Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Last week, someone contacted me, he said he needed me to fix the existing code on a new WordPress website because the developer did a messy job, so I thought to myself, it can't be that bad, requested for the SSH access and got into the server.
Guys.
Guys..
Guys...
I was wrong, some people really know how to fuck shit up.
I don't want to go into details but there were legit more than 50 plugins installed and activated on the website for no good reason and all the pages took about 45 minutes each to render if not more, so you can literally request a new page, start making coffee and use the washing machine and if you are lucky to have spent 45 minutes, return to a fully loaded page.
For a new WordPress website, it seemed really old.
It was almost as if this developer had a line of code that looked like this:
@Import 'all the bad programming practices ever and the ones yet to be invented';20 -
Today I found an error in how we handle credit on invoices in our software.
This is the first time my boss has ever made a legit pull request for me to review of his.
Damn I feel proud! -
TL;DR: Google asked me to PROVIDE a phone number to verify connection from a new device, on the said device.
Yesterdayto log into my work Google account from my personal laptop to check emails, calendars update and so on. I opened up a private navigation window, went to Google sign-in page, entered my credentials, all is well.
Google then decided to "verify it's me" and prompted me to PROVIDE a phone number (work account without work phone means no phone number set up) so that they can send a verification code to the number I just provided to make sure the connection is legit.
Didn't want to do that, clicked "use another method" and got asked to fill the last password I remember, which would be my current password thanks to my trusty password manager. After submitting, I'm prompted with an error saying I have to contact my admin to reset my password because they can't log me in with my CURRENT password.
I ain't gonna do that, so went back to login page, provided my phone number, got the code, filled in the code, next thing I know I'm browsing through my emails.
What the duck? Could have been anybody giving any phone number. So much for extra security.
Also don't care that they have my phone number, the issue is more about the way used to obtain it: locking me out of my account and having no other way of logging in.6 -
Had a legit argument with a manager about the text in a drop down menu. I argued that it should actually state what the option was for because I care about the user experience... Management wanted to conceal several business logic steps behind an unrelated option in the same menu because of a literal interpretation of the process and the client's request.
Interfaces should tell the user what is going on...2 -
The global joke of Information Security
So I broke my iPhone because the nuclear adhesive turned my display into a shopping bag.
This started the ride for my character arc in this boring dystopia novel:
Amazon is preventing me from accessing my account because they want my password, email AND mobile phone number in their TWO.STEP Verifivation.
Just because one too many scammers managed to woo one too many 90+y/o's into bailing their long lost WW2 comrades from a nigerian jail with Amazon gift cards and Amazon doesn't know what to do about anymore,
DHL is keeping my new phone in a "highly secure" vault 200m away from my place, waiting for a letter to register some device with a camera because you need to verify your identity with an app,
all the while my former car insurance is making regress claims of about 7k€ against me for a minor car accident (no-one hurt fortunately, but was my fault).
Every rep from each of the above had the same stupid bitchass scapegoat to create high-tech supra chargers to the account deletion request:
- Amazon: We need to verify your password, whether the email was yours and whether the phone number is yours.
They call it 2-step-verification.
Guess what Amazon requests to verify you before contacting customer support since you dont have access to your number? Your passwoooooord. While youre at it, click on that button we sent you will ya? ...
I call this design pattern the "dement Tupi-Guarani"
- DHL: We need an ID to verify your identity for the request for changing the delivery address you just made. Oh you wanted to give us ANOTHER address than the one written on your ID? Too bad bro, we can't help, GDPR
- Car Insurance: We are making regress claims against you, which might throw you back to mom's basement, oh and also we compensated the injured party for something else, it doesn't matter what it is but it's definitely something, so our claims against you just raised by 1.2k. Wait you want proof we compensated something to the injured at all? Nah mate we cant do that , GDPR. But trust me, those numbers are legit, my quant forecasted the cost of childrens' christmas wishes. You have 14 days or we'll see you in court haha
I am also their customer in a pension scheme. Something special to Germany, where you save some taxes but have to pay them back once you get the fund paid out. I have sent them a letter to terminate the contract.
Funniest thing is, the whole rant is my second take. Because when I hit the post button, devrant made me verify my e-mail. The text was gone afterwards. If someone from devRant reads this, you are free to quote this in the ticket description.
Fuck losing your virginity, or filing your first tax return, or by God get your first car, living through this sad Truman dystopia without going batshit insane is what becoming a true adult is.
I am grateful for all this though:
Amazon's safety measures prevented me from spending the money I can use to conclude the insurance odyssey, and DHLs "giving a fuck about customers" prevention policies made me support local businesses. And having ranted all this here does feel healthy too. So there's that.
