Most embarrassing and lucky moment on the first week of job.

Me and my best friend were selected in the same company as developers. I was having some trouble with my system. So I mailed the description to our support department. Pop up was displayed from our chat client and person on the other end happened to be a lady. She wanted me to share a team viewer link with click access. So I did it and within 2 minutes of efforts she solved it. I thanked her, closed the chat conversation and started installing few packages. Meanwhile, I was curious to see her as she was really nice throughout the conversation. So I opened LinkedIn, searched for her name and found her profile. I zoomed in her photo and she was a pretty chick. I didn't stop and found her on FB too, and quickly saw all her DPs. I just copied her profile URL and sent it to my friend ( the one that got selected with me ) and told him about my conversation with her. Then I asked my friend
"She's hot. Should I send her a friend request or have to find some more troubles in my pc and talk to her few more times ? :P "
He replied "Dude what are you wanting for ? "
Out of no where, a pop up showed up. It was the girl we were talking about. The exact message was

"You can now close your team viewer session, and we can talk over FB :)"

Embarrassing AF!

One of our web developers reported a bug with my image api that shrunk large images to a thumbnail size. Basically looked like this img = ResizeImage(largeImage, 50); // shrink the image by 50%
The 'bug' was when he was passed in the thumbnail image and requesting a 300% increase, and the image was too pixelated.
I tried to explain that if you need the larger image, use the image from disk (since the images were already sized optimally for display) and the api was just for resizing downward.
Thinking I was done, the next day I was called into a large conference room with the company vice-president, two of the web-dev managers, and several of the web developers.
VP: "I received an alarming email saying you refused to fix that bug in your code. Is that correct?"
Me: "Bug? No, there is no bug. The image api is executing just as it is supposed to."
MGR1: "Uh...no it isn't. Images using *your* code is pixelated and unfit for our site and our customers."
MGR2: "Yes, I looked at your code and don't understand what the big deal is. Looks like a simple fix."
<web developers nodding their heads>
Me: "OK, I'll bite. What is the simple fix?"
<MGR2 looks over at one of the devs>
Dev1: "Well, for example, if we request an image resize of 300, and the image is only 50x50, only increase the size by 10. Maybe 15."
Me: "Wow..OK. So what if the image is, for example, 640x480?"
MGR1: "75. Maybe 80 if it's a picture of boots."
VP: "Oh yes, boots. We need good pictures of boots."
Me: "I'm not exactly sure how to break this to you, but my code doesn't do 'maybe'. I mean, you have the image from disk.
You obviously used the api to create the thumbnail, but are trying to use the thumbnail to go back to the regular size. Why not use the original image?"
<Web-Dev managers look awkwardly towards the web devs>
Dev3: "Yea, well uh...um...that would require us to create a variable or something to store the original image. The place in the code where we need the regular image, it's easier to call your method."
Me: "Um, not really. You still have to resolve the product name from the URL path. Deriving the original file name is what you are doing already. Just do the same thing in your part of the code."
Dev2: "But we'd have to change our code"
Mgr2: "I know..I know. How about if we, for example, send you 12345.jpg and request a resize greater than 100, you go to disk and look for that image?"
<VP, mgrs, and devs nod happily>
Me: "Um, no that won't work. All I see is the image stream. I have no idea what file is and the api shouldn't be guessing, going to disk or anything like that."
Dev1: "What if we pass you the file name?"
<VP, mgrs, and devs nod happily again>
Me: "No, that would break the API contract and ...uh..wait...I'm familiar with your code. How about I make the change? I'm pretty sure I'll only have to change one method"
VP: "What! No...it’s gotta be more than that. Our site is huge."
<Mgrs and devs grumble and shift around in their chairs>
Me: "I'm done talking about this. I can change your code for you or you can do it. There is no bug and I'm not changing the api because you can't use it correctly."

Later I discovered they stopped using the resize api and wrote dynamic html to 'resize' the images on the client (download the 5+ meg images, and use the length and width properties)

Oh, man, I just realized I haven't ranted one of my best stories on here!

So, here goes!

A few years back the company I work for was contacted by an older client regarding a new project.

The guy was now pitching to build the website for the Parliament of another country (not gonna name it, NDAs and stuff), and was planning on outsourcing the development, as he had no team and he was only aiming on taking care of the client service/project management side of the project.

