Fucking awesome. The 'encryption backdoor law' in Australia went through!

Now, whenever served with such warrants, companies which are active in Australia will have to pay hefty fines if they don't give encrypted messages to law enforcement in readable form. No matter whether this means just decrypting it with the keys they have or pushing backdoors/inject code into the messaging apps/services in order to extract the contents.

Now let's see how much the big companies really care about their users! (I'd expect them to pull out of Australia but the chance that this'll happen is as tiny as about nothing)

Today I found out that I could inject HTML into our documentation system.
I quickly tested it with the <style> tag by setting all paragraph tags to have eye bleeding red backgrounds.
Then when seeing that it works I've made a modal that displays a blinking red alert with the headline "Access Denied!", a loading bar that says "Tracing intruder IP..." and another line "Erasing confidential information.. .".
Then I've added an animation to run on all paragraph, heading and list tags - first they bounce and then the become transparent.

Then I asked one of the interns to go to that specific document - one of the longest and most important manuals they have access to.
I then left the room and through a window watched the poor, panicking guy looking into the abyss and "realizing" that he somehow deleted the important files and will be traced down soon.

I had to tell him the truth to avoid a suicide in the office.

It was perfect! I will definitely do this to others! :D

Started talking with someone about general IT stuff. At some point we came to the subject of SSL certificates and he mentioned that 'that stuff is expensive' and so on.

Kindly told him about Let's Encrypt and also that it's free and he reacted: "Then I'd rather have no SSL, free certificates make you look like you're a cheap ass".

So I told him the principle of login/registration thingies and said that they really need SSL, whether it's free or not.

"Nahhh, then I'd still rather don't use SSL, it just looks so cheap when you're using a free certificate".

Hey you know what, what about you write that sentence on a whole fucking pack of paper, dip it into some sambal, maybe add some firecrackers and shove it up your ass? Hopefully that will bring some sense into your very empty head.

Not putting a secure connection on a website, (at all) especially when it has a FUCKING LOGIN/REGISTRATION FUNCTION (!?!?!?!!?!) is simply not fucking done in the year of TWO THOUSAND FUCKING SEVENTEEN.

'Ohh but the NSA etc won't do anything with that data'.

Has it, for one tiny motherfucking second, come to mind that there's also a thing called hackers? Malicious hackers? If your users are on hacked networks, it's easy as fuck to steal their credentials, inject shit and even deliver fucking EXPLOIT KITS.
Oh and you bet your ass the NSA will save that data, they have a whole motherfucking database of passwords they can search through with XKeyScore (snowden leaks).

Motherfucker.

A quite severe vulnerability was found in Skype (at least for windows, not sure about other systems) allowing anyone with system access (remote or local) to replace the update files skype downloads before updating itself with malicious versions because skype doesn't check the integrity of local files. This could allow an attacker to, once gaining access to the system, 'inject' any malicious DLL into skype by placing it in the right directory with the right file name and waiting for the user to update (except with auto updates of course).

From a company like Microsoft, taking in mind that skype has hundreds of millions of users worldwide, I'd expect them to take a very serious stance on this and work on a patch as soon as possible.

What they said about this: they won't be fixing it anytime soon as it would require a quite big rewrite of skype.

This kinda shit makes me so fucking angry, especially when it comes from big ass companies 😡. Take your fucking responsibility, Microsoft.

Me: Oh I see were using a non-standard architecture on this app. I like this bit but what is this doing? never seen it before.

Him: Ah we use that to abstract the navigation layer.

Me: oh ok, interesting idea, but that means we need an extra file per screen + 1 per module. We also can't use this inbuilt control, which I really like, and we've to write a tonne of code to avoid that.

Him: Yeah we wanted to take a new approach to fix X, this is what we came up with. Were not 100% happy with it. Do you have any ideas?

**
Queue really long, multi-day architecture discussion. Lots of interesting points, neither side being precious or childish in anyway. Was honestly fantastic.
**

Me: So after researching your last email a bit, I think I found a happy middle ground. If we turn X into a singleton, we can store the state its generating inside itself. We can go back to using the in-built navigation control and have the data being fetched like Y. If you want to keep your dependency injection stuff, we can copy the Angular services approach and inject the singletons instead of all of these things. That means we can delete the entire layer Z.

Even with the app only having 25% of the screens, we could delete like 30+ files, and still have the architecture, at a high level, identical and textbook MVVM.

Him: singleton? no I don't like those, best off keeping it the way it is.

... are you fucking kidding me? You've reinvented probably 3 wheels, doubled the code in the app and forced us to take ownership of something the system handles ... but a singleton is a bad idea? ... based off no concrete evidence or facts, but a personal opinion.

... your face is a bad idea

Just found out the backend developer I’m always complaining about. The one who:

- Can’t implement OAuth, and we have to have app users login every 24 hours because we have no way to generate new refresh tokens.

- Who used the phrase “your time zone is not my concern” to avoid building something that would let us inject test data.

- Who’s been debugging a critical bug affecting many users since December.

- Who can’t conduct API tests from external internet (you know, like the way the app will be in the wild) because it takes too much time.

- Who replies to Jira tickets only on a blue moon.

- Who has been 90% of the reason for my blood pressure situation

... is a fucking principal engineer in this company. In pecking order, his opinion should be considered more valuable than mine and everyone on my team.

I’ve just lost the will to live. How are big organizations THIS bad. Seriously, what promotion discussion did he go into

“So, you are a complete and utter bastard, nobody can stand to speak to you and you’ve yet to deliver anything of worth that actually works, over the course of several years ... ... ... interested in having your pay doubled??”

