This was during the first day of my first real dev job, straight out of college. I didn’t have have much experience with version control since I did mostly solo projects in college, and I wasn’t exposed to SVN or Git in school at all.

One of the senior devs was going to give me and another new guy a brief overview of the codebase. He sets us up with the GitHub repo for the codebase and tells us to clone the codebase locally. I didn’t really know what this meant but I felt kind of embarrassed to ask, so I just clicked “download as zip” on The GitHub repo.

After a minute he saw what I had done and was like “yeah, that’s not what you want to do” and showed me how to clone it. I was kind of embarrassed but I learned Git pretty quickly after that.

I don’t really have a moral to this story except that “no question is a stupid one” is much easier said than done for many people, and it can be embarrassing to ask certain questions sometimes.

I'm at Disney world and the Windows OS was exposed on one of the machines at a ride so pulled up CMD and ran "tree C:/" then played sample music on full blast. Get on my level hackers :^)

So I have been temporarily assigned to new team .. moving from mainly backend.. to help the Web team ..

Me .: Aight guys .. what we working with ?
Team: MVC .net
Me: awesome ..
Team: but we have our own version of MVC .
Me : 🤔 your own MVC ?
Team: yeh we only buse controllers.. but no models at all ?
Me.: 😲 So where does the view gets its data from ?
Team : from Azure functions apps.
M: how ?
T: ( in very proud tone ) .. we use js to call all functions.
M: so why not just use HTML pages . Why MVC then !
T: coz MVC is modern architecture design.
M: but you not using it and all of calles to the functions are exposed publicly.
T: 🧐 THIS IS MODERN DESIGN !!
M: 🤪 My bad .. what the hell do I know ! I only been developing MVC applications for 7 years !!
Please tell me more about your " Modern Design "
🤮🤮🤮

haveibeenpwned: MASSIVE SECURITY BREACH AT COMPANY X, MILLIONS OF RECORDS EXPOSED AND SOLD, YOUR DATA IS AT RISK, please change your password!

Company X website: Hey your password expired! Please change it. Everything's fine, wanna buy premium? The sun is shining. Great day.

So. My grandma (280 km away) gave me a call.
Grandma: "Hiii. I have a problem with my PC."
Me thinking "ok. Just an ordinary tech support call from granny..."
Me: "Ok. What's the issue?"
Grandma: "Windows tells me there is no space left on drive F, non-stop"
Me: "As far as I know there is no drive F on your PC"
Grandma: "Would you be so kind to have a look?"

I agreed to log on via team viewer.

To cut an already long story short, there was this April Update which sent a bug all around the globe.

This bug exposed an internal drive Windows uses to do its Windows stuff - whatever it is.

Regularly these kind of drives are hidden from users eyes...

I finally solved it by applying a rollback on Windows.
The update is gone and with the next update there will be a fix from May to hide this drives again.

Microsoft!
I do you scare grandparents all around the globe?!??

My first testing job in the industry. Quite the rollercoaster.

I had found this neat little online service with a community. I signed up an account and participated. I sent in a lot of bug reports. One of the community supervisors sent me a message that most things in FogBugz had my username all over it.

After a year, I got cocky and decided to try SQL injection. In a production environment. What can I say. I was young, not bright, and overly curious. Never malicious, never damaged data or exposed sensitive data or bork services.

I reported it.

Not long after, I got phone calls. I was pretty sure I was getting charged with something.

I was offered a job.

Three months into the job, they asked if I wanted to do Python and work with the automators. I said I don't know what that is but sure.

They hired me a private instructor for a week to learn the basics, then flew me to the other side of the world for two weeks to work directly with the automation team to learn how they do it.

It was a pretty exciting era in my life and my dream job.

!Story

The day I became the 400 pound Chinese hacker 4chan.

I built this front-end solution for a client (but behind a back end login), and we get on the line with some fancy European team who will handle penetration testing for the client as we are nearing dev completion.

They seem... pretty confident in themselves, and pretty disrespectful to the LAMP environment, and make the client worry even though it's behind a login the project is still vulnerable. No idea why the client hired an uppity .NET house to test a LAMP app. I don't even bother asking these questions anymore...

And worse, they insist we allow them to scrape for vulnerabilities BEHIND the server side login. As though a user was already compromised.

So, I know I want to fuck with them. and I sit around and smoke some weed and just let this issue marinate around in my crazy ass brain for a bit. Trying to think of a way I can obfuscate all this localStorage and what it's doing... And then, inspiration strikes.

I know this library for compressing JSON. I only use it when localStorage space gets tight, and this project was only storing a few k to localStorage... so compression was unnecessary, but what the hell. Problem: it would be obvious from exposed source that it was being called.

After a little more thought, I decide to override the addslashes and stripslashes functions and to do the compression/decompression from within those overrides.

I then minify the whole thing and stash it in the minified jquery file.

So, what LOOKS from exposed client side code to be a simple addslashes ends up compressing the JSON before putting it in localStorage. And what LOOKS like a stripslashes decompresses.

Now, the compression does some bit math that frankly is over my head, but the practical result is if you output the data compressed, it looks like mandarin and random characters. As a result, everything that can be seen in dev tools looks like the image.

So we GIVE the penetration team login credentials... they log in and start trying to crack it.

I sit and wait. Grinning as fuck.

Not even an hour goes by and they call an emergency meeting. I can barely contain laughter.

We get my PM and me and then several guys from their team on the line. They share screen and show the dev tools.

"We think you may have been compromised by a Chinese hacker!"

I mute and then die my ass off. Holy shit this is maybe the best thing I've ever done.

My PM, who has seen me use the JSON compression technique before and knows exactly whats up starts telling them about it so they don't freak out. And finally I unmute and manage a, "Guys... I'm standing right here." between gasped laughter.

If only it was more common to use video in these calls because I WISH I could have seen their faces.

Anyway, they calmed their attitude down, we told them how to decompress the localStorage, and then they still didn't find jack shit because i'm a fucking badass and even after we gave them keys to the login and gave them keys to my secret localStorage it only led to AWS Cognito protected async calls.

Anyway, that's the story of how I became a "Chinese hacker" and made a room full of penetration testers look like morons with a (reasonably) simple JS trick.

One team was delivering for 12 months.

... but definition of done not met. Code crap everywhere. Tests barely there and are total mess.

I inherited mess after previous lead engineer.

I exposed all the issues to the management in a straight way, no sugar coating.

... and now guess who's the bad guy for "complaining" instead of shut up and "making it work"?

P.s.
"Giving accurate report about situation" is seen as "complaining".

My start at one of the Big Four (accounting firms).

The first two days of each month they organise "onboarding days" for the new starters of that month. (I so hate upper management buzzwords!) They sent me a formal invitation that looked like I was being invited to a ball with the royals, and they included the following super-smarty-pants line: "Dress code: would you wear jeans and t-shirt when you meet a client?"

And I thought: "I'm an effing hardware and software engineer for internal services. I will never meet a client." But I dressed formally nonetheless, and I went to the onboarding, and I hated every second I spent in those effing high heels, and don't get me started on how I managed to get a run on my stockings in the first hour.

The first day of the onboarding we sat through eight hours of general talks from senior employees who wanted to explain the "culture" and "values" of our company, but the worst of all was the three-hour introduction to IT services where they "helped us set up our new laptops" and taught us how to send e-mails and how to use the Company Portal.

On the second day, they divided us into groups depending on our speciality (assurance, taxes, legal, etc) and exposed us to further 8 hours of boredom related to our speciality. However, since the "digital services" thing was still new to them, we didn't have a category of our own, and we had to attend the introduction to one of the other categories, and I didn't understand one word of what was being said.

On the third day I finally went to my office and they provided me with a second laptop. It turns out that we engineers got different laptops and were allowed to manage it ourselves instead of letting central IT manage it for us. So I simply returned the laptop they had given me the first day and started working. However, for some reason, the laptop I returned was not registered, and two weeks later they started pestering me with emails asking where was the laptop "I had stolen". It took me 3 weeks of emails and calls to make them understand that I had returned the laptop immediately.

Also, on the two onboarding days we had to sign attendance, and since I forgot to sign the paper list on the second day, they invited me to the event the next month again. I explained to them that I had already attended the onboarding and didn't go, so they invited me again on the third month, and they threatened me with "disciplinary action" if I didn't go. After a week of lost time writing emails and calling people, I ended up going to the onboarding again just to sign the effing list.

In the end, I resigned during the probation time. That company was the worst experience of my life. It was an example of corporate culture so absurdly exaggerated that it sometimes reminded me of Kafka's Trial. I think they have more "HR representatives" than people who do actual work.

I'm so grateful DevOps is now a thing. I remember getting a phone call from a client at 2am on a Friday because their site was down and having to ssh in from a Nokia with the world's tiniest keyboard to reboot the server.

Of course that particular server only exposed port 22 on it's local network, so I had to first ssh into another server which did have its ssh port open to external connections.

Trying to remember two sets of credentials and type them in on a tiny keyboard, while so drunk you were seeing double, standing outside in the rain as it was the only place you got signal. Yeah…I'm so grateful DevOps is now a thing

What's worse than someone pointing their dirty finger on your laptop/desktop screen?

Someone pointing their opened/exposed ballpoint pen on your laptop/desktop screen.

Sometimes I think back to all the funny shit that happened and how simple stuff fucks everyone

- tired Database engineer deleting (not dropping, literally rm -rf) the database files on the wrong server

- Microsoft delivering viruses through updates

- Pissed and stubborn dev deleting his one line library repo which does something like removing a char left side of string fucking an unmeasurable amount of other projects

- Adobe getting hacked and exposed for storing passwords in plain texts

- a doubled line causing a bug called heartbleed in a fuckton of webservers

- a Tutorial Company getting kicked from github because their repo got so big github staff had to maintain the repo manually

- and an old one: bad code crashed a space shuttle

My wifi was hacked two times last year, so I decided to change the factory credentials. Some months ago a tree fell on top of the cables on the street, cutting my internet connection. I call the ISP and when they get here they say I have no right for costumer support as I have altered my own connection.
WHAT. THE. FUCK
I had to revert the credentials to admin/admin in order get my internet back. These ISPs live in the fucking stone age. How the fuck do they force me to fucking have my router exposed with a fucking "admin/admin".
Fuck them.
I hope some day we have a cable revolution and finally have some rights over the networks we pay for with both tax money and excesive fees with low fucking speeds. Fuck them. Really.

The solution for this one isn't nearly as amusing as the journey.

I was working for one of the largest retailers in NA as an architect. Said retailer had over a thousand big box stores, IT maintenance budget of $200M/year. The kind of place that just reeks of waste and mismanagement at every level.

They had installed a system to distribute training and instructional videos to every store, as well as recorded daily broadcasts to all store employees as a way of reducing management time spend with employees in the morning. This system had cost a cool 400M USD, not including labor and upgrades for round 1. Round 2 was another 100M to add a storage buffer to each store because they'd failed to account for the fact that their internet connections at the store and the outbound pipe from the DC wasn't capable of running the public facing e-commerce and streaming all the video data to every store in realtime. Typical massive enterprise clusterfuck.

Then security gets involved. Each device at stores had a different address on a private megawan. The stores didn't generally phone home, home phoned them as an access control measure; stores calling the DC was verboten. This presented an obvious problem for the video system because it needed to pull updates.

The brilliant Infosys resources had a bright idea to solve this problem:

- Treat each device IP as an access key for that device (avg 15 per store per store).
- Verify the request ip, then issue a redirect with ANOTHER ip unique to that device that the firewall would ingress only to the video subnet
- Do it all with the F5

A few months later, the networking team comes back and announces that after months of work and 10s of people years they can't implement the solution because iRules have a size limit and they would need more than 60,000 lines or 15,000 rules to implement it. Sad trombones all around.

