Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "investigation"
-
!rant
After over 20 years as a Software Engineer, Architect, and Manager, I want to pass along some unsolicited advice to junior developers either because I grew through it, or I've had to deal with developers who behaved poorly:
1) Your ego will hurt you FAR more than your junior coding skills. Nobody expects you to be the best early in your career, so don't act like you are.
2) Working independently is a must. It's okay to ask questions, but ask sparingly. Remember, mid and senior level guys need to focus just as much as you do, so before interrupting them, exhaust your resources (Google, Stack Overflow, books, etc..)
3) Working code != good code. You are an author. Write your code so that it can be read. Accept criticism that may seem trivial such as renaming a variable or method. If someone is suggesting it, it's because they didn't know what it did without further investigation.
4) Ask for peer reviews and LISTEN to the critique. Even after 20+ years, I send my code to more junior developers and often get good corrections sent back. (remember the ego thing from tip #1?) Even if they have no critiques for me, sometimes they will see a technique I used and learn from that. Peer reviews are win-win-win.
5) When in doubt, do NOT BS your way out. Refer to someone who knows, or offer to get back to them. Often times, persons other than engineers will take what you said as gospel. If that later turns out to be wrong, a bunch of people will have to get involved to clean up the expectations.
6) Slow down in order to speed up. Always start a task by thinking about the very high level use cases, then slowly work through your logic to achieve that. Rushing to complete, even for senior engineers, usually means less-than-ideal code that somebody will have to maintain.
7) Write documentation, always! Even if your company doesn't take documentation seriously, other engineers will remember how well documented your code is, and they will appreciate you for it/think of you next time that sweet job opens up.
8) Good code is important, but good impressions are better. I have code that is the most embarrassing crap ever still in production to this day. People don't think of me as "that shitty developer who wrote that ugly ass code that one time a decade ago," They think of me as "that developer who was fun to work with and busted his ass." Because of that, I've never been unemployed for more than a day. It's critical to have a good network and good references.
9) Don't shy away from the unknown. It's easy to hope somebody else picks up that task that you don't understand, but you wont learn it if they do. The daunting, unknown tasks are the most rewarding to complete (and trust me, other devs will notice.)
10) Learning is up to you. I can't tell you the number of engineers I passed on hiring because their answer to what they know about PHP7 was: "Nothing. I haven't learned it yet because my current company is still using PHP5." This is YOUR craft. It's not up to your employer to keep you relevant in the job market, it's up to YOU. You don't always need to be a pro at the latest and greatest, but at least read the changelog. Stay abreast of current technology, security threats, etc...
These are just a few quick tips from my experience. Others may chime in with theirs, and some may dispute mine. I wish you all fruitful careers!221 -
My dad found a phone a few weeks ago and asked me what he should do with it. Knowing how much it hurts to lose personal data, I said I could try to find the owner and send it back.
My first attempt was to search through the files on the SD card in order to find an identifying document (CV, bill, address...) but there were only family pictures.
My second attempt was to unlock the phone and check the information about the owner and the accounts linked to it. But for this to be possible adb has to be enabled. Good thing is that that particular brand shows an option for activating adb on the recovery menu.
But then, it's Android Oreo and I haven't found a way to lift the lock pattern. I thought I could bruteforce it over the shell (as I found there could be about 1300 possibilities for 2 to 5 point patterns), but there is the same attempt throttling as on the screen so that would take ages.
Finally, I found the owner in the most "social" way : The phone was displaying the weather for a particular place. It turns out that there are only 3K inhabitants in that city, si I thought that a big enough Facebook group might help me find the owner. So I posted a message on a 500 people FB group dedicated to this city with a selfie of the owner : someone identified her within 20 minutes.
Mission accomplished 😎42 -
I've been asked to do some investigation at work regarding an IT security incident. Thankfully I've watched plenty of CSI so I'm just working on building a GUI with VB to track the IP...7
-
Hey, Root? How do you test your slow query ticket, again? I didn't bother reading the giant green "Testing notes:" box on the ticket. Yeah, could you explain it while I don't bother to listen and talk over you? Thanks.
And later:
Hey Root. I'm the DBA. Could you explain exactly what you're doing in this ticket, because i can't understand it. What are these new columns? Where is the new query? What are you doing? And why? Oh, the ticket? Yeah, I didn't bother to read it. There was too much text filled with things like implementation details, query optimization findings, overall benchmarking results, the purpose of the new columns, and i just couldn't care enough to read any of that. Yeah, I also don't know how to find the query it's running now. Yep, have complete access to the console and DB and query log. Still can't figure it out.
And later:
Hey Root. We pulled your urgent fix ticket from the release. You know, the one that SysOps and Data and even execs have been demanding? The one you finished three months ago? Yep, the problem is still taking down production every week or so, but we just can't verify that your fix is good enough. Even though the changes are pretty minimal, you've said it's 8x faster, and provided benchmark findings, we just ... don't know how to get the query it's running out of the code. or how check the query logs to find it. So. we just don't know if it's good enough.
Also, we goofed up when deploying and the testing database is gone, so now we can't test it since there are no records. Nevermind that you provided snippets to remedy exactly scenario in the ticket description you wrote three months ago.
And later:
Hey Root: Why did you take so long on this ticket? It has sat for so long now that someone else filed a ticket for it, with investigation findings. You know it's bringing down production, and it's kind of urgent. Maybe you should have prioritized it more, or written up better notes. You really need to communicate better. This is why we can't trust you to get things out.
*twitchy smile*rant useless people you suck because we are incompetent what's a query log? it's all your fault this is super urgent let's defer it ticket notes too long; didn't read21 -
Hey everyone - earlier tonight a surprise change in the Apple subscription API response caused devRant++ members on iOS to temporarily lose their supporter status. All should be restored now, and within the next day supporter start date for all community members in this group will be reset back to the correct start time.
We appreciate all of your support very much and apologize for this issue - I have to do some investigation into how this change happened and if there was any warning.
Thanks everyone!4 -
Although it might not get much follow up stuffs (probably a few fines but that will be about it), I still find this awesome.
The part of the Dutch government which keeps an eye on data leaks, how companies handle personal data, if companies comply with data protection/privacy laws etc (referring to it as AP from now on) finished their investigation into Windows 10. They started it because of privacy concerns from a few people about the data collection Microsoft does through Windows 10.
It's funny that whenever operating systems are brought up (or privacy/security) and we get to why I don't 'just' use windows 10 (that's actually something I'm asked sometimes), when I tell that it's for a big part due to privacy reasons, people always go into 'it's not that bad', 'oh well as long as it's lawful', 'but it isn't illegal, right!'.
Well, that changed today (for the netherlands).
AP has concluded that Windows 10 is not complying with the dutch privacy and personal data protection law.
I'm going to quote this one (trying my best to translate):
"It appears that Microsofts operating system follows every step you take on your computer. That gives a very invasive image of you", "What does that mean? do people know that, do they want that? Microsoft should give people a fair chance for deciding this by themselves".
They also say that unless explicit lawful consent is given (with enough information on what is collected, for what reasons and what it can be used for), Microsoft is, according to law, not allowed to collect their telemetrics through windows 10.
"But you can turn it off yourself!" - True, but as the paragraph above said, the dutch law requires that people are given more than enough information to decide what happens to their data, and, collection is now allowed until explicitly/lawfully ok'd where the person consenting has had enough information in order to make a well educated decision.
I'm really happy about this!
Source (dutch, sorry, only found it on a dutch (well respected) security site): https://security.nl/posting/534981/...8 -
To all newbie developers,
Before you ask a doubt about an issue to someone else,
Try doing an initial investigation to find the root cause,
Look into the logs,
Find the stack trace,
Google things,
Have breakpoints and try to debug.
