Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Got caught using linux terminal by school security. They took my laptop away and drove me across campus in their security carts to take me to the office.
It took a long time to explain that I wasn't maliciously hacking the school.
This is the third time I've been in trouble for tech-related activity.
On the bright side, one of the security guards said, "I'm done dealing with teenagers. Next time I won't work for a high school."
I think he's going to quit. :)13 -
!rant
This was over a year ago now, but my first PR at my current job was +6,249/-1,545,334 loc. Here is how that happened... When I joined the company and saw the code I was supposed to work on I kind of freaked out. The project was set up in the most ass-backward way with some sort of bootstrap boilerplate sample app thing with its own build process inside a subfolder of the main angular project. The angular app used all the CSS, fonts, icons, etc. from the boilerplate app and referenced the assets directly. If you needed to make changes to the CSS, fonts, icons, etc you would need to cd into the boilerplate app directory, make the changes, run a Gulp build that compiled things there, then cd back to the main directory and run Grunt build (thats right, both grunt and gulp) that then built the angular app and referenced the compiled assets inside the boilerplate directory. One simple CSS change would take 2 minutes to test at minimum.
I told them I needed at least a week to overhaul the app before I felt like I could do any real work. Here were the horrors I found along the way.
- All compiled (unminified) assets (both CSS and JS) were committed to git, including vendor code such as jQuery and Bootstrap.
- All bower components were committed to git (ALL their source code, documentation, etc, not just the one dist/minified JS file we referenced).
- The Grunt build was set up by someone who had no idea what they were doing. Every SINGLE file or dependency that needed to be copied to the build folder was listed one by one in a HUGE config.json file instead of using pattern matching like `assets/images/*`.
- All the example code from the boilerplate and multiple jQuery spaghetti sample apps from the boilerplate were committed to git, as well as ALL the documentation too. There was literally a `git clone` of the boilerplate repo inside a folder in the app.
- There were two separate copies of Bootstrap 3 being compiled from source. One inside the boilerplate folder and one at the angular app level. They were both included on the page, so literally every single CSS rule was overridden by the second copy of bootstrap. Oh, and because bootstrap source was included and commited and built from source, the actual bootstrap source files had been edited by developers to change styles (instead of overriding them) so there was no replacing it with an OOTB minified version.
- It is an angular app but there were multiple jQuery libraries included and relied upon and used for actual in-app functionality behavior. And, beyond that, even though angular includes many native ways to do XHR requests (using $resource or $http), there were numerous places in the app where there were `XMLHttpRequest`s intermixed with angular code.
- There was no live reloading for local development, meaning if I wanted to make one CSS change I had to stop my server, run a build, start again (about 2 minutes total). They seemed to think this was fine.
- All this monstrosity was handled by a single massive Gruntfile that was over 2000loc. When all my hacking and slashing was done, I reduced this to ~140loc.
- There were developer's (I use that term loosely) *PERSONAL AWS ACCESS KEYS* hardcoded into the source code (remember, this is a web end app, so this was in every user's browser) in order to do file uploads. Of course when I checked in AWS, those keys had full admin access to absolutely everything in AWS.
- The entire unminified AWS Javascript SDK was included on the page and not used or referenced (~1.5mb)
- There was no error handling or reporting. An API error would just result in nothing happening on the front end, so the user would usually just click and click again, re-triggering the same error. There was also no error reporting software installed (NewRelic, Rollbar, etc) so we had no idea when our users encountered errors on the front end. The previous developers would literally guide users who were experiencing issues through opening their console in dev tools and have them screenshot the error and send it to them.
- I could go on and on...
This is why you hire a real front-end engineer to build your web app instead of the cheapest contractors you can find from Ukraine.
19 -
You know what's the difference between
- static page written purely in HTML with inline styling
and
- dynamic page generated in PHP, that actually loads data from MySQL database and is correctly styled in separate CSS document
on national level exam necessary to earn a title of technician?
ONE HACKING PERCENT!
Ok, backstory. So, few days ago I got results from that exam. To be honest, it was very, very easy so I wasn't worried at all, unlike some of my classmates who just don't understand programming at all (you need at least 75% to pass). Our task was to create database, write website in PHP that shows contents of that database and use CSS to give it a look that of example web page and run it on XAMPP. I've got result of 96% and while I was wandering what I've done wrong i hear my colleague almost screaming with joy "I passed! And I haven't even touched PHP. I was soooo sure I'll fail." So I asked him what's his result and he says 95%. And then another colleague said he got 95% without PHP. So, in other words what I thought to be the main task was worth 1%. Apparently, what was more important was for the page to look identical to the example, so I guess some examiners didn't even look into the source. And don't get me wrong, I don't wish my classmates had failed. That's not why I'm ranting. But why in the name of Ada Lovelace the task said to use PHP and all that if it weren't supposed to check our knowledge of programming in PHP? Sometimes I think the people who design these tests don't even know what they're doing.10 -
This is a true story
I am a freelance developer, i recently had this conversation with my client:
Client: Add multi language option to my website
Me: Ok, I need for it 3-5 days
Client: Why?
Me: I need to create multi language system, this
website is built from scratch without using any
framework
Client: No need to built it, Just enabled it i need it fast
Me: Sir there is no such thing to enable features that
does not exit
Client: Listen me, I need this feature today, enable it
and we are done.
Me: Thats not how it works..
