Good Morning!, its time for practiseSafeHex's most incompetent co-worker!

Todays contestant is a very special one.

*sitcom audience: WHY?*

Glad you asked, you see if you were to look at his linkedin profile, you would see a job title unlike any you've seen before.

*sitcom audience oooooooohhhhhh*

were not talking software developer, engineer, tech lead, designer, CTO, CEO or anything like that, No No our new entrant "G" surpasses all of those with the title ..... "Software extraordinaire".

*sitcom audience laughs hysterically*

I KNOW!, wtf does that even mean! as a previous dev-ranter pointed out does this mean he IS quality code? I'd say he's more like a trash can ... where his code belongs

*ba dum tsssss*

Ok ok, lets get on with the show, heres some reasons why "G" is on the show:

One of G's tasks was to build an analytics gathering library for iOS, similar to google analytics where you track pages and events (we couldn't use google's). G was SO good at this job he implemented 2 features we didn't even ask for:

- If the library was unable to load its config file (for any reason) it would throw an uncatchable system integrity error, crashing the app.
- If anything was passed into any of the functions that wasn't expected (null, empty array etc.) it would crash the app as it was "more efficient" to not do any sanity checks inside the library.

This caused a lot of issues as some of the data needed to come from the clients server. The day we launched the app, within the first 3 hours we had over 40k crash logs and a VERY angry client.

Now, what makes this story important is not the bugs themselves, come on how many times have we all done something stupid? No the issue here was G defended all of this as the right thing to do!

.. and no he wasn't stoned or drunk!

G claimed if he couldn't get the right settings / params he wouldn't be able to track the event and then our CEO wouldn't have our usage data. To which I replied:

"So your solution was to not give the client an app instead? ... which also doesn't give the CEO his data".

He got very angry and asked me "what would you do then?". I offered a solution something like why not have a default tag for "error" or "unknown" where if theres an issue, we send up whatever we have, plus the file name and store it somewhere else. I was told I was being ridiculous as it wasn't built to track anything like that and that would never work ... his solution? ... pull the library out of the app and forget it.

... once again giving everyone no data.

G later moved onto another cross-platform style project. Backend team were particularly unhappy as they got no spec of what needed to be done. All they knew was it was a single endpoint dealing with very complex model. There was no Java classes, super classes, abstract classes or even interfaces, just this huge chunk of mocked data. So myself and the lead sat down with him, and asked where the interfaces for the backend where, or designs / architecture for them etc.

His response, to this day frightens me ... not makes me angry, not bewilders me ... scares the living shit out of me that people like this exist in the world and have successful careers.

G: "hhhmmm, I know how to build an interface, but i've never understood them ... Like lets say I have an interface, what now? how does that help me in any way? I can't physically use it, does it not just use up time building it for no reason?"

us: "... ... how are the backend team suppose to understand the model, its types, integrate it into the other systems?"

G: "Can I not just tell them and they can write it down?"

**
I'll just pause here for a moment, as you'll likely need to read that again out of sheer disbelief
**

I've never seen someone die inside the way the lead did. He started a syllable and his face just dropped, eyes glazed over and he instantly lost all the will to live. He replied:

" wel ............... it doesn't matter ... its not important ... I have to go, good luck with the project"

*killed the screen share and left the room*

now I know you are all dying in suspense to know what happened to that project, I can drop the shocking bombshell that it was in fact cancelled. Thankfully only ~350 man hours were spent on it

... yep, not a typo.

G's crowning achievement however will go down in history. VERY long story short, backend got deployed to the server and EVERYTHING broke. Lead investigated, found mistakes and config issues on every second line, load balancer wasn't even starting up. When asked had this been tested before it was deployed:

G: "Yeah I tested it on my machine, it worked fine"

lead: "... and on the server?"

G: "no, my machine will do the same thing"

lead: "do you have a load balancer and multiple VM's?"

G: "no, but Java is Java"

... and with that its time to end todays episode. Will G be our most incompetent? ... maybe.

Tune in later for more practiceSafeHex's most incompetent co-worker!!!

My current project at work: purchase verification, aka anti-fraud.

It's been two weeks, and my boss is flipping out because it isn't done. A robust anti-fraud solution. in two weeks. And he thought one week was a little much.

like, fucking really?

There are companies whose entire service is helping combat fraud. and he wants this done in a bloody week?

What makes me laugh through my tears of frustration is that the company that moved into the previous office? Yep, anti-fraud. Their entire business model is providing anti-fraud services to other businesses. They even tried selling him on it when they moved in. Bossman sales guy turned it around and sold my freaking desk out from under me instead.

But like. They're a small company: they had 9 people when they moved in, and were looking to add three more, so a total of 12 people. (I totally considered jumping ship, but their stack was too different.)

So. Bossman wants me to replace 9-12 people and their entire business in a fucking week. Yeah.

"Oh, but it's just sms verification" says he. What he also wants is the ability to flag users as fraudulent, have sticky verifications so they can't bypass them by backing out, have email checks as well as sms, have deferred verification to allow collecting required info (e.g. phone number), verification fallback, lockouts, manual admin whitelisting, admin blacklisting, and different rules per merchant and rule groups for affiliates to apply to all of their merchants, and of course the ability to customize those merchant/affiliate anti-fraud rules. But he shortens this gigantic list to "I want sms verification," despite actually asking for all of the above. I don't want to know about the mental gymnastics and/or blindfolding required to equate the two, but he's nuts.

Yeah.
All of that.
In a goddamn week.

And I get chewed out when it isn't done? Fuck off.

Go build me a goddamn 5m ft^2 castle out of basalt and marble using only your toothbrush and a rusty garden trowel, and have it done in a week. No outsourcing.

talk about ridiculous.

A sidebar.
Literally just a sidebar.
And yes, this was in Hell.

Its code was spread across at least 40 files, and it used a bunch of freaking global variables to unfurl accordion sections, hide other sections/items, highlight the active item, etc. These were set (and unset!) in controller actions, so if you didn’t unset one, it remained open and highlighted until another action unset it.

Some of the global variable checks (and permissions checks) were done in the individual views, some outside of the `render` statements that include them. Some of them inherited variables from the parent, some from the controller, some from globals. Getting a view to work was trial and error. Oh, and some had their own inline css, some used css classes.

Subsections were separate views, so were some individual items, both sometimes rendered using shared templates, and all of the views and templates had the exact. same. filename. (They were located in different directories, and thus located automagically via implicit relative paths.) So, it was a virtually endless parade of`render partial => “sidebar”`. Which file does that point to? Good luck figuring it out!

Also, comments in several places said adding a new section required a database migration. I never did figure out why.

Anyway, I discovered this because I had an innocuous-sounding ticket to rearrange the sidebar, group some sections/items under different permissions, move some items to another menu, and nest some others differently.

It took me two bloody weeks, and this was when I was extremely productive every day.

Afterward, I was so disgusted by it that I took a day and removed every trace of the sidebar I could find, and rewrote it. I defined the sidebar in a hash, and wrote a simple recursive builder to generate the markup. It supported optional icons, n-level nesting, automatic highlighting of the current item and all parent nodes, compound and inherited permissions, wrapping of long names, hover and unfurl animations, etc. Took me a couple hundred lines of Ruby at the most, plus about the same of css.

Felt so good to remove that blight.

The following meeting occurred at a client between a recently added client PM and our team, we'll call her Shrilldesi, previously from one of the main consulting vendors.