You come to me with a weird NullPointerException and ask me why,
Without even looking into the logs once? We ain't God bro.13 -
Being part of the team who did the initial investigation and analysis on the wannacry ransomware which took down our hospital. 100 hours in one week getting everything back online. Was intense but amazing!8
-
God damn it, i said so many times that this functionality is proof of concept and needs more investigation into technical/legal details...why the flugzeug mr account manager have you gone and emailed all your client accounts telling them we are now offering it?... why are you messaging me starting your sentence with "now that we provide..." god...damn...it4
-
> Customer logs Jira ticket claiming app is not working
< I restart the app, investigate and explain tht their server has issues
ø Client closes the ticket as Resolved
-- a couple of days pass by ---
> Customer logs Jira ticket claiming app is not working
< I restart the app, investigate and explain tht their server has issues
ø Client closes the ticket as Resolved
-- a couple of days pass by ---
> Customer logs Jira ticket claiming app is not working
< I restart the app, investigate and explain tht their server has issues
ø Client closes the ticket as Resolved
-- a couple of days pass by ---
<...>
< I log a JIRA ticket explaining what and how is wrong with the server with suggestions how to fix the problem so the app will not crash any longer (client own the server, has his own sysadmins -- I don't even had permissions to open syslog.. had to hack dmesg on their PROD server to pin-point the issue)
> no reaction from customer for weeks. I ping the ticket
× app crashes again
> no reaction from customer for weeks. I ping the ticket
> customer leaves a comment that their sysadmins are looking at it trying to figure out what might be wrong (ignoring what I wrote in ticket's description??? srsly?)
× app crashes again
< I post detail investigation details: snips from logs, screenshots, everything with crystal clear explanations.
> no reaction for weeks
......
well that's fun..6 -
Had a rough time. Dropped out of college twice. Got sent by a shrink to be tested for ADHD. Investigation dropped after phone interviewing my scientology parents. Depressed and admitted to the ward twice. Homeless for a month.
But come Monday I'll start my employment as a COBOL developer. My first qualified job! Code and all resources for learning online has really saved me.8 -
Got a report from a customer saying that our scraper does not correctly scrap content of one of their news articles. After two seconds of investigation it turned out that the "article" is just one huge JPG file with text, photos and even something looking like links.3
-
In the distant year of 2022.
Safari changes its logo to more appropriately reflect its position as the new Internet Explorer.
Chrome monopolized the spyware market and is facing another antitrust investigation.
Mozilla finally managed to fire all the developers working on Firefox and replaced them with highly trained dead monkeys.
Brave successfully consolidates itself as a cryptocurrency wallet and leaves the browser space.
Edge has two new users.
Who the **** is Vivaldi8 -
Came to work and there ware my boss and CEO waiting there next to my place.
"Hey, you remember that you mentioned yesterday that you had a break through and the thing is finally starting to do something? We have few journalist downstairs can we show them a demo in like five minutes?"
"Ok, give me five minutes and don't click here and there otherwise it blows up."
My boss came back from presentation after ten minutes that it doesn't work, after little investigation turns out to be hw issue, replaced hardware went to the conference room and it worked.
Crazy deadlines? No, just another day at work. -
1996, my colleagues trying to port Chorus microkernel on Cray supercomputer. System crashes every ~5 days with no apparent reason. After weeks of investigation someone notices one of the network cables slightly longer than others ... after ~5 days and speed of light the Cray would miss a clock tick and crashes. Replaced network cable and it works fine!
Don't mess with supercomputers ...2 -
So this customer wanted me to create an app using Flutter (user and admin), PHP for the backend, so I made one for him . He seems to complain he can't login to the admin account which he called me to registered for him right after the payment and weeks later.
With deeper investigation , I checked the log he drop the table where users authentication is stored and blame me about that. Which I fixed it lately by creating a table back.
Later I visit my account Shopee , he reviewed me as "THE WORST PROGRAMMER "
So I was like WHAT THE FUCK? YOU DROP THE TABLE WHICH LEAD YOU CANT LOGIN AS AN ADMIN AND BLAME FOR THAT?15 -
Because of hardware failure we had to move some vpns from one datacenter to another.
The team of highly untrained monkeys at my hosting provider were hired to do this. First they ran backups of all the systems. Then they started the moving process. A few hours later they were done. We got an email everything was back online.
So we restarted all our processes and no data was coming in from our Raspberry's around the country. So we start a little investigation. What did these buffons do, they changed our rsa keys.
So we kindly ask them to put the old keys back so we do not have to fix 200 changed key warnings on systems that are not remotely accesible.
Apperently something that can't be done because their back up process is automated and always makes new keys.
Holy fucking fuck, whats the point in having a backup its not an exact copy. Is this fucking normal?
Now I will be spending the next few weeks literally standing in cow shit reconnecting Raspberry's.
Thanks a fucking lot. Not!4 -
“Arya” and I were classmates in college. We were in the same year and did the same major. We’ve known each other for 16 years and have worked together twice; one time she was my manager and the other time I was hers. We often attend the same work-related conferences and exchange thoughts on articles that appear in industry publications. Our relationship is a professional one, although I did attend her wedding because her husband was in the same fraternity as me, and she did introduce me to my future husband at a networking charity event. Besides her wedding, we have never talked outside of work or a networking event.
I was hiring for a position and one of the promising candidates was working for Arya and had put her down as a reference. Arya sung her praises and told me she was the best employee in the department. The position I was hiring for would be a promotion for the candidate, and Arya said there was no room for promotion in her department at the moment. Based on Arya’s glowing review and the same from another manager there (and her strong resume), I hired her.
It was a catastrophe. Her work was sloppy and disorganized. She struggled to do basic tasks, missed deadlines, and was sometimes cold to her coworkers and clients. She was asked to take point on a project because her resume listed a similar project, and it went so far off the rails we had to bring in outside help to get it back on track. I know a promotion and new company can be an adjustment, but she was incompetent beyond having to adjust to a new place. Her mistakes cost us so much money she had to be fired.
When I spoke to Arya the first time, she played dumb. The second time, she admitted to lying about how good the candidate was because she was tired of dealing with her mistakes and wanted her gone. She told the candidate she wouldn’t fire her if she quickly left on her own and promised a good reference in exchange. The other manager agreed to do the same thing when Arya asked him to. Arya also told the candidate to lie about how long she worked there to make it seem like she was there longer and to put the project on her resume even though she wasn’t point on it. Arya said it was business and nothing personal.
After she was fired, my boss told me the bad candidate is being investigated by federal authorities for regulatory violations from her time at Arya’s company. The investigation started just when we were interviewing her, and Arya knew about it and didn’t tell me. The other manager is also being investigated for the same violations, which is how Arya got him to lie about the candidate. If the candidate had not left her job there, she would have been fired when word of the investigation got out. We had another candidate who worked for Arya, and Arya told me he was a mediocre employee who does the bare minimum. He just won two different prestigious industry awards. Arya also admitted to lying about him because she didn’t want him to leave. He still works at the same company as her.
I’m angry. She knowingly lied to me. I put stock in her opinion because of our relationship. I feel stupid and duped. I’m afraid making such a bad hire and passing up a good candidate will make me look bad and affect my career. My boss and her boss are upset about this debacle, and everyone knows something is up because the regulators came in when they found out the candidate worked here. They haven’t found anything yet but everyone is still nervous. The other manager who lied about the bad candidate has already been arrested and, based on what the bad candidate is accused of, she will likely be arrested soon also. (Arya cooperated with authorities, isn’t being investigated, and isn’t accused of doing anything against regulations.)
I don’t plan on talking to Arya again beyond being arms-length and professionally cool if I run into her at a conference and others are present. I’m not even sure if I can go to her boss because I don’t have any proof beyond her telling me verbally. Whether I knew her or not, the lie was egregious. Do I tell her boss? Do I confront her or leave it alone? She didn’t show any guilt or apologize to me.8 -
Dear Australian Government and National Authorities, you can go fuck the right away with this shit!
It’s bad enough we are a country of national data collection with flimsy laws of obtaining access to said data, but to then go that one step further and shove back doors into everything is going too far.
https://news.com.au/technology/...
Under the proposed new laws, Australian government agencies could compel companies to provide technical information such as design specifications to help in an investigation, remove electronic protections, assist in accessing material on a device subject to a warrant and even build or install software or equipment that could help authorities gather information.
What could possibly go wrong 🤷♂️2 -
Hello devRant,
This is already from a few days ago but I had to process the whole thing myself first.
It was a normal day at work nothing special. Customers came in got their repaired PC's/Laptops and brought some new work in. So I went through some and then I got to the case that is the most well unbelievable and shocking I had in the only 2 years doing this. At first it was a normal HDD bad sector thing and I started copying the old HDD to a new one.
//NOTE: the program we use shows every file it's copying and the sectors it spans //
Suddenly I saw a weird thing happening where it started copying tons of files from a folder called "mature/kids" over to the new HDD.
I noted the path and after it finished we returned the laptop to the customer and he luckily left his old HDD with us. So my boss and I we did some investigation and we'll turns out the dude has a whole library of childpornography.
tl;dr check what you copied and report such cases to the police.
Don't do such stupid shit and stay legal guys.
