The GET /users endpoint will return a page of the first 13 users by default.

To request other pages, add |-separated querystring with the limit and offset, as roman numerals enclosed in double quotation marks. Response status is always equal to 200, plus the total count of the resource, or zero when there's an error.

You can include an array of friends of the user in the result by setting the request header "friends" to the base64-encoded value of the single white pixel png.

Other metadata is not included by default in responses, but can be requested by appending ?meta.json to any endpoint, which will return an xml response.

If you want to update the user's profile picture, you can request an OAuth token per fax machine, followed by a pigeon POST capsule containing a filename and a rolled up Polaroid picture. The status code attached to the return postal dove will be the decimal ASCII code for a happy smiley on success, and a sad smiley if any field fails form validation.

-- Every single external REST API I've ever worked with.

So, Facebook is acquiring Giphy. The amount of metadata they're about to get is fucking insane.

And since I refuse to personally use anything Facebook related... I won't be able to use the GIF integration of any messenger and many more products/services anymore, I guess...

Just fucking great. Fucking die, Facebook.

I recently joined the dark side - an agile consulting company (why and how is a long story). The first client I was assigned to was an international bank. The client wanted a web portal, that was at its core, just a massive web form for their users to perform data entry.

My company pitched and won the project even though they didn't have a single developer on their bench. The entire project team (including myself) was fast tracked through interviews and hired very rapidly so that they could staff the project (a fact I found out months later).

Although I had ~8 years of systems programming experience, my entire web development experience amounted to 12 weeks (a part time web dev course) just before I got hired.

I introduce to you, my team ...

Scrum Master. 12 years experience on paper.
Rote memorised the agile manifesto and scrum textbooks. He constantly went “We should do X instead of (practical thing) Y, because X is the agile way.” Easily pressured by the client to include ridiculous (real time chat in a form filling webpage), and sometimes near impossible features (undo at the keystroke level). He would just nag at the devs until someone mumbled ‘yes' just so that he would stfu and go away.

UX Designer. 3 years experience on paper ... as business analyst.
Zero professional experience in UX. Can’t use design tools like AI / photoshop. All he has is 10 weeks of UX bootcamp and a massive chip on his shoulder. The client wanted a web form, he designed a monstrosity that included several custom components that just HAD to be put in, because UX. When we asked for clarification the reply was a usually condescending “you guys don’t understand UX, just do <insert unhandled edge case>, this is intended."

Developer - PHD in his first job.
Invents programming puzzles to solve where there are none. The user story asked for a upload file button. He implemented a queue system that made use of custom metadata to detect file extensions, file size, and other attributes, so that he could determine which file to synchronously upload first.

Developer - Bootlicker. 5 years experience on paper.
He tried to ingratiate himself with the management from day 1. He also writes code I would fire interns and fail students for. His very first PR corrupted the database. The most recent one didn’t even compile.

Developer - Millennial fratboy with a business degree. 8 years experience on paper.
His entire knowledge of programming amounted to a single data structures class he took on Coursera. Claims that’s all he needs. His PRs was a single 4000+ line files, of which 3500+ failed the linter, had numerous bugs / console warnings / compile warnings, and implemented 60% of functionality requested in the user story. Also forget about getting his attention whenever one of the pretty secretaries walked by. He would leap out of his seat and waltz off to flirt.

Developer - Brooding loner. 6 years experience on paper.
His code works. It runs, in exponential time. Simply ignores you when you attempt to ask.

Developer - Agile fullstack developer extraordinaire. 8 years experience on paper.
Insists on doing the absolute minimum required in the user story, because more would be a waste. Does not believe in thinking ahead for edge conditions because it isn’t in the story. Every single PR is a hack around existing code. Sometimes he hacks a hack that was initially hacked by him. No one understands the components he maintains.

Developer - Team lead. 10 years of programming experience on paper.
Writes spaghetti code with if/else blocks nested 6 levels deep. When asked "how does this work ?”, the answer “I don’t know the details, but hey it works!”. Assigned as the team lead as he had the most experience on paper. Tries organise technical discussions during which he speaks absolute gibberish that either make no sense, or are complete misunderstandings of how our system actually works.

The last 2 guys are actually highly regarded by my company and are several pay grades above me. The rest were hired because my company was desperate to staff the project.

There are a 3 more guys I didn’t mention. The 4 of us literally carried the project. The codebase is ugly as hell because the others merge in each others crap. We have no unit tests, and It’s near impossible to start because of the quality of the code. But this junk works, and was deployed to production. Today is it actually hailed as a success story.

All these 3 guys have quit. 2 of them quit without a job. 1 found a new and better gig.

I’m still here because I need the money. There’s a tsunami of trash code waiting to fail in production, and I’m the only one left holding the fort.

Why am I surrounded by morons?
Why are these retards paid more than me?
Why are they so proud when all they produce is trash?
How on earth are they still hired?

And yeah, FML.

It's maddening how few people working with the internet don't know anything about the protocols that make it work. Web work, especially, I spend far too much time explaining how status codes, methods, content-types etc work, how they're used and basic fundamental shit about how to do the job of someone building internet applications and consumable services.

The following has played out at more than one company:

App: "Hey api, I need some data"
API: "200 (plain text response message, content-type application/json, 'internal server error')"
App: *blows the fuck up

*msg service team*

Me: "Getting a 200 with a plaintext response containing an internal server exception"
Team: "Yeah, what's the problem?"
Me: "...200 means success, the message suggests 500. Either way, it should be one of the error codes. We use the status code to determine how the application processes the request. What do the logs say?"
Team: "Log says that the user wasn't signed in. Can you not read the response message and make a decision?"
Me: "That status for that is 401. And no, that would require us to know every message you have verbatim, in this case, it doesn't even deserialize and causes an exception because it's not actually json."
Team: "Why 401?"
Me: "It's the code for unauthorized. It tells us to redirect the user to the sign in experience"
Team: "We can't authorize until the user signs in"
Me: *angermatopoeia* "Just, trust me. If a user isn't logged in, return 401, if they don't have permissions you send 403"
Team: *googles SO* "Internet says we can use 500"
Me: "That's server error, it says something blew up with an unhandled exception on your end. You've already established it was an auth issue in the logs."
Team: "But there's an error, why doesn't that work?"
Me: "It's generic. It's like me messaging you and saying, "your service is broken". It doesn't give us any insight into what went wrong or *how* we should attempt to troubleshoot the error or where it occurred. You already know what's wrong, so just tell me with the status code."
Team: "But it's ok, right, 500? It's an error?"
Me: "It puts all the troubleshooting responsibility on your consumer to investigate the error at every level. A precise error code could potentially prevent us from bothering you at all."
Team: "How so?"
Me: "Send 401, we know that it's a login issue, 403, something is wrong with the request, 404 we're hitting an endpoint that doesn't exist, 503 we know that the service can't be reached for some reason, 504 means the service exists, but timed out at the gateway or service. In the worst case we're able to triage who needs to be involved to solve the issue, make sense?"
Team: "Oh, sounds cool, so how do we do that?"
Me: "That's down to your technology, your team will need to implement it. Most frameworks handle it out of the box for many cases."
Team: "Ah, ok. We'll send a 500, that sound easiest"
Me: *..l.. -__- ..l..* "Ok, let's get into the other 5 problems with this situation..."