Security tester: Injects XSS into a rich text editor and flags it for a vulnerability.

"Oh that's fine, let's just disable right click on our page so no one can inspect the page and inject anything."

...

My boss ladies and gentlemen.

You want to know what fucking pisses me off? This fucking router thinking it can just inject itselft and redirect into any fucking page that it wants..my fucking bank account? Yep, my fucking google docs? YEP, Fucking CSGO? YOU BET BRO

iOS Programming:

something.openCamera()

DONE!

—-

Android Programming:

val jobProcessorHandler = FuckingBuilder.something().inject().whatTheFuck()
val cameraDecoderFuck = Camera(CodePackFuck.shit, jobProcessorHandler)

CRASH!

Our website once had it’s config file (“old” .cgi app) open and available if you knew the file name. It was ‘obfuscated’ with the file name “Name of the cgi executable”.txt. So browsing, browsing.cgi, config file was browsing.txt.
After discovering the sql server admin password in plain text and reporting it to the VP, he called a meeting.
VP: “I have a report that you are storing the server admin password in plain text.”
WebMgr: “No, that is not correct.”
Me: “Um, yes it is, or we wouldn’t be here.”
WebMgr: “It’s not a network server administrator, it’s SQL Server’s SA account. Completely secure since that login has no access to the network.”
<VP looks over at me>
VP: “Oh..I was not told *that* detail.”
Me: “Um, that doesn’t matter, we shouldn’t have any login password in plain text, anywhere. Besides, the SA account has full access to the entire database. Someone could drop tables, get customer data, even access credit card data.”
WebMgr: “You are blowing all this out of proportion. There is no way anyone could do that.”
Me: “Uh, two weeks ago I discovered the catalog page was sending raw SQL from javascript. All anyone had to do was inject a semicolon and add whatever they wanted.”
WebMgr: “Who would do that? They would have to know a lot about our systems in order to do any real damage.”
VP: “Yes, it would have to be someone in our department looking to do some damage.”
<both the VP and WebMgr look at me>
Me: “Open your browser and search on SQL Injection.”
<VP searches on SQL Injection..few seconds pass>
VP: “Oh my, this is disturbing. I did not know SQL injection was such a problem. I want all SQL removed from javascript and passwords removed from the text files.”
WebMgr: “Our team is already removing the SQL, but our apps need to read the SQL server login and password from a config file. I don’t know why this is such a big deal. The file is read-only and protected by IIS. You can’t even read it from a browser.”
VP: “Well, if it’s secured, I suppose it is OK.”
Me: “Open your browser and navigate to … browse.txt”
VP: “Oh my, there it is.”
WebMgr: “You can only see it because your laptop had administrative privileges. Anyone outside our network cannot access the file.”
VP: “OK, that makes sense. As long as IIS is securing the file …”
Me: “No..no..no.. I can’t believe this. The screen shot I sent yesterday was from my home laptop showing the file is publicly available.”
WebMgr: “But you are probably an admin on the laptop.”
<couple of awkward seconds of silence…then the light comes on>
VP: “OK, I’m stopping this meeting. I want all admin users and passwords removed from the site by the end of the day.”

Took a little longer than a day, but after reviewing what the web team changed:
- They did remove the SQL Server SA account, but replaced it with another account with full admin privileges.
- Replaced the “App Name”.txt with centrally located config file at C:\Inetpub\wwwroot\config.txt (hard-coded in the app)
When I brought this up again with my manager..
Mgr: “Yea, I know, it sucks. WebMgr showed the VP the config file was not accessible by the web site and it wasn’t using the SA password. He was satisfied by that. Web site is looking to beat projections again by 15%, so WebMgr told the other VPs that another disruption from a developer could jeopardize the quarterly numbers. I’d keep my head down for a while.”

Story Time. Inspired by another rant.

Context: I'm In a coding camp years ago, it's the first day.

We're doing introductions (name, why you're here, etc). Always fun to do that....

The folks running the camp are excited to introduce a student who also at one point was a teacher for some sort of girl power coding organization. So this raises questions, why would someone who teaches be a student in this camp?? And even a bigger question is raised when this person introduces themselves for a long time, and as an aside puts down the girls she taught in this program they taught ... like who does that?

horribleLady does that ...

A few hours later horribleLady asks her 12th question of the day (we haven't even started talking about code). Before she asks her question actually says:

“I know, I’m going to be a problem.” -laugh-

🚨🚨🚨 ヽ ( ꒪д꒪ )ﾉ 🚨🚨🚨

Fast forward to group projects and she's this sort of emotional storm, tears, and a sort of angry shouting that isn't angry enough for some folks to say she's yelling at people ... but she is. Fortunately I'm not in the first group project with her, but because we're all working in the same room we all get to see the train-wreck unfold.

The moment she doesn't get something (all the time) everyone in her group has to STOP and figure out what they're going to do about it, then again STOP because she thinks someone is doing something different than what was planned. STOP STOP STOP STOP STOP.

In a way, everything had to go through her, she didn’t declare it that way, she didn't present herself as any sort of authority, she would just stop everyone the moment she thought anything was wrong, or she didn't understand it (all the time), and either inject herself or demand help from her team. Everyone around her had to be drawn into whatever problem she had. It was horrific to watch.

Private slack channels would light up like crazy with "OMG", "WTF", "I DON'T UNDERSTAND HER", "FUCK" and "SHE"S HOW OLD!?!?"

So finally it happens to me and guyWhoDoesPotConstantly (capable guy, nice dude, pretty sure he was high all the time).... we're teamed up to work with horribleLady. Thankfully for just one day. I accept this because I figure one day with her is enough penance to try to avoid any further contact later on.