Which you all a great day/night/morning/evening/whatever
//EDIT: I ofc won't post pictures cause of obvious reasons3 -
Post Anger Rant (Beware, Long rant ahead)
So there is this project we have been working for months, most of the devs involved are jr students so I was leading them in the architecture and what to do and they were doing it, the progress was slow but safe and fun.
On the team there was this guy, someone I trusted and in who I had special interest for his skills, so I let him own the github repo.
So the day of the first demo I pull the backend changes ( I had been working on front end ) and I realize that the code was different, so I started using my super awesome forensic skills to find what happened,and when I say different I mean a totally different architecture different database connections, different service pirts, basically other project, so during my criminal investigation I found out this guy I trusted had never really worked with us, from the beginning he went solo working on his own project and changing everything because of some tutorial he found on the internet, so I decided to reset to the previous version just to find out that he had already deployed the code and that a lot of fixes that we should have were only on his version.
So I went and confront him telling him that he did wrong and he had to learn team work and that I was trying to teach them good practices and he waits and asks me "so, my code was wrong?" Seriously what da hell dude? I'm talking about team work and all you can think about is your code.
Finally he admitted his mistake and repented (I think), but seriously how arrogant must you be to ignore a whole team, specially when on your first real project.undefined pichardo long rant up vote me will support soon pichardo for president screw him team work8 -
NCIS Logic. Type "dir" and "find . ." Into full screen cmd and full forensics investigation complete.8
-
We've had a bunch of flaky tests in our repo for a while now that no one could be bothered to fix; we'd just re-run ci until it's green. Today I looked into it and I was inspired to make this meme, because I lived through it.
Adding logs to investigate just lowered the fail rate making investigation more difficult. I do have an idea of what it might be though so, we'll see tomorrow.3 -
I have a Windows machine sitting behind the TV, hooked to two controllers, set up as basically a console for the big TV. It doesn't get a lot of use, and mostly just churns out folding@home work units lately. It's connected by ethernet via a wired connection, and it has a local static IP for the sake of simplicity.
In January, Windows Update started throwing a nonspecific error and failing. After a couple weeks I decided to look up the error, and all the recommendations I found online said to make sure several critical services were running. I did, but it appeared to make no difference.
Yesterday, I finally engaged MS support. Priyank remoted into my machine and attempted all the steps I had already tried. I just let him go, so he could get through his checklist and get to the resolution steps. Well, his checklist began and ended with those steps, and he started rather insistently telling me that I had to reinstall, and that he had to do it for me. I told him no thank you, "I know how to reinstall windows, and I'll do it when I'm ready."
In his investigation though, I did notice that he opened MS Edge and tried to load Bing to search for something. But Edge had no connection. No pages would load. I didn't take any special notice of it at the time though, because of the argument I was having with him about reinstalling. And it was no great loss to me that Edge wasn't working, because that was literally the first time it'd ever been launched on that computer.
We got off the phone and I gave him top marks in the CS survey that was sent, as it appeared there was nothing he could do. It wasn't until a couple hours later that I remembered the connectivity problem. I went back and checked again. Edge couldn't load anything. Firefox, the ping command, Steam, Vivaldi, parsec and RDP all worked fine. The Windows Store couldn't connect either. That was when it occurred to me that its was likely that Windows Update was just unable to reach the internet.
As I have no problem whatsoever with MS services being unable to call home, I began trying to set up an on-demand proxy for use when I want to update, and I noticed that when I fill out the proxy details in Internet Options, or in Windows 10's more windows10-ish UI for a system proxy, the "save" button didn't respond to clicks. So I looked that problem up, and saw that it depends on a service called WinHttpAutoProxySvc, which I found itself depends on something called IP Helper, which led me to the root cause of all my issues: IP Helper now depends on the DHCP Client service, which I have explicitly disabled on non-wifi Windows installs since the '90s.
Just to see, I re-enabled DHCP Client, and boom! Everything came back on. Edge, the MS Store, and Windows Update all worked. So I updated, went through a couple reboots-- because that's the name of the game with windows update --and had a fully updated machine.
It occurred to me then that this is probably how MS sends all its spy data too, and since the things I actually use work just fine, I disabled DHCP Client again. I figure that's easier than navigating an intentionally annoying menu tree of privacy options that changes and resets with every major update.
But holy shit, microsoft! How can you hinge the entire system's OS connectivity on something that not everybody uses?6 -
Glassdoor.com is in hot water after federal investigators in the US sent a subpoena to unmask anonymous users who might be "third party witnesses" to certain business practices by a company under investigation for fraud.
Can DevRant (@dfox, @trogus) be forced to unmask its users (IPs, emails) in a any way, by the US government (@fbi, @cia, @nsa) or any other government (@svr_rf, @mss, @mi6, @bnd), should a similar situation arise?15 -
Lads, this DDoS attack on DYN is must be getting pretty bad, the Department of Homeland security just launched an emergency investigation into the source and apparently Amazon has started being interrupted22
-
After investigation, I'm just refreshing my os and hoping I can reconfigure work applications. Feel bad, but help desk friends are getting me the software to install and are helping me out on a day off.
Wasn't the application like I thought. It was the useless update that won't install and therefore can't be rolled back but is still getting in the way of my work, therefore they can all daisy chain their dicks together in the sane manner little kids make daisy crowns, and then have a steamroller head towards them with faulty brakes (steamroller operator is innocent in this scenario, he jumps out safely).
I'm planning on calling Microsoft in the morning to tell them what I think of them at the moment. But I'm too angry to form words that don't sound petty and childish. I'm open to suggestions.2 -
We started a project in January for which I was the sole developer, to automate tedious interaction with a vendor's ticketing system. We have a storage environment with about 400,000 commodity disks attached(for this vendor-- there are other vendors too), in sites around the US and Canada. With a weekly failure rate of about 0.0005%, that means about 200 disks a week need to be replaced.
This work-- hardware investigation through storage appliance frontends, internal ticket creation, external ticket creation, watching the external ticket for updates to include in our internal ticket --was all manual, and for around 200 issues a week, it was done by one guy for two years. He was hopelessly behind. This is all automated now, and this morning, I pushed this automation from dev/test to production.
It feels great to see your work helping people around you.8 -
Never worked before so I'll talk about one of the former staff at my school.
This guy worked as IT and did some teaching in the high school. Early last year, he suddenly disappears for no reason.
Now, I'm going to go in order of what we (the students) found out, not, chronological order.
Firstly, turns out that in class he would make comments about female students. Nothing explicit, just kinda strange. I forget the examples I heard but think like the overly friendly old guy. Those types of comments from a 40-something IT guy. (Some female students knew about this for a long while but I only heard about it after the investigation)
Next, rumor got out that they found some stuff on his computer. I don't know how, but it turned out to be accurate, and we were accurate at the follow-up assumption that it was porn.
After that, the school made an announcement that we had been arrested. Up until then, we just assumed he had been sacked. He was weird sure, but we didn't think criminal.
Some other students looked into the police records, and it turns out this guy had been arrested for possession and distribution of child pornography.
Pretty sick right? Its worth pointing out now that our school has Pre-K through 12th grade students.
I gained a new level of respect for my female classmates after that. I didn't even know that was going on, really wish I could have helped out.1 -
Haha - whoever says Azure is totally fine unless people are too stupid to configure it might want to think again. Apparently, that shit is so difficult to configure securely that even Microsoft fails to do it: https://msrc-blog.microsoft.com/202...9
-
I work in a fintech company and our product is a point of sale app. Two senior indian dev contractors just spent 3.5 months on a feature where all they had to do was map two tables by using a third mapper table and display 2 lists to the user so he could update the data in those two tables.
After hearing same excuses (that they are working in it) for the past few weeks, I took it upon myself and made a proof of concept for them.
Yeah our codebase is kinda shit but even me, a fcking junior with 3 years of experience managed to do it in 1 week.
Meanwhile these fuckers spent 14 weeks beating around the bush and couldnt even save data to a fucking database. They just added UI and thats it. When asked how investigation is going fuckers couldnt even come up with any findings. For weeks. Seniors my fucking ass.
If not for me, I guess they would have taken till the end of the year. No, fuck you, here is an example now pickup your slack.
Im tired of picking after you. God damn incompetent leeches5 -
Reported an important security vulnerability inside our organization, right before getting off work. A security team member contacts me over chat asking for some details on my investigation. At the end, he tells me: "thanks, I will copy and paste this conversation on the ticket so that everyone can see".
What I imagined: he would copy and paste the conversation as is, so that every line written by me is prefixed with my name.