*Meeting begins after 15 minutes of bullshitting, waiting for people to file in*
Shrilldesi: "Ok everyone, let's get started
TeamMember: "We're still waiting for Z and W, not sure why they're late."
SD: "We can start there. It was decided had to lay off Z and W, because we didn't have enough work."
Moi: "Wait, what. Who made that decision? Why weren't we consulted on this? We have another project starting next week that they were needed for. They just delivered the entire public facing rewrite, why would we let them go?!"
SD: "It was decided by myself, pajeet, and venkata looking at the backlog. Not enough work, week gap."
Moi: "This is going to hurt our ability to deliver the next phase. When are we going to start interviewing new people, the project begins next week?"
SD: "We will interview new resources as needed."
Moi: "Who is we? And 'as needed' is yesterday, or realistically several weeks ago as the. project. starts. next. week. Also, we're obligated by federal law to bring back anyone we lay off before we hire anyone else for the same position."
SD: "Interviews will be done by myself, Mohd, and Pajeet."
Moi: "...can I point out that there's only one modestly technical person in that group, they're an admin, and none of them are from this team? How do you conduct an engineering interview without any engineers?"
SD: "That does not matter, I have watched enough to be able to ask your questions."
Moi: *anger intensifies* "I have to respectfully disagree. I don't feel it's appropriate to cut us out of the process of interviewing our own team members."
SD: "It is decided, we will take care of it, let us move on. Next, we need to find work for the Manasa, she doesn't have anything to do."
Moi: *sharpens baseball bat* "...shouldn't we just fire her then?"
SD: "Oh that is so mean, why would we fire her? We were thinking she might be able to do some of my project management work."
Moi: *sharpening intensifies* "You do realize it's a violation of H1-B statutes for someone to be employed in work other than what is stated on their contract, and Project Managers are specifically listed as not specialized skillsets per federal law."
SD: *ignores question* "We also need to find work for the offshore team, they don't have enough to do. Please find them work for the next period."
Moi: *checks how long the wait period is for ar-15s*
SD: "We also have a new person rolling onto our team, he comes from the xyz team, Dikshit *gestures to person we all figured was lost*. He will be handling our front end development."
Moi: *seething hatred* "WE JUST LET TWO EXCELLENT FRONT END DEVELOPERS GO. WE DO NOT NEED DIKSHIT."
SD: "Please calm down. We will be replacing the other two shortly, there is no problem."
Moi: "Have you heard nothing I've said? Did you even run this by legal and HR? Why did we let them go in the first place? Why do we even need Dikshit?!"
SD: "I said it before, please listen. There is not enough work for them. Dikshit will do front end. What is unclear?"

Note: There's not really any dramatization here. It's almost verbatim what happened. Eventually, the next project was cancelled, they incrementally rolled the rest of the local team off. They then had the cojones to express aghast anger when I notified them I would not be renewing my contract, and open hatred when I explained to them I was not a slave, and I refused to be a bag holder for the inevitable failure of a project without any chance of success. I don't really care what happened after that, they can all burn in their own little nepotistic shitshow of perpetual failure.

So, some time ago, I was working for a complete puckered anus of a cosmetics company on their ecommerce product. Won't name names, but they're shitty and known for MLM. If you're clever, go you ;)

Anyways, over the course of years they brought in a competent firm to implement their service layer. I'd even worked with them in the past and it was designed to handle a frankly ridiculous-scale load. After they got the 1.0 released, the manager was replaced with some absolutely talentless, chauvinist cuntrag from a phone company that is well known for having 99% indian devs and not being able to heard now. He of course brought in his number two, worked on making life miserable and running everyone on the team off; inside of a year the entire team was ex-said-phone-company.

Watching the decay of this product was a sheer joy. They cratered the database numerous times during peak-load periods, caused $20M in redis-cluster cost overrun, ended up submitting hundreds of erroneous and duplicate orders, and mailed almost $40K worth of product to a random guy in outer mongolia who is , we can only hope, now enjoying his new life as an instagram influencer. They even terminally broke the automatic metadata, and hired THIRTY PEOPLE to sit there and do nothing but edit swagger. And it was still both wrong and unusable.

Over the course of two years, I ended up rewriting large portions of their infra surrounding the centralized service cancer to do things like, "implement security," as well as cut memory usage and runtimes down by quite literally 100x in the worst cases.

It was during this time I discovered a rather critical flaw. This is the story of what, how and how can you fucking even be that stupid. The issue relates to users and their reports and their ability to order.

I first found this issue looking at some erroneous data for a low value order and went, "There's no fucking way, they're fucking stupid, but this is borderline criminal." It was easy to miss, but someone in a top down reporting chain had submitted an order for someone else in a different org. Shouldn't be possible, but here was that order staring me in the face.

So I set to work seeing if we'd pwned ourselves as an org. I spend a few hours poring over logs from the log service and dynatrace trying to recreate what happened. I first tested to see if I could get a user, not something that was usually done because auth identity was pervasive. I discover the users are INCREMENTAL int values they used for ids in the database when requesting from the API, so naturally I have a full list of users and their title and relative position, as well as reports and descendants in about 10 minutes.

I try the happy path of setting values for random, known payment methods and org structures similar to the impossible order, and submitting as a normal user, no dice. Several more tries and I'm confident this isn't the vector.

Exhausting that option, I look at the protocol for a type of order in the system that allowed higher level people to impersonate people below them and use their own payment info for descendant report orders. I see that all of the data for this transaction is stored in a cookie. Few tests later, I discover the UI has no forgery checks, hashing, etc, and just fucking trusts whatever is present in that cookie.

An hour of tweaking later, I'm impersonating a director as a bottom rung employee. Score. So I fill a cart with a bunch of test items and proceed to checkout. There, in all its glory are the director's payment options. I select one and am presented with:

"please reenter card number to validate."

Bupkiss. Dead end.

OR SO YOU WOULD THINK.

One unimportant detail I noticed during my log investigations that the shit slinging GUI monkeys who butchered the system didn't was, on a failed attempt to submit payment in the DB, the logs were filled with messages like:

"Failed to submit order for [userid] with credit card id [id], number [FULL CREDIT CARD NUMBER]"

One submit click later and the user's credit card number drops into lnav like a gatcha prize. I dutifully rerun the checkout and got an email send notification in the logs for successful transfer to fulfillment. Order placed. Some continued experimentation later and the truth is evident:

With an authenticated user or any privilege, you could place any order, as anyone, using anyon's payment methods and have it sent anywhere.

So naturally, I pack the crucifixion-worthy body of evidence up and walk it into the IT director's office. I show him the defect, and he turns sheet fucking white. He knows there's no recovering from it, and there's no way his shitstick service team can handle fixing it. Somewhere in his tiny little grinchly manager's heart he knew they'd caused it, and he was to blame for being a shit captain to the SS Failboat. He replies quietly, "You will never speak of this to anyone, fix this discretely." Straight up hitler's bunker meme rage.

It's enough. I have to quit my job.

December last year I've started working for a company doing finance. Since it was a serious-sounding field, I tought I'd be better off than with my previous employer. Which was kinda the family-agency where you can do pretty much anything you want without any real concequences, nor structures. I liked it, but the professionalism was missing.

Turns out, they do operate more professionally, but the intern mood and commitment is awful. They all pretty much bash on eachother. And the root cause of this and why it will stay like this is simply the Project Lead.

The plan was that I was positioned as glue between Design/UX and Backend to then make the best Frontend for the situation. Since that is somewhat new and has the most potential to get better. Beside, this is what the customer sees everyday.

After just two months, an retrospective and a hell lot of communication with co-workers, I've decided that there is no other way other than to leave.

I had a weekly productivity of 60h+ (work and private, sometimes up to 80h). I had no problems with that, I was happy to work, but since working in this company, my weekly productivity dropped to 25~30h. Not only can I not work for a whole proper work-week, this time still includes private projects. So in hindsight, I efficiently work less than 20h for my actual job.

The Product lead just wants feature on top of feature, our customers don't want to pay concepts, but also won't give us exact specifications on what they want.
Refactoring is forbidden since we get to many issues/bugs on a daily basis so we won't get time.
An re-design is forbidden because that would mean that all Screens have to be re-designed.
The product should be responsive, but none of the components feel finished on Desktop - don't talk about mobile, it doesn't exist.
The Designer next to me has to make 200+ Screens for Desktop and Mobile JUST so we can change the primary colors for an potential new customer, nothing more. Remember that we don't have responsiveness? Guess what, that should be purposely included on the Designs (and it looks awful).
I may hate PHP, but I can still work with it. But not here, this is worse then any ecommerce. I have to fix legacy backend code that has no test coverage. But I haven't touched php for 4 years, letalone wrote sql (I hate it). There should be no reason whatsoever to let me do this kind of work, as FRONTEND ARCHITECT.

After an (short) analysis of the Frontend, I conclude that it is required to be rewritten to 90%. There have been no performance checks for the Client/UI, therefor not only the components behave badly, but the whole system is slow as FUCK! Back in my days I wrote jQuery, but even that shit was faster than the architecuture of this React Multi-instance app. Nothing is shared, most of the AppState correlate to other instances.