Client: I know how it works, i have hacking certificate15 -
In may this year, the new mass surveillance law in the Netherlands went into effect. Loads of people were against it with the arguments that everyone's privacy was not protected well enough, data gathered through dragnet surveillance might not be discarded quickly after the target data was filtered out and the dragnet surveillance wouldn't be that 'targeted'.
They were put into the 'paranoid' corner mostly and to assure enough support/votes, it was promised that:
- dragnet surveillance would be done as targeted as possible.
- target data would be filtered out soon and data of non-targets would be discarded automatically by systems designed for that (which would have to be out in place ASAP).
- data of non-targets would NOT be analyzed as that would be a major privacy breach.
- dragnet surveillance could only be done if enough proof would be delivered and if the urgency could justify the actions.
A month ago it was already revealed that there has been a relatively (in this context) high amount of cases where special measures (dragnet surveillance/non-target hacking to get to targets and so on) were used when/while there wasn't enough proof or the measures did not justify the urgency.
Privacy activists were anything but happy but this could be improved and the guarantees which were given to assure privacy of innocent people were in place according to the politicians... we'll see how this goes..
Today it was revealed that:
-there are no systems in place for automatic data discarding (data of innocent civilians) and there are hardly any protocols for how to handle not-needed or non-target data.
- in real life, the 'as targeted dragnet as possible' isn't really as targeted as possible. There aren't any/much checks in place to assure that the dragnets are aimed as targeted as possible.
- there isn't really any data filtering which filters out non-targers, mostly everything is analyzed.
Dear Dutch government and intelligence agency; not so kindly to fuck yourself.
Hardly any of the promised checks which made that this law could go through are actually in place (yet).
Fuck you.29 -
So I've been looking for a Linux sysadmin job for a while now. I get a lot of rejections daily and I don't mind that because they can give me feedback as for what I am doing wrong. But do you know what really FUCKING grinds my FUCKING gears?
BEING REJECTED BASED ON LEVEL OF EDUCATION/NOT HAVING CERTIFICATIONS FOR CERTAIN STUFF. Yes, I get that you can't blindly hire anyone and that you have to filter people out but at least LOOK AT THEIR FUCKING SKILLSET.
I did MBO level (the highest sub level though) as study which is considered to be the lowest education level in my country. lowest education level meaning that it's mostly focused on learning through doing things rather than just learning theory.
Why the actual FUCK is that, for some fucking reason, supposed to be a 'lower level' than HBO or Uni? (low to high in my country: MBO, HBO, Uni). Just because I learn better by doing shit instead of solely focusing on the theory and not doing much else does NOT FUCKING MEAN THAT I AM DUMBER OR LESS EDUCATED ON A SUBJECT.
So in the last couple of months, I've literally had rejections with reasons like
- 'Sorry but we require HBO level as people with this level can analyze stuff better in general which is required for this job.'. - Well then go fuck yourself. Just because I have a lower level of education doesn't FUCKING mean that I can't analyze shit at a 'lower level' than people who've done HBO.
- 'You don't seem to have a certificate for linux server management so it's a no go, sorry!' - Kindly go FUCK yourself. Give me a couple of barebones Debian servers and let me install a whole setup including load balancers, proxies if fucking neccesary, firewalls, web servers, FUCKING Samba servers, YOU FUCKING NAME IT. YES, I CAN DO THAT BUT SOLELY BECAUSE I DON'T HAVE THAT FUCKING CERTIFICATE APPEARANTLY MEANS THAT I AM TOO INCOMPETENT TO DO THAT?! Yes. I get that you have to filter shit but GUESS WHAT. IT'S RIGHT THERE IN MY FUCKING RESUME.
- 'Sorry but due to this role being related to cyber security, we can't hire anyone lower than HBO.' - OH SO YOUR LEVEL OF EDUCATION DEFINES HOW GOOD YOU ARE/CAN BE AT CYBER SECURITY RELATED STUFF? ARE YOU MOTHERFUCKING RETARDED? I HAVE BEEN DOING SHIT RELATED TO CYBER SECURITY SINCE I WAS 14-15 FUCKiNG YEARS OLD. I AM FAMILIAR WITH LOADS OF TOOLS/HACKING TECHNIQUES/PENTESTING/DEFENSIVE/OFFENSIVE SECURITY AND SO ON AND YOU ARE TELLING ME THAT I NEED A HIGHER LEVEL OF FUCKING EDUCATION?!?!? GO FUCKING FUCK YOURSELF.
And I can go on like this for a while. I wish some companies I come across would actually look at skills instead of (only) study levels and certifications. Those other companies can go FUCK THEMSELVES.39 -
I don't want to write clean code anymore :(
I read Clean Code, Clean Coder, and watched many uncle bob's videos, and I was able to apply best practices and design patterns
I created many systems that really stood the test of time...
Management was kind enough to introduce me to uncle bob clean code in the first place, letting us watch it during work hours. after like one year, my code improved 400% minimum because I am new and I needed guidance from veterans...
That said, to management I am very slow, compared to this other guy, they ask me for a feature and my answer would be like "sure, we need to update the system because it just doesn't support that right now, it is easy though it would take 2 days tops"
they ask the same thing for the other guy : "ok let me see what I can do", 1 hour later, on slack, he writes : done. he slaps bunch of if-statement and make special case that will serve the thing they asked for.
oh 'cool' they say -> but it doesn't do this -> it needs to do that -> ok there is a new bug,-> it doesn't work in build mode-> it doesn't work if you are logged in as a guest, now its perfect ! -> it doesn't work on Android -> ok it works on android but now its not perfect anymore.
and they feel like he is fast (and to be fair he is), this feature? done. ok new bugs? solved. Android compatibility ? just one day ... it looks like he is doing doing doing.
it ends up taking double the time I asked for, and that is not to mention the other system affected during this entire process, extra clean up that I have to do, even my systems that stood the test of time are now ruined and cannot be extracted to other projects. because he just slaps whatever bools and if statements he needs inside any system, uses nothing but Singleton pattern on everything. our app will never be ready-for-business, this I can swear. its very buggy. and to fix it, it needs a change in mentality, not in code.