What he does: he writes a summary of our conversation, barely mentioning my name, making it look like that part of the investigation was done by him.
Now I have so much anger inside of me that my internal organs are boiling.6 -
God I fucking hate WordPress
Today I found out a single WooCommerce site is using 20% of database CPU (for comparison, 50 other sites use only 10% between them). Upon investigation it turns out that WooCommerce loads every single product in order to do the taxonomy count. Because the data is stored as PHP-serialised values in post meta, there's no way to do a decent "SELECT count() ... GROUP BY ...". And that code came straight from the WordPress devs, no more and no less...8 -
Fuck you google android IME team and fuck their open source policy..
So recently i had a chance to work with AOSP LatinIME code, basically our Android keyboard was forked from very old code base of LatinIME and my job was to change its base version to latest Version available on AOSP repository. Downloaded latest Android 8 codebase. Did 2 weeks of deep investigation of what improvements we will get from upgraded code base.
And I came to know that those Google fucking cunt sucking dick heads deprecated that project and broke the whole thing to a pice of shit. Half of the code is broken with fucked up todo stuff and motherfucking missing method implementation with not implemented warnings. What those motherfucker did is that they abandoned the open-source project after they released Google GBoard, and fucked the stable code by adding quard gram support and dictionary download with multi account features which was never completed by those motherfuckers..
Those misguiding donkey shit fuckers kept a depreciated project in AOSP build tree which has not received a single fucking commit from shitty ass Google IME team, is said to be reference model of Android IME implementation..
What kind of fucking shit is going with open-source code in name of making competition high with thirt party Android keyboard developers ..
Fucking shit fucking ime team .. fuck you .. wasted my fucking time reading your shitty code base .. Fucking shit1 -
I’m fairly new to maintaining my own webservers. For the past week the servers (two of them) kept crashing constantly.
After some investigation I figured it was due to someone running a script trying to get ssh access.
I learned about fail2ban, DOS and DDOS attacks and had quite a fight configuring it all since I had 20 seconds on average between the server shutdowns and had to use those 20 second windows to configure fail2ban bit by bit.
Finally after a few hours it was up and running on both servers and recognized 380 individual IPs spamming random e-mail / password combos.
I fet relieved seeing that it all stopped right after fail2ban installation and thought I was safe now and went to sleep.
I wake up this morning to another e-mail stating that pinging my server failed once again.
I go back to the logs, worried that the attack became more sophisticated or whatever only to see that the 06:25 cronjob is causing another fucking crash. I can’t figure out why.
Fuck this shit. I’m setting another cronjob to restart this son of a bitch at 06:30.
I’m done.3 -
#include <rant>
Using angry standard;
Int main()
{
cout << "So my mom recently started "exploring the web". I'm sure you already know where this is going; she ended up signing up for a free trail of some diet pills with her credit card on some sketchy website. The website never sent any product but attempted to charge her card over $300 multiple times. My mom's bank noticed and froze the account. She has now opened an investigation with the banks fraud department and is awaiting response. I took the liberty of running a whois look up and found the companies website is held by GoDaddy and is hiding behind Domains by Proxy (GoDaddy's sysadmin hider). I'm angry that she's in this situation but I have no idea of how to uncover the real company behind the diet pills site." << endl;
Return 0;
}3 -
When our company (past employer) got acquired by another company and everyone got to have a meeting where you got a black or blue envelope. One indicated you were being let go, the other indicated you were being offered an "opportunity" if you would relocate to NJ. What was an awesome company -- they destroyed the soul of it in one day.
Oh well their CEO got let go after a US Congressional investigation earlier this year. Karma, bitch! -
So, i live in Venezuela, a country with a lot of economical and political issues. Back in December I talked to my boss an ask for a pay raise, he talked me a lot of shit about economical issues his has been having with the Enterprise and give my a raise plan til July (starting in December).
Now he comes to me and tell me he can't afford to pay me the rest of the raise, because he's now in difficult times. The funny thing is I've talked to him many times to point it out some things that are bad and will cause him money loss.
I really don't want to go because I love the people I'm working with (they have the same problem that I) but is fucking frustrating when all is going wrong and you have some ideas to solve it, ideas you have searched a lot and came with a plan after a bunch of investigation, you come up with the plan everybody seems to love it but after that nobody applies it.
I think there is no much more I can do7 -
Startup-ing 101, from Fitbit:
- spy on users
- sell data
- cut production costs
- mutilate people's bodies, leaving burn scars that will never heal
- announce the recall, get PR, and make the refund process impossibly convoluted
- never give actual refunds
- claim that yes, fitbit catches fire, but only the old discontinued device, just to mess with search results and make the actual info (that all devices catch fire) hard to find
- try hard to obtain the devices in question, so people who suffered have no evidence
- give bogus word salad replies to the press
This is what one of the people burned has to say:
"I do not have feeling in parts of my wrist due to nerve damage and I will have a large scar that will be with me the rest of my life. This was a traumatic experience and I hope no one else has to go through it. So, if you own a Fitbit, please reconsider using it."
Ladies and gentlemen, cringefest starts. One of fitbit replies:
"Fitbit products are designed and produced in accordance with strict standards and undergo extensive internal and external testing to ensure the safety of our users. Based on our internal and independent third party testing and analysis, we do not believe this type of injury could occur from normal use. We are committed to conducting a full investigation. With Google's resources and global platform, Fitbit will be able to accelerate innovation in the wearables category, scale faster, and make health even more accessible to everyone. I could not be more excited for what lies ahead".
In the future, corporate speech will be autogenerated.
(if you wear fitbit, just be aware of this.)14 -
WTF IS SUPPORT FOR?
A: Can you help fix X?
B: Can you help Y?
C: I see Z just crashes, fix it.
Me (in my mind): Can you tell me WTF is the actual problem and what investigation you have done?
Why the fuck are we paying you monkeys?
My company should just pay me all your salaries, and I will write a monitoring system to send out these types of "alerts" in a month.4 -
Not really a hack but still worth telling:
I was working in the QA team for a big project. I tried to do some automation when I realized some radio button behaved weird... out of curiosity I checked the source and saw that there was a hidden option for a unimplemented payment option.
I was like: Let’s see how the system behaves if I just submit that form with that hidden value...
Well I was very surprised when I received the email that my order has been processed successfully.
During the investigation we found out that this bug was in prod for over two years. And it requires a one liner executed in the browsers console to skip the payment.
It was kind of a big deal and although I was (and am) still a trainee (in apprenticeship) I got invited to meet up with the client and the bosses.
It was kind of a door opener! After that they trusted me more. I have more responsibility, more interesting tasks and more client contact ever since.
To make a long story short:
Validate everything on the server side ;-)1 -
That awkward moment when u look svn history to find out which idiot wrote this stupid code and u leant it was you yourself. You feel so glad you didn't go all gun blazing criticising the guy to your colleagues before ur investigation.
Lesson learnt for future ha ha ha1 -
After a week of logs investigation, we finally found a solution for performance issue. Just scaled up the app vertically to the next tier plan in Azure.4
-
Business: "should we use this technology?"
Developers: " probably not but we will do a full investigation and give you a report on the pros cons and our professional opinion... No we should not use that technology"
Business: "oh yeah why you guys were off seeing if it would work we did the deal so now we have to use it"2 -
Can someone tell me how a mid level developer with a PhD from EU country is unable to work independently, conduct investigation by himself without too much hand-holding?
Is he too allergic to use google search?
Or is it me that have too much expectation? He's been in our team for 3 months, he should be able to search docs/procedure/files by himself now. Is it me that are too workaholic nerdy and he's just a normal person?
🤔
Thankfully he's the nicest person in our team, but I am getting fed up having to answer his questions many times.12 -
Ok apparently I forgot rants can only be edited within the first 5 minutes, I thought it was 30, and you can't rant 2 times in 2 hours so I'll have to wait before posting this.
So, I'm doing a Genetic Algorithms class, something I liked since I was 15 yo and didn't know shit about coding, but I loved the carykh videos about it. (here is part 1: https://youtu.be/GOFws_hhZs8 )
The yearly class consisted of 3 little projects to be able to do the final exam and an investigation project to pass the subject without a final exam.
We had to make teams, and I got together with 5 more people.
I have a lot to say about these 5 people, but the only thing I'll say is that I was the most experienced programmer among the 6 of us, if they had any experience at all. Mind this is a third cycle class.
We were allowed to use any technology, as long as we wrote the important algorithms by hand, of course.
The development of the first project was such a mess, that one of the members left the subject.
