A story about how a busy programmer became responsible for training interns.

So I was put in charge of a team of interns and had to teach them to work with Linux, coding (Bash, Python and JS) and networking overall.
None of the interns had any technical experience, skills, knowledge or talent.
Furthermore the task came to me as a surprise and I didn't have any training plan nor the time.

Case 0:
Intern is asked to connect to a VM, see which interfaces there are and bring up the one that's down (eth1). He shuts eth0 down and is immediately disconnected from the machine, being unable to connect remotely.

Case 1:
Intern researches Bash scripting via a weird android app and after a hour or so creates and runs this function: test(){test|test&}
He fork-bombed the VM all other interns used.

Case 2:
All interns used the same VM despite the fact that I created one for each.
They saved the same ssh address in Putty while giving it different names.

Case 3:
After explicitly explaining and demonstrating to the interns how to connect to their own VMs they all connect to the same machine and attempt to create file systems, map them and etc. One intern keeps running "shutdown -r" in order to test the delay flag, which he never even included.

Case 4:
All of the interns still somehow connect to the same VM despite me manually configuring their Putty "favorites". Apparently they copy-paste a dns that one of them sent to the entire team via mail. He also learned about the wall command and keeps scaring his team members with fake warnings. A female intern actually asked me "how does the screen knows what I look like?!". This after she got a wall message telling her to eat less because she gained weight.

Case 5:
The most motivated intern ran "rm -rf" from his /etc directory.
P.S. All other interns got disconnected because they still keep using his VM.

Case 6:
While giving them a presentation about cryptography and explaining how SSH (that they've been using for the past two weeks) works an intern asked "So is this like Gmail?".
I gave him the benefit of the doubt and asked if he meant the authorization process. He replied with a stupid smile "No! I mean that it can send things!".

FML. I have a huge project to finish and have to babysit these art majors who decided to earn "ezy cash many" in hightech.

Adventures will be continued.

Last day on the contract from hell. I'd written a project with one other person in our spare time that performed a critical business function. The following conversation was had between myself, the job thief who was handed my job and their manager, with the 10 other IBM GS "dev domain experts" assigned to that team sitting silently on zoom:

Moi: hey all, what seems to be the problem?
JT: how to update the java for requirement?
Moi: I would assume a text editor, have you tried intellij
JTM: she's talking about ticket BS-101, the data is wrong
Moi: ah, well, you might want to fix that
JT: how to fix?
Moi: update the database and update the logic that depends on it
JTM: what changes are those?
Moi: the ones described in the ticket, I would assume, I'm no longer on that project
JTM: didn't you write this application?
Moi: yes.
JTM: ok, so do you know how to fix the issue?
Moi: definitely
JTM: ok... ... Can you tell us how to fix it?
Moi: yes.
*The sound of silence*
JTM: *will* you tell us?
Moi: I would, but I'm already off the clock, and as of an hour ago I no longer have a contract. And even if I did, I don't have a contract or authorization to work on that system. I'm not actually being paid for this call.
JTM: ... What are we going to do about this?
Moi: I have no idea
JTM: ok, so we can look at getting a 1 month contract to support this
Moi: I'm sure our firm has someone who can definitely help you out
JTM: *heavy raging* ... Can you do the work?
Moi: Unfortunatley, I'm already committed to a new contract at another customer. I also don't do one month contracts. I'm an engineer, not a car wash employee
JTM: well, I don't understand how you can just leave us in the lurch like this?!
Moi: well, respectfully, it was your decision to cut me from the budget because you thought you were close enough to end of the project to get it across the line with junior resources.
Interjecting-JT: I am senior!
Moi: Right. So, basically, you took ownership of the product before go live. We advised against it, in writing, numerous times. We also notified you that we would not carry a bench, so the project resources are now working on other things. We can provide you with new resources for a minimum 6 month duration who can help you out. Also, since we've cycled out, our rate has increased per the terms of our MSA.
JTM: we don't have budget for that! How are we supposed to do this?!
Moi: *zoom glare at JT* that question is more appropriate for your finance officer and the IT director. I can send a few emails and schedule a call with your account representative and the aforementioned individuals so you can hash this out.

-_---------------
I'm free! 🥳 That said, still plenty of residual fodder I need to get out of my system on these guys. Might need to start my own Dilbert.

Protecting credentials from eavesdropping using HTTP Basic Authorization header:

Designer: Need to file a bug, I'm not getting an option to login with FaceID

Me: Oh weird bug. Is it setup on the phone you are testing with?

Designer: yes, use it in all other apps

Me: Did you get an error during onboarding on the FaceID screen?

Designer: nope no error

Me: ..... hhhmm, can you show me your settings?

Me: ... eh, says you have FaceID disabled for this app ... did you click "No" to FaceID during onboarding?

Designer: Yes, to test edge cases

Me: ................ ok ........ if you setup the app and told it to not allow FaceID to login ......... you won't get the ability to use FaceID to login .......... like .... by design .... on purpose ...... cause .... you told it to do that

Designer: No no, it needs to have a setting on the login screen to allow me to turn that back on incase I forget my passcode

Me: the fuck it does. Yeah we can't have anything on the login page that says, without authorization, change my settings

*Deep breath*

Me: Remember we had this conversation previously, where you didn't want the user to create a passcode during onboarding as it was too much friction, and wanted to do FaceID only. With your backup plan being to allow the user to create a NEW passcode on the login screen if FaceID failed .... remember that discussion we had about security? ... and how its important? ... and that we like having any? Ok so its the same reason as that, just with a different setting this time

Designer: ... hhmm i'm not sure I like this

Me: ... tough luck then, not happening

Me: oh and btw, remember we had that other talk about reproduction steps for bugs? Like when the app crashed and you told me it was because its in light mode, and nothing else at all? So disabling FaceID, is very relevant info to the problem of "I can't login with FaceID", please tell me these things first

> Root struggles with her ticket
> Boss struggles too
> Also: random thoughts about this job

I've been sick lately, and it's the kind of sick where I'm exhausted all day, every day (infuriatingly, except at night). While tired, I can't think, so I can't really work, but I'm during my probationary period at work, so I've still been doing my best -- which, honestly, is pretty shit right now.

My current project involves legal agreements, and changing agent authorization methods (written, telephone recording, or letting the user click a link). Each of these, and depending on the type of transaction, requires a different legal agreement. And the logic and structure surrounding these is intricate and confusing to follow. I've been struggling through this and the project's ever-expanding scope for weeks, and specifically the agreements logic for the past few days. I've felt embarrassed and guilty for making so little progress, and that (and a bunch of other things) are making me depressed.