Out of principle (and also to preserve our mental integrity), we have purposely avoided working with government bodies of any kind, in any country, but he was a friend of our CEO and pleaded until we singed on board.

Now, the project itself was way bigger than we expected, as the wanted more of an internal CRM, centralized document archive, event management, internal planning, multiple interfaced, role based access restricted monster of an administration interface, complete with regular user website, also packed with all kind of features, dashboards and so on.

Long story short, a lot bigger than what we were expecting based on the initial brief.

The development period was hell. New features were coming in on a weekly basis. Already implemented functionality was constantly being changed or redefined. No requests we ever made about clarifications and/or materials or information were ever answered on time.

They also somehow bullied the guy that brought us the project into also including the data migration from the old website into the new one we were building and we somehow ended up having to extract meaningful, formatted, sanitized content parsing static HTML files and connecting them to download-able files (almost every page in the old website had files available to download) we needed to also include in a sane way.

Now, don't think the files were simple URL paths we can trace to a folder/file path, oh no!!! The links were some form of hash combination that had to be exploded and tested against some king of database relationship tables that only had hashed indexes relating to other tables, that also only had hashed indexes relating to some other tables that kept a database of the website pages HTML file naming. So what we had to do is identify the files based on a combination of hashed indexes and re-hashed HTML file names that in the end would give us a filename for a real file that we had to then search for inside a list of over 20 folders not related to one another.

So we did this. Created a script that processed the hell out of over 10000 HTML files, database entries and files and re-indexed and re-named all this shit into a meaningful database of sane data and well organized files.

So, with this we were nearing the finish line for the project, which by now exceeded the estimated time by over to times.

We test everything, retest it all again for good measure, pack everything up for deployment, simulate on a staging environment, give the final client access to the staging version, get them to accept that all requirements are met, finish writing the documentation for the codebase, write detailed deployment procedure, include some automation and testing tools also for good measure, recommend production setup, hardware specs, software versions, server side optimization like caching, load balancing and all that we could think would ever be useful, all with more documentation and instructions.

As the project was built on PHP/MySQL (as requested), we recommended a Linux environment for production. Oh, I forgot to tell you that over the development period they kept asking us to also include steps for Windows procedures along with our regular documentation. Was a bit strange, but we added it in there just so we can finish and close the damn project.

So, we send them all the above and go get drunk as fuck in celebration of getting rid of them once and for all...

Next day: hung over, I get to the office, open my laptop and see on new email. I only had the one new mail, so I open it to see what it's about.

Lo and behold! The fuckers over in the other country that called themselves "IT guys", and were the ones making all the changes and additions to our requirements, were not capable enough to follow step by step instructions in order to deploy the project on their servers!!!

[Continues in the comments]

Ex-boss (who boasted 20 years of programming exp.) Would not let us work on a web project saying we didn't have enough experience and said he'd do it alone... Fast forward to 3 days before presenting to client, we get to check the log in interface and immediately find that there's no actual security, no validation... Just 2 text boxes with hard coded users and no way to add more without creating them in db... And if you knew the next page's URL you can actually skip the login... Needless to say he was removed from the project that instant and we (interns at the time) had to do everything from scratch. A 3 months project done in 2 days. Never been more stressed in my life :'(

One of my first jobs as a Web Designer / Developer.

Boss had me update a WordPress site that the previous dude built. It had some pages that only members were meant to access.

These were listed on a navbar at all times. If the user clicked on them, a JS alert would show up telling the visitor to log in first.

That was the ONLY protection those pages had. No matter it was a WordPress-powered site, to begin. If you knew the URL or simply altered the code right there on the browser to remove the onclick-bound JS, you could get in.

And that was just the beginning of it. Eventually I convinced the boss to rebuild the site.

ARE YOU FUCKING KIDDING ME. I SPEND HOURS INVESTIGATING INCOMING & OUTGOING DATA. I CHECKED ALL THE CODE, I EVEN TEAMVIEWED A CUSTOMER WHICH WAS HAVING SOME ISSUES WITH MY APP.

TURNS OUT I FORGOT A FUCKING '/' IN MY FUCKING CODE. WHICH MEANS THE HOLE GODDAMN API URL MAKES NO SENSE.

WHY THE FUCK DO I ALWAYS OVERCOMPLICATE SHIT LIKE THIS.

