A trusted-partner of my company obviously opened a dodgy email, as some of my co-workers got emails with a dodgy link from them....

So our Network Admin sent an email to the entire company with a screenshot of the email and a message along the lines of "DO NOT CLICK THE LINK IF YOU'VE RECEIVED THE ORIGINAL EMAIL!"

Company director REPLIES TO ALL and says 'i cant click the link that you sent to us'.
N.A replies directly to him to say its only a screenshot as it could spread a virus.

Director then informs N.A that that he has found the original mail (hurrah!) but the link downloaded an empty .zip file, so he forwarded the file to another director... who also couldn't open.... so they forwarded it to another person who also couldn't open it..... and they in turn forwarded it etc etc.

Currently have 37 power scans running (out of 250 computers) and trying to figure out how the hell these people manage to dress themselves every morning.

Fucking hell. Today we reviewed candidates for a web dev position. I already fucking know that here we ain't gonna get a top motherfucker, i already know that the person selected will have to be rigorously trained AND THAT IS FUCKING FINE WITH ME.

The thing is, fucking head of the departmen was hellbent on just grabbing people with the highest education possible setting aside lack of experience. I would not have minded if it weren't because we have a secretary that applied...that got her degree in our very own institution and that has worked with our CMS admin creating web stuff. She is smart and has the drive man, and i don't even like her, but i could see her being in the position, being trained and doing good.

Hod said no, because of her lack of education and experience.....BRUH she got her associate's at OUR SCHOOL wtf do we have students go through it if we ain't gonna hire them if they intend on applying to work with us like wtf might as well advertise that: the degree provided by this institution is not good enough to work with us :D that would be 3000 for those two classes thank u.

Holy fuck i was beyond upset man, if i am to train these fuckers might as well be someone that i know will give it her all and studied with us. Dude quoted favoritism and i said that i was just going by the data that i have on her holy fuck.

Windows 10!! WHAT THE FUCKING WHAT do you think you're doing?? Why am I getting a message saying admin has blocked my access to Services when I AM THE FUCKING ADMIN! And I sure as hell didn't block me!!!!!!!!

So our public transportation company started to sell tickets online with their brand new fancy​ system.

• You can buy tickets and passes for the price you want
• Passwords are in plaintext
• Communication is through HTTP
• Login state are checked before the password match so you can basically view who is online
• Email password reminders security code can be read from servers response

Oh and I almost forgot admin credentials are FUCKING admin/admin

Who in the fucking name of all gods can commit such idiocracy with a system that would be used by almost millions of people. I hope you will burn in programming hell. Or even worse...

I'm glad I'm having a car and don't have to use that security black hole.

Before anyone starts going batshit crazy, this is NOT a windows hate post. Just a funny experience imo.

So I was tasked with installing ProxMox on a dedicated server at my last internship. The windows admin was my guider (he could also do debian). (he was a really nice/chill guy)

So we were discussing what VM's we wanted and the boss (really cool dude by the way) said he wanted a VPS for storing some company stuff as well. Fair enough, what would we use? I suggested debian and centos. Then we started discussing what we'd do if the systems would fuck up etc (at installation or whatever).
So I didn't wanna look like a Linux Nazi so I suggested windows. Then the happy/positive guider/windows admin suddenly became dead serious (I was actually like 'woah' for a second) and said this:
No. We're not going to fucking use windows for this. For general servers etc sometimes, fair enough but we're talking about sensitive company data here. I don't want that data to be stored on a proprietary/closed source system, hell what if there's some kinda fucking backdoor build in, who can fucking verify that? We're using Linux, end of discussion.

😓

I was pretty flabbergasted as he's a nice guy and actually really likes windows!

Linux it became.

Navy story continued.
And continuing from the arp poisoning and boredom, I started scanning the network...
So I found plenty of WinXP computers, even some Win2k servers (I shit you not, the year was 201X) I decided to play around with merasploit a bit. I mean, this had to be a secure net, right?
Like hell it was.
Among the select douchebags I arp poisoned was a senior officer that had a VERY high idea for himself, and also believed he was tech-savvy. Now that, is a combination that is the red cloth for assholes like me. But I had to be more careful, as news of the network outage leaked, and rumours of "that guy" went amok, but because the whole sysadmin thing was on the shoulders of one guy, none could track it to me in explicit way. Not that i cared, actually, when I am pissed I act with all the subtleness of an atom bomb on steroids.
So, after some scanning and arp poisoning (changing the source MAC address this time) I said...
"Let's try this common exploit, it supposedly shouldn't work, there have been notifications about it, I've read them." Oh boy, was I in for a treat. 12 meterpreter sessions. FUCKING 12. The academy's online printer had no authentication, so I took the liberty of printing a few pages of ASCII jolly rogers (cute stuff, I know, but I was still in ITSec puberty) and decided to fuck around with the other PCs. One thing I found out is that some professors' PCs had the extreme password of 1234. Serious security, that was. Had I known earlier, I could have skipped a TON of pointless memorising...
Anyway, I was running amok the entire network, the sysad never had a chance on that, and he seemed preoccupied with EVERYTHING ELSE besides monitoring the net, like fixing (replacing) the keyboard for the commander's secretary, so...
BTW, most PCs had antivirus, but SO out of date that I didn't even need to encode the payload or do any other trick. An LDAP server was open, and the hashed admin password was the name of his wife. Go figure.
I looked at a WinXP laptop with a weird name, and fired my trusty ms08_067 on it. Passowrd: "aaw". I seriously thought that Ophcrack was broken, but I confirmed it. WTF? I started looking into the files... nothing too suspicious... wait a min, this guy is supposed to work, why his browser is showing porn?
Looking at the ""Deleted"" files (hah!) I fount a TON of documents with "SECRET" in them. Curious...
Decided to download everything, like the asshole I am, and restart his PC, AND to leave him with another desktop wallpaper and a text message. Thinking that he took the hint, I told the sysadmin about the vulnerable PCs and went to class...
In the middle of the class (I think it was anti-air warfare or anti-submarine warfare) the sysad burst through the door shouting "Stop it, that's the second-in-command's PC!".
Stunned silence. Even the professor (who was an officer). God, that was awkward. So, to make things MORE awkward (like the asshole I am) I burned every document to a DVD and the next day I took the sysad and went to the second-in-command of the academy.
Surprisingly he took the whole thing in quite the easygoing fashion. I half-expected court martial or at least a good yelling, but no. Anyway, after our conversation I cornered the sysad and barraged him with some tons of security holes, needed upgrades and settings etc. I still don't know if he managed to patch everything (I left him a detailed report) because, as I've written before, budget constraints in the military are the stuff of nightmares. Still, after that, oddly, most people wouldn't even talk to me.
God, that was a nice period of my life, not having to pretend to be interested about sports and TV shows. It would be almost like a story from highschool (if our highschool had such things as a network back then - yes, I am old).
Your stories?

