Opens a website:

ENABLE NOTIFICATIONS!
- no.

SUBSCRIBE TO OUR NEWSLETTER!
- no.

TURN OFF AD BLOCK!
- no.

WE USE COOKIES!
- ok.

PAGE 1 OF 11!
- oh ffs.

** Non Dev Rant **

I just need to rant about this because I'm furious.

Last night I had a house warming party. It was mostly, if not all, of my girlfriend's friends. I'm a cranky old developer so I don't have friends.

Everyone was nice and dressed nice and brought us gifts.. all of the gifts were pretty much specifically for my girlfriend.

So this one girl came... she's younger.. around 25. She came with no gift (I wasn't expecting gifts I just need to mention it for the plot), and was dressed in sweat pants. Alright, no problem.. I really don't care at least she's here.

So as more guests arrive I finally get a gift. Someone brought me a case of beer and a couple of yummy cookies. I had to put it down on the kitchen counter for a bit because I needed to grab more chairs.

The basement door where the chairs are is 10 feet away from where I left my present..

I come back from upstairs.. not even 5 minutes later and I see sweat pant girl stuffing one cookie in her fucking mouth and the other in her pants...

Are you fucking kidding me!? I bought desserts and snacks and all the alcohol you can think of and you steal MY fucking present. Not just one of them... but BOTH.

She saw the other guests give me it.. say "here buddy this is for you"... followed me in the kitchen and STOLE my fucking cookies.

I was going to eat them this morning with my coffee and I realized I couldn't because this fucking ass hole took my fucking cookies!!!!

I hosted this party for my girlfriend's SJW ass hole fucked up friends... put a smile on my face... pretended to like people... and for once didn't yell at someone... and the fucking thanks I get is 2 stolen fucking cookies.

Fuck her.

Swift, oh my god, why do you have to be like this?

I'm looking to write a simple for loop like this one in java

for(int i = 5; i > 0; i--) {
// do shit
}

Thats it, simple, go from 5 to 1 (inclusive), I saw that to iterate over a range in a for loop (increasing ordeR) I can do this

for i in 0...5 {
// do shit.
}

So I thought maybe I could do this to go in reverse (which seems logical when you think about it doesn't it?)

for i in 5..<0 {
// do shit
}

But no, this compiles FINE (THIS IS THE FUCKING KICKER IT COMPILES), alright, when you the code runs you get a fucking exception that crashes the mother fucking application, and you know what the problem is?? This dogshit, shitStain of a language doesn't like it when integer that the for loop starts with is larger than the integer that the for loop ends with MOTHERFUCKER ATLEAST TELL ME THAT AT COMPILE TIME AS A MOTHERFUCKING WARNING YOU PIECE OF SHIT!!

Alright *deep breathing*, now we can't just be stuck on this raging, we're developers need to move forward, so I google this, "Swift for loop in reverse" fair enough I get a straight forward answer that tells me to use the `stride` functionality. The relevant code for it

for i in stride(from:5 to:1 by:-1) {
// do shit
}

Wow looks fine and simple right?? (looks like god damn any other language if you ask me, no innovations here piece of shit apple!) WRONG BITCHES !!! In the latest version of Swift THE FUCKING DEVELOPERS DECIDED TO REMOVE STRIDE ALTOGETHER, WITHOUT ADDING IN A GOOD REPLACEMENT FOR THAT SHIT!

Alright NOW IM FUCKING MAD, I got rage on stackoverflow chat, a guy who's been working on ios for quite a while comes up n says and I quote
"I can sort of figure it out, but besides that, iterating in reverse is uncommon enough that it probably hasn't crossed anyone's mind."

Now hope you guys understand my frustration, and send me cookies to calm me down.

Thank you for listening to me !

Watch 3 videos about iOS/Swift on YouTube, and now I'm getting a frontpage full of recordings of app development events and iPhone reviews.

Listen to one kpop track on Spotify out of curiosity, and now the recommendation playlist is polluted with music I really don't like.

If we are going to hand our balls to AI and expect it to be a glorious fondling fest, don't cry if it suddenly realizes "nuts? aren't those supposed to be cracked?".

I mean what's fucking next? Where will this "smart" shit end up?

I accidentally click on a my little pony meme, and amazon will drone-strike me with 500 gallons of glitter? I drunkenly mumble "OK google how do kangaroos fuck" in the back of a self-driving Uber, I'm going to be dropped off in a shady alley and raped by a dozen walibis?

STOP FUCKING TRYING TO UNDERSTAND ME, INTERNET. I JUST WANT TO FUCKING USE YOU, NOT BE USED BY YOU, THIS WASN'T THE DEAL.

If you truly understood me, internet, I would probably not even give a fuck about privacy. But you are all building these profiles wrong.

You don't understand that I might be interested in juggling tricks today, tomorrow it might be all about crocheting a wool sweater for my penis, and the day after that I'm curious how many corpses it would take to fill up an olympic swimming pool.

NO I'M NOT ACTUALLY INTERESTED IN THAT QUORA, STOP SENDING ME RECOMMENDATION EMAILS ON HIDING MURDER VICTIMS, MY BOSS WILL THINK I'M WEIRD.

Yeah of course I could pulls some plugs, anonymize the shit out of my online life. I respect those who manage to just say "Fuck you Google, I'm sick of your shit, I'm going cold turkey".

But these platforms are feeding us heroin-laced candy.

All your coworkers friends and family with their oled-lit zombiefaces, staring at tiny screens, all absent-mindedly grasping your ankles whispering "aww take one more hit with us, check out this funny youtube clip, let me send it to you on whatsapp.... what you don't have whatsapp? You deleted your facebook? don't you love grandma anymore? Why do you hate your family?"