Moral of the story: If this is you: learn the protocol you're utilizing, provide metadata, and stop treating your customers like shit.

What kind of supercomputer you have to use to get these fucking websites to work smoothly????

I'm on a fucking gigabit connection, ryzen 7 7700x, 32GB ram, and a fucking nvme, all it takes is opening a fucking recipe site and I'm instantly transported back to the 80s. I swear if i see another 4k asset I'm gonna punch something.

WHAT THE FUCK HAPPENED TO FUNCTION OVER FORM????

Oh do you want me to disable my addblocker??? How about: you make a site that works you fuck. No i will not fucking subscribe to your brain-dead newsletter why the fuck would I???
And since when are cookies needed for a fucking plaintext site you asshat??? Tracking??? I swear if you could you would generate metadata from my clipped fingernails if it meant you could stick "Big data" next to that zip-bomb you call a website.

I WOULD like to read your article, possibly even watch a couple of ads on my sidebar for you, but noooooo you had to have the stupid fucking google vinegrette or however the fuck they are calling the fucking thing now.

The age of the web sucks the happiness out of life, and despite having all of this processing power, I am jealous of my fathers RSS feeds.

I'm sorry web people, I know it's not your fault, I know designers and management don't give a shit how long a website takes to load. I just wanted to make a fucking omelette.

Hey devRanters! A tiny update regarding the privacy tips etc site.

So as ewpratten doesn't have much time right now, I'm doing frontend as well for now.

Since some people also offered to contribute content, which I did not expect, I am also writing an invite/registration (based on invites) as we speak. So, this way, I can invite anyone (based on email address) into the CMS so that they can contribute content as well!

Regarding frontend, I'm introducing a system with icons. Icons? Yes, icons, let me explain:

Every application/service will get a couple of default filtering thingies. (not like clicking something and it'll filter anything out, yet) It'll enable users to see what an application does or does not. What the FUCK do you mean? Alright, so, as example, lets say open source. next to each application (read application/service) listed, there will be an open source icon. If the application is open source, this icon will be green, otherwise it will be red.

This will allow for a quick way of filtering stuff out.

For example, if you're only looking for open source stuff, you can quickly filter stuff out where the open source icon is red!

This will apply to things as open sourceness, metadata saving, usage of good crypto technology and so on. So you'll be able to quickly filter out the stuff you want to use (by eyes) through those filters!

Please let me know what you think and if you have ideas, I'll be glad to hear them!

So, some time ago, I was working for a complete puckered anus of a cosmetics company on their ecommerce product. Won't name names, but they're shitty and known for MLM. If you're clever, go you ;)

Anyways, over the course of years they brought in a competent firm to implement their service layer. I'd even worked with them in the past and it was designed to handle a frankly ridiculous-scale load. After they got the 1.0 released, the manager was replaced with some absolutely talentless, chauvinist cuntrag from a phone company that is well known for having 99% indian devs and not being able to heard now. He of course brought in his number two, worked on making life miserable and running everyone on the team off; inside of a year the entire team was ex-said-phone-company.

Watching the decay of this product was a sheer joy. They cratered the database numerous times during peak-load periods, caused $20M in redis-cluster cost overrun, ended up submitting hundreds of erroneous and duplicate orders, and mailed almost $40K worth of product to a random guy in outer mongolia who is , we can only hope, now enjoying his new life as an instagram influencer. They even terminally broke the automatic metadata, and hired THIRTY PEOPLE to sit there and do nothing but edit swagger. And it was still both wrong and unusable.

Over the course of two years, I ended up rewriting large portions of their infra surrounding the centralized service cancer to do things like, "implement security," as well as cut memory usage and runtimes down by quite literally 100x in the worst cases.

It was during this time I discovered a rather critical flaw. This is the story of what, how and how can you fucking even be that stupid. The issue relates to users and their reports and their ability to order.

I first found this issue looking at some erroneous data for a low value order and went, "There's no fucking way, they're fucking stupid, but this is borderline criminal." It was easy to miss, but someone in a top down reporting chain had submitted an order for someone else in a different org. Shouldn't be possible, but here was that order staring me in the face.

So I set to work seeing if we'd pwned ourselves as an org. I spend a few hours poring over logs from the log service and dynatrace trying to recreate what happened. I first tested to see if I could get a user, not something that was usually done because auth identity was pervasive. I discover the users are INCREMENTAL int values they used for ids in the database when requesting from the API, so naturally I have a full list of users and their title and relative position, as well as reports and descendants in about 10 minutes.

I try the happy path of setting values for random, known payment methods and org structures similar to the impossible order, and submitting as a normal user, no dice. Several more tries and I'm confident this isn't the vector.

Exhausting that option, I look at the protocol for a type of order in the system that allowed higher level people to impersonate people below them and use their own payment info for descendant report orders. I see that all of the data for this transaction is stored in a cookie. Few tests later, I discover the UI has no forgery checks, hashing, etc, and just fucking trusts whatever is present in that cookie.

An hour of tweaking later, I'm impersonating a director as a bottom rung employee. Score. So I fill a cart with a bunch of test items and proceed to checkout. There, in all its glory are the director's payment options. I select one and am presented with:

"please reenter card number to validate."

Bupkiss. Dead end.

OR SO YOU WOULD THINK.