---------------
uncle bob said : write your code the right way, and the management will see that your code generates less errors, with time, you will earn respect even though they will feel you are slow at first.
well sorry uncle, I've been doing it for a year, my image got bad, you are absolutely right, only when there is no one else allowed to drop a giant shit inside your clean code.
note: we don't really have a technical lead.
-------------------
its been only two days since my new "hack n' slash" meta, the management is already kind of "impressed" ... so I'll keep hacking and slashing until I find a better job.9 -
I worked for over 13 hours yesterday on super-urgent projects. I got so much done it's insane.
Projects:
1) the printer auto-configuration script.
2) changing Stripe from test mode to live mode in production
3) website responsiveness
I finished two within five minutes and pushed to both QA and Production. actually urgent, actually necessary. Easy change.
The printer auto-configure script was honestly fun to write, if very involved. However, the APIs I needed to call to fetch data, create a printer client, etc... none of them were tested, and they were _all_ broken in at least two ways. The CTO (api guy in my previous rant) was slow at fixing them, so getting the APIs working took literally four hours. One of them (test print) still doesn't work.
Responsiveness... this was my first time making a website responsive. Ever. Also, one of the pages I needed to style was very complicated (nested fixed-aspect-ratio + flexbox); I ended up duplicating the markup and hacking the styling together just to make it work. The code is horrible. But! "Friday's the day! it's going live and we're pushing traffic to it!" So, I invested a lot of time and energy into making it ready and as pretty as I could, and finally got it working. That page alone took me two hours.
The site and the printer script (and obv the Stripe change as well) absolutely needed to be done by this morning. Super important.
well.
1) Auto-configure script. Ostensibly we would have an intern come in and configure the printers. However, we have no printers that need configuring, so she did marketing instead. :/ Also, the docs Epson sent us only work for the T88V printer (we have exactly one, which we happened to set up and connect to). They do not work for the T88VI printers, which is what we ordered. and all we'll ever be ordering. So. :/ I'll need to rewrite a large chunk of my code to make this work. Joy :/
2) Stripe Live mode. Nobody even seemed to notice that we were collecting info in Test mode, or that I fixed it. so. um. :/
3) Responsiveness.
Well. That deadline is actually next Wednesday. The marketing won't even start until then, and I haven't even been given the final changes yet (like come on). Also! I asked for a QA review last night before I'd push it to production. One person glanced at it. Nobody else cared. Nobody else cared enough to look in the morning, either, so it's still on QA. Super-important deadline indeed. :/
Honestly?
I feel like Alice (from Dilbert) after she worked frantically on urgent projects that ended up just being cancelled. (That one where Wally smells that lovely buttery-popcorn scent of unnecessary work.)
I worked 13 hours yesterday.
for nothing.
fucking. hell.7 -
There are cybercrimes. That means you can be put to jail for performing certain actions with your computer. I’m taking about serious crimes like hacking crucial governmental servers but not about insulting people online. I’m talking about something that’ll make government chase you.
Every action at the computer could be done with keyboard only.
My face when there is finite sequence of keys that you press one by one and then become a criminal. And go to jail.
My face when if you put that sequence into script file, there is file that you double-click and instantly become criminal.
Press here to go to jail. The whole new level of abstraction.
Really makes me think.7 -
Paranoid Developers - It's a long one
Backstory: I was a freelance web developer when I managed to land a place on a cyber security program with who I consider to be the world leaders in the field (details deliberately withheld; who's paranoid now?). Other than the basic security practices of web dev, my experience with Cyber was limited to the OU introduction course, so I was wholly unprepared for the level of, occasionally hysterical, paranoia that my fellow cohort seemed to perpetually live in. The following is a collection of stories from several of these people, because if I only wrote about one they would accuse me of providing too much data allowing an attacker to aggregate and steal their identity. They do use devrant so if you're reading this, know that I love you and that something is wrong with you.
That time when...
He wrote a social media network with end-to-end encryption before it was cool.
He wrote custom 64kb encryption for his academic HDD.
He removed the 3 HDD from his desktop and stored them in a safe, whenever he left the house.
He set up a pfsense virtualbox with a firewall policy to block the port the student monitoring software used (effectively rendering it useless and definitely in breach of the IT policy).
He used only hashes of passwords as passwords (which isn't actually good).
He kept a drill on the desk ready to destroy his HDD at a moments notice.
He started developing a device to drill through his HDD when he pushed a button. May or may not have finished it.
He set up a new email account for each individual online service.
He hosted a website from his own home server so he didn't have to host the files elsewhere (which is just awful for home network security).
He unplugged the home router and began scanning his devices and manually searching through the process list when his music stopped playing on the laptop several times (turns out he had a wobbly spacebar and the shaking washing machine provided enough jittering for a button press).
He brought his own privacy screen to work (remember, this is a security place, with like background checks and all sorts).
He gave his C programming coursework (a simple messaging program) 2048 bit encryption, which was not required.