My approach is straight stone face. I refuse to respond to her sulking, or sighing, or general emotional bait she throws out constantly. I saw other students unwittingly take her bait (they were trying to be helpful) only to have her crap all over them with her frustrations or whatever it is is going on.

Still we're teamed up with her her for the day so I'm going to be a good team member and I explain what guyWhoDoesPotConstantly and I are doing / trying.... and so forth. But she's just too upset that she's even assigned to work with us, and tells me I'm just not doing it right, and her explanations about how we're not doing it right makes less than 0 sense. I ask her to show me what she means but she won't type anything on her keyboard, she'd just talk about how she’s thinking conceptually in circles and sulk about it rather than listen. I don't respond to any of her shit and say "I'm going to try this." and guyWhoDoesPotConstantly and I just keep working.

She would later call the instructor over and complain to him for a while and say: "These guys just get it, they're not helping me, I want to be assigned to another group." She doesn't get her way so she just moves to another table in front of us.

After that day I figured it was a great time to ask .... to NEVER be assigned to anything with her because "If I told her what I thought it would just get a lot worse." I got my way ;)

Other students weren't so lucky. Tears, sulking, her special way of yelling at people that somehow never got her in trouble (she should have been kicked out of the program) just kept going on. She refused to even present one group project she deemed not good enough despite the fact that she contributed nothing functional to the project that the TA's didn't write for her...

Amidst the stories she would tell to students was one of how she sued her totally sexist/racist/evil former employer. She never said what came of it, but that combined with her inability to do things reminded me of a rant I read on here.

I sometimes fear being hired someplace and walking in my first day to find I'm assigned to work with .... horribleLady. In this scenario she managed to get hired and they're too afraid to fire her so they assign the new guy to work with horribleLady...

I've no idea what happened to her after the camp.

(I rewrote this rant a few times because it kept circling back to a larger story about the coding camp I wrote about a few years ago, so if this seemed sort of broken up and wonky, yeah it was / is / yeah)

I reversed engineered the network protocol for a game.
I uploaded the source code to GitHub and made a post on UC Forums.

I kept getting bombarded with messages from the same person, it went something like this:

Him: "I can't get this hack to work, pls send finish hack, thanks"
Me: "First of all this is not a complete hack. You actually need to know how to code to use this library."
Guy: "Ok, can u help me make hack for game?"
To keep this short, I basically told him:
"No. Look through the code, learn it, use what you learned."

Couple of hours later he replied:
"Ok. I look through code but don't know how work. Send me code pls."
From the kindness of my heart I made a extremely simplified wrapper for the already simple code and sent him the project files.

He replies with: "Thank for hack, I not able make it work. I build I try inject game but no work. How to run dll file."

At that point I gave up...

if (questionAsked) {
retuen "It depends...";
}

I hate it I hate it I hate it

But it's true because there are a fuckton of factors that determine the answer to a question and nobody ever knows all of them.

I can rarely answer a question from classmates or non-techs without saying that it depends or that there are multiple options.

"Are statics ever good?" It depends
"Should I inject this dependency?" It depends
"Should I google every question first?" It depends

I fear giving a whole answer without knowing the details or at least seeing the code. I've come across multiple XY problems and I'm glad I took the time to look at some code first.

The company I work for is currently maintaining some websites under an old (>1.5 years) version of Drupal, which has some well known vulnerabilities.

Yesterday we've found out somebody used them to inject php code into every single .php file on the machine. We've been discussing for hours about how to recover data, upgrade stuff, and maybe switch to something else. I've said jokingly "or we could put a find command in the crontab to sed away the php line they've injected!". Guess what we're doing now on our production servers?

Watch out for these fucking bug bounty idiots.

Some time back I got an email from one shortly after making a website live. Didn't find anything major and just ran a simple tool that can suggest security improvements simply loading the landing page for the site.

Might be useful for some people but not so much for me.

It's the same kind of security tool you can search for, run it and it mostly just checks things like HTTP headers. A harmless surface test. Was nice, polite and didn't demand anything but linked to their profile where you can give them some rep on a system that gamifies security bug hunting.

It's rendering services without being asked like when someone washes your windscreen while stopped at traffic but no demands and no real harm done. Spammed.

I had another one recently though that was a total disgrace.

"I'm a web security Analyst. My Job is to do penetration testing in websites to make them secure."
"While testing your site I found some critical vulnerabilities (bugs) in your site which need to be mitigated."
"If you have a bug bounty program, kindly let me know where I should report those issues."
"Waiting for response."

It immediately stands out that this person is asking for pay before disclosing vulnerabilities but this ends up being stupid on so many other levels.

The second thing that stands out is that he says he's doing a penetration test. This is illegal in most major countries. Even attempting to penetrate a system without consent is illegal.

In many cases if it's trivial or safe no harm no foul but in this case I take a look at what he's sending and he's really trying to hack the site. Sending all kinds of junk data and sending things to try to inject that if they did get through could cause damage or provide sensitive data such as trying SQL injects to get user data.

It doesn't matter the intent it's breaking criminal law and when there's the potential for damages that's serious.

It cannot be understated how unprofessional this is. Irrespective of intent, being a self proclaimed "whitehat" or "ethical hacker" if they test this on a site and some of the commands they sent my way had worked then that would have been a data breach.

These weren't commands to see if something was possible, they were commands to extract data. If some random person from Pakistan extracts sensitive data then that's a breach that has to be reported and disclosed to users with the potential for fines and other consequences.

