I just earned a badge on StackOverflow, let me quote it:

"You've earned the 'Tumbleweed' badge (Asked a question with zero score, no answers, no comments, and low views for a week) for [title]"

... Bruh, am I supposed to be happy now?

So, some time ago, I was working for a complete puckered anus of a cosmetics company on their ecommerce product. Won't name names, but they're shitty and known for MLM. If you're clever, go you ;)

Anyways, over the course of years they brought in a competent firm to implement their service layer. I'd even worked with them in the past and it was designed to handle a frankly ridiculous-scale load. After they got the 1.0 released, the manager was replaced with some absolutely talentless, chauvinist cuntrag from a phone company that is well known for having 99% indian devs and not being able to heard now. He of course brought in his number two, worked on making life miserable and running everyone on the team off; inside of a year the entire team was ex-said-phone-company.

Watching the decay of this product was a sheer joy. They cratered the database numerous times during peak-load periods, caused $20M in redis-cluster cost overrun, ended up submitting hundreds of erroneous and duplicate orders, and mailed almost $40K worth of product to a random guy in outer mongolia who is , we can only hope, now enjoying his new life as an instagram influencer. They even terminally broke the automatic metadata, and hired THIRTY PEOPLE to sit there and do nothing but edit swagger. And it was still both wrong and unusable.

Over the course of two years, I ended up rewriting large portions of their infra surrounding the centralized service cancer to do things like, "implement security," as well as cut memory usage and runtimes down by quite literally 100x in the worst cases.

It was during this time I discovered a rather critical flaw. This is the story of what, how and how can you fucking even be that stupid. The issue relates to users and their reports and their ability to order.

I first found this issue looking at some erroneous data for a low value order and went, "There's no fucking way, they're fucking stupid, but this is borderline criminal." It was easy to miss, but someone in a top down reporting chain had submitted an order for someone else in a different org. Shouldn't be possible, but here was that order staring me in the face.

So I set to work seeing if we'd pwned ourselves as an org. I spend a few hours poring over logs from the log service and dynatrace trying to recreate what happened. I first tested to see if I could get a user, not something that was usually done because auth identity was pervasive. I discover the users are INCREMENTAL int values they used for ids in the database when requesting from the API, so naturally I have a full list of users and their title and relative position, as well as reports and descendants in about 10 minutes.

I try the happy path of setting values for random, known payment methods and org structures similar to the impossible order, and submitting as a normal user, no dice. Several more tries and I'm confident this isn't the vector.

Exhausting that option, I look at the protocol for a type of order in the system that allowed higher level people to impersonate people below them and use their own payment info for descendant report orders. I see that all of the data for this transaction is stored in a cookie. Few tests later, I discover the UI has no forgery checks, hashing, etc, and just fucking trusts whatever is present in that cookie.

An hour of tweaking later, I'm impersonating a director as a bottom rung employee. Score. So I fill a cart with a bunch of test items and proceed to checkout. There, in all its glory are the director's payment options. I select one and am presented with:

"please reenter card number to validate."

Bupkiss. Dead end.

OR SO YOU WOULD THINK.

One unimportant detail I noticed during my log investigations that the shit slinging GUI monkeys who butchered the system didn't was, on a failed attempt to submit payment in the DB, the logs were filled with messages like:

"Failed to submit order for [userid] with credit card id [id], number [FULL CREDIT CARD NUMBER]"

One submit click later and the user's credit card number drops into lnav like a gatcha prize. I dutifully rerun the checkout and got an email send notification in the logs for successful transfer to fulfillment. Order placed. Some continued experimentation later and the truth is evident:

With an authenticated user or any privilege, you could place any order, as anyone, using anyon's payment methods and have it sent anywhere.

So naturally, I pack the crucifixion-worthy body of evidence up and walk it into the IT director's office. I show him the defect, and he turns sheet fucking white. He knows there's no recovering from it, and there's no way his shitstick service team can handle fixing it. Somewhere in his tiny little grinchly manager's heart he knew they'd caused it, and he was to blame for being a shit captain to the SS Failboat. He replies quietly, "You will never speak of this to anyone, fix this discretely." Straight up hitler's bunker meme rage.

few years back,I wanted to be become supercar designer or weapon designer.

Due low grade in 12th.I got admission in computer science instead of mechanical.

c was introduced in 1st sem.

Score well in first year.

college offer me to change my field cs -> mechanical

4 year later (now)

2 drop's
1) due to health
2) financial issues

happy to be full stack developer.

still like cars and weapons but choosed cs as my real career.

"You've earned the Tumbleweed badge (asked a question with zero score, no answer, no comments, and low viewed for a week)..."

Thanks SO!! When I feel down, you can always make me feel lower...

This is my first post. I felt like if I'm wrote this I'll just be a big fat crybaby, but i need to release this pressure from me.

I've been pretty burnt out past 6 month.

So a little bit backstory here, I've come from broken family, and currently on my 7th semester of college. But I've been part of small startup as mobile apps developer for a year and a half now.

