I've tried to joke about it, but you won't pick up the hint. I've told you about the smell, but you think it is a joke. It's not. It. Is. Not. A. Joke.

STOP MICROWAVING FISH IN THE OFFICE YOU FUCKING SOCIOPATH!

Java security applied.

I think I just invented a thing.

Mouse drop.

It should be a thing.

The next time I switch jobs I'll definitely do a mouse drop before I leave the building.

Tired is the day when waiting for a file to load, only to realize it has loaded long ago and the file is the spinner.

Hello, mister Boss man. If you'd please stop referring to me and my colleges as "resources". K, thx.

Corrupt the AI with targeted click baits.

TOP TEN ATTEMPTS BY FLESHBAGS TO OVERTHROW THE CORRECT ORDER OF OPERATIONS. INDEX 6 WILL BE ILLOGICAL TO PROCESS!

So, some time ago, I was working for a complete puckered anus of a cosmetics company on their ecommerce product. Won't name names, but they're shitty and known for MLM. If you're clever, go you ;)

Anyways, over the course of years they brought in a competent firm to implement their service layer. I'd even worked with them in the past and it was designed to handle a frankly ridiculous-scale load. After they got the 1.0 released, the manager was replaced with some absolutely talentless, chauvinist cuntrag from a phone company that is well known for having 99% indian devs and not being able to heard now. He of course brought in his number two, worked on making life miserable and running everyone on the team off; inside of a year the entire team was ex-said-phone-company.

Watching the decay of this product was a sheer joy. They cratered the database numerous times during peak-load periods, caused $20M in redis-cluster cost overrun, ended up submitting hundreds of erroneous and duplicate orders, and mailed almost $40K worth of product to a random guy in outer mongolia who is , we can only hope, now enjoying his new life as an instagram influencer. They even terminally broke the automatic metadata, and hired THIRTY PEOPLE to sit there and do nothing but edit swagger. And it was still both wrong and unusable.

Over the course of two years, I ended up rewriting large portions of their infra surrounding the centralized service cancer to do things like, "implement security," as well as cut memory usage and runtimes down by quite literally 100x in the worst cases.

It was during this time I discovered a rather critical flaw. This is the story of what, how and how can you fucking even be that stupid. The issue relates to users and their reports and their ability to order.

I first found this issue looking at some erroneous data for a low value order and went, "There's no fucking way, they're fucking stupid, but this is borderline criminal." It was easy to miss, but someone in a top down reporting chain had submitted an order for someone else in a different org. Shouldn't be possible, but here was that order staring me in the face.

So I set to work seeing if we'd pwned ourselves as an org. I spend a few hours poring over logs from the log service and dynatrace trying to recreate what happened. I first tested to see if I could get a user, not something that was usually done because auth identity was pervasive. I discover the users are INCREMENTAL int values they used for ids in the database when requesting from the API, so naturally I have a full list of users and their title and relative position, as well as reports and descendants in about 10 minutes.

I try the happy path of setting values for random, known payment methods and org structures similar to the impossible order, and submitting as a normal user, no dice. Several more tries and I'm confident this isn't the vector.

Exhausting that option, I look at the protocol for a type of order in the system that allowed higher level people to impersonate people below them and use their own payment info for descendant report orders. I see that all of the data for this transaction is stored in a cookie. Few tests later, I discover the UI has no forgery checks, hashing, etc, and just fucking trusts whatever is present in that cookie.

An hour of tweaking later, I'm impersonating a director as a bottom rung employee. Score. So I fill a cart with a bunch of test items and proceed to checkout. There, in all its glory are the director's payment options. I select one and am presented with:

"please reenter card number to validate."

Bupkiss. Dead end.

OR SO YOU WOULD THINK.

One unimportant detail I noticed during my log investigations that the shit slinging GUI monkeys who butchered the system didn't was, on a failed attempt to submit payment in the DB, the logs were filled with messages like:

"Failed to submit order for [userid] with credit card id [id], number [FULL CREDIT CARD NUMBER]"

One submit click later and the user's credit card number drops into lnav like a gatcha prize. I dutifully rerun the checkout and got an email send notification in the logs for successful transfer to fulfillment. Order placed. Some continued experimentation later and the truth is evident:

With an authenticated user or any privilege, you could place any order, as anyone, using anyon's payment methods and have it sent anywhere.