Great news, our company's has a brand new security-first product, with an easy to use API and a beautiful web interface.

It is SQL-injection-enabled, XSS-compatible, logins are optional (if you do not provide a password, you are logged in as admin).

The json-api has custom-date formats, bools are any of "1", "0", 1, 0, false or null (but never true). Numbers are strings or numbers. Utf-8 is not supported. Most of our customers use special characters.

The web interface is using plain bootstrap, and because of XSS it is really easy to customize everything.

How the hell this product got launched is beyond me.

I am a back-end developer, never suggested otherwise. My company is a firm of 50 people and owner hired a web designer to code our website. And it got hacked. Badly. So boss tells me to check if I can fix it. I take a look at the PHP and boy, written in PHP3, copy paste code from all over the place, hell the admin panel is a clone from a 2012 tutorial, nothing that remotely stares at the DB is checked for SQL, and now he wants me to design a new website, rewrite everything in PHP7 and had the balls to say "I know it's not your job, but it's a job, so do it"

Worst WTF dev experience? The login process from hell to a well-fortified dev environment at a client's site.
I assume a noob admin found a list of security tips and just went like "all of the above!".

You boot a Linux VM, necessary to connect to their VPN. Why necessary? Because 1) their VPN is so restrictive it has no internet access 2) the VPN connection prevents *your local PC* from accessing the internet as well. Coworkers have been seen bringing in their private laptops just to be able to google stuff.
So you connect via Cisco AnyConnect proprietary bullshit. A standard VPN client won't work. Their system sends you a one-time key via SMS as your password.

Once on their VPN, you start a remote desktop session to their internal "hopping server", which is a Windows server. After logging in with your Windows user credentials, you start a Windows Remote Desktop session *on that hopping server* to *another* Windows server, where you login with yet another set of Windows user credentials. For all these logins you have 30 seconds, otherwise back to step 1.
On that server you open a browser to access their JIRA, GitLab, etc or SSH into the actual dev machines - which AGAIN need yet another set of credentials.

So in total: VM -> VPN + RDP inside VM -> RDP #2 -> Browser/SSH/... -> Final system to work on
Input lag of one to multiple seconds. It was fucking unusable.

Now, the servers were very disconnect-happy to prevent anything "fishy" going on. Sitting at my desk at my company, connected to my company's wifi, was apparently fishy enough to kick me out every 5 to 20 minutes. And that meant starting from step 1 inside the VM again. So, never forget to plugin your network cable.

There's a special place in hell for this admin. And if there isn't, I'll PERSONALLY make the devil create one. Even now that I'm not even working on this any more.

Summary: Burnout, and everything's broken.

I don't feel like doing a damn thing today. I look at the code and cringe. I look at Slack and think "ugh. i can't." Mental capitals are even too much work.

(I've started reading "Zen and the Art of Motorcycle Maintenance" to try and combat burnout. I'll write a rant/story about it here if I find it helpful. but all I want to do today is drink tea and read.)

But onto the story:

Heroku is deprecating support for and will automatically upgrade any old verisons of Postgres running on its platform after August something (like five days from now).

I performed the upgrade to PG10 on Sunday (and late into the night), provisioning a new follower, blah blah blah.

However, the version of Rails we're using (4.2.x) doesn't support PG10 sequences, so I manually added in support via a monkeypatch. I did this on our QA servers first, obviously, and everything worked as expected. After half a day of no issues, I did the same on production, and again: everything worked as expected.

But today? I keep hearing about new things that are broken. One specific type of alert doesn't work for one specific person (wat). Can't send [redacted] at all. Can't update merchants! Yet there are magically no errors logged.

That last one (well, two) are just great; let me explain: when there's an error concerning merchants, the error gets caught, isn't logged or recorded anywhere so it just disappears, and the rescue block triggers a json response instead and happily exits. This is for an internal admin tool, so returning a user-friendly error is kinda stupid anyway, but masking what actually happened? fuck that dev with an obelisk made from spikes and solidified pain. That json response is also lovely: it's a 200 OK returning {status: 1, data: "[generic message containing incorrect IT jargon]"}. Doesn't even say "error" anywhere. Bloody everything about this pattern is absolutely wrong. Even the friggin' text.

Fucking hell. I want to pipe the entire codebase into shred and walk out the door.

But I digress. So many things are broken, my motivation is wanning to a sliver, and I have a conference call today where I'll undoubtedly be asked why everything is on smoking and/or on fire, and my huge and overly productive week last week will ofc mean nothing by contrast.

Ugh.

`shred ~/dev/work -zfu -n 32 &; ./brew tea --hot && wine ~/takeabreak.exe`

So this fucktard decided to write the most inefficient way to collect thousands of records.

The system I am working on allows users to book facilities. There is one feature where an admin can generate reports on the bookings made between any two dates. A report for bookings made between January and April generates 7878 records.

So this shithead, after making a call to the server and receiving 7878 records decides to put it through 4 fucking foreach loops (this takes around 44.94 seconds).