6 month ago, it just a year of recovery from a toxic relationship that basically ruins my college life. I have really bad GPA (bad score for being absent from classes), basically no friends, and a barely passable (or even bad) skill in Android Dev. Then I got new girlfriend that really supportive for me. But after 2 months, her parents ask me if I would marry her or not. because if not, I have to broke up with her (We're in Indonesia and both of us is Muslim, so outside marriage relationship is kinda in "grey area" depend on who you ask). So I have to choose to marry her or not, and I choose the marriage. I think I have enough saving and just enough income to support both of us.

Then it's been a downward spiral from there.

The startup that I've been working on were in a pretty bad shape. I've been underpaid since the beginning (and that's not really a problem for me at that time, that's my choice and I blame no one) but abysmal growth and some miss management force us to scale back and makes me basically in a non-paying jobs.

So I take college break for a semester and been trying to find projects here and there for marriage savings, but because the weak employee protection here, lots of the projects I have completed have yet to pay the fee (even until today). And even if they paid me, most of it were really low paying jobs (we're talking $200 per 3 weeks project here, to be fair, for our average GDP, it's not bottom-low).

And the deadline is approaching, our marriage date is settled in (very) early January 2019, and i've been in this "not yet graduated but needs job" limbo. Most of employer here still has the old "Degree Based" Job specs, and not "Skill Based" one. so because de-jure I've still a "College Student" no Job listing is willing to take me in. I've apply to almost 30 Job Listing and just get interview once, and still failed because I can't move to the company area, too far and have too expensive living cost vs the salary ($300 living cost vs $450 salary, while i need to give money to my girlfriend back home for a living).

So I switch my direction to Competitions with Extra Job offering as a Bonus, and I've been pretty close to winning one, held by CIMB Bank, but still failed. It's little bit better now because CIMB came interested with me but there is red flag which I need to graduate with decent GPA before July 2019, and in current GPA? it's practically impossible.

Can it getting worse? oh it can. Remember I come from broken home family? it's inherently hard to keeps communication with both of my parents that to this day still despise each other. And while my mother is still supportive to my marriage, my father isn't. He even basically disowned me last week because my one-sided decision to marry my girlfriend, and blame my mother for being the "bad influence" for me.

And now, today, December 16th, and I'm still in this weird Limbo and have nowhere to go. with $0 in my pocket (have spent all of my savings for marriage preparation) And our marriage is approaching. I almost given up.

Applicant: I have 7 years of experience in software development industry and here is my repo/portfolio for you to look at.

Manager: I don't need it. Take the 5 hours coding exam.

*Applicant scores low

Manager: You didn't score high. Thank for applying at Stack****. Goodbye

Applicant: Wait, sorry but do you judge all applicants only through an exam?

Manager: Yes. Exam tells how expert the applicant is.

My Teacher wouldn't understand the responsiveness of UI I designed and gave me 10pts for that.

I was told that my design is too unrealistic and idealistic for it to implement..
I used some css framework(to reduce the amount of work to be done) and javascript.

My dream is to become a web developer and make Desktop application with a use of ElectronJS(Currently devRantron is using).

One last thing... FUCK YOU, FOR GIVING ME A LOW SCORE FOR MY DESIGN.

Been at my parents place (in Ostrfriesland) over the weekend.
Only had to fix 2 phones and their printer!

New low score for a long time.

1st. Put my Razor Blackshark Aviator headset on. Noise cancellation the low-tech way with full earcups.

2nd. I go on music genre binges for weeks at a time. Lately I've been listening to Viking inspired Dark Folk music like Wardruna, Fejd, Corvus Corax, and Forndom. That came after I did a month of proto rock n roll blues from the southern United States like Leadbelly, Blind Willie Johnson, and Mississippi John Hurt. I also drop some liquid DnB on a bender here and there.

3rd. I set up Hyper.is terminal to use the power plugin that makes sparks fly off of each keystroke.

4th. I set up Atom to work similarly with a continuous code counter that keeps a score of how long and fast you type continuously when coding. It also throws sparks off of the cursor as you type.

5th. Pop my neck and fingers and geterdun.

I am a programming teacher in a local university, I started five years ago, but in this semester I feel very tired, the students don't want to learn. I tray many methodologies and practical protects but the interest show by they is very low. the worst thing is that in anonymous evaluation I get good score but my objective is that students become in a great programmers ¿any advice?

Why is it a highscore and not highestscore?
I mean how can a low score be a highscore, while a high score does not have to be a highscore...

Probably not worst but back when I was in graduate school I used '=' instead of '.equals()' for a string, by mistake. My professor was so pissed and taunted in front of whole class about how dumb people are here without taking any names(btw I didn't realize that guy was me until later) and gave me a low score

I told her later it really doesn't matter if I used either because '=' worked just fine in my case. She was a little more pissed after knowing that I wasn't wrong. 😜

Finding out React components score very low on accessibility tests.

This applies especially to imported libraries.

If anyone has any good tips after a similar experience, do share.