Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "bug hunting"
-
So a fucking friend of mine makes me meet this fella who is a big shot according to his LinkedIn and please note has too much experience with Web Apps and Python
Me being naive actually trusted that and I meet him.
Fella: So what do you do?
Me: I am into Cyber Security nothing much I just do bug hunting for now
Fella: You know python will help you right?
Me: Sorry?
Fella: You see you have to be a python programmer for anything you want to do in CS
Me: Me yeah I kinda know python actually I am more into Ruby from start so ( Around this time I kinda sensed that he is a fake tech guy he is a corporate asshole)
Fella: show me any of your work
Me: (So to show him one of the thing I was working on I open GitHub desktop app) Me explaining blah blah blah
*Fella is in shock*
So at this point I was thinking probably he is impressed and that's why the shock right?
No a big fucking no
Apparently he never heard about GitHub or git and got blown away by the interface.
And the friend who made me meet that guy is not my fucking friend anymore that prick can die for ruining my day18 -
Ok story of my most most recent job search (not sure devRant could handle the load if I was to go through them all)
First a little backstory on why I needed to search for a new job:
Joined a small startup in the blockchain space. They were funded through grants from a non-profit setup by the folks who invented the blockchain and raised funds (they gave those funds out to companies willing to build the various pieces of the network and tools).
We were one of a handful of companies working on the early stages of the network. We built numerous "first"s on the network and spent the majority of our time finding bugs and issues and asking others to fix them so it would become possible, for us to do what we signed up for. We ended up having to build multiple server side applications as middleware to plug massive gaps. All going great, had a lot of success, were told face to face by the foundation not to worry about securing more funds at least for the near term as we were "critical to the success of the network".
1 month later a bug was discovered in our major product, was nasty and we had to take it offline. Nobody lost any funds.
1-2 months later again, the inventor of the blockchain (His majesty, Lord dickhead of cuntinstein) decided to join the foundation as he wasn't happy with the orgs progress and where the network now stood. Immediately says "see that small startup over there ... yeah I hate them. Blackball them from getting anymore money. Use them as an example to others that we are not afraid to cut funds if you fuck up"
Our CEO was informed. He asked for meetings with numerous people, including His royal highness, lord cockbag of never-wrong. The others told our CEO that they didn't agree with the decision, but their hands were tied and they were deeply sorry. Our CEO's pleas with The ghost of Christmas cuntyness, just fell on deaf ears.
CEO broke the news to us, he had 3 weeks of funds left to pay salaries. He'd pay us to keep things going and do whatever we could to reduce server costs, so we could leave everything up long enough for our users to migrate elsewhere. We reduced costs a lot by turning off non essential features, he gave us our last pay check and some great referrals. That was that and we very emotionally closed up shop.
When news got out, we then had to defend ourselves publicly, because the loch ness moron, decided to twist things in his favour. So yeah, AMAZING experience!
So an unemployed and broken man, I did the unthinkable ... I set my linkedin to "open to work". Fuck me every moronic recruiter in a 10,000 mile radius came after me. Didn't matter if I was qualified, didn't matter if I had no experience in that language or type of system, didn't matter if my bio explicitly said "I don't work with X, Y or Z" ... that only made them want me more.
I think I got somewhere around 20 - 30 messages per week, 1 - 2 being actually relevant to what I do. Applied to dozens of jobs myself, only contacted back by 1, who badly fucked up the job description and I wasn't a fit at all.
Got an email from company ABC, who worked on the same blockchain we got kicked off of. They were looking for people with my skills and the skills of one other dev in the preious company. They heard what happened and our CEO gave us a glowing recommendation. They largely offered us the job, but both of us said that we weren't interested in working anywhere near, that kick needing prick, again. We wanted to go elsewhere.
Went back to searching, finding nothing. The other dev got a contract job elsewhere. The guy from ABC message me again to say look, we understand your issues, you got fucked around. We can do out best to promise you'll never have to speak to, the abominable jizz stain, again. We'll also offer you a much bigger role, and a decent salary bump on top of that.