Before you know it, you watched ten episodes about cultivating cactuses, have a year subscription to brilliant, skillshare, squarespace and 3 different organic foodboxes are delivered to your door, Netflix is spamming you about a cupcake baking show, and you're thinking about same-day delivery for a baseball bat so you can just beat the crap out of every pretty glass display you see.

I want to break up with you, Internet.

I love you, but I hate you.

Since you passed 2.0, you have grown into a manipulative bitch.

I just don't know if I'm strong enough. It's all "let's just be friends" with you, but I know you'll be trying to reel me back in.

Before I know it, you're feeding me cookies once again, and I'll end up balls deep with your trackers stuck to my dick.

The company behind ads on dutch national news sites/tv stations is stopping with tracking ads.

The interesting reason behind that IMO is that they have this very simple 'banner' which asks in a very understandable way whether people want (or not) tracking shit/cookies placed/loaded on their browser.

Apparently 90% of all visitors go for the "No" option so they don't see the point in continuing to try it anymore.

Awesome!

Why you no accept cookies Chrome 😂

What the flying fuck is happening on the EU with the fucking GDPR corsairs!!

I made two - TWO - entirely static websites, hand-made, 100% cookie-free!! I didn't even need to store a goddam boolean cookie! No third-party content is EVER invoked, called or summoned! I hosted a small video to avoid Youtube! Facebook and twitter share buttons are links!! I DID ALL OF THIS ON PURPOSE AND INFORMED THE FUCKING CLIENT.

And THEN (and, of course, unsolicited), the fucking lawyers of an asshole GDPR corsair office came and scared the shit out of my clients and convinced BOTH of them to put the goddam GDPR cookie consent popup on the fucking websites!! And they took their bribe, of course...

In order to avoid billionaire fines because of the NON EXISTENT cookies of the SMALLEST, SIMPLEST, 2KB MINIFIED HTML page on the Internet.

Anybody else is suffering from this kind of behavior??

No, I don't want desktop notifications
Yes, I understand you use cookies
No, I don't want free books
We see you use AdBlock ...

[closing the tab]
And this happens every time I desperately search for smth

Worst legacy experience...

Called in by a client who had had a pen test on their website and it showed up many, many security holes. I was tasked with coming in and implementing the required fixes.

Site turned out to be Classic ASP built on an MS Access database. Due to the nature of the client, everything had to be done on their premises (kind of ironic but there you go). So I'm on-site trying to get access to code and server. My contact was *never* at her desk to approve anything. IT staff "worked" 11am to 3pm on a long day. The code itself was shite beyond belief.

The site was full of forms with no input validation, origin validation and no SQL injection checks. Sensitive data stored in plain text in cookies. Technical errors displayed on certain pages revealing site structure and even DB table names. Server configured to allow directory listing in file stores so that the public could see/access whatever they liked without any permission or authentication checks. I swear this was written by the child of some staff member. No company would have had the balls to charge for this.

Took me about 8 weeks to make and deploy the changes to client's satisfaction. Could have done it in 2 with some support from the actual people I was suppose to be helping!! But it was their money (well, my money as they were government funded!).

What kind of supercomputer you have to use to get these fucking websites to work smoothly????

I'm on a fucking gigabit connection, ryzen 7 7700x, 32GB ram, and a fucking nvme, all it takes is opening a fucking recipe site and I'm instantly transported back to the 80s. I swear if i see another 4k asset I'm gonna punch something.

WHAT THE FUCK HAPPENED TO FUNCTION OVER FORM????

Oh do you want me to disable my addblocker??? How about: you make a site that works you fuck. No i will not fucking subscribe to your brain-dead newsletter why the fuck would I???
And since when are cookies needed for a fucking plaintext site you asshat??? Tracking??? I swear if you could you would generate metadata from my clipped fingernails if it meant you could stick "Big data" next to that zip-bomb you call a website.

I WOULD like to read your article, possibly even watch a couple of ads on my sidebar for you, but noooooo you had to have the stupid fucking google vinegrette or however the fuck they are calling the fucking thing now.

The age of the web sucks the happiness out of life, and despite having all of this processing power, I am jealous of my fathers RSS feeds.

I'm sorry web people, I know it's not your fault, I know designers and management don't give a shit how long a website takes to load. I just wanted to make a fucking omelette.

here's a shoutout to 90% of websites today:

NO, I DO NOT WANT YOUR F*CKING NEWSLETTER! STOP ASKING!

NO, I DO NOT WANT YOUR F*CKING NOTIFICATION! STOP ASKING!

NO, I DO NOT WANT TO SHARE MY F*CKING LOCATION! STOP ASKING!

NO, I DO NOT WANT ANY F*CKING COOKIES! STOP ASKING!

website publishers ary whining about adblockers, but keep shoving so much shit down our throats that even a dozen browser addons can't make the web usable. the internet was such a great place once, where did we go wrong?

(rhetorical question. it's when we made access to the internet so easy, that every 100% tech-illiterate idiot could get online.)

"we use cookies to give you a better experience on our site"

A better experience? Really?

It looks like you're using more than 100 external parties for whatever fucking reason. It is nearly impossible to disallow these, except for some stuff like analytics, which I don't like since it includes mass surveillance parties like Google and Facebook, but I'd at least, to some extent, understand that better.
But, the amount of dark pattern here is staggering and this kind of 'consent' you're using wouldn't, in a million years, hold up under the GDPR.