He wrote a custom encryption for his other C programming coursework as well as writing out the enigma encryption because there was no library, again not required.
He bought a burner phone to visit the capital city.
He bought a burner phone whenever he left his hometown come to think of it.
He bought a smartphone online, wiped it and installed new firmware (it was Chinese; I'm not saying anything about the Chinese, you're the one thinking it).
He bought a smartphone and installed Kali Linux NetHunter so he could test WiFi networks he connected to before using them on his personal device.
(You might be noticing it's all he's. Maybe it is, maybe it isn't).
He ate a sim card.
He brought a balaclava to pentesting training (it was pretty meme).
He printed out his source code as a manual read-only method.
He made a rule on his academic email to block incoming mail from the academic body (to be fair this is a good spam policy).
He withdraws money from a different cashpoint everytime to avoid patterns in his behaviour (the irony).
He reported someone for hacking the centre's network when they built their own website for practice using XAMMP.
I'm going to stop there. I could tell you so many more stories about these guys, some about them being paranoid and some about the stupid antics Cyber Security and Information Assurance students get up to. Well done for making it this far. Hope you enjoyed it.
26 -
So probably about a decade ago at this point I was working for free for a friend's start-up hosting company. He had rented out a high-end server in some data center and sold out virtualized chunks to clients.
This is back when you had only a few options for running virtual servers, but the market was taking off like a bat out of hell. In our case, we used User-Mode Linux (UML).
UML is essentially a kernel hack that lets you run the kernel in user space. That alone helps keep things separate or jailed. I'm pretty sure some of you can shed more light on it, but that's as I understood it at the time and I wasn't too shabby at hacking the kernel when we'd have driver issues.
Anyway, one of the ways my friend would on-board someone was to generate a new disk image file, mount it, and then chroot to that mount path. He'd basically use a stock image to do this and then wipe it out before putting it live.
I'm not sure exactly what he was doing at the time, but I got a panicked message on New Years Day saying that he had deleted everything. By everything, he had done an rm -fr /home as root on what he had thought was the root of a drive image.
It wasn't an image. It was the host server.
In the stoke of a single command, all user data was lost. We were pretty much screwed, but I have a knack for not giving up - so I spent a ton of time investigating linux file recovery.
Fun fact about UML - since the kernel runs in user space as a regular ol' process, anything it opens is attached to that process. I had noticed that while the files were "gone", I could still see disk usage. I ended up finding the images attached to their file pointers associated with each running kernel - and thankfully all customers were running at the time.
The next part was crazy, and I still think is crazy. I don't remember the command, but I had to essentially copy the image from the referenced path into a new image file, then shutdown the kernel and power it back on from the new image. We had configs all set aside, so that was easy. When it finally worked I was floored.
Rinse and repeat, I managed to drag every last missing bit out of /proc - with the only side effect being that all MySQL databases needed to be cleaned up.3 -
opened up my laptop at the car dealership where I am chilling at rn while I wait on my car's service to be done.
I open my laptop and start working on some small fix that I had forgotten about for work.
OMG guess what? no one is looking at me doing shit in the computer because in reality no one gives a flying fuck like most of you attention whores wanna make it sound like.
No one thinks you are hacking because you opened up a terminal in public.
Bola de jotos ridiculos.15 -
A few years ago I was in high school and used to have a small reputation of hacking things. I could hack, just would never hack any school networks or systems (reputation + notice that there was a breach is a bad combo since everyone would immediately suspect you).
Anyways one day the networks internet connection went down in the school district and I was the only one who used a laptop to take notes. So I quickly opened the terminal and ran Wireshark and said to the person to my right "see that button there? yeah I programmed this last night. anytime I press it I can shut down the network so the teacher can't reach her files (she famously only saved them online). *Long dramatic press* Wireshark started scanning the network so all the numbers and lines were going crazy as it viewed the packet info "Now just wait", soon the whole class knew what I had done through whispers and lo and behold a few minutes later and the teacher couldn't reach her files.
Everyone loved me for the rest of the year for saving them from the homework for the week the wifi network was out since it also ended up having to cancel two tests in the class, and a lot more homework and tests in all their other classes. Solidified my reputation and no one fucked with me from that day on. -
!rant
I get asked about being able to hack stuff, like cracking wifi passwords. Mostly I just go along with them and make up some stuff about how you _could_ do it. And explain how it is done, throw in some "yeah its tough"s and words they wont understand. Yeah with a dictionary attack and a powerful CPU with many threads you can definitely do it! You should try it! I say. Convincing them they can. Ofcourse, download kain and abel and look for something like aircrackng on google.
They won't amount to much and probably won't even try it, but I have a laugh. Seeing the hope of hacking and cracking fade away as a child's ice cream melting on a hot summer day.
Hehe2 -
How the Common Lisp Community will eventually die soon:
Clojure is the only main Lisp dialect having some sort of heavy presence in today's modern development world. Yes, I am aware of other(if not all) environments in which Lisp or a dialect of it is being used for multiple things, CADLisp, Guile Scheme, Racket, etc etc whatever. I know.
Not only is Clojure present in the JVM(I give 0 fucks about whether you like it or not also) but also has compilation targets for Javascript via Clojurescript. This means that i can effectively target backend server operations, damn near everything inside of the JVM and also the browser.
Yet, there is no real point in using Lisp or Clojure other than for pure academic endeavours, for which it is not even a pure functional programming language, you would be better served learning something else if you want true functional purity. But also because examples for one of the major areas in software development, mainly web, are really lacking, like, lacking bad, as in, so bad most examples are few in between and there is no interest in making it target complete beginners or anything of the like.
