3 rants for the price of 1, isn't that a great deal!

1. HP, you braindead fucking morons!!!

So recently I disassembled this HP laptop of mine to unfuck it at the hardware level. Some issues with the hinge that I had to solve. So I had to disassemble not only the bottom of the laptop but also the display panel itself. Turns out that HP - being the certified enganeers they are - made the following fuckups, with probably many more that I didn't even notice yet.

- They used fucking glue to ensure that the bottom of the display frame stays connected to the panel. Cheap solution to what should've been "MAKE A FUCKING DECENT FRAME?!" but a royal pain in the ass to disassemble. Luckily I was careful and didn't damage the panel, but the chance of that happening was most certainly nonzero.
- They connected the ribbon cables for the keyboard in such a way that you have to reach all the way into the spacing between the keyboard and the motherboard to connect the bloody things. And some extra spacing on the ribbon cables to enable servicing with some room for actually connecting the bloody things easily.. as Carlos Mantos would say it - M-m-M, nonoNO!!!
- Oh and let's not forget an old flaw that I noticed ages ago in this turd. The CPU goes straight to 70°C during boot-up but turning on the fan.. again, M-m-M, nonoNO!!! Let's just get the bloody thing to overheat, freeze completely and force the user to power cycle the machine, right? That's gonna be a great way to make them satisfied, RIGHT?! NO MOTHERFUCKERS, AND I WILL DISCONNECT THE DATA LINES OF THIS FUCKING THING TO MAKE IT SPIN ALL THE TIME, AS IT SHOULD!!! Certified fucking braindead abominations of engineers!!!

Oh and not only that, this laptop is outperformed by a Raspberry Pi 3B in performance, thermals, price and product quality.. A FUCKING SINGLE BOARD COMPUTER!!! Isn't that a great joke. Someone here mentioned earlier that HP and Acer seem to have been competing for a long time to make the shittiest products possible, and boy they fucking do. If there's anything that makes both of those shitcompanies remarkable, that'd be it.

2. If I want to conduct a pentest, I don't want to have to relearn the bloody tool!

Recently I did a Burp Suite test to see how the devRant web app logs in, but due to my Burp Suite being the community edition, I couldn't save it. Fucking amazing, thanks PortSwigger! And I couldn't recreate the results anymore due to what I think is a change in the web app. But I'll get back to that later.

So I fired up bettercap (which works at lower network layers and can conduct ARP poisoning and DNS cache poisoning) with the intent to ARP poison my phone and get the results straight from the devRant Android app. I haven't used this tool since around 2017 due to the fact that I kinda lost interest in offensive security. When I fired it up again a few days ago in my PTbox (which is a VM somewhere else on the network) and today again in my newly recovered HP laptop, I noticed that both hosts now have an updated version of bettercap, in which the options completely changed. It's now got different command-line switches and some interactive mode. Needless to say, I have no idea how to use this bloody thing anymore and don't feel like learning it all over again for a single test. Maybe this is why users often dislike changes to the UI, and why some sysadmins refrain from updating their servers? When you have users of any kind, you should at all times honor their installations, give them time to change their individual configurations - tell them that they should! - in other words give them a grace time, and allow for backwards compatibility for as long as feasible.

3. devRant web app!!

As mentioned earlier I tried to scrape the web app's login flow with Burp Suite but every time that I try to log in with its proxy enabled, it doesn't open the login form but instead just makes a GET request to /feed/top/month?login=1 without ever allowing me to actually log in. This happens in both Chromium and Firefox, in Windows and Arch Linux. Clearly this is a change to the web app, and a very undesirable one. Especially considering that the login flow for the API isn't documented anywhere as far as I know.

So, can this update to the web app be rolled back, merged back to an older version of that login flow or can I at least know how I'm supposed to log in to this API in order to be able to start developing my own client?

What kind of fucktard thought it was a good idea to include html in their API endpoint? 3€ per 1000 requests? YOU should be the one paying me to deal with this shit. Even enforcing class classnames...

So, 9months ago my scrum master came to me and asked me to spearhead a "little" API... 2months work, no worries... I started the analysis and quickly discovered that that estimation was grossly understimated...