You know what would be a better experience? No tracking and no ads.

Go fuck your better experience (would that be a better sex experience....?)

Dear fucktards with cookie notifications.

Give me a damn button of just “NO, I don’t agree”

Ain’t nobody got time to unstick 500 check boxes every single visit, surely theres no good or useful reason of some of these sites having more cookies then words on their home pages.

I've found and fixed any kind of "bad bug" I can think of over my career from allowing negative financial transfers to weird platform specific behaviour, here are a few of the more interesting ones that come to mind...

#1 - Most expensive lesson learned

Almost 10 years ago (while learning to code) I wrote a loyalty card system that ended up going national. Fast forward 2 years and by some miracle the system still worked and had services running on 500+ POS servers in large retail stores uploading thousands of transactions each second - due to this increased traffic to stay ahead of any trouble we decided to add a loadbalancer to our backend.

This was simply a matter of re-assigning the IP and would cause 10-15 minutes of downtime (for the first time ever), we made the switch and everything seemed perfect. Too perfect...

After 10 minutes every phone in the office started going beserk - calls where coming in about store servers irreparably crashing all over the country taking all the tills offline and forcing them to close doors midday. It was bad and we couldn't conceive how it could possibly be us or our software to blame.

Turns out we made the local service write any web service errors to a log file upon failure for debugging purposes before retrying - a perfectly sensible thing to do if I hadn't forgotten to check the size of or clear the log file. In about 15 minutes of downtime each stores error log proceeded to grow and consume every available byte of HD space before crashing windows.

#2 - Hardest to find

This was a true "Nessie" bug.. We had a single codebase powering a few hundred sites. Every now and then at some point the web server would spontaneously die and vommit a bunch of sql statements and sensitive data back to the user causing huge concern but I could never remotely replicate the behaviour - until 4 years later it happened to one of our support staff and I could pull out their network & session info.

Turns out years back when the server was first setup each domain was added as an individual "Site" on IIS but shared the same root directory and hence the same session path. It would have remained unnoticed if we had not grown but as our traffic increased ever so often 2 users of different sites would end up sharing a session id causing the server to promptly implode on itself.

#3 - Most elegant fix

Same bastard IIS server as #2. Codebase was the most unsecure unstable travesty I've ever worked with - sql injection vuns in EVERY URL, sql statements stored in COOKIES... this thing was irreparably fucked up but had to stay online until it could be replaced. Basically every other day it got hit by bots ended up sending bluepill spam or mining shitcoin and I would simply delete the instance and recreate it in a semi un-compromised state which was an acceptable solution for the business for uptime... until we we're DDOS'ed for 5 days straight.

My hands were tied and there was no way to mitigate it except for stopping individual sites as they came under attack and starting them after it subsided... (for some reason they seemed to be targeting by domain instead of ip). After 3 days of doing this manually I was given the go ahead to use any resources necessary to make it stop and especially since it was IIS6 I had no fucking clue where to start.

So I stuck to what I knew and deployed a $5 vm running an Nginx reverse proxy with heavy caching and rate limiting linked to a custom fail2ban plugin in in front of the insecure server. The attacks died instantly, the server sped up 10x and was never compromised by bots again (presumably since they got back a linux user agent). To this day I marvel at this miracle $5 fix.

>>>> Followed link to a post
* Do you Accept Cookies?: Yes
* Our customer supports online: Okay, I know
* Subscribe to Newsletters?: Click Click Accept
* Website wants to turn on Notification?: Okay
* Seen Our New Product?: No, not today
* We require you to be over 18?: Yes, I am
* We value your privacy?: I Agree
* Looks like you're using ad-Blocker?: Turn Off
* Don't forget to follow us on...: Okay!!! I get it already, just show me the f*cking post!
* What next
***** 1 million ads appear around a single post broken to bits having (1-2-3-4-5-6-7-8-9 next>>) *****
Just wondering who invented this money making strategy.

Dear Tech-News Outlets,

Yes, I accept 30994 cookies and do not want to uncheck them one by one.
No, I don't want to subscribe to a newsletter full of content completely unknown to me - maybe let me stroll around a bit before asking me? But please don't ask me in the middle of reading the shitty article. Maybe make use of a so-called "sidebar" for shit like that?
Yes, I want to continue without turning off my adblock.
No thanks, I know how to turn it off, I'm going to remove this overlay now via devtools, alright?

Yours
An annoyed user

Please stop...

My business-partner thinks we can pull personal informations from cookies, like age, gender, city and interests......

"Can we get peoples age and gender from cookies? How much data can we get from their cookies? Like if they've looked at a white bag recently?"

WTF..

TL;DR: If you make a contest where people get to vote online fucking make it right!

And here's the story: I play in a local coverband to make some cash on the side and because I love making music. We entered a contest hosted by a local radio-station. The first round was determined by judges and now 5 bands remain and of those 5 only 3 get to be voted into the final round. In the final round every bands wins something: 3rd place 250€, 2nd place 750€ and first place 5000€.
Now that stupid dipshit of a web-designer of that radio-station made a website where you can vote and it only fucking sets a cookie. You can delete it and vote again. You don't need no E-Mail and nothing. It doesn't even block multiple votes from one IP. It doesn't do shit.
Even my bandmates (who don't work in IT) where smart enough to figure out that you can just delete the cookies...
I think that now every band except for one is cheating. (we have over 5000 votes and combined all bands have like 4000 FB-Likes and sometimes and Band gets like 400 more votes in an hour) This is such a fucking messup and I don't know what to do. Maybe they'll look into stats but if they're so stupid to make a contest like this in the first place, maybe they won't. And even if they look into the stats it wouldn't be fair to kick out a band with much votes because how the fuck would they know if the band themselves cheated or if it was a fan of the band or even an enemy of the band just to get them kicked out.
I'm afraid of talking to the radio-station as a part of one band because maybe the web-designer there just gets frustrated and bans us from the contest entirely.
This is just fucking frustrating.