While developing the second one, we were given the topic for the investigation project; fractals.
It took a lot for us to find an application of fractals where we could use genetic algorithms. Once we found it, fractal antennas, we had to learn about antennas, so we interviewed professionals, and such. We ended up learning to evaluate antennas.
We also found a site that used some parameters to generate fractals, we had the parameterization.
We just had to code it. It was July and we just had to code it by October.
We were 5 people, and "we" were so busy writing the little projects, we fucking couldn't finish the investigation project.
We just had to write the proper algorithms and GUI specifics, without even having to write boilerplate (we used the first project as a template), and they still took so much that we didn't have time for the important project.
That sucked, because I had been coding and investigating in many weekends, I spent countless hours on them, I had to pause development on other projects for these ones; and after all that we have to do the (very shitty) final exam.
Since May, the average people together "working" on the different projects was 2.6. And 100% of the time, I was one of them.
We tried to speed up things in the last months but even with the deadline on us and the project not even started, there was no time we all got to work together.
Dude projects don't just get made, someone has to develop them.
It's so sad we had the project ready to be made and 5 people couldn't finish it. There was so little to do to pass and yet these people couldn't.
I guess it's my bad too. I wish I could rush the project in a couple of weeks, but unfortunately the guy with a job and 8 other subjects can't.
You can find the project in my GitHub. I'll do a requiem of what it was to be one of these days, after I catch up with all I left aside for this subject...rant genetic algorithms project systems engineering failure subject college investigation fractals wk2833 -
You work as IT for a private investigation agency.
You find YOUR name in a list of investigated people.
😲😲😲😲😲
You verify the Insurance ID.
😱😱😱😱
It's an homonym.
😂😂😂😂😂 -
ME: *runs a load test for the umpteenth time*
RDS DB: *is slow af: HI contentions*
ME: "dear AWS support, I see the RDS has troubles writing to disk as THIS db exhibits 10x higher W latencies than THAT OTHER db we have. Both are identical, apps are identical."
AWS: "Hello, I hope you have a good day. After the investigation that took us almost 2 weeks, we can confirm that there are 10x higher IO latencies to disks: [CloudWatch link]. We also see a high load average during your tests.
We recommend investigating the high load average and tuning your queries along with the database.
I hope this helps, good day."
ME: *are you seriously calling this PREMIUM support package....?*1 -
My killer PR:
I made a small feature and it was to be merged in my senior's branch.
So I made it, resolved all the conflicts and when it got merged it broke my senior's branch.
This is nothing new and it happens, so me and him sat down and got it working. After two days, his branch got merged and broke it's parent 😂, after investigation my code was the reason, got fixed and merged.
Same thing happened 3 more times, and every time my code was the culprit.
Now for staging we thoroughly tested everything and deployed it, after running for 2 hours the piece of shit broke again 😂😂😂.
A meeting was arranged for scolding the team, and after the meeting the architect comes to me and say "how did you manage to fuck things on so many levels, literally?". I handled it like a pro with an awkward laugh.
We exhaustively checked it for production. Deployed, it did not broke, we were happy. After a month of successful run, I just joked about the above incident while we were working on next release on morning coffee. That cursed thing broke on the same evening. I was like 😮2 -
I want to pass along some unsolicited advice to junior developers either because I grew through it, or I've had to deal with developers who behaved poorly.
Your ego will hurt you FAR more than your junior coding skills. Nobody expects you to be the best early in your career, so don't act like you are.
Working independently is a must. It's okay to ask questions, but ask sparingly.
Working code != good code. You are an author. Write your code so that it can be read. Accept criticism that may seem trivial such as renaming a variable or method. If someone is suggesting it, it's because they didn't know what it did without further investigation.
These are just a few quick tips from my experience. Others may chime in with theirs, and some may dispute mine. I wish you all fruitful careers!7 -
After I received my laser eye surgery, I knew it would become painful after the effect of anesthesia would decrease so I got painkillers in advance.
It was nimesulide.
Even in 2008 ISDB raised a concern about the liver damage and asked for it to be withdrawn worldwide, but I didn't knew it.
So the terrible pain started and I took the pill. Just. One. Pill.
This all started in like fifteen minutes. Eye pain won't go away, but it didn't mattered anymore as I felt really terrible. I never experienced that kind of feeling before and I don't even know how to describe it. It felt like a terrible sensation inside my stomach mixed with an urge to vomit. "This is probably what a liver failure feels like. This is it, I'm going do die here", I remember thinking about as I collapsed.
This whole incident led to an investigation about why the doctors "forgot" to give me proper eye anesthesia drops. This got several doctors fired.
This all got me really interested in how different medications work. I started casually reading popular medical literature and when my depression came, I was prepared, as much as you can even get prepared to a mental disorder.
The thing that probably nearly killed me helped me not to lose my sanity later.4 -
Today, I got some crap on my desk with possible bug reports from the field. They have been lingering somewhere for fucking MONTHS, and suddenly, an immediate answer was due. I was the unlucky one who was the least clueless about the product involved. SHIT.
OK, sifted through the reports. Some of them were duplicate, others obviously not our problem. No idea where to even start for the rest. FUCK, it's Friday!
But here comes "senior dev secret knowledge"(tm). Instead of saying WTF-IDK, I proposed an "action plan"(tm) (that BS term alone...) detailing the steps that we would need to take, and since I had no idea how long we would need, I just added enough steps in the "action plan"(tm) to make two weeks of investigation believable.
PM was very happy and just took that as direct customer reply. Now it's weekend anyway. :-) -
Let's say you're working on a web application, and you notice that one of the pages is not displaying the correct data. You investigate further and realize that the data is being retrieved from an API endpoint, but for some reason, the API is returning the wrong data.
You start looking into the code that calls the API and notice that it's passing in the correct parameters, so you dig deeper into the API code itself. After hours of poring over the code, you finally discover that the bug is caused by a typo in the database query that the API is using to retrieve the data.
You fix the typo and think the problem is solved, but then you realize that the data is still not displaying correctly on the page. After even more investigation, you discover that the bug is actually being caused by a caching issue on the client side.
At this point, you're feeling incredibly frustrated and overwhelmed. You've spent hours trying to track down this bug, and it feels like every time you think you've found the root cause, another issue pops up. This is just one example of the many challenges that developers face on a daily basis.6 -
His long do you think it will take for Google to come up with a true replacement for Java. A replacement, not an alternative like Kotlin, but a complete "go f**k yourself, Larry" replacement that anyone can port their Java app over to. On January 1, if you are a for profit, Larry had said if you want to update to the next version and use Java SE to code with, you need a support license. It's a brill move, because Java is everywhere, and at least for a little while, it will generate a respectable profit for Oracle. But I'm sure Google is working on something to stick it to Larry. Wonder if EU competition chief Vestager will threaten am investigation. This should be fun to watch.19
-
Probably everyone at least once had situation when they receive a meaningless screenshot with 500 page, a message "Application doesn't work fix it" and 0 info whatsoever.
Here is my tip that saved me a lot of trouble.
I display error id in the center of the screen, large enough so no matter how small and blurry the image is (yes users, send us photos of theirs displays) , It is always easy to ready it so we can start investigation without talking to those monkeys.3 -
When I started with PHP I had to implement an administration system for a small organization.
They using the smallest and most cheap web hosting to host the system and also their websites.
They host three systems and websites on three different web spaces.
Some weeks ago I got a call from them, that the system doesn't work. After a short investigation, I discovered that their '"designer"/boyfriend-of-the-boss created a new Wordpress site and thought it would be a good idea to change the PHP system to 7.2. The system runs on an old CakePHP (don't kill me for that, I had no experience -.-') version, which does't work with PHP 7.2.
I told them what the issue was and that they shouldn't change the PHP version to 7.2 because the system won't run on this version.
Some a week later, the same call, another administration system, the same reason, the same warning from my site.
Today, the third system doesn't work. I told them this is probably the PHP 7.2 problem again and explained, how they could resolve it themselves.
Suddenly I got an email from the designer: no, this time it is another problem, he didn't change anything and it just doesn't work anymore. And it is very urgent.
Guess what was the problem...AGAIN! -
Killing people is bad. But, there should be a law to allow killing people who don't write proper unit tests for their code. And also those "team leaders" who approve and merge code without unit tests.
Little backstory. Starts with a question.
What is the most critical part of a quoting tool (tool for resellers to set discounts and margins and create quotations)? The calculations, right?
If one formula is incorrect in one use case, people lose real money. This is the component which the user should be able to trust 100%. Right?