I convinced them that it was not 3 months but 4. I alerted to the design mistakes that were made, I pushed changes and made sure the entire project worked, was stable and the best it could be... 4 months passed, target proposition donne... Several change requests since then and we have been implementing braindead CR after CR for 5 months... Most CRs came from design issued I raised but we're ignored at the time just to come back and bite them on the ass...

Horrible design, bad documentation, amateur requirements analysis... However, delivered successfully with great acceptance...

What was my reward? They rearranged my team, removing virtually every good performer.

Never did I receive a "good work" or a "thank you"... I don't want one, I am just doing my job... However can you please not fuck me in the ass!? I now have 2 projects to spearhead at the same time and virtually no team... I can only handle so much!!!

Some good news? Ok, just announced I'm the project owner of a new project, that we will take advantage and make a 2 in one.... Great! Some more work for my lap! Thank you for the workload raise!... Ok, timewise? One month! And I still don't if that includes implementation....

TL DR; did my job, got fucked with more work...

Sorry for the vent, just wandering if I should try and not do my job...

(I'm not completely sure of what I'm saying here, so don't take this too seriously)

Settling on a language to write the api for ranterix is hard.

I'm finding a lot of things about elixir to be insanely good for a stable api.

But I'm having a lot of gripes with the most important elixir web framework, phoenix.

Take a look at this piece of code from the phoenix docs:

defmodule Hello.Repo.Migrations.CreateUsers do
use Ecto.Migration
def change do
create table(:users) do
add :name, :string
add :email, :string add :bio, :string
add :number_of_pets, :integer
timestamps()
end
end
end

Jesus christ, I hate this shit.

Wtf are create, add and timestamps. Add is somehow valid inside the create, how the fuck is that considered good code? What happens if you call timestamps twice? It's all obscure "trust me, it works" code.

It appears to be written by a child.

js may have a million problems. But one thing I like about CJS (require) or ESM (import) is that there's nothing unexplained. You know where the fuck most things come from.

You default export an eatShit() function on one file and import it from another, and what do you get?
The goddamn actual eatShit function.

require is a function the same way toString is a function and it returns whatever the fuck you had exported in the target file.

Meanwhile some dynamic langs are like "oh, I'll just export only some lang construct that i expect you to specify and put that shit in fucking global of the importing file".

Js is about the fucking freedom. It won't decide for you what things will files export, you can export whatever the fuck you want, strings, functions, classes, objects or even nothing at all, thanks to module.exports object or export statement.

And in js, you can spy on anything external, for example with (...args) => debugger; fnToSpyOn(...args)

You can spoof console.log this way to see what the fuck is calling it (note: monkey patching for debugging = GOOD, for actual programming = DOGSHIT)

To be fair though, that is possible because of being a dynamic lang and elixir is kind of a hybrid typed lang, fair enough.

But here's where i drop the shit.

Phoenix takes it one step further by following the braindead ruby style of code and pretty DSLs.

I fucking hate DSLs, I fucking hate abstraction addiction.

Get this, we're not writing fucking poetry here. We're writing programs for machines for them to execute.

Machines are not humans with emotions or creativity, nor feel.

We need some level of abstraction to save time understanding source code, sure.

But there has to be a balance. Languages can be ergonomic for humans, but they also need to be ergonomic for algorithms and machines.

Some of the people that write "beautiful" "zen" code are the folks that think that everyone who doesn't push the pretty code agenda is a code elitist that doesn't want "normal" people to get into programming.

Programming is hard, man, there's no fucking way around it.

Sometimes operating system or even hardware details bleed into code.

DSLs are one easy way to make code really really easy to understand, but also make it really fucking hard to debug or to lose "programming meaning".

I've had it with discords interaction API. The docs are vague and cryptic at crucial times and overall it sucks balls. I've been trying to build a framework for myself around this, but this shit is impossible to do without hacks or inconvenient at best to work around and the worst part is that the discord quality assertion or anyone trying to bring some quality back into this mess has left a long time, so it will stay like that for an even longer time. FUCKKK!