Then, a wild DBA appears, steps up to the plate and says he can solve the problem with the power of ORACLE! Few months later he comes back with some absolutely batshit solution that stored the individual octets of an IPV4, multiple nested queries to the same table to emulate subnet masking through some temp table spanning voodoo. Time to complete: 2-4 minutes per request. He too eventually gives up the fight, sort of, in that backhanded way DBAs tend to do everything. I wish I would have paid more attention to that abortion because the rationale and its mechanics were just staggeringly rube goldberg and should have been documented for posterity.

So I catch wind of this sitting in a CAB meeting. I hear them talking about how there's "no way to solve this problem, it's too complex, we're going to need a lot more databases to handle this." I tune in and gather all it really needs to do, since the ingress firewall is handling the origin IP checks, is convert the request IP to video ingress IP, 302 and call it a day.

While they're all grandstanding and pontificating, I fire up visual studio and:

- write a method that encodes the incoming request IP into a single uint32
- write an http module that keeps an in-memory dictionary of uint32,string for the request, response, converts the request ip and 302s the call with blackhole support
- convert all the mappings in the spreadsheet attached to the meetings into a csv, dump to disk
- write a wpf application to allow for easily managing the IP database in the short term
- deploy the solution one of our stage boxes
- add a TODO to eventually move this to a database

All this took about 5 minutes. I interrupt their conversation to ask them to retarget their test to the port I exposed on the stage box. Then watch them stare in stunned silence as the crow grows cold.

According to a friend who still works there, that code is still running in production on a single node to this day. And still running on the same static file database.

#TheValueOfEngineers

So I get to work this morning and see this interesting little contraption on my work colleague's desk.

Safety first: make sure there's a warning sign... Lol.

No idea what he's doing with it though, guess I'll find out later.

Deciding a domain or project name, got to be the next worst after naming variables and exposed method names

A YouTuber posted a video today about how Linux users' bad attitudes account in some part for the fact that AAA games are not getting released as much on Linux as on Windows.

Here's my bad attitude: Fuck AAA games. I don't want them on linux. I don't want them to exist. The AAA studios are colluding to change the market to be less about selling games and more about leasing access to them, and prioritizing revenues based on mictrotransactions and gambling-- with a pursuant focus on exploiting addictive personalities for profit. We don't need that on linux, and frankly, I don't think EA, Ubi, Activision, Bethesda, and Epic do either. Linux is an environment of choices, where the inner workings of any particular piece of software are far more exposed than they are in closed systems like windows, mac, and consoles. That exposure breeds understanding, and the last thing the AAA studios want is a knowledgeable, informed customer base. They want naive children with access to their parents' bank accounts, and they want to eliminate all means to access games other than themselves. This is not behavior we should be rewarding by asking them to expand into our space.

!dev !sex I promise this is a good read

I once read the whole bible.

Not in one sitting, ofc. I read it in a period of a year, just 3-4 chapters a day.

Is it something to boast about?
I'm not sure.

I mean, I guess being able to read through it despite not being exactly entertainment material (except some fun parts) kinda is. So I might feel a tad bit proud about that.

But I'm actually more happy that I did instead.

The reason I'm more happy than proud is because I took awareness of the religion I was in.

I became christian when I was an early teen. I grew up in an agnostic family. My dad was kinda hippie and my mom was into leftist ideas.

So me becoming a christian was a bit orthogonal to their philosophies.

I started assisting a church because I was very alone and misunderstood, and found some people there that seemed to get me, and viceversa.

But as time went on and I got more exposed to christian doctrine, my level of commitment grew.

I wanted to save people from going to hell. It sounds funny, maybe egotistical, but it's true.

3, 4 years of being in the church go by. I collaborate in the church, I make some very personal friendships, I was very deep in church by that point.

I then decide that I should take it to the next level and read the bible. So I did. And unknowingly, it started this feeling in me that I didn't liked being a christian at all.

I'm not gonna deny there are some christian values that are still compatible with today's modern society, such as being a good samaritan, working hard, being honest.

But there were too many verses in both old and new testament that I found morally repugnant,

The ones that made me feel the worst about christianity, though, were the ones that condemned homosexuality with death.

Since my dad was a hippie, he used to be in artsy things, like theater or music, and through that he had some gay friends

And for real, I think they were the nicest and most cheerful people I'd met as a kid. So I could not be part of that anymore.

Let me clarify that I didn't stop being a christian immediately after finishing the bible, but it did start a spark "of "what tf do I even believe in...?"

That spark turned into flame when I started the university, a place where people think for a living.

It's no wonder my mind started completing the puzzle, and slowly I started liking church and christianity less and less.

Until one sunday I didn't want to go, and I didn't, and from then on, I pretty much severed ties with that church and christianity.

Which is crazy considering I went every sunday without interruption for 6 years, and several saturdays too.

Anyhow, that's my story of me getting in n out of christianity. Like in the previous post, it sure how to end this, so go fuck a rock or something.

Developer learning curve exposed

*wants to watch Re:Zero on Windows*

The files are on my file server, exposed to the Windows machine with Samba. But the Re:Zero directory isn't visible on Windows 🤔

$ mv "Re:Zero" ReZero
*Suddenly becomes visible on Windows*

What the fuck.. can't it do : characters? Something as basic as that? Microsoft, you.. you never heard of character escaping? I mean, Linux shells for example don't deal with certain characters very well either, so what do you do? Either "this", 'this', or this\ stuff, depending on some and the other things that I won't get into, but mostly it boils down to preference.

Meanwhile Windows: sorry man, can't do it >_< but I can fuck up your language, updates, privacy and files!!!

Fucking hell.. at this point I'm not even mad anymore. Just.. what the fuck Microsoft?

I need to make a confession about my terribly unprofessional project I made. Around two years ago I got thrown for the first time into back end development - I had to work on the project alone. As a very smart man I basically exposed our SMTP server as a nice and very flexible API.

Fortunately it was, by the design, a very short-lived project, taken down from the web completely and for good after around 2 months. I'm still happy I had more luck than brains and nobody used our server as a spam sending service in our name and I have learned a valuable and relatively cheap lesson in security this way.

CTO: I told you to be careful with the live bucket and now it's completely exposed to the public. I don't think I can trust you with this can you please generate your files somewhere else. This is unacceptable.
*Me frantically trying to figure out what's going on*
*5mins later*
CTO: ?? Any ideas?
Me: A theory
Workers were executing function X which called save on a model that dint have a path name but instead it called function Y which generated a path for the object to be saved in. This has overridden all the original objects with newly generated ones.

I created my versions out of the newly generated ones. Here's the command and the functions mentioned above.
*Hands over code/links etc*

CTO: Oh I guess I just panicked hahah

All of the functions and commands were written by him and executed... By him.

Why the fucking fuck is it so damn hard for me to draw a fucking curly bracket?!

All my sad attempts at it look like a 3 that was exposed to lethal amounts of nuclear radiation

I've noticed something odd lately.. every time I mention mains electricity in certain EE forums, people tend to go "you are a madman for wanting to use that 🤨".

To which I think in my head, sure it's a dangerous thing, after all the angry pixies that dance back and forth are kind of angry (120V) or actually insane (230V) depending on where you live.. but to mindlessly tell people to not use it at all, as an electronics engineer.. what's up with that?

I mean, it's a matter of respecting its power, right. So whenever I work with it, thick gloves, keeping my exposed lines as tiny as possible, keeping them around for as short as possible, properly insulating anything permanent, and even asking my landlord to install a defibrillator for when things still go horribly wrong (to which she agreed because it'd be useful to the other residents as well, yay 😁) are kinda mandatory.

And that's for the same reason essentially that precautions are taken when climbing a mountain by having climbing shoes, connecting yourself to pikes jammed into the mountain over a strong metal wire in case things go wrong, etc etc. And for the same reason that you don't climb a ladder in high heels and so on. Obvious, right.

Point is, inexperienced people indeed shouldn't be working with mains AC at all and that's the reason that I've avoided it in the first year or 2 of learning about electronics. But mindlessly telling people in EE forums that they're a redneck for working with the imminently lethal AC.. what's up with that?

Maybe I should just go find another electronics forum like the EEVblog forums over some random (kinda dead) electronics chat on Telegram though ¯\_(ツ)_/¯

The GashlyCode Tinies

A is for Amy whose malloc was one byte short
B is for Basil who used a quadratic sort
C is for Chuck who checked floats for equality
D is for Desmond who double-freed memory
E is for Ed whose exceptions weren’t handled
F is for Franny whose stack pointers dangled
G is for Glenda whose reads and writes raced
H is for Hans who forgot the base case
I is for Ivan who did not initialize
J is for Jenny who did not know Least Surprise
K is for Kate whose inheritance depth might shock
L is for Larry who never released a lock
M is for Meg who used negatives as unsigned
N is for Ned with behavior left undefined
O is for Olive whose index was off by one
P is for Pat who ignored buffer overrun
Q is for Quentin whose numbers had overflows
R is for Rhoda whose code made the rep exposed
S is for Sam who skipped retesting after wait()
T is for Tom who lacked TCP_NODELAY
U is for Una whose functions were most verbose
V is for Vic who subtracted when floats were close
W is for Winnie who aliased arguments
X is for Xerxes who thought type casts made good sense
Y is for Yorick whose interface was too wide
Z is for Zack in whose code nulls were often spied

- Andrew Myers

When your colleagues knows who you are on DevRant, but you don't know who they are.

Today I just realized that a program I deployed was running without DB for almost a week. Thought it was populated suring the deploy.

Fortunately, nobody cared and was not exposed to any error logs

Found that out that one of our company's internal API (I hope it's only internal) is exposing some personal data. After finally getting the right people involved they said they'd fix it 'immediately'.

5 days later I check and now there is more personal data exposed...which includes personal security questions and the hashed answers to said questions.

And of course they are using a secure hashing mechanism...right? Wrong. md5, no salt

Sigh...

I worked for a company who supplied CERN with some ultra high end equipment.

At one point the guys at CERN email me "Problem, check this out."

The picture was of some burnt out ultra expensive cards that fit into a larger chassis... the cards looked like they had been exposed to a fire that was located exactly between the cards, but none of the cards themselves looked like they had been on fire. The chips and such looked burnt, but more so exposed to a very hot fire, not like they were on fire themselves.

It was weird. I sent them some crates to securely ship them to our QA folks, and ordered them up about $500k in replacement equipment.

QA later said they never got the equipment, someone "from another department" picked them up from the dock. And CERN never asked about what QA found, that was weird because they always asked.

<supervisor>,

I would like to raise a concern of mine to your attention. I would urge you to inform <CIO> because I think he should know as well. In our recorded meeting this afternoon <bad_vendor> exposed another company’s credentials after failing to access our system, and proceeded to demo access into someone else’s system while exposing their client's sensitive data. Others noticed this as well. This is an alarming situation because not only did <bad_vendor> expose someones data to <us>, but to one of our vendors. While it is unlikely that <us> or <helpful_vendor> would abuse this situation, it could have easily been <us>’s data that was exposed to another company and their vendors had the situation been reversed. I understand we are all under tight deadlines and under a lot of stress — by no means am I trying to make waves — but nonetheless I felt compelled make light of this situation and felt in was echoed by <helpful_vendor> during the meeting as well.