After doing that, he passes it to the controller to go through ANOTHER foreach loop to convert those records into a JSON string, using..string..manipulation. (this takes bloody 1 minute and 30 seconds).

Now, my dear, dear supervisor is asking me to fix this saying that there must be a typo somewhere. Typo my arse. This system has been up for more than a year. What have they been doing all this time??? Bloody hell. Fucking idiots everywhere. I now have to refactor
..fucking refactor.

You know, I am getting really fucking irate posting them rants about how shitty my job is.

I'm more than fucking competant, but this company is turning me into a blithering, raging, frothing maniac.

I am sitting doing my devOps at the moment. On top of that I am the network admin, the sys admin, the sec admin, the fucking fuck admin (you get the point) and now I am being told to go out and work in the field because "The technician is busy with calls, and doesn't have time". These calls are ALL FUCKING PRINTER CALLS. SET UP USERS TO PRINT AND FUCKING SCAN.

I am not being a shithead by saying no. I have spent the last year or so doing favours for these bastards, I don't get any compensation in any form for it, and it is just making my life hell. The reason I went into devOps is so that I don't have to fucking deal with shit like this. I spent years in the field, and I fucking hated it. I was good at what I did, but I fucking hated it.

Now I am back there. They earn more than i do, those printer techs, but I am doing their fucking work for them. I have even made them simple little fucking scripts so that 90% of their work is done in two clicks.

Fucksakes. Now my motherfucking right shift key doesn't want to operate properly. Been using this keyboard for about 6 years now, and now it decides to fuck out. Fuck.

As standing, I am fucking sick and fucking tired. I am drinking energy drinks and mass amounts of coffee just to stay functional (because I sit up until 12AM trying to get through all my work - everyday of the week). Reported to tech director, doesnt give a single fuck. "Stick around, things will get better".

Yeah, fuck you.

Seriously thinking about freelancing.

Don't know if it pays well though.

How to block productivity:

I am currently a working student at a huge corporation and tasked to write some smallish java applications. Nothing unusual.

To actually be able to write and compile java programs I need a JDK.
Except that the last corporate update for java removed my jdk and left me with only a jre. It so happened that my admin rights ran out.

To be able to install a new jdk, I need elevated rights, which I need to request. The fucking problem is nobody of my department, who I could talk to, is here or online to accept the request.

Guess who is now sitting in front of his dysfunctional dev environment :/

A brief, and biased opinion of what love is in the dev world:

Love is my employees bringing me something to eat when they know I stay back so that they can all go out do whatever they can do.

Love is my CMS admin getting his ass up and walking all the way to my office when the director walks in to say some STUPID FUCKING SHIT to me that he(CMS Admin) knows would have me 2 fucking seconds away from getting out of my chair and drop kicking the fuck out of him.

Love is the rest of my employees getting up to follow along in case(certainly) one dude is not able to hold me down.

Love is them knowing that I know that their mere presence there will make me chill the fuck out and not choke the fucking director

Love is the CMS Admin proof reading every email I send to a bitch that was trying to get smart, to make sure that I was not being agressive.

Love is said CMS Admin bringing me coffee or a coke congratulating me on listening to him about X email not being aggressive (there is no passive in my vocabulary, just balls out "isn't this your fucking job" aggressive)

Love is my lead developer showing to work after medical treatment fucked up as all hell because he knows that if he is not there I will do a billion things myself in order to give him some rest.

Love is taking my CMS admin and lead dev out to eat when a major stakeholder shits on something I damn well know it took them a while to finish. Love is also letting me open up to said stakeholder to tell them how much of a fucktard they are, sometimes they let me loose, and I appreciate that.

Love is every small person in the company approaching you to tell you of their issues, becuase they care more about the productivity they give to their users, rather than the bullshit numbers their managers care about.

Love is the staff of other places taking care of you because you are not a VP dickhead that treats them like shit.

Love is the HR reps sending you personal e-mails asking you for help because their shitbag of a boss does not count for help and leaves them in the blank with shit software, for which said HR go above and beyond for you later on even though said shitbag manager said no.

Love is your team getting angry and responding respectfully at people when they talk shit about their manager on their emails (manager being me)

Love is your employees closing your door for you when they know you are overwhelmed and you need a quick second to pull yourself up.

Love is not wanting to leave this miserable place because you know some dickweed will be left in charge of the people that care for you, trust you, work for you regardless of the date, and confide in you.

They got me locked in, this shitty institution, for now. Until I find a way to bring my entire team with me.

So we ordered a piece of software from external software house becouse I was low on time and we needed it asap.

So. Long story short, their software was bugged as hell, they deny all the bugs and they have their BDD that they done and anything we say about it like "feature XYZ is broken on firefox" they will deny it "becouse it wasn't on BDD" or "let's get on call" (in which +- 6-7 people participate from their side and we of course have to pay them for this...)

So they fixed like 20% of bugs (mostly trivials/minors) Application is fairly small scope. You have integration with like 3 endpoints on arbitary API, user registration/login, few things to do in database (mainly math running from cron).

They done it in ASP so I don't know the language and enviroment so can't just fix it myself.

2 days ago (monday) they annoyed me to point where I just started to break things. For starters I found that every numeric input is vunrable to integer overflow (which is blocker). I figured most of fields are purefect opportunity to XSS (but I didn't bother to do JS... anything but not JS...). I figured I can embed into my name/surname/phone (none validated) anything in HTML...

So for now we have around 25 bugs, around 15 of them are blockers.

They figured it's somehow our fault that it's bugged and decided to do demo with us to show off how perfectly it works. I'm happy to break their demos. I figured I will register bunch users that have name - image with fixed/absolute position top:0;left:0 width/height 100% - this will effectively brick admin panel

Also I figured I can do some addotional sounds in background becouse why not. And I just dont know what to put in. It links to my server for now so I can freely change content of bricked admin panel.

I have curl's ready to execute in case they reset database.