Today, I finally gave up and asked my boss for help. We had an hour and a half call where we worked through it together (at 6pm...). Despite having written quite a bit of the code and tests, he was often saying things like "How is this not working? This doesn't make any sense." So I don't feel quite so bad now.

I knew the code was complex and sprawling and unintuitive, but seeing one of its authors struggling too was really cathartic.

On an unrelated note, I asked the most senior dev (a Macintosh Lisa dev) why everything was using strings instead of symbols (in Rails) since symbols are much faster. That got him looking into the benchmarks, and he found that symbols are about twice as fast (for his minimal test, anyway), and he suggested we switch to those. His word is gold; mine is ignorable. kind of annoying. but anyway, he further went into optimizing the lookup of a giant array of strings, and discovered bsearch. (it's a divide-and-conquer lookup). and here I am wondering why they didn't implement it that way to begin with. 🙄

I don't think I'm learning much here, except how to work with a "mature" codebase. To take a page from @Rutee07, I think "mature" here means the same as in porn: not something you ever want ot see or think about.

I mean, I'm learning other things, too, like how to delegate methods from one model to another, but I have yet to see why you would want to. Every use of it I've explored thus far has just complicated things, like delegating methods on a child of a 1:n relation to the parent. Which child? How does that work? No bloody clue! but it does, somehow, after I copy/pasted a bunch of esoteric legacy bs and fussed with it enough.

I feel like once I get a good grasp of the various payment wrappers, verification/anti-fraud integration, and per-business fraud rules I'll have learned most of what they can offer. Specifically those because I had written a baby version of them at a previous job (Hell), and was trying to architect exactly what this company already has built.

I like a few things about this company. I like my boss. I like the remote work. I like the code reviews. I like the pay. I like the office and some socializing twice a year.

But I don't like the codebase. at all. and I don't have any friends here. My boss is friendly, but he's not a friend. I feel like my last boss (both bosses) were, or could have been if I was more social. But here? I feel alone. I'm assigned work, and my boss is friendly when talking about work, but that's all he's there for. Out of the two female devs I work with, one basically just ignores me, and the other only ever talks about work in ways I can barely understand, and she's a little pushy, and just... really irritating. The "senior" devs (in quotes because they're honestly not amazing) just don't have time, which i understand. but at the same time... i don't have *anyone* to talk to. It really sucks.

I'm not happy here.
I miss my last job.

But the reason I left that one is because this job allows me to move and work remotely. I got a counter-offer from them exactly matching my current job, sans the code reviews. but we haven't moved yet. and if I leave and go back there without having moved, it'll look like i just abandoned them. and that's the last thing I want them to think.

So, I'm stuck here for awhile.
not that it's a bad thing, but i'm feeling overwhelmed and stressed. and it's just not a good fit. but maybe I'll actually start learning things. and I suppose that's also why I took the job.

So, ever onward, I guess.
It would just be nice if I could take some of the happy along with me.

@JoshBent suggested that I'd make a blog about security.

Nice idea, fair enough!

*registers domain at provider with discounts at the moment*
*tries to find whois protection option*

"You can add WHOIS protection to your account as an upgrade"

*requests authorization token*

*logs into usual domain name provider account*

*transfers domain name*

*anonymizes WHOIS details within two seconds*

I could've stayed and ask them about the cost etc but the fact that they even HAVE a price for protecting WHOIS data is a no-go for me.

Fuck domain name resellers which ask money for protecting ones WHOIS information (where possible).

I met with the CTO of a local tech company today for a beer, at the recommendation of a friend who currently works at the company. They're looking for Software Engineers and wanted to see if I'd be a good fit.

I'm not actively looking to leave my current job, as I love it there. I was just curious to see what other opportunities were out there.

After the beer, he pretty much offered me the job on the spot for $30,000 to $40,000 more than my current salary, along with benefits. When I asked if there was any sort of technical interview, he said that this meeting was actually the technical interview, and that by the time he had finished his first beer, he could already tell that I would be a good fit. He wants me to meet with his Lead Architect and CEO soon just to see if we all click and then we'll go from there.

The only problem is that I really love my current company. I love the work, the atmosphere, the autonomy, and my coworkers. But an extra $30k to $40k per year is a lot of money.

If everything works out and they give me an official written offer, I'm going to see if my current job will counteroffer. I know my boss would happily counteroffer if he's given authorization from the higher-ups, it's just a matter of exactly how much they're able to counteroffer.

Senior colleagues insisting on ALWAYS returning HTTP status 200 and sticking any error codes in the contained JSON response instead of using 4×× or 5×× statuses.

Bad input? Failed connections? Missing authorization? Doesn't matter, you get an OK. Wanna know if the request actually succeeded? Fuck you, parse potential kilobytes of JSON to get to the error code!

Am I the asshole or is that defeating the purpose of a status code?!

It's my first week working at shithole.co (can i say that?). My boss is a micromanaging asshole who knows the bare minimum re: programming. He thinks css is hard (no offense). I'm fresh outta college. He expects me to be able to do a very complicated api development through an equally complicated authorization process. Every fucking day "Is it working yet?" [This is my first week on the job]. I don't think he's read the documentation and I don't think he understands how to. As I am typing this out I realize I'm more educated than this dumb ass. Oh, some more context. Our senior dev is working on a more important project So we don't have time to bother him? So I am doing his job for 1/10 the cost. Oh, and i'm not allowed to contact him because he is too important. When the app inevitably crashes and no one knows how to fix it. I will give them my nutsack to swallow (can i say that?).

Every Group Project in CS Major
Group 1:- Hey group 2 what project are you making ..?
Group 2:- Can't tell , Top Secret

FINAL Day:-
Group 1:- Railway Ticket Booking System
Group 2:-Railway Ticket Authorization System

Evaluators :- I think I saw similar idea somewhere....😂

Sad story:
User : Hey , this interface seems quite nice
Me : Yeah, well I’m still working on it ; I still haven’t managed to workaround the data limit of the views so for the time limit I’ve set it to a couple of days

Few moments later

User : Why does it give me that it can’t connect to the data?
Me : what did you do ?
User : I tried viewing the last year of entries and compare it with this one

Few comas later

100476 errors generated
False cert authorization
Port closed
Server down
DDOS on its way

Refactored an authentication library a while back and teams are now getting around to updating their nuget packages.

It is a breaking change, but a simple one. The constructor takes a connection string, application name, and user name.

A dev messages me yesterday saying ...

Tom: "I made the required changes, but I'm getting a null reference exception when I try to use the authorization manager"

Odd because the changes have been in production for months in other apps, so I asked him to send me a screen shot of how he was using the class (see attached image below).