The sad thing is looking at the logs he's doing it all manually. Copying and pasting extremely specific snippets into all the input boxes of hacked with nothing to do with the stack in use. He can't get that many hits that way.

When i read this, I think "Inject me please! Inject me with all you got!"

OMFG! Who’s bright fucking horrible stupid ass idea was it to mix Ajax with php (php deciding the ajax paths) with random js outputting HTML inside random fucking static divs found no where near the logical route of content.

Trying to add a simple fucking status to a gigantic cluster fuck of a legacy project is just FUCK.

If I could I would burn this bitch to the ground and start again I would, But no, it’s needed.

Someone kill me before I break the shit out of this thing, I would take a wordpress project right now instead.

I quit abusive relationship. I quit smoking. I quit vaping salt nicotine, yes, the one that vape bloggers tell you is impossible to quit. I overcame opioid drugs addiction that developed when I recovered after a surgery back in 2015.

My last addiction is sugar. Yesterday night was the night when I ate about 100 grams of it in one take, feeling like I need more and more to take that hunger away. It felt EXACTLY like when I was hitting my 50mg vape literally every 20 seconds no matter the headache and dizziness.

I’m already insulin-resistant. After I’ve eaten all that sugar I felt really thirsty and then it hit me. I don’t want diabetes. I don’t want to inject myself. And I’m already insulin-resistant. It’s not me who crave sugar, it’s my internal animal and it only understands the language of pain and fear of death.

After I quit it, I’m officially a superhuman. Addicted to nothing but self-expression. That’s what I like, that’s who I naturally am.

Gaming community of mine launched their slick new website with their new "ticket system" where people could put in tickets to get help by volunteers.

2 hours and an approval by one of the admins later I managed to inject forge http request into literally every form on that side. Modify permissions, delete users, edit tickets, put invalid values into every attribute of them... In other words break everything.
Turns out the whole thing was coded as a first time project by a person who has no clue about web development and noone is in charge of anything really. There are no requirements, no beta testing, no version control or backups, but at least they had a hard deadline. 🤣

Still not sure if I wanna fix their shit and do it properly or just enjoy seeing it crash and burn.

!rant

I think one of the best moment of life is finding a good song all of sudden. It's like finding a new drug which I can just inject in my ear and code at 100% productivity.

> Found a VBScript to show a messagebox (2008)
> Got challenged to hack an FPS
> Copy-pasted VB6 into VS2008 Express
> Did not understand a single error
> Learned VB.NET
> C#
> Windows died, Linux installed
> Python
> C++
> PHP/HTML/CSS

Now I work with C#, PHP and C++
And I am still not able to properly inject a DLL to hack an FPS (I think)

Worst documentation I've seen?

Our "Coding Standards" 20+ page document. The team who put it together got so detailed, there wasn't much 'wiggle room' for natural deviations in a developer's coding style. For example, a section devoted to no abbreviations. So if you had a variable 'invoiceId', they complained you violated 'standards', even though 'invoiceId' matched a field name in a database table. Using Dapper or another ORM that relied on the 1:1 name match? Nope, you were still forced to inject your own mappers so the code didn't violate standards.

As you can probably guess, such a long, detailed document would have contradictions. I pointed out one of the contradictions. Example:

Page 5: Section B, sub-section B-5, paragraph 3 : "To minimize network traffic, when querying the database, request all the data necessary for the application."
Page 8: Section K, sub-section K-2, paragraph 4 : "For maximum performance, when querying the database, request only the most minimum amount of data necessary for the application ."

In a review I pointed out this contradiction (there were several more)
Me: "If we satisfy A, one could say the code is in violation of B. Which is it?"
<Pointy-Hair-Boss throws his pencil on the table>
PHB: "WHAT IS YOUR PROBLEM WITH STANDARDS! It couldn't be more clear! We are a company of standards because without standards <blah blah..straw man argument..blah blah>"
<deciding not to die on that hill, I move on>
Me: "On page 12, paragraph 9 code is in violation if a method has more than 3 parameters. That seems a little restrictive given our interaction with 3rd party products."
PHB: "There you go again. As stated in the document, ALL code used by the company will comply to our standards. What part of 'ALL' do you not understand?"

Was he bluffing about requiring 3rd party vendors complying with our standards? Heck no. That's a story for another day.

Why do theoretical computer science and maths lectures mostly start at 8 am. I am a nocturnal creature to me is like having to wake up at 3 am for others. There are other kinds of people that like to get up early so here is a suggestion: Why don't we agree that all lectures start at 11:00 earliest? It is a good time in the day for a lot of people and I would have the time to inject myself with some Mate tea.

Toilets in the computer science department.
Hard working students

Guys do you know some good music for coding ???? I really need to inject hype or relaxation into the long long way of coding ?? If you know any good playlist in spotify for coding please say in comment
Thanks.

I needed to print out the documentation of Vue. Their guide, unfortunately, is not printer friendly. Used tempermonkey to inject a script which removes the navbar and sidebar so that I can print it.

I am a hacker

I don't always fight with entity framework, but when I do

I inject raw SQL

Fuck entity

I learned recently that you can inject SQL lines in some fields like Passwords or usernames on some websites. (Hacky hacky)

At work there is this intra website that is used to manage the parts of the radios and computers we repair.
Each piece has a specific number, and there is a tree with every pieces for each radio/computer.

When we get to repair one, we gotta change the pieces virtualy on the website. Sadly sometimes, the virtual pieces aren't marked like they followed the whole Radio from the place they come to the place we repair (we need it to replace the piece). People are just not doing their job, so we have to send emails and call for them do it so we can repair it. (This is already fucked up.)