Okay. So this team was supposed to create a calculation engine to support all these calculations. The development was done, and the system was given to the QA team. For the last two months, the QA team finds bugs and assigns those to the development team and the development team fix those and assigns it back to the QA team. But then the QA team realizes that something else has been broken, a different calculation.
Upon investigation, today, I found out that the developers did not write a single unit test for the entire engine. There are at least 2000 different test cases involving the formulas and the QA team was doing all of that manually.
Now, Our continuous integration tool mandates coverage of 75%. What the developer did was to write a dummy test case, so that the entire code was covered.
I really really really really really think that developers should write unit tests, and proper unit tests, for each of the code lines (or, “logical blocks of code”) they write.20 -
I did some investigation on Jira board. There was a story in Oct to design solution for a problem and a senior engineer has commented saying it was done.
The same story opened again in December and another senior engineer has commented saying "canonical and solution is designed"
But FUCKING IDIOTS didn't do anything! Last sprint I got the development story for same and I have been fucking waiting for them to give me solution. But idiots are way too lazy to do any work! -
FUCK YOU PYTHON. Why you do that to me, uh?
I was using a CNN to classify hand poses and the prediction was not working at all, one class was given 100% all the time. After much investigation, I found the culprit... A FUCKING INDENT was messing my data. Normalization was inside the loop and not outside, so my pixel values were wayyyyy too small...
Also, I'm really dumb, I should have started with making sure everything was right before trying to fiddle with my architecture..
Anyway, it is working now, you can it out here if you want! https://github.com/MrEliptik/...13 -
- have/share an agenda as soon as possible
- each talking point should identify a problem. Make a list of strategic questions answers to which would make it perfectly clear what and by whom has to be done to resolve them.
- plan meeting duration according to the list of questions. Make sure you meeting room reservation gives you enough time
- take notes
- be prepared for a need for another meeting(s), if during that meeting it comes clear that:
> more/other people need to be engaged
> some things are not clear and need more investigation before going further
> you have run out of time
> there are other problems tgat need to be worked out and it might cobsume too much time to do this in a current meeting
- do not turn the meeting into a chat. It's counter-productive, tiring to the listeners and a waste of time
- do not try to cover many topics. The less, the better. Unless they are very tightly coupled.
- do not invite people you do not need or there is a very slim chance you will need.
- only schedule meetings when the situation needs to be DISCUSSED among multiple parties
- that being said, do not schedule meetings when it's more convenient to communicate otherwise, like email, chat, etc.
- after the meeting make a summary and send it our to all the participants. They might reply and clarify if you have misunderstood smth or missed some important point.
- during the meeting assign tasks to each other. Verbally. Make notes. After the meeting reflect them in jira, rally, wtv.
- while assigning tasks nake sure the assignees have no blockers to work on them and make sure they understand what, when and how should be done. Some tasks might be dependedt on each other, work the sequence out.
- while assigning tasks ask "for ETAs. They might be as silly as 1-hour-to-2-weeks, but they still let you know what to expect.
- offer your assistance to the task assignees if they need any while working on their tasks
- work on your language, grammar, syntax, etc. Reading texts with typos/mistakes is repelling
- be a leader, an authority everyone is looking up to. Not a boss.
- avoid saying NOs. Be more of a "do we really need this; can we do this some other way/time; I can't promise anythibg but I'll see what I can do about it" kind of person. -
I went to meet a client with our CTO. In the meeting we discuss the implementation of SAML SSO. Their SSO guys asked whether they need to build 2 trusts for our application because we have 2 modules that use SSO. Both the CTO and I were not sure because we did not have any prior experience of integrating SAML SSO. To act professional, we couldn't say we were not sure. So the CTO said we needed two trusts. I immediately added "We may only need one. Let us do a bit of investigation and confirm."
After the meeting I did the investigation and found out we really only needed one. So I sent out an email to tell the client, cc the CTO. 1 minute later I got the email from the CTO "why tell them one when I said two?". When it's an immediate response with only 1 line, I know I'm in trouble. So I called him and was ready to explain to him. I couldn't. Later I found out the time I was calling him, he was talking about this with the CEO.
I thought maybe I can explain to him when he's available. The next morning as I came to work, the CEO asked me to come to his office. He closed the door, and told me the first line the CTO told him the day before was "I want him (me) fired." I was so shocked. Having been working with the CTO for quite a while, I was surprised he said that without even communicating with me. Did I do something that wrong that you don't even bother to tell me what's wrong? I was not fired because the CEO at least asked what happened. He also understood I was actually making a better technical decision. But well, guess I shouldn't be making a decision when I had no power to. And even I believed the client heard my "let me investigate first" comment, the CTO didn't. I still got an unofficial warning. For that whole day because of the stress, I don't remember getting anything done.
Fuck that acting like profession and smart when you are not. I'd go down the path of becoming professional and smart instead. And fuck metting with clients. I'm a dev don't fucking dare to talk to me and get me fired. If you wanna talk, talk to the big guys who don't make us look bad like I did.
If you ask me today I still believe I haven't done anything wrong there. So fuck everything.2 -
Everyone knows how hard it is to get your first job. Everywhere wants 1-3 years of experience.
What noone tells you thought is that's hard at the other end. When you're looking for architect/tech lead roles you will see loads of postings but upon investigation they're just mislabeled senior developer positions.
And of course, if you're looking for good money, it feels almost impossible to get beyond the screening stage... -
Not sure if it should be a joke or a rant, but something rather funny (at least to me) happened today.
TL;DR; Someone's outlook was crippled by 100k+ of warning notifications
So we have developed a server that has an internal database that wraps around an elastic search instance, that is managed by a POS vault/storage solution, that we have to use for legal reasons. The elastic search is "provided" by the software, but we keep this internal database just to be sure and totally not because it's unreliable POS.
Anyways, they take data integrity very seriously, so every warning our server produces is emailed to someone in charge to review it and if necessary forward it to us. This will be important later on.
Couple of days ago we got error forward when trying to write an entry into the POS software we get an error, because an object we tried to write already existed. After some investigation we concluded an entry was missing when the internal database was created, so we asked them to repopulate elastic search to solve this problem.
When start the server we always sync the internal database to the elastic search and emit a warning when an entry is missing in internal database or vice versa. And well... almost all of them were missing, which caused our server to emit ~40 warnings/ms. Poor outlook. Still investigating for the cause, but damn, I never expected I'd take down someone email account by accident -
*breath in*
FUUUUUUUUUUCCCCCKKKKK.
OK.
There are many things one can complain about when it comes to windows. But I swear, the worst thing ever invented is this motherfucking "Windows Credential Manager". Basically I have a private and a buissness git account. I worked on a buissness project and pushed my changes. And when I looked in the repo it did commit under my private account. Ex fucking cuse me? Wtf? When pushing I logged in with my buissness account, why on earth did it push with my private account??
*3h of investigation*
Turns out this cunt fuck credential manager stored my private credentials and used them even tho I explicitly pushed with my buissness account. What goatfucker of a developer decided its a good idea to store user credentials without the users permission/without asking, and then uses the stored credentials instead of the one explicitly given??
I swear to god, if this piece of software would be a person, I would have thrown it him of my window(s).2 -
MY GENETIC ALGORITHMS INVESTIGATION PROJECT. I WANTED TO RANT ABOUT THAT SO THIS WEEKLY RANT IS PERFECT. I can't write the whole rant rn, stay tuned.5
-
Finding a bug that wont trigger an error but will deliver incorrect results, but only in certain circumstances and has only come apparent after the site has bern live for 6 months.
You turn in to a detective trying to determine what triggered the wrong result, what the client changed/added/edited in the cms and work from there.
After much investigation it dawns on you, you then find the bit responsible in your shit code and fix it.
Then feel extremely elated at how cool you are, but no-one gives a shit.
Back to work.
That’s why I play bass guitar, do some cool licks on stage and its instant gratification, glad I have that... and devRant community.
maybe I should learn how to code properly as well.1 -
I wrote driver to a research OS as a university project. The system behave weird in some subtle ways, and I assumed that's my fault, as an inexperienced programmer.
After two sleepless weeks of chasing ghosts, I've realized that for some reason there is a context-switch that *did not* involve the scheduler! Further investigation led to the actual bug: the main trap code in the kernel was maskerading as different process just to be able to work on its virtual address, but never put that mask off!
It could have been found easily by a static analysis tool, given that a non-volatile global variable was only written to and never read; but we didn't use any.2 -
So I'm getting brought into a team for our backend services of our administration application, and they're explicitly using Flask (Python library) for their exposed API in their application and data tiers.
