Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Client : pls put the disclaimer that the site uses cookies.
Me: but we don't use cookies this is a static page
Client: Still, the pop up makes the site look more professional, kindly add the feature asap
Me: :/22 -
I know it wasn't ethical, but I had to do it.
Semester 4 started this week, we all got to vote which day we wanted the lecture to be held on. There were quite a few options. My preference was Monday at 7:30pm.
So I entered the poll, as I have every other semester. But I noticed something, this particular poll didn't require any form of identification. Not even a Student ID.
I dug deeper, found that it used local cookies to store weather you'd voted or not, this is obviously a security problem, so I opened up Python and wrote a simple Selenium program to automate this process.
I called it the "Vote Smasher". First it would open the webpage, then it would choose Monday 7:30pm and vote. Then it would clear it's cookies, refresh and do it over again.
I ran it fifty times.
Can you guess what the revealed vote was for UCD SP4 IT was?
I heard my lecturer mutter:
"The votes aren't usually this slanted..."
I could hardly contain my giggles.
My vote won by about fifty over the others 😂
Let me just say, it was his fault for choosing such a naive poll system in the first place 😉36 -
My girlfriend is learning python and she figured out how to change her environment to dark mode. I'm so proud of her.
13 -
Client: I want all cookies blocked on my computer.
Me: Are you sure? Some things won't work if i do that. Like using online banking.
Client: I don't use it, so it's fine.
*Two weeks pass. I have to come back and see three bankcards laying on the table*
Client: I'm not able to use online banking anymore. Can you fix it?
Come on! You pay me to give advice and help out with problems. The least you could do is listen.10 -
😤😤😤 People need to stop believing these sheets in fortune cookies, they are printed using a Linux binary!
10 -
Opens a website:
ENABLE NOTIFICATIONS!
- no.
SUBSCRIBE TO OUR NEWSLETTER!
- no.
TURN OFF AD BLOCK!
- no.
WE USE COOKIES!
- ok.
PAGE 1 OF 11!
- oh ffs.14 -
"Privacy reminder: This website uses cookies, and if you delete them, you'll have to click away this reminder again and again."6
-
Friendly reminder for travalers:
You can usually reset your free WiFi time at airport networks by clearing cookies :)10 -
** Non Dev Rant **
I just need to rant about this because I'm furious.
Last night I had a house warming party. It was mostly, if not all, of my girlfriend's friends. I'm a cranky old developer so I don't have friends.
Everyone was nice and dressed nice and brought us gifts.. all of the gifts were pretty much specifically for my girlfriend.
So this one girl came... she's younger.. around 25. She came with no gift (I wasn't expecting gifts I just need to mention it for the plot), and was dressed in sweat pants. Alright, no problem.. I really don't care at least she's here.
So as more guests arrive I finally get a gift. Someone brought me a case of beer and a couple of yummy cookies. I had to put it down on the kitchen counter for a bit because I needed to grab more chairs.
The basement door where the chairs are is 10 feet away from where I left my present..
I come back from upstairs.. not even 5 minutes later and I see sweat pant girl stuffing one cookie in her fucking mouth and the other in her pants...
Are you fucking kidding me!? I bought desserts and snacks and all the alcohol you can think of and you steal MY fucking present. Not just one of them... but BOTH.
She saw the other guests give me it.. say "here buddy this is for you"... followed me in the kitchen and STOLE my fucking cookies.
I was going to eat them this morning with my coffee and I realized I couldn't because this fucking ass hole took my fucking cookies!!!!
I hosted this party for my girlfriend's SJW ass hole fucked up friends... put a smile on my face... pretended to like people... and for once didn't yell at someone... and the fucking thanks I get is 2 stolen fucking cookies.
Fuck her.20 -
Anyone else find those cookie notices on websites more annoying than the fucking cookies themselves?
//They suck even more on mobile6 -
Fuck the cookie warnings on websites!
They don't do anything helpful and are just fucking annoying. Especially on some websites where they take up half og the fucking screen.15 -
Watch 3 videos about iOS/Swift on YouTube, and now I'm getting a frontpage full of recordings of app development events and iPhone reviews.
Listen to one kpop track on Spotify out of curiosity, and now the recommendation playlist is polluted with music I really don't like.
If we are going to hand our balls to AI and expect it to be a glorious fondling fest, don't cry if it suddenly realizes "nuts? aren't those supposed to be cracked?".
I mean what's fucking next? Where will this "smart" shit end up?
I accidentally click on a my little pony meme, and amazon will drone-strike me with 500 gallons of glitter? I drunkenly mumble "OK google how do kangaroos fuck" in the back of a self-driving Uber, I'm going to be dropped off in a shady alley and raped by a dozen walibis?
STOP FUCKING TRYING TO UNDERSTAND ME, INTERNET. I JUST WANT TO FUCKING USE YOU, NOT BE USED BY YOU, THIS WASN'T THE DEAL.
If you truly understood me, internet, I would probably not even give a fuck about privacy. But you are all building these profiles wrong.
You don't understand that I might be interested in juggling tricks today, tomorrow it might be all about crocheting a wool sweater for my penis, and the day after that I'm curious how many corpses it would take to fill up an olympic swimming pool.
NO I'M NOT ACTUALLY INTERESTED IN THAT QUORA, STOP SENDING ME RECOMMENDATION EMAILS ON HIDING MURDER VICTIMS, MY BOSS WILL THINK I'M WEIRD.
Yeah of course I could pulls some plugs, anonymize the shit out of my online life. I respect those who manage to just say "Fuck you Google, I'm sick of your shit, I'm going cold turkey".
But these platforms are feeding us heroin-laced candy.
All your coworkers friends and family with their oled-lit zombiefaces, staring at tiny screens, all absent-mindedly grasping your ankles whispering "aww take one more hit with us, check out this funny youtube clip, let me send it to you on whatsapp.... what you don't have whatsapp? You deleted your facebook? don't you love grandma anymore? Why do you hate your family?"
Before you know it, you watched ten episodes about cultivating cactuses, have a year subscription to brilliant, skillshare, squarespace and 3 different organic foodboxes are delivered to your door, Netflix is spamming you about a cupcake baking show, and you're thinking about same-day delivery for a baseball bat so you can just beat the crap out of every pretty glass display you see.
I want to break up with you, Internet.
I love you, but I hate you.
Since you passed 2.0, you have grown into a manipulative bitch.
I just don't know if I'm strong enough. It's all "let's just be friends" with you, but I know you'll be trying to reel me back in.
Before I know it, you're feeding me cookies once again, and I'll end up balls deep with your trackers stuck to my dick.21 -
Jesus fucking christ, entering w3schools.com (don't ask) and I immediately get a cookie consent thing shoved in my face.
WHY?! Please don't tell me it's so I can get the 'best experience' because that's straight out bullshit. I don't need cookies and you fucking name it to get 'the best fucking experience' while looking up again how that one PHP or HTML or CSS or WHAT-THE-FUCK-EVER thing worked.
E-v-e-r-y GODDAMN site has this nowadays, to 'improve my experience' - I block ads anyways so what's the motherfucking point?!
Mother of FUCKING god.
alskdjaioethsdjlkjrfoikmedr29 -
The company behind ads on dutch national news sites/tv stations is stopping with tracking ads.
The interesting reason behind that IMO is that they have this very simple 'banner' which asks in a very understandable way whether people want (or not) tracking shit/cookies placed/loaded on their browser.
Apparently 90% of all visitors go for the "No" option so they don't see the point in continuing to try it anymore.
Awesome!5 -
Sister's new boyfriend at xmas party: So what do you do for a living?
Me: Well, I would say I'm a "full stack" developer, but what does that even mean anymore right? With the state of front-end development being in a constant state of flux and/or kissing its own ass, and every client demanding their one page website used solely for their phone number be offline first WPA SPA Web 7.0 REST Enabled clusterfuck that requires using at least 65% of the AWS stack, most of it completely uselessly. But hey, Neural Network AI looks good on your "grandma's cookies" website, and for only $9,000 per month you can now set the timer on your oven from your phone. So, man, I guess even though I've now been at it twenty years, even I'm not sure what the fuck it is I do anymore. How about you?
Sister's Boyfriend: I'm unemployed.10 -
Website: "Here is your PDF! You can download 1 more PDF today. Get unlimited downloads with a PRO account!"
Oh do I?
*deletes cookies and local storage*
*downloads another one*
Website: "Here is your PDF! You can download 1 more PDF today"5 -
What the flying fuck is happening on the EU with the fucking GDPR corsairs!!
I made two - TWO - entirely static websites, hand-made, 100% cookie-free!! I didn't even need to store a goddam boolean cookie! No third-party content is EVER invoked, called or summoned! I hosted a small video to avoid Youtube! Facebook and twitter share buttons are links!! I DID ALL OF THIS ON PURPOSE AND INFORMED THE FUCKING CLIENT.
And THEN (and, of course, unsolicited), the fucking lawyers of an asshole GDPR corsair office came and scared the shit out of my clients and convinced BOTH of them to put the goddam GDPR cookie consent popup on the fucking websites!! And they took their bribe, of course...
In order to avoid billionaire fines because of the NON EXISTENT cookies of the SMALLEST, SIMPLEST, 2KB MINIFIED HTML page on the Internet.
Anybody else is suffering from this kind of behavior??9 -
No, I don't want desktop notifications
Yes, I understand you use cookies
No, I don't want free books
We see you use AdBlock ...
[closing the tab]
And this happens every time I desperately search for smth5 -
Had to pack boxes again today. (distribution center job to pay the bills until I find an IT job)
Was hungry as fuck.
Then I suddenly had to pack a truckload of FUCKING COOKIES.
😭8 -
Worst legacy experience...
Called in by a client who had had a pen test on their website and it showed up many, many security holes. I was tasked with coming in and implementing the required fixes.
Site turned out to be Classic ASP built on an MS Access database. Due to the nature of the client, everything had to be done on their premises (kind of ironic but there you go). So I'm on-site trying to get access to code and server. My contact was *never* at her desk to approve anything. IT staff "worked" 11am to 3pm on a long day. The code itself was shite beyond belief.
The site was full of forms with no input validation, origin validation and no SQL injection checks. Sensitive data stored in plain text in cookies. Technical errors displayed on certain pages revealing site structure and even DB table names. Server configured to allow directory listing in file stores so that the public could see/access whatever they liked without any permission or authentication checks. I swear this was written by the child of some staff member. No company would have had the balls to charge for this.
Took me about 8 weeks to make and deploy the changes to client's satisfaction. Could have done it in 2 with some support from the actual people I was suppose to be helping!! But it was their money (well, my money as they were government funded!).1 -
"We need to get visitors age, gender and it would be nice if we could get city too.. can we pull this from the cookies so they don't have to enter the information on our site? How much info can we even pull, we need as much as we can get"
I literally kicked a wall when I received this message6 -
I think about adding a "We don't use cookies"-popup to our upcoming website rework.
Why not list other things? "We don't store your IP-address"-popup? Or "We use HTML"-popup?15 -
Hey, this is my first day and first post on DevRant ! :D
I just wanted to share with you how much i hate the WIX ads on YouTube!
"Hey, want a website? Build it yourself !"
What's wrong with their dumb algorithm at Google? I'm very familiar with web development, just use my cookies and understand that I MAKE MY OWN WEBSITES!13 -
- Let's make the authentication system so the user can only login in one device at time, because this is more secure.
- You know that this will be a general-public application, right?
- Yeah!
- Sou you want to "punish" users with a logoff on the other device when he tries to login in a new one?
- Yeah!
- But before you said we will use Json Web Token to make the backend stateless.
- Yeah!
- And how will we check if the token is the last one generated?
- We will store the last generated token for this user on a table in our DB.
- So... you are basically describing the old authentication model, with session tokens stored on the backend and communicating them via cookies.
- Yeah, but the token will be sent on the Header, not on cookies
- Okay, so why will we use Json Web Token to do this in the first place?
- Because this is how they're doing now, and this will make the backend stateless.
A moment of silence, please.8 -
here's a shoutout to 90% of websites today:
NO, I DO NOT WANT YOUR F*CKING NEWSLETTER! STOP ASKING!
NO, I DO NOT WANT YOUR F*CKING NOTIFICATION! STOP ASKING!
NO, I DO NOT WANT TO SHARE MY F*CKING LOCATION! STOP ASKING!