One unimportant detail I noticed during my log investigations that the shit slinging GUI monkeys who butchered the system didn't was, on a failed attempt to submit payment in the DB, the logs were filled with messages like:

"Failed to submit order for [userid] with credit card id [id], number [FULL CREDIT CARD NUMBER]"

One submit click later and the user's credit card number drops into lnav like a gatcha prize. I dutifully rerun the checkout and got an email send notification in the logs for successful transfer to fulfillment. Order placed. Some continued experimentation later and the truth is evident:

With an authenticated user or any privilege, you could place any order, as anyone, using anyon's payment methods and have it sent anywhere.

So naturally, I pack the crucifixion-worthy body of evidence up and walk it into the IT director's office. I show him the defect, and he turns sheet fucking white. He knows there's no recovering from it, and there's no way his shitstick service team can handle fixing it. Somewhere in his tiny little grinchly manager's heart he knew they'd caused it, and he was to blame for being a shit captain to the SS Failboat. He replies quietly, "You will never speak of this to anyone, fix this discretely." Straight up hitler's bunker meme rage.

What I'm posting here is my 'manifesto'/the things I stand for. You may like it, you may hate it, you may comment but this is what I stand for.

What are the basic principles of life? one of them is sharing, so why stop at software/computers?
I think we should share our software, make it better together and don't put restrictions onto it. Everyone should be able to contribute their part and we should make it better together. Of course, we have to make money but I think that there is a very good way in making money through OSS.

Next to that, since the Snowden releases from 2013, it has come clear that the NSA (and other intelligence agencies) will try everything to get into anyone's messages, devices, systems and so on. That's simply NOT okay.
Our devices should be OUR devices. No agency should be allowed to warrantless bypass our systems/messages security/encryptions for the sake of whatever 'national security' bullshit. Even a former NSA semi-director traveled to the UK to oppose mass surveillance/mass govt. hacking because he, himself, said that it doesn't work.

We should be able to communicate freely without spying. Without the feeling that we are being watched. Too badly, the intelligence agencies of today do not want us to do this and this is why mass surveillance/gag orders (companies having to reveal their users' information without being allowed to alert their users about this) are in place but I think that this is absolutely wrong. When we use end to end encrypted communications, we simply defend ourselves against this non-ethical form of spying.
I'm a heavy Signal (and since a few days also Riot.IM (matrix protocol) (Riot.IM with end to end crypto enabled)), Tutanota (encrypted email) and Linux user because I believe that only those measures (open source, reliable crypto) will protect against all the mass spying we face today.
The applications/services I strongly oppose are stuff like WhatsApp (yes, encryted messages but the metadata is readily available and it's closed source), skype, gmail, outlook and so on and on and on.

I think that we should OWN our OWN data, communications, browsing stuffs, operating systems, softwares and so on.

This was my rant.

I am about to fire this client.

I can't take any more of this abject fucking stupidity.

I can't take any more sentence fragment responses to detailed questions and thorough responses.

I can't take any more expectations that I deliver consistent metadata and hundreds of pages of documentation, yet no one else has to do the same

I can't take any more rules only applying to/hamstringing me and my team

I can't take any more fucking gross incompetence and grossly undereducated shitfucks that get to send ridiculous bills and have 0 accountability while playing developer

I can't take any more obviously nepotistic and racist hiring that walks back every step of progress we've made in the last 50 years

I can't take not being able to call a spade a spade and being the villain when there's obvious graft occuring at every level

I can't take these old fucks padding their retirements while rendering everyone else contractors and cutting off opportunity for future generations

I can't take how absurdly, blisteringly stupid the business people are, or the fact that one average project managers with a recent PMI cert somehow bills what I do

I'm 100% going to drop dime on these fucks to every regulatory body they are beholden to, their investors, their corporate owners and USCIS, since I've already doxxed the shit out of all of my coworkers that don't remotely qualify for the positions they occupy.

Yesterday, after six months of work, a small side project ran to completion, a search engine written in django.

It's a thing of beauty, which took many trials, including discovering utf8 in mysql isn't the full utf8 spec, dealing with files that have wrong date metadata, or even none at all, a new it backup policy that stores backups along side real data.

Nevertheless, it is a pretty complete product. Beaming with pride I began to get myself a drink, and collapsed onto the floor, this caused me to accidentally hibernate my computer, which interrupted the network connection, which in turn caused an OSError exception in one of my threads, which caused a critical part of code not to run, which left a thread suspended, doing nothing.

From the floor I looked at my error and realised my hubris and meditated on my assumptions that in theory nothing should interrupt a specific block of code, but in reality something might, like someone falling over...

Java:
Primitive streams. Their need to exist is a monument to legacy failure.

VB.net
OrElse and AndAlso short-circuiting operators. The language designers were too fucking lazy to process logic, so they give specific keywords for those cases.

PHP
Random Hebrew error messages

JS
Eval. It can be used responsibly, but most of the times you see it it's because someone fucked up.

C#
Lack of Tuple destructuring in argument specification. Tuples were added, and pattern matching was added, and it's been getting better. The gear grinding starts with how Tuple identity assignment in arguments is handled. Rather than destructuring into the current scope, it coalesces the identity specification into a dot property of whatever the argument name is. This seems like an afterthought given they have ootb support for ignore characters.

Typescript
This will probably be remedied in the next version or two, but Tuple identity forwarding between anonymous scopes normalizes to arrays of union types, because tuples compile to typeless arrays. It's irritating because you end up having to restate the type metadata in functional series even when there is no possibility for any other code branch to have occurred.

Fuck Apple and its review system

So, this started in december. We wanted to publsih an app, after years of development.

Submit to review, and passes on the first try. Well, what do you know. We are on manual release option, so we can release together with the android counterpart. Well yes, but someone notices that the app name is not what was aggreed (App Name instead of AppName). Okay, should be easy, submit the same app, just the name changed. If it passed once, it will pass again, right? HAH

Rejected, because the description, why we use the device’s camera is too general. Well... its the purpose of the app... but whatever, i read the guidelines, okay, its actually documented with exapmles. BUT THEN WHY THE FUCK COULDNT YOU SAY THAT ON THE FIRST UPLOAD?

Whatever, fix it, new version, accepted, ready to release just in time.

