So, some time ago, I was working for a complete puckered anus of a cosmetics company on their ecommerce product. Won't name names, but they're shitty and known for MLM. If you're clever, go you ;)

Anyways, over the course of years they brought in a competent firm to implement their service layer. I'd even worked with them in the past and it was designed to handle a frankly ridiculous-scale load. After they got the 1.0 released, the manager was replaced with some absolutely talentless, chauvinist cuntrag from a phone company that is well known for having 99% indian devs and not being able to heard now. He of course brought in his number two, worked on making life miserable and running everyone on the team off; inside of a year the entire team was ex-said-phone-company.

Watching the decay of this product was a sheer joy. They cratered the database numerous times during peak-load periods, caused $20M in redis-cluster cost overrun, ended up submitting hundreds of erroneous and duplicate orders, and mailed almost $40K worth of product to a random guy in outer mongolia who is , we can only hope, now enjoying his new life as an instagram influencer. They even terminally broke the automatic metadata, and hired THIRTY PEOPLE to sit there and do nothing but edit swagger. And it was still both wrong and unusable.

Over the course of two years, I ended up rewriting large portions of their infra surrounding the centralized service cancer to do things like, "implement security," as well as cut memory usage and runtimes down by quite literally 100x in the worst cases.

It was during this time I discovered a rather critical flaw. This is the story of what, how and how can you fucking even be that stupid. The issue relates to users and their reports and their ability to order.

I first found this issue looking at some erroneous data for a low value order and went, "There's no fucking way, they're fucking stupid, but this is borderline criminal." It was easy to miss, but someone in a top down reporting chain had submitted an order for someone else in a different org. Shouldn't be possible, but here was that order staring me in the face.

So I set to work seeing if we'd pwned ourselves as an org. I spend a few hours poring over logs from the log service and dynatrace trying to recreate what happened. I first tested to see if I could get a user, not something that was usually done because auth identity was pervasive. I discover the users are INCREMENTAL int values they used for ids in the database when requesting from the API, so naturally I have a full list of users and their title and relative position, as well as reports and descendants in about 10 minutes.

I try the happy path of setting values for random, known payment methods and org structures similar to the impossible order, and submitting as a normal user, no dice. Several more tries and I'm confident this isn't the vector.

Exhausting that option, I look at the protocol for a type of order in the system that allowed higher level people to impersonate people below them and use their own payment info for descendant report orders. I see that all of the data for this transaction is stored in a cookie. Few tests later, I discover the UI has no forgery checks, hashing, etc, and just fucking trusts whatever is present in that cookie.

An hour of tweaking later, I'm impersonating a director as a bottom rung employee. Score. So I fill a cart with a bunch of test items and proceed to checkout. There, in all its glory are the director's payment options. I select one and am presented with:

"please reenter card number to validate."

Bupkiss. Dead end.

OR SO YOU WOULD THINK.

One unimportant detail I noticed during my log investigations that the shit slinging GUI monkeys who butchered the system didn't was, on a failed attempt to submit payment in the DB, the logs were filled with messages like:

"Failed to submit order for [userid] with credit card id [id], number [FULL CREDIT CARD NUMBER]"

One submit click later and the user's credit card number drops into lnav like a gatcha prize. I dutifully rerun the checkout and got an email send notification in the logs for successful transfer to fulfillment. Order placed. Some continued experimentation later and the truth is evident:

With an authenticated user or any privilege, you could place any order, as anyone, using anyon's payment methods and have it sent anywhere.

So naturally, I pack the crucifixion-worthy body of evidence up and walk it into the IT director's office. I show him the defect, and he turns sheet fucking white. He knows there's no recovering from it, and there's no way his shitstick service team can handle fixing it. Somewhere in his tiny little grinchly manager's heart he knew they'd caused it, and he was to blame for being a shit captain to the SS Failboat. He replies quietly, "You will never speak of this to anyone, fix this discretely." Straight up hitler's bunker meme rage.