Told them i'd think about it. We ended up having a few more calls where they showed me designs of all the things they wanted to do, and plans on how they would raise money if the same thing was to ever happen to them. Eventually I gave in and signed up.
So far it was absolutely the right call. Haven't had to speak to the scrotum at all. The company is run entirely by engineers. Theres no 14 meetings per week to discuss "where we are" which just involves reading our planning tool tickets, out loud. I'm currently being left alone 99% of the week to get work done. and i'm largely in-charge of everything mobile. It was a fucking hellhole of a trip, but I came out the other side better off
I'm sure there is a thought provoking, meaningful quote I could be writing now about how "things always work out" or that crap. But remembering it all just leaves me with the desire to find him and shove a cactus where the sun don't shine
.... happy job hunting everyone!10 -
a missing semi colon is overated, the white space character at the end of a string is the real OG. Been hunting a bug for three days because of it!!15
-
Interesting bug hunt!
Got called in because a co-team had a strange bug and couldn't make sense of it. After a compiler update, things had stopped working.
They had already hunted down the bug to something equivalent to the screenshot and put a breakpoint on the if-statement. The memory window showed the memory content, and it was indeed 42. However, the debugger would still jump over do_stuff(), both in single step and when setting a breakpoint on the function call. Very unusual, but the rest worked.
Looking closer, I noticed that the pointer's content was an odd number, but was supposed to be of type uint32_t *. So I dug out the controller's manual and looked up the instruction set what it would do with a 32 bit load from an unaligned address: the most braindead thing possible, it would just ignore the lowest two address bits. So the actual load happened from a different address, that's why the comparison failed.
I think the debugger fetched the memory content bytewise because that would work for any kind of data structure with only one code path, that's how it bypassed the alignment issue. Nice pitfall!
Investigating further why the pointer was off, it turned out that it pointed into an underlying array of type char. The offset into the array was correctly divisible by 4, but the beginning had no alignment, and a char array doesn't need one. I checked the mapfiles and indeed, the old compiler had put the array to a 4 byte boundary and the new one didn't.
Sure enough, after giving the array a 4 byte alignment directive, the code worked as intended.8 -
Watch out for these fucking bug bounty idiots.
Some time back I got an email from one shortly after making a website live. Didn't find anything major and just ran a simple tool that can suggest security improvements simply loading the landing page for the site.
Might be useful for some people but not so much for me.
It's the same kind of security tool you can search for, run it and it mostly just checks things like HTTP headers. A harmless surface test. Was nice, polite and didn't demand anything but linked to their profile where you can give them some rep on a system that gamifies security bug hunting.
It's rendering services without being asked like when someone washes your windscreen while stopped at traffic but no demands and no real harm done. Spammed.
I had another one recently though that was a total disgrace.
"I'm a web security Analyst. My Job is to do penetration testing in websites to make them secure."
"While testing your site I found some critical vulnerabilities (bugs) in your site which need to be mitigated."
"If you have a bug bounty program, kindly let me know where I should report those issues."
"Waiting for response."
It immediately stands out that this person is asking for pay before disclosing vulnerabilities but this ends up being stupid on so many other levels.
The second thing that stands out is that he says he's doing a penetration test. This is illegal in most major countries. Even attempting to penetrate a system without consent is illegal.
In many cases if it's trivial or safe no harm no foul but in this case I take a look at what he's sending and he's really trying to hack the site. Sending all kinds of junk data and sending things to try to inject that if they did get through could cause damage or provide sensitive data such as trying SQL injects to get user data.
It doesn't matter the intent it's breaking criminal law and when there's the potential for damages that's serious.
It cannot be understated how unprofessional this is. Irrespective of intent, being a self proclaimed "whitehat" or "ethical hacker" if they test this on a site and some of the commands they sent my way had worked then that would have been a data breach.
These weren't commands to see if something was possible, they were commands to extract data. If some random person from Pakistan extracts sensitive data then that's a breach that has to be reported and disclosed to users with the potential for fines and other consequences.