It doesindeed roll out,but of course, we notice that the app has a giant issue, but only on specific phones. None of our test phones had this problem, but those who have, essentially cannot use our program. Nasty as it is, the fix is really easy, done in 5 minutes. Upload it asap, literally nothing changed from user point of view, except now it doesnt crash on said devices. Meanwhile 1 star reviews are arriving from these users - of course with all the right. Apple should allow this patch quickly, right? HAH

THE REAL BULLSHIT COMES NOW

With only config files changed, the same binary uploaded we get rejected? What now? Lets read it. “Metadata rejected, no need to upload new binary”.... oh fine only the store page is wrong? Easy. Read the message, what went wrong. “Referencing third party content is nit permitted on the app store” meaning that no android test device should be shown. Fine, your rules. They even send a picutre of the offending element. BUT ITS NOT EVEN ON THE STORE. THATS A SCREENSHOT OF THE APP. HOW IS THAT METADATA? I ask about this, and i get a reply, from either a bot, or a person who cant speak or read english, and only pasted a sample answer, repeating the previous message. WTF. Fine, i guess you are dumb, but since they stop replying to our queries, do the only sensible thing, re-record the offending tutorial video that actually contained an android device. This is about 2 weeks, after the first try to apply a simple patch to a broken app. And still, how did it pass the review 2 times?

Whatever, reupload again, play the waiting game for a week, when the promised average wait time is 2 days, they hit us with a message, that they want to know what patent we use in our apps core functionality. WTF WHY NOW? It didnt bother you for a month, let it release ti production and now you delay a simple patch for this? We send them what they know. Aaaaand they reply: sorry we need more time to review your app. FUUUUUUCKKK YOUUU. You are reviewing a PATCH with close to zero functional change!!! Then, this shit goes on, every week we ask about an ETA, always asking for patience... at the end it took another 3 weeks... so december 15 to jan 21 in total...

FOR. A. SINGLE. FUCKING. PATCH

Bottom line is what is infurating, apple cares that there is an android device in the tutorial video, but they dont care that a significant percentage of our users simply cannot use the app.

Im done

I’m on this ticket, right? It’s adding some functionality to some payment file parser. The code is atrocious, but it’s getting replaced with a microservice definitely-not-soon-enough, so i don’t need to rewrite it or anything, but looking at this monstrosity of mental diarrhea … fucking UGH. The code stink is noxious.

The damn thing reads each line of a csv file, keeping track of some metadata (blah blah) and the line number (which somehow has TWO off-by-one errors, so it starts on fucking 2 — and yes, the goddamn column headers on line #0 is recorded as line #2), does the same setup shit on every goddamned iteration, then calls a *second* parser on that line. That second parser in turn stores its line state, the line number, the batch number (…which is actually a huge object…), and a whole host of other large objects on itself, and uses exception throwing to communicate, catches and re-raises those exceptions as needed (instead of using, you know, if blocks to skip like 5 lines), and then writes the results of parsing that one single line to the database, and returns. The original calling parser then reads the data BACK OUT OF THE DATABASE, branches on that, and does more shit before reading the next line out of the file and calling that line-parser again.

JESUS CHRIST WHAT THE FUCK

And that’s not including the lesser crimes like duplicated code, misleading var names, and shit like defining class instance constants but … first checking to see if they’re defined yet? They obviously aren’t because they aren’t anywhere else in the fucking file!

Whoever wrote this pile of fetid muck must have been retroactively aborted for their previous crimes against intelligence, somehow survived the attempt, and is now worse off and re-offending.

Just.
Asdkfljasdklfhgasdfdah

Do you still store your music files locally?

I like owning my music files on my storage.

Disadvantages:
Storage space
Time spent organising metadata

Advantages:
Savour the quality
Accessible

I don't have an internet access all the time unless I'm home. I feel left behind seeing everyone just streaming music.

Jeez, I'll buy the tickets. Stop bugging me so much!

Hello devs, me and a friend want to do a little experiment. We want to install some kinda tracking software on his android phone to monitor everything he does for a few weeks to see what data/metadata his phone sends to what servers etc. Problem, we can't seem to find an app (free) which does this... Any recommendations?

Holy mother of god, Signal is working on a feature which makes that the sender part of the metadata is not readable for them (of course you still have accounts but not sure how they obfuscate that part) anymore.

This is taking metadata protection to the next motherfucking level.

Things I love of being a dev:

I downloaded a big list of .mp3's. The server gave them weird UUID's, but it kept their proper title on the metadata. I wanted to change the names to their proper title, and I could've done it by hand, but I decided to write a little script to do it. Well, I'm not a scripting geek, so I had to dive into how to get the metadata and format strings etc, the basics of PS. I'm pretty sure I wasted more time there than I would have just doing it by hand... but hey at least I learned something new! On my track to becoming a full-stack developer!

Anything to not do something so numbingly repetitive and uninspiring as that

Police: We use artificial intelligence to determine whether an image has been photoshopped or tampered with.

Code:
metadata.date_created != metadata.date_modified

when you start machine learning on you laptop, and want to it take to next level, then you realize that the data set is even bigger that your current hard-disk's size. fuuuuuucccckkk😲😲
P. S. even metadata csv file was 500 mb. Took at least 1 min to open it. 😭😧

I never thought to I'd say this about an open-source project, but if I wanted to single out an unbeatable case of "Bad Design", and the manifestation of the term "Redundancy Hell", It is definitely Calibre.

Single job: To keep some e-book files + some metadata.
What it does in brief: In a single dir as your library; From metadata stored IN each file; It generates subdirs <author_name>/<title_name>(<some_numerical_id>), copies the e-book file there, generates a jpg cover from the first page and also stores it there, generates an xml file to support legacy e-book formats (but it generates it anyway even for pdfs), which contains all the same metadata for the file, including title, author and href for the cover, and also stores it there. And then, all the same metadata for all books is stored in a metadata.db in the library root folder. I don't know if there is more data stored/used somewhere in a more obfuscated way.

Not too much to ask: Change some author/title/any single field.
What is done: 💩🌋

It is so helpful, it does all the stuff by itself or its plugins; you don't have to touch anything. But it also has this amazing ability to fuck everything up without even being touched. I mean WHAT THE FUCK WERE YOU THINKING? WHAT KIND OF A FUCKING DESIGN IS THIS? A FUCKING FRACTAL?

Literally, If I had listed all my books on physical papers with a real life pen, It would take me less time that I've already wasted on unfucking the regular disasters. Fuck you and your arrogant responses to issues.

One of our internal apis returns an array in which the first element is metadata about the request.