FUCK

You can't imagine how many lines of pure and utter horseshit, seemingly written in PHP, I had to dig through this whole weekend. (relating to my 2 previous rants)

How is it even possible to write code this unbelievably ugly?

Examples:
- includes within loops
- included files use variables from parent files
- start- and endtags separated to different files
- SQL queries generated by string concatenation, no safety measures at all (injection)
- repeating DB calls within loops
- multiple directories with the same code (~40 files), only different by ~8 lines, copied
- a mixture of <?php echo ... ?> and <?= ... ?>
- a LOT of array accesses and other stuff prefixed with "@" (suppress error messages)
- passwords in cleartext
- random non-RESTful page changes with a mixture of POST and GET
- GET parameters not URL-encoded
- ...

My boss told me it took this guy weeks and weeks of coding to write this tool (he's an "experienced dev", of course WITHOUT Git).

Guess what?
It took me only 20 hours and about 700 lines of code.

I must confess, since this task, I don't hate PHP anymore, I just simply hate this dev to death.

Addendum: It's Monday, 5:30am. Good night. 😉

micromanager: "Quick and easy win! Please have this done in 2-3 days to start repairing your reputation"

ticket: "Scrap this gem, and implement your own external service wrapper using the new and vastly different Slack API!"

slack: "New API? Give me bearer tokens! Don't use that legacy url crap, wth"

prev dev: "Yeah idk what a bearer token is. Have the same url instead, and try writing it down so you don't forget it?"

Slack admin: "I can't give you access to the slack integration test app, even though it's for exactly this and three others have access already, including your (micro)manager."

Slack: "You can also <a>create a new slack app</a>!" -- link logs me into slack chat instead. After searching and finding a link elsewhere: doesn't let me.

Slack admin: "You want a new test slack app instead? Sure, build it the same as before so it isn't abuseable. No? Okay, plan a presentation for it and bring security along for a meeting on Friday and I'll think about it. I'm in some planning meetings until then."

asdfjkagel.

This job is endless delays, plus getting yelled at over the endless delays.

At least I can start on the code while I wait. Can't test anything for at least a week, though. =/

god i hate this company's product.

Visit merchant-facing sandbox -> 404. works after a refresh.

Log into sandbox with admin account -> redirects to a different signin url -> 500s -> signin no longer works.

wheeeeee!

Our web department was deploying a fairly large sales campaign (equivalent to a ‘Black Friday’ for us), and the day before, at 4:00PM, one of the devs emails us and asks “Hey, just a heads up, the main sales page takes almost 30 seconds to load. Any chance you could find out why? Thanks!”
We click the URL they sent, and sure enough, 30 seconds on the dot.
Our department manager almost fell out of his chair (a few ‘F’ bombs were thrown).
DBAs sit next door, so he shouts…
Mgr: ”Hey, did you know the new sales page is taking 30 seconds to open!?”
DBA: “Yea, but it’s not the database. Are you just now hearing about this? They have had performance problems for over week now. Our traces show it’s something on their end.”
Mgr: “-bleep- no!”
Mgr tries to get a hold of anyone …no one is answering the phone..so he leaves to find someone…anyone with authority.
4:15 he comes back..
Mgr: “-beep- All the web managers were in a meeting. I had to interrupt and ask if they knew about the performance problem.”
Me: “Oh crap. I assume they didn’t know or they wouldn’t be in a meeting.”
Mgr: “-bleep- no! No one knew. Apparently the only ones who knew were the 3 developers and the DBA!”
Me: “Uh…what exactly do they want us to do?”
Mgr: “The –bleep- if I know!”
Me: “Are there any load tests we could use for the staging servers? Maybe it’s only the developer servers.”
DBA: “No, just those 3 developers testing. They could reproduce the slowness on staging, so no need for the load tests.”
Mgr: “Oh my –bleep-ing God!”
4:30 ..one of the vice presidents comes into our area…
VP: “So, do we know what the problem is? John tells me you guys are fixing the problem.”
Mgr: “No, we just heard about the problem half hour ago. DBAs said the database side is fine and the traces look like the bottleneck is on web side of things.”
VP: “Hmm, no, John said the problem is the caching. Aren’t you responsible for that?”
Mgr: “Uh…um…yea, but I don’t think anyone knows what the problem is yet.”
VP: “Well, get the caching problem fixed as soon as possible. Our sales numbers this year hinge on the deployment tomorrow.”
- VP leaves -
Me: “I looked at the cache, it’s fine. Their traffic is barely a blip. How much do you want to bet they have a bug or a mistyped url in their javascript? A consistent 30 second load time is suspiciously indicative of a timeout somewhere.”
Mgr: “I was thinking the same thing. I’ll have networking run a trace.”