The sad thing is looking at the logs he's doing it all manually. Copying and pasting extremely specific snippets into all the input boxes of hacked with nothing to do with the stack in use. He can't get that many hits that way.4 -
After serveral weeks of stress, bug hunting, despair and fun - I JUST COMPLETED A PROJECT MILESTONE !!
Time for a reward :]3 -
A woman has bugs in her home, she wants to find a bug hunter to get rid of them. She calls a man who does bug hunting, he comes to her house and says: "I am a bug hunter, you called me. Where's your laptop?"
Woman confused as she is asks the man: "Why do you need a laptop to hunt and get rid of the bugs?"
"Well how else am I going to debug those bloody programs you wrote?"
Note: I promise I made this up, if anyone else already posted this, I wasn't aware.3 -
I've been hunting for a new job for several months because my current company isn't growing my skills any further. There have been many setbacks, a few rejections, and that awful lingering imposter syndrome. So I finally dug myself out of my self pity and began learning things that my current company doesn't implement – JS frameworks, UX practices, etc. Today I had an interview that felt more like a conversation and collaboration than getting grilled about terminology and bug fixes. No matter what the result, I've been inspired to learn again 😌undefined and if you're in the same boat - keep going! just thought i'd share :) rekindled my coding love13
-
My nipples are hard, as hard as diamond. For no fucking reason at all.
But aside from that important update, does anyone just get this absolute light-headed euphoria whenever they realize they've fixed a bug?
Like my god, its the best feeling. I've only fixed other people's bugs a few time, and even then I experienced it.13 -
The ability to understand every codebase immediately to the point where I:
* don't need to rely on the documentation
* know exactly where bugs are
* know how a change (bug fix, new feature, etc.) affects other areas of the project recursively
Obviously because it's a waste of time hunting that occur when modifying a codebase, no matter how carefully one writes tests or tests their code, something could always sneak in because it's not always apparent how a change ripples through your codebase.
It's tiresome and especially annoying when working with core modules1 -
Witch hunting:
I just spent the last 90 trying to fix a visual bug with the UI
I made a functional component to render pretty forms with minimal information in React
Turns out some random ass fields were not rendering with their respective lower borders
Refactored the shit out of the components
Actually got them to follow a strict styling
Two cups of coffee later it clicked: everything was perfectly functional, I just have a shitty small monitor and tried zooming in
WOULD YOU LOOK AT THAT, IT'S THE FUCKING BORDER I WAS LOOKING FOR ALL ALONG!
Don't be like me: check les differents view ports5 -
Spent 2 hours last night (leaving an hour late) with the IT guy hunting down a problem that affected at least 12 other teams. It didn't crash the app, but did prevent MANY scripts from working, and thus nothing could be committed.
I found the culprit, made a solution, and posted in the email chain my solution. (it required a code review and a client-side update)
Someone responded asking for another dev to confirm my report. That dev did and them dumbed it down for those who can't understand programming talk. Then EVERY EMAIL after that thanked that dev for "fixing the root problem" and "solving their scripts".
And just now, the PO for the bug was replaced to that dev's team. (previously was my team's PO)3 -
>Sitting at desk pondering over what is wrong with code.
:Top
BRAIN : "maybe we will think better with /another/ cup of cofee?"
Repeat until
BRAIN : "damn now im too jittery to think about code. Maybe if I relax woth some music/meme hunting ill be able to focus"
Repeat until
BRAIN : "Damnit i spent 2 hours on 9gag and not coding. Gotta get back to this bug squashing but im now so tired. Maybe some cofee will help me think"
Goto Top3 -
I'm tired of "agile" development. Sure the concept of a hacky POC that gets thrown out for a real implemention sounds great. But it never gets thrown out. That shitty POC become the foundation for a horrible mangled mess of hacky improvement after improvement. I'm tired of my boss telling me "do it the easy quick way and fix it later", like fuck off no. I can save man weeks worth of bug hunting a year down the road by actually taking an extra day to do it right. Like fuck does no one care about quality engineering anymore?
