does someone spend years traveling the world, giving speeches about science, teaching curious people about physics, history, mathematics, chemistry, the space, etc., and then figure that the next thing they should share from their impressive knowledge is an edgy video disproving some old story or tradition?

We don't talk enough about type 2 error! So many papers everywhere are just pure trash because they don't account for it, and people are so fucking oblivious about it, they don't even catch the obvious ones. Even researchers and publications which are supposed to properly review their articles simply fail to ask the obvious "Did you measure the segment which doesn't fit either of your variables?"

The more I use snaps on Linux, the more I feel like we came the full circle. Installable package (snap) contains a bundle of all dependencies, and installs them in an isolated system path to avoid version incompatibilities. Snaps can can have some sort of install-time configuration, and they create links to a handful of entry points rather than adding all executables to the path. In short, they do the exact same thing Windows installers have been doing for the past 30 years.

Next book: Why is it still not production ready?

A little follow up regarding https://devrant.com/rants/3115422/

I'm quitting. Seems like owners took a huge chance in the past couple years when the business was doing good, and didn't plan for any kind of potential trouble. Now the stress is going through the roof, noting we do is good or fast enough, there's micromanagement everywhere. On top of that, it seems the company took a huge financial risk with the project I've been in charge of, and isn't getting nearly enough customers to cover that. As a result, people were told to lie about new features we've had in works to attract customers.

Several other people are quitting in the following months, and it seems like it's all coming down like a house of cards.

On a brighter note, I'll be done with all this just in time for my exams, so I can properly prepare for them.

At least pretend to have a reason for using checkboxes where the behaviour is obviously a single choice. I know I'm sometimes full of crap. I know I can waste so much time arguing for something I'm wrong about. At least I have arguments to support my approach, and I don't dismiss my mistakes. I don't need you to spend the next 5 minutes changing checkboxes for radio buttons in the mockup, it took dev 5 seconds to replace "checkbox" with "radio" and move on. However, I do need you to know what you're doing, even if it turns to be wrong.

I know this world celebrates people who can do things perfectly: models with perfect bodies, singers with perfect voices, sportsmen with perfect scores, students with perfect grades. I understand that's why you wish to try again so you can do it perfectly.

That's not what the world needs. The world needs people who know why they did what they did. It's drunk drivers who break down in the court, not serial killers. Serial killers know what they did, they know why they did it, and they believe it was the right thing to do; drunk drivers on the other hand had no idea what they did or why they did it, and they try to dismiss their wrongdoings by blaming them on alcohol, not getting a taxi, parking fees, the car, or some other circumstances.

So confront your bullshit for once. Stop searching for excuses to dismiss challenging ideas and prove you can defend your position. Otherwise, don't get angry when your "impeccable" ideas lose to someone who at least tries to defend their nonsense.

So after a couple years working at this company, the faculty I graduated from introduced a postgrad (masters) course in data science. I was always interested in the field, so I said fuck it and jumped the bandwagon...

I'm starting this week, I'm kinda worried my knowledge of maths and statistics got a bit rusty since graduation. Also most students there will be 4 years younger than me, and I'll keep doing my full-time job at the same time. But hey, at least I'll break the routine, and I can always quit my job if it turns out I can't do both, so whatever.

That's all folks!