I can put in GIFs or heck, even videos, dosen't really matter. Framework escapes some things for them so at least that. But audio/image/video works.

Now I have 2 questions:
- what image + audio combo will work the best (of course we need to keep it civil). Im thinking finding some meme with bugs or maybe nuclear logo image with some siren sound
- am I evil person?

Edit:

I havent stated this clearly:

"There is no BDD that describes that if user inserts malicious input server should deny it" - that's almost literally what we get from them....

TL;DR
I accidentally surpassed(?) my user permissions and closed some of my classmates browsers and locked up a terminal for me

In school we have 2 primary operating systems: Windows and Ubuntu. Windows is hell in general and but not as hell as the firefox installation on Ubuntu.

"Just loaded this page. Now wait half a minute so that I can render it"
"Woah, woah, woah. Slow there. You just made an input event. Give me those 5 seconds to compute what you just did"

Executing "top" or "htop" shows you a long list of firefox processes with a cpu usage of 99.9%, since the whole school shares that linux environment.

Anyway, one day it was way more servere than normally and I way forced to kill my firefox instances. So I pressed CTRL+ALT+T for that terminal, waited 5 minutes until it accepted input typed "killall firefox" with a delay of half a minute per character and smahed that enter key.

At this very point in time I could hear confusion from every corner of the room. "What happened to firefox?"

Around 30% of the opened browsers where abruptly stopped. I looked back to my screen noticed I was logged out. I couldn't login from that terminal for the rest of that day.

Our network admin, which happened to be there, since the server is just next door, said that this was just convenience, but the timing was too perfect so I heighly doubt that.

I felt like a real hackerman even if it was by accident :)

I just had a chat with the CEO (I'll call him John) of the company I work at. I was trying to get a real alignment on what I need to do to be a valuable resource to this company. They promoted me (without a raise in pay) to a different (management) role, and I do not know what I need to do to be the best in this role.

During the discussion, the CEO failed to provide any usable metrics, or a way to track those, except for phrases like "higher productivity" and "higher quality". How to track? No idea.

So, at this point, me being the idiot I am, wanted to make things explicit:
*Me: Okay, so what if I request for a 20% raise six months from now, what metrics will you look at to decide whether to give me the raise.

(My last raise was a big one, more than 100% or so, more than a year ago. That was a dev role, and I was paid 2 cents earlier, so the doubling to 4 cents wasn't really a big deal.)

John went on a long rant on how people just expect raises every year, inflation, etc. All good and fine.
But then he mentioned something strange.

*John: ...and you know, for the last three years, there has been a race to retain resources. During this race, many companies, including us, had to pay people WAY MORE THAN THEIR VALUE to retain them. These people are going to be the first to be fired during cost-cutting as they are the most expensive resources at the company without any proven value. These people should not expect raises to come soon, and if they do expect that, they need to prove the value themselves.

Now, I, being a simpleton, am wondering how is it fair for an organization to pay someone "more than their value" to retain them once so that they can just be fired two years later. How did the company decide the value of such employees to begin with?

And all this is ignoring the fact that in the company there are no metrics, no KPIs, and performance of a person is how much the CEO likes that guy. How TF the people who joined a year ago and never interacted with the CEO prove their worth?

Developers are building PowerPoints and configuring JIRA/Confluence/Laptops of Sales team, project managers are delegating management to developers and decision-making to the CEO, Technical architect is building requirements documents, Business Analyst is the same person as the QA team lead (and badly stretched), and the Release Manager is the Product Technical Admin that cannot write one sentence in English. And then we got 3.8 hours in meetings every DAY. Why TF are Dev Managers in "QA KPI Meeting"? Why are "developers" writing documentation on "How to create meeting notes at <company>"?
And, in this hell-storm, how does one really demonstrate one's value?

Once upon a time, in a proprietary e-commerce framework used by few hundred sites...

I just took over a project where the previous developer stored password in two separate fields.

password & password_visible

First was encrypted and used for authentication. Second was plaintext password and was shown in the admin panel.

Hope to meet this god someday, I'd sure ask why the hell did he use encrypted password for authentication anyway. 😂

I am an I.T Admin currently responsible for the URS, Validation, oversight of outsourced development and deployment of a new application for our company...

I've been saying once a week now for 2 fucking months that this thing will be ready to deploy at the end of the week.

With enough technical knowledge I know the hell business people put developers through, the lack of contextual understanding of the Job between the two sides is insane.

(I mean holy shit when you tab through various fields, even that ordering needs to be explicitly programmed.)

I refuse to put the pressure on our devs that I am told too, I cant submit a request and phone ten minutes later to ask if itll be done today, people plan their lives, the devs have other clients and projects... what the mother of fuck makes us so special that they must drop everything.

On top of that all the testing I do over and over and over and over reveals some pretty huge operational risks and I keep making changes so as to not blow up the operations of half our company.

I am not saying my boss is horrible or anything but Holy Hell, most people just can't put themselves in someone else's shoes for five short minutes

I try to please my boss while trying to protect my devs from abuse and sadly it results in me being in the middle of two sides playing tug of war and it is ripping me apart...

Why can't people just be more understanding and communicate and understand better... But don't worry all you beautiful game changing, world improving devs... I will always have your back

Built a C#/.NET application with support for a serial device. Tested it on systems A, B, C initially, all Windows system, same .NET version, same targeting, same build tool version, same initial connection configuration etc, etc.