4:45 Networking run their trace, and sure enough, there was some relative path of ‘something’ pointing to a local resource not on development, it was waiting/timing out after 30 seconds. Fixed the path and page loaded instantaneously. Network admin walks over..
NetworkAdmin: “We had no idea they were having problems. If they told us last week, we could have identified the issue. Did anyone else think 30 second load time was a bit suspicious?”
4:50 VP walks in (“John” is the web team manager)..
VP: “John said the caching issue is fixed. Great job everyone.”
Mgr: “It wasn’t the caching, it was a mistyped resource or something in a javascript file.”
VP: “But the caching is fixed? Right? John said it was caching. Anyway, great job everyone. We’re going to have a great day tomorrow!”
VP leaves
NetworkAdmin: “Ouch…you feel that?”
Me: “Feel what?”
NetworkAdmin: “That bus John just threw us under.”
Mgr: “Yea, but I think John just saved 3 jobs. Remember that.”

TL;DR I'm fucking sick and tired of Devs cutting corners on security! Things can't be simply hidden a bit; security needs to be integral to your entire process and solution. Please learn from my story and be one of the good guys!

As I mentioned before my company used plain text passwords in a legacy app (was not allowed to fix it) and that we finally moved away from it. A big win! However not the end of our issues.

Those Idiot still use hardcoded passwords in code. A practice that almost resulted in a leak of the DB admin password when we had to publish a repo for deployment purposes. Luckily I didn't search and there is something like BFG repo cleaner.

I have tried to remedy this by providing a nice library to handle all kinds of config (easy config injection) and a default json file that is always ignored by git. Although this helped a lot they still remain idiots.
The first project in another language and boom hardcoded password. Dev said I'll just remove before going live. First of all I don't believe him. Second of all I asked from history? "No a commit will be good enough..."

Last week we had to fix a leak of copyrighted contend.
How did this happen you ask? Well the secure upload field was not used because they thought that the normal one was good enough. "It's fine as long the URL to the file is not published. Besides now we can also use it to upload files that need to be published here"
This is so fucking stupid on so many levels. NEVER MIX SECURE AND INSECURE CONTENT it is confusing and hard to maintain. Hiding behind a URL that thousands of people have access to is also not going to work. We have the proof now...
Will they learn? Maybe for a short while but I remain sceptic. I hope a few DevrRanters do!

Typical Tuesday morning. Got word that a client was having trouble viewing a mp4 video, thats being used as a background element on their website, on their iphone.
No biggie, I think to myself.
An hour in Im praying to the safari Gods and cursing the existence of iOs (or however the hell you spell it).
While debugging I realise the browser gives up on downloading the video 2 seconds in, the same way I gave up watching that Netflix Neath note abomination, two seconds in.
So i quickly write up an ajax script forcing the browser to download the file before displaying it...F.I.G.J.A.M
But hold up 'webkitURL' is deprecated. Please use 'URL' instead ..dafuq ?
Okay okay I got this just use a work around for that ..aaand done.
Should be working right? Wrong (-_-)
Half an hour later searching stackoverflow like its the gospel and judgement is upon me and I found the solution..I found the solution, simple stupid solution that would make you wanna facepalm so hard that your great grandkids would have marks on their face.
Declare the MIME type in the bloody source tag in the html ... shoot me now