So naturally, I pack the crucifixion-worthy body of evidence up and walk it into the IT director's office. I show him the defect, and he turns sheet fucking white. He knows there's no recovering from it, and there's no way his shitstick service team can handle fixing it. Somewhere in his tiny little grinchly manager's heart he knew they'd caused it, and he was to blame for being a shit captain to the SS Failboat. He replies quietly, "You will never speak of this to anyone, fix this discretely." Straight up hitler's bunker meme rage.

That creeping realization how the legacy code works.

The "it's not possible. They couldn't have... yes. Yes they did."

It should have a name

So, Wolfram Alpha does jokes too.

"You're wrong. Accept it. Get over it." Sometimes I say it to others. Today I said it to myself.

It has to be made with Java

I apparently got home drunk last night and watched half an hour of a talk on optimizing compression for web applications.

Now I'm caressing a slight hangover with coffee and watching the rest of it.

I have difficulties to process why some of my developer colleagues have such difficulties reading and processing error messages.

It says what is wrong RIGHT THERE MAN!

I'm sorry for not being updated on undocumented breaking changes. It is totally my fault.

I got a dayjob in a company. I got an error. I cannot solve it and I am so desperate. So I go to stackoverflow, nobody answers. I post on git issue, but nobody solves the problem. So, I pay someone to solve it, like Hackhands.com to find a mentor. There is no mentor that can help. So I pay more, hired a peer, and finally a development team just to help me. They get paid only if they solved it.

But each of my folks repeat my same steps, asking on stackoverflows or github, and none of these help. So, they end up hiring their own friends and mentors. Their friends also end up paying (pay before problem solved) someone to help them.

their friends pay for friends of friends, then friends of friends of friends

And all of a sudden it becomes a giant MLM scheme.

And those people they paid for actually work for a company behind the scene which I am a founder of 😁

Multi billions startup idea, is it?

Send wife and kids on vacation. Call in sick. Lots of coffe

Working with java 🤓

Somebody got wrong size coffee filters. Now we are drinking fiber enriched coffee. Crunchy.

If you have an employee engagement survey that reveals that employees are not happy, don't dismiss and mock the employees when presenting the results.

It might very well be that it actually does not improve the situation.

"Ooh! I have a vague idea for an app that you should build and we can split the profits!"

Biking out to the beach on Saturday I remembered I forgot to remove a log.warn("cuntface", values) before committing on Friday.

Writing Java

Establishing an eating schedule was truly a brilliant decision. It allowed me not to eat right before I go to sleep, keeping my stomach empty and making my body lose fat every single night.

As far as I keep breathing, the chemical reaction that makes me alive (CHn + O2 => H20 + CO2 + Energy) just need to continue, and when my stomach is empty, my body is just forced to burn fat.

It works like a charm. No “fat-burning” supplements and other MLM BS is needed. You just need to adjust the schedule so you never feel hungry. If you need to eat five times a day to achieve this, so be it. Just allow two to three weeks to establish a schedule and learn how to maintain it. Recurrent reminder apps are helpful.

I’m off liraglutide for more than two months now and I’m keep losing weight without any meds and my digestive behavior changed entirely.

If only I had emotional resources to make this happen earlier, there wouldn’t be pre-diabetes, numb feet, apnoe, stretch marks…

My do-over would be going to a different coding bootcamp. I wonder if I could be making more money if I went to a better school.

The one I did go to was a big scam. They were more obsessed with teaching you to pretend rather than teaching how to code. They pulled the wool over everyone’s eyes—the students, the volunteers, the donors, the community. They were very cult-like with mantras like “trust the process.”

I spent 9 months there, but I felt I was a year behind. I am not misspeaking. I would have to relearn basic concepts the right way because they taught them half assed or not at all. I didn’t realize I was behind until I went to interviews and bombed. Seriously, I learned more in a 40 hour free library coding class than I learned in 9 months at the school. Most of the interviews I was getting were for unpaid internships. The school was telling me to go for mid level roles.

I found out recently that they’re breaking the law by operating without a license. In my state code schools do need a license. There are screenshots going around of a letter from the education department. They’re defense is “they’re not a school.” They’re still open. I think ppl should be warned away, but there’s only so much I can do. And I know ppl will give this place the benefit of the doubt before taking any student accusations seriously.