Just had an old coworker from a previous job send me some stuff for a php script he was having issues with.

There was too much glory in what he was trying to do: mixing php inside of jquery code, not using strict types would have prevented like 10 issues he was having on his script on another portion, mixing headers, weirdly named variables, poorly constructed, reused db connections, 0 oop or proper dependency management in his code, horrible use of sessions and cookies, O (n²) logic all over the place.

But the cake.....are y'all ready for it? It was code screenshots, not even of just the section, no, the full page, from a windows machine (to make it better he is hosting the application on an IIS server and his configuration was not properly set) but I digress, back to the cake:

He was writing his code inside of wordpad :P

FUCKING WORDPAD

I just politely told him that I was busy at the moment and happily ignored him. Dude is not a good person to begin with imo, for example, he brought the subject of homosexuality during one of our talks after he saw me talking to my bf, who just so happens to be gay, his statement was "I do not understand how there can be gay people when there are women that are so hot"

My comeback was "I do not understand how we can be heterosexual when there are some really attractive dudes out there, see how stupid your logic sounds? attractiveness is not the basis for homosexuality ye dipstick" he let it go after that, but close minded people like that are not really my cup of tea.

Well on my last full-time job, that ware using cookies for authentication (not something new, eh?). The thing is, you see, the cookies had the 'accountId' which if you change to another number, kaboom you're that account, oh but that was not all, there was an option to mark the account type in there 'accountType', which was kind of obvious in VLE (virtual learning environment), 'Teacher', 'Student', 'Manager' put what of those values and boom you are that role for the session

Thing was open of SQL injection from the login form, from said cookies and form every part you can pass input to it, when I raised the question to my TL he said 'no one is going to know about thatt, I don't see what is the problem', then escalated to higher management 'oh well speak to *tl_guy*'

Oh and bonus points for it being written in ASP CLASSIC in 2014+ (I was supposed to rewrite, but ended up patching ASP code and writing components in PHP)

In 2015-2016, in a private college, charging kind-of big money per year

I used to work for a company that had a main website and a lightweight app. LW app was distributed to partners and added to other sites using an iframe.

Someone decided a requirement was to retain the shopping cart for anonymous users. Some dev thought the best way to do that was to issue auth cookies to anonymous users.

The auth cookie issued by the LW app was actually for the main site. A few users for LW app decided to just come to main site to make a purchase. Since they already had an auth cookie (issued from LW app), they were never prompted to log in, create an account, or use guest checkout on the main site. They were still able to complete their order and we had their shipping address, but we didn’t have their email address so we couldn’t contact them about their order.

Customer service had no way to email customers if something went out of stock or if there was a product recall. CS would have to call these customers and ask for email addresses. Good luck getting anyone to answer or return a call nowadays. Customers were asking where their confirmation email was. The admin website was polluted with “users” that had the placeholder email for non-logged in users.

This happened because of a combination of an understaffed and overextended engineering department. Of course when something goes bad it’s going to be bad.

Imagine

websites didn't use unnecessary cookies,
JavaScript was only used when needed,
no trackers, no ads, no telemetry, no user
data saved when it doesn't benefit the user.

*Wakes up in cold sweat*

Most succesful project was around this time last year.

A scary club of privacy haters made a 'webapp' to advise people what to vote for in the national elections.

The tool was really bad in multiple ways. For instance, if two parties would score the same amount of points, one would, at random take second place without conveying this to the user.

Oh and it also collected all the data people entered "for scientific purposes". A very sketchy practice, a non profit, funded by the government and George Soros (I kid you not, illuminatie confirmed ;) ).

The tool had this disclaimer on the bottom, saying this webapp needs cookies to function. So that triggered me to make a copy of the tool that works better and ... offline, and without cookies. You could download a html file and turn of your wifi (for the paranoid ppl among us), use the tool, delete the file. No trace.

It was a little bit of tung and cheek project, a gimick, the original was called stemwijzer, mine was called offline stemwijzer.

It was a one day build and a day after launching I got a call of the original stemwijzer project leader. Demanding to take the thing offline for infringing copyright (yeah sort of was). I tried to explain him why I made this and why privacy for such things should be held in high regard. He basicly told me I was talking shit and did not want to discuss, I told him I don't take stuff offline because of phone calls. I told him to email me a seist and desist.

So that guy prolly had a stressful day (because of the launch of his tool), had a few glasses of wine, and wrote an email. He wrote me I was a pathtic kid and I should do more useful stuff. He wrote that anyone could program a tool like that. And he wrote me I should do him a favour not share this email with my measly amount of twitter followers. Super professional email.

So I did him that favour, I did not share it with my twitter followers, I shared it with one of the largest political blogs in the country.

My tool sort of took of after that. To stop infringing copy right I changed the name and I removed their content from the script and wrote instructions on how to copy and paste in the json content yourself and "make your own tool".

The response was great, people actually emailed me job offers and I think that the current job I have is due to the succes of said project. So be balsy, challenge giants, start riots, it will get you places.

To all web devs adding cookie-nags on your companys pages: stop that! Now! No where does that cookie law require you to ruin your site with nagging popups. Where's the focus on usability?

And the rule about informed consent? Which normal user (like my mother) knows what that means anyway? I call bs! Politicians, don't get me started.