NO, I DO NOT WANT ANY F*CKING COOKIES! STOP ASKING!
website publishers ary whining about adblockers, but keep shoving so much shit down our throats that even a dozen browser addons can't make the web usable. the internet was such a great place once, where did we go wrong?
(rhetorical question. it's when we made access to the internet so easy, that every 100% tech-illiterate idiot could get online.)14 -
I'm so sick of all these fat frontend websites.
Transferring dozens of megabytes of mostly unused libraries is not acceptable.
A browser tab crunching up CPU time because everything must be "beautifully animated" (🤢) and processed without involving page reloads/backend is not acceptable.
A response time of over a second is not acceptable.
Cryptic error messages and random popups asking you to reload your page, not acceptable.
Sticky elements/popups breaking access on small screens is not acceptable.
Running hundreds of ajax calls per minute as heartbeats/probes
and crashing the page when the internet has a hiccup, not acceptable.
Fuck Asana, Fuck Twitch, Fuck LinkedIn, Fuck Youtube, Fuck the dozens of other SPAs which unload their truckload of diarrhea into a tab, yet fail to load crucial functionality about half of the time.
Fuck any page that breaks when you block Facebook, Doubleclick, Twitter or Google Analytics. To hell with websites depending on cookies or javascript loaders to display anything.
I want webpages to be interactive informational documents again.
Fuck off with your apps.
If you want to make an app, learn to use a real language, and get the fuck out of my browser.5 -
What's the point of using a framework if you don't use any of its features!? What the heck, I have to fix this damn web frontend that is so broken in many ways.
Instead of using an authentication middleware, every single view has the same block of code to check if a user is authenticated. Instead of templates, they used static HTML/JavaScript files and they passed data to pages through cookies.
The "REST" API is so messed up, nothing is resource-oriented, HTTP methods are chosen randomly as well as status codes. They are returning "412 Precondition Failed" instead of a plain simple "401 Unauthorized" when you're not authenticated! What the hell, did they even bother to check what 412 is about when they copied and pasted it from a crappy website!? I would never come up with 412, not even in my scariest nightmare.
What kind of drugs were they using when they wrote such code? Oh dear, I need a vacation...2 -
The concept of, "hacking" at my school is so disgustingly bloated, as it probably is everywhere else. Some kid the other day said that he had hacked cookie clicker. Friggin cookie clicker. After opening inspect element and changing some local data to get infinite cookies. And he was hacking.
I swear, if I EVER told any of these idiots about some hacking project I did with an Arduino, they would start asking me how much money I made off with in the heist.
There is one kid in particular that annoys me, his name is Matthew, and he is the most pompous little piece of crap you have ever met. Every time they talk about him, they use the word, "hack" casually in conversation. "Wow dude he's gonna HACK you now", and it really boils my gears. I mean, come on, our school password is a birthday and initials, if he got into your account, he certainly didn't do it by hacking anyone. It has gotten to the point that I can't even hear the word without wanting to lash out at them and tell them how stupid they are. Maybe I can just send them a link to this rant.17 -
Finally finished the blog post and (nearly) the last bugs (few remaining, still gotta think about how to solve them) are fixed.
The new blog post is online! I've taken a look at the Telegram messaging app and basically burned it into the ground. (Provided sources as well)
Next to that, a new domain name! As this blog is about online security AND privacy, I decided to change the domain name. The new one:
https://much-security-such-privacy.info/...
Dark theme can be enabled but will only work on one domain, you have to enable it on the other one as well to get a dark theme there. It stores the value in a cookie so it will remain when you reload the page and don't remove the cookies.
The RSS feed generator has a bug right now which makes that the page doesn't get updated, will work on that one tomorrow.
Thanks!
Last but not least, you can email me suggestions and so on at linuxxx@much-security.nl :)34 -
This morning my girlfriend told me about the network at her school constantly disconnecting, to which I jokingly replied "So, it doesn't deserve candy". She came back with "But it's already asking for so many cookies"...
-
To all developers,
Please stop making web applications where ALL state is saved in cookies. If I make a search and select a result, why the hell are the search parameters not in the address bar, but rather in a bloody cookie, and why when I select a result is this page not identified by a unique address? Rather saved in a COOKIE. This makes having multiple tabs open pretty useless.4 -
Dear fucktards with cookie notifications.
Give me a damn button of just “NO, I don’t agree”
Ain’t nobody got time to unstick 500 check boxes every single visit, surely theres no good or useful reason of some of these sites having more cookies then words on their home pages.14 -
I used to work in a tech shop. Old lady brings her laptop in claiming viruses broke her Gmail. I do the diagnostic, it's relatively clean with a bit of browser adware and tracking cookies. I call her and let her know there was nothing wrong with her Gmail and that it's good to go (she approved a tune up). She comes in and gets it. She calls later saying Gmail is still broken. I invite her to bring it in so we can have a look together (knowing for sure she was the problem). So we open up Gmail together and she shows me what she's doing. She's clicking on the sender and getting the contact card instead of the email opening. I show her how to actually open the email. She doesn't understand. I spend twenty more minutes explaining how to open an email. And this is the wk13 kicker, she waits until after twenty minutes to ask what "click" means. I was so done. That lady was too old to be using a computer.
-
Why even bother with article sites now? Try to search for a quick answer to a question and the only resource is some article and the user is met with:
- "Hi, here's where all your data goes. Please unsubscribe from our 937 partners and continue."
- "DO YOU KNOW WE USE COOKIES?" (Covers 60% of the page).
- "It looks like you're using adblocker. Mind whitelisting us for the 2 minutes we're in your life for? "
- "Before we show you the single sentence answer you're looking for let us promote our shitty content that you'll never click on because we hired the guy who makes shady porn links on every z-list site possible."
- "This article is in multiple parts to spread ad revenue. Click next to continue."
There's probably an extension that stops most of this but christ, it shouldn't be this bad.7 -
"we use cookies to give you a better experience on our site"
A better experience? Really?
It looks like you're using more than 100 external parties for whatever fucking reason. It is nearly impossible to disallow these, except for some stuff like analytics, which I don't like since it includes mass surveillance parties like Google and Facebook, but I'd at least, to some extent, understand that better.
But, the amount of dark pattern here is staggering and this kind of 'consent' you're using wouldn't, in a million years, hold up under the GDPR.
You know what would be a better experience? No tracking and no ads.
Go fuck your better experience (would that be a better sex experience....?)4 -
I hereby salute every JS-wanking web dev who uses a pop-up type of dialog *and* display yet hugging blur the actual hugging content behind it, only to become completely visible when you allow JavaScript and allow those hugging cookies.
With my middle finger I salute you, motherhuggers. You filthy hugging pieces of hugging shit.
7 hugs so far, oh wait 8! Will this rant defeat my current record on amount of hugs given that apparently stands at 18 (which is hugging incredible, if I may say so myself)? Not that that's really the hugging point though, the hugging GDPR that's responded at by those motherhugging hugwads is. I hugging salute you, hugging pieces of hugging shit!!!
HUG!!!11 -
So, I need to... enable cookies to... disable cookies? Did I get that right?
(wired[.]com btw. My steadily rising adblocker-counter should have made me leave that pile of shit way sooner than I did anyway)
5 -
GDPR: great law, except for those who use technology (JS blockers, tracking protection, etc etc) to fight other technology (cookies, trackers, etc etc). Welcomed by the general public, but for content publishers it is a royal pain in the ass. Because did the EU provide non-legalese explanations as to how to become compliant? Of course they didn't. Why would they? But of course lawyers jumped on it like it's the best thing in the world. "GDPR-experts".
Now, article 11 and 13 again. Copyright law taken to ridiculous levels, impossible to implement, except for maybe Google, Microsoft and Facebook. Anyone else? Of course not. Again, a lot of money has to be involved with it. Does anyone want this thing? Of course not. And why the fuck is this still a thing even?! Did direct lobbying to the EU Parliament members a few months ago not teach them anything?! Senile pieces of shit. Should those old fucks really be able to decide about the future of the internet?4 -
>>>> Followed link to a post
* Do you Accept Cookies?: Yes
* Our customer supports online: Okay, I know
* Subscribe to Newsletters?: Click Click Accept
* Website wants to turn on Notification?: Okay
* Seen Our New Product?: No, not today
* We require you to be over 18?: Yes, I am
* We value your privacy?: I Agree
* Looks like you're using ad-Blocker?: Turn Off
* Don't forget to follow us on...: Okay!!! I get it already, just show me the f*cking post!
* What next
***** 1 million ads appear around a single post broken to bits having (1-2-3-4-5-6-7-8-9 next>>) *****
Just wondering who invented this money making strategy.8 -
Dear Tech-News Outlets,
Yes, I accept 30994 cookies and do not want to uncheck them one by one.
No, I don't want to subscribe to a newsletter full of content completely unknown to me - maybe let me stroll around a bit before asking me? But please don't ask me in the middle of reading the shitty article. Maybe make use of a so-called "sidebar" for shit like that?
Yes, I want to continue without turning off my adblock.
No thanks, I know how to turn it off, I'm going to remove this overlay now via devtools, alright?
Yours
An annoyed user4 -
I understand the fact that your website uses cookie but fucking hell it can use it to remember that I accepted 7373738594929738849393 times2
-
it can be the most interesting article in the world, but if you ask me to confirm cookies, to enable notifications and to disable my adblock or subscribe to your aWeSoMe newsletter at the same time I'm not interested in spending any more time on your site
oh and also, FUCK YOU, return your degree, resign and FUCK OFF1 -
What you see in that screenshot, that was earned.
I'm on the plane and I want an hour of free Gogo (read: crappy) WiFi on my laptop (so I can push the code I'm probably the most proud of, more on that another time). The problem is that the free T-Mobile WiFi is apparently only available on mobile.
So after trying to just use responsive mode, and that still (almost obviously) not working. I realize it's time to bring in the big guns: A User Agent switcher. Small catch: I don't have an add-on for FF that can do that.
So on my phone I find an add-on that can and download the file. To send it to my computer, I initially thought to go through KDEConnect, but Gogo's network also isolates each system, so that doesn't work. So I try to send it over Bluetooth, except I can't. Why? Because Android's Bluetooth share "doesn't support" the .xpi extension, so I dump it in a zip (in retrospect, I should have just renamed it), and now I can share.
After a few tries, I successfully get the file over, extract the zip, and install the extension. Whew! Now I open up Gogo's page and proceed to try again, but this time I change the user-agent. Doesn't work... Ah! Cookies! I delete the cookies for Gogo (I had a cookie editor add-on already), but I had to try a few times because Gogo's scripts keep trying to, but I got it in the end.
Finally that stupid error saying it's for phones only went away, and I could write this rant for you.
22 -
I keep a bag of cookies at my desk that contain rum. I only eat one whenever i get asked a really dumb question. (See my last rant)
On my way to become permanently drunk at work!6 -
" this page uses cookies"
"We've updated our privacy policy"
*30 sec full screen ad* OR "please turn off your adblocker and refresh"
"Would you like to take a survey?"
"Click to read more"
"You've reached your free articles for the month. Please subscribe!"
Jesus fucking Christ! Is it such a sin to read articles in peace? How does anybody use your shitty site. How does anybody PAY for your shitty site?! Fuck your articles. Why do companies think this is a good model?!5 -
Last week my company thought it would be a great idea to introduce a new sh*tty internal web portal that gives federated access to aws (instead of using our own accounts to assume dev roles like we used to do).
This broke a lot of sh*t that simply used to ask for an MFA token and used our practically permissionless accounts to assume a proper dev role. An MFA token that we'd enter directly into the terminal/tool. It was very seamless. But nooooooo we now have to go a webpage, login with sso (which also requires mfa), click "generate credentials," copy-paste those into terminal/creds file and _then_ continue our aws cli call. Every. Single. Day.
BUT TODAY I HAD ENOUGH.
I spent the entire day rewriting the auth part of our tools so they would basically read the cookie that's set by the web portal, and use it to call the internal api that generates the credentials, and just automatically save those. Now all we need to do is log into the portal, then return to the tool and voilà, the tool's also got access! Sure, it's not as passive as just entering an MFA token directly, but it's as passive as it gets. Still annoyed by this sh*tty and unnecessary portal, but I learned a thing or two about cookies.9 -
Make your cookies banner have equal "Accept All" and "Reject All" buttons, and I'll probably Accept All.
Bury rejection under a fucking "Manage Cookies" button and I will go out of my way to disable/opt out of every fucking one of them.
Also why the fuck would rejecting all take "a few minutes" but accepting be instantaneous?