The Backend. Oh boy. Not only do we use an shitty outated open-source project with tons of XSS possibillities as base, no we clone that shit and COPY OUR SOURCES ON TOP. But since these people also don't want to write SQL, they tought using Symfony as base on top of the base would be an good idea.
Generally speaking (and done right), this is true. but not then there will be no time and not properly checked. As I said I'm working on Legacy code. And the more I look into it, the more Bugs I find. Nothing too bad, but it's still a bad sign why the webservices are buggy in general. And therefor, the buggyness has to travel into the frontend.

And now the last goodies:
- Composer itself is commited to the repo (the fucking .phar!)
- Deployments never work and every release is done manually
- We commit an "_TRASH" folder
- There is an secret ongoing refactoring in the root of the Project called "_REFACTORING" (right, no branches)
- I cannot test locally, nor have just the Frontend locally connected to the Staging webservices
- I am required to upload my sources I write to an in-house server that get's shared with the other coworkers
- This is the only Linux server here and all of the permissions are fucked up
- We don't have versions, nor builds, we use the current Date as build number, but nothing simple to read, nonono. It's has to be an german Date, with only numbers and has always to end with "00"
- They take security "super serious" but disable the abillity to unlock your device with your fingerprint sensor ON PURPOSE

My brain hurts, maybe I'll post more on this shit fucking cuntfuck company. Sorry to be rude, but this triggers me sooo much!

Allright, I'm pissed.

Warning: more than 4k characters written by a non native english speaker ahead.

Legend:
Storytelling
> Short summary of the current situation
> "Something being said"
> (Something being thought)
* Actions *

-- Background --
In an attempt to reorganize my desktop I accidentally deleted a folder I called "development". In there I stored links to all my IDEs (Not sure how you call these in english), but also some workspaces like unity (Not much stuff there, processing (just some hobby stuff) AND Eclipse (FUCKING EVERYTHING RELATED TO SCHOOL WEB DEVELOPMENT). Now 3 days have passed and I realized this important folder was missing. Cleared that windows trash the instant I deleted the trash on my desktop.

> Shit, Regret

Install a file restore programm. Do every possible search. Nothing found.

> Big shit

Deadline was in like 3 days. Week was fucking rough so:
> "Screw this, the teacher nevet corrects the assignments and also fuck JSP"

Fast forward 2 months to last week. Teacher starts checking assignments.

> Fuck

* Sees pattern: Only students with missing or bad marks are checked. *

* Feels save *

Teacher approaching me while working on current projects.
* Doesn't feel save anymore *
> "Well, I'ld like to see your THAT programm"
> Well fuck
* Tells the truth *
> "Well that's unfortunate, but I must write a mark. Do you really have nothing to show?"
* Remember that I worked on the school pcs when I started *
> (Better than nothing. Gotta try it)
* Teacher checks programm, not pleased *

> (Fuck me, but at least it's over...)

> Nope

* Teacher calls me over *
> "With the mark I had to write today you can't reach that good mark even with a good examination, what are we gonna do about this?"

> "Well, there were other assignments that were never checked. Could we replace that mark with one of those?"

* Teacher agrees *
> (Srly bless this guy for that support)

My best choice was an Android app we had to develop during December in pairs. I did the front end (90% of the whole work) and my partner the backend (10 %). I also did 30 % of these 10 %, because I had to review the shit he wasn't able to debug himself.

> brainlogic.exe provided by windows vista

This distribution was partly my fault since I overestimated the work needed for the backend, but also the fault of that fucker. I mean, he didn't tell me the professor already provided 90 % of the backend...

Rest of the week was really busy (always 1 or 2 things to study for each day, workout and family stuff).

Yesterday (It's past 12 already) I arrived at ~9 pm in the dorm I could finally start reviewing my code.
Internet gets shut down at 10 pm.
Gotta hurry.

* Opens project *
* Sees half a year old code *
* Fights urge to puke *
> (Alright I gotta do this. For the mark!)
* waits for gradle to index files *
* Remembers the fact that I haven't opened Android Studio in the last 2 months *

For those who don't develop with android studio: This is an equivalent to ~10k windows updates waiting to be installed

> (Well, gotta work with this kinda old version)

"gradle sync failed"
> ( Ok, just restart it. You're fine )
* Android Studio doesn't react anymore and/or renders *
* Waits 5 min *
* Restarts laptop *
* Android Studio is reacting again*
"gradle is synching"
9:45 pm: gradle is done and I can finally compile my app

> FML

* Sees App launched on phone *
* Almost pukes again *

> (This was the assigment for the UX chapter, so design doesn't matter)

UX is decent. Proceeds with testing stuff. Save paths work, but some bugs can be caused by going of it

* fixes as much as possible *

* Takes quick look at backend *

Date date = new Date (GregorianCalender.getInstance().getTimeInMillis());

C'mon, I asked you to be the backend. You got 90% of the methods already written by the teacher and had 2 months to write the interfaces to my Front end AND you come up with shits like that.

Note: this example is a minor example of brainlogic.exe

I did what I could to make improve my situation. Hopefully he doesn't discover the bugs. And If it's a backend bug then I could't care less, since that was not my job!

Wish me luck for today!

Currently working on the privacy site CMS REST API.

For the curious ones, building a custom thingy on top of the Slim framework.

As for the ones wondering about security, I'm thinking out a content filtering (as in, security/database compatibility) right now.

Once data enters the API, it will first go through the filtering system which will check filter based on data type, string length and so on and so on.

If that all checks out, it will be send into the data handling library which basically performs all database interactions.

If everything goes like I want it to go (very highly unlikely), I'll have some of the api actions done by tonight.

But I've got the whole weekend reserved for the privacy site!

One Thursday noon,
operation manager: (looking at mobile)what the.....something is wrong i am getting bunch of emails about orders getting confirmed.
Colleague dev: (checks the main email where it gets all email sent/received) holy shit all of our clients getting confirmation email for orders which were already cancelled/incomplete.
Me: imediately contacting bluehost support, asking them to down the server so just that we can stopp it, 600+ emails were already sent and people keep getting it.
*calls head of IT* telling the situation because he's not in the office atm.

CEO: wtf is happening with my business, is it a hacker?

*so we have a intrusion somebody messed the site with a script or something*

All of us(dev) sits on the code finding the vulnerabilities , trying to track the issue that how somebody was able to do that.

*After an hour*

So we have gone through almost easch function written in the code which could possibly cause that but unable to find anything which could break it.

Head asking op when did you started getting it actually?
Op: right after 12 pm.

*an other hour passes*

Head: (checking the logs) so right after the last commit, site got updated too?. And....and.....wtf what da hell who wrote this shit in last commit?
* this fuckin query is missing damn where clause* 🤬

Me: me 😰

*long pause, everyone looking at me and i couldn't look at anyone*
The shame and me that how can i do that.

Head: so its you not any intrudor 😡
Further investigating, what the holy mother of #_/&;=568 why cronjob doesn't check how old the order is. Why why why.

(So basically this happened, because of that query all cancelled/incomplete orders got updated damage done already, helping it the cronjob running on all of them sending clients email and with that function some other values got updated too, inshort the whole db is fucked up.)
and now they know who did it as well.

*Head after some time cooling down, asked me the solution for the mess i create*

Me: i took backup just couple of days before i can restore that with a script and can do manual stuff for the recent 2 days. ( operation manager was already calling people and apologising from our side )

Head: okay do it now.

Me: *in panic* wrote a script to restore the records ( checking what i wrote 100000000 times now ), ran...tested...all working...restored the data.
after that wrote an apology email, because of me staff had to work alot and it becomes so hectic just because of me.

* at the end of the day CEO, head, staff accepted apology and asked me to be careful next time, so it actually teached me a lesson and i always always try to be more careful now especially with quries. People are really good here so that's how it goes* 🙂

Paranoid Developers - It's a long one
Backstory: I was a freelance web developer when I managed to land a place on a cyber security program with who I consider to be the world leaders in the field (details deliberately withheld; who's paranoid now?). Other than the basic security practices of web dev, my experience with Cyber was limited to the OU introduction course, so I was wholly unprepared for the level of, occasionally hysterical, paranoia that my fellow cohort seemed to perpetually live in. The following is a collection of stories from several of these people, because if I only wrote about one they would accuse me of providing too much data allowing an attacker to aggregate and steal their identity. They do use devrant so if you're reading this, know that I love you and that something is wrong with you.