Sometimes that extra day to write a general vs a specific implementation is worth it.5 -
Just found out the crazy bug I've been hunting the past two days was because I simply had the wrong filepath to the input and wasn't checking that.
So how's your guy's day?1 -
So, I spent the last two days hunting down a bug about some of the static assets not getting versioned.
It turned out to be a mistake by some newbie missing a quote in html. The html parser responsible for versioning the assets broke once it ran into that bad html.
Somehow, I don’t feel satisfied. I guess I shouldn’t hope for big reasons for seemingly big problems. -
Node: The most passive aggressive language I've had the displeasure of programming in.
Reference an undefined variable in a module? Prepare to waste your time hunting for it, because the runtime won't tell you about it until you reference a property or method on the quietly undefined module object.
Think you know how promises work? As a hiring manager, I've found that less than 5% of otherwise well-experienced devs are out of the Dunning Kruger danger zone.
Async causes edge cases and extra dev effort that add to the effort required to make a quality product.
Got a bug in one of your modules? Prepare yourself for some downtime because a single misplaced parentheses can take out the entire Node process, killing unrelated pages and even static file hosting.
All this makes for a programming experience that demands much higher cognitive load, creates more categories of bugs, and leads to code bloat/smell much more quickly than other commonly substituted languages.
From a business perspective, the money you save on scaling (assuming your app is more compute efficient under Node) is wasted on salaries and opportunity costs stemming from longer dev time, more QA, and more frequent outages.
IMO, Node is an awesome experiment, a fun language, a great tool for specific use cases, and a terrible fucking choice for an entire website.8 -
At a previous job I had, there was a bug in the payment code, we did not know anything was wrong until the customer support team began receiving some crazy emails stating that our company emptied their bank account. Then we investigated further and thousands of customers had their banks emptied. So the payment team went big hunting, found the problem to eliminate further chaos.
Unfortunately the person responsible for this huge screw up was not fired immediately, but did resign soon there after.1 -
If I had a nickel every time the unit tests failed not because something was wrong in the code, but because someone had messed up the unit test I'd be able to retire early.
I just spent the better part of 10 hours hunting down a bug in some production code only for the test to be wrong because the person who wrote it had mocked the http response incorrectly.
Nothing I did to "fix" the code worked, because nothing was wrong with it...4 -
So I was thinking whenever to run a Kanban-Board style ala Trello subdomain for the people on my site that are helping me with bug hunting and such and I came up with this article about this project that got 6k Stars in Github in 5 days https://github.com/thedaviddias/..., what is this project about? " The perfect Front-End Checklist for modern websites and meticulous developers "
Here is the article for those wishing to read more about it https://medium.freecodecamp.org/how...1 -
Went bug hunting only to land in a controller method that's 125+ lines long, riddled with side effects, and.... no tests!
-
My favourite bug fix was actually IT based and it was the first time my Eastern European, critical of my skills, family not only praised me but claimed that I was smarter than them.
My grandfather had changed from a telecom to a VOIP device for his landline. For some reason after installation, he could hear the other person on the line but they couldn't hear him. Me and my mother were away during this time so they called in the other family IT guy. This guy is no joke, he's one of the top in his company and makes a sweet six figures and lives in a mansion.
So he started looking things up, googling forum, etc. Couldn't find anything. Started calling the tech support and tried to deduce what it was and their tech support had never heard of such a problem. He takes his lunch breaks to help out my gramps. Keeps escalating, escalating and nothing. His conclusion is that they need to send him a new VoIP stick and they're not giving it to him. At this point, he's so frustrated that he screams at my grandfather to go back to paying 60 bucks a month for landline and to stop bothering him.
At this time me and my mother return and they have concluded that they need a new stick. My mom is great at intimidating people into free stuff so she and I go over to do so. At this point everyone is convinced of the problem and even I don't think I could fix it. But I decide to check if that's the case because I don't want my gramps to get a new stick and it still doesn't work.
I go through the typical forum hunting and there's Nada on the problem. I look at the stick and all the lights seem to be working, no error lights. And I wonder maybe the problem is not the stick, because usually you can't do anything at all if the hardware is broken. So I start thinking, maybe my gramps accidentally muted his handset while talking or something dumb like that. That wasn't it.