Fucking hell.
18 -
Well... I had in over 15 years of programming a lot of PHP / HTML projects where I asked myself: What psychopath could have written this?
(PHP haters: Just go trolling somewhere else...)
In my current project I've "inherited" a project which was running around ~ 15 years. Code Base looked solid to me... (Article system for ERP, huge company / branches system, lot of other modules for internal use... All in all: Not small.)
The original goal was to port to PHP 7 and to give it a fresh layout. Seemed doable...
The first days passed by - porting to an asset system, cleaning up the base system (login / logout / session & cookies... you know the drill).
And that was where it all went haywire.
I really have no clue how someone could have been so ignorant to not even think twice before setting cookies or doing other "header related" stuff without at least checking the result codes...
Basically the authentication / permission system was fully fucked up. It relied on redirecting the user via header modification to the login page with an error set in a GET variable...
Uh boy. That ain't funny.
Ported to session flash messages, checked if headers were sent, hard exit otherwise - redirect.
But then I got to the first layers of the whole "OOP class" related shit...
It's basically "whack a mole".
Whoever wrote this, was as dumb and as ignorant to build up a daisy chain of commands for fixing corner cases of corner cases of the regular command... If you don't understand what I mean, take the following example:
Permissions are based on group (accumulation of single permissions) and single permissions - to get all permissions from a user, you need to fetch both and build a unique array.
Well... The "names" for permissions are not unique. I'd never expected to be someone to be so stupid. Yes. You could have two permissions name "article_search" - while relying on uniqueness.
All in all all permissions are fetched once for lifetime of script and stored to a cache...
To fix this corner case… There is another function that fetches the results from the cache and returns simply "one" of the rights (getting permission array).
In case you need to get the ID of the other (yes... two identifiers used in the project for permissions - name and ID (auto increment key))...
Let's write another function on top of the function on top of the function.
My brain is seriously in deep fried mode.
Untangling this mess is basically like getting pumped up with pain killers and trying to solve logic riddles - it just doesn't work....
So... From redesigning and porting from PHP 7 I'm basically rewriting the whole base system to MVC, porting and touching every script, untangling this dumb shit of "functions" / "OOP" [or whatever you call this garbage] and then hoping everything works...
A huge thanks to AURA. http://auraphp.com/
It's incredibily useful in this case, as it has no dependencies and makes it very easy to get a solid ground without writing a whole framework by myself.
Amen.2 -
A. Hey, what's your favorite ice cream flavor?
B. Cookies!
A. I accept! Hey, what's your favorite ice cream flavor? -
TIL that it's faster to host static web components on a separate domain to avoid overhead and traffic generated by cookies
Thank you So yet again
https://sstatic.net/
3 -
So I have seen this quite a few times now and posted the text below already, but I'd like to shed some light on this:
If you hit up your dev tools and check the network tab, you might see some repeated API calls. Those calls include a GET parameter named "token". The request looks something like this: "https://domain.tld/api/somecall/..."
You can think of this token as a temporary password, or a key that holds information about your user and other information in the backend. If one would steal a token that belongs to another user, you would have control over his account. Now many complained that this key is visible in the URL and not "encrypted". I'll try to explain why this is, well "wrong" or doesn't impose a bigger security risk than normal:
There is no such thing as an "unencrypted query", well besides really transmitting encrypted data. This fields are being protected by the transport layer (HTTPS) or not (HTTP) and while it might not be common to transmit these fields in a GET query parameter, it's standard to send those tokens as cookies, which are as exposed as query parameters. Hit up some random site. The chance that you'll see a PHP session id being transmitted as a cookie is high. Cookies are as exposed as any HTTP GET or POST Form data and can be viewed as easily. Look for a "details" or "http header" section in your dev tools.
Stolen tokens can be used to "log in" into the website, although it might be made harder by only allowing one IP per token or similar. However the use of such a that token is absolut standard and nothing special devRant does. Every site that offers you a "keep me logged in" or "remember me" option uses something like this, one way or the other. Because a token could have been stolen you sometimes need to additionally enter your current password when doings something security risky, like changing your password. In that case your password is being used as a second factor. The idea is, that an attacker could have stolen your token, but still doesn't know your password. It's not enough to grab a token, you need that second (or maybe thrid) factor. As an example - that's how githubs "sudo" mode works. You have got your token, that grants you more permissions than a non-logged in user has, but to do the critical stuff you need an additional token that's only valid for that session, because asking for your password before every action would be inconvenient when setting up a repo
I hope this helps understanding a bit more of this topic :)
Keep safe and keep asking questions if you fell that your data is in danger
Reeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee5 -
My business-partner thinks we can pull personal informations from cookies, like age, gender, city and interests......
"Can we get peoples age and gender from cookies? How much data can we get from their cookies? Like if they've looked at a white bag recently?"
WTF..2 -
!rant
I am so proud of my dad :D Last weekend I went to Minecon and spent most of my time with other modders. When I posted on FB a friend replied "I didn't see you", to which I said "I was with the modders". My dad then replied what are modders. It was late at night so I didn't get to respond and forgot about it.
This morning when I talked to him he said he looked on the online dictionary and found the definition by himself. That made me really proud, considering he is not computer savy and always relied on me to answer IT questions 😍 -
The main reason I want to be an app developer is so that I can enable dark themes by default. That way people can see for themselves and the dark side can take over!3
-
TL;DR: If you make a contest where people get to vote online fucking make it right!
And here's the story: I play in a local coverband to make some cash on the side and because I love making music. We entered a contest hosted by a local radio-station. The first round was determined by judges and now 5 bands remain and of those 5 only 3 get to be voted into the final round. In the final round every bands wins something: 3rd place 250€, 2nd place 750€ and first place 5000€.
Now that stupid dipshit of a web-designer of that radio-station made a website where you can vote and it only fucking sets a cookie. You can delete it and vote again. You don't need no E-Mail and nothing. It doesn't even block multiple votes from one IP. It doesn't do shit.
Even my bandmates (who don't work in IT) where smart enough to figure out that you can just delete the cookies...
I think that now every band except for one is cheating. (we have over 5000 votes and combined all bands have like 4000 FB-Likes and sometimes and Band gets like 400 more votes in an hour) This is such a fucking messup and I don't know what to do. Maybe they'll look into stats but if they're so stupid to make a contest like this in the first place, maybe they won't. And even if they look into the stats it wouldn't be fair to kick out a band with much votes because how the fuck would they know if the band themselves cheated or if it was a fan of the band or even an enemy of the band just to get them kicked out.
I'm afraid of talking to the radio-station as a part of one band because maybe the web-designer there just gets frustrated and bans us from the contest entirely.
This is just fucking frustrating.5 -
"How much info can we get from cookies? I want to get gender, approx. age and at least first name. That's possible, right?"
Me: "that's not how cookies work.. the info needs to be stored somewhere, where we can access it. It's not in guests cookies"
"How does Google do then? They're tracking everything we do.. *bla* *bla*"
- my business partner..........5 -
Installed Cookie Clicker yesterday. This app literally bombs my PiHole with ad- and tracker domains.
This is pretty bad...
9 -
I know we're trying to stay away from Flash. I've heard that most browsers these days support cookies. Could you work it into a "cookie applet?"1
-
Just had an old coworker from a previous job send me some stuff for a php script he was having issues with.
There was too much glory in what he was trying to do: mixing php inside of jquery code, not using strict types would have prevented like 10 issues he was having on his script on another portion, mixing headers, weirdly named variables, poorly constructed, reused db connections, 0 oop or proper dependency management in his code, horrible use of sessions and cookies, O (n²) logic all over the place.
But the cake.....are y'all ready for it? It was code screenshots, not even of just the section, no, the full page, from a windows machine (to make it better he is hosting the application on an IIS server and his configuration was not properly set) but I digress, back to the cake:
He was writing his code inside of wordpad :P
FUCKING WORDPAD
I just politely told him that I was busy at the moment and happily ignored him. Dude is not a good person to begin with imo, for example, he brought the subject of homosexuality during one of our talks after he saw me talking to my bf, who just so happens to be gay, his statement was "I do not understand how there can be gay people when there are women that are so hot"
My comeback was "I do not understand how we can be heterosexual when there are some really attractive dudes out there, see how stupid your logic sounds? attractiveness is not the basis for homosexuality ye dipstick" he let it go after that, but close minded people like that are not really my cup of tea.14 -
Remember the Christmas lecture I told you about?
Did you know, we have Santa in our faculty and he only communicates in the "Ho, ho, ho!" language?
So they created a ho ho ho programming language based on brainfuck and a way to do multiplications with a christmas tree🌲 and the prof sang a song to Andrew Tanenbaum. We had Punsch or Glühwein and Christmas cookies and there was a flashmob of the new choir 'C#' aaah it was just so cool
Last year they sent a paper to the journal of Universal Rejection, the paper is called: "Toward Xmas 4.0 - Recent Advances in Santa Claus Research"3 -
Several minutes waiting for site to work after clicking on "required cookies only". Is this really what privacy laws were aiming for?
19 -
I accidentally deleted the Facebook chat history I had with someone. Wanting it back, I quickly whipped up a program for my Teensy to download and executes a Java app I wrote. The Java app gets the Facebook cookies, decrypts and uses them to read the chat history which will then be sent to me. Now all I have to do is insert my Teensy via USB and I'll have my chat back! *mission impossible music playing*3
-
This is borderline blackmailing: if I choose to have only the "required" cookies, this non-dismissable popup shows up and I have to wait 10 seconds until it closes. That's longer than it takes me to make an online payment!
11 -
Well on my last full-time job, that ware using cookies for authentication (not something new, eh?). The thing is, you see, the cookies had the 'accountId' which if you change to another number, kaboom you're that account, oh but that was not all, there was an option to mark the account type in there 'accountType', which was kind of obvious in VLE (virtual learning environment), 'Teacher', 'Student', 'Manager' put what of those values and boom you are that role for the session
Thing was open of SQL injection from the login form, from said cookies and form every part you can pass input to it, when I raised the question to my TL he said 'no one is going to know about thatt, I don't see what is the problem', then escalated to higher management 'oh well speak to *tl_guy*'
Oh and bonus points for it being written in ASP CLASSIC in 2014+ (I was supposed to rewrite, but ended up patching ASP code and writing components in PHP)
In 2015-2016, in a private college, charging kind-of big money per year1 -
TLDR: Find a website that requires a subscription but doesn't check their cookies' integrity, now I'm on a website for free.
>be me
>wonder if it's possible to intercept browser data
>download Wireshark
>download Fiddler
>find that none of these really fit me
>go to youtube, search how to intercept POST data
>find something called BurpSuite
>Totally what I was looking for
>start testing BurpSuite on devrant
>neat!
>I can see all the data that's being passed around
>wonder if I can use it on a website where my subscription recently ended.
>try changing my details without actually inputting anything into the website's form
>send the data to the server
>refresh the page
>it worked
>NEAT!
>Huh what's this?
>A uid
>must be a userID
>increment it by 1 and change some more details
>refresh the page
>...
>didn't work 😐
>Hmmm, let's try forwarding the data to the browser after incrementing the uid
>OH SHIT
>can see the details of a different user
>except I see his details are the details I had entered previously
>begin incrementing and decrementing the uid
>IFINITE POWER
>realize that the uid is hooked up to my browsers local cookie
>can see every user's details just by changing my cookie's uid
>Wonder if it's possible to make the uid persistent without having to enter it in every time
>look up cookie manipulator
>plug-in exists
>go back to website
>examine current uid
>it's my uid
>change it to a different number
>refresh the webpage
>IT FUCKING WORKED
>MFW I realize this website doesn't check for cookie integrity
>MFW I wonder if there are other websites that are this fucking lazy!!!
>MFW they won't fix it because it would require extra work.
>MFuckingFW they tell me not to do it again in the future
>realize that since they aren't going to fix it I'll just put myself on another person's subscription.5 -
I found a vulnerability in a famous financial institute site. So I asked their customer care over email, how can I report it?
They said: "remove your cookies" 🤦9 -
The internet got so broken with these gdpr-popups, it just isn't fun anymore.
If it didn't razz you right in the beginning, you know it's going to happen in a few seconds.1 -
how do websites have the option to deny all cookies? don't they need a cookie to know you don't want cookies?
12 -
Imagine
websites didn't use unnecessary cookies,
JavaScript was only used when needed,
no trackers, no ads, no telemetry, no user
data saved when it doesn't benefit the user.