Every user on the internet goes JMIGA: Just Make It Go Away, click whatever making that crap disappear.

What user will go "holy shit, they're using cookies!! I'm outta here!" No one in the history of the internet, that's who. Argh.

Whelp. I started making a very simple website with a single-page design, which I intended to use for managing my own personal knowledge on a particular subject matter, with some basic categorization features and a simple rich text editor for entering data. Partly as an exercise in web development, and partly due to not being happy with existing options out there. All was going well...

...and then feature creep happened. Now I have implemented support for multiple users with different access levels; user profiles; encrypted login system (and encrypted cookies that contain no sensitive data lol) and session handling according to (perceived) best practices; secure password recovery; user-management interface for admins; public, private and group-based sections with multiple categories and posts in each category that can be sorted by sort order value or drag and drop; custom user-created groups where they can give other users access to their sections; notifications; context menus for everything; post & user flagging system, moderation queue and support system; post revisions with comparison between different revisions; support for mobile devices and touch/swipe gestures to open/close menus or navigate between posts; easily extendible css themes with two different dark themes and one ugly as heck light theme; lazy loading of images in posts that won't load until you actually open them; auto-saving of posts in case of browser crash or accidental navigation away from page; plus various other small stuff like syntax highlighting for code, internal post linking, favouriting of posts, free-text filter, no-javascript mode, invitation system, secure (yeah right) image uploading, post-locking...

On my TODO-list: Comment and/or upvote system, spoiler tag, GDPR compliance (if I ever launch it haha), data-limits, a simple user action log for admins/moderators, overall improved security measures, refactor various controllers, clean up the code...

It STILL uses a single-page design, and the amount of feature requests (and bugs) added to my Trello board increases exponentially with every passing week. No other living person has seen the website yet, and at the pace I'm going, humanity will have gone through at least one major extinction event before I consider it "done" enough to show anyone.

help

Those GDPR nag screens actually are more damaging than useful. Nobody has the energy to jump through the hoops all different sites set up for you to opt-out of tracking. Yet you will constantly see those pages if you have opted out.

If you use some privacy extensions that block tracking cookies and stuff, you will keep getting those nag screens, because they have no idea whether you have seen it or not (because of no tracking)

So browsing the web has become the constant of:

1) Search something
2) Deal with nagscreens
3) See the page
4) Go to other page
5) Repeat from step two

I wonder what this will lead to? People are less likely to visit random pages and stick to ones they have account on? Will darknet become more popular? Will somebody design some standard way to get rid of this nagscreen wave?

I'm learning nginx and it's simplying the way I think about web projects.

I used to think that when I used a server side framework, then that should be the master and all should go through it. Noob me.

I used to put client side projects (like create-react-app of vue-cli projects) right inside the server side project.

But with nginx you can just route subpaths to different places, then instead of having, let's say, the react project inside rails, they would be in separate git projects.

In fact, I no longer need to restrict myself to a single server framework.

I love several aspects of rails. I love several others of node. And if I need multithreaded performance, I'd very much use something like phoenix or go.

Again, with nginx, you setup subpaths with the `location` directive in the same server and voila, a no CORS setup, cookies shared and homogenous versatile website.

Dear web devs,

PLEASE learn how to (or teach/inform your clients) correctly target ads.

Thank You

Also, WTF??? and even WZF?!?! Who created this? Furthermore who the hell paid for this to be an ad, what are they trying to achieve and how tf do they think this will achieve that???

PS-
In case you're wondering what i was looking up on thesaurus.com, or would like to assume/blame this ad on my browsing history, cookies and/or something like google listening in the background through my mic... nope. Looked up "adage" and im waaay too adept at cybersecurity and easily annoyed by anything doing something i didnt explicitly tell it to.

if you're ignorant of the google listening thing:
yes this is totally a real thing that the vast majority of Smartphone users have no clue is happening despite it being in t&c. Try a few, somewhat relevant to this topic, google searches and youll find suggested searches like "can my phone read my mind?".
I tend to explicitly ban shit like that on everything (even devices of anyone on my property that never logged into my internet... im not paranoid, just not a fan of tech doing things i didnt tell it to)... but when i needed to enable/allow it on a dev for 30min, the next time i went to look for a book, one of the top suggestions (before typing anything) was "Burmese Pythons"... i looked back at my activity for that 30min days ago... I had been explaining some basic python code to a kid from myanmar... so it was pretty amusing.

My mom is a basic user that needs to use only basic apps to chat and speak with family, post photos and play one or two games.

She is always ranting about how difficult is to do simple things. And she is mostly right.

Like, where are my fucking photos gone?
Why is facebook/whasapp/whatever different today, where are the fucking buttons gone?
what the fuck happened (when while clicking something a update windows popup and you click something else). Why the buttons are so small (when you want to close a fucking ad windows with a little invisible fucking "x" somewhere and you click the ad instead)?
I don't want no fucking cookies.
Why after windows update my fucking game doesn't work anymore. Why I can't hear anything through the fucking skype?

The fact that she knows I'm one of the moron who builds kind of not-usable and buggy fucking things, doesn't help.

Salespeople telling clients "Your site doesn't need a privacy policy/cookie policy since you don't actually sell anything on your site."

Wrong wrong wrong WRONGITY WRONG WROOONNGGGG!!!!!

Client to PM to me: "Well Jim said we don't need those on this site."

Me: "Well Jim is misinformed, since we use Google analytics, Facebook Pixel, and contact forms, you need to have both a privacy and cookie policy."