Me: "Send me a screenshot of how you are using the class"
<I look at what he sent>
Me: "Do you really not see the problem why it is not working?"
<about 10 minutes later>
Tom: "Do I need to pass a real connection string? The parameter hint didn't say exactly what I should pass."
<not true, but I wasn't going to embarrass him any more>
<5 minutes later>
Tom: "The authorization still isn't working"
Me: "Do you still have 'UserName' instead of the actual user name?"
<few minutes later>
Tom: "Authorization is working perfect, thanks!"

A little while later my manager messages me..

B:"I'm getting reports from managers that developers are having a lot of problems with the changes to the authorization nuget package. Were these changes tested? Can you work with the teams to get these issues resolved as soon as possible? I want this to be your top priority today."
Me: "It was Tom"
B: "Never mind."

Argh,

Today - you son of a bitch.

It all started with a 2 hour flight out of town for business, and I mean started as in I needed to be at the airport at 4:30am!

Despite 2 coffee's to get me out of bed I proceeded to indulge myself in the magic juice, 3 cups later and it felt like my heart belonged in a Grand Prix.

Now here is the sticky part, we where briefed that we would only be doing 2 site meetings and that was it.

Low and be hold it got worse, turns out that we would be pitching our product to 3 highly regarded CEO's, now bare in mind that my position on this trip is as the lead developer, and don't get me wrong I am well up to date on every aspect of the business, hence why they sent me.

So more coffee down the gullet, and eventually the conversation leads back to a project that I had developed to allow authorization of debit orders online, now usually I'm quite a well presented person in these types of situations, but you don't realize how quick this can change.

A quick jump to the geography of the location I was doing business. Johannesburg, South Africa - its as dry as hell, smoggy and at a very higher altitude "as in above sea level".

Now unfortunately none of the above factors where helping me much at all.

Now back to where I am being asked about my project, and never in my life have I tripped over my own words, I went completely blank, I'm surprised I didn't pass out to be honest.

Now despite the death stare and my colleague kicking me under the table, I am feeling pretty terrible, fortunately I had a kick ass team that was able to cover my ass!

Luckily I was able to recover ( 2 muffins and about 3 bottles of water later). We where able to salvage the meeting and it turned out pretty well, I regained my energy and we made it happen!

Must say the flight back was amazing! Almost empty and we all had a row of seats to ourselves, which resulted in some major comfort stretching!

Thanks for tolerating my essay, I'd love to hear if anyone has had anything of the sorts happen to them.

Note to my past self:

Thank you for taking care of me and assuming that out of no fucking sudden authorization token will be required to perform an API call!
You saved me so much refactoring and modifications with your tiny little assumption of how fuckups will think :)

Long story short: University fucked up single sign on.

For every online service I have, I set a different password, randomly generated ~ 20 characters long. At our university we have multiple systems but they offer a single sign on service which is quite nice because it is so non-transparent which service now uses which authorization. I changed my password a while ago and around the same time they also updated our mail client. Since then I am not able to log in which is not a big deal for me because I have mail forwarding.

Yesterday however I needed another service and also got rejected with my password. I knew from a friend that the passwords are fucked up and that some services have different restrictions (only 12 chars max.), so I decided to search how to reset my password. What the fuck was wrong with these people? It takes you five different pages to get the tiniest bit of information how to reset the password. Then on one page you can login with your single sign on and change the password. On that page you can also set the single sign on password, but if you enter an invalid password (in respect of the the other services) guess what? No feedback that you just locked yourself out of half the systems. Nice job. Also the password requirements are not next to the input fields where you change the password. Noo. That would be way to easy, remember the little small one line on the wall of text three pages ago? There you go.

Ok step one done. Now it should work, shouldn't it? Ohh no not so fast. One needs to activate the seperate service. Where you ask? Perfectly fine question. On the top of page four is a fucking one line table which looks like some five year old had some fun in excel. The button which takes you to the activation page is nearly invisible because of the non existing contrast. Also it is not a button but some arrow pointer thingy. Behind set arrow you have a page listing all differnt kinds of services, the description which you find on page two btw. No padding to decipher this shit what so ever. Nearly on the bottom is your needed button. Yes finally.

Finally I want to login, no good. Try again. Still no good. Go back to the fucked up excel table look at my username and think to myself what's the difference here? The table is so small and again no margin or padding. Apparently they cut of the last character of my normal username which i have which is fucking ridiculous.

What is wrong with you people, we are a TECHNICAL UNIVERSITY, is it so hard for you to find someone decend to unify this shit?

For fuck sake ... please make sure the logged in user is actually fucking authorized to see that orders info!! Very few things I hate more than being able to change the OrderID parameter in a URL and see somebody else’s order information.

IHateForALiving: gentlemen, my unit tests are randomly falling. Sometimes the login procedure just fails for no apparent reason, did any of you encounter this problem?
The very fucking smart colleague®: DID YOU REMEMBER TO PLACE YOUR AUTHORIZATION HEADER

Of course
The authorization header.
To fucking log in.
Because you have to be logged in before you can log in.
That's the standard, of course.

Can someone help me settle an argument with a coworker?

So let's say there is a REST interface that returns a PDF representation of an resource...but it requires the authorization header in order to authorize that you have access to the document in question.

And let's say there is a link on the page that redirects to this endpoint to serve up the document. He thinks you can add a header to the HTTP request that goes out when you click on the link (a regular old anchor tag) with onclick without making an xhr call.

I told him that you would have to use an xhr call to add headers, and that even then you would receive a byte stream back, which without using a blob and an object url or a data uri you wouldn't be able to display it in a new tab or start a download.

Regardless he went on to tell me I was wrong. The next day he said he had done it. I asked him to show me, and he said "oh it's at home", and then proceeded to ridicule me in front of my architect. He always pulls this one up's man ship bullshit and I hate it. And I am pretty sure he's wrong.

If you're currently in college and wish to get placed in a major tech giant like Amazon or Facebook:

Don't learn React.js, instead learn Linked lists.

Don't learn Flutter, instead learn Binary search trees.

Don't learn how to perform secure Authorization with JWTs, instead learn how to recursively reverse a singly linked list.

Don't learn how to build scalable and fault tolerant web servers, instead learn how to optimally inverse a binary search tree.

These big tech companies don't really care what real world development technologies you've mastered. Your competence in competitive programming and data structures is all that matters.

The system is screwed. Or atleast I am.

I just had a boys-out night with my son. Went to some restaurant, found a parking spot in a confusing parking lot (half is more expensive than the other half of the lot, not sure which fee applies to the middle row... confusing), started paying for parking with the app (pays every 15 minutes until stopped).