*Wakes up in cold sweat*9 -
*enters random page*
To continue, you must accept all cookies or click here to see our Privacy Policy.
*clicks to see privacy policy*
*in privacy policy page*
To continue, you must accept all cookies or click here to see our Privacy Policy.6 -
Websites: Let me slide in a little piece of data in your browser for your convenience so that you don't have to enter your password every time you come back. We even have a great name for it - Cookie!
EU - WHAT ARE YOU DOING TO OUR COMPUTERS, HOW DARE YOU MAKE OUR LIVES BETTER WITHOUT LETTING US KNOW FIRST.
(also pay us €10000000 k bye)4 -
Most succesful project was around this time last year.
A scary club of privacy haters made a 'webapp' to advise people what to vote for in the national elections.
The tool was really bad in multiple ways. For instance, if two parties would score the same amount of points, one would, at random take second place without conveying this to the user.
Oh and it also collected all the data people entered "for scientific purposes". A very sketchy practice, a non profit, funded by the government and George Soros (I kid you not, illuminatie confirmed ;) ).
The tool had this disclaimer on the bottom, saying this webapp needs cookies to function. So that triggered me to make a copy of the tool that works better and ... offline, and without cookies. You could download a html file and turn of your wifi (for the paranoid ppl among us), use the tool, delete the file. No trace.
It was a little bit of tung and cheek project, a gimick, the original was called stemwijzer, mine was called offline stemwijzer.
It was a one day build and a day after launching I got a call of the original stemwijzer project leader. Demanding to take the thing offline for infringing copyright (yeah sort of was). I tried to explain him why I made this and why privacy for such things should be held in high regard. He basicly told me I was talking shit and did not want to discuss, I told him I don't take stuff offline because of phone calls. I told him to email me a seist and desist.
So that guy prolly had a stressful day (because of the launch of his tool), had a few glasses of wine, and wrote an email. He wrote me I was a pathtic kid and I should do more useful stuff. He wrote that anyone could program a tool like that. And he wrote me I should do him a favour not share this email with my measly amount of twitter followers. Super professional email.
So I did him that favour, I did not share it with my twitter followers, I shared it with one of the largest political blogs in the country.
My tool sort of took of after that. To stop infringing copy right I changed the name and I removed their content from the script and wrote instructions on how to copy and paste in the json content yourself and "make your own tool".
The response was great, people actually emailed me job offers and I think that the current job I have is due to the succes of said project. So be balsy, challenge giants, start riots, it will get you places.2 -
Implemented complex AD tracking system for offline conversions back to ads.
Me: It's done and works and it's based on cookies.
Tech Manager: What if the cookies get deleted all the tracking is gone.......
Me in my head: Stop trying to be clever with the dotdotot ....
Me in real life: Same as Analytics and Adwords .......all that tracking is gone.
FN smart ass.2 -
I hate lying customers.
Today a customer opened a support ticket related to his website account. Apparently he is losing his session right after the login success.
I've debugged everything, checked all logs and couldn't reproduce it.
I know every bit of business logic on the website by heart.
The only explanation could be that his browser either doesn't allow cookies or expires them after page change.
So I asked him to check.
"Yes, cookies are allowed in my browser" he wrote.
Well... fuck me... I will change the code to put the session ID in the URL as well. If it works - and I'm 100% sure of that - I will personally mail him a collection of the finest turds.4 -
To all web devs adding cookie-nags on your companys pages: stop that! Now! No where does that cookie law require you to ruin your site with nagging popups. Where's the focus on usability?
And the rule about informed consent? Which normal user (like my mother) knows what that means anyway? I call bs! Politicians, don't get me started.
Every user on the internet goes JMIGA: Just Make It Go Away, click whatever making that crap disappear.
What user will go "holy shit, they're using cookies!! I'm outta here!" No one in the history of the internet, that's who. Argh.9 -
I've just found the worst website ever. After some seconds, they show a banner with the usual "agree to our use of cookies" stuff. Of course, I clicked on settings. So it opens another page in another tab. As I started to read that page, another banner was displayed. Ofc I clicked on settings. The same page was opened in yet a new tab. I think you can see we're this is going...2
-
Those GDPR nag screens actually are more damaging than useful. Nobody has the energy to jump through the hoops all different sites set up for you to opt-out of tracking. Yet you will constantly see those pages if you have opted out.
If you use some privacy extensions that block tracking cookies and stuff, you will keep getting those nag screens, because they have no idea whether you have seen it or not (because of no tracking)
So browsing the web has become the constant of:
1) Search something
2) Deal with nagscreens
3) See the page
4) Go to other page
5) Repeat from step two
I wonder what this will lead to? People are less likely to visit random pages and stick to ones they have account on? Will darknet become more popular? Will somebody design some standard way to get rid of this nagscreen wave?11 -
Whelp. I started making a very simple website with a single-page design, which I intended to use for managing my own personal knowledge on a particular subject matter, with some basic categorization features and a simple rich text editor for entering data. Partly as an exercise in web development, and partly due to not being happy with existing options out there. All was going well...
...and then feature creep happened. Now I have implemented support for multiple users with different access levels; user profiles; encrypted login system (and encrypted cookies that contain no sensitive data lol) and session handling according to (perceived) best practices; secure password recovery; user-management interface for admins; public, private and group-based sections with multiple categories and posts in each category that can be sorted by sort order value or drag and drop; custom user-created groups where they can give other users access to their sections; notifications; context menus for everything; post & user flagging system, moderation queue and support system; post revisions with comparison between different revisions; support for mobile devices and touch/swipe gestures to open/close menus or navigate between posts; easily extendible css themes with two different dark themes and one ugly as heck light theme; lazy loading of images in posts that won't load until you actually open them; auto-saving of posts in case of browser crash or accidental navigation away from page; plus various other small stuff like syntax highlighting for code, internal post linking, favouriting of posts, free-text filter, no-javascript mode, invitation system, secure (yeah right) image uploading, post-locking...
On my TODO-list: Comment and/or upvote system, spoiler tag, GDPR compliance (if I ever launch it haha), data-limits, a simple user action log for admins/moderators, overall improved security measures, refactor various controllers, clean up the code...
It STILL uses a single-page design, and the amount of feature requests (and bugs) added to my Trello board increases exponentially with every passing week. No other living person has seen the website yet, and at the pace I'm going, humanity will have gone through at least one major extinction event before I consider it "done" enough to show anyone.
help4 -
I dont think that's how GDPR and OPT-IN cookies work, ya fuckin dingus (screenshot from arstechnica[.]com)
2 -
When you spend 6 hours figuring out how to best encrypt/decrypt your unimportant website cookies just because you don't want people to see how bad you are at naming stuff :x
-
A guy looks up the word 'spring' to find out about Spring season and Google suggests Spring Framework. Google, you nerds!
Oh well, cookies.2 -
When will the cookies(PHP) expire? Non-programming answer: It depends if you put it in the freezer or not LOL1
-
Using cookies for verification and validation without encrypting the values which should have been handled in the backend without any use of cookies.
I wonder how vulnerable by website was... -
These are the absolute WORST cookies I have ever eaten. If you are Israeli or will come to Israel one time, avoid at all costs.
Please.
22 -
I have unspent credits in Azure that waste each month. To not waste them I spun up a VM to run cookie clicker on it.
-
I'm learning nginx and it's simplying the way I think about web projects.
I used to think that when I used a server side framework, then that should be the master and all should go through it. Noob me.
I used to put client side projects (like create-react-app of vue-cli projects) right inside the server side project.
But with nginx you can just route subpaths to different places, then instead of having, let's say, the react project inside rails, they would be in separate git projects.
In fact, I no longer need to restrict myself to a single server framework.
I love several aspects of rails. I love several others of node. And if I need multithreaded performance, I'd very much use something like phoenix or go.
Again, with nginx, you setup subpaths with the `location` directive in the same server and voila, a no CORS setup, cookies shared and homogenous versatile website.7 -
I bought a domain and need some styling suggestions.
it basically demonstrates how language barriers can hurt communication (and I want to screw over google)
so, it takes a phrase and translates it to a bunch of random languages with google translate to see how messed up it gets.
the link is:
https://translationiteration.com
READ BEFORE CLICKING: i still have an unresolved bug with php cookies and sessions so once the page loads, just press refresh ¯\_(ツ)_/¯
so now i need some styling suggestions, and advertiser suggestions (i’m thinking media.net) who respect user privacy and are contextual.
comment :)
p.s. does anyone still say advert or am I the only one ? 🙃20 -
"We value your privacy, that's why we want you to agree to all of these tracking cookies."
Fucking GDPR, is getting on my nerves now, can't go anywhere without encountering a cookie wall.11 -
Three of us doing a project for free for our web-dev teacher at university. Looking back at that project I think we did a terrible job, we built an ugly, monolithic application with Express, MongoDB, Pug and Vue.
It was a CMS for a local church and the best part of the project was including some hidden easter eggs accessible only by setting some cookies manually in the browser.
Although we did the project for free, I think we all have been learning a lot of valuable things and we also tried out new stuff, like the Kanban board and a few aspects of the scrum way. The most interesting part of this was learning all of it by ourselves, because our web-development teacher couldn't really help in web-development... -
ARGH!
Since that privacy cookie policy change thingy, every goddamn site pops up the dialog asking about it.
I just want to fucking read the page, quickly; get off my screeeeeeen!
There should be a standard to add something that lets the browser tell the page if you accept cookies or not, and which options to use; or at least make all the sites use a specific attribute for the elements of the div, so it can be automated (I know this is a dream).5 -
I think accept cookie thing should be done by browser itself. If it was like when using
document.cookies=bla browser wod show the popup that if we (users) are okay with the site storing a cookie. It'd be much standard as I can set accept cookie from all web sites etc so I don't have to8 -
Only at work can I come back from the breakroom full of cookies and snacks for mymanager to promptly give me a pass to Golds Gym :V she is telling me that I is fat I guess :V
;_____; i am not fat, just eat like a fatboi -
As if somebody who isn't a dev can understand these Explanations and even cares about the Name and Provider of a cookie. Maybe they took GDPR a step to far.
But it's nice to see that you can even say, which cookies you want them to use.
2 -
So, a few weeks ago I was asked by a client to add a cookie consent popup.
Specifically the site must not track the user via Google analytics until they consent.
All fine and I added the normal popup bar at the top the screen.
The client asked me make this smaller and place it into the bottom right hand corner, as to not "scare visitors". After some design hanged on his end the message ending up being 80px side. I.e. tiny.
Weeks later the client is now moaning about decreased traffic levels in analytics.
This is to be expected as cookie message can barely been seen.
Facepalm.1 -
Stolen but so funny:
QA Tester walks into a bar:
He orders a beer.
He orders 3 beers.
He orders 2976412836 beers.
He orders 0 beers.
He orders -1 beer.
He orders q beers.
He orders nothing.
Él ordena una cerveza.
Il commande une bière.
He orders a deer.
He tries to leave without paying.
He starts ordering a beer, then throws himself through the window half way through.
He orders a beer, gets his receipt, then tries to go back.
He orders a beer, goes to the door of the bar, throws a handful of cookies into the street, then goes back to the bar to see if the barmaid still recognizes him.
He orders a beer, and watches very carefully while the barmaid puts his order into the till to make sure nothing in his request got lost along the way.
He starts ordering a beer, and tries to talk the barmaid into handing over her personal details.
He orders a beer, sneaks into the back, turns off the power to the till, and waits to see how the barmaid reacts, and what she says to him.
He orders a beer while calling in thousands of robots to order a beer at exactly the same time.4 -
Dear web devs,
PLEASE learn how to (or teach/inform your clients) correctly target ads.
Thank You
Also, WTF??? and even WZF?!?! Who created this? Furthermore who the hell paid for this to be an ad, what are they trying to achieve and how tf do they think this will achieve that???
PS-
In case you're wondering what i was looking up on thesaurus.com, or would like to assume/blame this ad on my browsing history, cookies and/or something like google listening in the background through my mic... nope. Looked up "adage" and im waaay too adept at cybersecurity and easily annoyed by anything doing something i didnt explicitly tell it to.
if you're ignorant of the google listening thing:
yes this is totally a real thing that the vast majority of Smartphone users have no clue is happening despite it being in t&c. Try a few, somewhat relevant to this topic, google searches and youll find suggested searches like "can my phone read my mind?".