Today, I had to replace a piece, but it was marked like it's not there. I called the guy, and it seems like he is on a vacation for weeks. My superior was super annoyed due to the urge of this task.

Guess who managed to change the _mainlocation_ of the _piece_ in the _radiopieces_ table. (Not actual names, you malicious cunt)

I spent 3 hours looking for the name of the fields and table. I don't know how many times I had to refresh the dam page to see I failed once again.
Hopefully I didn't have to guess all of them. Also the joy when I realised I succeed !!!

No one bats a eyes, and I'm here, feeling infinitely superior, as I might get punished for wanting to do my job.
I know it's basic moves to some of you, but dam it felt good.

Conclusion: Do what you have to, specially when it takes 5 minutes and people need it.

No-code web design tools are made for the sole purpose of lacking features in order to torture a developer after marketing or sales requests something that the tool cannot do, or can but requires a very roundabout way of doing things. Extra points for things that have a JS API instead of letting you inject the damn thing.

Why the fuck is 32 bit still a thing on modern windows? I'm trying to make a program that injects some CBT/Shell event handler code into all running applications and I have to do everything twice because the majority of my programs run in 32 bit mode and I can't inject my 64 bit dll... I hope that one day we will say goodbye to 32 bit for good. Fuck!

Today I had a problem with a JS framework. The only person who was available who could help me was the one I avoid, because he always knows everything better.
Well, after I asked if he had time for me, he sits next to me and I started to explain.
After looking around, he started blaming my backend code.
(I belong to the kind of dev that tries to write small and simple code. But I also often use the more complex features of the languages.) He suddenly started accusing everyday things in the backend like inheriting a class or using objects and basic data types together as parameters of a method (WTF???) Hell, all I could say at that moment was that I had a problem with this JS framework and not with the backend that worked well. He probably tried for over an hour to find the bug in the backend and just wouldn't listen, after that he gave up. I wonder what this bitch has learned over the years. Can it really be that he forgot the basics of a programming language? Or has the fool never worked with an inheritance before? I think he's an incapable piece of shit, he hasn't even patched my reported vulnerability in his project in the last half year, which allows to inject own code onto the server.
Because of such fucking morons I get a headache when I think about it. How can it be that he's got a higher degree and earns about 50% more. I should leave this company!

How property Inject in Spring framework feels like...

I HATE SURFACES SO FRICKING MUCH. OK, sure they're decent when they work. But the problem is that half the time our Surfaces here DON'T work. From not connecting to the network, to only one external screen working when docked, to shutting down due to overheating because Microsoft didn't put fans in them, to the battery getting too hot and bulging.... So. Many. Problems. It finally culminated this past weekend when I had to set up a Laptop 3. It already had a local AD profile set up, so I needed to reset it and let it autoprovision. Should be easy. Generally a half-hour or so job. I perform the reset, and it begins reinstalling Windows. Halfway through, it BSOD's with a NO_BOOT_MEDIA error. Great, now it's stuck in a boot loop. Tried several things to fix it. Nothing worked. Oh well, I may as well just do a clean install of Windows. I plug a flash drive into my PC, download the Media Creation Tool, and try to create an image. It goes through the lengthy process of downloading Windows, then begins creating the media. At 68% it just errors out with no explanation. Hmm. Strange. I try again. Same issue. Well, it's 5:15 on a Friday evening. I'm not staying at work. But the user needs this laptop Monday morning. Fine, I'll take it home and work on it over the weekend. At home, I use my personal PC to create a bootable USB drive. No hitches this time. I plug it into the laptop and boot from it. However, once I hit the Windows installation screen the keyboard stops working. The trackpad doesn't work. The touchscreen doesn't work. Weird, none of the other Surfaces had this issue. Fine, I'll use an external keyboard. Except Microsoft is brilliant and only put one USB-A port on the machine. BRILLIANT. Fortunately I have a USB hub so I plug that in. Now I can use a USB keyboard to proceed through Windows installation. However, when I get to the network connection stage no wireless networks come up. At this point I'm beginning to realize that the drivers which work fine when navigating the UEFI somehow don't work during Windows installation. Oh well. I proceed through setup and then install the drivers. But of course the machine hasn't autoprovisioned because it had no internet connection during setup. OK fine, I decide to reset it again. Surely that BSOD was just a fluke. Nope. Happens again. I again proceed through Windows installation and install the drivers. I decide to try a fresh installation *without* resetting first, thinking maybe whatever bug is causing the BSOD is also deleting the drivers. No dice. OK, I go Googling. Turns out this is a common issue. The Laptop 3 uses wonky drivers and the generic Windows installation drivers won't work right. This is ridiculous. Windows is made by Microsoft. Surface is made by Microsoft. And I'm supposed to believe that I can't even install Windows on the machine properly? Oh well, I'll try it. Apparently I need to extract the Laptop 3 drivers, convert the ESD install file to a WIM file, inject the drivers, then split the WIM file since it's now too big to fit on a FAT32 drive. I honestly didn't even expect this to work, but it did. I ran into quite a few more problems with autoprovisioning which required two more reinstallations, but I won't go into detail on that. All in all, I totaled up 9 hours on that laptop over the weekend. Suffice to say our organization is now looking very hard at DELL for our next machines.

Developers who think complex code is good.

"Oh, lookie here, I can swizzle methods and inject dependencies in the runtime!"

"Although we have no valid use case, let's use dependency injection and follow the commandory stateor patterns because I watched a video."

Just because you learn something new that looks cool does not make it practical, you tosser.