That time when...

He wrote a social media network with end-to-end encryption before it was cool.

He wrote custom 64kb encryption for his academic HDD.

He removed the 3 HDD from his desktop and stored them in a safe, whenever he left the house.

He set up a pfsense virtualbox with a firewall policy to block the port the student monitoring software used (effectively rendering it useless and definitely in breach of the IT policy).

He used only hashes of passwords as passwords (which isn't actually good).

He kept a drill on the desk ready to destroy his HDD at a moments notice.

He started developing a device to drill through his HDD when he pushed a button. May or may not have finished it.

He set up a new email account for each individual online service.

He hosted a website from his own home server so he didn't have to host the files elsewhere (which is just awful for home network security).

He unplugged the home router and began scanning his devices and manually searching through the process list when his music stopped playing on the laptop several times (turns out he had a wobbly spacebar and the shaking washing machine provided enough jittering for a button press).

He brought his own privacy screen to work (remember, this is a security place, with like background checks and all sorts).

He gave his C programming coursework (a simple messaging program) 2048 bit encryption, which was not required.

He wrote a custom encryption for his other C programming coursework as well as writing out the enigma encryption because there was no library, again not required.

He bought a burner phone to visit the capital city.

He bought a burner phone whenever he left his hometown come to think of it.

He bought a smartphone online, wiped it and installed new firmware (it was Chinese; I'm not saying anything about the Chinese, you're the one thinking it).

He bought a smartphone and installed Kali Linux NetHunter so he could test WiFi networks he connected to before using them on his personal device.

(You might be noticing it's all he's. Maybe it is, maybe it isn't).

He ate a sim card.

He brought a balaclava to pentesting training (it was pretty meme).

He printed out his source code as a manual read-only method.

He made a rule on his academic email to block incoming mail from the academic body (to be fair this is a good spam policy).

He withdraws money from a different cashpoint everytime to avoid patterns in his behaviour (the irony).

He reported someone for hacking the centre's network when they built their own website for practice using XAMMP.

I'm going to stop there. I could tell you so many more stories about these guys, some about them being paranoid and some about the stupid antics Cyber Security and Information Assurance students get up to. Well done for making it this far. Hope you enjoyed it.

Watch out for these fucking bug bounty idiots.

Some time back I got an email from one shortly after making a website live. Didn't find anything major and just ran a simple tool that can suggest security improvements simply loading the landing page for the site.

Might be useful for some people but not so much for me.

It's the same kind of security tool you can search for, run it and it mostly just checks things like HTTP headers. A harmless surface test. Was nice, polite and didn't demand anything but linked to their profile where you can give them some rep on a system that gamifies security bug hunting.

It's rendering services without being asked like when someone washes your windscreen while stopped at traffic but no demands and no real harm done. Spammed.

I had another one recently though that was a total disgrace.

"I'm a web security Analyst. My Job is to do penetration testing in websites to make them secure."
"While testing your site I found some critical vulnerabilities (bugs) in your site which need to be mitigated."
"If you have a bug bounty program, kindly let me know where I should report those issues."
"Waiting for response."

It immediately stands out that this person is asking for pay before disclosing vulnerabilities but this ends up being stupid on so many other levels.

The second thing that stands out is that he says he's doing a penetration test. This is illegal in most major countries. Even attempting to penetrate a system without consent is illegal.

In many cases if it's trivial or safe no harm no foul but in this case I take a look at what he's sending and he's really trying to hack the site. Sending all kinds of junk data and sending things to try to inject that if they did get through could cause damage or provide sensitive data such as trying SQL injects to get user data.

It doesn't matter the intent it's breaking criminal law and when there's the potential for damages that's serious.

It cannot be understated how unprofessional this is. Irrespective of intent, being a self proclaimed "whitehat" or "ethical hacker" if they test this on a site and some of the commands they sent my way had worked then that would have been a data breach.

These weren't commands to see if something was possible, they were commands to extract data. If some random person from Pakistan extracts sensitive data then that's a breach that has to be reported and disclosed to users with the potential for fines and other consequences.

The sad thing is looking at the logs he's doing it all manually. Copying and pasting extremely specific snippets into all the input boxes of hacked with nothing to do with the stack in use. He can't get that many hits that way.

Coworker: hey can you do this?

Me: sure *couple hours later* it's done.

Coworker several hours later: that thing you did completely changed. Can you update it?

*checks the platform we use so non devs can create web pages* All of my code was erased and I have to restart and add even more functionality. Why the actual fuck would you hire web developers if you're just going to have other employees use a poorly built tool to build pages. Every fucking time something breaks in the shitty fucking app, I have to fix it. Or if it doesn't do some crazy functionality, I have to hack code in there to do it in the ugliest way. Fuck tools like this. Fuck companies who make money off of these tools/use these tools. And fuck the developers who make these shitty tools that give real web developers so much frustration.

So here's the deal. I am a team lead of a small company and I have a junior who is an idiot. I mean literally, idiot. We code in Python mostly and as Python is not structured as a default Java or C# project, the developer needs to be very careful so that the structure (or tiers) is maintained properly.

Now this girl, always messes up the tiers. Say one enhancement can be easily implemented in the UI tier, she would do the implementation in the core Db access layer, which may complete this particular enhancement, but breaks all the other functions (sometimes the whole project) connected to that particular module of the Db layer. She doesn't do any integration testing after updating the code, she only checks the current enhancement she is working on. When the enhancement goes to the testing phase, the testers find those broken functions and that results a re-work (most of the times done by me).

I have warned her. Even our manager has warned her. She always tells that she is working to improve herself. But I know, she isn't. She mostly chats with her boyfriends (yes, with an 's') when she has no work to do. She never upgrades herself or works on her skills.

I can easily report about her, and they will fire her without any warning (they did it already with a guy earlier). I don't want to do that again. What should I do? Any suggestions?

Oh, she has a great ego. She thinks that knows and understands everything. She will listen to your suggestions carefully, but will never follow those.

The project tech lead asks me to add some Docker configuration files sent by the client to a project. He gives me a zip file and I unzip it and add the files to Git. Job done.
Later he checks the commit and starts bitching because I unzipped the file and it should have been added as a zip. After much debate trying to explain to him that Docker wouldn't open the zip file to search for the Dockerfile he just says "Can you just do it? I double checked with the client!". I give up after giving him all the arguments why he is wrong and do it.
The next day the client checks the commit and comments bitching that I included the zip file and not the contents of it.

So recently I did a lot of research into the internals of Computers and CPUs.
And i'd like to share a result of mine.

First of all, take some time to look at the code down below. You see two assembler codes and two command lines.

The Assembler code is designed to test how the instructions "enter" and "leave" compare to manually doing what they are shortened to.

Enter and leave create a new Stackframe: this means, that they create a new temporary stack. The stack is where local variables are put to by the compiler. On the right side, you can see how I create my own stack by using

push rbp
mov rbp, rsp
sub rsp, 0

(I won't get into details behind why that works).

Okay. Why is this even relevant?
Well: there is the assumption that enter and leave are very slow. This is due to raw numbers:
In some paper I saw ( I couldn't find the link, i'm sorry), enter was said to use up 12 CPU cycles, while the manual stacking would require 3 (push + mov + sub => 1 + 1 + 1).

When I compile an empty function, I get pretty much what you'd expect just from the raw numbers of CPU cycles.

HOWEVER, then I add the dummy code in the middle:

mov eax, 123
add eax, 123543
mov ebx, 234
div ebx

and magically - both sides have the same result.

Why????

For one thing, there is CPU prefetching. This is the CPU loading in ram before its done executing the current instruction (this is how anti-debugger code works, btw. Might make another rant on that). Then there is the fact that the CPU usually starts work on the next instruction while the current instruction is processing IFF the register currently involved isnt involved in the next instruction (that would cause a lot of synchronisation problems). Now notice, that the CPU can't do any of that when manually entering and leaving. It can only start doing the mov eax, 1234 while performing the sub rsp, 0.

