Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "competent service"
-
So, some time ago, I was working for a complete puckered anus of a cosmetics company on their ecommerce product. Won't name names, but they're shitty and known for MLM. If you're clever, go you ;)
Anyways, over the course of years they brought in a competent firm to implement their service layer. I'd even worked with them in the past and it was designed to handle a frankly ridiculous-scale load. After they got the 1.0 released, the manager was replaced with some absolutely talentless, chauvinist cuntrag from a phone company that is well known for having 99% indian devs and not being able to heard now. He of course brought in his number two, worked on making life miserable and running everyone on the team off; inside of a year the entire team was ex-said-phone-company.
Watching the decay of this product was a sheer joy. They cratered the database numerous times during peak-load periods, caused $20M in redis-cluster cost overrun, ended up submitting hundreds of erroneous and duplicate orders, and mailed almost $40K worth of product to a random guy in outer mongolia who is , we can only hope, now enjoying his new life as an instagram influencer. They even terminally broke the automatic metadata, and hired THIRTY PEOPLE to sit there and do nothing but edit swagger. And it was still both wrong and unusable.
Over the course of two years, I ended up rewriting large portions of their infra surrounding the centralized service cancer to do things like, "implement security," as well as cut memory usage and runtimes down by quite literally 100x in the worst cases.
It was during this time I discovered a rather critical flaw. This is the story of what, how and how can you fucking even be that stupid. The issue relates to users and their reports and their ability to order.
I first found this issue looking at some erroneous data for a low value order and went, "There's no fucking way, they're fucking stupid, but this is borderline criminal." It was easy to miss, but someone in a top down reporting chain had submitted an order for someone else in a different org. Shouldn't be possible, but here was that order staring me in the face.
So I set to work seeing if we'd pwned ourselves as an org. I spend a few hours poring over logs from the log service and dynatrace trying to recreate what happened. I first tested to see if I could get a user, not something that was usually done because auth identity was pervasive. I discover the users are INCREMENTAL int values they used for ids in the database when requesting from the API, so naturally I have a full list of users and their title and relative position, as well as reports and descendants in about 10 minutes.
I try the happy path of setting values for random, known payment methods and org structures similar to the impossible order, and submitting as a normal user, no dice. Several more tries and I'm confident this isn't the vector.
Exhausting that option, I look at the protocol for a type of order in the system that allowed higher level people to impersonate people below them and use their own payment info for descendant report orders. I see that all of the data for this transaction is stored in a cookie. Few tests later, I discover the UI has no forgery checks, hashing, etc, and just fucking trusts whatever is present in that cookie.
An hour of tweaking later, I'm impersonating a director as a bottom rung employee. Score. So I fill a cart with a bunch of test items and proceed to checkout. There, in all its glory are the director's payment options. I select one and am presented with:
"please reenter card number to validate."
Bupkiss. Dead end.
OR SO YOU WOULD THINK.
One unimportant detail I noticed during my log investigations that the shit slinging GUI monkeys who butchered the system didn't was, on a failed attempt to submit payment in the DB, the logs were filled with messages like:
"Failed to submit order for [userid] with credit card id [id], number [FULL CREDIT CARD NUMBER]"
One submit click later and the user's credit card number drops into lnav like a gatcha prize. I dutifully rerun the checkout and got an email send notification in the logs for successful transfer to fulfillment. Order placed. Some continued experimentation later and the truth is evident:
With an authenticated user or any privilege, you could place any order, as anyone, using anyon's payment methods and have it sent anywhere.
So naturally, I pack the crucifixion-worthy body of evidence up and walk it into the IT director's office. I show him the defect, and he turns sheet fucking white. He knows there's no recovering from it, and there's no way his shitstick service team can handle fixing it. Somewhere in his tiny little grinchly manager's heart he knew they'd caused it, and he was to blame for being a shit captain to the SS Failboat. He replies quietly, "You will never speak of this to anyone, fix this discretely." Straight up hitler's bunker meme rage.13 -
I just got the book "The C Programming Language, 2nd Edition" from Amazon.
I've had my wars with Amazon in the past for not protecting packages properly, and now it happened again. For the third time in 6 months.
The cover of the book is damaged, pages are bend a bit and it looks like someone took a key and tried to draw something on the front cover.
I contacted customer support to get a replacement, which was no problem, but still fucking annoying that I have to spend time on this shit.
Anyway, what pisses me off is the amount of work I have to do in order to send this shit back to them. Holy fuck!
First of all, I haven't met a single competent employee at a "post office" here in Denmark, as all of the offices are now a part of a either hyper markets or grocery stores. This means, that it's the stores employees handling this.
In this process from Amazon I have to actually clear it for customs with a form they need to take care of.
I have to print 4 labels, 2 which I need to sign and 2 I need to do something else with...
But I'm so freaking scared that they'll fuck this up and I'll get billed for 2 books. It wouldn't fucking surprise me, considering how fucking shit our postal service is in Denmark and how I've been screwed over by Amazon in the past4 -
I hate having to deal with our IT service desk. Every time it takes enormous energy to get to the right people and make them understand that no, you are not an idiot, but you actually have a technical issue.
Sure thing they do have a few competent nice folks there too I've gotten to know over time and they indeed have to deal with a ton of dumb non-tech savvy idiots on a daily basis. However, if my job title mentions "software" and "engineer" they should at least assume I'm an idiot in tech. Or something. Every single time I need to open a ticket, even for the simplest "add x to env y", I need to quadruple check that the subject line is moron-friendly because otherwise they would take every chance to respond "nah we can't do that", "that's not us", or "sry that's not allowed". And then I would need to respond, "yes you do:) your slightly more competent colleague just did this for us 2 weeks ago".