Thank you

I found university very worthwhile, mainly for what it exposed me to that I wouldn’t have necessarily learned otherwise. University exposed me to a lot of knowledge which allowed me to discover the fields and concepts that really interested me. It also forced me to learn math, and I’ve come to really love mathematics, even though my knowledge is still not that deep. I really respect and appreciate math now that I have more than a superficial understanding of it.

CS-wise, the things that have been most useful in practice have been complexity, data structures, concurrency, and others, but complexity is probably the absolute most important thing to at least learn the basics of.

I would not say that university is a necessity though. You can absolutely get by teaching yourself, especially if you are disciplined/interested enough to keep doing it. The important thing is to learn *what* to learn.

Beautiful Sunday morning, still no snow here (😒 mother nature) and I realized that I am... Googleable. Like, my name is now out there because of publications. Like, I have been protecting my identity for a long time now, so it's very annoying that I finally have been exposed.

Anyways, how do y'all deal with online fame and recognition?

Debate (with rant-ish overtones):

FYI, while it is a debate, its a practiseSafeHex debate, which means there is a correct answer, i'm just interested in your responses/thoughts.

Ok lets kick off. So the remote team I work with had an opening for a new iOS developer (unrelated to anything to do with me). They interviewed and hired a guy based off his "amazing" take home challenge.

The challenge consists of 4 screens and was for a senior level position. For the challenge the interviewee created a framework (a iOS library) for each screen, included all the business logic for each screen inside, each one needs to be built separately, exposed some API/functions from each one and then created a main project to stitch it all together.

Now, my opinion is, this is highly unscalable and a ridiculous approach to take as it would add so much unnecessary overhead, for no benefit (I am correct btw).

The interviewee said he did it like this to "show off his skills and to stand out". The remote team loved it and hired him. The challenge said "show us the code standard you would be happy to release to production". I would argue that he has only demonstrated 1 extra skill, and in exchange delivered something that is unscalable, going to be a nightmare to automate and require huge on-boarding and a paradigm shift, for no reason. To me thats a fail for a senior to not realise what he's doing. This person will be required to work alone (in part), make architecture decisions, set the foundation for others etc. Having someone who is willing to just do mad shit to show off, is really not the type of person suited to this role.

Debate!

Is that really an exposed, unsheltered, publicly visible, unprotected token lying around

yeah, uHm, not good

!dev

A child's mind is fascinating.

I remember how it felt being a kid, just deliriously happy.

Things were magical, mystical and happy.

I knew the world wasn't perfect, I knew bad things happened to good people.

But a kid's mind is so powerful that it can fill in the blanks with the most cheerful and optimistic perspectives.

And at some point in my childhood I was exposed to videogames, and that kinda took me down fantasy lane even further.

I was extremely young and barely retaining any memories when I was exposed to my first console, a famicom.

I have a somewhat vivid memory of my mind being blown away for the first time by watching my brother play New Ghostbusters II for NES.

From then on, we never stopped and played several console and dos/pc games.

When I was 10, someone from the neighborhood brought in a couple of floppys with Pokemon Yellow.

"What? Pokemon? How the fuck is that even possible? This is a pc, not a gameboy".

I didn't know at the time what an emulator was, but I was super fucking stoked to be able to play that.

My dad had a 1 gb laptop from work that he didn't use, so I hoarded that shit, and I would get to bed and play nearly everyday.

The experience was surreal. I was doing pc gaming... not on a chair, on a fucking bed, and I was playing a gameboy game... on a pc.

It was so intense to me, that even after more than 2 decades of that time in my life, I still remember how it feels like.

Like, you know how you can "feel" things if you think about them? like for example if you think about the taste of chicken, you can somehow feel it for a second.

Well I have like an actual physical sensation linked to that experience but I can't explain it at all, because it's just a sensation.

I think people usually say they feel that way, for example, about the PSX (usually refered to as ps one) loading screen. I experienced that too but when I was 12, so it was not as intense (it does make me feel the fuzzies though).

I also remember other things with very high detail, like the texture of my bed cover, the weather, mom cooking, the clunky shape of the laptop, the way I carelessly stored it above a pile of magazines, etc.

I rememeber ofc how it felt looking at the game sprites, interacting with NPCs, and the goddamn fucking glorious music.

It was dreamy.

Years and years later, I grew up and I stopped living in fantasy world and became more aware of the grim aspects of life my younger self was sugarcoating.

So I tried to play pokemon again, again and again, and no matter how hard I tried to revive that euphoria, I could not never do it.

I started to get annoyed at the game.

"Come oooon, I did the tutorial already, let me skip this.
This pokemon is useless, why am I even training it.
Fuck, I'm tired of grinding"

At some point I accepted that the feeling would never return, and that it would just live in my memory.

Ironically, I can recall that memory and how it felt anytime I want to.

And I can actually still feel it, and throughtout these years, it has never wore down.

And eventually I learned how to play pokemon and enjoy it:

I read tier lists at smogon online and just catch and train the pokemons that are higher on the list, which is how i got to beat yellow in like 3 days.

(This is nothing compared to what speedrunners do, but much better than the weeks it had taken me in the past).

That served as an important lesson that when a kid plays a game, his mind is also the game at the same time, filling the blanks with its imagination.

A very similar experience happened to me with harvest moon, which is the precursor of stardew valley.

and that game is faaar more emotional: you talk to people, overtime you befriend them and they open up, you meet a girl, you marry her, have a kid

you get farm animals, you brush them, they become happy

you get attached

that game was also so powerful in me that in all naiveness I thought I wanted to be a farmer.

Eventually I grew up and hit puberty and from then on, I focused more on competitive games, like smash bros, cs and tf2.

and i dunno how to end a post so eat my fucking nuts

What were some of your "OH MY GOD I'M AN AWESOME CODE WIZARD!" moments?

For example, I can remember two or three:
One was when I, with only cursory knowledge of C, never having worked with it but having been exposed to it (and having lots of experience with C# therefore familiar with the c-family syntax), took 5 minute look at a source code and pointed out a bug that the student working on it was trying to solve for the past 2 hours. Sadly, I don't remember what the bug was anymore.

Second one was on reddit, someone posted to gamedev group a 2minute video from his voxel+ai framework he was working on, I watched it, and without any idea what it's written in, or how, I was like "you seem to be dropping frames in a pretty regular manner unrelated to anything I see happening on the screen. You're creating too much garbage on frame-by-frame basis (probably while your AI is exploring what to do), look into object pooling, it'll help".

And the guy responded in a few hours like "by gosh, you're right! thank you! and what do you think about the source code?" (he linked git repo below the video.

And I was like OMG I'M A MAGE, I DIDN'T EVEN CLICK THE REPO LINK, ONLY NOW AFTERWARDS, AND yeah, it's c++ so sadly nothing for me, but OMG I JUST WROTE THE FIRST THING THAT CAME TO MY MIND, DIDN'T EXPECT IT TO BE CORRECT, I'M AWESOME.

=D and the feeling stayed with me for about two days.

(If it's not clear yet, it's perfectly okay, in fact, required, to brag about yourself in answering this question ;) )

So i am a diabetic and carry an insulin pump. Now being in India, the pump is not covered by insurance (for some god forsaken reason that I don’t know) and therefore is not a common sight here (contradictoraly India has a major diabetes problem). So I was at the metro station going through security check and the security personnel asks me what the pump was and asked me to show it to him. Now since insulin pumps are uncommon here I understood his concern and showed it to him. Now I like to carry the pump under my shirt with a clip pouch. So naturally I had to lift up my shirt to show it to him. But this isn’t the highlight of the story.
The guy behind me rised above and started peeking over my shoulder and constantly repeating like a 2 year old child what is this. And that too with my fucking abdomen exposed. I went into rage mode there and then like wtf dude, none of your business just step back a little.
Now my issue is that I do not understand that in their own curiosity, why do people forget to respect others privacy. And a very big problem with medical equipment manufacturing organisations (yeah you medtronic). Why are you only concerned with sales and why not awareness? I mean spreading awareness will only help your sales as more people will become aware about your product and it will be less awkward and concerning for people like me to wear your device out in the public

"One misstep from developers at Starbucks left exposed an API key that could be used by an attacker to access internal systems and manipulate the list of authorized users," according to the report of Bleeping Computer.

Vulnerability hunter Vinoth Kumar reported and later Starbucks responded it as "significant information disclosure" and qualified for a bug bounty. Along with identifying the GitHub repository and specifying the file hosting the API key, Kumar also provided proof-of-concept (PoC) code demonstrating what an attacker could do with the key. Apart from listing systems and users, adversaries could also take control of the Amazon Web Services (AWS) account, execute commands on systems and add or remove users with access to the internal systems.

The company paid Kumar a $4,000 bounty for the disclosure, which is the maximum reward for critical vulnerabilities.

So lets start here, as i have been preparing myself for a while for that rant. I have been putting it off for a while, but today I had enough.
Fuck react-native and fuck facebook react-native team. Bunch of lazy incompetent twats.
The all amazing framework that suppose to be speed up your development process, since you don't have to compile your code after each change. SO FUCKING WHAT if the god damned framework is so fucking buggy and so fucking shit that you constantly have to fix build, dependancies etc issues. Every day since I work on this project that is using react-native I have to deal with some of the react fucked up behaviour. You got an issue ? don't worry google it just to find out that 100 other people had the same issue. Scroll through down the bottom of the page just to find out that facebook devs have closed the issue as resolved (without fucking fixing it) because there wasnt recent replies to the post. Are you fucking kidding me? It's ok thou, create a new issue just to get an automatic reply from the bot that locks the thread and keeps it locked till you update your React-native version to the newest one. You do that and guess fucking what? Their newest version fucks up remote debugging on iOS(fucking android been broke for over a year) so say good bye to debugging your js code. Documentation is fucking trash. You found a nice function like autoCaptialise on your text input? Great! Ah wait, its not fucking working, what is wrong? You google this just to fucking found out it, function never worked on android, so why the fuck you still have it exposed and still have it in your docs? You want to add package? So fucking ez, just type npm install <name of the package>. Ha! fuck you, you still have to go and add them fucking manually in gradle in android and in pod in xcode, because obviously react-native is a one big fucking bullshit. Oh and a scroll view is a fucking glorious highlight of that framework, try add some styling to it, you gonna have loads of fun. Fuck react-native. And fuck the fucking idiot who convinced my boss that framework is so fucking great and now I have to work on this shit. Sincerely Xamarin Developer.

An enormous government project that leaves the tax office's database along with all backups exposed to SQL injection.

I know for a fact that the tax office database in at least one country only got a cold backup a few years ago, so it's more likely than you think.

Although around that time someone hacked the public transport company and bought a 12 month ticket for free as PoC and he got jail for it so the risk is quite high.

Best hack... Think it was in high school when I figured out the eurobate free sms api was exposed and with my own php script could send as many free sms as I wanted and sms nuke friends.
Sms cost quite a lot pr message back then.

Starting to feel like shit about my new job. Every task my boss gives me I return with a "sorry it can't be done" for one reason or another. At first it was because user interface testing is a nightmare, then it was because the API postman tests he wanted is for endpoints we haven't exposed so it can't be done and the automated login on postman and retrieval of cookie information can't be done through postman because it requires rendering the site in a browser. I feel worthless to the company but I also feel he keeps making up tasks for me without checking if they're actually useful to us or even possible first, rather than let me touch any of the real code.. I don't know if I should just quit tbh.

Social Captain (a service to increase a user's Instagram followers) has exposed thousands of Instagram account passwords. The company says it helps thousands of users to grow their Instagram follower counts by connecting their accounts to its platform. Users are asked to enter their Instagram username and password into the platform to get started.