I tend to explicitly ban shit like that on everything (even devices of anyone on my property that never logged into my internet... im not paranoid, just not a fan of tech doing things i didnt tell it to)... but when i needed to enable/allow it on a dev for 30min, the next time i went to look for a book, one of the top suggestions (before typing anything) was "Burmese Pythons"... i looked back at my activity for that 30min days ago... I had been explaining some basic python code to a kid from myanmar... so it was pretty amusing.
20 -
I am starting to get more and more ticked off when I google a language's function name, and the first result isn't the official documentation.
Come on, I don't care about some stupid article describing how a function works in 10 paragraphs, with modal windows all over the place annoying me about "subscribing to newsletter", cookies, registrations and so on.
I just need to find the stupid function description!6 -
My mom is a basic user that needs to use only basic apps to chat and speak with family, post photos and play one or two games.
She is always ranting about how difficult is to do simple things. And she is mostly right.
Like, where are my fucking photos gone?
Why is facebook/whasapp/whatever different today, where are the fucking buttons gone?
what the fuck happened (when while clicking something a update windows popup and you click something else). Why the buttons are so small (when you want to close a fucking ad windows with a little invisible fucking "x" somewhere and you click the ad instead)?
I don't want no fucking cookies.
Why after windows update my fucking game doesn't work anymore. Why I can't hear anything through the fucking skype?
The fact that she knows I'm one of the moron who builds kind of not-usable and buggy fucking things, doesn't help.2 -
It is incredible how Google got big with good webdesign and now manages to build the shittiest frontends.
It's not enough that YouTube is super slow and breaks every other time I use the "back" button in the browser. When it only forgot my language & theme settings every couple of months that was still too high quality for Google's dogshit standards, so now they made another downgrade: Whenever I set another language it immediately resets it to the language Google thinks I should speak, and at the same time resets the region to where Google thinks I live. Oh, and I have to disable autoplay for every video individually now cause who the fuck uses cookies nowadays right?
Do they also change the language if I travel to another country because those fucks never leave Silicon Valley and can't comprehend that concept?
Google is the Microsoft of web design.4 -
Cookies... They are a mess. (To roughly translate what happened here) the text states: you diss-alowed cookies but to view our video you must accept them. (So far so good) If you want to watch the video, you can do that if you allow them. (Still good) to do this, remove your cookies (wait wat) and hit refresh. So... I did not allow cookies, and you set a cookie to not set cookies????
2 -
So far? Not realizing my load balancer was not set up for sticky sessions... and since this load balancer only existed in prod not in qa or CAT o found out the night we went to install it into prod...1
-
Salespeople telling clients "Your site doesn't need a privacy policy/cookie policy since you don't actually sell anything on your site."
Wrong wrong wrong WRONGITY WRONG WROOONNGGGG!!!!!
Client to PM to me: "Well Jim said we don't need those on this site."
Me: "Well Jim is misinformed, since we use Google analytics, Facebook Pixel, and contact forms, you need to have both a privacy and cookie policy."
PM to client: "We'll find you a template you can use to get started, it'll cover most of what you need."
Me to PM: "we will do no such thing, we can send them a few links explaining why they need these, but they should consult a legal professional and cover their asses for their own business practices. I can provide any technical details they may need like what data the cookies collect if necessary."
PM to me: "well I'll just find something for them then."
*In my head* please just go crawl in a hole and die.4 -
Can’t wait for the next year to be attacked by pop-ups asking me if I agree with the site using cookies. Now more than ever, because everybody cares about cookies, and it’s totally not going to ruin the user experience.
I can’t wait for another law that will force sites to ask users if they agree with usage of JavaScript.4 -
Just me, or does anyone else abandon the pcmag site because of this?
Changed to lowest cookie setting but takes ages to change throughout their network. Bye bye!
4 -
I was browsing websites in search of a nice digital camera because my wife saw one but it's long since been discontinued. So I found this one article about a few current ones. I open it, it shows the typical GDPR consent request about cookies with a prominent button 'ACCEPT ALL,' and a less prominent button 'MANAGE PREFERENCES.'
But tapping the button 'MANAGE PREFERENCES' did not show any preferences to manage! WHAT THE HECK? There was only a list of 'partners' whose cookies I need to accept. A long list. A very long list. I stopped counting at 500.
ARE YOU FUCKING KIDDING ME? WHAT REASON COULD A WEBSITE POSSIBLY HAVE TO REQUIRE COOKIE CONSENT FOR MORE THAN 500 PARTNERS?
Fucking capitalist internet.4 -
On a digital marketing course.
Teacher:
"Web pages are made of structured content and style, that's HTML and CSS. There are also many programming languages, like JavaScript or Python, but we are not discussing those here because it's computer freaks stuff. Now let's talk about cookies..."
Me: Should I kill myself now or wait until that man stops saying shit an die killing him too...?1 -
Filling out IRS forms using the Brave browser in privacy mode:
---------
Access Denied
You don't have permission to access "http://sa.www4.irs.gov/modiein/...?" on this server.
Reference #18.cfc3117.1714401007.25a9c99f
https://errors.edgesuite.net/18.cfc...
---------
Filling it out using ridiculously non-secure regular Chrome browser which exposes bookmarks, history, and cookies to anyone with enough knowledge:
"Right this way, sir. Don't worry, your data is in safe hands. We're totally not mining your data for leverage against you for your political leanings in a future tax audit."3 -
So I get sweet cravings when I feel down. Yesternight, after dinner, ate loads of chocolate cookies 🍪.
Dreamt of a dystopian society with things happening that could only happen in a science fiction setting with all the AI and cybernetics. Man that was crazy and scary at the same time. What a rollercoaster ride.
Gonna do it again tonight 😆6 -
Today after longer vacation I came back to work.
Edit: wrote this rant long time ago, but never finished. Was too pissed.
Some easy meetings, then wanted to start on an easy job.
Just migrating some things from bash regex voodoo to proper tools like JQ.
Finished in roughly 1 h. Lovely.
Made some tea, ate some cookies.
Set up dev environment, found no documentation what so ever, got it running after half an hour.
Annoying, but ok.
Then I tried my scripts...
They worked... Except they didn't.
Console log empty, response code 200 with state: GENERATE_NO_FILES.
Eh. Fuck you. Just fuck you.
Fixed the logging configuration, which was broken since uhm... 2 years plus?
Well... Another half another hour gone...
Kinda pissed now.
Still script return failed...
Poking and trying to sprinkle debug all over that shit cause everything seems ... An incohesive, inconsistent diarrhea.
3 hours later...
Made the ticket to rewrite it.
I did nothing wrong at all.
The API just has no workflow at all. The
*seperate* API calls have to be in an **specific** order - as otherwise the generation will fail, as the prerequisites for the generation are not fulfilled.
Yeah. Completely logical. Especially not to give out any kind of warning or an error message like requirements not met, blablabla.
I drank that evening 2 six packs of beer. I was raging mad....
Then gave that shit to another manager, as I never want to touch that nuclear waste again....
How can someone be so brain damaged -.-1 -
The popups on websites pisses me off.
If you try to google something quickly and enter various websites you have to close all popups on each site you enter.
Some websites try to make these popups more discreet by making them small and putting them at the bottom of the screen but then your brain just ignore them and focus on the small content above them.
In the year of 2022 people visit a lot of sites during a day. The human brain is programmed to put in as little work as possible to reach a certain goal so therefor everyone ignores popups.
I know its a law to inform people about cookies etc. But isnt there a better way?9 -
Just disabled JS in my browser. It required adding devrant to allowlist though, but otherwise so far so good. Especially on garbage sites like wired: no more popups, no cookies, no tracking, no yOu'Ve ReaChEd yOuR dAiLy lImIt bs…1
-
I dug up my old ledger web app that I wrote when I was in my late twenties, as I realized with a tight budget toward the end of this year, I need to get a good view of future balances. The data was encrypted in gpg text files, but the site itself was unencrypted, with simple httpasswd auth. I dove into the code this week, and fixed a lot of crap that was all terrible practice, but all I knew when I wrote it in the mid-2000s. I grabbed a letsencrypt cert, and implemented cookies and session handling. I moved from the code opening and parsing a large gpg file to storing and retrieving all the data in a Redis backend, for a massive performance gain. Finally, I switched the UI from white to dark. It looks and works great, and most importantly, I have that future view that I needed.1
-
So I had this awesome idea yesterday, and I was really in to it and all, so before I started working on it I googled some stuff, and while looking for something (how do you generate session cookies) I just found out that somebody did EXACTLY what I wanted to do. Now I'm sad.7
-
Hey Guys
Linux VPS + Apache2 + https
I'm a noob in Linux, got my VPS live, but I'm serving http... Even if my page doesn't save even cookies It will marked as unsecure.
Is it possible to config Apache2 to serve https?
Thank you
PS.: Googled and got nothing special, only info about Apache28 -
The fuck? I'm trying to automate login for an asp.net website from a C# console app using HttpWebRequests. I used Fiddler to see how the login happens and how the browser obtains the session and auth cookies from the server. When I replicate the same procedure from C#, I am able to get both cookies withoth a problem, but when I try to use them to get data about the user, I get a 500 ISE. What the actual fuck? I've double-checked every single header and the URLs and it's doing literally the same thing as chrome: Get asp session id (POST)-> get an auth cookie (POST username and passwd) -> interact with the site using the session id and auth cookie (GET). And obiviously I don't have access to the server logs... :/2
-
What are the benefits of using www for a domain? I know it has something to do with cookies, but I can't find any useful info on the webs.8
-
Question: Does using cookies for user session handling hinder the scalability of your backend because all the API's have to live on the same domain. Basically if one API starts to get a lot of request and you want to add another server to off balance the load you would have to add an entire webserver rather than just a small micro webserver with the API running on it mainly because cookies are used to authenticate user request and cookies don't survive CORS request. Am I right or don't know what the hell i'm talking about lol need some opinions I suggested we make all API's micro services and use JWT for user sessions12
-
There are 2 kinds of websites:
1 - The bad kind where not accepting their cookies boots you off the site (And so are in breach of GDPR... IIRC)
2 - Sites that continue working, albeit in a degraded / suboptimal state, even when you refuse their cookies.
I wish more sites were of the second variety. I'm even the only person among my friends who actually bothers going through the consent forms and disallowing everything marketing-related.
OneTrust is good. It at least remembers my preferences.6 -
The most annoying popup I hope to not see clicking on a link.
Other cookie [de]selectors seem to have proper "reject all" mechanism. This one not only doesn't have that, it also always has an annoyingly long vendor list.
Also, if I unselect cookies, my choice is only saved for several days. After a week or two it tends to expire and the clickfest starts again
They prolly hope to overwhelm me with the number of clicks required to unselect them all. Well joke's on them, it's a matter of principle. I know where I'll spend the next 15minutes of my life now...
17 -
Session Management in HTML/PHP be Like:
JUST PUT THAT FUCKING SESSION ID AS HIDDEN INPUT IN EVERY FUCKING FORM!!!
BECAUSE WHY NOT JUST SPAM IT WHY IS THERE NO GOOD FUCKING WAY TO HIDE A SESSION KEY WITHOUT COOKIES5 -
Yo fun idea you know who most certainly knows which cookies are stored in your browser??? YOUR FUCKING BROWSER!
How about uuuummmmmm... When making a proposal about annoying users with cookie notices suggest that browsers implement it ALONG WITH A YES, TAKE ALL MY DATA ALWAYS I JUST WANT TO USE THE FUCKEN INTERNET button?
Fuuuuuck me those notices are so dumb!1 -
"This site uses cookies" is the most useless thing ever... Who fucking cares if it does. What is next? We should put explanation how DNS server or apache works?5
-
I waa pretty sure fortune cookies were getting weirder... but seriously, it's gotten THIS bad? Not a fortune, nor a proverb, just a one-liner on political finance?
Just seems extra messed up that you can now be prompted to discuss national debt via fortune cookie from chinese take-out. We do owe the most to china afterall. Yet fortune cookies are invented by us(and typically one of the few things produced stateside). Just seems extra off...
6 -
Lots of code not working, lots of job problems, lots of troubles in life, lots of sleepless nights…
But hey, I have marshmallow chocolate cookies :)8 -
I just implemented the cookie popup you wanted me to make. And now you give me a call that your tracking code doesn't appear in the source code?
Oh, but you don't see the cookie popup? You saw it right? So you've already set your cookie permissions, probably not to accept tracking cookies. We can check by... what's that?
If I can make the tracking code appear anyway?