But my biggest fucking gripe with Lisp as a whole, specifically Common Lisp, is how monstrously outdated the documentation you can find available for it is.
Say for example, aesthetics, these play a large role, a developer(web mostly) used to the attention to detail placed by the Rails community, the Laravel community, django, etc etc would find on documentation that came straight from the 90s. There is no passion for design, no attention to detail, it makes it look hacky and abandoned. Everything in Lisp looks so severely abandoned for which the most abundant pool of resources are not even made present on a fully general purpose language constrained as a scripting environment for a text editor: Emacs with Emacs Lisp which I reckon is about the most used Lisp dialect in the planet, even more so than Clojure or Common Lisp.
I just want the language to be made popular again y'know? To have a killer app or framework for it much like there is Rails for Ruby, Phoenix for Elixir, etc etc. But unless I get some serious hacking done to bring about the level of maturity of those frameworks(which I won't nor I believe I can) then it will always remain a niche language with funny syntax.
To be honest I am phasing away my use of Clojure in place of Pharo. I just hate seeing how much the Lisp community does in an effort to keep shit as obscure and far away from the reach of new developers as possible. I also DESPISE reading other Lisp developer's code. Far too fucking dense and clever for anyone other than the original developer to read and add to. The idea that Lisp allows for read only code is far too real man.
Lisp has been DED for a while, and the zombies that remain will soon disappear because the community was too busy playing circle jerks for anything real to be done with it. Even as the original language of AI it has been severely outshined by the likes of Python, R and Scala, shit, even Javascript has more presence in AI than Lisp does now a days.9 -
going out of the cafe when some stranger stops me, he asks if I'm a programmer, said his friend told him,
i was like yeah, i mostly do web stuff, but can work on any project.
he then said, nah it's just about hacking that person, or even just his facebook account, i suppose it can be done..
then he looked at me noticing that I'm a few mood calories away from murdering his sorry ass.
he asks if it's not bothersome to ask
i said nah it's fine, just that every word you said after "hack" is bothering me terribly,
he just stepped back and walked away4 -
So I work at a startup working on “cutting edge” technology with two other devs. Our lead engineer is an interesting fellow. The guy never ever writes a single line of code, just looks for similar projects online and receives a lot of credit for it, I have to hand it to him though, he has an ability to scheme through information and pick the gist of what’s going on but when it comes to detail, he’s seriously lacking. We recently started a projects a couple of weeks back and it was supposed to be an easy two days of hacking and we would be done but instead the guy looks for code online copies it I change the necessary variables to match the use case then it doesn’t work. So we’ve spent weeks debugging this code because someone is afraid to get their hands dirty. I can’t complain to the bosses because they’re not techies and the trust him more since I’m still new to the company.
I love their attitude though, they honestly believe they have a chance against some giants in tech and from the actual talent I’ve witnessed they’ll only get there through sheer luck.
I have to sit there and listen to them shit on more successful tech companies and that they have better ideas.
Maybe someone can change my mind on this issue as I’m still young and new to this industry.8 -
Worst "hackathon" turned out to be the boss (scrum master type) and a Magento guy (super OCD) working on a tiny tiny adjustment to a email template. They didn't really do anything and expected me to just make it all way better with CSS alone. I built out a robust responsive email in a codepen for them. They acted like they couldn't trust me to be a part of the team because I wasn't contributing - but I wasn't even sure what was happening. Between gathering refreshments and patting themselves on the back... it was hard to see what they had done. The online presentation to the magento people was pretty funny to watch though. If you think you can't have a presentation about nothing - think again. Magento is totally fucked. The word 'hacking' is not really suited to describe 'programming websites/applications quickly' anyway. 'Ninja' and 'hack' should always be considered red flags. 'Magento' should be a triple red flag: Jerk-off Jesus-complex boss, self-centered out of touch programmers, crap product. Watch out!1
-
!rant
For all of youse that ever wanted to try out Common Lisp and do not know where to start (but are interested in getting some knowledge of Common Lisp) I recommend two things:
As an introductory tutorial:
https://lisperati.com/casting.html/
And as your dev environment:
https://portacle.github.io/
Notice that the dev environment in question is Emacs, regardless of how you might feel about it as a text editor, i can recommend just going through the portacle help that gives you some basic starting points regarding editing. Learn about splitting buffers, evaluating the code you are typing in order for it to appear in the Common Lisp REPL (this one comes with an environment known as SLIME which is very popular in the Lisp world) as well as saving and editing your files.
Portacle is self contained inside of one single directory, so if you by any chance already have an Emacs environment then do not worry, Portacle will not touch any of that. I will admit that as far as I am concerned, Emacs will probably be the biggest hurdle for most people not used to it.
Can I use VS Code? Yes, yes you can, but I am not familiar with setting up a VSCode dev environment for Emacs, or any other environment hat comes close to the live environment that emacs provides for this?
Why the fuck should I try Common Lisp or any Lisp for that matter? You do not have to, I happen to like it a lot and have built applications at work with a different dialect of Lisp known as Clojure which runs in the JVM, do I recommend it? Yeah I do, I love functional programming, Clojure is pretty pure on that (not haskell level imo though, but I am not using Haskell for anything other than academic purposes) and with clojure you get the entire repertoire of Java libraries at your disposal. Moving to Clojure was cake coming from Common Lisp.