Testing - works on A and C, B nopes.
...
OK, let's check the source, is there something about B that makes it impossible to execute that bit? - No, there is not, you checked that already, stop poking around, it definitively should work on B.
...
OK, maybe admin privileges, there is I/O involved, didn't need that on A and C, but who knows - nope, doesn't work on B.
...
OK, maybe something wrong with the connection settings? First try at reinstalling driver - but no, it doesn't work on B.
...
OK let's try with another device - more/less devices on B. Other USB ports. No. Still does not work on B.
...
OK, this is stupid, but, is the cabling alright? It is, of course it is, stupid - but it still does not work on B.
...
OK, at that point I'm just gonna ask a colleague, GrumpySoftwareDev whether he has any clue why it doesn't work on B. GrumpySoftwareDev knows nothing, but discovers that one of his applications doesn't work on Windows 10. You know nothing, Jon Snow, but it doesn't work on B.
...
OK, now I'm just going to ask another colleague TheLastOfHisKind who handed B down to me somewhat bluntly if he ever experienced problems when working with B and its serial configuration. TheLastOfHisKind tells me he does not and kindly offers me some input on the situation. Still no progress to get it working on B but he hinted he might have fucked up B's driver. I already reinstalled the driver but didn't reboot, which comes after reinstall.
...
OK, I'm just gonna remove and re-install the driver, then restart. Hu! Now the UI is gone but another serial device reacted on a general call. Not fully working on B but we're getting there.
...
OK, I don't know, I'm getting frustrated, let's borrow another system D - which has roughly the same configuration as B - from my colleague StrongCurrentGuy. StrongCurrentGuy borrows me his system and cautions me not to break it. I install the driver, plug the device and copy the application from B. It just works on D. Not on B though.
...
OK, you know what. I'm done. For shits and giggles I'm gonna remove that driver again, reinstall it and restart, maybe it'll magically work afterwar- WHAT THE HELL, I JUST OPENED IT AFTER RESTARTING, IT JUST WORKS - ON B!

... seriously, what the fuck. But yeah, at least it works now.

Got my first legit side-gig as a developer (like had to write an SOW and everything): my kids' pediatrician is amazing, but shes switching to a concierge practice, meaning she wont take any insurance, and shes going from about 1500 patients down to about 200. I already pay my mortgage-worth in insurance on a monthly basis, so we were prepared to say adios to her. At my daughter's last appointment, she pulled me aside and said "what can we do to keep you guys as patients?" and i somewhat jokingly suggested "I dunno, need any websites written?"

As a matter of fact, she did: she just fired her practice's web developer, who gave her a shitty wordpress site and fought like hell to avoid any further maintenance or updates for her. She hates the site's current layout (no surprise there) so she is basically giving me full control over a rewrite.

No user logins, no worries about compliance with PII or any of that. Literally just turning a brochure wordpress site into an angular app, hosting it on her own server and eventually building an admin page where she can change the banner text and upload new images.

And my kids will get free, top-notch health care.

What the actual fuck GitHub/CircleCI?!??

I transformed a GitHub account into an organisation and lost admin access to a repo even though I'm the owner of the organisation. Now I can't even access the settings for the repo on CircleCI. What the hell? WHAT THE HELL?!!?! THE FUKKKKKKKKKKKk?

W8 wut?! O.o
How the hell is someone gonna hack my computer using calculator?!
Also WTH?! I don't even know what that built in admin BS is in win10, let alone how to log in with this o.O

Story time.

We are all alike as devs, just surrounded by the people who has an idea of "new facebook", but i like how their mind works and how they long for a change, so it does not annoy me that much. I just simply explain how it is not likely to happen, without decent marketing and innovation.

However, yesterday i went to my dad's workplace, because i was bored. He has lots of friends there, and i happen to meet one. When he heard me that i am a software engineer, he told me that he has an idea.

I prepared my words to explain why it is not possible, but when i heard what it is, i was ashamed of myself.

He sells and manages car tires. He wants a simple showroom website to show what tires he has,( not stock-wise. Price, size, type, brand etc. ) and he wants to update them himself.

I swallowed my words and told him that i could do it. Normally i don't make websites, i provide utilities and APIS to make the front-end devs job easier at my work. But i will turn his idea into reality.

He said that he hired someone else for that years ago, but the one he hired made the website in ASP.NET 2.0, so making one from scratch would take much less time.

No way i would touch that mess came from the seventh layer of hell itself, to torment developers endlessly.

Just a simple front-end seasoned with bulma and pure JS, node to communicate with the DB ( maybe golang for fun ? ) and a simple admin panel for him would do the trick. I am excited !

So recently I installed Windows 7 on my thiccpad to get Hyperdimension Neptunia to run (yes 50GB wasted just to run a game)... And boy did I love the experience.

ThinkPads are business hardware, remember that. And it's been booting Debian rock solid since.. pretty much forever. There are no hardware issues here. Just saying.

With that out of the way I flashed Windows 7 Ultimate on a USB stick and attempted to boot it... Oh yay, first hurdle to overcome. It can't boot in UEFI mode. Move on Debian, you too shall boot in BIOS mode now! But okay, whatever right. So I set it to BIOS mode and shuffled Debian's partitions around a bit to be left with 3 partitions where Windows could stick in one more.

Installed, it asks for activation. Now my ThinkPad comes with a Windows 7 Pro license key, so fuck it let's just use that and Windows will be able to disable the features that are only available for Ultimate users, right? How convenient would that be, to have one ISO for all the half a dozen editions that each Windows release has? And have the system just disable (or since we're in the installer anyway, not install them in the first place) features depending on what key you used? Haha no, this is Microsoft! Developers developers developers DEVELOPERS!!! Oh and Zune, if anyone remembers that clusterfuck. Crackhead Microsoft.

But okay whatever, no activation then and I'll just fetch Windows Loader from my webserver afterwards to keygen my way through. Too bad you didn't accept that key Microsoft! Wouldn't that have been nice.

So finally booted into the installed system now, and behold finally we find something nice! Apparently Windows 7 Enterprise and Ultimate offer a native NFS driver. That's awesome! That way I don't have to adjust my file server at all. Just some fuckery with registry keys to get the UID and GID correct, but I'll forgive it for that. It's not exactly "native" to Windows after all. The fact that it even has a built-in driver for it is something I found pretty neat already.