...
Yeah, sure, no problem, change will be live in five minutes.2 -
Dear whoever decides how websites of various medium-big sized corps work:
I came to your goddamn website to find information. Not to fill out a stupid survey. And, if you had taken the trouble to track me with nasty little cookies, you would have seen that I've never visited your site before, so how the heck could I have any feedback whatsoever to give you?
If I wanted to take surveys, I would have registered an account with Yougov and spend the whole bloody day telling them how many tooth paste ads I've read in the last decade. -
Still on the fence: to jump to the dark side and become a consultant - or stay where I’m at. There be cookies on both sides. And now there be offers aplenty as well…
To stay and do DevSecOps and refactoring (and hopefully in the future rearchitecting) in an environment I’m very damn comfortable in or jump into the unknown (tho into any of the few tech companies I have a positive image of) to become a cloud consultant? Or to work with F#? Or to the EV industry? So many options…
I’m spoiled with choices and I don’t like that.7 -
What do you do when you are hungry/peckish and it's late?
It's 🌃 time and I don't have anything to eat (except maybe some stupid cookies)
I wish I could do
'npm i snacks'
or
'sudo apt-get snacks'
And I would receive snacks from my computer or something..
npm might also give some extra snacks plus ingredients as dependencies 😅
Maybe I can make coffee..☕?2 -
So a while back I had found a hole in a website's security, one that I has used pretty frequently. I was able to change my cookies and become any user I wanted. The only caveat was that I had to log in as a user in order to get things started. But once I was in I could basically be anyone I wanted to be just by changing a few numbers in the user ID of the cookie. They also did all of their user processing on the client side. Even password checks.
A couple weeks back I decided to go back in to see if anything had changed since then. It did! But not in the way I had thought.
So these guys decided that instead of fixing their security hole, they would have users just contact their people directly in order to get a new account.
Wow that's so much fucking overhead for basically being a lazy shit and not fixing the security holes. I mean how bad is your architecture if you can't go in and fix this?
Not only that I found that they actually stripped all of the users of their original subscriptions. So now if you want to get back on your subscription you'll have to fork over another $399. So that means going to their shitty form filling out your name, your number, email, and just hope that someone contacts you via phone call.
I'm glad I dropped this service. They clearly can't get their shit together. -
Rename cookies to tracker?
"Accept cookies" Vs "Accept tracker"
Nobody wants trackers but cookies are delicious!! :)4 -
Ummm. Thanks for that, google/youtube!
(Box without content + unclosable. Had to clear all cookies etc)
2 -
You ever just get constantly shit on by life, work, and everything for weeks and then, one day, it finally just turns around for the better. After that, you finally feel normal again. Probably all the Christmas cookies I’ve been eating… In the words of forest gump, “I’m so happy I could bust!”9
-
I'm currently in a bit of a predicament.
Here's the deal:
I want to separate my back-end from my front-end code a bit more (currently PHP code is mixed up with all the HTML, Javascript etc.. basically: front-end and back-end are one).
The question here is: how should I go about this?
In my current project, I have written some javascript code with jQuery that checks whether the user is logged in or not (checks for an auth token and UID to be present in the cookies).
However, this results in the page (in this case a dashboard that only logged in users should see) being visible for a moment before the user is redirected to the login page...
How could I go better about this (No, I won't use AngularJS for this)?7 -
Having developer skills comes sometimes in handy in certain situations.
In my case I visited a new website but first I had to choose their cookies.. but.. it was a list of about 150 radio buttons (150 advertisers), I shit you not.
And so I was like: "No, I refuse to click each one of them". I kept thinking.. hm.. how am I going to do a mass-toggle-off? And then it hit me: if the button "toggle all" toggles all buttons.. then that means if I invert the logic of the call, it means I will turn them all off! And it worked.. it was something like: "toggleAll(!-1)" and I did "toggleAll(0)".
That sure saved me some time! Oh yeah and there are of course other situations when you don't want to use a scraper for getting all the;. I don't know.. menu links out of a page. Console > import jQuery > select all elements with 'a' and text() on their DOM node! It can be done with native JavaScript as well document.getElementsById() but yeah, there are plenty of examples.
Hooray for being a developer!1 -
This story happened to everyone, and i am sure that if i search, i will find dozens of similar stories, but the different here is, i tried, i really tried, in a hundred different ways to achieve my goal !
When you are stuck on a problem, let's say, that you have a program, project, website ... and need to achieve something technically weird (or hard) and need some help to save you time on experimentations. The first thing a lot of people do is : Google.com && put search dorks.
But, at a moment, google gets "dirty", you use it so often that he always think to know better then you what you are looking for.
It reminds of "Ted", the movie (for thows who know it) where they asked : "Hey ! Why does google always suggest us to look for black dicks ??"
It is exactly what happened to me, i got results who doesn't have anything to do with what i was looking for !
You can give it a try now : type "semantic web RDF to RDB"
You won't find anything, except results related to : NOSQL DBs, which is totally annoying.
Something else, i once google swift to get some updates, what results did i got ? Taylor Swift ... (musician)
I often get 2 or 3 results from google, which made me thinking that i somewhat reached the end of internet, or that people are so dumb that i will have spend hours trying to figure my solutions, but, before doing that, other solutions had to be tested.
1- TOR : Google tracks his users and uses its algos and bullshits to return results as close as possible to the user's demand (big fail ...) so how about moving to a different country ? DL TOR browser, open, setup, go to US, open google (got us version YAY !) enter my keywords, and, nothing, still nothing, more results for sure, but nothing related to what i was looking for.
2- VM
Pop a VM, launch TOR, use Hidden mode, delet all cookies and stuff (it is a new VM but who knows).
Use keywords (now in UK). Here they are !! my results !!! i finally found some decent results about my keywords !
But, i have the required knowledge to do this kind of stuff, but how about people who rely heavily on google ? they can't change country, clear everything, trick google to think you are a new user, they have almost biased and flawed results. I tried duckduckgo (i love them) but they are not that efficient.
Google says not to anything evil, but they ARE EVIL, miss guiding people, suggesting corrections who have nothing to do with the keywords, or results totally unrelated in any way to the keywords while results exist in other countries ???
Ever since, i don't pay attention to google at all, and started thinking that google's algos are manipulating people, i don't know if it is done on purpose or not, but the result is the same, people have biased results based on their country, on their tag, on their ID, and the recent keywords.
During that period i was cursing google every funcking day, and i am still doing it, too much trackers, too much manipulation, i will end-up enclosing myself in darknet.4 -
So I just released a thing I've been working on for the past few days and I'm very glad that it's finally public!
It's a thing that you can use on your website to let the user choose which cookie they want to allow.
https://github.com/metaa/cookiebox
It's worth playing around with the cookie panel in your developer console of your browser on the example page, too!
https://metaa.github.io/cookiebox/
I'd be glad to get some serious feedback and I hope it could be useful to someone out there. 😊 -
I'm trying to update my addon-list, what are (firefox-)addons you say are a must have? (My focus is on privacy, anti-tracking and shitloads of open tabs)
As of now my addons are:
Adblock plus
DDG privacy essentials
Greasemonkey
Https everywhere
Noscript
Onetab
Privacy badger
Self destroying cookies
Tab suspender8 -
"Code"
And the website says "Lonely geeky people do need apply"
So I put my on my glasses and I went in to ask him why
He said you look like a fine outstanding young man, I think you'll do
So I shook his hand and, I said "I am glad I will be working for you."
Code, code, everywhere there's code
Neo vision, tweakin' my mind
Do code this, and API that, can't you read the fucking manual
And the sign says "If you want to use this site you must accept our cookies"
So I found the CEOs address and doxxed him all night!
To put up a dialog and block content from my sight.
If Todd was here, he'd tell it to your face, man, "it just works"
Code, code, everywhere there's code
Neo vision, tweakin' my mind
Do code this, and API that, can't you read the fucking manual
Oh, say now mister, can't you code
You got to have a laptop and a hoodie to get a job
You can't work, no you can't standup, you ain't supposed to be here
And the website says "You got to have an employee ID to get inside" - yo!
And the website says "Everybody welcome, come in, code and share"
But then they passed around a git pull at the end of it all
And I didn't have a character to code
So I got me laptop and I made up my own fuckin' code
I typed, "Thank you OSS for thinking 'bout me, I'm alive and doing fine", yeah
Code, code, everywhere there's code
Neo vision, tweakin' my mind
Do code this, and API that, can't you read the fucking manual
Code, code, everywhere there's code
Neo vision, tweakin' my mind
Do code this, and API that, can't you read the fucking manual
Yes! Some old song, called "Code code", I wish we did write that one, but
We didn't - git blame!
Hello World!6 -
Coworker: I SSH into my liver every now and again. It's mostly to make sure it's kept up and running because I've blocked all the other ports to it. Once my kidneys can' handle the alcohol and energy drinks I'll start enabling cookies on it to help filter out that traffic.
Weird conversations with my coworker -
It takes a satire news site to make this point.
http://waterfordwhispersnews.com/20...
The sooner the UK Brexits, the sooner we can get rid of these stupid EU mandated warnings!!3 -
Ok... I thought I've seen every kind of shitty way to unsubscribe from a newsletter, but this one beats them all... I have to write a fucking email with a request not to receive emails...
There is a fucking useless law for cookies, why there isn't a law that force companies to put a one-click link to unsubscribe on emails?
1 -
Please, dear god, is there a browser extension to answer all these shitty cookie/data storage/privacy popups with MY SPECIFIC ANSWER?
As a web dev I understand that websites need cookies, and as a tech company employee I understand that essential cookies as well as functional cookies are okay-ish (most of the time). I just don't want marketing cookies/tracking.
All those extensions just block the popup or block all cookies. This is not what I want!
And why the hell on earth didn't they come up with one single solution for all websites beforehand, so we dont have 6.388.164.341 different popups/bars/notifications/flyouts/drop-ins/overlays???
THIS. IS. JUST. ANNOYING.
Thank you for your attention.6 -
I don't get why there are laws restricting the use of my website.
Let's say I pay for the electricity, internet, housing and everything related to my server and the website that is hosted on it.
This makes the computer my property and I allow connections to be made over the internet to it, and people accept whatever I send back to them and their machine acts based on that information.
In no way am I forcing or attacking their machine, so why are the restictuons on what data I can send (other than illegal images and such, I'm talking about cookies and privacy stuff).
Their machine is the one setting and storing cookies, not mine. They're entering their personal info and sending it to me, nothing is forced and most the time it is written out what will be done with that data.4 -
I think the teradata Community Page is taking this whole GDPR thing a step to far.
Informing the User about the use of Cookies and giving him the option to Opt Out is fine for me, but making the Site literally unusable is the wrong way.
2 -
Google researchers have exposed details of multiple security flaws in Safari web browser that allowed user's browsing behavior to be tracked.
According to a report : The flaws which were found in an anti-tracking feature known as Intelligent Tracking Prevention, were first disclosed by Google to Apple in August last year. In a published paper, researchers in Google's cloud team have identified five different types of attacks that could have resulted from the vulnerabilities, allowing third parties to obtain "sensitive private information about the user's browsing habits."
Apple rolled out Intelligent Tracking Prevention in 2017, with the specific aim of protecting Safari browser users from being tracked around the web by advertisers and other third-party cookies.2 -
Hey, javascript people, got a question.
Is there any way to disable sites binding the mousewheel (scrolling) event ? Like for example rebinding it to scroll down at the end of window load ? (tamper/greasemonkey)
I am getting furious with all these sites where they will block the whole site to make you agree cookies & gdpr shit.
Removing the foreground/blocking element is sometimes enough but often the remaining site can't be scrolled.
EDIT: Found out you can add links of script that does this to AdBlock:) For example movieinsider has it's "gdpr, cookies & shit" script at the top of head element. Add it and voilá.6 -
“httpOnly cookies prevent XSS attacks”… wow.
As if not being able to get your cookies is going to stop me from doing bad things.
When I'm in via XSS, it's over. I'm changing the page content to your sign-in form with “please sign in again” notice, but it sends email/password straight to me. What percentage of users is going to enter their data? What do you think? With password managers prefilling data, and the annoyance being one “enter” hit away, I think a lot of users will fall for that. No one, including you, will be able to tell the difference without devTools.
You can rotate the session token, but good luck rotating the user's password.
Oh, did I tell you I could register a service worker using XSS that will be running in background FOREVER?