Why Common Lisp then if you used Clojure in prod? Mostly historical reasons, I want to just let people know that ANSI Common Lisp has a lot of good things going for it, I selected Clojure since I already knew what I needed from the JVM, and parallelism and concurrency are baked into Clojure, which was a priority. While I could have done the same thing in Common Lisp, I wanted to turn in a deliverable as quickly as possible rather than building the entire thing by myself which would have taken longer (had one week)
Am I getting something out of learning Common Lisp? Depends on you, I am not bringing about the whole "it opens your mind" deal with Lisp dialects as most other people do inside of the community, although I did experience new perspectives as to what programming and a programming language could do, and had fun doing it, maybe you will as well.
Does Lisp stands for Lots of Irritating Superfluous Parentheses or Los in stupid parentheses? Yes, also for Lost of Insidious Silly Parentheses and Lisp is Perfect, use paredit (comes with Portacle) also, Lisp stands for Lisp Is Perfect. None of that List Processing bs, any other definition will do.
Are there any other books? Yes, the famous online text Practical Common Lisp can be easily read online for free, I would recommend the Lisperati tutorial first to get a feel for it since PCL demands more tedious study. There is also Common Lisp a gentle introduction. If you want to go the Clojure route try Clojure for the brave and true.
What about Scheme and the Structure and Interpretation of Computer Programs? Too academic for my taste, and if in Common Lisp you have to do a lot of things on your own, Scheme is a whole other beast. Simple and beautiful really, but I go for practical in terms of Lisp, thus I prefer Common Lisp.
how did you start with Lisp?
I was stupid and thought I should start with it after a failed attempt at learning C++, then Java, and then Javascript when I started programming years ago. I was overwhelmed, but I continued. Then I moved to other things. But always kept Common Lisp close to heart. I am also heavy into A.I, Lisp has a history there and it is used in a lot of new and sort of unknown projects dealing with Knowledge Reasoning and representation. It is also Alien tech that contains many things that just seem super interesting to me such as treating code as data and data as code (back-quoting, macros etc)
I need some inspiration man......show me something? Sure, look for a game called Kandria in youtube, the creator, Shimera (Nicolas Hafner) is an absolute genius in the world of Lisp and a true inspiration. He coded the game in Common Lisp, he is also the person behind portacle. If that were not enough, he might very well also be Shirakumo, another prominent member of the Common Lisp Community.
Ok, you got me, what is the first thing in common lisp that I should try after I install the portacle environment? go to the repl and evaluate this:
(+ 0.1 0.2)
Watch in awe at what you get.
In the truest and original sense of the phrase (MIT based) "happy hacking!"9 -
Has hacking become a hobby for script-kiddies?
I have been thinking about this for a while know, I went to a class at Stanford last summer to learn penetration-testing. Keep in mind that the class was supposed to be advanced as we all knew the basics already. When I got there I was aggravated by the course as the whole course was using kali linux and the applications that come with it.
After the course was done and I washed off the gross feeling of using other peoples tools, I went online to try to learn some tricks about pen-testing outside of kali-linux tools. To my chagrin, I found that almost 90% of documentation from senior pen-testers were discussing tools like "aircrack-ng" or "burp-suite".
Now I know that the really good pen-testers use their own code and tools but my question is has hacking become a script kiddie hobby or am I thinking about the tools the wrong way?
It sounds very interesting to learn https and network exploits but it takes the fun out of it if the only documentation tells me to use tools.3 -
The datepicker saga
Part one
So I begin work on a page where user add their details, project is late, taking ages on this page
Nearly done, just need a component to allow users to put in some date of births. Look for react components.
Avoiding that one because fuck Bootstrap.
Ah-ha, that looks good, let's give it a go.
CSS doesn't exist, oh need copy it over from npm dist. Great it applied but...
... WTF it's tiny. Thought it was a problem with my zoom. Nope found the issue in github.com and it's something to do with using REM rather than EM or something, okay someone provided a solution, rather I saw a couple of solutions, after some hacking around I got it working and pasted it in the right location and yes, it's a reasonable size now.
Only it's a bit crap because it only allows scrolling 1 month at a time. No good. Hunting through the docs reveals several options to add year and month drop downs and allow them to be scrolled. Still a bit shit as it only shows certain years, figure I'd set the start date position somewhere at the average.
Wait. The up button on the scroll doesn't even show, it's just a blank 5px button. Mouse scroll doesn't work
Fucking...
... Bailing on that.
Part 2
Okay sod it I'll just make my own three drop down select boxes, day, month and year. Easy.
At this point I take full responsibility and cannot blame any third party. And kids, take this as a lesson to plan out your code fully and make no assumptions on the simplicity of the problem.
For some reason (of which I regretted much) I decided to abstract things so much I made an array of three objects for each drop down. Containing the information to pretty much abstract away the field it was dealing with. This sort of meta programming really screwed with my head, I have lines like the following:
[...].map(optionGroup =>
optionGroup.options[
parseInt(
newState[optionGroup.momentId]
, 10)
]
)...
But I was in too deep and had to weave my way through this kind of abstract process like an intrepid explorer chopping through a rain forest with a butter knife.
So I am using React and Redux, decided it was overkill to use Redux to control each field. Only trouble is of course when the user clicks one of the fields, it doesn't make sense in redux to have one of the three fields selected. And I wanted to show the field title as the first option. So I went against good practice and used state to keep track of the fields before they are handed off to the parent/redux. What a nightmare that was.