----------------

NOW: notice that the code on the right didn't take any precautions like making sure that the stack is big enough. If you sub too much stack at once, the stack will be exhausted, thats what we call a stack overflow. enter implements checks for that, and emits an interrupt if there is a SO (take this with a grain of salt, I couldn't find a resource backing this up). There are another type of checks I don't fully get (stack level checks) so I'd rather not make a fool of myself by writing about them.

Because of all those reasons I think that compilers should start using enter and leave again.

========

This post showed very well that bare numbers can often mislead.

Chrome, Firefox, and yes even you Opera, Falkon, Midori and Luakit. We need to talk, and all readers should grab a seat and prepare for some reality checks when their favorite web browsers are in this list.

I've tried literally all of them, in search for a lightweight (read: not ridiculously bloated) web browser. None of them fit the bill.

Yes Midori, you get a couple of bonus points for being the most lightweight. Luakit however.. as much as I like vim in my terminal, I do not want it in a graphical application. Not to mention that just like all the others you just use webkit2gtk, and therefore are just as bloated as all the others. Lightweight my ass! But programmable with Lua, woo! Not like Selenium, Chrome headless, ... does that for any browser. And that's it for the unique features as far as I'm concerned. One is slow, single-threaded and lightweight-ish (Midori) and another has vim keybindings in an application that shouldn't (Luakit).

Pretty much all of them use webkit2gtk as their engine, and pretty much all of them launch a separate process for each tab. People say this is more secure, but I have serious doubts about that. You're still running all these processes as the same user, and they all have full access to the X server they run under (this is also a criticism against user separation on a single X session in general). The only thing it protects against is a website crashing the browser, where only that tab and its process would go down. Which.. you know.. should a webpage even be able to do that?

But what annoys me the most is the sheer amount of memory that all of these take. With all due respect all of you browsers, I am not quite prepared to give 8 fucking gigabytes - half the memory in this whole box! - just for a dozen or so tabs. I shouldn't have to move my web browser to another lesser used 16GB box, just to prevent this one from going into fucking swap from a dozen tabs. And before someone has a go at the add-ons, there's 4 installed and that's it. None of them are even close to this complete and utter memory clusterfuck. It's the process separation. Each process consumes half a GB of memory, and there's around a dozen of them in a usual browsing session. THAT is the real problem. And I want to get rid of it.

Browsers are at their pinnacle of fucked up in my opinion, literally to the point where I'm seriously considering elinks. Being a sysadmin, I already live my daily life in terminals anyway. As such I also do have resources. But because of that I also associate every process with its cost to run it, in terms of resources required. Web browsers are easily at the top of the list.

I want to put 8GB into perspective. You can store nearly 2 entire DVD movies in that memory. However media players used to play them (such as SMPlayer) obviously don't do that. They use 60-80MB on average to play the whole movie. They also require far less processing power than YouTube in a web browser does, even when you download that exact same video with youtube-dl (either streamed within the media player or externally). That is what an application should be.

Let's talk a bit about these "complicated" websites as well. I hate to break it to you framework web devs, but you're a dime a dozen. The competition is high between web devs for that exact reason. And websites are not complicated. The document itself is plain old HTML, yes even if your framework converts to it in the background. That's the skeleton of your document, where I would draw a parallel with documents in office suites that are more or less written in XML. CSS.. oh yes, markup. Embolden that shit, yes please! And JavaScript.. oh yes, that pile of shit that's been designed in half a day, and has a framework called fucking isEven (which does exactly what it says on the tin, modulo 2 be damned). Fancy some macros in your text editor? Yes, same shit, different pile.

Imagine your text editor being as bloated as a web browser. Imagine it being prone to crashing tabs like a web browser. Imagine it being so ridiculously slow to get anything done in your productivity suite. But it's just the usual with web browsers, isn't it? Maybe Gopher wasn't such a bad idea after all... Oh and give me another update where I have to restart the browser when I commit the heinous act of opening another tab, just because you had to update your fucking CA certs again. Yes please!

Fml... you keep getting the weekly discussions right on point.

I started with the last guys right out of university... just out of Hospital.

With a brand new degree and a Crohn’s diagnosis I stepped into the first place I found hiring. They were good guys, after a junior dev... to get stuck in their muck.

I did! I nailed project after project, tricky development after tricky development. I spent 5 years with them and over those years things changed.

They had a mass cull... the original idea was to get rid of the useless middle managers, the ones managing other managers being managed by another manager for no real reason.... the ones that do fuck all with their day.

But the fucking idiots upstairs put the job of working out the cull in the shitty middle managers hands.

So, instead, they cut the titles senior, junior and everything in between. Everyone was just a thing, no senior things, no junior things. Just things.

Once they’d done that they said “we’ll we have this many things, they’re all the same, let’s get rid of the things with the highest pay checks because the other things can do it just as well for less money”...

And that’s how they cut 50% of their senior techs.

I was one of the ones left behind but the damage became obvious quick. The middle managers barked out orders at people who couldn’t complete them, and everything went to shit.

My team was rebranded twice in as many years... an obvious ploy for funding, but the cost of the team fluctuated like hell because contractors had to fill the senior positions at 3 times the cost.

Then the managers started barking out Self contradictory orders. Do this, but this way...

This would work, but not that way... try explaining that to a group of non-technical, useless as fuck middle managers. It took months, and shit flows downstream so we got the bulk of the hassle for it.

Then my boy Morpheus, got a warning... they threatened his contract for saying “this will work, but not that way”.

He kept the contract, and the manager giving him the warning said he didn’t think he should... but he, and all the middle fuckwits don’t have the balls to stand up against nonsense.

That was the breaking point for me, I handed in my notice and told them a month was what they could have.

I didn’t have a position or an idea of where to go, a few long-standing offers as back up in a pinch but not the perfect job.

On the Thursday I decided I was done, I let my manager know. Then I boshed the fuck out of my CV and updated my profiles.

My phone started ringing off the hook, a senior NG2/MEAN/Ionic dev on the market is like candy to recruiters. They’re lovely too.

I went to a few interviews that were okay but not great. Then a company got in touch... one that I immediately recognised as an IT book publisher. They said they were looking for NG/NG2 devs, senior. winner! Set up the interview.

So I’d spent the weekend with the missus, about an hour away from mine and 2 from the interview. I hadn’t planned on staying there but at 6ish she looked over at me and said “do you have to go” <- imagine that with puppy dog eyes from a gorgeous Slovenian lass.

I folded quicker than a shitty pancake toss.

We spent the night together but that meant I had to be up at 6, to go back to mine, iron my interview clothes and make it to the train to manage the interview. Fuck. I did it, but I was at the interview wired on caffeine and struggling to be awake and coherent. I still managed, that’s what I do, I make do and try to do well regardless of the situation.

That comes from being ill btw, when you’re dealt a shitty hand you learn to play it well.

They were good guys, the heads all knew what they were on about, not the middle management bs I was used to.

They demoed me live with an ng1 test, which was awesome as hell to play with.

We chatted, friendly and cool guys! I loved the place.

The end of the week they got me in for second round. Ng2 and competence test, again I went for it!

Positive feedback and a “we’ll get back to you ASAP, should be by Tuesday”...

Tuesday was the Tuesday before the Friday I was due to leave the old company... I was cutting it close.

On the Monday the offers started rolling in, a few C# ASP MVC positions, cool but I was holding out for the guys I’d interviewed with.

Then Tuesday comes around, I’m nervous as fuck but it’s okay because I knew regardless I can pay the rent in December with one of the offers.

Then said yes!

The thing that seemed most important in the process was my ability to talk to any fucker. If you’re coming up to interview, talk to everyone, the grocer, your barista, the binmen, anyone. Practice that skill above all others.

I start tomorrow morning! I can’t wait.

Final thought: middle managers are taints.

Look, I get that it's really tricky to assess whether someone is or isn't skilled going solely by their profile.

That's alright.

What isn't center of the cosmic rectum alright with the fucking buttsauce infested state of interviews is that you give me the most far fetched and convoluted nonsense to solve and then put me on a fucking timer.