But don't listen to me. Don't think. Just use httpOnly and hope for the best. After all, your favorite dev youtuber said they could protect you from XSS.4 -
So i have been thinking..
SQL is a lang that runs on a specific software on the server, and helps creating data stores(databases and tables) that can be queried & manipulated.
is there a way to run sql like queries on the client side with no interaction from backend at all?
Say i have 5 inter related data models. in a backend world, they will form nice little tables of a db with all their joins and composite keys. from the server, i shall be querying them like "SELECT name from x where y=z & ..."
but what if i could store them like tables in browser memory and run the same query filters via a query language... is this possible?
i know this poses a certain security risk, but we already use cookies, local storage and a lot of json based shitty client side storages. surely it might be possible to have a lesser optimised sql tables on the frontend with extremely good querying capabilities?
or am i talking something far fetched here?8 -
So, I browse to a video livestream and an annoying ad starts before the livestream is shown. Furthermore, the page jumps around because of a cookie notification that also blocks some UI elements at the top.
Note: this is the website of a public (government-paid) national news website with very high standards and a good reputation.
Action 1: refresh page; I hope the ad is skipped. Nope, annoying ad restarts. Page jumps around again because of the cookie notification.
Action 2: accept cookies to remove notification blocking the top UI (it's OK, I know it can't actually save any cookies on my machine). Instead of some nice JS doing it for me in the background, the page refreshes because you know, HTTP requests and whatnot.
Annoying ad restarts again... FML 🤬
Lessons to be learned from this for any web dev: these annoyances can and *will* exponentially get worse if used simultaneously against your users, instead of being used to help or inform your users.
As a user of you website, I want to watch a livestream. I don't care what stupid legislation forced you to shove a fucking cookie notification in my face. Make sure it is not annoying me to the point that I close you website and take minutes to rant about it!
Also, give me the freedom of choice to watch an ad or not. You and I both know that some ads simply are not for me. Better save yourself and myself the bandwidth.
And go get good at web development. You're a news site. That's more than just text and images. If you want great apps, social media coverage, videos, live streams, blogs, etc. go get some better web devs. Your current web frontend devs only qualify to get fired.1 -
A friend asked me to set up a system that allows them to see their desktop on their tv and use a remote to wirelessly control it.
Fine, so I set up a system that allows them to interact with their desktop on tv wirelessly with their phone. Once the desktop booted, all they have to do is click one single button to open the thing they need.
Guess what? They come tell me: "This is too much work". What, clicking on a single button is too much work? Now you want it to auto-load too? Right, so apparently this is better: when the users plomps their @#!* on the couch, the OS has to be already booted, the desktop has to be ready and the desired functionality has to be launched. How lazy can you be?
Users can be so lazy.. and I thought I was lazy for not wanting to debug Python to webscrape a website that asked for cookies.2 -
Motherfucking peace of shit....
Dont know to whom I should direct this to .
Was creating a new login page for web app using Quasar(vue.js). Since my application have 2 different types of user, which also have different UI, and functionality.
One is written in vanilla ( and is quiet heavy) and the other one in vuejs ( though earlier it was written in vanilla too ). Login page too was written in vanilla which was working fine.
Now just yesterday I finished a prototype for the third type of user, which is also written in vuejs. Now I decided to re create login page using vuejs. Quiet small and easy to do. Finished it yesterday itself. Now since today's morning I am trying to configure it so that it this piece of shit just let me log in. It was authentication and verifying but not letting me log in.
( On server after authentication, I set cookies/token on clients browser and auto reload the page, so during next request to server/ or during reload, server will read the cookie/token and send the specific admin panel to user)
Prick. Dick.
It was setting cookie, but not at the '/' path. Mother fucker.
It was setting cookie to the path I was sending login credentials ( which was different from '/', I.e.- /login/verify=password )
So it was setting cookie/token at '/login/verify=password'.
Even tried setting path for cookie at server. Read everything on internet. MF nothing worked. All I came across was, 'this is CORS' .... 'this is CORS'. Assholes, if it were CORS', how then I am able to make request to server and getting response without error
Only a hour ago, when I made get request to '/login/verify=password' I figured out, cookie is being sent to server for this path only. Then did some changes at server, so to send login credentials to '/'. Now that shit is working
Fucking waste of time. Wasted more than 6 hours. Asshole.
Btw, if you can suggest a better way to login, then please. -
Pluralsight is so infuriating. First of all my trial lapsed (classiccc move) so I figured I would use it.
They’re content is so outdated.. it’s driving me mad. The past 3 courses have been 2+ years out of date.. and I get it, it’s a lot of work to maintain a course but could you not at least provide links or new annotations?
And I’m not talking a couple of package version updates where things change. This guy is using Bower which to my knowledge is pretty much deprecated and references yarn. Which completely breaks the course.
My thing is, why are you charging $30/month (i think), if I have to jump through these hoops to learn??? I was doing a great job of that on my own via google and YouTube.
The one Udemy course I bought is constantly being updated with notes and annotations and boy do I appreciate that. They’re marketing and cookies are toxic but at least the content is reliable.3 -
With so many websites having all these pop ups, there should be a new rule where browsers implement the GDPR check on the user side (once to keep a default option, and let the user decide if they want to allow the website or not specifically)
This way we could still have the same privacy and 99% less spam 😩12 -
That Feeling when Eclipse removes Maven dependencies, put his compiler and Build Path to Java 5 when you're with Java 8, and cookies aren't good since it's not yours.
Yay for git -
So happy!
I made my first project (or at least started) using my iPad (with some help from my laptop).
I am trying to make it possible for web comic artists to upload their comics without any text in the speech bubbles and then load the text using javascript for the specific locale.
It’s in an early stage (a few hour old) and the editor and the viewer share data only with cookies and local storage instead of a server but it's still a concept.
What do you think?
Github: https://github.com/konstantintuev/...2 -
When you were up until 3am figuring out why you're Guzzle cookie jar in Laravel wasn't working...
Needed:
$this->app->bind(...);
Instead of:
$this->app->singleton(...);
Stupid service providers... -
Some script keeps freezing my firefox while facebook is open. Hell, I only ever use it to chat with people...
I already went to hell and back and can't seem to fix if.
No other site does it, already cleared cookies etc.
I really don't want to switch to another browser...7 -
I need help:
I’m on a (old) MacBook Air (2018 but before the new one) and I use 2 browsers: Chrome & Brave (school and personal).
Since 3~4 days, I keep getting logged out of all my accounts on both browsers, and I can’t see to find why.
I don’t block all cookies, all my login info is saved (autocomplete), but I always get logged out.
Any ideas?3 -
Firefox won't access iFrame's domain's Auth cookies when the iFrame is hosted on a 2nd domain, even when the cookies are Secore,SameSite=None, and sandbox is as lax as possible.
Works on chromium-based browsers.
Looked up SO and it's just "oh im facing the same" x10. FFS.
Why does Firefox behave so retarded. Not doing their shrinking userbase numbers any favour :v9 -
Doing the Full Stack Nanodegree from Udacity
Using Google's oAuth Sign in in my Flask App, I realized that no matter what browser I use, I was unable to logout, Google always threw an error my way. I figured something must be wrong with my code..
Searched on Google, couldn't find anything relevant, gave up on first 4 results(not pages, yeah I'm that lazy!)
Spent 3 hours Debugging at different points, removing all the abstraction I've put in using various libraries (Bad move)
Finally it dawned on to me to check Udacity forum as well. It's a frickin cache/cookie thing. Tried the app in an incognito window, worked like a charm. Reverted code back with all the libraries, worked like a charm again!
FUCK YOU GOOGLE! In your attempts to track users, you're even making our work difficult!
(in hindsight, I should probably be better at asking/looking for help)1 -
everytime when i meet with my friends and they ask me if what course i'm currently taking and of course i'm gonna answer back "IT"
(~) what i say in my mind
statements that will suddenly pop into conversation
-"can you (reformat, fix, update, etc.) my pc/laptop"
~.......
-"wow smart"
~oh stahp it, youuu
-"don't forget to treat us when you graduate, i heard jobs in your field have great salaries"
~gezzus i'm still a student and i am struggling, then you want me to treat you.
-"hey man, can you build me a website (for free)"
~yea dude, let me ask genie to snap that wish of yours
-"oh so you must be good with computers?"
~yea i treat them well, i tell them bedtime stories and feed them with milk and cookies
-"nice....."
~the long silence makes this even more awkward
-"hey man, i code and design too, maybe we can work together"
~for sure
-"how many coffee?"
~i truly found my mate.
these are some of the statements i've encountered, what's yours? -
2 months since i started my project and i still can't figure out how to use cookies to login at a website using only java
-
Damnit I am an idiot. I am making a downlader for talkpython lectures and ive managed to get the "user_tpt" (auth key) well when I'm set up the request I sent it in the header when its supost to be in the cookies. I couldent figure out why it wasn't working so I left it for 2 days and now just when I open it I see my mistake1
-
WOW! WENDY! YOU ARE THE BEST TECH SUPPORT EVER!
So on my assignment i see a glitch in the course where i cannot get access to the last button.
i contact tech support
me: Hello *explains the situation*
maddie: *please wait i will check on that*
maddie: *are you logged in?*
me: OF COURSE I AM LOGGED IN THEN HOW WOULD I BE TALKING TO U???
maddie: will it be okay if i impersonate as you?
me: w h a t
me: *session timed out* JUST WOW!
next support: > Wendy
me: explains the whole situation and sends screenshot
Wendy: ah i see. wait on that a second
me: *waits ONE HOUR*
Wendy: Please clear your cache and cookies.
what does cache and cookies have to do with a html course bug that blocks access to the last button...
well i guess you can say im stuck in the mud
i can't get out and im stranded i miss maddie the tech support because i got timed out and she was about to spill the real tea but dummy wendy popped up and is talking about cache and cookies LOL
5 -
My internet connection is so messed up. Again certain websites are not loading on my Mac but they are loading on my phone using WiFi. I tried clearing cookies, flushing DNS cache and changing DNS servers to OpenDNS or Google DNS.
8 -
When you finally prepare some tea and cookies and want to watch Conan, but you receive FIVE different emails requesting and "urgent" fix 😑.2
-
browser automated test requiring multiple logins of different accounts
try to logout the legitimate way (automate hitting the button)
or wipe cookies?8 -
God damnit.
It's about my freaking PC, again...
(If you still don't know what I'm talking about: https://devrant.io/rants/889384/ )
Well then.
I have not ranted about this until now because I was trying to fix it on my own... but since I'm now desperate to get it fixed, I'll say it here too... please help me, I'll give you cookies or virtual hugs or something ;-;
The problem is... my audio driver doesn't work. I tried to update it (from Realtek's website), but... after installing the new version of the driver, it asks me to restart my PC, I do that, and then... nothing happens, the problem remains.
The audio icon on Windows' application bar says no audio devices are connected, which isn't true as it should notice the PC's native speakers, or my headphones, but it freaking doesn't.
As a musician, this for me is a problem...14 -
The worst thing about cookies is that almost all pages forget / don't realize you have to handle cookie ( -> localstorage ) permissions!6
-
Issues with google authentication cookies. Many 3rd party applications (like mindmup etc.) have already reported. Me too so many times.
Today I'm logged in with my google account. But !!! when I try to review a business on google search result or map, they're not able to sign me in.
:faceplam:
Google doesn't like feedback or error reporting.4 -
The TRUSTe / TrustArc cookiewall is a bitch! My ass it takes over a minute to update my cookie policy... 😡
-
Everyone in the world can browse to my client's website on every browser. I can get to my client's website on every browser EXCEPT Chrome even on mobile devices. Doesn't even work in Incognito mode, nor after flushing cookies, cache, and history. Just the annoying ERR_CONNECTION_TIMED_OUT. And then I switch over to another Chrome profile I have and it's all fine. Google Forums are completely non-helpful because they all say it's ipconfig /flushdns or reinstall All The Things and delete and re-create my whole profile. Things like this make me want to flush Chrome forever.3
-
Possibily the weirdest coincidence I've experienced... I was just searching for, specifically and explicitly, the ebook version of O'Reilly pocket references for a babydev since physical copies, if/when available, are expensive and slow delivery. While googling the PHP one, somehow, 1984 (orwell) in russian was oddly high in the search results.