Possibly the most challenging part was matching my indices with moment.js to get the UI working right, it was such a meta mess when it just shouldn't have taken so stupidly long.
But, I begin to see the light at the end of this tunnel, it's slowly coming together. And when it all clicks into place I sit back and actually quite enjoy my abysmal attempt at clean and easy to read code.
Part 3
Ran the generated timestamp through a converter and I get the day before, oh yeah that's great
Seems like it's dependant on the timezone??!
Nope. Deploying. Bye. I no longer care if daylight savings makes you a day younger.1 -
I'm studying a mix of computer science and engineering. This semester we were tasked with hacking a "smart-production"-production-machine.... And OMFG it's shit!
This is a product by a major company and it's version 4... How the fuck is it this bad?
Like, using the same 5-letter password on all the PLC's FOR THE ROOT USER!!! WTF!!! AND open, unencrypted Telnet.....
This is a million dollar machine and, as soon as a hacker is on the same network it is done for! wtf.... I just can't believe how easy it was to get in and reek havoc.6 -
android development is shitty af, it will make you super zombie computer nerd that sit on his chair for fking several hours just to find the where the fk is null pointer exception is coming from not only this but for all kind of errors,logcat looks like someone just hacking nasa, you know what im the one who is shitty af i would have opt web dev instead of android dev , this retarded studio and emulator takes too much time to just load a simple fking thing & if i make some change in it i've to install that application again ,it's so pathetic and horse shit thing i've ever encountered , kotlin is fun it's actually great language most of the features are so helpful in it,but the google codelabs,it's all documentation , adding dependencies whole concepts are trash imo, why can't we install the dependencies using terminal what's problem in that ,but no they chose the hard way for no fuking reason, i've successfully wasted a year learning this shitty tech stack, hopefully this NY i will choose different stack , will work till ass off .gonna build some cool projects and will eventually try for internships and all. done with android dev, idk how senior dev's are alive in this field6
-
!rant
So, when I was young, I wanted to be a freelancing nomad. You know, live the live, work remote and travel.
But I didn't have the bones to pursue that. After 10 years of struggling as a normal "programmer", I did a little of everything. I did normal boring "erp maintenance" in C#, Oracle and some legacy stuff called Visual WEB GUI , which was fun, but required a full 9,5 hours work day, 8:00 am to 6:30pm, and the bosses where squares, and I was young and wanted to try something out of the corporate world.
Then I did some work for a newly funded consulting company that used python, Django, and postgresql, but the bosses promised a lot and delivered none, (I was supposed to work backend and have frontend support, which I did not have, and that hurt my productivity and bosses instead of looking at what they promised but did not deliver, they just discounted my salary 3 months in a row, so Bye bye MFs!!
Then I did some remote work for some guys, that, I managed to sustain for a whole year, the pay was good, the stack was simple, just node.js and pug templates, that gig was good, but communication with the bosses was hard, and eventually things started to get hard for them and me, and we had to say farewell to each other, I miss those guys. This is the only time I remember having fun working, I could work whenever I wanted, I only had to reach the weekly goals, and then my time was mine, I could work from home in the odd hours, or rent a chair in a co working space if I wanted to socialize.
Then fate got me one big gig with a multinational company, and I could hire some people, but I delegated too much and was asking too little of myself, and that project eventually died because I did not know how to negotiate.
So, I quit the whole entrepreneur idea, and got a public job at my University, I was a public employee with all the perks, but none of the fun, I just had to clock-in, work, and clock-out. That experience led me to discover a lot of myself, I worked as a public employee for a year and a half, and in that time, I discovered more about myself than what I learnt in 27 years of previous life experience.
Then, I grew bored of that life, and wanted some action, and I found more than enough fun in a VC funded startup ran by young narcissists that did not have a clue of what they were doing, I helped them organize themselves into "closing stuff", you know, finish the things you say you have finished. Just to give you an idea of what it was like before I got there, the were working for 3 months already on this project, they had on paper 50% of the system done and working, when I tried to use the app, I couldn't even sign-up without hacking some database commands, (this was supposedly done). So I spent a month there teaching these guys how to finish stuff, they got, Sign Up, (their sign up was a mess, it is one of those KYC rich things, that financial apps have), Login, and some core functionality working in a month, while in the previous 4 months they only did parallel work, writing endpoints that were not tried, and an app that did not communicate with the backend. But the bosses weren't happy with me, because I told them time and time again that we were not going to reach the goal they needed to reach to keep receiving funds from the investors, and I had to quit before it became a mayhem of toxic employer/employee relationship.
So now I decided to re-engage with life, I have funds to survive about a month and half, I have a good line of credit in case I need some more funds, and the time of the world.
So wish me luck!!! And I'll be posting often, because I would like opinions, hear from people with similar life experiences and share anecdotes.
Next post, it's going to be about how I discovered taskwarrior, and how implemented my first weekend following some of the aspects of GTD to do all my housekeeping chores, because, I think that organizing myself will be key to survive as a freelancer nomad. -
Im ranting in progress of the issue so i dont get the urge to do any of the things not seem as acceptable to fix this issue.
Issue: yesterday i activated a device i havent had any (even prepaid) service on in years, and had a 'new'(to me) number assigned...
Today, after being sick so muting nuisances immediately for rest, i check, 3missed calls from the same, less spammy looking number. I havent use this number for even a txt code verification at all... aside from 1 call to comcast (for the blissful irony of seeing if its an option (they need to survey physically) since im suing my current isp who didnt take my VERY NICE and explictly required in their business t&c, refund for the issue's duration.. after months of tryjng to directly get a message (not using my not technically hacking expertise like just scrubbing for email formatting and popped up in their inbox (calling them is more frowned upon)...