According to TechCrunch : Social Captain was storing the passwords of linked Instagram accounts in unencrypted plaintext. Any user who viewed the web page source code on their Social Captain profile page could see their Instagram username and password in plain text, as they had connected their account to the platform. A website bug allowed anyone access to any Social Captain user's profile without having to log in ; simply plugging in a user's unique account ID into the company's web address would grant access to their Social Captain account and their Instagram login credentials. Because the user account IDs were for the most part sequential, it was possible to access any user's account and view their Instagram password and other account information easily. The security researcher who reported the vulnerability provided a spreadsheet of about 10,000 scraped user accounts to TechCrunch.

Ye, so after studying for an eternity and doing some odd jobs here and there, all I can show for are following traits:

* Super knowledgeable in arm/Intel assembly language
* C-Veteran with knowledge of some sick and nasty C-hacks/tricks which would even sour the mood of your grandma
* Acquired disdain of any and all scripting languages (how dare you write something in one line for which I need a whole library for!)
* All-in-all low-level programmer type of guy (gimme those juicy registers to write into!)

After completing the mandatory part of my computer science studies, all I did was immerse myself into low-level stuff. Even started to hold lectures and all.

Now I'm at the cusp of being let free into the open market.
The thing is: I'm pretty sure that no company is really interested in my knowledge, as no one really writes assembly anymore.

Sure, embedded programming is still a thing, but even that is becoming increasingly more abstract, with God knows how many layers of software between the hardware and the dev, just to hide all the scary bits underneath.

So, are there people in here who're actually exposed to assembly or any hands-on hardware-programming?
Like, on a "which bit in which register/addr do I need to set" - kind of way.

And if so, what would you say someone like me should lookout for in a company to match my interest to theirs?
Or is it just a pipe dream, so I'd need to brace myself to a mundane software engineer career where I have to process a ticket at a time?

(Just to give a reference: even the most hardware-inclined companies I found "near" me are developing UIs with HTML5 to be used in some such environment ....)

When I think "the fundamental problem", the closest thing that comes to my mind is "unsolvable problem". P =/!= NP is a fundamental problem, the theory of everything is a fundamental problem.

But we actually solved at least one such problem – the fundamental problem of cryptography.

The problem was "how to establish a secure connection over a non-secure channel?" Like you can't exchange the key, it'll be exposed by definition.

We solved it with a simple yet brilliant solution of asymmetrical cypher, that thing with public and private keys.

It's fascinating to think that people died in WW2 over this, there were special operations to deliver fresh deciphering keys securely and now SSH and HTTPS are no-brainers that literally everyone use.

This might not be a perfect place to post this, but we are trying to get help from all possible places.

As you may know, Kerala, a state in India, is going through the worst time of its history. We are exposed to tumultuous and disastrous flooding which have destroyed both our life and living.
All the rivers, streams and lakes are overflowing throughout the states due to heavy rainfall. The shutter of all the dams have been opened and the water rush have washed away the towns and villages on it's flood path. The situation is much more frightening than we can explain.
Over 250000 people are in rehabilitation camps. Even hospitals are under water. The count of the lives that we have lost and people missing are still not confirmed yet. The roads, bridges and homes damaged are beyond repair. Rivers have been spilling over and the hills are crashing down in landslides to thickly-populated settlements. Our government and rescue bodies are doing commendable work for saving each and every life, but are facing severe shortage of funds and resources. This has affected the efficiency of the rescue efforts, which also contribute to the increasing death toll. It is estimated unofficially that the cost of disaster can be up to 100 billion INR, which seems to be a huge fund for our small state.
So hereby we are requesting your kind donation and aid towards relief fund of the state.Your valuable donations will grossly help us to ease our efforts for relief, re-habitilation and re-building.

I'm not posting any links where you can donate, I'm aware that you guys can google it.

Holy retarded internet company. The fiber cable that comes from the power pole lost its connection to the building I live in. So the fiber was laying on the ground in the parking lot. The upside is it is still working. The problem is people are going to run over the fiber and break it. So I sent an email to the ISP on Thursday. They didn't create a ticket all day on Friday. By the time I got home they were not open. I called their tech support number and pressed 0 until I got a real person. I explained they need to fix this soon or it will get broken. They said "I understand" and then proceeded to create a ticket for fucking wednesday next week! I told them it will damaged by then. They said "I understand". Then I get a text saying they will do this wednesday. No you stupid fuckers, you do not understand!

Queue the McGuiver music:
I got out some steel wire I use to fix stupid shit like this. I made a hook to connect the steel cable holding the fiber. This hook will go around some exposed electrical conduit. Then I got a board to lift it up high (no ladder and 5 inches thick of ice on ground). I cannot balance wire hook on board and get it to slip down. So I got a steel pole I have and attached another hook with electrical tape. As I passed the hook over the conduit I used other pole to grab bottom of hook and pull it down to keep a hold of the conduit. Now the fiber is up in the air again above the parking lot. I hope this stupid hack works until wednesday. My right arm hurts like hell cause the strain of holding the fiber taut while I pulled the hook down. It strained my right hand.

Worst customer service on the planet with Century Stink. They fucking make it harder than hell to get help and it seems they take almost a week to fix shit.

Saw this sent into a Discord chat today:

"Warning, look out for a Discord user by the name of "shaian" with the tag #2974. He is going around sending friend requests to random Discord users, and those who accept his friend requests will have their accounts DDoSed and their groups exposed with the members inside it becoming a victim as well. Spread the word and send this to as many discord servers as you can. If you see this user, DO NOT accept his friend request and immediately block him. Discord is currently working on it. SEND THIS TO ALL THE SERVERS YOU ARE IN. This is IMPORTANT: Do not accept a friend request from shaian#2974. He is a hacker.

Tell everyone on your friends list because if somebody on your list adds one of them, they'll be on your list too. They will figure out your personal computer's IP and address, so copy & paste this message where ever you can. He is going around sending friend requests to random discord users, and those who accept his requests will have their accounts and their IP Addresses revealed to him. Spread the word and send this to as many discord servers as you can. If you see this user, DO NOT accept his friend request and immediately block him. Saw this somewhere"

I was so angry I typed up an entire feature-length rant about it (just wanted to share my anger):

"1. Unless they have access to Discord data centres or third-party data centres storing Discord user information I doubt they can obtain the IP just by sending friend requests.

2. Judging by the wording, for example, 'copy & paste this message where ever you can' and 'Spread the word and send this to as many discord servers as you can. If you see this user, DO NOT accept his friend request and immediately block him.' this is most likely BS, prob just someone pissed off at that user and is trying to ruin their reputation etc.. Sentences equivalent to 'spread the word' are literally everywhere in this wall of text.

3. So what if you block the user? You don't even have their user ID, they can change their username and discrim if they want. Also, are you assuming they won't create any alts?

4. Accounts DDoSed? Does the creator of this wall of text even understand what that means? Wouldn't it be more likely that 'shaian' will be DDoSing your computer rather than your Discord account? How would the account even be DDoSed? Does that mean DDoSing Discord's servers themselves?

5. If 'shaian' really had access to Discord's information, they wouldn't need to send friend requests in order to 'DDoS accounts'. Why whould they need to friend you? It doesn't make sense. If they already had access to Discord user IP addresses, they won't even have to interact with the users themselves. Although you could argue that they are trolling and want to get to know the victim first or smth, that would just be inefficient and pointless. If they were DDoSing lots of users it would be a waste of time and resources.

6. The phrase 'Saw this somewhere' at the end just makes it worse. There is absolutely no proof/evidence of any kind provided, let along witnesses.

How do you expect me to believe this copypasta BS scam? This is like that 'Discord will be shutting down' scam a while back.

Why do people even believe this? Do you just blindly follow what others are doing and without thinking, copy and paste random walls of text?

Spreading this false information is pointless and harmful. It only provides benefits to whoever started this whole thing, trying to bring down whoever 'shaian' is.

I don't think people who copy & paste this sort of stuff are ready to use the internet yet.

Would you really believe everything people on the internet tell you?

You would probably say 'no'.

Then why copy & paste this? Do you have a reason?

Or is it 'just because of 'spread the word''?

I'm just sick of seeing people reposting this sort of stuff

People who send this are probably like the people who click 'Yes' to allow an app to make changes in the User Account Control window without reading the information about the publisher's certificate, or the people who click 'Agree' without actually reading the terms and conditions."

So apparently hiring these days is all about 1/3 learning random questions and answers 1/3 remembering algorithms from code execution portals 1/3 luck. Well fuck my life, it’s worse then 5 years ago when I last switched jobs.
So how was it 5 years ago you ask ?
I send my cv with exposed java interviewed for javascript and hired for python. At least then it was 50/50 luck.

TL;DR: I'm stressed out over choosing a side project because of the commitment and fear of failure :(

I'm a student and summer vacation starts in 3 days (and actually has already started for me, thanks to a "smartly planned" hospital stay), so I'm currently looking for a cool project to start. This will be my third summer vacation during which I want to make complete a project, and I never actually did it. The first year, I couldn't think of any reasonable, doable project which would be interesting and fitting for the time scope (I was quite new to programming back then, so I probably couldn't have done things that would be interesting to me, an any project that I could've done would just take 20 minutes, cause I wouldn't understand anything more complex). The second time, I chose a project too big with too much new things I had to learn on the go. I actually pushed through for nearly a week, but then I realized that I only completed like 25% in that time, so I lost my motivation, thinking I could never finish it, while not wanting to start a complete new project, because that would've felt like wasting the time I put into my first project. It was still a valuable project and I learned a lot by doing it, but this year I want to actually finish a project; so I'm really stressed out right now trying to come up with a good project.
Usually I have millions of vague ideas in my head, but as soon as it comes to choosing, every single one seems to be the wrong one, or I forget about all of them. Everything that kinda interests me seems way to big and complicated to me, but I sometimes feel like I'm just underestimating my abilities, but on the other hand I have ~25 projects on my hard drive, of which 4 or 5 are finished and most will never be finished. :/
And it's just so overwhelming to choose something like that, because on one hand I really want to do a bigger project that I actually finish, and summer vacation is the only time I have so much time to code, and I love coding, but on the other hand choosing such a project that I will work 2-3 weeks on is too much commitment and also I'm anxious about failing it and never finish it, just abandon a buggy mess. Am I the only one to feel that way, or are you too having problems choosing side problems?

And, I guess if you have any ideas for a suitable project (literally anything, so that I might be exposed to some new ideas), just comment it.

I need to rant about life decisions, and choosing a dev career probably too early. Not extremely development related, but it's the life of a developer.

TL;DR: I tried a new thing and that thing is now my thing. The new thing is way more work than my old thing but way more rewarding & exciting. Try new things.

I taught myself to program when I was a kid (11 or 12 years old), and since then I have always been absolutely sure that I wanted to be a games programmer. I took classes in high school and college with that aim, and chose a games programming degree. Everything was so simple, nail the degree, get a job programming something, and take the first games job that I could and go from there.

I have always had random side hobbies that I liked to teach myself, just like programming. And in uni I decided that I wanted to learn another language (natural, not programming) because growing up in England meant that I only learned English and was rarely exposed to anything else. The idea of knowing another fascinated me.

So I dabbled in a few different languages, tried to find a culture that seemed to fit my style and attitude to life and others, and eventually found myself learning Korean. That quickly became something I was doing every single day, and I decided I needed to go to Korea and see what life there could be like.

I found out that my university offered a free summer school program for a couple of weeks, all I had to pay for was the flights. So a few months later I was there and it was literally the best thing I'd done in my life to that point. I'd found two things that made me feel even better than the idea of becoming the games programmer I'd always wanted to be. Travelling and using my other language to communicate with people that I couldn't in English. At that point I was still just a beginner, but even the simple conversations with people who couldn't speak English felt awesome.