As I'm familiarizing myself with their code, utilities, and dependencies, I notice they're stacking 7-8 decorators on their routes from their in-house utility module.. After further investigation, I realized half of them were entirely unnecessary, and they were proofing payload responses three times for the same JSON format.
The fact that we're using Python instead of Node or GoLang for our REST services is pain enough, but these god damn in house utilities are killing me.1 -
We have a delivery specification. It's documented and it tells every developer how deliveries have to be done. Every *FUCKING* *SINGLE* *STEP*. For most deliveries you don't even have to think much, just check the steps.
Why do I always stumble across deliveries that are missing vital parts so if you want to reconstruct some project status, because someone is on vacation or has quit, you can't or need hours of investigation? Am I a private investigator, or what?
Am I the only one who tries to make his work comprehensible? -
There was this tech guy in our project. I don't really know how techy nor what his role was, but I do know he was a techie.
Lately we'd noticed he was behaving more and more managerish. Orchestrating resources over slack, scheduling meetings, the managerial slang... Bulletpoints... It was obvious what's going to happen - he was striving for a manager's chair. Cool. He seemed like a guy who can indeed do this well. And the fact that he's a techie was promising - he should understand so many things.
Boy did that come around and bite us in our asses. Turns out this guy is a googler. If we are working on some case [as we always are] he jumps in and offers his opinion, although he is far from our technical area. We explain how/why it is not a good idea. Then he does some googling and comes back with a different idea! And insists on testing it out... FTR, a single test in our project could take from 1 to 6 hours. And he's a manager now!! We can't just ignore his requests...
Allright, we do that testing. Results are far from satisfying. We continue investigating. He does as well. We'd like to try something out, but there he comes with a new idea! And ofc we are asked to test it out as well.
Our own testing is postponed again.
A few days like this one pass by. In a daily meeting we are blamed for taking that long to do our investigation and we are questioned as engineers.
Superb...
Honestly? I'm having second thoughts about this new role. It's supposed to be fun and challenging and all, but this kind of shit is just too much...7 -
This is the story of probably the least secure CMS ever, at least for the size of it's consumer base. I ran into this many years ago, before I knew anything about how websites work, and the CMS doesn't exist anymore, so I can't really investigate why everything behaved so strangely, but it was strange.
This CMS was a kind of blog platform, except only specially authorised users could view it. It also included hosting. I was helping my friend set it up, and it basically involved sending everybody who was authorized a email with a link to create an account.
The first thing my friend got complaints about was the strange password system. The website had two password boxes, with a limit of (I think) 5 characters each. So when creating a account we recomended people simply insert the first 5 characters in the first box, and the rest in the second. I can not really think of a good explanation for this system, except maybe a shitty way to make sure password are at least 5 characters? Anyway, since this website was insecure the password was emailed to you after the account was created. This is not yet the WTF part.
The CMS forced sidebar with navigation, it also showed the currently logged in users. Except for being unreadable due to a colorful background image, there where many strange behaviors. The sidebar would generally stay even when navigating to external websites. Some internal links would open a second identical sidebar right next to the third. Now, I think that the issue was the main content was in an iframe with the sidebar outside it, but I didn't know about iframe's back then.
So far, we had mostly tested on my friends computer, which was logged in as the blog administrator. At some point, we tried testing with a different account. However, the behavior of sidebars was even stranger now. Now internal links that had previously opened a second, identical sidebar opened a sidebar slightly different from the first: One where the administrator was logged in.
We expirimented somewhat, and found that by clicking links in the second sidebar, we could, with only the login of a random user, change and edit all the settings of the site. Further investigation revealed these urls had a ending like ?user=administrator2J8KZV98YT where administrator was the my friends username. We weren't sure of the exact meaning of the random digits at the end, maybe a hash of the password?
Despite my advice, my friend decided to keep using this CMS. There was also a proper way to do internal links instead of copying the address bar, and he put a warning up not to copy links to on the homepage. Only when the CMS shut down did he finally switch to a system where formatting a link wrong could give anybody admin access. -
I don't know if someone has noticed but I haven't been on DevRant lately. It's not that the community is awesome. In the last month or two, I've had a blast of an experience here. I've just been avoiding screens, specifically texts in screens. I think something snapped on my head last week. Here's why:
As I've said in other rants/comments, I study history, and at the moment, I haven't found any career that has to read more than this one. Sometimes I've had to read about 1200 pages in less than three days. Last week I had to read 6 books which accounted for about 3500 pages. I was actively reading more than 600 pages a day. Now, this was for an investigation, and each of these reads had to be properly summarised with their respective arguments, thesis, etc. So I intensely read everything before Thursday, the day in which I had to present my work, in which I referenced about 10 books.
Apart from that, daily, I spent 4 hours coding. That's been the minimum I've done daily since I started learning.
I wasn't too tired. I'm used to read a lot, and coding is always fun. But the problem came in Friday when I woke up with a strange headache that spanned from my eyes to the back of my ears. Hurting especially on the sides of my forehead.
It eventually dissipated, but whenever I read something, the ache slowly came back. Loud noises and bright lights also brought it back. So you could imagine, everytime I tried to read a Rant, comment, etc, the headache came back. The same for coding and reading. For fucks sake I feel like I'm fucking crippled.
And no, the pain isn't the worst. Pain is pain and you can't do anything about it. The worst is that I'm developing some anxiety here. In all this time I have been learning daily nonstop. Coding was something I craved for everyday. Now I'm fucking wasting entire days in non-productive activities. I'm losing my fucking time here guys!
I'm afraid I have some anxiety problem with time. I've already fucking wasted entire years, now I don't want to continue wasting them and push my goals further away, I want to get to my goals as soon as I can because time and life can't be stopped and once time is lost, you can't fucking get it back. And, considering I'm still 21, I do notice this feeling is somehow irrational, but for fucks sake, I'm wasting fucking LIFE :( -
Crypto. I've seen some horrible RC4 thrown around and heard of 3DES also being used, but luckily didn't lay my eyes upon it.
Now to my current crypto adventure.
Rule no.1: Never roll your own crypto.
They said.
So let's encrypt a file for upload. OK, there doesn't seem to be a clear standard, but ya'know combine asymmetric cipher to crypt the key with a symmetric. Should be easy. Take RSA and whatnot from some libraries. But let's obfuscate it a bit so nobody can reuse it. - Until today I thought the crypto was alright, but then there was something off. On two layers there were added hashes, timestamps or length fields, which enlarges the data to encrypt. Now it doesn't add up any more: Through padding and hash verification RSA from OpenSSL throws an error, because the data is too long (about 240 bytes possible, but 264 pumped in). Probably the lib used just didn't notify, silently truncating stuff or resorting to other means. Still investigation needed. - but apart from that: why the fuck add own hash verification, with weak non-cryptographic hashes(!) if the chosen RSA variant already has that with SHA-256. Why this sick generation of key material with some md5 artistic stunts - is there no cryptographically safe random source on Windows? Why directly pump some structs (with no padding and magic numbers) into the file? Just so it's a bit more fucked up?
Thanks, that worked.3 -
TFW a method is acting weirdly, and after much investigation you find that you forgot to change the contents of the method when you copied it.
-
Me post a lot of investigation in a slack thread and come to a conclusion
20 mins later engineers in thread post things like they didn't read anything I wrote and come to same conclusion, but involve other parties AGAIN making us all look dumb
Why do they just ignore what I wrote, literally linked the same splunk dashboards and same error numbers that I did. I don't get it.
Why should I care? I hoped I could use this as a way to convince manager once again that I do the things he asks me to, but it seems it's all useless.
Really want a new job but tough times, should be happy I even have a job I guess -
opinion:
If something goes wrong is the 1st response to investigate
Or
Jump on IM and ask the person who last committed?
I would be in the opinion to have a look yourself and try identify the problem before fucking ranting at the last person who touched the code,
Reasons, Maybe that last person is busy and doesnt want to context switch back for a simple problem that would take less than 5 mins fucking investigation time, 1st thing in the morning too doesnt help!1 -
!rant
This is fucking how you do it!