Their conclusion as to "why" (they nvr solved the issue... dhcpv6 was in aggressive lease mode(no response per lease(NOT batches) of about 60 for about 20 devices which i ofc use my /28 static ipv4 block... not ipv6 (they also claimed there was no logs til i dug and found verbose, long history high/med high debug level logs in their prop. dev's gui... which they forced me to use, has 2 separate cores/stacks which is done for 1 reason only... constant simultaneous ipv4 and ipv6 (so ofc was auto enabled)...
Basically it was spamming do to a config issue with their scripts, and their WAN6 dev/script's config. Have found a single person who knows what ipv6 (or v4) or wan6 device actually means... their conclusion from multiple "specialist departments " ..."we dont support ipv6 so if u had issues caused by using something we dont support it's your fault... sooooo ludacris.
.... ok back to main point.
callback options
1 schedule a call back for "later"
2 dont schedule and hang up/try some other time
3. cancel callback and join the end of the cue(from previous message it told me a callback in 6-10m or lose your place in line and go to the end... hours later no call and they definitely have the number as it reiterated -.-
...
answer to wait in line>
experiencing extremely high wait time
>your current wait time 31-60m
2.5sec later.. let me connect you to a rep ...etc (identical as in callback options intro)
> your current wait time is 30sec
waiting nearly 25min whilst typing this.(i did make sweet potato stuff, propagated a rose, fed JSON some of his new, in closure buffet of things he previously never encounted and bought a literal ton of rubber mulch)40min to a rep 5more to solve (last guy at same position didnt know this option exited, despite me decribing it verbosely to him.
Everything the automated syst asks is about account numer... there is none ive never even had a burner that was at&t brand.
Wzf.3 -
Today i teach you all how is the hacking is done...
Just start your laptop and Kickstart like this...
1 -
everything is going as planned! :)
Learned Rust Lang. i loved it (that doesn't mean i am done learning na? No! never stop)
new language i could do game memory hacking in without worrying about C++ memory leaks or issues. it also compiles to assembly! another of my favorite languages!
(i use rust for game development and other stuff)
i am not leaving C / C++ though that would be harsh!,
i abandoned javascript for react and typescript.
to be honest the developer just made javascript and left us with a [object Object]
finished learning the android java api so im basically set anything i want to make i can just go on my pc, listen to music and write it out in a couple of days.
well phazor what are you going to do now?!
i will code till i am old.
i will leave my mark like a shid that made its skid in the bowl :)5 -
Anyone have experience with technical analysis, algo trading?
Was reading an article about how markets are probably going to crash next year based on some technical indicators and it reminded me of the days back in uni when I tried to create (simple) trading algos using all sorts of technical indicators...
Never got anything better than random... And I recall was basically throw some indicators together and backtest using different parameters. I think it's called p-hacking.
But anyway just wondering how is it actually done such that it works... And well how can technical analysis ever work if it's completely subjective to the parameters u use? Like just take Moving Average. You can take a average over any range 1s, 1min, 1d, 1 month, etc.
So many combinations u could use, how can you make any rules that you are confident enough to put lots of money on...7 -
Need some advise from all you clever devs out there.
When I finished uni I worked for a year at a good company but ultimately I was bored by the topic.
I got a new job at a place that was run by a Hitler wannabee that didn't want to do anything properly including writing tests and any time I improved an area or wrote a test would take me aside to have a go so I quit after 3 months.
Getti g a new job was not that hard but being at companies for short stints was a big issue.
My new job I've been here 3 months again but the code base is a shit hole, no standardisation, no one knows anything about industry standards, no tests again, pull requests that are in name only as clearly broken areas that you comment on get ignored so you might as well not bother, fake agile where all user stories are not user stories and we just lie every sprint about what we finished, no estimates and so forth, and a code base that is such a piece of shit that to add a new feature you have to hack every time. The project only started a few months back.
For instance we were implementing permissions and roles. My team lead does the table design. I spent 4 hours trying to convince him it was not fit for purpose and now we have spent a month on this area and we can't even enforce the permissions on the backend so basically they don't exist. This is the tip of the iceberg as this shit happens constantly and the worst thing is even though I say there is a problem we just ignore it so the app will always be insecure.
None of the team knows angular or wants to learn but all our apps use angular..
These are just examples, there is a lot more problems right from agile being run by people that don't understand agile to sending database entities instead of view models to client apps, but not all as some use view models so we just duplicate all the api controllers.
Our angular apps are a huge mess now because I have to keep hacking them since the backend is wrong.
We have a huge architectural problem that will set us back 1 month as we won't be able to actually access functionality and we need to release in 3 months, their solution even understanding my point fully is to ignore it. Legit.
The worst thing is that although my team is not dumb, if you try to explain this stuff to them they either just don't understand what you are saying or don't care.
With all that said I don't think they are even aware of these issues somehow so I dont think it's on purpose, and I do like the people and company, but I have reached the point that I don't give a shit anymore if something is wrong as its just so much easier to stay silent and makes no difference anyway.
I get paid very well, it's close to home and I actually learn a lot since their skill level is so low I have to pick up the slack and do all kinds of things I've never done much of like release management or database optimisation and I like that.
Would you leave and get a new job?
Top Tags
Weekly Rant
View