PM to client: "We'll find you a template you can use to get started, it'll cover most of what you need."

Me to PM: "we will do no such thing, we can send them a few links explaining why they need these, but they should consult a legal professional and cover their asses for their own business practices. I can provide any technical details they may need like what data the cookies collect if necessary."

PM to me: "well I'll just find something for them then."

*In my head* please just go crawl in a hole and die.

Ads without cookies?

🤔 🤔 🤔 🤔 🤔 Possible?

Today after longer vacation I came back to work.

Edit: wrote this rant long time ago, but never finished. Was too pissed.

Some easy meetings, then wanted to start on an easy job.

Just migrating some things from bash regex voodoo to proper tools like JQ.

Finished in roughly 1 h. Lovely.
Made some tea, ate some cookies.

Set up dev environment, found no documentation what so ever, got it running after half an hour.

Annoying, but ok.

Then I tried my scripts...

They worked... Except they didn't.
Console log empty, response code 200 with state: GENERATE_NO_FILES.

Eh. Fuck you. Just fuck you.

Fixed the logging configuration, which was broken since uhm... 2 years plus?

Well... Another half another hour gone...
Kinda pissed now.

Still script return failed...
Poking and trying to sprinkle debug all over that shit cause everything seems ... An incohesive, inconsistent diarrhea.

3 hours later...

Made the ticket to rewrite it.

I did nothing wrong at all.

The API just has no workflow at all. The
*seperate* API calls have to be in an **specific** order - as otherwise the generation will fail, as the prerequisites for the generation are not fulfilled.

Yeah. Completely logical. Especially not to give out any kind of warning or an error message like requirements not met, blablabla.

I drank that evening 2 six packs of beer. I was raging mad....

Then gave that shit to another manager, as I never want to touch that nuclear waste again....

How can someone be so brain damaged -.-

Worst mistake I have made is accidentally wiping a database table by messing up a SQL script. This was caught after it had been deployed to around 30 customer sites, most of which had no technical staff on site, and we didn't have remote access to. I bought our support team cookies for fixing that one.

Just disabled JS in my browser. It required adding devrant to allowlist though, but otherwise so far so good. Especially on garbage sites like wired: no more popups, no cookies, no tracking, no yOu'Ve ReaChEd yOuR dAiLy lImIt bs…

Session Management in HTML/PHP be Like:

JUST PUT THAT FUCKING SESSION ID AS HIDDEN INPUT IN EVERY FUCKING FORM!!!

BECAUSE WHY NOT JUST SPAM IT WHY IS THERE NO GOOD FUCKING WAY TO HIDE A SESSION KEY WITHOUT COOKIES

I don't know why people here dislike php

It's been 3 years since I was introduced to php and I never find it unworthy to be used in my project at all

Last night it was my first freelancing project and the guy asked me to scrap a table from a stock market website in vba script and append the table values to the excel sheet. That looked easy, I kid you not, from the image he sent me that looked too easy.

I decided to accept it, fml. Cause that site was using fucking cookies and javascript to load the table values.

There was no way to implement shit that in vba under my current knowledge.

Let's fuck this shit and jump to php, I inspected the site and found a cookie was enabling the site to load another part of the site through GET request.

Once I knew what was holding that GET request url, curl came to rescue. I attached cookies and sent the request header and parsed the ajax script url and fetched the response (table data).

Parsed the fetched data using explode and Voila! I made the fucking working script in php

As for the vba script, I wrote code to get this csv, append it to the file and delete the csv

I just implemented the cookie popup you wanted me to make. And now you give me a call that your tracking code doesn't appear in the source code?

Oh, but you don't see the cookie popup? You saw it right? So you've already set your cookie permissions, probably not to accept tracking cookies. We can check by... what's that?

If I can make the tracking code appear anyway?

...

Yeah, sure, no problem, change will be live in five minutes.

Having developer skills comes sometimes in handy in certain situations.

In my case I visited a new website but first I had to choose their cookies.. but.. it was a list of about 150 radio buttons (150 advertisers), I shit you not.
And so I was like: "No, I refuse to click each one of them". I kept thinking.. hm.. how am I going to do a mass-toggle-off? And then it hit me: if the button "toggle all" toggles all buttons.. then that means if I invert the logic of the call, it means I will turn them all off! And it worked.. it was something like: "toggleAll(!-1)" and I did "toggleAll(0)".

That sure saved me some time! Oh yeah and there are of course other situations when you don't want to use a scraper for getting all the;. I don't know.. menu links out of a page. Console > import jQuery > select all elements with 'a' and text() on their DOM node! It can be done with native JavaScript as well document.getElementsById() but yeah, there are plenty of examples.

Hooray for being a developer!

I'm currently in a bit of a predicament.
Here's the deal:
I want to separate my back-end from my front-end code a bit more (currently PHP code is mixed up with all the HTML, Javascript etc.. basically: front-end and back-end are one).
The question here is: how should I go about this?

In my current project, I have written some javascript code with jQuery that checks whether the user is logged in or not (checks for an auth token and UID to be present in the cookies).
However, this results in the page (in this case a dashboard that only logged in users should see) being visible for a moment before the user is redirected to the login page...

How could I go better about this (No, I won't use AngularJS for this)?

“httpOnly cookies prevent XSS attacks”… wow.
As if not being able to get your cookies is going to stop me from doing bad things.

When I'm in via XSS, it's over. I'm changing the page content to your sign-in form with “please sign in again” notice, but it sends email/password straight to me. What percentage of users is going to enter their data? What do you think? With password managers prefilling data, and the annoyance being one “enter” hit away, I think a lot of users will fall for that. No one, including you, will be able to tell the difference without devTools.
You can rotate the session token, but good luck rotating the user's password.