Went inside, ordered a pizza, some ice cream. Chatting, playing, eating, having fun,... An SMS comes: "You have outstanding fines" and a link to the gov taxes' website.

wtf.. I must have parked in the wrong spot. FUCK! Oh well, it should not be a large fine anyways, it's just for parking....

Click on the link, login with my bank/SmartID creds. Another SmartID dialog pops up asking for a PIN2.
What? PIN1 is for authentication, PIN2 is for Authorization. What am I authorizing...?
Reading through the Auth message: "Paying 2473€ for Boris SomeLastname".

what.....?

Thank God my muscle memory did not kick in and I did not enter that PIN2.
And thank God I know what PIN1 and PIN2 are for.
It would've been one expensive boys-out evening... Even a strip club would've been cheaper.

Stay sharp, guys!

P.S. Later I checked the URL. It used all the right keywords, and it was registered as an .info domain. It was somewhat off, but gov websites trying to be lean do sometimes use some weird ass domains.

Not only did my boss insist on setting up roles and permissions for our app how he designed them, even after I spent 4 or 5 hours trying to convince him to let me do it differently, but he has now fucked our entire system.

Under this model of roles and permissions you cannot enforce them on the backend by any means, and now we have a service dealing with users including resetting passwords and changing details that does not use authentication. That's right, aurhe tocation and not even talking about authorization now. Good job.

I honestly wish companies like this would get hacked and fucked over as soon as they did it wrong because I can't believe how retarded some people are.

when youre working on a API and every testCase is all green plus manual testing thru Postman extension is all good..

then makes a web app use that API, authorization works as intended but the token is immedially invalid...

just..how..

i asked my dad for help with a GRUB issue (EFI file wasn't seen in my BIOS anymore, nor booted when pointed directly at, even after ALL THE CONFIGURATIONS POSSIBLE) and i walked away for a while, content he'd figure it out (there's still a few things he knows more than me about.) I come back 30 minutes later and he's zero-filled my main drive and is halfway through installing Win10. His reasoning? "I'm installing surveillance software since you won't give me your college passwords and I need access to your college's site and your account. I can't do that on Debian."

I didn't give him authorization for this, and I thought he had zeroed my backups drive too, but it turns out it was having I/O issues (my controller is finicky sometimes, a boot cycle with it removed fixed it, luckily I can't write to drives it doesn't like when it's being a shithead)

What do? I can't sue as he owns almost everything I use and the house I live in and would no doubt kick me out and take all "my" stuff, but I feel like this really can't go ignored. I can't just talk to him about it as he thinks anything he wants done has to be done as he sees himself as above all other people, so he just shouts me down...

PouchDB.

It promised full-blown CRDT functionality. So I decided to adopt it.

Disappointment number one: you have to use CouchDB, so your data model is under strict regulations now. Okay.

Disappointment number two: absolutely messed up hack required to restrict users from accessing other users’ data, otherwise you have to store all the user data in single collection. Not the most performant solution.

Disappointment number three: pagination is utter mess. Server-side timestamps are utter mess. ANY server-side logic is utter mess.

Just to set it to work, you need PouchDB itself, websocket adapter (otherwise only three simultaneous syncs), auth adapter (doesn’t work via sockets), which came out fucking large pile of bullshit at the frontend.

Disappointment number four, the final one: auth somehow works but it doesn’t set cookie. I don’t know how to get access.

GitHub user named Wohali, number one CouchDB specialist over there, doesn’t know that either.

It also doesn’t work at Incognito mode, doesn’t work at Firefox at all.

So, if you want to use PouchDB, bear that in mind:
1. CouchDB only
2. No server-side logic
3. Authorization is a mess
4. Error logs are mess too: “ERROR 83929629 broken pipe” means “out of disk space” in Erlang, the CouchDB language.
5. No hosting solutions. No backup solutions, no infrastructure around that at all. You are tied to bare metal VPS and Ansible.
6. Huge pile of bullshit at frontend. Doesn’t work at Incognito mode, doesn’t work at Firefox.

For all the hate that Java gets, this *not rant* is to appreciate the Spring Boot/Cloud & Netty for without them I would not be half as productive as I am at my job.

Just to highlight a few of these life savers:
- Spring security: many features but I will just mention robust authorization out of the box
- Netflix Feign & Hystrix: easy circuit breaking & fallback pattern.
- Spring Data: consistent data access patterns & out of the box functionality regardless of the data source: eg relational & document dbs, redis etc with managed offerings integrations as well. The abstraction here is something to marvel at.
- Spring Boot Actuator: Out of the box health checks that check all integrations: Db, Redis, Mail,Disk, RabbitMQ etc which are crucial for Kubernetes readiness/liveness health checks.
- Spring Cloud Stream: Another abstraction for the messaging layer that decouples application logic from the binder ie could be kafka, rabbitmq etc
- SpringFox Swagger - Fantastic swagger documentation integration that allows always up to date API docs via annotations that can be converted to a swagger.yml if need be.
- Last but not least - Netty: Implementing secure non-blocking network applications is not trivial. This framework has made it easier for us to implement a protocol server on top of UDP using Java & all the support that comes with Spring.

For these & many more am grateful for Java & the big big community of devs that love & support it.

Fucking garbage piece of shit microsoft httpclient

identical request works in node!

identical request works in postman!

but noooooooo httpclient, you have to add the content length on the content itself, can't add authorization header except through special way, serialization is wrong bunch of shit pile of shit no working shit

Why do people design web apis where the way you submit your authorization is via a custom header?

Especially when the authorization is literally a token?

Am I ingesting something special?

To me, writing authorization code for securing APIs is like having to fold an enormous pile of laundry and actually putting it all away afterward. It needs to be done but I'm not going to enjoy it.

Well, this one was very satisfying.

When I resigned from my previous job, there was this one last task I had to finish. The task was to implement an identity and access management system that would work across three different platforms they had. I used to work on one of them which had nothing of the sort but the other two had something of their own. Here lies the kicker, it had to work with existing authorization system in other two platforms. After explaining multiple times why that is a bad idea, I gave up. I created an interface, no implementation, documented how the interface was meant to be used and got the hell out of there.

hmmmmmm let me see.

Web based? lets do web based.

Do something simple like a basic crud app on web api format:
Do it with full authorization and authentication.
Start hard. Do it with pure golang using NOTHING but the std libraries.
Now, do it in a magic mvc framework like Rails or Laravel
Now do it on dotnet core
Now do it in django rest.

Watch the differences in all of them, sell your soul to something and now do it in Clojure. If you do it on a Scheme dialect or on Common Lisp my CMS admin will suck your whatever you have. Dude seems to be pretty good at it, we are trying to keep him from pulling tricks on the street but he insists.

Then add a React client with Typescript to get them basic ass endpoints to display nicely.