Oh ffs, just fucking inject a chip into my finger already for authentication purposes, you can track my every fucking move if you so wish. When a web page like twitch uses 2FA it boggles my mind because its a page where you're watching some fucking videos.

"hey there, so out of the blue, we send you a code to your email, we won't tell you which so good luck. Also, you cannot copy paste this code because we did that fucking thing where each character has its own textbox"

Of course, this is only because we are dumb enough to reuse shitty passwords. THIS IS WHY WE CAN'T HAVE NICE THINGS.

So at work, there is this class/model thing that's for storing translated strings. It also supports n-level nested macros, cascading lookup (e->d->c->b->a->blank), and I've added transforms too. The code is a bloody mess and very inefficient (legendary dev's code), but it's useful.

You call methods with a symbol representing one of the strings, and it does... whatever you ask, like return text, booleans, expand macros and submacros, pass in data to interpolate, etc.

But I just learned something today.
Its `.html` method... doesn't support html. In fact, calling it strips out all html, takes whatever is left, and attempts to convert that back into html. Because that makes so much sense. So, if you have an html string? Don't call html on it.

Also, macros use the same <angle brackets> as html tags, and macro expansion eats unknown macros, so... you can't mix html and macros, meaning you cannot inject values into your markup. That's a freaking joy to work around. (You end up writing a parser every time.)

So no, if you have an html string, you need to get the raw data out and handle it yourself. Don't reach for that shiny .html method; it'll just ruin your day.

It's the little things that make my day so terribly long.

I like helping out on weird little projects that keep my brain fed. One of our IT guys needs a little form that can auto inject some info from a small data store (Google sheets). There's a few caveats within his specs. All can be done with some js relatively easily.

But because I said it can be done he thinks it'll take 10mins and now suddenly he's putting pressure on me to do it, despite me also having an actual job to do! So frustrating!

Probably when I took my first dip into scripting and realized it was possible to inject stupid jokes into any website I knew.

forgot to inject a dependency in Angular -.-

A quick rant about dependency injection.

I see far too often in projects, a huge over-reliance on dependency injection / IOC frameworks which permeate throughout the entire codebase.

I cringe every time I see a constructor annotated with @Inject and 10 params.

The benefit of these frameworks is how easy they make it to manage many dependencies. What I dislike about them, is exactly that. I feel that they make it TOO easy to manage many dependencies.

How trivial is it to simply add another constructor param? exactly. And people then wonder why their dependency tree looks insane.

I am a strong believer in injecting dependencies the traditional way, via the constructor with no fancy framework. The reason being that it forces you to think more about the dependencies you are adding to your classes, and consider if they are really all needed.

The other problem I have with it, is it basically encourages you to inject everything because its so easy. The purpose of dependency injection is inversion of control and allowing classes to depend on abstraction rather than concrete implementation. All that goes out the window when you @Inject 6 different concrete classes.

Use dependency injection for its intended purpose, not as an excuse to be lazy and avoid thinking about dependencies.

Manager said we need to use Queue. Several meetings after then I looked at prototype by 6 senior devs:

A QueueListener connects to RabbitMQ check for payload then *disconnects*;

A TaskProvider in ASP.Net.MVC.Core(whatever it is) listening http and dependency inject that QueuePoller;

A Visual Cron timer calls that http url every 5 minutes.

Wait for it: a set of database tables to store messages for another MessageProcessor.

It’s a XML to CSV file conversion project consists of 43 unique projects under a solution. I did it within 500 lines of Node with ElasticSearch and told we don’t use fancy new stuffs here.

BRB, gonna inject some pure caffeine in my veins.

Thanks to @Gormack, everybody is now trying to code inject my website! I have you beat! (Please nobody skilled try it I'll weep)

I always thought wordpress was ok, not great not terrible, from a coding perspective. Now every new framework I have worked on makes me see why Wordpress is on 40% of the internet.

Now I love wordpress not because of what it did do, but because of all the really stupid things it managed to avoid doing including: over abstraction, trend chasing, using "new transformative technology" that disappears in 2 years, breaking plugin economy with updates and making devs start over, making everything OOP for the sake of making everything OOP, making adding on a bit of code take multiple files of multiple formats and boiler plate code, boiler plate code, compiling dependencies, composer, twig, laravel, one page applications, react, angular, vue, javascript only stacks (MEAN), not letting you control sql queries, protected/private scopes and design that doesn't let you fix or alter bad code others did, and the list goes on and on.

Wordpress did a lot right, and devs should try learning from it instead of making more problems to solve. Sure it's not elegant, but you known what it does do? Focus on a solving a problem. Then it does. Without inventing new ideas or concepts to inject into the code and create new problems.

And you know what else? Hooks are actually very well implemented in Wordpress. I've seen it done much worse.

Honestly my main gripe with the entire platform is a slow moving to OOP for no reason and the database design should separate post type into different tables, the current design makes it less scalable for large data sets for multiple reasons so I'd fix that.

I am working as designer, doing psd to html stuffs and i'm having hard time when the developers inject their own css inside the html elements (inline) and broke the responsiveness

I feel fucking stupid about using a custom node system at work. It is designed to generate an xml file for configuration. However, when using a node I cannot add more to the node unless the node has data. So I gotta call a function to inject useless XML into the node for it to not be empty. I literally set the internal data to <key></key>. It is stupid and I hate it. Just let me create my node hierarchy damn it!

Is this some weird data pattern I should know about? Like what does preventing adding data to an empty structure do? I have the root node. Is that not enough. Remember, this is custom node system that is probably fucking 20 years old. The previous coders did a lot of walled garden shit that I also hate. Prevents reuse of code. This code might just be more of that shit.