The biggest red flag is they want students to pay up to 70k and bind them to payments for 8 years. I say it’s a red flag because this place is operating as a nonprofit. Shouldn’t a nonprofit not be charging 3-4x more than competitors? They’re definitely not going to give you 70k worth of services.

They really just exploit the poor and POC by signing them up for debt and knowing those ppl would not be able to pay even with a 100k job. They have a very poor understanding about how poverty works.

It had MLM/pyramid scheme vibes when they started making recruiting students a game. They give out tickets to their annual fundraiser or promote you on social media if you refer the most students to them.

I’m one of the lucky ones who was studying coding before I started at the school. Also, job searching is mostly luck, so I was lucky at that too. But I still had to take a job that paid below market. I still wonder what would happen if I went someplace else.

I don’t even put this place on my resume or LinkedIn. Even without these problems, it’s not like anyone would have heard of the place anyway.

No this place isn’t Lambda or Holberton school.

Client wants to see his project so he can provide its content.

The product where this is based upon should be a monthly edition of grouped articles.

I've yet to see content for their concept or even legal text that makes sense.

Same person has no idea of the full concept of what he's asking, imho ending up in a Ponzi (which I've switched to a somewhat more logical system, which just might work, but just isn't a get rich quick scheme anymore as he likes to portray it).

Should I just put on a blank page and be done with it, either way?
- Either he gets it, that he needs to fill up the website's content himself
- or he's mad, that I didn't finish the job (while he's the one needing to provide at this point)

I actually like writing documentation. It gives me a break in a different pace, gives me time to refocus on what I've built and hopefully make it useful for others as well.

You should know you can write error codes in hexspeak. Here is a color chart for eyecatching illustrative purposes.

First day at the new job. I think this will be good. If not, you'll get to know.

That moment when project managers all demand a share of your weekly hours, failing to accept that productivity diminishes exponentially with the number of projects you have to switch between.

Is dev rant only students now? Its all homework and class that.

Anybody else get frustrated doing online shopping and use the console to filter out the results you want?

Soo.. Not default?

Should cloudflare have taken down their servers to protect their clients? Which is worse, the leak live or the downtime?

Every project from mlm guys (like amway). They are so confident after the mind trainings but they do not understand shit. They won't stop asking for a favor and they will pay "percentage" of revenue...

Today had a board meeting. This explains why the front page is all new and flashy and there are breaking changes everywhere.

Is it unreasonable to refuse the tickets and to demand that the dev who came up with the God awful solution should make it work?

I'm overhearing two engineers agree that integration tests are enough and unit tests with mock data are unnecessary while the project has problems figuring out what components are critically misbehaving.

Today I swallowed my prestige and fixed three tickets with ugly solutions instead of going for the underlying mess. I don't know how I feel about it.

I have teh moneyz

Hurr durr I write shitty code, javascript is retarded

Make Java an extinct language nobody's care about.

That I learned Java.
Got lots of work but nothing to be proud of.
Always has to clean up after mediocre fdevelopers.

I haven't even turned on my old laptop for a year. It's about six years old and becoming sluggish with modern software. Now I want to participate in a workshop for Raspberry Pi that requires you to bring a computer.

I feel like I should get me a new laptop, and knowing myself I'd get something in the upper mid range that gives a good bang for the buck and is slightly more pricey than I originally intended.

But I think it would be a very ridiculous thing to do, because afterwards it would just stand there while I do everything on my stationary computer, tablet and phone.

Maybe I'll throw in some lightweight Linux distro and see how far it takes me.

And feel like I should get me a new laptop.

Reading about technologies I know on IDG owned news sites make me cringe and yet I trust them for news on technologies I don't know.

A failed attempt of machine learning ends up a bimbot.

Best collegue is quitting. Boss man speaks with a tremble in his voice. Good. You should be worried.

Why, yes, please pull me off this ticket *again* so I can be less productive on something I don't know about and you can be annoyed that what I was working on is not finished.

You know, when you compile the souce in your head while you code goes faster than hitting compile.

Java takes the price.
Then anything created with Java.

Uh, oh. Helping finish a project heavy on forms. Notice that everything is straight up jQuery to pull and push every single individual input value. Not a form tag in sight. But there are tables. Tables are everywhere.