It should give you a fuckload of perspective amongst the different tools and way we do things and might make you appreciate the differences in paradigms required(pro points for doing modular in c# dotnetcore using different classlibs for the major points of the application using some crazy pattern like the mediator pattern)

I would hire a mfker that throws all this shit at me on a portfolio on the spot.

Having gone to a bank to reset a password again today (Yes, I forgot it for like... 3rd time, don't judge me, its my backup bank account I need to access like... once a year), I was once again made to think - I come in, give them my state ID by which they authorize that I can even make a password reset request.

Then they give me a tablet to... sign a contract addendum?

Its not the contract part that always makes me stop and think though - its the "sign" part.

I'd wager that I am not the only one who only ever uses a computer to write text these days. So... My handwriting got a lot jerkier, less dependable. Soooo... My signature can be wildly different each time.......

And if my signature varies a lot... then... what is the point of having it on a piece of paper?

I know its just a legal measure of some sort... And that, if it came down to someone impersonating me and I'd go to court with the bank, there would be specialists who can tell if a signature was forged or not... But...

Come on, the computer world has so much more reliable, uncrackable, unforgable solutions already... Why... Don't all folks of the modern world already have some sort of... state-assigned private/public keypairs that could be used to sign official documents instead?

It costs money, takes time to develop etc... But... Then, there would not only be no need to sign papers anymore... And it would be incredibly hard to forge.

The key could even be encrypted, so the person wishing to sign something would have to know a PIN code or a password or something...

tl;dr: I hate physical signatures as a method of authentication / authorization. I wish the modern world would use PKI cryptography instead...

The story of how I knew I did the right thing leaving the start up I was an employee of.

It was a great place to work when I started, we had a plan and we were are working hard to make it. But pretty soon I realised that things weren't 100%. We kept altering the product and focusing on the wrong things. Our backlog grew faster than it was completed.

Pretty soon a launch planned in April was pushed back over and over again, until we finally released in November, and instead of being first on the market we were last.

We pivoted hard and I didn't believe in the new product so I quit.

The last week on the job I was finishing up some stuff and when our PO (who also was a programmer)was deploying the things I had done to production something went wrong. Now I had just integrated *his* new authorization service and I had a hunch it wasn't deployed. But he sent a message over slack with a bunch of code alterations that was the "problem". Along with some passive aggressive words about how I wasn't professional and didn't take ownership of the product.

I only added an error log that asked if the authorization service was deployed, and 10 minutes later he came up and said good job, no mention of what was fixed between now and then.

I have no regrets leaving that place.

Tired of chasing an elusive architecture and finding good community that helps promote it. Basically:

- Not CRUD
- Not MVC
- More like CQRS; commands and queries represent use cases
- Event Sourced; event log is source of truth, everything else is a cached projection
- Functional Domain Design; not DDD; focus on immutability and simplicity
- Functional in general; less OO
- More focus on domain concepts rather than tech concepts
- Domain can be used through CLI, API, or SDK
- UI is just another client to the API
- Authorization is ABAC, graph-based access control

I'm looking for a fucking unicorn.

I feel like a fraud ...
So I recently joined a mobile dev company as an intern
I submitted the application
Got to coding interview passed the coding interview because thank god it was one of the sums i solved on geeks4geeks
Then came then interview did as best i could
Got the acceptance mail in next 10 mins
First day was chill it's work from home thing
Second day they gave me an app a previous intern had already build its layout and authentication code
But it wasn't working so I reported it so they told me to debug it so I found where the problem was occurring
Now I know the problem but i have no idea how to fix it
They gave me assignment to fix the authentication basically it's taking info creating a json and request an API call
But I feel i cant remember the concepts
I can't remember basic meaning of words the other day i forgot what SSID are
I just I don't know shit
And i feel like I'm going to get kicked soon
I don't understand what the previous guy wrote and i don't know how to fix it
Previously i have built my own apps but not like a real world project like this which works in regards to network management basically an wifi portal kind of Authorization application

Domain Drive Design question:

I am working on a simple case to teach how to apply DDD, my case is as follows:
Simple forum with Author, Moderator and Users.

I am using Dotnet core for this. I am not sure how and where I should implement authorization:
1. Author can edit his posts only
2. Moderator edits any post

In dotnet core, we handle roles, policies in the api layer, and its per endpoint, I have an identity layer which handles accounts, registering roles and policies in database.

But I'm not sure if I should or how to handle authorization based on permissions in application layer.

I'm doing a code review on a huge feature, basically touching every part of our authorization logic, and man... It's like my colleague writes his code to be as hard to read as possible. He's 60+ and you'd think he'd have learned how to write good and clear code, but nope. "Let's make it cool cool and I look like I'm a genius. And if I can spend 3 keystrokes less on a function I'm happy". Fuck me.

Trying to use a coworker's new API endpoint and I keep getting an "OAuth2 Bearer Token missing" error, despite triple-checking that I set the Authorization header correctly... finally dig into the source code and I find out that all their endpoints require that the bearer token be put into the request body. The fuck?

So here I work with this colleague that , at first , had a reasonable résumé. Whatever.

Time goed by and he is just doing tickets, clicking left and right, the usual grind of a shitty monitoring system which I am working intensely on deprecating that shit. Anyhoo

The last few days it became apparent that his resume was basically a hot air cake and he knows basically nothing intrinsically.
As I have stated before in previous rants, "everyone was a noob once"... But this guy...

He wants to do "something with Ansible"... "Ok what do you want to do?" , I asked (and I regret to have asked).
He basically wants to write new files on targets. Easy enough, I show him how he could do it with playbooks, inventory and role just for demonstrating the entire chain.

This guy chanes everything up, thereby breaking host group assignment, he launchea it on ALL machines...

Luckily it's a harmless file, so dodged a bullet there.

But the real wtf ia that he did it with the root account for our systems, without understanding the difference between "authentication" and "authorization"...

I am now explaining him what the difference is and how he can be able to check it. I give him the commands literally! ( sudo -l -U <user>)

Manages to fucking open up each sudoer file in vim , mistype or whatever he did in an attempt to leave vim... Breaks sudo...

Now he tries to spin it in such a way that I have steered him to break things.

"Dude you just fucking failed a copy/paste and you did absolutely fuckall without understanding what you are doing, then splurge out accusations because you did it wrong!"

FML

Yeah, fuck all the authentication/authorization framework I build, just access manage resources directly and leak stuff, assign it to wrong accounts and don't even check if they should be able to with that eye shore you call code

Wrote a whole http request script to do direct calls to google woth the whole oauth, which where successfull, and after all this work the request responds with a fuck you, the account does not exists response. Apparently it does not give authorization for service accounts and i will be forced to use the google api request to make this fucking thing work. Fuck google.