Fast-forward a few hours and it's time to Re Boot.. drivers from Lenovo that required reboots and whatnot. Fire the system back up, and low and behold the network drive doesn't mount anymore. I've read that this is apparently due to Windows (not always but often) mounting the network drive before the network comes up. Absolutely brilliant! Move out shitstaind, have you seen this beauty of an init Mr. Poet?

But fuck it we can mount that manually after every single boot.. you know, convenient like that. C O P E.

With it now manually mounted, let's watch a movie! I've recently seen Pyro's review on The Platform and I absolutely loved it. The movie itself is quite good too. Open the directory on my file server and.. oh. Windows.. you just put db.thumb on it and db.thumb:encryptable. I shit you not, with the colon and everything. I thought that file names couldn't contain colons Windows! I thought that was illegal in NTFS. Why you doing this in NFS mate? And "encryptable", am I already infected with ransomware??? If it wasn't for the fact that that could also be disabled with something as easy as a registry key, I would've thought I contracted ransomware!

Oh and sound to go with that video, let's pair up some Bluetooth headphones with that Bluetooth driver I installed earlier! Except.. haha nope. Apparently you don't get that either.

Right so let's just navigate the system in its Aero glory... Gonna need to flick the mouse for that. Except it's excruciatingly slow, even the fastest speed is slower than what I'm used to on Linux.. and it's jerky as hell (Linux doesn't have any of that at higher speed). But hey it can compensate for that! Except that slows down the mouse even more. And occasionally the mouse driver gets fucked up too. Wanna scroll on Telegram messages in a chat where you're admin? Well fuck you mate, let me select all these messages for you and auto scroll at supersonic speeds! And God forbid that you press delete with that admin access of yours. Oh maybe I'll do it for you, helpful OS I am!

And the most saddening part of it all? I'd argue that Windows 7 is the best operating system that Microsoft ever released. Yeah. That's the best they could come up with. But at least it plays le games!

When the CTO/CEO of your "startup" is always AFK and it takes weeks to get anything approved by them (or even secure a meeting with them) and they have almost-exclusive access to production and the admin account for all third party services.

Want to create a new messaging channel? Too bad! What about a new repository for that cool idea you had, or that new microservice you're expected to build. Expect to be blocked for at least a week.

When they also hold themselves solely responsible for security and operations, they've built their own proprietary framework that handles all the authentication, database models and microservice communications.

Speaking of which, there's more than six microservices per developer!

Oh there's a bug or limitation in the framework? Too bad. It's a black box that nobody else in the company can touch. Good luck with the two week lead time on getting anything changed there. Oh and there's no dedicated issue tracker. Have you heard of email?

When the systems and processes in place were designed for "consistency" and "scalability" in mind you can be certain that everything is consistently broken at scale. Each microservice offers:

1. Anemic & non-idempotent CRUD APIs (Can't believe it's not a Database Table™) because the consumer should do all the work.
2. Race Conditions, because transactions are "not portable" (but not to worry, all the code is written as if it were running single threaded on a single machine).
3. Fault Intolerance, just a single failure in a chain of layered microservice calls will leave the requested operation in a partially applied and corrupted state. Ger ready for manual intervention.
4. Completely Redundant Documentation, our web documentation is automatically generated and is always of the form //[FieldName] of the [ObjectName].
5. Happy Path Support, only the intended use cases and fields work, we added a bunch of others because YouAreGoingToNeedIt™ but it won't work when you do need it. The only record of this happy path is the code itself.

Consider this, you're been building a new microservice, you've carefully followed all the unwritten highly specific technical implementation standards enforced by the CTO/CEO (that your aware of). You've decided to write some unit tests, well um.. didn't you know? There's nothing scalable and consistent about running the system locally! That's not built-in to the framework. So just use curl to test your service whilst it is deployed or connected to the development environment. Then you can open a PR and once it has been approved it will be included in the next full deployment (at least a week later).

Most new 'services' feel like the are about one to five days of writing straightforward code followed by weeks to months of integration hell, testing and blocked dependencies.

When confronted/advised about these issues the response from the CTO/CEO
varies:

(A) "yes but it's an edge case, the cloud is highly available and reliable, our software doesn't crash frequently".
(B) "yes, that's why I'm thinking about adding [idempotency] to the framework to address that when I'm not so busy" two weeks go by...
(C) "yes, but we are still doing better than all of our competitors".
(D) "oh, but you can just [highly specific sequence of undocumented steps, that probably won't work when you try it].
(E) "yes, let's setup a meeting to go through this in more detail" *doesn't show up to the meeting*.
(F) "oh, but our customers are really happy with our level of [Documentation]".

Sometimes it can feel like a bit of a cult, as all of the project managers (and some of the developers) see the CTO/CEO as a sort of 'programming god' because they are never blocked on anything they work on, they're able to bypass all the limitations and obstacles they've placed in front of the 'ordinary' developers.

There's been several instances where the CTO/CEO will suddenly make widespread changes to the codebase (to enforce some 'standard') without having to go through the same review process as everybody else, these changes will usually break something like the automatic build process or something in the dev environment and its up to the developers to pick up the pieces. I think developers find it intimidating to identify issues in the CTO/CEO's code because it's implicitly defined due to their status as the "gold standard".

It's certainly frustrating but I hope this story serves as a bit of a foil to those who wish they had a more technical CTO/CEO in their organisation. Does anybody else have a similar experience or is this situation an absolute one of a kind?

I legit never understood the hate for VB.NET in the land of Microsoft development. To be entirely fair, I only used it it that one class at uni. But other than that I had never used it in the real world. The closest thing I had done with BASIC was VBScript, and even tho I was ok with it(even liked it) I damn well know that it is not something that I would use to build web apps with anymore.

But I am inclined to give VB.NET a chance only because I remember being able to make sense of my peers code in school. Just by reading it, sure it might be verbose as all fucking hell, but we were using VS(notice that i said VS not VS Code) and we had all the bells and whistles of autocomplete and intellisense.