And since there isn't a human being on the other side, I can't even ask for clarification nor walk them through my reasoning. No, eat shit you cunt juice swallowing mother fucker, anal annhilation on your whole family with a black cock stretching from Zimbabwe to Singapore, we don't care about this "reasoning" you speak of. Fuck that shit! We just hang out here, handing out tricks in the back alley and smoking opium with vietnamese prostitutes, up your fucking ass with reason.

Let me tell you something mister, I'm gonna shove a LITERAL TON of putrid gorilla SHIT down your whore mouth then cum all over your face and tits, let's see how you like THAT.

Cherry on top: by the time I began figuring out where my initial approach was wrong, it was too late. Get that? L'esprit d'escalier, bitch. I began to understand the problem AFTER the timer was up. I could solve it now, except it wouldn't do me any fucking good.

The problem? Locate the topmost 2x2 block inside a matrix whose values fall within a particular range. It's easy! But if you don't explain it properly, I have to sit down re-reading the description and think about what the actual fuck is this cancerous liquid queef that just got forcefully injected into my eyes.

But since I can't spend too much time trying to comperfukenhend this two dollar handjob of a task, which I'd rather swap for teabagging a hairy ass herpes testicle sack, there's rushing in to try and make sense of this shit as I type.

So I'm about 10 minutes down or so already, 35 to go. I finally decipher that I should get the XY coords of each element within the specified range, then we'll walk an array of those coordinates and check for adjacency. Easy! Done, and done.

Another 10 minutes down, all checks in place. TEST. Wait, wat? Where's the output? WHERE. THE FUCK. IS. THE OUTPUT?! BITCH GIMME AN ANSWER. I COUT'D THE RETURN AND CAN SEE THE TERMINAL BUT ITS NOT SHOWING ME ANYTHINGGG?! UUUGHHH FUCKKFKFKFKFKFKFKFUFUFUFFKFK (...)

Alright, we have about 20 minutes left to finish this motorsaw colonoscopy, and I can't see what my code is outputting so I'm walking through the code myself trying to figure out if this will work. Oh, look at that I have to MANUALLY click this fucking misaligned text that says "clear" in order for any new output to register. Lovely, 10/10 web design, I will violate your armpits with an octopus soaked in rabid bear piss.

Mmmh, looks like I got this wrong. Figures. I'm building the array of coordinates sequentially, as a one dimentional list, which is very inconvenient for finding adjacent elements. No problem, let's try and fix that aaaaaand... SHIT IM ALMOST OUT OF TIME.

QUICK LYEB, QUICK!! REMEMBER WHAT FISCELLA TAUGHT YOU, IN BETWEEN MOLESTING YOUR SOUL WITH 16-BIT I/O CONSOLE PROBLEMS, LIKE THAT BITCH SNOWFALL THING YOU HAD TO SOLVE FOR A FRIEND USING TURBO C ON A FUCKING TOASTER IN COMPUTER LAB! RUN MOTHERFUCKER RUN!!!

I'm SWEATING. HEAVILY. I'm STEAMING, NON-EROTICALLY. Less than 10 minutes left. I'm trying to correct the code I have, but I start making MORE dumbfuck mistakes because I'm in a hurry!

5 minutes left. As I hit this point of no return, I realize exactly where my initial reasoning went wrong, and how I could fix it, but I can't because I don't have enough time. Sadface.

So I hastily put together skeleton of the correct implementation, and as the clock is nearly up, I write a comment explaining the bits I can't get to write. Page up, top of file, type "the editor was shit LMAO" and comment it out. SUBMIT.

This violent tale of brain damaged badmouth schizoid baby versus badly worded code challenges was brought to you by ButtholeSuffers. Tired of taking low-quality viagra before engaging in unprotected anal sex? Then try ButtholeSuffers, the new way to strengthen your everday erections! You'll be as fucking HARD as a WALL!

Visit triple doble minus you dot triple doble YOU dot doble-u doble www dotbit lyshAdy wwwwww academy smashlikeachamp ai/professional/$$%$X$/0FD0EFF~ \*¨-`++ ifyouclickurstupid for for a FREE coupon to get MINUS NaN OFF on a close-encounter with an inter-continental dick, and use my promo code HOPONBITCH if you'd like it *RAMMED* --FAR-- and D E E P L Y.

(lel ad break should continue I'm cutting it shortt) [CENSORED] grants *physical* access to your pants! Big ups to Annihilate for sponsoring this mental breakdown.

Also hi ;>

Parents had asked me to assemble some furniture, fix the pc and so some other "brain" work

Furniture
Me: *Stops to check something in the manual*
Parents: Are you stuck? Maybe try assembling the door upside down
Me: No, it is the right way
Parents: *Ramble, ramble*
Me: Just let me work, shut the hell up

PC
Me: *Checks cables, checks logs, ect*
Parents: Maybe it is the problem with (insert random tech word there)?
Me: No.
Parents: W h y?
Me: Let me finish, it isnt that, (tech word) isnt even correlated to that
Parents: But, but, you never talk to me... (ramble ramble)
Me: Get the hell outta the room
*Argumemt breaks out*
30min later

Me: *Finnaly manages to fix it after the heated argument*
Me: I finished, everything works
Parents: Great, but you are mean
Me: I managed to finish the work in 15 min, you dont even have enough strengh to call for a specialist, (but knowing me i wouldnt allow it anyway because a lot of them make a poor job), so in order to make it properly and to relieve you from learning how to fucking google i want you to stay out of this so i can just finish my job. Your interruptions waste time and i dont need your help at all. Everytime you tried to fix stuff you always managed to fuck shit up when you tried to do anything.
Parents: (ramble)
Me: SHUT THE FUCK UP, LEAVE MY ROOM
Parents:
Me:
Parents: *Leave the room*

1h later i get 25$ for the job perfectly done

Sometime i wish they were tech independent, so i can save my sanity and time but money is nice.

If anybody tries to argue that i should respect them:
I tried talking to them nicely countless times through years, but they always force themself to a project and they always fuck shit up because of it. I tried telling them about my problems and they tried helping me but after it didnt work they retured to the old: "it is the pc fault" and similar. Even if they couldnt help me i juat wanted them to understand my situation, but no that didnt happened.

First i fix my life then i will fix the relationship

But but greeeeeg, relationships should be cared for always!
Eat shit. There is time for family and there is time for me especialy when my life can suddenly colapse due to my problems.

First rant from my new job.
I got a position as backend-dev in a startup and for now i'm learning angular. Yes, you read that correctly, because the frontend-team is short-staffed i decided to switch teams. We are 3 people and neither one has sufficient angular-experience (the framework was a management decision).
First of all i got confused because we use slack and trello but the frontend-lead decided to do some stuff via google-spreadsheet too. Then we didn't have any code in our repository until yesterday. I tried to check out the repository after that, did an npm-install but when running ng serve i got an error "css-file not found". It turns out you had to download some files from the official website and put them in the unversioned node_modules directory. It was the teamlead's decision to do so and me and my coworker got really annoyed when we tried to set up everything on our end. But that's not all, yesterday the other dev's merged their first versions of the project. But not via git, that is way to mainstream. The coworker had to upload his code into the cloud and the teamlead copied the files into the project folder.
Aside from that the code already isn't the best, some things should be done differently imo and we have credentials in the code (not in some separate files, but in an if-else-clause that checks node.env.production).

We'll have a discussion about this tomorrow, let's hope things can be straightened out.

A bug is born
... and it's sneaky and slimy. Mr. Senior-been-doing-it-for-ears commits some half-assed shitty code, blames failed tests on availability of CI licenses. I decided to check what's causing this shit nevertheless, turns out he forgot to flag parts of the code consistently using his new compiler defines, and some parts would get compiled while others needed wouldn't .. Not a big deal, we all make mistakes, but he rushes to Teams chat directing a message to me (after some earlier non-sensible argument about merits of cherry picking vs re-base):
Now all tests pass, except ones that need CI license. The PR is done, you can use your preferred way to take my changes.

So after I spot those missing checks causing the tests to fail, as well as another bug in yet another test case, and yet another disastrous memory related bug, which weren't detected by the tests of course .. I ponder my options .. especially based on our history .. if I say anything he will get offended, or at best the PR will get delayed while he is in denial arguing back even longer and dependent tasks will get delayed and the rest of the team will be forced to watch this show in agony, he also just created a bottleneck putting so many things at stake in one PR ..