This rant is tribute to the guy who doesn't allow you to login to site before authorization..

the level of security one can never imagine 😂

It's a great start of the week when your general manager asks you to get in to touch with a guy to ask about their return merchandise authorization system. And when I reply, sure, what would you like me to accomplish. You get the reply, I don't know, don't bother me with the technical details, they told me it should be super easy.

I don't know what 'it' is, but I'm happy that the man who can hardly use his macbook says its super easy.

Another tale of the legacy app, so I'm redoing the user roles using the cancancan gem.

Hop into a meeting to go over why I'm re-doing the authorisation, currently, the app is using the rails-authorization-plugin, yes from Rails 2.0.

me: *explains why this is the way to do it*
other dev: "Can we just fix the custom code we have added in that plugin?"
me: "Well given that it's a massively out of date plugin and we have a ton of deprecations, probably not"
other dev: "so let's try and fix it"

Christ, why are we still clinging onto 10+-year-old plugins if were going to keep getting errors when we upgrade?

Microsoft certsrv is returning UTF-8 on the authorization error page but UTF-16 when logging in via basic auth...

Debugged this for 2 hours today to parse the response correctly. Thanks Microsoft

Pushed out a big update that included restructuring every directory. No one had access to the admin section. Yeah needless to say my boss was not happy since no one could do any work. Turned out during the process I made every admin page need the highest level of authorization which only the owner has. Easy fix but stressful day for sure

Tips for architecture for authentication in microservice driven application.

All ms contain the code to authenticate? (Breaks single responsibly principle)

Edge level authorization?(gateway)
Service level?

When someone tells you there app is 100% secure just because they use E2E encryption but using the Authorization header is too complex..

So a page has been sending errors for long, but we weren't able to find any way to debug it, no error code, and I don't have the authorization to see the logs so I had to wait for a co-worker to be back from holidays.

Now that they're here, I could have a chance to find what was the error.
And be really annoyed about it.

The error was provoked because the security system found a tautology in the data I sent.
(I send datas to build the page, and one parameter is called "Page". Since it was a page of management, I've sent "Gestion", which is management in French. So I sent "Page=Gestion", the security saw "ge=Ge" in it, poof, tautology, you shall not pass.)

That is so ridiculous.

Ahhhhh. Deleting data. Delete. Delete
Delete.

With authorization, no less.

It's almost as pleasurable as drinking coffee.

Fav. thing I've worked on recently?

Blazor and creating our framework around authentication/authorization.

I have implemented RESTful API using expressJS, and another React app which will use the API's to fetch data.
I'm getting a problem of Allow-Origin Header.
what's the proper way of calling a API ?

do I use a CORS middleware and allow all origin ('*') and use Api-key as way of check authorization to prevent mis-use. ?
any other tricks ?

Okay, if I understand correctly, if you want your website to be RGPD compliant, you must wait for user opt-in before storing anything to their device.

Maybe I'm asking myself too much questions but, how exactly does this work for a PWA ? Should you ask user for permission before starting a service worker and/or before caching any content ? If so, what if the user refuses the authorization ? The app is broken ? Or it just fallback to good old http browsing if it's server-rendered ?

holy shit I swear taxes are like the government trying to tell you you're a peasant to them

my medicare card is about to expire and FOR SOME REASON now the process to renew is a fucking interrogation about various documentation the government has given you. before it was just your damned name, date of birth, and a new photo for the card.

evidently they were supposed to send you snail mail 3 months before expiration. evidently also the only way to renew is get this said snail mail.
and evidently I have to go through this "catchall" change your address with everything in the government process
which is a little ironic
because
to use this service you need to give them something called a notice of assessment, which is when the government accepts your taxes they send you back one of those
well I haven't had access to my tax portal for years. I keep filing them and getting excess money back but I can't actually see any of my returns.
so I tried this time
12 pages of verification and more verification... you do one step, it says wrong info because if you have to write in 2,474 well turns out the , fucks it up and your info doesn't match what's on file and if you fail more than 3 times you'll be locked out. repeat. page after page. how many fucking pages are there? what format are they expecting? nobody fucking knows. you'll get to find out if you pass just this one more!
after about 4 hours of this shit
and they have 2 factor authorization now?! wtf.

then this next step is id verification or we snail mail you a code (WHICH AGAIN IS IRONIC)

I chose id. health card doesn't count, it notifies me later. thankfully I have a passport. bad news, passport expires this September so guess who is gonna be having more fun later
the app of course can't use my camera in the browser I have, so I start downloading fucking other browsers and finally hit one that works
also they lied. they also want a selfie. then it tells me I failed to look like myself. if you fail to look like yourself 3 times you are denied.

ok. so I try snail mail. the page says if I revoke consent to id I can go do the snail mailed code. they lied. if you revoke consent it exits the whole wizard. you enter all the verification steps again.

I try to get them to snail mail me the code. they want some basic info they asked me like 16 times now, and a postal code. ironic. well this is the tax people, so by this point I found all my previous sent in tax returns (though I can't access the government's replies). checked. yep. address all the same. put in the postal code. nope. somehow it's wrong. 3 times I put all this random info in in different ways. 5 times and I'm locked out.

now fucking what.

THE FUCKING IRONY OF
I NEED TO CHANGE WHERE I LIVE SO YOU CAN SNAIL MAIL ME SOMETHING
AND TO CHANGE WHERE I LIVE I HAVE TO CONFIRM WHERE I LIVE SO YOU CAN SNAIL MAIL ME SOMETHING FUCKING ELSE

the government just fucking dunks on you

guess we're all not having fucking medical cards anymore. all we do is pay taxes, and can't even see the paperwork to those taxes we pay.

I wanted to show our DBA an example of a web api using .net core 3 in regards of how easy it is to create such things. The reason? he has been wanting to get back into programming after many years of just sticking to dba related stuff. The dude has talent and brains, he had worked years ago as a delphi dev and a vb6 dev and we had the same employer at one point, none of this man's apps have been faced out on account of how complete they are and easy to maintain for other devs was after he left. Regardless of the ancient tech stacl, the man shows ample promise and well.

Thing is, the apps I make on the Microsoft stack usually tend to C#, and my frontends are using TS, so I am more on the curlt bracket side of things and he said he was to convert my app(very basic crud example, but with auth, authorization and everything in between to plug into the frontend) to VB.NET. I thought it wouldn't be that much of a problem but apparently microsoft does not hold templates for webapi for vb.net

I thought it was shitty. VB gave Microsoft a lot of developer market back in the VB6 days, and even though I really love c# I see no reason why they would just say fuck you like that to vb.net. Shit still polls pretty high in terms of dev popularity and you can apply the same design ideas to VB without much effort.