So when I returned home, I found that that trip had completely thrown a spanner into my life plan. All I could think about after that was improving my language skills and going back there for as long as possible. Who knows what to do.

I did exactly that. I studied harder than I'd ever studied for anything and left the next year to go and study in Korea, now with intermediate language skills, everyday conversations no longer being a problem at all.

Now I live here, I will be here for the next year and I have to return to England for one year to finish my degree. Then instead of having my simple plan of becoming a developer, I can think of nothing I want to do less than just stay in England doing the same job every day, nothing to do with language. I need to be at least travelling to Korea, and using my language skills in at least some way.

The current WIP plan is to take intensive language classes here (from next week, every single weekday), build awesome dev side projects and contribute to open source stuff. Then try to build a life of freelance translation/interpreting/language teaching and software development (maybe here, maybe Korea).

So the point of this rant is that before, I had a solid plan. Now I am sat in my bed in Korea writing this, thinking about how I have almost no idea how I'm going to build the life that I want. And yet somehow, the uncertainty makes this so much more exciting and fulfilling. There's a lot more worrying, planning and deciding to do. But I think the fact that I completely changed my life goals just through a small decision one day to satisfy a curiosity is a huge life lesson for me. And maybe reading this will help other people decide to just try doing something different for once, and see if your life plan holds up.

If it does, never stop trying new things. If it doesn't (like mine), then you now know that you've found something that you love as much as or even more that your plan before. Something that you might have lived your whole life never finding.

I don't expect many people to read this all, but writing it here has been very cathartic for me, and it's still a rant because now I have so much more work and planning to do. But it's the good kind of work.

Things aren't so simple now, but they're way more worth it.

That feeling when you've been programming, scripting and developing games, software and web pages for nearly a decade and you still feel like a talentless hack that doesn't deserve the wages you are paid, and constantly fear being exposed as a fraud by your peers... :x

I believe it is really useful because all of the elements of discipline and perseverance that are required to be effective in the workforce will be tested in one way or another by a higher learning institution. Getting my degree made me little more tolerant of other people and the idea of working with others, it also exposed me to a lot of topics that I was otherwise uninterested and ended up loving. For example, prior to going into uni I was a firm believer that I could and was going to learn all regarding web dev by maaaaaself without the need of a school. I wasn't wrong. And most of you wouldn't be wrong. Buuuuuut what I didn't know is how interesting compiler design was, how systems level development was etc etc. School exposed me to many topics that would have taken me time to get to them otherwise and not just on CS, but on many other fields.

I honestly believe that deciding to NOT go to school and perpetuating the idea that school is not needed in the field of software development ultimately harms our field by making it look like a trade.

Pffft you don't need to pay Johnny his $50dllrs an hour rate! They don't need school to learn that shit! Anyone can do it give him 9.50 and call it a day!<------- that is shit i have heard before.

I also believe that it is funny that people tend to believe that the idea of self learning will put you above and beyond a graduate as if the notion of self learning was sort of a mutually exclusive deal. I mean, congrats on learning about if statements man! I had to spend time out of class self learning discrete math and relearning everything regarding calculus and literally every math topic under the sun(my CS degree was very math oriented) while simultaneously applying those concepts in mathematica, r, python ,Java and cpp as well as making sure our shit lil OS emulation(in C why thank you) worked! Oh and what's that? We have that for next week?

Mind you, I did this while I was already being employed as a web and mobile developer.

Which btw, make sure you don't go to a shit school. ;) it does help in regards to learning the goood shit.

Just got an email from my company that a http server app I wrote years ago exposed the whole server it runs on because of a misconfig parametered...

Can use it to read any file using server.com/path/to/file

Sooooo ok ok. Started my graduate program in August and thus far I have been having to handle it with working as a manager, missing 2 staff member positions at work, as well as dealing with other personal items in my life. It has been exhausting beyond belief and I would not really recommend it for people working full time always on call jobs with a family, like at a..

But one thing that keeps my hopes up is the amount of great knowledge that the professors pass to us through their lectures. Sometimes I would get upset at how highly theoretical the items are, I was expecting to see tons of code in one of the major languages used in A.I(my graduate program has a focus in AI, that is my concentration) and was really disappointed at not seeing more code really. But getting the high level overview of the concepts has been really helpful in forcing me to do extra research in order to reconnect with some of the items that I had never thought of before.

If you follow, for example, different articles or online tutorials representing doing something simple like generating a simple neural network, it sometimes escapes our mind how some of the internal concepts of the activity in question are generated, how and why and the mathematical notions that led researchers reach the conclusions they did. As developers, we are sometimes used to just not caring about how sometimes a thing would work, just as long as it works "we will get back to this later" is a common thing in most tutorials, such as when I started with Java "don't worry about what public static main means, just write it up for now, oh and don't worry about what System.out.println() is, just know that its used to output something into bla bla bla" <---- shit like that is too common and it does not escape ML tutorials.

Its hard man, to focus on understanding the inner details of such a massive field all the time, but truly worth it. And if you do find yourself considering the need for higher education or not, well its more of a personal choice really. There are some very talented people that learn a lot on their own, but having the proper guidance of a body of highly trained industry professionals is always nice, my professors take the time to deal with the students on such a personal level that concepts get acquired faster, everyone in class is an engineer with years of experience, thus having people talk to us at that level is much appreciated and accelerates the process of being educated.

Basically what I am trying to say is that being exposed to different methodologies and theoretical concepts helps a lot for building intuition, specially when you literally have no other option but to git gud. And school is what you make of it, but certainly never a waste.

Best: Realising I can code and I actually do have the drive to pursue this career but need to make some changes to get there.

Worst: Also realising I'm very logic oriented and process driven and work in a company that would rather piss on exposed power mains over training their staff.

Dear php. You weren't my first one. But you were my first serious one. The first i made money with. We had a great time together until ajax came. Do you remember? I did more and more with js later but you still where my main. You even exposed your source code to me. Time changed. They started to hate you. And yes, they where right in some points. But they never saw your good sides. I saw them. I stood with you. But i was froced to wrote backends in typescript, in Java. And you know what: i didn't feel so bad. For gods sake, I fucking enjoyed it, php!

When did we become so alienated? When did I staet to write my dayly heller scripts in bash instead of you?

Yes, you improved. Hack came, than php7, php8. You archived a lot. You finally brought types. There was a time when I thought everything that stood between us will be overcome. That we will be together forever.

But recently i had this conversation on DevRant with nmeri and did some research afterwards. And I learned, maybe you will never have generics. It just don't work out, php, I am sorry. It's not your fault, it's mine. But i dont think i can live without a proper type system for the rest of my life. Not after i taszed those other languages.
I don't know when it will happen. When i switch projects this summer maybe. Maybe next year, when i start a new job. Who knows. But it will happen: you won't be my main anymore at one point. Maybe we can stay friends but i want you to know, that i am open for something new in my life. Something with generics.

When a national organization leaves the administrator password on a tool that manages the entire IT Department to the default password.
Also when said default password is publicly documented, known by all trained administrators of this tool, and said tool is exposed to the Internet.

** this means words are muted **

Friday:
I send a mail the client a Google doc with elaborate details about evaluation of an Android tablet from a Chinese manufacturer.

Monday:

The client is upset, he says "You say there is no GPS chip on the tablet while the manufacturer says otherwise"

Me- "I have clearly mentioned that it has a GPS chip"

Client- Opens the Google doc, points to a sentence. Looks at me like I did something horrible.

Me - **This guys is either word blind or something else is wrong with him, the line reads 'GPS chip available'**

Me- "Look, it says 'GPS chip available'.

Client- **Blinks n blinks again** "Alright, but why did you share a Google document, why not PDF, docx"

Me-**Politely** "You can download the document in any format, look I will show you..."

Client- "It should have been in the mail itself ideally"

Me- **WTH** "We normally maintain a document for such things to keep everything organised, but if you want I will put everything in mail itself"

Client- "Hmm.. do both from next time"

Me- "Alright" **BS**

Client- "Why is the new feature taking so much time"

Me- "As planned earlier, we going to deliver it tomorrow"

Client- "Why not today??" **Gives a strange look.**

Me thinking - **Enough**

Me- "See, I am trying to integrate a smarten with a socket connection, reading it's data via exposed APIs that are hardly documented, we need faster performance so I need to implement caching, multi threading, offline handling, multiple processes to avoid memory fluctuations, sync adapter to sync data...."

Client- "Ok ok ok, it's fine if you give working build tomorrow"

Me- "Ok, fine"

#limit

* Developing a new "My pages" NBV offer/order solution for customer
_Thursday
Customer: Are we ready for testing?
Me: Almost, we need to receive the SSL cert and then do a full test run to see if your sales services get the orders correctly. At this point, all orders made via this flow are tagged so they will not be sent to the Sales services. We also still need to implement the tracking to see who has been exposed to what in My Pages.
Customer: Ok, great!

_Friday
Customer: My web team needs these customers to have fake offers on them, to validate the layout and content
Me: Ok, my colleague can fix this by Tuesday - he has all the other things with higher prio from you to complete first
Customer: Ok! Good!

_Sunday
Me: Good news, got the SSL cert installed and have verified the flow from my side. Now you need to verify the full flow from your side.
Customer: Ok! Great! Will do.

_Monday
*quiet*

_Tuesday
Customer: Can you see how things are going? Any good news?
Me: ???
*looks into the system*
WTF!?!
- Have you set this into production on your side? We are not finished with the implementation on our side!
Customer: Oh, sorry - well, it looked fine when we tested with the test links you sent (3 weeks ago)
Me: But did you make a complete test run, and make sure that Sales services got the order?
Customer: Oh, no they didn't receive anything - but we thought that was just because of it being a test link
Me: Seriously - you didn't read what i wrote last Thursday?
Customer: ...
Me: Ok, so what happens if something goes wrong - who get's blamed?
Customer: ...
Me: FML!!!

My "dev specialty" when I first started was Flash and ActionScript. I just wanted to make funny games and shitpost animations on Newgrounds.

Eventually I got steered into building basic websites. Those were the Dreamweaver MX days. JavaScript + jQuery were all the rage.

Then I got a job building SharePoint modules, got exposed to legitimate programming languages like C# and learned more about enterprise software architecture, design patterns, yadda yadda. I started hanging out more with the front-end guys, who taught me SASS and SMACSS and all that jazz.

Eventual jobs kept leaning me towards front-end, so I guess that's the hole I find myself in lately. Sometimes I get a sprinkle of devops, some infrastructure stuff, maybe a little solution design here and there.

Now I maintain shitpost enterprise applications built by other devs who like spaghetti and meatballs. At least I put in funny ASCII art for strings in my unit tests.

You can connect to Docker containers directly via IP in Linux, but not on Mac/Windows (no implementation for the docker0 bridged network adapter).

You can map ports locally, but if you have the same service running, it needs different ports. Furthermore if you run your tests in a container on Jenkins, and you let it launch other containers, it has to connect via IP address because it can't get access to exposed host ports. Also you can't run concurrent tests if you expose host ports.

My boss wanted me to change the tests so it maps the host port and changes from connecting to the IP to localhost if a certain environment variable was present. That's a horrible idea. Tests should be tests and not run differently on different environments. There's no point in having tests otherwise!

Finally found a solution where someone made a container that routed traffic to docker containers via a set of tun adapters and openvpn. It's kinda sad Docker hasn't implemented this natively for Mac/Windows yet.

Is the CS field creating terms for the sake of creating terms?