Soo I am currently using Kali to have some fun.

While checking out MITMf I saw you can inject own JS scripts. I immediately begun to work on a "Marcel Davis Injectoin" Troll!

(FYI Marcel Davis is an German meme because he worked for an ISP as "The Service Guy")

My Script changes backgrounds, plays a Meme Song and puts a canvas in front of every input so you can't just click anything.

More features will come! :D stay tuned

I'm trying to get into react for side projects but my java and backend background in general really make things tough. Let's say I have a few data manipulation functions that I want to extract to a separate service and inject it using react hooks (since that's what everyone is using nowadays apparently). I can see it being much more elegant than props, but all the examples I can find resolve around passing state here and there, not passing actual dependencies like a stateless service. Any ideas how I should solve this?

From HTML CSS javascript to some voodoo WPF xaml and c#, mvvm and databinding dependency inject cluster bomb to my brain god Microsoft just put a tutorial out like a normal group of people. where you do examples of projects. I'm 2 weeks in and this still makes no sense

How do you remove a category (jokes/memes) from you rant feed on the desktop website?

In the app you just simply click the tags you don't want.

Or does someone have a script ready that you can inject into the website?

I’m so sorry if this is the place for questions. I’m terrified of stack overflow and have been searching for a week for a solution and can’t find one. This is for React.js people.

I was tasked to create a webpage with react. The limitation is, they did not wanna adopt the node.js dependency. I said ok, I’ll figure it out. You can inject react, material UI, and babel with script tags in HTML, then put ur lil components in it. I did that and it works beautifully.

However, now I have to write tests for this. I think it’s actually impossible without a way to render React, so I have to use the browser, or node, right? I convinced my boss to allow me to use a node.js container just for testing, which I thought would make my life easier.

I don’t know how to render this thing with node. It’s just an HTML file that pulls react via script tags, and idk how to serve html with node. Additionally, none of the React testing libraries seem to support testing a system that wasn’t designed to be served with node, at least not easily. My gut tells me that the complication with how things are imported contributes at least a little to this (dependencies pulled via script tags in the HTML file and made available to react through global const variables).

I could be wrong about any of this — im fairly new. But how tf do I go about testing these react components? For reference, if you go to Reacts docs, there’s a section called “add react to a page in one minute” that’s pretty much what I did.

Ugh, fuck man. I had planned an extremely general function for printing a truth table for a given proposition for a course, with a little functional programming thrown in. Instead, we are just supposed to show all 2^8 possible truth tables for 3 variables. That's eight nested loops with a hardcoded string that you inject the 8 values in.

I feel so disappointed

A database fetch. All rows at once. Not that many rows, maybe 50.

But oh boy when someone forgot that the repository is wired to magically inject SQL that joins other tables and does ineffective loops to create thousands of objects in the background.

Been fun finding memory hogs in the codebase.

When I made a PoC xss thingy.

So this webapp (which I was locally hosting) had a message functionality that allowed iframes to be sent through, but they could only originate from a specific domain. They used a bad regex tho, as the workaround was on an OWASP wiki page, which was the third search result for 'XSS'. I then used this iframe to load in a different page on this app where I could inject js in the title field. Then I discovered this field has a length limit, but I could just fit in a script that would base64 decode the hash part of the URL and eval it. I then updated the iframe to include a script that would automatically change the message signature of anyone who loaded it to include the iframe again in their message signature. Because these two pages were from the same domain, I had gained full control of the messaging app too, allowing me to do this and circumvent the csrf system.

I felt like I had achieved something.

I am currently trying to integrate a java webeditor/IDE into my company's product.

It's a nocode platform that supports extentions through codeunits. Currently we are lacking a way to store them inside the application and compile and inject them while thapp is running, that's what I'm creating.

Swallowing a pufferfish is a terrible way to go out if you're a marine predator. The damn thing immediately inflates, blocking your throat. Its spikes dig into your flesh, preventing you from spitting the damn thing out. As you struggle, spikes inject venom, and you die.

Rant("
I wonder if Orchardcms with its great idea to replace the mvc pattern with an mpvchds pattern (model part view controller handler driver shape) should inject dependencies of IHateble, IBullShitService and IFuckingFuckshitCMS Interfaces.
");

A demon process is running inside me,
whenever I hear your name it's triggers an interrupt to brain,
Causing my brain to stop working and perform a context switching to think about you...
My memories are encrypted by your memories as like wanna cry...
And it demands to always think about you as a ransom...
I tried songs as a patch, But
I found that you memory encryption can't be fixed with any patches...
My heart is not strong as Linux ,
It's so week like Microsoft...
So please don't inject more bugs as my system can't sustain that...
I hope you will also get some disturbance like segmentation fault as you are trying to access my memories..

I'm trying. I'm really trying to understand you Dagger 2. But every time I read articles, look at source code and just try to understand how your magic works, I end up copy pasting the sample code. And then I don't know what I even did ffs.
Maybe it's so damn hard for me because I don't understand Dependency injection? But I think I do... What can I do to understand you? Please tell me?
Especially when my use case requires nested fragments and isn't just that typical inject fragment to activity sample...

And now I have to fill in all of the injected fields in my integration tests by hand because I can't figure out how to fucking make you piece of shit do the motherflipping injection!! Fuck.

I need painkillers... My head starts hurting

So I was wondering if any of you know if any good ways to inject additional functionality into a function in CPP. My use case is injecting a counter into an OpenGL draw function to see how many times per frame it's called. I know I can do this using assembly Inca more hacky manner as you might do for cheats in games(code caves), but I'm more interested in adding is for debugging/statistics for the game engine I'm working on. Basically im looking for a portable stable way of doing it that when I compile as a debug build, the code gets added to various functions, and when I compile under release, it doesn't.