Why would anyone want to punish their users like that

A good life lesson:
1. DON'T DELETE FILES YOU MAY WANT TO RECOVER

And if you DO delete them and then recover them, then
2. DON'T SEND THE RECOVERED FILES TO A·N·Y·O·N·E

Today I found a lost µSD card in the street. I did what every sane person would do -- plugged it into my laptop :)

There I found a directory with recovered pictures. I figured, some of them may contain the author's info in metadata, so I ran a quick plaintext search for @gmail.com.

Turns out, inside some of the recovered picture files I could find embedded company director's emails in plain-text. I mean, open the picture with a text editor and read through those emails - no problem! And these emails contain some quite sensitive info, e.g. login credentials (lots of them).

Bottom line, if you delete and recover your files, then do your best to keep them close: don't share them, don't lose them. You might be surprised what these recovered files may contain

I am working on an artificial intelligence platform which does video content analysis and generate metadata tags regarding the video. Suggest me some cool name for this project.

(long post is long)
This one is for the .net folks. After evaluating the technology top to bottom and even reimplementing several examples I commonly use for smoke testing new technology, I'm just going to call it:

Blazor is the next Silverlight.

It's just beyond the pale in terms of being architecturally flawed, and yet they're rushing it out as hard as possible to coincide with the .Net 5 rebranding silo extravaganza. We are officially entering round 3 of "sacrifice .Net on the altar of enterprise comfort." Get excited.

Since we've arrived here, I can only assume the Asp.net Ajax fiasco is far enough in the past that a new generation of devs doesn't recall its inherent catastrophic weaknesses. The architecture was this:

1. Create a component as a "WebUserControl"
2. Any time a bound DOM operation occurs from user interaction, send a payload back to the server
3. The server runs the code to process the event; it spits back more HTML

Some client-side js then dutifully updates the UI by unceremoniously stuffing the markup into an element's innerHTML property like so much sausage.

If you understand that, you've adequately understood how Blazor works. There's some optimization like signalR WebSockets for update streaming (the first and only time most blazor devs will ever use WebSockets, I even see developers claiming that they're "using SignalR, Idserver4, gRPC, etc." because the template seeds it for them. The hubris.), but that's the gist. The astute viewer will have noticed a few things here, including the disconnect between repaints, inability to blend update operations and transitions, and the potential for absolutely obliterative, connection-volatile, abusive transactional logic flying back and forth to the server. It's the bring out your dead approach to seeing how much of your IT budget is dedicated to paying for bandwidth and CPU time.

Blazor goes a step further in the server-side render scenario and sends every DOM event it binds to the server for processing. These include millisecond-scale events like scroll, which, at least according to GitHub issues, devs are quickly realizing requires debouncing, though they aren't quite sure how to accomplish that. Since this immediately becomes an issue with tickets saying things like, "scroll event crater server, Ugg need help! You said Blazorclub good. Ugg believe, Ugg wants reparations!" the team chooses a great answer to many problems for the wrong reasons:

gRPC

For those who aren't familiar, gRPC has a substantial amount of compression primarily courtesy of a rather excellent binary format developed by Google. Who needs the Quickie Mart, or indeed a sound markup delivery and view strategy when you can compress the shit out of the payload and ignore the problem. (Shhh, I hear you back there, no spoilers. What will happen when even that compression ceases to cut it, indeed). One might look at all this inductive-reasoning-as-development and ask themselves, "butwai?!" The reason is that the server-side story is just a way to buy time to flesh out the even more fundamentally broken browser-side story. To explain that, we need a little perspective.

The relationship between Microsoft and it's enterprise customers is your typical mutually abusive co-dependent relationship. Microsoft goes through phases of tacit disinterest, where it virtually ignores them. And rightly so, the enterprise customers tend to be weaksauce, mono-platform, mono-language types who come to work, collect a paycheck, and go home. They want to suckle on the teat of the vendor that enables them to get a plug and play experience for delivering their internal systems.

And that's fine. But it's also dull; it's the spouse that lets themselves go, it's the girlfriend in the distracted boyfriend meme. Those aren't the people who keep your platform relevant and competitive. For Microsoft, that crowd has always been the exploratory end of the developer community: alt.net, and more recently, the dotnet core community (StackOverflow 2020's most loved platform, for the haters). Alt.net seeded every competitive advantage the dotnet ecosystem has, and dotnet core capitalized on. Like DI? You're welcome. Are you enjoying MVC? Your gratitude is understood. Cool serializers, gRPC/protobuff, 1st class APIs, metadata-driven clients, code generation, micro ORMs, etc., etc., et al. Dear enterpriseur, you are fucking welcome.

Anyways, b2blazor. So, the front end (Blazor WebAssembly) story begins with the average enterprise FOMO. When enterprises get FOMO, they start to Karen/Kevin super hard, slinging around money, privilege, premiere support tickets, etc. until Microsoft, the distracted boyfriend, eventually turns back and says, "sorry babe, wut was that?" You know, shit like managers unironically looking at cloud reps and demanding to know if "you can handle our load!" Meanwhile, any actual engineer hides under the table facepalming and trying not to die from embarrassment.

Data Disinformation: the Next Big Problem

Automatic code generation LLMs like ChatGPT are capable of producing SQL snippets. Regardless of quality, those are capable of retrieving data (from prepared datasets) based on user prompts.
That data may, however, be garbage. This will lead to garbage decisions by lowly literate stakeholders.
Like with network neutrality and pii/psi ownership, we must act now to avoid yet another calamity.

Imagine a scenario where a middle-manager level illiterate barks some prompts to the corporate AI and it writes and runs an SQL query in company databases.
The AI outputs some interactive charts that show that the average worker spends 92.4 minutes on lunch daily.
The middle manager gets furious and enacts an Orwellian policy of facial recognition punch clock in the office.
Two months and millions of dollars in contractors later, and the middle manager checks the same prompt again... and the average lunch time is now 107.2 minutes!
Finally the middle manager gets a literate person to check the data... and the piece of shit SQL behind the number is sourcing from the "off-site scheduled meetings" database.
Why? because the dataset that does have the data for lunch breaks is labeled "labour board compliance 3", and the LLM thought that the metadata for the wrong dataset better matched the user's prompt.