Then I decided to see if the problem was recreated on the other handsets. I tried one out and my mom could hear me but I couldn't hear her. What?! That's different! It was the opposite with the other phone. I conclude that it's working and there's something up with the handsets. So I go and do a reset on all of the handsets to make sure.
Lo and behold, the problem is fixed. It took me 25 minutes to solve. That guy gave up after a week of trying. My mom who assumed my IT skills were on par with other kids and nothing special had finally seen me up against an opponent, and not any opponent, a six figure high ranking IT specialist. And I didn't even use any secret, complex software knowledge that wasn't accessible to her or any other normal user.
That's when she finally said that I was smarter than her, that I just used my common sense. She would've needed some kind of prompting, hint or direction to solve the issue but I did it without any.
It was a very satisfying bug to fix. -
Guys. Guys. Guys.
I went to sleep last night, after hunting a bug the whole day that showed up towards the end of my simulations (after several hours of simulations) and that crashed my program.
The crash was due to a bounds error in a fixed size vector, that worked on all the other thousands of iterations but for some reason randomly crapped out late into the sim. So I gave up and went to sleep.
Booted up my program today, 10x speed gain and no bug. Please send help. My brain is playing games with me, I'm sure. This shouldn't happen. :(1 -
TLDR: I didn't & still not sure if it is..
I love bug hunting & fixing & figuring out how stuff works, but many will argue this is not even real programming..
Long version how I ended up programming:
Back in highschool, I was deciding between english and mathematics & computer science.. I filled in the form for the latter. Got a change of hearts but I already gave the extra/backup empty form to schoolmate..
Figured it's for the better because it's a hell to get a job as an english teacher/prof anyways + I dislike comunications with people + documentation (if any) is in english etc..
At the end of first year, I didn't even apply for all the exams because you had to have both programming 1&2 to pass or even be eligible to take the year again.. I figured I'd fail them, so once I actually passed both (& actually not with bad grades), I was fucked.. had to retake the year, which means I lost time + still had to pay the rent etc.. decided to drop out and return home and do the IT engineer course instead to at least have some formal education to help me find a job. Finished that without problems, I 'specialised' in network administration.
I got a job straight out of school as a web developer.. the irony.. got some conflicts with the boss and was terminated (material for another rant).
Later I sought out admin jobs, but got declined because I was overqualified and had programming experince. FML, right?
Ended up sending out mandatory job applications for IT administration & programming to not lose the bonuses & got called up to a meeting in the company I work for since then.
No qualifications for .net & MS technologies, but they liked my CV so the ended up setting up the interview anyway. I didn't know half of the technologies and concepts by proper name, but they figured I understand enough of the content to give me a try. A few years later, I got the most fucked up project they have because of my love for new thigs and trying to understand everything. It's aaaalmost bearable now.. still needs a lot of work, but I'm happy where I am. Saddly, I'm still second guessing if I'm doing a proper job as a dev, but they seem to be very ok with my work. (:6 -
I didn't set out to be a dev.. so not much support dev wise, but in general loads.
I dropped out of uni, went back home to avoid paying rent and at least get some form of education.. here parents are obliged to take care of kids until they finish schooling but still.. they could've bitched about me dropping out. They were just concerned I wouldn't be employable without any kind of education and with lesser grade.. anyhow, I probably wouldn't be where I am if I continued wasting their money trying to finish uni when I wasn't motivated enough (still huge problems with ocd so at that time and it was too overwhelming).
I had a plan to finish this along the job when I can afford it but the courses are for regular students only..so no way I could attend them..
Anyhow, I am information science engineer by profession (if that is even how it translates to english), should be taking care of network & computer administration..yet here I am maintaining, bugfixing & developing most 'hated' projects at this firm & I love it!!
So yeah, I hope parents are proud of me..have to ask them though..