Example:
glDraw();

Would call
glDraw() {
drawCount++; //some debug stuff
glDraw(); //call the real one internally
}

I should mention with code caves you can do this by saving the original address of the function, patching the vTable to point to your new function that has the same parameters etc, then all calls to that function are redirected to yours instead and then you simply call the original function with the address of the function you originally saved. That said, I'm not sure how to access vTable, etc the "normal" way...

I have to study dependencies injections but i am in pochinki

So I'm new to NestJS, Node, etc. and I just noticed that the guy working on the API made every request call a different service class, instead of using a single service class. For example.

get() {
return await this.getObj.run()
}

post(myDto){
return await this.storeObj.run()
}

update(myDtoUpdate){
return await this.updateObj.run()
}

And I'm not sure why. He's also injecting the request into those classes, instead of passing the DTO to the method call. I mean, it's still injecting the data into it I guess, but it seems so roundabout. Something like this:

public constructor(
@Inject(REQUEST) private request: Request,
){}

I'm scared, but I'm not sure if it's just my own ignorance or a sixth sense telling me that this is gonna be a mess.

Have you seen APIs implemented this way? I can see the benefit of dividing the code into smaller classes, but it just seems overkill to me, specially when there's a big chance that code will be repeated (getting an entity by ID when updating it, for example).

I'm still in time to kill this with fire before a new monster is born though, so that's something.

Dude, stop using dependency injection for your loggers. We don't need to inject that crap. Just define it and be done.

Me: Assigned to do some NoSQL injections test cases in December on Jira by product owner.

After asking him about it, he said it can be vague and it’s only for developers to get an idea. I also have this restriction where I can’t really keep actually data or databases in our test sample application, so I could only mock mongodb. Product owner says just mongo is fine.

I do it. Now it’s January, product owner away for a month we so director is managing it. She then schedules me to talk to database team. I show them the very simple test cases which essentially just inject payloads I found online into different parameters specified in test case. They say if that’s it. I say yes. They say what’s the point of this. I said that it’s probably to test your database clients and ensure they’re rejecting bad Malicious input? They then keep asking but I’m just the dev and tell them the product owner is away. Then the guy calls my test case essentially useless and the others agree. Then they tell me to do it for other databases which I can’t mock like couchbase even tho my PO said it’s fine for mongo only.

Am I just being silly here? I am pretty new to working in a dev environment so please feel free to be blunt.

Spring roo by a country fucking mile, it tries to do too much magic under the bonnet, it creates files which if you modify it gg from me and gg from him (two Ronnie's), if you generate html forms with it takes less than half a beer to either SQL inject or xss it and worst of all it has one of those names that no-one can take seriously.

My advice avoid it like the syphilitic donkey it is.

Anyone have any info about unconventional ways to inject JavaScript into an external website? I'm trying to become more knowledgeable about security vulnerabilities in the web apps I build and I've been having a lot of fun trying this stuff out in other live sites haha. I've tried adding js code to text boxes, input fields, and the uri but nothing has been successful. I read something about modifying cookies I think...

I heard I should not allow users to inject arbitrary text into my webpage without sanitizing it. Is it a clean solution to just eval it on the (node) server, and if it runs not post it because it's obviously JS and not just text?
Any opinions on that?

One of our partners sent me a Key Injection Tool to inject encryption keys into a PINPAD with. Looks like they were short on developers and had to hire Python typists who have made a mess of a simple AES encryption/decryption. When do these companies learn that writing a security related software in Python is not really secure? I had to read the rubbish in Python and read it from scratch in C++ to get it to work, and am now contemplating whether to provide that company with my version of their Key Injection Tool or not...

Anyone got any good browser extensions or VS Code extensions for checking vertical / horizontal alignment? Sure I can inject an outline, but want to hook up this functionality to a hotkey...

why @RantSomeWhere is always so fucking angry?

did you inject with any testosterone before 🙄?

What's the minimal feature set that can make a language as ornamented as JS into a comfortable REPL?
Should I write a full parser or should I try to patch my way around with regex?
It will have to interface a lot with JS so it has to be able to manage JS datastructures in some fashion, which means that I can't just make a whole new command line with its own programs.

My current plan:
Some delimiter (probably a semicolon) will take the output of a command and inject it in the next in case you decide halfway through a line to do some more processing, It also awaits promises and does some other nice stuff to make controlling such pipelines easy. I have an elaborate system in mind to decide where a value must be injected to make the line valid so in most cases you don't even have to indicate it. JS has beautifully simple syntax rules so I have a lot of technical balance to burn before I start building technical debt.

I have some ideas for automatic parentheses and commas in function calls. I realize while using a command line you do not want to tap shift often. My main idea here is that two names or values in js are always joined by an operator so the first missing operator is a call and following missing operators are commas until the end of line. This has lots of nasty edge cases though, like that no argument expression can begin with a unary operator or a bracket of any shape. You can always prepend a comma but it's cognitive load.

Anyway, do you have any suggestion or warning besides "js bad" which I know but it's the most popular sandboxable language and has a massive existing set of libraries which I kinda need.

want to ask the guru one, is there a way to automate things in netbeans!?
For example, is there something to set to, upon a creation of a new Angular Service, automatically include the js file in index.html and inject the service name in angular application!?

I just discoverd a search input and can inject code on it. Send a email to the owner talking about the problem and what can happen. i dont received a reply and the website Stay the same