I am in a pickle here .. should I just put review comments and risk opening a can of worms, or should I just mention the very obvious bugs, or even should I do nothing .. I end up reaching for the PM and explained the situation. In complete denial, he still believes it's a license problem and goes on ranting about how another project suffering the same fate .. bla bla bla chipset ... bla bla bla project .. bla bla bla back in whatever team .. then only when I started telling him:
These issues are even spotted by "Bob" earlier, since for some reason you just dismissed whatever I just said ..
("Bob" is another more sane senior developer in the team, and speaks the same language as the PM)
Only now I get his attention! He then starts going through the issues with me (for some reason he thinks he is technical enough to get them) .. He now to some extent believes the first few obvious bugs .. now the more disastrous bug he is having really hard time wrapping his head around it .. Then the desperate I became, I suggest let's just get this PR merged for the sake of the other tasks after may be fixing the obvious issues and meanwhile we create another task to fix the bug later .. here he chips in:
You know what, that memory bug seems like a corner case, if it won't cause issues down the road after merging let's see if we need even to open an internal fix or defect for it later. Only customers can report bugs.

I am in awe how low the bar can get, I try again and suggest let's at least leave a comment for the next poor soul running into that bug so they won't be banging their heads in the wall 2hrs straight trying to figure out why store X isn't there unless you call something last or never call it or shit like that (the sneaky slimy nature of that memory bug) .. He even dismissed that and rather went on saying (almost literally again): It is just that Mr. Senior had to rush things and communication can be problematic sometimes .. (bla bla bla) back in "Sunken Ship Co." days, we had a team from open source community .. then he makes a very weird statement:
Stuff like what Richard Stallman writes in Linux kernel code reviews can offend people ..

Feeling too grossed and having weird taste in my mouth I only get in a bad hangover day, all sorts of swear words and profanity running in my head like a wild hungry squirrel on hot asphalt chasing a leaky chestnut transport ... I tell him whatever floats your boat but I just feel really sorry for whoever might have to deal with this bug in the future ..

I just witnessed the team giving birth to a sneaky slimy bug .. heard it screaming and saw it kicking .. and I might live enough to see it a grown up having a feast with other bug buddies in this stinky swamp of Uruk-hai piss and Orcs feces.

Best way to avoid procrastination : We tend to avoid commitments or to do large tasks as even visualizing them seems tiring and the longer it takes, the vulnerable we are to distractions

So I use this simple trick
I break my task into numerous sub tasks. For example if I need to finish a feature before day end, I would first list down all the cases I can think of in order and write them down using actual pen and paper.
I then start implementing them step by step.
I mark them checked once done.
It gives me a sense of achievement as I see those checks besides the sub tasks and I can also take breaks between steps.

So all it takes is just first five minutes of planning.
I had to do the above procedure, for this post as well.
Hope it helps fellow developers
:)

Got a senior dev at work.

The guy is good at his job, no doubt, but his insecurity drives me up the wall.

- Constantly double checks work done by non-seniors.
- Setup a policy where only seniors can code review.
- Tells non-seniors not to give out advice as they don't know what they're talking about.
- Edits pull requests for you.
- Demands unobtainable quality for insignificant pieces of work.
- Patronising teams messages on the regular.

We're all just trying to get work done and he's always acting like we haven't got enough stripes on the badge.

Staying up till late in the night just to get this message. Finally it's done. :D

Guys, what the fuck.

Today i was doing some consistancy checks accross the board after update made for one of our core systems that manages money. Yeah, real, live money.

I have hidden from public payment processor with simple API etc. So one of my checks, gate has same balances as gate's internal account on core blinked red. Okay well, fuck, thats really really shitty situation to be in. I guess my gate is fucked up some way.

Okay, debug mode on, maintainence mode on, quick look at DB, oh shit, client payed 4 times 15k eur without any txn on core system... SHIT! postman... Fuck, postman ofc wont start, quick google, fixing postman, tention in me grows, becouse its really rough and tough fuckup on my side, and got call. That moment when you know someone already knows is for me apogeum of stress that just skyrocketed from calm morning to mad morning.. Okay, i pick up phone, and I hear that one client payed (using core system app) and got strange message, YES I KNOW, im working on it.. Wait, you say that core system gave them odd message??? I will check it out. Finally fixed postman, 3 requests and I know its bug on core system.

Why, why in the motherfucking blody world anyone would push critically bugged update to system that just sends api callbacks "yes, he payed" when someone didnt pay...

Fuck im stressed and pissed, but at same time reliefed its not my personal fuckup (yeah, I solo wrote that gate, but externally audited code and all they had to say that some cosmetic linting should be done)

ME - me, TM - teammate
I was just recruited to the company. We're starting new project based on few modules.

ME: So this module will do X and Y, I will use good old interfaces and design based on abstractions so that stuff does not get glued too much.

TM: But why? Make good old processor with all the logic and throw objects at it.

ME: B-but unit tests, decomposition and othet stuff...

TM: *insists and forces me to agree*

ME: *gets shit done his way, TM checks on code review and complains but generally doesnt give a fuck*

ME: Ok, its done. Lets get shit shipped.

TM: Well, we were just told by PM that we will need to process one more source with much different logic that does not fit current solution (he did meant GOD-PROCESSOR, idea of his).

ME: What do you mean? *injects another contextual implementation of processing logic to template method pattern solution*.

TM: I will tell PM you cant make it because of the implementation.

ME: But I just did it...

TM: Impossible, processor needs to be reimplemented. Get your shit together!

ME: *still doesnt get the shit about the god processor love*

TM: *rage quits next month*

ME: *module gets reused once more 2 month later, profit*

I have just slept for a minimum of 5 hours. It is 7:47 PM atm.
Why?
We have had a damn stressful day today.
We have had a programming test, but it really was rather an exam.
Normally, you get 30 minutes for a test and 45 minutes for an exam.

In this "test" we have had to explain what 'extends' does and name a few advantages of why one should use it.
Check.
Read 3 separate texts and write the program code on paper. It was about 1 super class and 1 sub class with a test class in Java.
Check.
Task 3: Create the UML diagram of the code from above. *internally: From above? He probably means my code since there is no other code there. *Checks time*. I have about 3 minutes left. Fuck my life.*
Draws the boxes. Put the class names in each of them. A private attribute for the super class.
Teacher: Last minute!
Draw the arrow starting starting from the sub class to the super class.
Put my name on each written paper. And mentally done for the day. Couldn't finish the last task. Task 3.
During this "test", I heard the frustrations of my classmates. Seemed like everyone was pretty much pissed.
After a short discussion with the teacher who also happens to be the physics professor of a university nearby.
[If you are reading this, I hope that something bad happens to you]
The next course was about computer systems. Remember my recent rant about DNS, dhcp, ftp, web server and samba on ubuntu?
We have had the task to do the screenshots of the consoles where you proof that you have dhcp activated on win7 machine etc. Seemed ok to me. I would have been done in 10 minutes, if I would be doing this relaxed. Now the teacher tells us to change the domain names to <surnameOfEachStudent>.edu.
I was like: That's fine.
Create a new user for the samba server. Read and write directories. Change the config.
Me: That should be easy.
Create new DNS entries in the configs.
Change the IPv6 address area to 192.168.x.100-200/24 only for the dhcp server.
Change the web server's default page. Write your own text into it.
You will have 1 hour and 30 minutes of time for it.
Dumbo -ANGRY-CLIENT-: Aye. Let us first start screenshotting the default page. Oh, it says that we should access it with the domain name. I don't have that much time. Let us be creative and fake it, legally.
Changes the title element so that it looks like it has been accessed via domain name. Deletes the url and writes the domain name without pressing Enter. Screenshot. Done. Ok, let us move to the next target.
Dhcp: Change lease time. Change IP address area. Subnet mask. Router. DNS. Broadcast. Optional domain name. Save.
Switches to win7.
ipconfig /release
ipconfig /renew
Holy shit it does not work!
After changing the configs on ubuntu for a legit 30 minutes: Maybe I should change the ip of the ubuntu virtual machine itself. *me asking my old self: why did not you do that in the first place, ass hole?!*
Same previous commands on win7 console. Does not work. Hmmm...
Where could be the problem?
Check the IP of the ubuntu server once again. Fml. Ubuntu did not save when I clicked on the save button the first time I have changed it. Click on save button 10 times to make sure it really is saved now lol.
Same old procedure on win7.
Alright. Dhcp works. Screenshot.
Checks time. 40 minutes left.
DNS:It is your turn. Checks bind9 configs. sudo nano db.reverse.edu.
sudo nano db.<mysurname>.edu.
Alright. All set. It should work now.
Ping win7 from ubuntu and vice versa. Works. Ping domain name on windows 7 vm. Does not work.
Oh, I forgot to restart the bind9 server on ubuntu.
sudo service bind stop
" " " start
Check DNS server IP on win7. It looks fine.
It still doesn't work. Fuck it. I have only 20 minutes left. Samba. Let us do this!
10 minutes in. No result. I don't remember why. I already forgot why I have done for it. It was a very stressful day.
Let us try DNS again.
Oh shit. I forgot the resolver!
sudo nano /etc/resolv.conf
The previous edits are gone. Dumb me. It says it in the comments. Why did not I care about it. Fuck it.6 minutes left. Open a yt video real quick. Changes the config file. Saves it. Restarts DNS and dhcp. Closes the terminal and opens a new one. The changes do not affect them until you reopen them. That's why.
Change to win7.
Ping works. How about nsloopup.
Does not work.
Teacher: 2 minutes left!
Fuck it.
Saves the word document with the images in it. Export as pdf. Tries to access the directories of the school samba server. Does not work. It was not my fault tho. Our school server is in general very slow. It feels like they are not maintained and left alone like this in the dust from the 90s.
Friend gets the permission to put his document on a USB and give the USB to the teacher.
Sneaky me: Hey xyz, can you give me your USB real quick?
Him: sure.
Gets bombed with "do you want to format the USB?" pop-ups 10 times. Fml. Skips in a fast way.
Transfers the pdf. Plug it out. Give it back.
After this we have had to give a presentation in politics. I am done.