After returning back from the company we were purchasing a new phone system (hardware+software, $100K+, kind of a big deal)
VP: “I need the new phone system software integration for our CRM by next week. I need to demo the system for the other VPs”
Me: “No problem. Were you able to get their API like I asked?”
VP: “Salesman didn’t know for sure what that was, but he said all the developer software documentation is on their site.”
Me: “Did he give you a URL? Their main site is all marketing mumbo-jumbo. I assume there is another one specific for developers.”
VP: “Yea, he might have said something, but I don’t understand why you need it. The salesman said the integration would be seamless. He showed me several demos.”
Me: “No, I mean I need to know, is the API a full client install? a simple dll? is this going to be a web service integration? How will I know what to program against?”
VP: “I think I heard him say something about COM? Does that sound like an API?”
Me: “It’s a start. Did he provide you anything, a disk, a flash drive, anything with the software?”
VP: “No, only thing he told me was our CRM integration would be seamless and our development team would have no problems.”
Me: “OK..OK…I get it…he’s a salesman. Is there an 1-800 number I can call? A technical support email address? Anyone technical I can reach out to?”
VP: “Probably, but I don’t understand what the problem is. I need the CRM integrated by next week. I gave the other VPs a promise we would get it done. I do not break promises.”
Me: “Wait…when are we installing the new system?”
VP: “Well, the purchase order will be cut at the end of the month’s billing cycle, the company has about a two month turnaround time to deliver and install the hardware, so maybe 3 months from now? Are you going to be able to have the integration ready for next week?”
Me: “If we won’t see any of the hardware for 3 months, what exactly am I integrating with?”
VP: “That API you wanted or whatever it is. COM…yea, it’s COM. I was told the integration would be seamless and our developers would have no problem. I don’t understand why you can’t simply write the code to make it work. Getting the hardware installed is going to be the hardest part.”
Me: “OK, so I have no documentation, we have no hardware, no software, and no idea what this ‘seamless integration’ means. I’m afraid there isn’t anything I can do right now. ”
VP: “Fine!...I’ll just have to tell the other VPs you were not able to execute the seamless integration with the CRM.”
Which he did. When the hardware+software was finally installed, they hired consultants (because I “failed”). I think the bill was in the $50K range to perform the ‘integration’ which consisted of Excel spreadsheets (no kidding). When approached with the primary CRM integration, the team needed our API documentation, a year’s development time and $300K. I was pissed off enough, and I had the API documentation, I was able to get the basic CRM integration within 3 days. When an agent receives a call, I look up the # in our database, auto-fill the form with the customer info, etc. Easy stuff when you have the documentation.
The basics worked and the VP was congratulated by ‘saving’ the company $300K. May or may not have been bonuses involved, rumors still out on that one, but I didn't see em'. Later my manager told me the VP was really ticked that I performed the integration ‘behind his back’, but because it was a success, he couldn’t fire me.

My parents are real sticklers for who is allowed to be on Netflix. They only let people on when they are present, and they never click 'save password'.

Me being a poor college student and desperate for the Netflix password, created a fake website for one of my parents to sign into.

How did I do this? I created my own localhost server with a backend database for the password to go to. I then copied the Netflix home screen and log in and asked them to log me into their account.

They said I can be on for one hour, and then they were signing me out.

I agreed to these terms.

As a small twist, I had also copied the no internet tab from Chrome for the page to redirect to. Knowing that once they logged in they would be expecting the main UI.

They logged in and then waited for the page to load. I, of course, put in a delay for the page to load and then displayed the no internet tab. They were confused and asked me to refresh, still nothing. I asked them if the router was out, and they went to check.

While they were away I quickly switched back to the real Netflix website and yelled back saying I got it working again. They came back over and saw that it was asking for a password again. They signed in and saw the main homepage and none were the wiser that day.

Once they left I checked inside the DB and found the plaintext password they typed in... The damn password was so simple, I cursed myself for not having figured it out sooner. No matter, I had my parents Netflix password.

So you're probably wondering how they didn't see the URL above and think something was off?

I pressed F11 and fullscreened my entire browser. They did ask, and I simply replied with, I don't like seeing all the crap up above when I'm streaming. No further questions, perhaps I was lucky.

When your raspberry pi is bombarded with /phpmyadmin URL attempts in all its forms and possible paths and versions 😅

Like seriously? Who in there right mind uses phpmyadmin AND has it accessible to the public.

- there's no databases on this Rpi but you keep looking.

You know what REALLY PISSES ME THE FUCK OFF? Two pupils in my school won a local IT award FOR CODING A FUCKING PHP VOTING SITE WHICH DESIGN WAS SO FUCKING UGLY I WANT TO VOMIT. THE SITE IS SO FUCKING SHIT THAT YOU CAN VOTE AS MANY TIMES AS YOU WANT AND THERE ARE NO IPS LOGGED TO PREVENT IT. WHAT THE FUCK. THE QUESTIONS ARE FUCKING HARDCODED AND THE RESULT NUMBERS ARE STORED IN A TXT FILE THAT IS ACCESSIBLE WITH THE RIGHT URL

Client sends me support email concerning the CMS.