I just think this is very shitty from Microsoft's part. Much like how Apple is forcing people to adapt to Swift when there is a huge amount of obj c out there.

I dislike when companies shift focus on tech stacks like that.

I am the responsible for the atlassian Suite at work, as I maintain the systems, set them up, and stuff.

One day, our crowd (the authentication and authorization application) just went crazy. At like lunch time it could not connect to the AD anymore. No reasons. Throwing XSRF errors (cross site scripting), because http would connect to https. "won't do it, fuck you" it told me. Out of the blue. Noone changed anything. And yea, seriously. Noone did.
It just refused to connect (as connecting to AD is connecting yourself with you own api. And refusing yourself talking to yourself). It runs behind a proxy. Therefore http/https. Well, this worked for years. But out of sudden not anymore.

Yea. Fuck you.

It was reported some hours later, at like 3pm, as people could not login to the applications using crowd as authentication and authorization server.

Tried to debug the system, where nothing was did, to make it work. At best time to fail.

First workaround: if you are logged into one of the other applications of atlassian, just refresh the site, so your SSO token gets a refresh and you are signed on again.

Then I searched more and more. And more.
But nothing worked, nothing helped.

So I addressed an emergency maintenance, take down the whole Suite, restart crowd, to apply some changes to it's settings, not knowing what happening then, because all connections of SSO will then be released. Sent out the mail like 30 minutes beforehands.

While waiting for the window, I just typed my credentials... And redid, and redid, so to type and being bored.
Three minutes before the window...

It just worked again.

Well. Wtf. Serioudl
Just came back.

No Intrusion, no changes at all. Just came back, as nothing has happened.

Kind of best part of this story... A headhunter messaged me on my way home to offer me a job as an Atlassian Suite SysAdmin for a company, at kinda the double of my salary.

At first I was thinking to go there, and when someone then asked me sth about Atlassian just start to laugh and then leave still laughing...

But then I very nicely respond that I dont want to cry at work. And wished him best luck.

I am doing some bad upgrades now on our Suite. Very painful.
And I looked into the start scripts. Some Look like the untalented intern tells another one to write scripts. Seriously wtf.

Today I followed the guide to Update a confluence and change database to Postgres. Didnt work, Postgres error.
Try it again, jquery won't load. Next try, tomcat not starting anymore. Did same thing. Every fucking time.

Yea. Maintenance window to get a nice new export soon. Will only take an hour.

To switch database in confluence, you need to set it up very fresh. And then Import your export.
Export takes an hour at our system.
Importing maybe the same time. Hope it will work (hint: Nope).

Oh, can be nice also. Just tell the Bitbucket to migrate databases, there is a fucking setting for it. Enter new database, ready, go, finished.

At least they don't raise costs very much every kinda year.
Oh sorry, yes, they do.

I really hate working with learning management systems (LMS).
I make training simulations for retail companies and some of these have the worst, backwards LMS's out there.
The providers who install and manage these LMSs for the companies always insist we make our training run inside their own environment, but we can't since it's a 3D training made in Unity that doesn't run well in a browser.

Luckily some of these are fine to figure out. Just a few API calls here and there for authorization and reporting progress, but some are an absolute nightmare.

Just now one of the providers provided me with a 2000 page documentation of all the functions of the LMS's API that our customer is using. All I need are like 5 pages that explain what URL to call with what data and the responses, but now I'm stuck spending days trying to find the 0.5% of this documentation that I need to communicate with their API.

And of course, the documentation is vague as all hell. minimal descriptions of what each endpoint does. Subjects names are super vague, as in do I look for course progress or lesson completion state. What the heck is a Learning Event, is it relevant to me?

And the errors in this document, too.
Bullet-point lists with duplicate items.
language errors everywhere.
Property lists where they copy-pasted the description of properties.
An entire EMPTY chapter, literally a page with only the chapter's title.

I just can't stand how these providers barely seem to know anything about the API of the LMS's they provide to customers.
(for clarity, the LMS is produced by some big tech company, it's installed and maintained by some 3rd party which is our main line of communication when rolling out trainings to these).

It always goes like: "Hey, we want to use your training." "Oh, that's great, we have our own, simple LMS where you can view your employee's progress." "Nah, we want to use our backwards LMS. Here's a giant manual about it's API, go figure it out!"
And then I'm left here tearing my hair out trying to figure out which 3 calls I need to send their API from the tons of extra stuff it can do which is completely unnecessary and being unable to rely on the provider because they lack the knowledge and have such thick skulls about the implementation of the LMS itself that they also seems completely unwilling to help to begin with!

Just another day at the office.

Damn feeling really happy. Finally I am able to understand and make my custom workable middleware in python. It took me 3-4 days to code authorization process 😓

Funny how every single one of my side projects fails due to authentication/authorization/user management. Yeah... Funny and stuff... Thats the right word for my discourage I think... Funny! It's funny!

(open for suggestions)

Random thoughts...
Just implemented policy-based authorization in dotnet core, long story short to lock an endpoint to a certain policy I just add: [Authorization(Policy = "NAME")]
on top of function/controller declaration

Was wondering how it is done in other languages, like NodeJs, Java, Kotlin ...etc

Cisco Anyconnect can blow me.

I go through the process of connecting to the vpn, username, password, token.

Then it has its pop up "respond to the banner to connect" and I click accept . . . and it does nothing.

So I go through the process again. And this time it says connected

But now I still can't connect to any of my companies sharepoint, SQL servers, Azure Devops, JIRA, etc

And the only solution to that is a reboot.

And this happens swear to god at least every other day.

Like good lord, if I put in my credentials and they pass authentication/authorization, let me do my goddamn work.

Struggling to write my Engineering Thesis code. Not because I'm afraid of tech, but because I have no idea what it should do.
I'm testing mobile apps performance, but getting the right idea is pain in the ass. :(
Never been too creative, but always have been over ambitious and lazy.
So the deadline is coming slowly, I have specified my 'tests' (authorization, API connection, heavy calculations, graphics, database handling) and still don't know what my app should do.

And ideas or suggestions what else is to test?

Hi all! I am trying to implement websocket in js and want to send authorization jwt to server. but couldn't because it only support protocols. Any other websocket client library jn js that could help to achieve it?