An app I wrote in react native broke. It just checks for new episodes and opens the actual download link so this all the ads. The URL seems to have changed from www to www1.... So the Find/Replace broke.

I don't think I will be using RN though because I can't access all features like root commands, that can be done from Android SDK. And probably easier to access all Android's features?

So should I try to fix the RN code (prolly 1 line) or port the whole project to use Android SDK?

@11.30 pm -->BF: "Comm'on now...what Ya still doing there..aren t Ya comeing??? O.o already..."
ME: "Soon hun, i m learning some snake handeling here..hold on now!"
BF: "Yeeahp..Ya are handeling it all right already, you need to put it in the practice too. Come now. !" <<<--grinns.
ME: <<--lifting my glasses up to my head slowly: " I am writing...handwriting...the code!! Python!...?"
BF: "Yeah, i know...i saw yar test -B+.
If ya had done the finances calculus program for our maintance..my building checks, our food, your clothes...you would have more practice to put it into use...and you would have got an A probably..." He s freaking smirks and i went
qwaaak qwaaak qwaak- squachhh
I am so putting it into Rant )
..and i am so keeping him...

What the absolute fuck were you thinking Microsoft?

You're doing everything you can to ensure that those who continue to use Github are flogged and castrated?

What the fuck happened to the SSH clone link that was so easy to keep in all you had to do was *checks notes* fucking NOTHING.

It makes me question choices I have made over the last two years. Like, why don't I just host my own git server at this point? I have a couple servers running and it would cost me next to nothing.

Before anyone says anything about GitLab , I looked. I would be spending three times what I am now if I used them.

At this point it seems like a futile attempt to stay with you. I'm going to start calling you ShitHub now because it's a place where I can't get shit done without some kind of new shitty "improvement".

2022 is lining up to be a spectacular year!

Fuck you Microsoft.

#Suphle Rant 9: a tsunami on authenticators

I was approaching the finish line, slowly but surely. I had a rare ecstatic day after finding a long forgotten netlify app where I'd linked docs deployment to the repository. I didn't realise it was weighing down on me, the thought of how to do that. I just corrected some deprecated settings and saw the 93% finished work online. Everything suddenly made me happier that day

With half an appendix chapter to go, I decided to review an important class I stole from my old company for clues when I need to illustrate something involved using a semblance of a real world example (in the appendix, not abstract foo-bar passable for the docs)

It turns out, I hadn't implemented a functionality for restricting access to resources to only verified accounts. It just hasn't been required in the scheme of things. No matter, should be a piece of cake. I create a new middleware and it's done before I get to 50 lines. Then I try to update the documentation but to my surprise, user verification status turns out to be a subset of authentication locking. Instead of duplicating bindings for both authentication and verification, dev might as well use one middleware that checks for both and throws exceptions where appropriate.

BUT!

These aspects of the framework aren't middleware, at all. Call it poor design but I didn't envisage a situation where the indicators (authentication, path based authorisation and a 3rd one I don't recall), would perform behaviour deviating from the default. They were directly connected to their handlers and executed after within the final middleware. So there's no way to replace that default authentication scheme with one that additionally checks for verification status.

Whew

You aren't going to believe this. It may seem like I'm not serious and will never finish. I shut my system down for that day, even unsure how those indicators now have to refactored to work as middleware, their binding and detachment, considering route collections are composed down a trie

I'm mysteriously stronger the following day, draw up designs, draft a bunch of notes, roll my sleeves, and the tsunami began. Was surprisingly able to get most of previous middleware tests passing again before bed, with the exception of reshuffled classes. So I guess we can be optimistic that those other indicators won't cause more suffering or take us additional days off course

I work in a small team. As the senior dev I tens to focus on important tasks that shape the core of the product but some times I can’t divide my self when there are multiple tasks at hand, so I pass some tasks to the an other mid level dev.

So the task was to create an automation in order to CD (continuously deliver) an order from WHMCS of the (git versioned) product to customers UAT, PROD envs.

To get a background this is an old guy with “constricted” experience in PHP/jQuery/Joomla/Wordpress.

So when we were breaking up the tasks he told me he would like to implement this so i gave him the task as i was busy with core features.

I was like what could go wrong? I know he doesn’t know much about CI/CD but he can read right? He will google right? He will search for CI/CD solutions that do this out of the box right? He will design on paper or what ever and do small POCs right? He will design the flow first before starting the implementation right? RIGHT?

So fast forward to today I had a call with him this morning about some DB staff. And he wanted to show me his progress…

His solution is:
(parentheses is my brain)
1. Customer completes WHMCS order (perfect)
2. Web Hook 🪝 action (YES)
3. cpanel gets source and “automatic!” Init, all using pure PHP code ignoring the usage of the current framework (ok… something is missing)
4. cpanel web hooks(?) WHMCS to send email to customer with the envs initial setup page(?)
5. Customer opens link and adds setup info (ok fuck, fuck, fuck)

(Ok stay cool composed, lets ask some questions maybe he thought it all in a cool way I can’t get my mind around)

Me: So how are you gonna get the correct version from the repo to the env and init the correct schema?

Dev: I haven’t thought about it yet.

Me: Are we gonna save each version to a file system then your code is going to fetch them?

Dev: I haven’t really thought about it we will see. But look on customer init user setup I implemented a password strength validation and it also checks if the password is the same.

So after this Pokémon encounter I politely closed teams. Stood up drank some (a lot) coffee ☕️. Put out the washed laundry while reflecting on life’s good things, while listening to classical music 🎼 .

Then I sat on my office chair drank some more coffee, put some linking park starting with in that order:
“Numb” then “What I’ve Done” and ended with “In the end, it does really fucking matter”

{
-i won't follow logging practices
-i won't follow secure coding
-i won't leverage profiling n monitoring tools
-i won't reuse best practices
-i won't listen to thought leaders
-i will outsource writing UT
-i will outsource code quality checks
-i will outsource all testing
-i will ignore n overide CTO team

But I still want high stability, security n 4 9s availability. Just want it done. My team is best. Am a fast-track leadership program leader who never has or ever needs to cod. I just know ...
}

People I have to deal with every sprint. Site reliability is not easy ...
Teaching good code makes great products to morons, toughest ...

"Beginners mind needed"