There's not enough details to go on, esp. browser info, so I ask her to fill out a support ticket.

She does, but doesn't enter any browser info, AND mistypes her email address so I have to correct it to reply to the right email.

I send her to whatbrowseramiusing.co and ask her to send the info to our support email address.
She emails support directly with these words: "I am using Google bowser".

I reply: click "Send to my designer" on whatbrowseramiusing.co and I give her exact steps to fill out the three form fields

She replies: "There is no 'Send to my designer', I only get the option to buy the domain."

I'm like "Whut?!" Did you mistype the URL? Why don't you click the link in the email? (Paraphrase)

This time I get an official email from whatbrowseramiusing.co, telling me that the client is using Safari 5.0.5. Which is five years old.

At that point I replied and said we really can't support this older browser, and included a link to the Firefox download page.

I've found and fixed any kind of "bad bug" I can think of over my career from allowing negative financial transfers to weird platform specific behaviour, here are a few of the more interesting ones that come to mind...

#1 - Most expensive lesson learned

Almost 10 years ago (while learning to code) I wrote a loyalty card system that ended up going national. Fast forward 2 years and by some miracle the system still worked and had services running on 500+ POS servers in large retail stores uploading thousands of transactions each second - due to this increased traffic to stay ahead of any trouble we decided to add a loadbalancer to our backend.

This was simply a matter of re-assigning the IP and would cause 10-15 minutes of downtime (for the first time ever), we made the switch and everything seemed perfect. Too perfect...

After 10 minutes every phone in the office started going beserk - calls where coming in about store servers irreparably crashing all over the country taking all the tills offline and forcing them to close doors midday. It was bad and we couldn't conceive how it could possibly be us or our software to blame.

Turns out we made the local service write any web service errors to a log file upon failure for debugging purposes before retrying - a perfectly sensible thing to do if I hadn't forgotten to check the size of or clear the log file. In about 15 minutes of downtime each stores error log proceeded to grow and consume every available byte of HD space before crashing windows.

#2 - Hardest to find

This was a true "Nessie" bug.. We had a single codebase powering a few hundred sites. Every now and then at some point the web server would spontaneously die and vommit a bunch of sql statements and sensitive data back to the user causing huge concern but I could never remotely replicate the behaviour - until 4 years later it happened to one of our support staff and I could pull out their network & session info.

Turns out years back when the server was first setup each domain was added as an individual "Site" on IIS but shared the same root directory and hence the same session path. It would have remained unnoticed if we had not grown but as our traffic increased ever so often 2 users of different sites would end up sharing a session id causing the server to promptly implode on itself.

#3 - Most elegant fix

Same bastard IIS server as #2. Codebase was the most unsecure unstable travesty I've ever worked with - sql injection vuns in EVERY URL, sql statements stored in COOKIES... this thing was irreparably fucked up but had to stay online until it could be replaced. Basically every other day it got hit by bots ended up sending bluepill spam or mining shitcoin and I would simply delete the instance and recreate it in a semi un-compromised state which was an acceptable solution for the business for uptime... until we we're DDOS'ed for 5 days straight.

My hands were tied and there was no way to mitigate it except for stopping individual sites as they came under attack and starting them after it subsided... (for some reason they seemed to be targeting by domain instead of ip). After 3 days of doing this manually I was given the go ahead to use any resources necessary to make it stop and especially since it was IIS6 I had no fucking clue where to start.

So I stuck to what I knew and deployed a $5 vm running an Nginx reverse proxy with heavy caching and rate limiting linked to a custom fail2ban plugin in in front of the insecure server. The attacks died instantly, the server sped up 10x and was never compromised by bots again (presumably since they got back a linux user agent). To this day I marvel at this miracle $5 fix.

> Be me
> Desperate for a driver
> Find nothing useful
> Oh a GitHub repo, hmmh
> '𝐃𝐨𝐰𝐧𝐥𝐨𝐚𝐝 𝐡𝐞𝐫𝐞 ===> tinyurl.com/XXXXXX'
> Nope
> It's time to report!