Oh, cherry on top. I cant check my balance, because I can only verify my login requests to my banking account wiiiiiiith...?2 -
Ok... so I have a unique question/opportunity. I can't give all the details but here's the jist:
3yrs ago I was hired to consult a now prominent(still decently well known then) web-based company with many thousands of users, dealing with a lot of money and leveraging a social environment. They had several issues but initially they really needed me to find/train chat mods.
I did not take the offer for monetary reasons, like all consulting I've done, I had additional reason and/or fondness to fix the issues. In this case it was an interesting challenge and I knew several customers and some support staff so it'd be worthwhile.
They (without request) reduced their typical 2mo probationary period to 2wk for me. With less than a day left of that period, I was 'hacked' via a pushed telegram update, on the account they made me create for work purposes (they had control of the phone number not me).
During this 'hack' one of the 2, currently active, culprits sent a message to his tg account from the 'hacked' one and quickly deleted the entire convo. The other pretended (poorly) to be me in the chat with the mods in training (at least a few directly witnessed this and provided commentary).
Suddenly, I was fired without any rationale or even a direct, non-culprit, saying anything to me.
The 'hack' also included some very legit, and very ignorantly used, Ukrainian malware.
This 'hack' was only to a 2nd gen lenovo yoga I got due to being a certified refurbisher... just used for small bs like this chat mod/etc job. I even opened up my network, made honey pots, etc., waiting for something more interesting... nope not even an attempt at the static ip.
I started a screen recording program shortly after this crap started (unfortunately after the message sent be 'me' to the dude who actually sent it happened... so i still dont know the contents).
I figured I'd wait it out until i was bored enough or the lead culprit was at a pinnacle to fall from...
The evidence is overwhelming. This moron had no clue what he was doing (rich af by birth type)... as this malware literally created an unhidden log file, including his info down to the MAC id of his MacBook... on my desktop in real time (no, not joking... that stupid)
Here's my quandary... Due to the somewhat adjacent nature of part of our soon to be public start-up... as i dont want it to turn into some coat tail for our tech to ride on for popularity... it's now or never.
Currently im thinking, aside from any revenge-esq scheme, it'd be somewhat socially irresponsible to not out him to his fellow investors and/or the organisation that is growing with him as one of few at the forefront... ironically all about trust/safety/verification of admins in the industry.
I tried to reach out to him and request a call... he's still just as immature. Spent hours essentially spamming me while claiming it wasnt him but hed help me find whoever it was... and several other failed attempts to know what i had. When i confirmed he wasnt going to attempt a call, i informed him id likey mute him because i don't have time for back and forth bs. True to form he deleted the chat (i recorded it but its of no value).
So... any thoughts?7 -
GET Requests with a BODY as a payload are legit and stop living in denial!
TALKING TO YOU ANGULAR!
I'm fucking sick of seeing ignorant people(on SO or GitHub) coming up with the generic advice, on HTTP GET issues with having a BODY as a payload, to don't do that or you shouldn't, yadayadayada.
It's not a fucking issue at all in general, because as RFC-7231(https://tools.ietf.org/html/...) sais:
"A payload within a GET request message has no defined semantics; sending a payload body on a GET request might cause some existing implementations to reject the request."
So, if your fucking server can't handle them(aka living in the past), [rest] in peace and suck it up!
(ps, I happen to use modern servers)
But why should you limit a fucking front-end framework(ex. Angular) in the first plate to being able to send such requests?!
It's a moronic limitation and the person or team responsible for it are at least clueless and as far the issue has reappeared through time, for how old is Angular, they didn't move an inch.14 -
So i am at an MNC as a summer internship, me along with 18 other students from my university cleared this hackathon and got selected for this internship,
Few things you should know
1. Amongst all the other candidates i had the most work experience
2. I had worked with a lot of python and JavaScript
3. I legit have more skills then almost everyone working in my team
So, I don't know how but the HR decided i should go to this team, where there are no developers and are people of age 30 who have no idea what django is,
I was fucking frustrated but i let it go, thinking i will just solve this problem and will change my team, calm down
They told me about the project. I said okay give me access i will just finish it.
5 days no signs of access anyhow, so, i sucked it up and tracked all the network request and made my own api,
Then I was happy i get rid of this project,
But then they had bigger plans they ask me to add features on this project but there is a catch you have no access to any accounts, do it on your own,
Like What the Fuck, before giving an intern any project don't you have the responsibility to check weather the fucking project is possible i am just wasting my summer internship. I thought I got a big company it will help me grow i will get job security, but noo wtf, i am hell of frustrated1 -
Working with nightly builds and concept tech is such a fucking hassle...
I'm currently working on a WebAssembly proof of concept where I need to generate a unique id, but since threading is currently not supported (rust and webassembly) I cant use half of the libraries currently out.
And the ones that does work... guess what... are not compatible with the nightly build of the compiler I'm using for Rust. Just fucking end me.
The legit only workaround I can find is to make a server request and get the unique id from there... piece of cunt software...I need a break 😑
Top Tags
Weekly Rant
View