Currently tho, I somewhat wanted to try a more modular approach to my fucking around with web apps, we are considering Rails and Django for a project at work. But since we already have windows servers we thought about the possibility of using .net core. We all like C# as a language and I did work with ASP.NET MVC before so we are considering that as well. That and our sys admin had tons of experience setting that as an environment. When developers are not too sure it is good to rely on the admin's expertise.

So, I decided over the weekend that I would move my entire dev environment to Linux. No Windows on the laptop and only as a backup boot system for my home PC. I wanted to wean myself off of Linux as only being a VM and move to the full blown desktop.

I can only describe my experience to that of having your first kid: lot's of crying and joy at the same time.

Things I've learned:
1. The install is amazingly painless. Wi-Fi and Bluetooth work straight out of the box no configuring needed.
2. OH MY GOD THE CUSTOMIZATION. Rocking Arc Dark theme on Gnome3 = EVERYTHING IS
ALWAYS DARK MICROSOFT WHY IS THIS NOT A THING.
3. Getting Java servlets to work has been hell. I gave up trying to get them to work in eclipse and moved over to IntelliJ. More trial and error before I can figure out why tomcat won't fucking work in eclipse but it's fine in IntelliJ.
4. The UI and overall work flow has been improved after getting past the learning curve. Gnome3 is way better from when I tried it out 4 years ago.
5. Vim has a steep learning curve but I am starting to understand the net benefits of it. It'll probably be a solid month before I get good with it.
6. Loosing Microsoft Office has been a little bit of a challenge but their suite is online so....meh. I do miss Visual Studio though, and am still looking for an adequate replacement for C++ and C# development.

Overall it's been a challenge but I think it's been a net gain. Now if only I could get the whole sys-admin team to use it. ;)

TLDR: I didn't & still not sure if it is..

I love bug hunting & fixing & figuring out how stuff works, but many will argue this is not even real programming..

Long version how I ended up programming:
Back in highschool, I was deciding between english and mathematics & computer science.. I filled in the form for the latter. Got a change of hearts but I already gave the extra/backup empty form to schoolmate..

Figured it's for the better because it's a hell to get a job as an english teacher/prof anyways + I dislike comunications with people + documentation (if any) is in english etc..

At the end of first year, I didn't even apply for all the exams because you had to have both programming 1&2 to pass or even be eligible to take the year again.. I figured I'd fail them, so once I actually passed both (& actually not with bad grades), I was fucked.. had to retake the year, which means I lost time + still had to pay the rent etc.. decided to drop out and return home and do the IT engineer course instead to at least have some formal education to help me find a job. Finished that without problems, I 'specialised' in network administration.
I got a job straight out of school as a web developer.. the irony.. got some conflicts with the boss and was terminated (material for another rant).

Later I sought out admin jobs, but got declined because I was overqualified and had programming experince. FML, right?

Ended up sending out mandatory job applications for IT administration & programming to not lose the bonuses & got called up to a meeting in the company I work for since then.

No qualifications for .net & MS technologies, but they liked my CV so the ended up setting up the interview anyway. I didn't know half of the technologies and concepts by proper name, but they figured I understand enough of the content to give me a try. A few years later, I got the most fucked up project they have because of my love for new thigs and trying to understand everything. It's aaaalmost bearable now.. still needs a lot of work, but I'm happy where I am. Saddly, I'm still second guessing if I'm doing a proper job as a dev, but they seem to be very ok with my work. (:

So, i'm trying to get linkr (a pretty cool short link service) to work in a docker container since 4 hours now to host it on my server. There is no official container because it needs a working database connection and stuff during installation which can only be done via console and (for whatever reason I couldn't find out yet) need to be done while building the container. The problem is, I can't connect it to the database while building the container so there is no database during installation to create tables and stuff and the build will fail. ARGH.
Why the hell would you do this????? Theyre actually saying in their readme there is no dockerfile because the config options are specific to your configuration...?!?!
The thing is entirely written in python, so reading and parsing configfiles on the fly should not really be a problem.

Of course I could ssh into the container and run the installation script but that's not the point.

Docker is not about being lazy.
It's about portability.
Maybe I don't want to bloat my server with your 39579372639 npm dependencies? Or I don't want to install a freakin apache, because I have every other site on nginx and therefore wouldn't work with apache.

AAAAAAAARRRRRRGGHHGGGGG

in the end, I'm probably going to modify the thing to install tables when running the container and giving the first user admin rights instead of prompting to enter credentials for a new admin user.
And yet I didn't even speak python.

Magento Debugging Horror!
Changing lots of things in magento with no problem. Continuing development for quite sometime. Suddenly decide to clear cache to see affect of a change on a template in frontent. Suddenly magento crashes! There's no error message. No exception log. No log in any file anywhere on the disk. All that happens is that magento suddenly returns you to the home page!
Reverting all the changes to the template. Clear the cache. Nope! Still the same! Why? Because the problem has happened somewhere in your code. Magento just didn't face it, because it was using an older version of your code. How? Because magento 2 even caches code! Not the php opcache. Don't get me wrong. It has it's own cache for code, in a folder called generated. Now that you cleared all the caches including this folder, you just realized that, somewhere something is wrong. But there is no way for you to know where as there is absolutely no exception logged anywhere!
So you debug the code, from index.php, down to the deepest levels of hell. In a normal php code, once the exception happens, you should see the control jumps to an exception handler, there, you can see the exception object and its call stack in your debugger. But that's not the case with magento.
Your debugger suddenly jumps to a function named:
write_close();
That's all. No exception object. No call stack. No way to figure out why it failed. So you decide to debug into each and every step to figure out where it crashes. The way magento renders response to each request is that, it calls a plugin, which calls a plugin loop, which calls another plugin, which calls a list of plugins, which calls a plugin loop, which calls another plugin.....
And if in each step, just by accident, instead of step through, you use the step over command of your debugger, the crash happens suddenly and you end up with the same freaking write_close() function with no idea what went wrong and where the error happened! You spend a whole day, to figure out, that this is actually a bug in core of magento, they simply introduced after your recent update of magento core to the latest STABLE version!!! It was not your mistake. They ruined their own code for the thousandth of time. You just didn't notice it, because as I said, you didn't clear the `generated` folder, therefore using an older version of everything!
Now that after spending 7 hours figuring out what has failed with absolutely no standard way of debugging and within a spaghetti of GOTO commands (Magento calls them plugin), why not report it to github? So you report it with a pull request. This also takes 1 hour of your time. Just to next day get informed that your pull request is rejected because another person already fixed the bug and made the same pull request. It was just not on the latest stable version yet!
So you decide to avoid updating magento as much as possible. Because you know that the next Stable version will make your life and career unstable. But then the customer complains that the Admin Panel is warning him of using old Magento version which might pose SECURITY THREATS!