Oh, did I tell you I could register a service worker using XSS that will be running in background FOREVER?

But don't listen to me. Don't think. Just use httpOnly and hope for the best. After all, your favorite dev youtuber said they could protect you from XSS.

Yuummm Cookie Monster approves!

"Code"

And the website says "Lonely geeky people do need apply"
So I put my on my glasses and I went in to ask him why
He said you look like a fine outstanding young man, I think you'll do
So I shook his hand and, I said "I am glad I will be working for you."

Code, code, everywhere there's code
Neo vision, tweakin' my mind
Do code this, and API that, can't you read the fucking manual

And the sign says "If you want to use this site you must accept our cookies"
So I found the CEOs address and doxxed him all night!
To put up a dialog and block content from my sight.
If Todd was here, he'd tell it to your face, man, "it just works"

Code, code, everywhere there's code
Neo vision, tweakin' my mind
Do code this, and API that, can't you read the fucking manual

Oh, say now mister, can't you code
You got to have a laptop and a hoodie to get a job
You can't work, no you can't standup, you ain't supposed to be here

And the website says "You got to have an employee ID to get inside" - yo!

And the website says "Everybody welcome, come in, code and share"
But then they passed around a git pull at the end of it all
And I didn't have a character to code
So I got me laptop and I made up my own fuckin' code
I typed, "Thank you OSS for thinking 'bout me, I'm alive and doing fine", yeah

Code, code, everywhere there's code
Neo vision, tweakin' my mind
Do code this, and API that, can't you read the fucking manual

Code, code, everywhere there's code
Neo vision, tweakin' my mind
Do code this, and API that, can't you read the fucking manual

Yes! Some old song, called "Code code", I wish we did write that one, but
We didn't - git blame!

Hello World!

So i have been thinking..
SQL is a lang that runs on a specific software on the server, and helps creating data stores(databases and tables) that can be queried & manipulated.

is there a way to run sql like queries on the client side with no interaction from backend at all?

Say i have 5 inter related data models. in a backend world, they will form nice little tables of a db with all their joins and composite keys. from the server, i shall be querying them like "SELECT name from x where y=z & ..."

but what if i could store them like tables in browser memory and run the same query filters via a query language... is this possible?

i know this poses a certain security risk, but we already use cookies, local storage and a lot of json based shitty client side storages. surely it might be possible to have a lesser optimised sql tables on the frontend with extremely good querying capabilities?

or am i talking something far fetched here?

I don't get why there are laws restricting the use of my website.

Let's say I pay for the electricity, internet, housing and everything related to my server and the website that is hosted on it.

This makes the computer my property and I allow connections to be made over the internet to it, and people accept whatever I send back to them and their machine acts based on that information.

In no way am I forcing or attacking their machine, so why are the restictuons on what data I can send (other than illegal images and such, I'm talking about cookies and privacy stuff).

Their machine is the one setting and storing cookies, not mine. They're entering their personal info and sending it to me, nothing is forced and most the time it is written out what will be done with that data.

Some script keeps freezing my firefox while facebook is open. Hell, I only ever use it to chat with people...
I already went to hell and back and can't seem to fix if.
No other site does it, already cleared cookies etc.
I really don't want to switch to another browser...

Possibily the weirdest coincidence I've experienced... I was just searching for, specifically and explicitly, the ebook version of O'Reilly pocket references for a babydev since physical copies, if/when available, are expensive and slow delivery. While googling the PHP one, somehow, 1984 (orwell) in russian was oddly high in the search results.

1984 is my favourite book and I've been meaning to take time to brush up on my russian. Normally I'd blame the result on things like tracking data, but this was via a clean, isolated, never logged into anything, system. The only factors that couldve been skewing results are my explicit locale settings, primary- german/germany, secondary- english/US, additional languages- dutch, russian, arabic, spanish. No other cookies or previous search history and using a static IPv4 that has been allocated, but until a few hours ago, totally unused for ~6mo (part of my /28 block).

It's so serendipitous that I keep mulling over everything trying to figure out wtf I missed... seriously, how the hell does "O'Reilly pocket reference php ebook" return a russian paperback of 1984???

I'm totally gonna find and buy one now too (the actual result is costly, plus would ship from germany so more costly).

Securing my single-page-app. Fuck it. Fucking how? Fuck.

sorry, search engines were not helpful. does anyone know of a lightweight browser that doesn't need installing but stores everything in the os user directory?

i have no it-permissions but want to provide my department with a suitable browser. we have ie and edge, but the latter deletes everything on closing which makes it unusable for my usecase and the it is not willing to set this up different.

ff portable can not be run from a read-only-folder and any other scenario either needs installing on every terminal or does not handle different profiles which is essential. i read that this is the case for any portable browser.

i'd like to set it up properly with neccessary start page, favourites, adblocker and so on but just in one network directory for maintainance reasons.

we run a web based application strictly local but each windows-user-account must have their own setting in this app (cookies or preferably webstorage).

am i asking too much for?