Context:

- The url is a redirect chain to a phishing site

- Repo is completely empty except for a single folder with 1000+ files all named after drivers, with the same 'download' link, and probably scraped website text at the bottom (probably to increase searchability)

- The 'user' joined just a couple days ago and has no other repos

My friend and I have been debugging this server issue where the server can't find the input file.

30 minutes passed, we checked, restarted everything, still no avail.

When I saw his safari browser, THE FULL URL WASNT SHOWING. The server was working, we just didn't see a redirect behavior because of apple fucking trying to fucking prettify everything.

GOD DAMMIT.

/rant

Me: ssl conn cannot be esrablished. Cert is not signed

Sr. Dev/architect: what url are you calling?

Me: dns_name:port

sd/a: yeah, I know that. But what is the url?

Me: *how the f... Did you get 'sr' and 'arch' titles, man???*
Me: why does it matter?

Sd/a: certificates depend on a url. Our LB selects a cert according to a request url

me: *buddy, I like you but I no longer look at you with respect like I used to before today...*

Hell is accidentally clicking on, instead of copying, an email URL and having to wait forty years for some email program you didn't even know existed to rise from its slumber like some Lovecraftian ancient god, meanwhile the fans on your laptop are preparing for takeoff and you stare dead-eyed as the rainbow spirals, spirals, spirals. you wait and suffer this cosmic karma. days pass. “just a few more seconds” you slur. your laptop freezes and the concept of time is no longer comprehensible. your family and friends forget your name and you fade from existence.

Meet 'SBI Online' app from Play Store, in their own words:

What they were supposed to do?
"Experience the new Retail Internet Banking of SBI"

What they do?
"SBI online app will redirect to SBI Retail Internet Banking (online SBI) site"

Why do they have app?
"No need to remember URL",
"Less memory space required on device"

App storage space?
F**king 2.6 MB, just to redirect users to their website, in third-party browser.

@netikras since when does proprietary mean bad?

Lemme tell you 3 stories.

CISCO AnyConnect:
- come in to the office
- use internal resources (company newsletter, jira, etc.)
- connect to client's VPN using Cisco AnyConnect
- lose access to my company resources, because AnyConnect overwrites routing table (rather normal for VPN clients)
- issue a route command updating routing table so you could reach confluence page in the intranet
- route command executes successfully, `route -n` shows nothing has changed
- google this whole WTF case
- Cisco AnyConnect constantly overwrites OS routing table to ENFORCE you to use VPN settings and nothing else.

Sooo basically if you want to check your company's email, you have to disconnect from client's VPN, check email and reconnect again. Neat!

Can be easily resolved by using opensource VPN client -- openconnect

CISCO AnyConnect:
- get a server in your company
- connect it to client's VPN and keep the VPN running for data sync. VPN has to be UP at all times
- network glitch [uh-oh]
- VPN is no longer working, AnyConnect still believes everything is peachy. No reconnect attempts.
- service is unable to sync data w/ client's systems. Data gets outdated and eventually corrupted

OpenConnect (OSS alternative to AnyConnect) detects all network glitches, reports them to the log and attempts reconnect immediatelly. Subsequent reconnect attempts getting triggered with longer delays to not to spam network.

SYMANTEC VIP (alleged 2FA?):
- client's portal requires Sym VIP otp code to log in
- open up a browser in your laptop
- navigate to the portal
- enter your credentials
- click on a Sym VIP icon in the systray
- write down the shown otp number
- log in

umm... in what fucking way is that a secure 2FA? Everything is IN the same fucking device, a single click away.

Can be easily solved by opensource alternatives to Sym VIP app: they make HTTP calls to Symantec to register a new token and return you the whole totp url. You can convert that url to a qr code and scan it w/ your phone (e.g. Google's Authenticator). Now you have a true 2FA.

Proprietary is not always bad. There are good propr sw too. But the ones that are core to your BAU and are doing shit -- well these ARE bad. and w/o an oppurtunity to workaround/fix it yourself.

THE FUCK WHY did the company which made the website I'm maintaining now ADD CUSTOM FACEBOOK LIKES AND TWITTER FOLLOWER WIDGETS - IN A SUBDIRECTORY OF THE THEME?

Guess what, you motherfuckers: One year after you made that damn page the Facebook API changed and your stinking widget is broken REQUIRING ME TO REWRITE MOST OF IT!