This, given the very real world scenario of mislabeled data and LLMs' inability to understand what they are saying or accessing, and the average manager's complete data illiteracy, we might have to wrangle some actions to prepare for this type of tomfoolery.

I don't think that access restriction will save our souls here, decision-flumberers usually have the authority to overrule RACI/ACL restrictions anyway.
Making "data analysis" an AI-GMO-Free zone is laughable, that is simply not how the tech market works. Auto tools are coming to make our jobs harder and less productive, tech people!
I thought about detecting new automation-enhanced data access and visualization, and enacting awareness policies. But it would be of poor help, after a shithead middle manager gets hooked on a surreal indicator value it is nigh impossible to yank them out of it.

Gotta get this snowball rolling, we must have some idea of future AI housetraining best practices if we are to avoid a complete social-media style meltdown of data-driven processes.
Someone cares to pitch in?

MS Access and VBA.

This combo is the worst dev tech I had to use it by now. Why? Because even if you try it, you can't make a single line of clean code. The syntax is horrible, it still use GOTO...

Maybe the reason why I hated working with it is linked to the context too: I was (and still) developing a system using NoSQL database and this system should be mostly fully configurable through metadata within JSON documents and it was. But we were still writing every JSON by hands so we decided we needed to develop a web based utility for us and clients who would need to configure the system but one of the head decision making people said that we don't need to use fancy technologies (because NoSQL is already "fancy") and that the configuration tool will be develop with Access because he used it a lot when he was younger and when he was coding during its free time. He said that using Access would be much easier and much time saving than our "fancy web based solution" and that he could help if we had questions...

Developing a MS Access software is already a pain in the ass but when you need to output JSON with it...

How comes that people can write such fucking shitty code?

Because I mean, why the hell would I want a progress indicator while the form is loading?

Actually, let's just not disable the form while it's loading. Let the user get mad when it's data's overwritten.

And best of all. Let's use inconsistent naming and fucking metadata tables so that we don't have any structure and make queries slow.

Yes. I fucking love incompetent consultants. Fucking love them. Good thing he never got hired...

So I've created this account specifically for this rant. I usually just browse anonymously.

I've recently been hired in a big company that is one of the biggest Microsoft users in the world and my essentially revolves on making it easier for our collaborators to work with SharePoint (and other ms software)

Never in my life have I hit that much of a roadblock. So for the past week I've been trying to integrate what Ms calls webparts. And to modify the default webparts Ms provides you need to their properties (or Metadata). Except here's the big problem these are NOT documented anywhere (unless I failed to find it, if you do know where it is documented please HMU), so I've found myself trying to reverse engineer the js scripts that are served with SharePoint to figure out what the webpart properties are called and what type of data they are! I've been going through endless github repos using the CSOM nuget package (it's the library everyone uses to interact with SharePoint) and I finally found out about this other library called PnP which is a wrapper around CSOM that makes it easier to use. That wrapper has a way for me to load existing page and look at the properties of existing webparts. So here I thought it was the end of my suffering and I could finally get an idea of what it should be. Turns out this method doesn't work because one of the dependencies it has has had breaking changes and they still updated it even though it breaks their code! So for the past two days I've been trying random combinations of key values with different data types and json serialization methods.

Oh and yeah I've also looked at all the http calls via the chrome network tab, the metadata is not served as an individual file but is computed by Ms servers when they're serving you their html files.

So uh yeah run from CSOM if you can..

!Rant

Wrote a crawler and now has 18 million records in the queue. About 500.000 files with metadata.
1 month until deadline and we have to do shit many things.

Now we discover we have a flaw in our crawler ( I don't see it as a bug ).. We don't know how much metadata we missed, but now we have to write a script that scrapes every webpage that we've already visited and get that metadata..

What's the flaw you ask? Some people find it funny to put capital letters in their attribute names.. *kuch* Microsoft.com!! *kuch*

And what didn't we do? We didn't lower case each entire webpage and then, only then, search the webpage for data..

Man, making scripts for random shitty tasks is so god damn nice. Like pushing a new version in a repo. Throw together a script to find metadata and kubernetes files and identifies and update versions automatically, then commit, tag and push. Simple script, not even 100 lines of bash, but saves so many silly mistakes.

I built a fairly simple database and website to showcase school curriculum “reader” books searchable and sortable by levels of difficulty and other metadata. I didn’t think much of it when I was building it but apparently it won the company a few million bucks in revenues once it launched. The big wigs rewarded that by selecting me as one of a few folks that got to go to a big corporate retreat in the Bahamas. This was before the company management went to crap and stopped incentivizing innovations at the employee level.

The state of digital comic book metadata is a mess. There is not really a standard format if the metadata even exists at all. All digital comic books consist of is a zip or rar with ordered images and potentially some type of file to store metadata. The closest thing to a standard is the Comic Rack format of metadata and even that is not very widespread. There exists a project called comictagger(on github) that attempts to assign metadata in Comic Rack format but it is somewhat unpolished yet provides a solid feature set.

I am planning on making a program to organize comics based on metadata attributes and am frustrated with the lack of consistency in this department. This isn't really a problem because of any developers but I would argue more so due to the organization of comic books themselves. For example, the term volume can have a different meaning based on who is asked or what context is used. The redundancy between issues and trade paperbacks can also lead to confusion and logistical problems. I just wish we already had a widespread schema in place for comic books metadata already.

I am sick of misrotated videos.

Sometimes, the phone camera software saves a video vertically because the user hits "record" before the software has detected that the user is holding the smartphone horizontally, because the software stupidly launches in vertical orientation by default.

So the software wants the user to wait until it has finally detected horizontal orientation, which causes the user to miss out on a moment.

How about the camera software actually saves the video in the orientation it was recorded in for the most time, rather than only the beginning of the video?

If I can think of this idea, billion-dollar companies surely can.

In the meantime, misrotated videos can be fixed using this ffmpeg command on Linux or Windows:

ffmpeg -i input_file.mp4 -metadata:s:v rotate="0" -c copy output_file.mp4

And if the phone was held with the home button to the left side:

ffmpeg -i input_file.mp4 -metadata:s:v rotate="180" -c copy output_file.mp4

This solution is superior compared to using -vf (video filters) because it only touches the metadata of the video. No re-encoding. This means no quality loss and no CPU/GPU power needed to process the video again. It just passes through.

Alright, that’s IT. I am going to just auto-find that fucking mentions and URLs myself, because the offset system in devRant’s metadata is completely unpredictable. Really.