Someone mentioned a "closure" in another post. I instinctively knew what they meant by that based upon the code I saw. I had heard the term thrown around before, but it had not yet connected in my mind. I wondered why I had not been exposed enough to care.

So I thought: What does C++ have as far as closures?

I found that C++ has lambdas. Those are definitions for function objects. They do not exist at runtime. But a closure does. The analog is you have classes. They are definitions and do not exist at runtime. But instances of classes do. So at runtime the instance is what you are working with. This is the same as lambdas vs closures in C++. The closure is the runtime counterpart. Why a separate term for what essentially is an instance? Is it because it captures data and code? As far as I know the closure is all data that gets passed around that calls a function. So it is essentially an instance of a lambda.

Another term: memoization. I have yet to see this added to any dictionary in online tools like a browser. Is the term so specific that nobody cares to add it? I mean these are tools programmers use all the time.

My guess is these terms originated a long time ago and I have just not been exposed to the contexts for these terms enough. It just seems like I feel like I have been in the field a long time. But a lot of terms seem alien to me. I also have never seen these terms used at work. Many of the devs I work with actively avoid CS specific terms to not confuse our electrical coworkers. My background started in electrical. So maybe I just didn't do enough CS in college.

I love Docker but I'm almost always screwing around with permissions and file ownership when it comes to secrets, bind mounts and making sure shit doesn't run as root while also making sure secrets are exposed and volumes aren't owned by root

Perhaps my frustration comes from the fact that I'm still learning and sometimes get impatient when things don't work within an hour or two, but still

In my grade 3 first exposed to computer and uses MS Paint in Windows 95

Really missing that 😭

I didn't know I was exposed to such danger !

I'm about to take full responsibility for front-end solutions plus doing UI/UX design, and I've pretty much completed the official React and Redux tutorials.

In my defense I only said I was interested in UX but I have a creeping suspicion they think I'm a UX God.

I also used AngularJS for years and I feel that React speaks to me in a completely different way. It's exactly how I want to do things. Big fan of functional programming as well... So I think I'll thrive with React/Redux and friends if I can get some hours in before things kick off. It's just enough pressure for me to put in the work without feeling overwhelmed... for now.

It's thrilling though. I'm somewhere between excited that I'll get to show off my skills and scared that I'll be exposed as a fraud. I have a mild case of impostor syndrome though, so I think it'll work out in the end.

When engineers get so CS-driven they can’t see simple things 🙃

Another manager messaged me and my boss last night to ask whether he’ll have to expose a certain function to be available in objective c classes (we’re iOS devs and most of our code is in swift, but some older stuff is still in .m files). He said he dug into the lower level code and didn’t see any connections or exposures so he assumes he’ll have to add these. My boss concurred and told him to go ahead and make them available.

Then I showed up with my didn’t go to university brain & searched the codebase for calls to that function from .m classes. There were like a hundred lol, working just fine. It’s already exposed. Neither of them thought to do that.

While teaching theory is actually good, it doesn't mean that there is no room for any practical education either. Students needs to be exposed to modern programming languages like Python, Ruby while at the same time be trained in the pioneers of programming like C, C++, Java. It is only then would they be able to make informed decisions on who they really want to be. If you had one practical lab session on C and Java and then the rest of the semester about HTML, students would end up moving away from programming.

Concepts like programming and networking concepts should be included whereas ancient technologies like programming micro-processors (x386, x486, etc) should be excluded. Who programs x386 and x486 micro-processors anymore? While the understanding of how micro-processors and other low-level components in the computer systems work is very essential, doing practicals on them isn't really a good use of students' time, energy or effort.

Welp, who wants to see my first website? tiny.cc/copo
It was made almost entirely during english class, for blocked games. It's the most hits I've ever got one a site I've made. But the best part? I achieved my goal: respect from the teachers. And why did they respect me? *Because it got blocked*. Yup, across the entire county (our county is one of the top five in the USA for schools I believe). We, as the students, found a way around the teacher's technological control, and finally got some technological freedom. Just a small story.
P.S. not named by me, and sorry bout that JS redirect. I redesigned it while I was supposed to be writing about the theme but the original is couchpotato not cppremium. I can't change it now but I'll change it later. I trust you guys know how to stop it without me changing it though :)

I was reviewing a Pull Request recently and there was this line
`return josn(202, 'Record does not exists')`

I told the developer that, status code and description does not match.
He just did not want to accept that he was wrong and told me that, since this function is not exposed to public, it does not matter.

Whats wrong in accepting that you are wrong. We do make mistakes, consciously or unconsciously. Huur. I regretted reviewing his codes there after.

So this is what a cyber criminal looks like.

"Norwegians are a favourite for cyber criminals"

"And we are easier to fool than Swedes and Danes, if we're to believe the thieves. The only ones more exposed than us are oil rich Saudis" 🤷‍♂️

This more of a tifu but to be short and concise..

4 months into the job, still learning the hang of docker, exposed a critical port that collided with a node, crashed our entire internal docker ecosystem. What a day...

The moment I knew I wanted to be a dev was very early in life, but I didn't realize it until I had gotten out of high school. My parents gave me my first computer when I was like 8 and it was my grandfather's old Windows 95 PC. I loved to play the Army Men game with the plastic figures like from Toy Story. I also tinkered around and found out how Word and some of the other programs worked. About two years later, I got his old Windows 98 PC. I continued to play around in Windows and discover some nuances of the operating system. My parents had a Windows XP machine at the time and they called me in every time they needed help. I got on their computer from time to time to use the Internet, where I discovered so many cool things. In junior high, we were forced to take a typing course where I honed my typing skills through playing games. I soon was able to easily complete all of the challenges. To understand my persona, you must know that I was bullied throughout elementary and high school. I was "the nerd" of our class and I wore that badge even with all of the negative energy that it came with. I received constant criticism, ridiculed for being intelligent (my paycheck isn't too funny now, is it losers?). I didn't care, though, my mission has and always will be to show them their wrong doing. I actually can't wait to have a reunion just to see how UNSUCCESSFUL they are. My parents didn't like my interest in gaming and technology either, but that's a rant for another day. After junior high, I wasn't exposed to much else until I got to college four years ago, where I took Fundamentals Of Computing. My professor was a true nerd (major Zelda fanatic), and he taught us how to program in Python. I began to love being able to create something literally out of nothing. He opened my eyes to a world where there was order and I could have control in a world where I've never had any control in before. Since then, I've only began to love my profession more and more. This is truly what I was born to do.

Kubernetes question:
So far I've created two pods, mongo & Go
Exposed those pods using services

Their IP is 10.x.x.x and accessible from my machine only (virtual lan I'm guessing only known to host), but my machine's network ip is 192.x.x.x therefore, not accessible from outside world and to do so I need to put nginx in front to receive requests and route them internally.

Is there a way in kubernetes to make it work like nginx in terms of:

Kubernetes listen to port 80 (for example) route based on received url. As you know in enginx we define a server block with server domain_name.tld

Anything similar in kubernetes? I've cheked ingress-nginx controller, and also saw LoadBalancer but that requires a cloud provider.

If anyone can also give an example it would be great, so far examples I checked ended up screwing my setup and had to reset kubectl to get things back working

Good: local news website has an interactive news paper online
Bad: You have to pay for it
Good: Found the exposed URL to all of the paper images
Bad: can't download from its parent directory
Good: made a shell script to download all images

So I'm getting brought into a team for our backend services of our administration application, and they're explicitly using Flask (Python library) for their exposed API in their application and data tiers.

As I'm familiarizing myself with their code, utilities, and dependencies, I notice they're stacking 7-8 decorators on their routes from their in-house utility module.. After further investigation, I realized half of them were entirely unnecessary, and they were proofing payload responses three times for the same JSON format.

The fact that we're using Python instead of Node or GoLang for our REST services is pain enough, but these god damn in house utilities are killing me.

I found programming really out my focus. Initially when i was exposed to it, My friend showed me a code of C and C++ and i was like it looks so untidy and annoying like colons and semicolons in between of random text sentences. In my first semester i had this Programming course of C and C++ and i had to deal with it. The lab sessions were totally bouncers for me, i cant understand any anything. During writeup submissions i used to copy someone else’s code (Yeah, i wrote down the whole code with a pen on a paper including every syntax). Writing down codes gave an idea about the flow of code, i didnt knew what was really happening in the alogorithm but atleast i can understand which is used for what. I also used to copy Flow diagrams of code so i used check both of them side by side and try to link. This helped me atleast to begin with and deal with that course. As semesters incremented coding was more of a need in every course. And i started liking it.☺️☺️

Initially i didn’t had wifi at home so i was totally unaware about youtube tutorials and courses. The only typing of code was done in the lab sessions.
This was my first experience regarding coding.

What was yours?

Back in 2005, I had quite a few bits of music I was working on (just as a hobby). A lot of these had not been finished, but I'd sent excerpts in medium-quality MP3 format to a friend. I had an external backup drive - a regular hard drive in an USB enclosure. After a while, this drive started making unpleasant whining sounds so I sent it off for replacement.

During that time I made the foolish decision to try and plug a floppy drive in while the PC was powered on. Something touched the bottom of the hard drive and the power went off. I powered it back on again and heard a fizzing sound, there were some flashes from the hard drive and a burning smell. Yep, the disk was dead - and my backup drive was gone.

I'm still not entirely sure what happened, my best guess is that I had an exposed piece of wire from one of my hacky case mods (I had a thing for blue LEDs) which touched the circuitry of the hard drive. Almost every project, piece of software I'd created, every photo I'd taken, and most unfinished music I'd made up until that point - gone. I was pretty devastated about it. I only had a handful of things survived which I'd burned onto CD previously.

I managed to get some excerpts back from my friend, and re-created my favourite pieces of music based on those. I've moved on to other projects and write much better code now, so mostly I am no longer bothered. I do wish I could re-listen to some of the music I had made back then though.

Needless to say, I no longer fiddle around with the innards of my computers while they are on, store everything on mirrored drives and also ensure I always have a backup somewhere (and am working on remote backups and having several days of backups...)

I never want that to happen again

Only found this out after the fact, but an almost total lack of authorisation checks in an exposed API has got to be up there.

Does anybody use Freelancer.com? I'm currently in an argument with their support chat minion about how private or not-private the project's contents are AFTER the project is awarded. She's telling me that both awarded and unawarded projects are completely exposed to the public Internet, sensitive file attachments, chats, everything, unless one upgrades to Private status. If one doesn't like that, she says, one can always delete one's project for only $5. Does anyone else have experience to share in this regard? I find this incredible.

Google researchers have exposed details of multiple security flaws in Safari web browser that allowed user's browsing behavior to be tracked.

According to a report : The flaws which were found in an anti-tracking feature known as Intelligent Tracking Prevention, were first disclosed by Google to Apple in August last year. In a published paper, researchers in Google's cloud team have identified five different types of attacks that could have resulted from the vulnerabilities, allowing third parties to obtain "sensitive private information about the user's browsing habits."

Apple rolled out Intelligent Tracking Prevention in 2017, with the specific aim of protecting Safari browser users from being tracked around the web by advertisers and other third-party cookies.

Accidentally pushed AWS IAM access and secret key to repository defined within application.yml file in code, immediately i got a mail from AWS warning me that my access and secret keys are now exposed with instructions how to rotate this key and secure it. How the fuck do they know?