!rant

Got a question since I've been working with ancient web technologies for the most part.
How should you handle web request authorization in a React app + Rest API?
Should you create a custom service returning to react app what the user authenticated with a token has access to and create GUI based on that kind of single pre other components response?
Should you just create the react app with components handling the requests and render based on access granted/denied from specific requests?
Or something else altogether? The app will be huge since It's a rewrite off already existing service with 2500 entities and a lot of different access levels and object ownerships. Some pages could easily reach double digits requests if done with per object authorization so I'm not quite sure how to proceed and would prefer not to fuck it up from the get go and everyone on the team has little to no experience with seperated frontend/backend logic.

I think I have configuphobia.

When you need to setup configurations for like anything, it's always super loosely coupled and can break when you even breathe on it.

Database table columns? Configured once.
Authorization management? Create a user and configure the password and username in the application.
Backups? Configure the network path to backup to.

All these things are so EASY to break!
Maybe I'm overcautious, but I really dislike it.

There are ways around it of course, like documentation and automation, but it's all so much work. And even then it's still loosely coupled.

What do you all do to keep your configs working without getting nightmares?

Since I sort of started web development seriously about two years and a little bit I’ve decided to raise the bar and intentionally lie in my resume to hopefully find a job that can help me to sustain my wife who is sick and my newborn son. I changed my experience to +3 years and out some “ghost” projects. No offers. Then, I put 5 years and tweaked projects and experience here and there. Again...nothing, nada, no offers. Should I just go all above and put 10 years and experience such as Microsoft and big 500 companies? I mean I hate to do this but I feel like I’m in a hole than I can’t get out while I’m gaining more and more knowledge every single day. I’m learning a lot about JavaScript which is my fav language as well as React. Authentication/Authorization and it’s different hierarchies/ inheritance methodologies as well as single and multi sign on methods applied to scalable web apps. I just what would be the outcome after lying so big. I hate lying but what’s so wrong with the market that I can’t find a job? Hold your fire and put in my shoes before ranting me. I don’t give this advice to anyone it’s just my experience looking for a job and my actual situation. ( currently working as IT Help Desk Level II)

This might be a silly question, but why (and why not) would one implement a dynamic navigation bar to a web app (.net core razor pages)?

What are the pros / cons of using a dynamic navbar over pure HTML? All I can think of is to render the navbar based on specific settings per client or to show / hide certain options based on roles / authorization.

Let's Say you use tokens as authorization method.... The First time you generate the token you still have to manage password and other data....how secure (tinfoil hat mode activate) do you implementat that usually?

Some days I think my hate for managers is wrong: they are there to improve the workflow and make stuff easy... but then they manage (badum tss) somehow to prove me wrong.

The issue: our pm doesn’t know how to write tickets and instead of writing short but meaningful tickets, they just write pointless text and add external documents which they should read in order to tell us what to do.

My good thoughts: “maybe he’s really busy for real and is really unable to spend time writing them... kinda hard to believe and possible red flag, but shit happens, so let’s not be too harsh.
They are trying to save time... right?”

Their solution: “let me open a ticket to grant you access to the resource”

Sounds good, right: now let me explain something... their “solution” requires opening a ticket and escalating all the way up to CTO, and so far it’s been 2 days I am waiting for these credentials. 2 freaking days only to be able what to know in a ticket the f***er opened outside of planning cause it is supposed to be urgent.

“Can’t you just give me the files directly?”
“I am sorry, I don’t have time (to download and send you 3 files)”

Managers: making the process easier.

Is their a better way than ASP Identity Claims to verify permissions before accessing a page? Refreshing claims in every page load doesn’t seem to be a great solution. Thinking about some sort of permissions middleware. I need to check those IsAdmin roles before any admin area data is accessed. What techniques are you using for authorization in your code base?

CRYPTO RECOVERY SERVICE - MUYERN TRUST HACKER

( Email: muyerntrusted(@)mail-me(.)com )
The term "crypto theft" describes how fraudsters get and misuse cryptocurrency assets without authorization. The fact that the theft may cause monetary loss, interfere with corporate operations, and erode public confidence in virtual currency makes it a serious worry. Recovering stolen cryptocurrency requires specialized knowledge and techniques that professionals in the field possess. They have experience dealing with crypto theft cases, understand the tactics employed by cybercriminals, and can develop tailored recovery strategies to maximize the chances of successful retrieval. Muyern Trust Hacker demonstrates the highest level of professionalism in the realm of cryptocurrency theft when it comes to reclaiming stolen cryptocurrency. Their team of professionals offers a dependable and relatable recovery service by fusing technical proficiency, and personality. Having dependable expert assistance is essential for the safety of your cryptocurrency holdings. Along the way, Muyern Trust Hacker adds a dash of humor and personality to your team of experts who are committed to retrieving your pilfered cryptocurrency. Protect your investments and put your faith in Muyern Trust Hacker's expertise. Allow them to work with you to protect what is truly yours. Seeking expert assistance becomes crucial for people and organizations trying to recover stolen cryptocurrency as long as the threat of crypto theft persists. Muyern Trust Hacker differentiates by providing specialized techniques and the highest level of professionalism as a group of professionals committed to the recovery process. They have a reputation for being successful in recovering cryptocurrency monies that have been stolen thanks to their demonstrated track record and client endorsements. Individuals and companies can safeguard their priceless cryptocurrency assets and confidently negotiate the murky world of cryptocurrency theft by putting their trust in the knowledge of experts such as Muyern Trust Hacker. Do sure to contact Muyern Trust Hacker for a prompt and effective Bitcoin retrieval on Whats App +1-8-6-3-(606)-8-3-4-7
Regards.

!rant

I've been wondering, is anyone else having problems with Windows 10 restrictions.

I have pretty much the same authorization as a regular user just as I do as an administrator.

I've had to uninstall countless programs and games due to authorization issues.

Anyone?

URGENT:
How an online supplier charge their clients with huge amount >40k monthly in an automated way ? ?

Context:
i am building a huge b2b international online service that will require clients to pay between 1000 usd to 400'000 usd per month.

The system is build on top of an e-payment api (stripe) that enable the system to work based on regular fully automated credit card authorization and capture system.

Everything works fine in dev mode. But when we will move to production, the amounts are so huge that they exceed the max limit of any-credit card, even the corporate's ones.

So that makes me wonder, how automated services (aws, gcp etc) charge huge invoices for their clients in an automated way without using credit cards...

Please help

I am working on this Flask web application as a part of the recruiting process for a company I have applied to. There are so many mysql connectors out there, but most of them are either deprecated or have shoddy documentation. Finally I found one that was working, but it used
caching_sha_password2 as its authorization plugin which is no longer supported by MySQL😤😤😤

Screw clients man, request multiple complicated changes to the payment and authorization model for month on end, not enough time to test and no QA team and then act all surprised when we can't consider 20 possible scenarios for every code change. Suck a dick while you're at it, we have other projects and clients that value quality over money milking customers with bullshit.