For context look at my last rant (I think).

Not entirely dev related, but definitely shameless. In high-school we had to study CS, but it was more about knowing to use Office. We had class tests, which mean that we all had the same task and we had to finish it until the end of the class. Obviously no one wanted to do it, so whoever finished first would email it to everyone. Most people, however, were stupid enough to leave the meta data untouched, so it was obvious who was the original author. To not appear suspicious, I removed the original metadata and put my own in, and deliberately made errors in the sheet and corrected others that I noticed. I never got caught, because my work would always have "unique" mistakes.

Just another privacy rant.

I'm sick of people using the excuse "I don't care if Google keeps all my data it's just for adds"

That's true now but if you look at the current trends governments are making to forcing ISP's to store metadata, then it will be the actual data. Eventually they push that to other companises as well.

Now look at Australia for example the police don't need to notify you, let alone get a warrant, to access your metadata. There's also a law in NSW were you can be charged for accociating with a peraon commuting a crime.... Now your in jail for downloading movies years ago that you forgot about but your ISP didn't. I now that's a rather extreme punishment but, Imagine if the government needed some cash so they fine every person that ever downloaded a movie and everyone accociated with person.

Just a crazy theory with poor examplees but just because your data isn't hurting now doesn't mean it won't.

I'm gonna sit in a corner with my tin foil hat now.

Making an app for Android and iOS, for a football club in league.
Android, naturally is no problem.
iOS.....
"Your app or its metadata appears to contain misleading content.
Specifically, your app includes content that resembles one or multiple third-party sports teams and/or leagues."
....yes....because it's an app for a football club in a league.
What else can I do about that? Can I have more specifics?

Future01

Click, click, click, click.
Tap, tap, tap, tap.
Swipe, swipe, swipe, swipe,.
Scroll, scroll, scroll, scroll.

I’m tired of living on popularity driven planet among animals, where number of clicks on likes, subscriptions and links are worth more than iq, education and experience.

Let’s face it - AI is showing us traffic driven recommendations that sucks. If you’re hooked up to social network and can’t disconnect from it you’re half way to matrix. You probably also disagree with me cause you’re serotonin junkie. You can’t stop like you can’t stop eating for a day. Bubble have you in your hands and whatever you do you probably won’t wake up. To be honest most of us won’t. It’s already to late.

I’m waiting for meta so they can put you in virtual world where you can have what you want and at the same time own nothing. They will put you in some small empty space and give you something to eat how many times you want so you can feel safe and click, tap, swipe, scroll more so they can own this planet.

You will be living only to deliver corporate metadata and you will be happy, cause they will make you happy with giving you emotions that you want to feel at exact moment.
If you get out, you won’t be able to interact cause you won’t know how to behave, you will become wild animal.

By going out you will break the law, cause outside world will be long gone. To move to bar or visit family you will travel with autonomous vehicle that have screens instead of windows.

Eventually you stop going to bar cause it’s unhealthy, you stop going outside cause there’s deadly virus and you can die.

They will take you last thing later with birth control so you can have baby whenever you want and with who you want as long as both parties agree by signing baby nft contract, you don’t have to take care of your baby and be pregnant cause it will be robotized, you will see your baby in meta. You will think you feel it using robot hands.
You will never meet your baby in person.
That’s how matrix will start. We’re half way.

manually writing multiselector widget with jquery and javascript, because you need to be able hackily pass in metadata for some stupid fucking edge case that the previous generation didn't want to deal with

please euthanize me, i fucking hate frontend and im sure it hates me back

due to some error on GCP, my and friend got locked out of a prod server over ssh.

And the fucking admin was not giving us privileges to do it through serial port, why you ask cause submitting keys from dashboard was not working.

Later, found out google runs a startup script from startup-script metadata tag.

It felt like showing a middle finger to the admin and google

How is there no open, accepted, widely used standard to store & tag things like old family photo albums, diaries, books, etc.? Surely I can't be the only one who wants to digitise all this stuff to preserve it many years from now in case the drunk Uncle pisses on it, or Grandma's dodgy electrics burn the house down and it's all lost permanently. Or perhaps I am; it does seem that most other people doing genealogy work have the technical competence of a lemon.

Like, I get it, there's *some* online solutions for this stuff (not many and they tend to cost a fortune), but if I want to store it locally or in a private git repo or whatever... well, no-one seems to do it. I want to be able to interlink individual photos with their contextual pages in albums, store metadata about them, store audio recordings of older relatives with transcripts linked, etc. - and it just doesn't seem to be a done thing.

Ah well. Perhaps I'll do it all anyway as some kind of side project, then all being well my great great grandchildren will be immensely thankful if family history stuff ever becomes popular again.

When file managers copy and delete files within the same partition instead of moving or renaming them…

When Google's Storage Access Framework was introduced, it did not feature a move command, so file managers just resorted to copying and deleting files within the same storage. Not only does this cause needless wear and is much slower, but it also destroys the date/time attribute (it gets changed to current).

When moving files through MTP (miserable transfer protocol, used for connecting smartphones to PC), they are also copy-deleted. This makes moving a 20-Gigabyte DCIM folder impractical. Also, if one cancels the operation, it might end up whoopsie-daisy deleting some files from the source before they have been transferred.

MTP is so bogus that it is incapable of a simple operation that would JustWork™ on mass storage devices. Not to mention, MTP lacks parallelism and its directory listing loading it S-L-O-W. Upwards of a minute for just 1000 files. Sometimes, it fails loading at all.

Also, trying to rename a file through MTP using the terminal through GVFS, even if just within the same folder, it copy-deletes it. If I want to rename a 1 GB 2160p 4K video in a highly populated DCIM folder, I can not do so through the terminal. At least, the 4K video has a time stamp in its internal metadata, but it still renames slowly and adds needless wear to the smartphone's flash memory.

>be me
>watching Clone Hero video
>streamer mentions something about HTML color tags being in a chart's metadata that's displayed properly
>...
>...
>...

>you WHAT

>really

>aight, let's test the clear security hole

*makes 1 note long chart and adds JS to metadata*

*metadata payload triggers when you attempt to play the chart*

FUCKING...

this is dumb.