I hate that when developing on Windows I need like four different terminals. CMD, MINGW64/Cygwin/MSYS2, PowerShell. Each one has different functionality:
CMD - basic Windows commands
MINGW64 - emulates Linux terminal with frequent Linux commands and great support for Git
Powershell - access Windows COM, .NET etc.

Now there are solutions that attempt to solve this like Cmder (which is just more user-friendly ConEmu). These are console emulators which wrap all these in one window (with multiple tabs). But they are slow as hell. I have to wait like 10 seconds each time I start a terminal in Cmder, because the emulators need to run some huge startup scripts. But I just need to run one command from this one freaking folder!

Eventually I end up having like 30 different terminal windows open, each one different in functionality and each time I need to do something I must think about which terminal I need and in which folder. Furthermore I have to think about whether to run the terminal as administrator, but I usually forget that, so I have to close the terminal and reopen as admin. Why don't you just add something like su or sudo, Microsoft?

I hate when programmers never want to go out their comfort zone. They should be relegated into a hell spinned inside a Virtualbox instance.

I have this *** angular setup. We want to try to keep the dev environment congruent between all the colleagues.

The decent programmer would use a node version manager, or try to keep up with everything. LOLNOPE THEY FUCKIN' SPUN A FRIGGIN' VAGRANT VIRTUAL MACHINE RUNNED WITH ADMIN PERMISSIONS which is slowing everyone down. A single "npm i" now requires half an hour.

I tried to use YARN that is faster and makes a mergeable lock, NOPE WE SHOULD KEEP USING THAT STUPID NPM INSTALL that is slow AF and sometimes messes up the versions.

I tried to make 'em use the peerDependencies correctly but LOLNOPE WE SHOULD RELY ONTO THE AUTOMATIC PEERDEP RESOLVER INSIDE NPM7, SO YOU DON'T KNOW IF YOUR VERY SAME LIBRARY IS INCLUDED OR NOT.

Thank god i'm changing job.

So my schol has this softwarecenter site from which all software must be installed (if you aren't admin). That's fina and all, i mesn they want to conteoll what we can install, and provide some paid software, BUT WHY THE HELL DID THEY DECIIDE TO USE SITE THAT ONLY WORKS IN IE!? EVERY TIME I OPEN IT I HAVE TO COPY THE LINK FROM CHROME (default browser) AND THEN OPEN IE! IT DOESN'T EVEN SUPPORT EDGE! (Btw all the software found on this site is out of date.)

why the hell would you set a router's default user/pass to nothing?! like to blank... WHY!!! spent about 2 hours trying to find this fricking thing online and of course, there's no documentation, who need that shit anyways

long story short: @router_manufacturers, set the default user/pass to "admin" AND PUT IT ON YOUR WEBSITE!!!!!!!!

So on my new position I get to work on Spark jobs. Never had to work with the infamous big data technologies. I never thought this would get SO frustrating for all the wrong reasons.

I'm currently trying to introduce integration tests for some Spark job I wrote. This isn't trivial though, as the data comes from several HBase tables. Mocking everything simply isn't feasible. So why not use the integrated HBaseTestingUtility? With it you can start a mini cluster that runs all nessecary services in the scope of your test.

Sounds great, eh? WRONG. Firstly the used mapr dependencies get in the way. The baked in configuration tries to automatically authenticate with your local cluster through Kerberos. Of course this doesn't work. And of course there is no way to reconfigure this as it happens IN A FUCKING STATIC BLOCK. AHHHH.

Ok. So after calming down I "simply" had to exclude all mapr dependencies and replace them with vanilla ones. After two days of dependency hell it FINALLY works!

...or does it? Well now we need test data. For that we got a map reduce algorithm that can import dumps. Sounds again, great, eh? WROOOONNNG.

The fucking map reduce mini cluster can't start, as it tries to write a symlink. Now take a wild guess what the sys admin here blocked. Yepp. TWO DAYS OF WORK RENDERED USELESS, BECAUSE OF SOME FUCKING SECURITY SETTING.

This is fine.

OMG
LVM
WHAT A PIECE OF CRAP

It's so precious that when it detects an existing mdraid signature, it just *won't* let me create a physical volume over it!

No matter that I run pvcreate with double-force switch.
It doesn't matter that the system doesn't even have a single MD device defined (Which can be easily checked in /proc/mdstat OR by checking the /dev subsystem)

I *hate* commands that are trying to be more clever than the admin sitting behind the keyboard.

Sure, leave this as the default behavior (It could save a lot of people's data I bet), but BLOODY HELL GIVE ME A SWITCH TO OVERRIDE THE CHECK YOU DUMBASS.

I swear... I feel like I'll get a frickin' brain hemorrhage from this "clever tool" -_-"

We learn everyday. So for the early hours of today, I've learnt how to use redux(reducers and action) to manage my state and hell, my components are looking alot organized now than calling set and setState everywhere.

Learnt that fetchById was replaced by fetchByPk for fetching single item when using sequelize in Node.js

Learnt you can display images in your django admin panel. Haven't thought about it until today.

Well end of rant.
#JobHunting #LifeOfASoftwareDeveloper #JuniorDev