1984 is my favourite book and I've been meaning to take time to brush up on my russian. Normally I'd blame the result on things like tracking data, but this was via a clean, isolated, never logged into anything, system. The only factors that couldve been skewing results are my explicit locale settings, primary- german/germany, secondary- english/US, additional languages- dutch, russian, arabic, spanish. No other cookies or previous search history and using a static IPv4 that has been allocated, but until a few hours ago, totally unused for ~6mo (part of my /28 block).
It's so serendipitous that I keep mulling over everything trying to figure out wtf I missed... seriously, how the hell does "O'Reilly pocket reference php ebook" return a russian paperback of 1984???
I'm totally gonna find and buy one now too (the actual result is costly, plus would ship from germany so more costly).5 -
I was signing up for a new account on Magic. I wasn't paying attention so I accidentally didn't change my date of birth, so it didn't let me create an account because they thought I was just born today. I changed that field but nope, it remembered I had told it I was 1 day old and it didn't let me change my mind. Delete cookies, nothing. Reload page, nothing. So I go into Postman and re-create the request and BOOM! I even got an access token for their API. This is why I love being a dev.
-
Depends on which desk we're talking about...
Office desk: an empty can, a tophat well as a demo and some Russian paracetamol I found from a pocket of my winter coat.
Home Office #1 desk: the keyboard for another computer, a plant, a bunch of magazines and newspapers belonging to someone else, a roll of kitchen paper, someone else's meds, a cup of cookies, another cup of small tomatoes, a Swiss army knife, a bike computer and a tablet.
Home Office #2 desk: wife's laptop, a bunch of chargers for a myriad of devices, a Kindle, some envelopes full of stickers, others with bills, a lot of random crap, and usually when I'm at the desk, one or two purring felines -
Just received an email from a marketing company in the US stating that:
"Not liking cookies. Use Google analytics instead to track behavior."
And that "Cookies now losing popularity in the US".
rm -rf /2 -
I need to figure out a way uniquely identify each computer which visits the web site I am creating. Does anybody have any advice on how to achieve this?
Because i want the solution to work on all machines and all browsers (within reason) I am trying to create a solution using javascript.
I appreciate the help. Thanks.
EDIT:
Cookies will not do.17 -
Anyone have any info about unconventional ways to inject JavaScript into an external website? I'm trying to become more knowledgeable about security vulnerabilities in the web apps I build and I've been having a lot of fun trying this stuff out in other live sites haha. I've tried adding js code to text boxes, input fields, and the uri but nothing has been successful. I read something about modifying cookies I think...6
-
tldr: I am looking for recommendations for a basic website for my parents. GOTO question;
Pre-Story:
My parents have a small (offline) business. They have a website to give some general information and list their weekly offers.
When I felt that what has come out of the website-building tool (you know, clicky clicky stuff) looked a bit too early 2000's and is a total ripoff for what you get (almost 20€ per month), I created something with Google Sites for them. Feel free to roast me, but web development is not my field and now it looks much more modern, is mobile friendly and does what it is supposed to do. Weekly offers are edited in a google sheets file, which is embedded in the website. Not great, but this way my mom doesn't have to deal with editing a tables on the page - trust me, it won't look good. This also meant they could downgrade the hosting package to discard the clicky-tool and just the domain (maybe 1€ per month). The website itself is hosted for free by Google.
Some time ago GDPR became a thing and then I was tasked to have a look at it. (side note: I don't want to rant about being responsible for it, that's fine. My parents don't really ask me to do a lot for them.) You can't enter any data on the website, it's just very basic stuff and data protection wise there's just the "usual" stuff (cookies, embedded tools, logs). I added another site with a halfway complete privacy policy. Regarding the whole cookie issue (do not enforce unnecessary cookies) I couldn't find an easy solution. It's not 100%, but what can you really expect from a small business like this? I've seen worse.
Now to the question:
Can you recommend a good alternative to the current solution (Google Sites)?
It should be cheap (<3€/month incl. domain) and my parents should be able to make some basic changes (just text in predefined locations). I am not afraid to get my hands dirty - I can deal with some HTML, CSS, JS - but I don't want to sink a lot of time into this. No need for analytics or the like. Maybe a newsletter would be cool (with the weekly offers), but that's just a random thought of mine and definitely not necessary.
Thanks for reading :)18 -
sorry, search engines were not helpful. does anyone know of a lightweight browser that doesn't need installing but stores everything in the os user directory?
i have no it-permissions but want to provide my department with a suitable browser. we have ie and edge, but the latter deletes everything on closing which makes it unusable for my usecase and the it is not willing to set this up different.
ff portable can not be run from a read-only-folder and any other scenario either needs installing on every terminal or does not handle different profiles which is essential. i read that this is the case for any portable browser.
i'd like to set it up properly with neccessary start page, favourites, adblocker and so on but just in one network directory for maintainance reasons.
we run a web based application strictly local but each windows-user-account must have their own setting in this app (cookies or preferably webstorage).
am i asking too much for? -
Has anyone maybe a link to HTTP security topics in general?
I find often breadcrumbs, like in several different attack possibilities, but nothing comprehensive.
Mostly regarding HTTP 1.1 / HTTP 2 (h2c) and proxying.
I'm currently unclogging an whole ecosystem of proxies, endpoints, edge nodes and so on...
My knowledge is limited and it's frustrating to Google cause seemingly I get always just pieces of the puzzles but not a collection -.-
(Looking for specific information, e.g. regarding attacks like H2C Smuggling, HPACK attacks, stuff regarding Cookies / Headers / Encoding... But please not spread over several dozen pages where it becomes frustrating to read the same shit over and over again without learning something new :( )3 -
My new task is to Implementing a CMP (you know - consent management thing, those modals that ask which kinds of cookies you want to approve/reject trackers) and found out the project is lead by a person at Legal who's first question was: "Regarding our embedded twitter widgets, can you just look at the code to tell me everything they track, where they store their data, and your contact person at twitter"2
-
Finger printing using HTML canvas? I have been lately understanding the importance of Firefox. Till today I was thinking only cookies are the way to uniquely identify a machine.1
-
I know this question sounds dumb but when i google 50% say no and 50% say yes. So my question is, can i spread (a Fileless) Malware with cookies?5
-
This is not a rant, but I've searched this for some time now and can't seem to find it so maybe any of you will be able to help me.
A good few years ago, when I was still a 4-5yo I had a Win95/98 (I don't remember which). We used to have this CD that had a bunch of games, like Chucky Egg or Mahjong, or a xmas-related one (where you could bake cookies, serve drinks - there was a red and a yellow one - and more I don't remember), one with a (purple?) dragon (in a dungeon, that was played in levels, but every run was randomly generated, I think), and many more.
The CD was white with black text, and had a yellow-ish/orange-ish grinning face, that looked like a man's, with a few hairs, that was drawn simply, nothing too complex. I also know there was this one game that made the computer/game freeze, and that was in a blue palette?
I played the crap out of that CD with my mom, and she used to play the dragon one for me (until she found out Mahjong), but it all ended when it broke inside the tower and we had it replaced by the WinXP tower we currently have at home (and that's in pieces because me and my brother disassembled it).
I know it's not much, but does any of you remember anything like what I just wrote? It should be from around the 2000s and probably from a gaming magazine.5 -
Which ons is less risky and which one Is most profitable to succeed ?
0- telling the admin you forgot your password and as he's logging in, sniff his password (you already placed sslstrip)
1- gain access to router using its vulnerabilities and redirect the traffic to a fake page and get the password.
2- exploiting smb port of admin's system and placing a krylogger or stealing his cookies if available
3- brute forcing admin password :/
4- pressing forgot password on admin account and staying close to him and sniff the SMS containing the otp using rtl-sdr (and of course you will be prompted to set a new password)
5- any other way .
Also the website itself is almost secure.
It is using iis 8.5 and windows server 2012
Only open ports are 80 and 443.4 -
Angular gets shit done. So we basically bake cookies in their angular-cli? Its fuarking great! I choose the RED pill!2
-
I swear to god dio and dart's http client is so fucking stupid. I can barely do something in 90 lines to get a web resource when I can do it in 10 with python's requests library. The support for storing cookies is nonexistent, and even with CookieJar/Dio I still need some stupid long hack like this:
https://stackoverflow.com/a/...
The worst thing is that this has happened twice now, the first time I resolved after a long fucking time trying to solve it, and now I have the same exact problem again, but I can't just simply copy my solution from last time to use in the latest problem.
Even curl is more useful than whatever the hell the http client for dart is1 -
Somebody forgot to correctly match the external url on login success and failure, now google may use my cookies for the better good.
https://symfony.com/blog/...
-
i understand way too little about web data types. while having to store a shitload of data in cookies (sorry for that, no localstorage for local sites, insensitive though) i was so proud of compressing strings with bitshifting only to find out that uriencoding bloats chinese characters massively up. fml3
-
A question.
I understand ads on browsers that use cookies, but I don't understand how I get the same ad on a mobile app say instagram, for a search I did on laptop browser?
Thanks in advance.5 -
What are people's thoughts on SAML?
Any experience with it?
What about GDPR issues, avoiding the use of cookies etc?9 -
Have an object that uses a macro to define its function bodies. I needed to interface to that object in a different way. So I wrote and object that calls functions on that object and presents a different interface. I used macros to define the function bodies...
-
I haven't been able to access ChatGPT since Friday. I thought it might help to delete all cookies so I did, and managed to access their login page. However, when clicking on "Log in", nothing happens, which shouldn't come as a surprise as there is no event listener on the button element, nor on any of its ancestors or descendants (see attached screenshot).
23 -
I hate the annoying Google cookies message - everytime I open Google or the try one month Premium on YouTube message...🤮👎3
-
Every time I turn on device mode on Google Chrome devtools I lose my session (I'm assuming it deletes the cookies).
1. Is this just in my local setup?
2. Is there a way to keep my current session every time I turn on/off device mode on Chrome?
3. What other solutions would I have to do live tests of responsive design on my website?
Thanks!5 -
I've been trying to understand why my browser does not set the cookies I'm getting from my login api for the last 4 hours and I'm losing my mind, pls help. My frontend is a create-react-app on localhost:8888 and my api is a django rest framework on localhost:8000. I'm using fetch() for all the communication to the api11
-
ENOSPC = random things go wrong.
There are many synonyms for ENOSPC, like "disk full", "space storage full", "space storage exhausted", "no more space left on device", and those other repulsive errors. For the sake of simplicity, I am going to refer to it as ENOSPC.
If you are in this condition on the operating system partition, get out of it quickly or random things will go wrong. Text editors which write directly to a text file rather than creating a temporary file and then replacing the text file could end up blanking the text file, softwares' configuration files might fail saving which causes a reset, and web browsers might spontaneously reset cookies and lose history.
For example, Firefox has created a gap in the web browsing history, as shown here. The history that is now memory-holed initially appeared to have been recorded successfully. Apparently, a failed write to the places.sqlite database when closing the browser created this gap.
4 -
Did I miss something?
why do I remember img tag <img src=https://test.com> used to include cookies of test.com with samesite flag None from cross-origin.
But now it just don't
I am confused -
Redoing our web apps to use SSO... Every single page within the app runs LDAP authentication. What is the point of signing in and having session cookies if you are reauthorization a logon on every page?!??? Now what seemed like a simple task of revamping the initial logon has turned into a hunting trip for LDAP queries and creating new sql tables
-
What creates these files and folders?
Cache, GPUCache, Local Storage, Cookies, etc...
I see that many different programs have a folder in my appdata with these exact files/file structures in it. Is there some sort of framework that creates these? I'm just curious.4 -
Why do you support sessions for an API (not REST)??
You remove the token and still get positive replies because the session cookie allows it.
At least the session in the cookie gets killed when the token is invalidated, but really, why?3 -
Guys I've inherited an older WordPress plug-in that was custom made by a previous developer. I'm refactoring it as it won't work with the latest wp but the previous dev has used sessions to send form variables from one form to another and I don't know why. I'd like it to be stateless in an ideal world but have been checking out the WordPress docs on cookies but they don't reveal a lot. Any ideas what I can do? Can I send the data without sessions using the native WordPress filters, hooks and actions etc. Cheers1
-
i have a hatred for disgusting filthy non-cookies-with-ketchup-eaters and they disgust me, i hate them so much and they dont appreciate the art that is cookies with ketchup.
it pisses me off so fucking much and i hate it, if someone could just eradicate those people off of the earth, i would appreciate that. i have a hit list for people who hate cookies with ketchup, and if you hate it, believe me, i am watching you.
annnnnnnnnnnd, thats too far..3
Top Tags
Weekly Rant
View