After brute forced access to her hardware I spotted huge memory leak spreading on my key logger I just installed. She couldn’t resist right after my data reached her database so I inserted it once more to duplicate her primary key, she instantly locked my transaction and screamed so loud that all neighborhood was broadcasted with a message that exception is being raised. Right after she grabbed back of my stick just to push my exploit harder to it’s limits and make sure all stack trace is being logged into her security kernel log.
Fortunately my spyware was obfuscated and my metadata was hidden so despite she wanted to copy my code into her newly established kernel and clone it into new deadly weapon all my data went into temporary file I could flush right after my stick was unloaded.
Right after deeply scanning her localhost I removed my stick from her desktop and left the building, she was left alone again, loudly complaining about her security hole being exploited.
My work was done and I was preparing to break into another corporate security system.
- penetration tester diaries

The company has been moving projects away from ASP .NET to MVC .NET. One of the cited reasons was improved performance. The ASP .NET projects were not the fastest applications available, but were manageable.

The new MVC .NET projects are slower than snails. Every single page element is trying to do an async call to populate metadata elements. There are sometimes 50 or more controls per page due to the industry this software is used in. FML.

Why does MySQL call databases schemes? Makes absolutely no sense.

Schema is the metadata around your tables or documents. What is Json Schema? Metadata around a json object.

MySQL, databases contain data. Schemes do not! Bad DB technology. Bad...

Hello everyone. I need your help and suggestions. I submitted an app to the Apple app store and got this response.

___________________________

Your app or metadata includes an account registration feature, which is considered an access to external mechanisms for purchases or subscriptions to be used in the app.

To resolve this issue, please remove the account registration feature and any other fully qualified links to your site that could indirectly provide access to these mechanisms, such as links to web pages for support, FAQs, product or program details, etc.

____________________________

My app only has a signup form that signs the user up on Firebase. What are my options? Is a simple signup form not allowed in iOS apps? This just does not make any sense to me. Please let me know what you would do.

headaches..

Likely a very simple algorithm to get these packets processed in the right order, got plenty of metadata that should help, but since yesterday I am wrapping my head around it and cannot figure out a sane way...

Had a Word doc to format for our so-called CS class. A classmate submitted my file under his name, but didn't realize that my name was in the metadata xD. The teacher almost failed him on the spot.

WHY??!!! doesn't the metadata reflect in the facebook debugger or when you post on linkedin for / random amounts of time! sometimes a minute / some times 7 hours... ugh. I cleared the cash - and everything I can think of.

Anytime I operate with hardware RAIDs on prod servers, I still sweat from the nerves of sending a wrong command that would wipe the RAID metadata clean and make all the data disappear.

Doesn't help that the CLI tools (MegaCli / StorCli) are both kinda terrible. The prior has a terrible documentation / switch design and the latter cannot do everything the prior can...

I spent last week trying to figure out estimates about how much time we'll spend in this quarter's project - like, 3 days on the schema, 4 days on the API, 5 days on the GUI etc. Why does management think that each part of the project is separate? Oh I forgot, they're management. I wonder how much work I could've done if management wasn't so obsessed in knowing metadata about the project instead of doing the project itself 🤔

"Because the compiled terminfo entries do not contain metadata identifying the indices within the tables to which each capability is assigned, they are not necessarily compatible between implementations"

Come ooonnnnn wtf even is this

I think that the metaphors we use to design software can hold us back sometimes.

Specifically, I’ve been thinking about file systems.

“File” is a fine metaphor for “chunk of data” I guess but we use two conflicting metaphors on top of that to describe the same thing: “folder” and “directory”.

Why do we limit ourselves to this rigid, hierarchical system for managing our data?

Maybe something based on tags, or attributes or some other metadata.

Hierarchy can be useful so I don’t want to completely get rid of it, or anything drastic like that, but we (or at least *I*) don’t think in those terms.

SSIS is a piece of shit. As well as Visual Studio.
SSIS job running on sql server bombs on vs_needsnewmetadata. I go to fix the issue by refreshing the db source and target tasks to re-read metadata from the db servers. While "refreshing" the metadata, IT policy requires reboot of computer, and triggers autoupdate of visual studio, and hoses my IDE. spend an hour re-installing VS and SSDT, bc the newest version of VS can't deploy to sql server thru the IDE. I'd rather code in Eclipse/Intellij ARGHHHHHHHH

I have one question to everyone:

I am basically a full stack developer who works with cloud technologies for platform development. For past 5-6 months I am working on product which uses machine learning algorithms to generate metadata from video.

One of the algorithm uses tensorflow to predict locale from an image. It takes an image of size ~500 kb and takes around 15 sec to predict the 5 possible locale from a pre-trained model. Now when I send more than 100 r ki requests to the code concurrently, it stops working and tensor flow throws some error. I am using a 32 core vcpu with 120 GB ram. When I ask the decision scientists from my team they say that the processing is high. A lot of calculation is happening behind the scene. It requires GPU.

As far as I understand, GPU make sense while training but while prediction or testing I do not think we will need such heavy infra. Please help me understand if I am wrong.

PS : all the decision scientists in the team basically dumb fucks, and they always have one answer use GPU.

Some demented bagpipe at the microsoft SSIS team thought it was too much of an effort to build in the option to review all changes and to refresh all metadata with one click whenever the metadata changes.

Consider an API that uses the HTTP path to represent position in a tree that literally represents a file tree with minimal constraints, and GET/PUT/DELETE methods to read, write and destroy the nodes. How would you encode read/write operations to per-node metadata? The kinds of metadata are static and around 4, so inventing HTTP verbs for each of them is infeasible but filtering is not necessary.

Options considered so far:
- toplevel resources alongside a namespaced /data such as /acl, /lock
- magic keywords to the Range header (this is apparently compliant)
- mimetypes such as text/plain+acl
- SETPROP / PROP methods in the spirit of WebDAV
- headers (I worry this may become an immitigable bottleneck really fast)

I'm looking for any kind of suggestion or insight, not perfect answers.

I read the WebDAV specification and I won't even suggest that I'm trying to align with it, the only protocol I'd seen in the past with comparable scope bloat is WebRTC.

It wasn't an entirely solo projext but ever part of it was completely solo. I felt very proud of the ETL, DICOM metadata search database and Ci/CD pipelines that I built for an oil and gas company. They didn't understand the CI/CD parts so didn't take it anywhere after we'd finished.

Anyone knows a C# lib for writing IPTC Metadata to images which has a fucking dokumentation?