Hi devRant. Wanna rant with some shit about my company. First some good parts. I work in company with 600+ employees. It's one of the best companies in my region. They provide you with any kind of sweets(cookies, coffee, tea, etc), any hardware you need for your work (additional monitor, more ram, SSDs, processor, graphics card, whatever), just about everything you need to make your work faster/comfortable. Then, we have regular reviews (every 6 months), which rise salary from $0.75 to $1.5 per hour. (I live in poor country, where $15 per hour makes your more solvent then 70% of people, so having 100-200 bucks increase every half year is quite good rise).
The resulting increase of review depends on how team leader and project manager are satisfied with my work. And here starts the interesting (e.g. the shit comes in).
1) Seniority level in our company applies depending on the salary you have. That't right. It does not depend on your skill. Except the case when you're applying to vacancy. So if you tell that you're senior dev and prove it during interview, you'll have senior's salary. This is fine if you're just want money. But not if you love programming (as me) because of reasons bellow.
2) You don't need to have lots of programming experience to be a team leader. You can even be a junior team leader (but thanks god, on research projects only). You start from leading research projects and than move to billable if the director of research department is satisfied with your leading skills.
As a consequence our seniors are dumb AF. This pieces me off the most. Not all of them. A would say half of them are real pro guys, but the rest suck at programming (as for a senior). They are around junior/middle level.
I can understand if guy has $15 rate but still remains junior dev. That's fine. But hell no, he is treated as a middle, because his rate is $10+ now! And his mind has priority over middles and juniors. Not that junior have lof of good tougths but sometimes they do.
I'm lucky to work yet on small project so I'm the only dev, and so to speak TL for myself. But my colleague has this kind of senior team leader who is dumb AF. They work on ASP.NET Core project, the senior does not even know how to properly write generic constraints in C#. Seriously.
Just look at this shit. Instead of

MyClass<T> where T: class {}

he does this:

abstract class EnsureClass {}
MyClass<T> where T: EnsureClass {}

He writes empty abstract class, forces other classes to inherit it (thus, wasting the ability to inherit some useful class) just to ensure that generic T is a class. What thA FUCK is wrong with you dude?! You're a senior dev and you don't even know the language you're codding in.
And this shit is all over the company. Every monkey that had enough skill just to not be fired and enough patience to work 4-5 years becomes a senior! No-fucking-body cares and reviews your skill increase. The whole review is about department director asking TL and PM question like "how is this guy doing? is he OK or we should fire him?" That's the whole review. If TL does not like you, he can leave bad review and the company will set you on trial. If you confront TL during this period, pack your suitcase. Two cases of such shit I know personally. A good skilled guy could not just find common language with his TL and got fired. And the cherry on top of the case is that thay don't care about the fired dev's mind. They will only listen to reviewer. This is just absurd and just boils me down.
That's all i wanted to say. Thanks for your attention.

I know this question sounds dumb but when i google 50% say no and 50% say yes. So my question is, can i spread (a Fileless) Malware with cookies?

i understand way too little about web data types. while having to store a shitload of data in cookies (sorry for that, no localstorage for local sites, insensitive though) i was so proud of compressing strings with bitshifting only to find out that uriencoding bloats chinese characters massively up. fml

We go together like CORS and cookies...said no one ever.

Use headers for Pete's sake!

tldr: I am looking for recommendations for a basic website for my parents. GOTO question;

Pre-Story:
My parents have a small (offline) business. They have a website to give some general information and list their weekly offers.
When I felt that what has come out of the website-building tool (you know, clicky clicky stuff) looked a bit too early 2000's and is a total ripoff for what you get (almost 20€ per month), I created something with Google Sites for them. Feel free to roast me, but web development is not my field and now it looks much more modern, is mobile friendly and does what it is supposed to do. Weekly offers are edited in a google sheets file, which is embedded in the website. Not great, but this way my mom doesn't have to deal with editing a tables on the page - trust me, it won't look good. This also meant they could downgrade the hosting package to discard the clicky-tool and just the domain (maybe 1€ per month). The website itself is hosted for free by Google.

Some time ago GDPR became a thing and then I was tasked to have a look at it. (side note: I don't want to rant about being responsible for it, that's fine. My parents don't really ask me to do a lot for them.) You can't enter any data on the website, it's just very basic stuff and data protection wise there's just the "usual" stuff (cookies, embedded tools, logs). I added another site with a halfway complete privacy policy. Regarding the whole cookie issue (do not enforce unnecessary cookies) I couldn't find an easy solution. It's not 100%, but what can you really expect from a small business like this? I've seen worse.

Now to the question:
Can you recommend a good alternative to the current solution (Google Sites)?
It should be cheap (<3€/month incl. domain) and my parents should be able to make some basic changes (just text in predefined locations). I am not afraid to get my hands dirty - I can deal with some HTML, CSS, JS - but I don't want to sink a lot of time into this. No need for analytics or the like. Maybe a newsletter would be cool (with the weekly offers), but that's just a random thought of mine and definitely not necessary.

Thanks for reading :)

I haven't been able to access ChatGPT since Friday. I thought it might help to delete all cookies so I did, and managed to access their login page. However, when clicking on "Log in", nothing happens, which shouldn't come as a surprise as there is no event listener on the button element, nor on any of its ancestors or descendants (see attached screenshot).

ENOSPC = random things go wrong.

There are many synonyms for ENOSPC, like "disk full", "space storage full", "space storage exhausted", "no more space left on device", and those other repulsive errors. For the sake of simplicity, I am going to refer to it as ENOSPC.

If you are in this condition on the operating system partition, get out of it quickly or random things will go wrong. Text editors which write directly to a text file rather than creating a temporary file and then replacing the text file could end up blanking the text file, softwares' configuration files might fail saving which causes a reset, and web browsers might spontaneously reset cookies and lose history.

For example, Firefox has created a gap in the web browsing history, as shown here. The history that is now memory-holed initially appeared to have been recorded successfully. Apparently, a failed write to the places.sqlite database when closing the browser created this gap.