Some details in here somewhere: https://devrant.com/rants/2870913/...
edit: typoooooossssss -
I miss bug hunting... Baking new features is far less fun than debugging all sorts of weird issues across all the layers of the setup. Devops has its charm, but still I find myself looking for problems more often than tinkering with devtools.
I wish there was a "debugger" role in my company.7 -
got employed as web developer, had to make an app for test, so i made simple PWA, you can search videos and you have related videos on the side, basically search videos and watch them with simple list of related videos on the side.
idk how i ended up being tester and bug hunter in this huge ass pile of spaghetti extravaganza.
all i do is wasting my talent on hunting and resolving bugs on a legacy-code apps, don't remember when was last time i actually wrote some feature, oh yeah i do, last month but that was refactoring/fixing.
so i am stuck on weird tech stack someone build with shovel, feels like they were having that famous golden hammer.
what interests me is something i will never do at this company and still i am trying to help them to fix the app to have better product.
It is hard when you feel like you are third and last person in whole company that cares about actual product, rest of devs just fixing things with quick workarounds, hacks and lousy patches.
I really tried, I did, I was excited as I saw opportunity to one up the product but got stuck with the rest of the devs fixing bugs instead of fixing the whole codebase, I tried to introduced improvements but we don't have time cause fixing bugs means happy customers, better codebase takes more time and means impatient customers are unhappy!
I think it is time to sail away.
So folks, any thoughts or feelings?1 -
The bugs that make you think are the best/worst.
Had a ghost foreign key constraint from a dropped table. Cant drop it from a non existant table.
Turns out the dev copied a file for the new table and since you can technically name those foreign keys anything you want, there were no errors when he ran it.
Also sloppy/overworked dev teammates are the worst...
Also I'm pretty sure rule 2 of programming is "Never Copy and Paste" -
Thank you, .NET Framework, for keeping your GC from destroying my DynamicMethod instance after I've accessed its function pointer!
Unlike another runtime that caused me to waste my weekend hunting a memory corruption bug in a managed language because of a minimal behavioral difference...
/tableflip -
The stages of new thing:
1. I don't see what this thing is supposed to do.
2. Ok, I see what it's supposed to do but I don't understand it.
3. I sort of understand it but learning it is too much work for very little benefit.
4. I am bored so I will learn new thing so I look busy.
5. I will rewrite my current project with new thing.
6. My current project is now bigger, slower and harder to understand.
7. I am now enthusiastic advocate of new thing and I feel more of a pro.
8. Need to code something in a hurry and revert to writing code like I copied it from w3schools.
9. Discover new thing is actually obsolete.
10. Remind myself that none of it is remotely relevant to my actual job and resume hunting for CSS bug.3 -
Just what is life
1st I love developing Web Apps
2nd I hate when it has bugs (Always does Everyone does)
3rd More hate for Security related bugs
So I started bug hunting so that even I can make developers hurt I thought I might find peace here
But here we fucking have SQL Injections which are not really that bad easy peasy
But we also have special kind of SQL Injections the Boolean Based ones (Medium Level Demons) and also The Time Based SQL Injections (Medium Level Demon with lots of health consumes too much time has a repetitive process and we have to wait a lot also if you have network lag you are doomed)
No its nice story till here but here it fucking ends the happiness I mean my luck is worst kind of fucking thing anybody ever can have.
I got a mix of both Demons;_;
A Time-Based Boolean SQL Injections yess fuckety amounts of fucking time wasted and redundant fucking process also to make matters worst the fucking famous tool #SQLMAP doesn't work in my case -
Today I'll try what happens when I look the daily top rants at 0:00. Wait. Tomorrow is Monday. I'll check the weekly rants too. :D And what happens if I press edit on the rant, I'm waiting a few minutes and "Save"? hm...1
-
So we're supposed to test even the most imporbable edge cases to make sure that our software is reliable. But there is a limit. We let a marketing intern go bug hunting. We use the same component in two tabs of our SPA, but we distinguish them through some parameters. The intern found that if you switch back and forth between those two tabs super fast a couple of times, the program for some reason confuses those two tabs and swaps them. Now management has listed it as a priority. When are the customers _ever_ going to do that?!4