Ticketmaster UK had a "data security incident" where they don't really know if any data was actually leaked/stolen/"accessed by an unknown third-party" — their response:
1. Disable the compromised service across their platforms
2. Send a mail to any customer that may have been affected (I got one in Danish because I had only interacted with them through a Danish subsidiary)
2b. All notified customers have their passwords reset and must go through the "Forgot password" process; the _temporary_ password they sent me was even pretty nicely random looking: ";~e&+oVX1RQOA`BNe4"
3. Do forensics and security reviews to understand how the data was compromised
3b. Take contact to relevant authorities, credit card companies, and banks
4. Establish a dedicated website (https://security.ticketmaster.co.uk/...) to explain the incident and answer customer questions
5. "We are offering impacted customers a free 12 month identity monitoring service with a leading provider. To request this service please visit [this page]"
EDIT: As mentioned and sourced in the first comment, the breach was apparently noticed by a banking provider and reported to Ticketmaster on the 12th of April and later to Mastercard on the 19th of April.
Ticketmaster's internal investigation found no evidence of breach (which makes sense, as it wasn't an internal breach), but when Mastercard issued an alert to banks about it on the 21st of June, Ticketmaster followed up by finding the actual breach and disabling the breached third party service on the 23rd of June.
I still think they did the right thing in the right way...2 -
When your boss says this is the cause, it must the cause. No, you don't need logs, you don't need any investigation, you don't need any proof to support why this is the cause. You don't have to provide alternative suggestions or any testing... Because he must be right! Just fix it the way he told you!
-
## Learning k8s
Okay, seriously, wtf.. Docker container boots up just fine, but k8s startup from the same image -- fails. After deeper investigation (wasted a few hours and a LOT of patience on this) I've found that k8s is right.. I should not be working.
Apparently when you run an app in ide (IDEA) it creates the ./out/ directory where it stores all the compiled classes and resources. The thing is that if you change your resources in ./src/main/resources -- these changes do NOT reflect in ./out/. You can restart, clean your project -- doesn't matter. Only after you nuke the ./out and restart your app from IDE it will pick up your new resources.
WTF!!!
and THAT's why I was always under an impression that my app's module works well. But it doesn't, not by a tiny rat's ass!
Now the head-scratcher is WHY on Earth does Docker shows me what I want to see rather than acting responsibly and shoving that freaking error to my stdout...
Truth be told I was hoping it's k8s that's misbehaving. Oh well..
Time to get rid od legacy modes' support and jump on proper implementation! So much time wasted.. for nothing :(9 -
!rant but it's a history
Last months I've been working on an investigation for an assignment on my uni. I required to collect specific data, so I coded an app to aid me on that. Time goes by and one day my mobile development teacher calls me (I used the app for my investigation and as final project on another subject) and tells me if I want to go into a contest with my app, "Why not?" I thought.
I asked some friends to join me because the contest required a team of 3 members minimum. In two days I had to justify the development of my app, how I would make money with it and other stuff.
I swear, this app was just a by-product, and I know you're hoping to hear a win story... We got second place, but hell it feels good to think that some sleepless nights coding along could give back so much.
Moral of the story: Never give up any chance.2 -
I've been an android/anti-ios person for around a decade and im now seriously considering switching to ios when the new iphones land. My mother is an apple nut and my brother is on android and everytime i bring up even the slightest nitpick about ios or macos (such as the fact that the "always use this application" checkbox on macos does not work or that you have to upload music through itunes) they jump on the "wtf then why would even consider it??????" train. In short its because ios seems at least a little bit more stable overall (havent had much experience with ios in general this is really more of a first impression). Well I got a replacement LG V20 just over a year ago and it has not aged well, had to replace the battery because i barely got 4 hours with minimal usage, even when i got the thing it was rather jittery, and its just now getting oreo (and surely wont be getting pie). Hell i was removing several apps earlier and it took a solid 4 MINUTES to uninstall an icon pack. After some investigation into the ios ecosystem i found that all the apps that i would need are on there so that was great. What im really hoping for though is some stability/longevity, im ok with paying around 1000 for a phone if it lasts a while and stays in decent shape. Finally the fact that the updates are sparing at best (with the exception of pixel phones) is a great annoyance whereas my mothers (around 4 years old) ipad is rocking ios 11. Could someone who has made the leap make a recommendation? I love android but i feel like all i would accomplish is buying another phone that craps out after less than a year.7
-
Spent a bunch of time the other day trying to figure out why my system somehow no longer had php-curl extension on it... post investigation i realised my terminal that was open was on my host system rather than the vm i operate in.
Ao i stood up and went to make mote coffee as it was clearly required. -
So I'm the only tester at my company, and I've had to adapt a lot of my skills to fit in with our in house expectations. So everything was fine when I focused on trying one component (manual and automation).
Slowly over time I've had more components to test with exact same resource of me.
Eventually my automatic breaks as I could no longer maintain that and all the other manual tests and all the other jobs I do ( light level internal it support, jira ticket rangerling, rollbar (error messages) basic investigation).
My boss keeps saying why is x,y,z not tested / missed while I can point to time periods where was focused on v instead so didn't get to others.
I keep wanting to just hit them with a keyboard until they realise 10± devs to one qa in our environment just isn't going to work.
I keep getting promised some dev time to help with qa so I can play catch up but never seems to arrive.
Don't get me wrong I'm not the best I used to be at testing(before joining I was proud of my abilities, maybe all stick and not enough carrot wears you down)
We keep taking on new work flows that make no sense (create a bug ticket, then a task ticket if bug take more than hour to do, then I'm stuck chasing developers to update their task ticket so I cam update the bug ticket (if its a bug then log sodding log time against it).
I've gotten to point now where I'm stopping my suggestions, explaining why something didn't get dome and will see if they can answer their own stupid questions
At what point do you stop ignoring the voices in your head (metaphorically).
Do other people go through this cycle where feel like pushing a boulder up the hill, for them to either push your boulder down the hill, replace it with a bigger boulder, move to a bigger hill, get you to move more rocks at once or all the above.
I know QA has its quite and busy phases but for me it seems to be constantly busy with no respite4 -
I remember when I started in programming, I literally copy/paste a typical "hello world"...
It failed to compile.
After a exhaustive investigation, I found the huge differences between VB6 and VB.net. -
Dependability is a fundamental more modest than common expertise for bosses
New managers a significant part of the time feel that since they have been raised to the heap up they ought to know everything immediately. Truly, it anticipates that adventure should gain capacity with the association styles and approaches that turn out to be cruel for your social affair. Being flexible and being open to the bewildering will assist you with changing into a useful manager. A Roman scientist named NURS FPX 4000 Assessment 4 Analyzing a Current Health Care Problem or Issue Seneca is credited with saying, "Karma slants toward the coordinated." And while karma can earnestly play a consider life, all that verifiably pivots around orchestrating yourself for when incredible karma comes your bearing. Excellent affiliations do this by orchestrating themselves for an entrance through status and planning.
Plan for disappointment and goofs - it's really clever to expect them a lot early so you can lessen the effect. A SWOT assessment (Qualities, Shortcomings, Anticipated open doorways and Risks) is an important instrument for this. The more you plan for a social event the more useful it will be. Approach saves time by lessening blunders, forestalling re-work and shortening works out. And it in addition decreases pressure, which is overall something that would justify being thankful for! Other than being a NURS FPX 4010 Assessment 1 Collaboration and Leadership Reflection Video State financed School English educator, Kine is in this way the head of Ryan Search & Directing and facilitates Held Supervisor Pursue, Help and Drive New turn of events. His clients range different undertakings from Headway to Monetary Associations.
Whether an overwhelming event, network prosperity break or stock association disrupting impact, astounding occasions can emerge whenever. Being available to the unexpected assists you with finding sure results and make depend with your partners. One strategy for doing this is to remain mindful of vulnerability, where you proceed with like the circumstance is both customary and novel. This assists you with expanding your NURS FPX 4010 Assessment 3 Interdisciplinary Plan Proposal data affirmation and seek after the most ideal choice. ClickUp's Business Development Plan Configuration is an incredible contraption for planning the normal and the unforeseen!
Dependability is an essential limited scope ability for bosses to make. Supervisors should be ready to have authentic two-way discussions with specialists and should endeavor to get themselves when they are concealing reality or lying. Fair correspondences among supervisors and representatives can assist with fostering a positive work environment culture and can expect a fundamental part in the connection's prospering. While giving investigation, supervisors ought to convey NURS FPX 4020 Assessment 1 Enhancing Quality and Safety both the positive and negative parts of a representative's show. They ought to in addition have the decision to give obliging assessment and backing workers when essential. This correspondence style is as frequently as conceivable implied as moderate candor.
MORE
Instagram is a powerful tool for businesses
The best digital marketing agencies
Instagram is an amazing asset for businesses