The week before project deadline...

people who use a VPN to browse the internet because of privacy concerns but then sit in a house full of Alexa devices

Hello again, everyone. As Sunday comes to a close, and Monday is fast approaching, I'll share with you the likely cause of my death by stroke and/or heart attack:
MONDAY MORNING COFFEE OF HORROR
Disclaimer: Do NOT try this. I am a professional addict. I am not responsible for anything this brew from hell causes to you and/or those around you.
So, I wake up, feeling like I haven't slept for days, or just notice the fucking alarm clock shrieking because I pulled an all-nighter.
Step 1: Silence alarm clock via mild violence.
Step 2: Get the coffee machine to brew some filter coffee (espresso works too)
Step 3: Get milk and ice cubes from the fridge (both are needed, I don't care if you don't like milk, trust me)
Step 4: Get 2 spoonfuls (not tea spoon, and actually FULL spoonfuls) into the biggest glass you have
Step 5: Pour just a little of the warm filter coffee into the glass, just to get the instant coffee wet enough, and start mixing, until the result looks like the horror you unleashed in your toilet a few minutes ago (and will do so again in a few)
Step 6: Mix in 25-50 ml milk, just for the aesthetic change of colour of the devil-brew, and to add the necessary amount of lactic acid to react with the coffee to produce chemical X
Step 7: Add ice cubes to taste (if you are new to this, add a lot)
Step 8. Slowly add the filter coffee while mixing furiously, so that the light brown paste at the bottom get dissolved (it's harder than it sounds)
Now, take a deep breath. Before you is a disgusting brew undergoing a chemical reaction, and your moves need to be precise otherwise it will explode. Note that sugar or any other form of sweetener is FORBIDDEN, as it will block the reaction chain and the result won't be as potent.
Take a straw (a big one, not those needle-like ones that some cafeterias give to fool you into believing that the coffee is more than 150ml). Put it inside the mix, and check that the route to the bathroom is free of obstacles.
Now, clench your abs, close your nose if you are new to this, grab the straw and DRINK!
DRINK LIKE THERE IS NO TOMORROW!
THAT BROWN DEVIL'S BILE WILL HAVE YOUR INTESTINES SPASM AND DANCE THE MACARENA WHILE TWIRLING A HULA HOOP!
YOUR HEART WILL GO OVERDRIVE HARDER THAN YOUR PC'S CPU WHEN COMPILING ON ECLIPSE AND BROWSING WITH IE AT THE SAME TIME.
The combination of caffeine and lactic acid will bring out the perfectly disgusting combination of sour and bitter usually expected in rotting lemons. After you manage to chug it down (DON'T SPILL OR SPIT ANY!) you have 30 - 60 seconds max to run to the porcelain throne, where you will spend the next 30-60 minutes.
After that, nothing can stop you! You will fix bugs, write entire codebases from scratch, punch that annoying coworker, punch that boss! You will be a demigod among mortals for the next 6-8 hours!
Your recipes for Monday morning coffee?

After countless hours trying to spell my name for customer service over the phone, I made a little webpage that helps me spell words phonetically! 💬

https://dialogue.now.sh

Well, you wanted to chat...

Yesterday evening I began working on an SSL proxying system for dynamic domain names using Let's Encrypt. I finished just a few hours ago and it's working flawlessly!

There is. My latest creation. A 8bit microcontroler made in minecraft.
Features:
(1.0 version without control room)
-8bit full adder + overflow flag
-8x8bit RAM
-16x8(4bit instruction, 4bit address)
program memory
-64 possible microinstructions (16 instructions with 4 step each)
-uncondintional and if oveflow jumps
(place determined using address written with instruction)
-1/3Hz clock speed 😨

New working version (2.0) has 1Hz clock and new faster instruction decoder.

In 3.0 in addition to that useless bus was replaced with 16x8bit "hardware" stack that can store adresses and data. The clock is going to be yeeted out because it is unnecesary #clocklessisbetter (WIP tho)

Might add more documentation and post it as learning model for CS wanabees 🤔. What do you think?

Picture: Old working version 1.0
(the only one with fancy diagram)
Newer version screenshots in comments.

From the Gods of The Stack Overflow for the pesants of the community:

https://goalkicker.com

Just go there. This is everything you have to know, ever.

Coworker in my team recently said to boss:

"Thanks, this conversation with you has taught me so much about single-threaded blocking I/O"

Some random PR comments from our company's repository:

"Are you insured? I hope you are insured"

"Learning git is not that difficult. You only need one command: git reset --hard"

*Link to amazon for dog poop bags*
"Please clean up your shit, before I step in it"

"Have you thought about a career in sales? At least there you might sell your bullshit"