Iwas exposed to the world of computers when Iwas 6 years old. My dad bought a used C64 and me and my sisters were allowed to play some times. Later my father bought a PC with incredible 166MHz and I was allowed to play on it some times too. Started with tomb raider and when my parents weren't home Delta Force One. Later my father bought a newer model with 450 MHz and I got the old one. At this time he bought a 20GB HDD for me so I can get some more games on my computer. Then the internet came. My father booked ISDN and it was super fast. Since then I loved the world of IT and never stopped to. Later I played around 20000h of Counterstrike Source and came in contact with web development. I started to program with my first love: Java.
Now I love ruby, ts (js), Delphi and sometimes c#

next up is Clojure

I somehow highly doubt the effectiveness of this treatment... if it did work I'm pretty sure we would all have baby faces with the amount of RF signals we're exposed to in a day. Do you think there is any legitimacy to this claim?

took me 3 nights (i spent my daytime working out) to refactor our whole system cause i made a huge change to the class that we are using to all of our stuffs, no regrets.

I'm the one who made the class, and I made that when i'm not that really exposed to web development, but when I learned lots of stuffs, I saw that the class I made that we are using is not really that fast and there's a much easier way to implement such thing.

i want to punch myself every night, but then i care for our project and of course our first big project that can be seen and used by many.

//been too busy to rant, but not too busy to check devRant every time when I find myself on a break.

Configuration sucks when the apis are not properly exposed 😢

My answer to their survey -->

What, if anything, do you most _dislike_ about Firebase In-App Messaging?

Come on, have you sit a normal dev, completely new to this push notification thing and ask him to make run a simple app like the flutter firebase_messaging plugin example? For sure you did not oh dear brain dead moron that found his college degree in a Linux magazine 'Ruby special edition'.

Every-f**kin thing about that Firebase is loose end. I read all Medium articles, your utterly soporific documentation that never ends, I am actually running the flutter plugin example firebase_messaging. Nothing works or is referenced correctly: nothing. You really go blind eyes in life... you guys; right? Oh, there is a flimsy workaround in the 100th post under the Github issue number 10 thousand... lets close the crash report. If I did not change 50 meaningless lines in gradle-what-not files to make your brick-of-puke to work, I did not changed a single one.

I dream of you, looking at all those nonsense config files, with cross side eyes and some small but constant sweat, sweat that stinks piss btw, leaving your eyes because you see the end, the absolute total fuckup coming. The day where all that thick stinky shit will become beyond salvation; blurred by infinite uncontrolled and skewed complexity; your creation, your pathetic brain exposed for us all.

For sure I am not the first one to complain... your whole thing, from the first to last quark that constitute it, is irrelevant; a never ending pile of non sense. Someone with all the world contained sabotage determination would not have done lower. Thank you for making me loose hours down deep your shit show. So appreciated.

The setup is: servers, your crap-as-a-service and some mobile devices. For Christ sake, sending 100 bytes as a little [ beep beep + 'hello kitty' ] is not fucking rocket science. Yet you fuckin push it to be a grinding task ... for eternity!!!

You know what, you should invent and require another, new, useless key-value called 'Registration API Key Plugin ID Service' that we have to generate and sync on two machines, everyday, using something obscure shit like a 'Gradle terminal'. Maybe also you could deprecate another key, rename another one to make things worst and I propose to choose a new hash function that we have to compile ourselves. A good candidate would be a C buggy source code from some random Github hacker... who has injected some platform dependent SIMD code (he works on PowerPC and have not test on x64); you know, the guy you admire because he is so much more lowlife that you and has all the Pokemon on his desk. Well that guy just finished a really really rapid hash function... over GPU in a server less fashion... we have an API for it. Every new user will gain 3ms for every new key. WOW, Imagine the gain over millions of users!!! Push that in the official pipe fucktard!.. What are you waiting for? Wait, no, change the whole service name and infrastructure. Move everything to CLSG (cloud lambda service ... by Google); that is it, brilliant!

And Oh, yeah, to secure the whole void, bury the doc for the new hash under 3000 words, lost between v2, v1 and some other deprecated doc that also have 3000 and are still first result on Google. Finally I think about it, let go the doc, fuck it... a tutorial, for 'weak ass' right.
One last thing, rewrite all your tech in the latest new in house language, split everything in 'femto services' => ( one assembly operation by OS process ) and finally cramp all those in containers... Agile, for sure it has to be Agile. Users will really appreciate the improvements of your mandatory service.

(Note: I got a bit carried away while writing this, so the end result is a lot longer than I expected. Apologies for the long post!)

The beginning of my programming journey started with a book.

This was back in 7th grade. I had some basic exposure to BASIC (pun maybe intended?) from our school curriculum, but it was nothing too interesting as our teachers never really treated it as anything important. They would stress a lot on those Microsoft Office chapters (yes, we actually studied Microsoft Office as part of our computer science course at school) and mostly ignore the programming chapters because I dare say many of them struggled with it themselves. So although I had been exposed to *some* programming, it was mostly memorizing the syntax without actually understanding what was going on.

Then one day there was this book fair thing going on at this local Carrefour (for those of you who've no idea, it's a pretty famous hypermarket chain) in this mall, and for some reason my mother and I were in that mall on that day. Now the interesting thing is that this usually never happens -- I usually visit malls with my dad or my friends, this is the only instance I remember where I had actually visited one with just my mom. This turned out to be fortuitous. My father is the kind of person who's generally not amenable to any kind of extraneous shopping requests. My mother, on the other hand, was and remains pliable.

So I basically saw this book -- Sams' Teach Yourself JavaScript in 24 Hours -- being sold at half price. I vaguely remembered having read somewhere that JavaScript is a good introductory programming language (and it helped that this was the time when I was getting into a Google-craze -- I basically saw some photos of Google Zurich and went all HOLY SHIT THAT'S WHERE I NEED TO WORK WHEN I GROW UP (for those of you who haven't seen it, I recommend googling it. That office is the bomb) -- and I'd also read that you need programming skills to join Google). So I begged and begged my mum to buy that book, and thankfully she did.

Back home I returned with my new prize under my arm. Dad took one look at it and scoffed that I'll never actually use it. Pretty much entirely out of spite (to prove him wrong), I attacked the book with a zeal. I still remember how I felt when I wrote my very first JavaScript program (printing the current system date in an h1 tag) and marveling at the output. I guess that was when something struck -- the realization that this was probably what I wanted to do in life.

Fast forward to today, and I've never looked back and wondered what it would be like to have done something else.

PS: for all you beginners out there, JavaScript is a horrible language. Please start with something like Python. Also there are better resources than Sams' Teach Yourself JavaScript in 24 Hours available, that I just didn't know of back then. I'd recommend Eloquent JavaScript any day.

I'm 37, been a PHP Web Dev for 12 years. I love doing it but am concerned as I get older, I'm falling behind. I'm not exposed to different tech in my job but am doing courses to vary my skill set (AWS with Docker, vue.js etc)

Is anyone else here over 40 and doing dev work? Any obstacles you found? Or younger peeps, what’s your opinion of older devs? Should I be concerned?

Jeesh! In the last 12 months I've had a lot of emails from the different services I've used that they've been compromised and a database of emails and hashed passwords have been exposed 😒

Starting my first tech internship as an IT intern at my dads work. I’m super excited even though I know nothing about IT lol. I’m excited to learn and be exposed to some new stuff tho

I’m having this issue for the online marketplace I’m working on the side. It’s blockchain tech where you can purchase normal goods and services(no, not like Amazon or Fiverr, eww, this one’s more inclined with promoting organic growth for small businesses and freelancers).

I’m stuck with what solution is in the best interest of the user and the business for the long-term.

The dilemma about anonymity, online freedom and privacy is yes, it protects users from predators and attackers, but then, it’s harder for authorities to hunt down people who uses platforms for malicious intent, and also, digital footprint is helpful during litigation as evidence.

You don’t know who to trust.

-There is nothing to differentiate normal users with spammers, scammers, etc.
-There is no accountability for if they break the rules. They can easily delete and create a new account.

Platforms, communities big or small are plagued with these.
There are a lot of people out there who would rather project their insecurities on other people than to seek therapy.

Also, how platforms uses psychology tricks to make platforms addicting, it’s safe to assume that it’s bound to get toxic. Fixation on these platforms, leads to other needs being neglected or people forget to stay present.

Another thing, automated moderation is not that effective as there are still biases in data and human verification is still required. But then, human moderators get exposed to extreme violence, gore, etc that leads to poor mental health. (see Facebook got sued by moderators)

Also, I’ve had a recent experience where some unstable dev was stalking and harassing me. During that turmoil, I’ve found the many loopholes in every platform out there and how crappy their support is. Like they’ll just say, “make your account more secure”, bitch it’s your platform not providing enough security, your blocking feature means nothing coz anyone can still create accounts and message anyone.
It happened like February-August (it ended coz I quit going online and made private all my accounts). UGH I MISS ALL MY FRIENDS THO. FUCK THAT DUDE. He deserves to be in jail TBH

Lol if this product booms, now u know the back story lololol

Now that the weather is nice, I've started doing some landscaping in my back yard. I thought I'd start easy with taking down a shed that was starting to lean that I inherited when I moved in.

In the process of taking it down, I discovered a wire that went from the house to the shed. The wire in the shed wasn't live but I had no idea where it terminated and I didn't want that sickle of death hanging over my neck.

After I finished taking down the shed, I started working on the wire. This wire was buried about 18 inches deep and was about 25 feet from where it was supposed to attach, which was another 25 feet from the house.

I finally got the first section dug up only to discover that the second section was attached to my retaining wall and traveled under a rotting wood patio also built directly on top of dirt. I needed to take it down regardless, but I wanted to wait until I was ready.

Protip: don't build anything made of wood directly on the ground. Given time, even treated wood will rot.

This second section was live and exposed to air. It's truly a wonder nothing bad happened with it. And most of it was only an inch under the dirt. Also, no conduit. Just a wire.

So now, several days into a simple teardown, my back yard has a deep trench dug into it going from one corner of the yard to the house. I have a huge patch of muddy dirt where I had to tear down a patio to fix an actual threat to life and limb.

I also discovered my retaining wall was built directly on top of dirt, no gravel in sight, which explains why it is leaning. Fortunately, I've built retaining walls before, so I know how to fix it.

It's a good thing I like landscaping because it's going to be an expensive and messy summer.

I know a senior developer that knows quite a bit, im glad, this is how we grow. He has a habbit of wanting to be the main attraction in all conversations, either tlaking louder than others or sticking to a point in a subject he is not correct in to try force his opinion (i dont speak kuch around him because of this exact reason).

Today we talking about react, we have been working together as i am suppose to transition into senior and we are going incremently rewrite the application in react. So learning react was fun as you could imgine. I came from a background already knowing this and being exposed and that is react and react native. For skme reason i let him talk but he doesnt me especiallt knowing im correcr about something because we have the internet to check things. He looks at me and literally goes red in his face when i suggest standards that would make the code easier to read. Less to type and all the small things and showing him old things i worked on to give a base for him to work off and be there when he needs. Allnhe does is complain and i dont know how to tell him he has a way of approaching a situation not the best andni worry for other junior/mid developers that has to work with him because he will make them believe they are wrong and when they arent hust because he wont calm his ego. We are suppose to be in the community all together to build platforms and progress the sector and better the lives of people. Not waste time picking on eachother. We have prefeences abd we can debate that is important as it allows us to doubt and then make us want to learn more. I just wish there was a way to tell him because we all know. Noone would want to work with someone that is suppose to better you in your career and as a person

How does a person get better at speaking in technical situations? I've been in the tech field for a loooong time now, but I really have trouble articulating my ideas. Someone else on my team can explain why our architecture isn't optimal because of X, and we should try to integrate Y because it buys us Z, and I usually can come up with some variation of "It sucks, because bad."