Now you might imagine this is on even another level when the problem is complex.
One of our internal apps has been failing because one of the internal APIs managed by a service desk team responds a 500 status code randomly but only when called with a specific internal account managed by another service desk team.
(when I say "managed by", that doesn't mean they maintain it, it just mean they are the only ones who would have access to change something)
Yesterday I spent over a fucking hour writing a super precise essay detailing the issue, proving a million times it's not on our end and that they need to fix it. Now here is an insight to what beautiful "IT service" our service desk provides:
1) ticket gets assigned to a "Connectivity Engineer" lady
2) few hours later she responds and asks me to give her the app and environment IDs and grant her access to those
(naturally everything in my email was ignored including these two IDs)
3) since the app needs to be in prod for the issue, I make a copy isolating the failing part and grant her access to the original "for reference" and the copy to play with
4) few hours later I get an email from the env that some guy called P made changes to the actual app, no changes to the copy
(maybe they immediately fixed the app even though I asked them to only touch the copy)
I also check the env and the live app had been shared with another 2 people giving them editing rights:)
5) another few hours pass and the lady responds that she had been chatting with P (no mention of who tf that guy is) and that P has a suggestion that might work and I should test it, "please see screen shot" for details:
These motherfuckers sent me a fucking screenshot of the env config file where "P has edited a few parameters" that might help. The screenshot had a 16 line part of the config json with a bunch of IDs and Base64 params which HE EDITED LOCALLY.
Again, because I needed a few iterations to realise what I've just witnessed:
These idiots modified some things in the main app (not the copy) for hours. Then came to the conclusion that the config needs some IDs and params updated. They downloaded the config json. Edited it locally. Did not fucking upload it back to the main or test app. Did not test it live. Did not CC in or direct the guy with changes to me. Did not send me the modified config file. Did not even paste the new IDs into the email. But TOOK A FUCKING SCREENSHOT OF THE MODIFIED FILE AND SENT THAT SHIT TO ME. And then had the audacity to ask me to test it when they had access to it and that's literally their fucking job.
I had to compare the fucking screenshot to the live config file and manually type in the changes.
And no, it still doesn't work. And Now I have to get back to them showing it still fails the same way but I just can't deal with these people. Fuck. Was hoping by the time I write it all down it'd be better, and it does feel a bit better, but I still need to get this app fixed. And I can only do it through these... monkeys. I just can't. Talking to these people drains my life energy... I'm just sad. -
*sigh* that moment when you call your provider and after 20 minutes of talking and waiting you get redirected to the IT department and a feeling of coming home rises in your stomach. *relief*
Furthermore when you instantly like someone over the phone just because you feel like being from the same kind. Anyone ever had this feeling? Or am I just a creep!? 😅 -
partially tech
Is it just me or every single time* I call to some support after first 30 minutes I really want to ask question "can I talk with someone competent?". And no disrespect to these guys, many people call in with simple stuff, but damn, I try to solve stuff on my own and call in only when I need someone who actually can get somewhat technical and have some knowledge about the product/service/smh. Infuriating.
* one hosting provider proven to be exception. -
CONSULT
TELEGRAM ID TECHCYBERFORC
EMAIL ID Tech cybers force recovery @ cyber services . com
TECH CYBER FORCE RECOVERY helped me recover a substantial amount of $102,000 worth of Bitcoin that I believed was lost forever, and I am very grateful and thrilled to share my success story with them. I was stuck in a financial quagmire until I found TECH CYBER FORCE RECOVERY, but I could recover what looked unattainable because of their professionalism, knowledge, and committed attitude. I shed a sizable portion of my investment in the cryptocurrency market a few months ago, a scenario many Bitcoin investors worry about. At first, I thought I had everything I needed to invest. However, a string of regrettable incidents, such as a security lapse and a problem with the platform I was utilizing, caused me to lose all access to the website. I was devastated when I recognized the seriousness of the situation. This loss wasn’t just an ordinary amount of money—it was a sum of $102,000, a significant portion of my savings and plans. I attempted all possible recovery methods independently and reached out to the exchange I was using for help, but nothing seemed to work. I received generic responses, no real solutions, and a growing sense of hopelessness. I was about to resign myself to the fact that this money would never be recovered until I found TECH CYBER FORCE RECOVERY. I was apprehensive when I initially contacted TECH CYBER FORCE RECOVERY. Ultimately, I had already attempted to get help but had been unsuccessful. However, I knew I had discovered a competent and reliable crew as soon as I described my circumstances. TECH CYBER FORCE RECOVERY's customer service representatives paid close attention, understood how frustrated I was, and promptly started laying out a concise and doable recovery plan. They avoided committing anything that wasn't attainable. Rather, they described the procedures they would follow to recover the money: a thorough blockchain analysis, tracking down the misplaced money across many addresses, and employing advanced tools to penetrate the security layers that had locked my wallet. Knowing that I was collaborating with professionals who were knowledgeable about the intricacies of cryptocurrencies, this transparency provided me with the confidence I needed to proceed. As soon as I gave TECH CYBER FORCE RECOVERY the all-clear, they started working. Finding out where my money had disappeared required a painstaking recovery process that included tracking my Bitcoin through multiple addresses and performing a thorough forensic investigation of the blockchain. The fact that the team employed highly specialized software and collaborated with elite blockchain analysts to meticulously monitor the movements of my investment rather than merely depending on general tools or strategies pleased me the most. Recovering $102,000 worth of Bitcoin wasn’t just a financial victory—it was a testament to the expertise and dedication that TECH CYBER FORCE RECOVERY brings to the table. If you are facing a similar situation, don’t hesitate to reach out to them. They have the skills, technology, and experience to help you recover what you thought was lost forever.4