The things I want to say are generally the same as the person who makes sense, but my brain apparently has a disconnect between understanding it technically and being able to express it. I had kind of figured that by this time in my career I would have been exposed to this stuff so much that being able to talk about it would be easy, but it's not.

I've had Toastmasters suggested to me before, but I don't really need help talking in front of people. As long as I have time to prepare, I can do that kind of speaking with little trouble. I just want to be able to respond in meetings and informal situations and show that I do have a clue what I'm saying.

Spend an entire day on getting an auto-update feature into my cordova app...
APK installer doesn't open, error message doesn't give me any solutions...

Error msg:
exposed beyond app through Intent.getData()

Alright. Got a new adapter (note: my laptop charger has a US prong and I have the European standards but it still tolerates 220V).

it appears that the tiny arcs that were made turned into HUGE sparks because the electricity went to the adapter and because the US prongs were exposed (bc my adapter was bullshit) then I got DOUBLE the voltage running into 1 charger (1 time for the adapter and 1 time for the normal exposed US prongs) so the breakers popped.

(this is my theory don't bully me for being inaccurate lool)

A question to all software security specialists of devRant. Please, take it serious.

Is it fundamentally possible to restrict a SQL database like Postgres in a way that unintended SQL queries are impossible to execute? Perhaps in some kind of whitelist fashion. Is it possible to achieve the kind of security that will be just fine exposed to the outside world akin to "SQL queries in onClick handlers" scenario?

Or is this an uphill battle of never being able to moderate an infinite set of possible fraudulent queries?

because I lacked a portable storing solution (pockets weren't allowed), I couldn't find anything better than using my own skull as a storage box. It turned out it had way more room than expected. The brain itself is quite small, and the whole frontal lobe & the space around the brain is completely empty. Initially, opening the skull was scary and cumbersome, but the more you do it, the easier it gets. Once upon a time, when I tried to pop an acne on my forehead, the hole was revealed, and it led to the storage space beneath. I have no idea how it happened, but apparently the skin is too thin. The bone also looks much thicker from the inside. There were two wires — red and black — leading to a standard PC speaker every old computer had. I wasn't a cyborg, mind you, I merely put that speaker there for storage. The acne hole healed with those wires exposed, leaving a permanent mark due to the wire coloring pigment dissolving in my skin.
I used that storage space to hide the contents of some parcels I was processing back then. I was stealing things. Eventually, my coworker — Bruce Willis — confronted me, and I had to strangle him. My arm became very flexible, and I was able to wrap it around his neck several times during a chokehold. It didn't end well for both of us.

Ah there's nothing quite like tightly coupling all of your exposed webservices with their class names. Especially when you name your service classes ThisIsAWeb, just so that it looks like "ThisIsAWebService" in the wsdl when "Service" is automatically added to the end

Just now I was talking to this young girl on her employment in the corporates. I asked her if she learned anything that allows her to deliver value to her organization. She said 'not much'. And she was actually learning the wrong things, and didn't get exposed to the proper tools to get the job done, and the fact that she wanted to take the offer to work overseas.

I was telling her that if she has the adequate skills and the drive to deliver, she can be anywhere she want, but not now, and then I offered her a part time or full time freelance position that she can really learn up a lot under my supervision and deliver with satisfaction. She's not budging.

It also made me thought of myself on why I'm always hesitant to get out of Malaysia and just start a new career along with my peers overseas. I honestly want to get out of here. Seriously. I could have just gone out there. Do you know how much that I envied people who went out and had a good life being employed elsewhere?

But I still haven't been satisfied with myself, of not being able to deliver the best that I can, the best of my work throughout the 7 years of my career, and I intend to stay and prove that I can produce something great and potentially have really good gains before I make my ultimate move. I still have work to do. Unfinished business.

There are several more things that I need to cover such as server deployment on AWS, doing DevOps for web backend apps, and more architecting work. It takes time to learn. That's why I want to delegate some Android work to that young fella, so that I can move on to the more hardcore stuff.

I wonder if there is any technical issues that prohibit the creation of open source websites.
By "web sites" I do not consider CMS like Drupal or word press, but rather entire end web site sources.

In fact anything (frontend, backend) except database content that contain user data and credentials.

Not for reusability purposes like CMSs, but simply for transparency and community development purposes, like almost any open source end application.

I agree that a web server is much more exposed than a classic desktop app, as it has lots of targetable private data and internet public access. But for some non-critical purpose this seems to be affordable in exchange of better code review, allowing a community to help improve a tool it uses, and better (not perfect though) transparency (which is an increasingly relevant question nowadays, mainly towards personal data usage).

Hi everyone, I'm just a bit worried with my future status, I'm currently a Software Engineer here in my home country, I will be going to New Zealand sometime this March. I have a reason why I'm moving to NZ but do you think I can get a Software Engineer job there? I'm 20 and been exposed by my Australian experience (I'm not from Australia btw) from Angular and PHP. I've been trained by my Seniors top notch that they're letting me deploy to-live our largest websites.

Do you think I'll be able to find one or I'll be settling with convenience store related jobs there?

Thanks DevRant.

Twas the moment while i was exposed to java on the commandline and windows editor and needed to grasp the shit to read input with bufferredReader and Inputstreamreader while my head was constantly spinning between the javadocs and the screen. In that moment my friend opened his eclipse and showed me code completion! And the fucking Screenreader class. I immediatly realized it was not only important to finish the assignment but also as fast and as lazy as possible!

studies in memory indicate that a person recalls information better when exposed to the same biological, and emotional state they were in when the information being recalled, be it semantic or episodic.

other aspects include many other cues.
what conversations people were having
the same people being there
similar sensory inoyt
and being in the original place where the memory was formed.

but some information is so jarring that the brain when kept in a consistently aggravated state of emotional unease and vigilance can be repressed along with from what i note, connected semantic information if say the information recalled was related to a nearly alien state of considerable mind and perception altering terror and unhappiness.

we often forget bad things because its the only way we heal.

the most evil people in the world found a way to recreate this trauma so they could add.
parallel memories. whole tracks of human experience existing apart from each other, just in the hopes of keeping that person quiet.

ironically for a person who is nice, witnessing these types of people responsible for these things get murdered or brutally deformed, also tends to be buried away with the same repressed memories.

I wouldn't call Google totally breaking the recent apps button in third party launchers okay, but I must say that being exposed to gesture navigation against my will changed my opinion on it vastly. Sliding on the bottom of the screen to switch between open apps is incredible, it's the perfect equivalent for the desktop alt+tab

Scrum con religion is after me, I either convert or burn at the stake with scrum masters holding hands and dancing around while chanting the scram commandments.

Scrum will kill every decent developer on the planet and replace them with frauds...

Scrum's stupidity is toxic it's like being exposed to radiation - it makes you mutate into a brainless freak!

I don't have much to rant about at my new workplace! Great people, all super smart and everyone seems to "get it"! I haven't been super exposed to our clients yet....and that may be where the ranting comes in. 😉

all this talk of australian crypto laws got me thinking. here's a hypothetical (this might get a little complicated):

for the sake of the security facade, the government decides to not ban encryption outright. BUT they decide that all crypto will use the same key. therefore you can not directly read encrypted things, but it's not really encrypted anymore is it?

part two: there's a concept called chicken sexing, named after people who determine the sex of baby chicks. male chicks are pretty useless and expensive to keep alive, so they are eaten. female chicks go on to lay eggs, so ideally, from a financial standpoint, you only raise hens to maturity. this is nearly impossible to discern early on so at first you're just straight up guessing. is this one female? sure? that one? no? really 50/50. BUT if you have a skilled chicken sexer looking over your shoulder, saying right or wrong, then eventually you get better. why? nobody knows. they can't explain it. nobody can. you just sort of "know" when it's female or not. some people can do 1000s of chicks/hr with success up to 98% but nobody can explain how to tell them apart.

part three. final part:

after years, even decades of using this encryption with only one key, I wonder if people (even if only people who are regularly exposed to crypto like NSA analysts or cryptographers) can ever learn to understand it. in the same way as above. you don't know exactly what it says. or how you know it. you didn't run an algorithm in your head or decrypt it. but somehow you get the gist.

28464e294af01d1845bcd21 roughly translates to "just bought a PS5! WOOT!" or even just pick out details. PS5. excited. bought.

but how do you know that? idk. just do.

oh what a creepy future it has become.

Does anybody here have any casual affinity towards reading scientific papers? During my time at the university I was exposed to read papers and found them quite exciting as they were actually informational. Articles from magazines or online ressources about yet another "groundbreaking" new tech feel hollow. And theres to much noise from hyping, evangelists and other distracting elements.

you know i'm fine for shooting the people we identified as their scum, past a certain age and throwing them in a big pit in the ground so I don't have to continually be exposed to a bunch of melodramatic lying bastards who try to insert random annoyances into a life already filled with them.

i'm fine being in a scenario where the most i have to worry about is self image and making MORE money.

Picking up a project from 9 years ago someone abandoned and trying to bring it up to the new toolchain. First thing to try: pre-existing everything and just make it. Immediate toolchain flaw exposed ("internal error converting unsigned int to int" in a header file in the chain, huzzah!)

Half the time when I’m unwelcomingly exposed to these people when they speak I picture a fat man yelling “oh what would giant boy detective do ??!?!” For including this present bitch

So I a using the ssh installed with git on Windows.
I am trying to forward a port on my internal network server which is also my ssh server. I have exposed my network server on a forwarded port on my router. When I try to forward using this command I get a connection reset on my web service on my server.

ssh -nNT -p <port on router> -L 8000:192.168.0.22:8000 <sshuser@router>

I can log into ssh normally. So I am really confused. the 192.x.x.x address is the internal ip of the server. On a browser I try to connect to the 127.0.0.1:8000. It says the connection is reset. I assume it is being refused. So it tries to connect to something, but it fails.

I can connect to the web server from within the internal network via 192.168.0.22:8000. Really confused as to what is failing here.

Sometimes I wonder if we’re not all trained models that are self teaching and pivoting around so that some mindless clone can mimic us until they actually understand what the hell we thought and felt but more quickly

Like doing math problems but saturated in trauma and unhappiness or more trauma and unhappiness lol but the repetition is linked to more complex activity and then quickly forgotten since this isn’t life

Just being exposed to ideas that interested me as a kid made profound changes in what I talked about and how I thought

Are we sacrificing humans so subhumans can think like us in the future ?

Fucking pod people

The more I am exposed to the more i realize they weren’t done building their weird crap yet I was seeing the self funding preview
Which sadly reminds me of joke where bill gates dies and is given a choice between heaven and hell

I need some clarity with the situation below.

I have my API ready.
Let's say I have a route /reset/token,
I want to be able to serve a html file with css and all that once I've processed the token internally.

I've not worked with the whole stack before so I've never really served files based on conditions i.e if the token is valid serve x else serve y.html

Also, I'm pretty sure node.js isn't the best for serving files.

So I'm taking another approach with nginx which is to implement /reset/token to serve the static file with it's coupled js file to query the API. Seems standard to me but I have this feeling that a prefilled html would be more secure than one with exposed js.

Is this the right way? Should I worry about my API calls being exposed via the js fil ? Is obfuscation the only way to handle this ? Is this the way everyone does it cause somehow I don't see the key js files in most sites. How are they hidden if so? Or are they?

I'm confused and also nginx won't let me rewrite /reset/token to something else without changing the browser url field. How do I prevent that ?

The relative physical and neurological aging here turned someone who used to be kind of intimidating into Herbert from family guy lol "get your fat space ass back here" lol they must all be getting exposed radiation time to move on lol