Also WHO THE FUCK LEFT HIS BRAIN ON HIS BEDSIDE TABLE the day he decided to HARDCODE ASSETS WITH AN http:// (no tls) URL? YES, browsers will block that shift if the website itself is delivered over tls, because it's a GAPING SECURITY HOLE!

People who sells websites that have user management and thus request authentication without AT LEAST OFFERING FUCKING STANDARD TLS SHOUD BE TARRED AND FEATHERED AND THEN PUT IN A PILLORY IN FRONT OF @ALEXDELARGE'S HOUSE!

Maybe I should be a bit more thankful - I mean I get payed to fix their incompetence. But what kind of doctor is thankful for the broken bones of his patient?

Suddenly some some strange noice from the kitchen... Hmm my wife's laptop sounds like it plays some TV series but no one is logged in.

Conclusion: windows update restarted her computer while it was paused on Netflix, after reboot chrome opens to latest url where it autoplays trailers.

Conundrum resolved.

Commas.
I fix one display, and another breaks.

Now I’m getting “$$1002.99” and can’t figure out why. Where is this popup coming from? Where does the encrypted URL point to? What does this ajax call do? Where does the amount go? When does it change? Why is it a string now? Where does the total get defined? How far down the rabbit hole do I need to go?

Short short version:

I found something to try fixing. I made some changes, forced a crash to inspect, and… Joy! My log stopped updating. How long have I been debugging on stale data?

Skipping a long debugging session…

I discover a suspect instance var in a suspect method, and… i have no freaking clue where it’s being defined. It’s used in the class, but never defined in it. Oh, and the name is pretty generic, so searching for it is even more fun.

Just.
Qxfrfjkalstf.

WHO WRITES THIS CRAP?!
AND WHY DO PEOPLE CALL THEM “LEGENDS”? Like, really. That’s the word they use. “Legends.” I still can’t believe it.

NO FUCKING GOOD NIGHT FOR FLOYD.

THIS MULTI FACTOR AUTHENTICATION IS A FUCKING NIGHTMARE.

So my organisation uses some MFA app as an SSO to access any and everything. Fantastic. Absolutely wonderful. No VPN shit and one password to rule them all.

But, for some reason I accidentally deleted the app from my phone and as any normal human being would do, I also reinstalled the app.

Well, post reinstalling, the app does not detect the linked Org account.

I was cool, when I'll login, the system will throw a prompt to map the phone.

So I login to org URL from my machine and lo and behold, the URL says that MFA is already linked to the phone and I have to enter the Citrix type code to login.

But phone does not show the code because account is no longer linked and web does not have option to change/re-register the phone.

What the actual unholy fuck?????? Bloody retards. How am I suppose to get in now?

So after a Googling for a bit, a thread mentioned that this is most common issue faced by users with this MFA app. The only way to get this resolved is to contact your IT team.

Cool. Let's do that.

I opened the link to my IT portal and it asks me to login via SSO which is what I need help with in first place.

I can't login to Slack because fuckers ask SSO every time the app is exited. So no contact there.

Thankfully bastards allow Outlook so was able to drop a note to one of my team member, whom I connected recently and is very nice, asking her to help me sort this IT team.

If this is the most common use case then why the fuck not add a feature to help people overcome this shit?

And my IT team is absolute nuts. No other way allowed to reset the linking or connect them or any help links provided on login page.

Whoever was behind this design should be dipped in donkey shit and deep fried in pig urine.

I’m trying to add digit separators to a few amount fields. There’s actually three tickets to do this in various places, and I’m working on the last of them.

I had a nightmare debugging session earlier where literally everything would 404 unless I navigated through the site in a very roundabout way. I never did figure out the cause, but I found a viable workaround. Basically: the house doesn’t exist if you use the front door, but it’s fine if you go through the garden gate, around the back, and crawl in through the side window. After hours of debugging I eventually discovered that if I unlocked the front door with a different key, everything was fine… but nobody else has this problem?

Whatever.
Onto the problem at hand!

I’m trying to add digit separators to some values. I found a way to navigate to the page in question (more difficult than it sounds), and … I don’t know what view is rendering the page. Or what controller. Or how it generates its text.

The URL is encrypted, so I get no clues there. (Which was lead dev’s solution to having scrapeable IDs instead of just, you know, fixing them). The encryption also happens in middleware, so it’s a nightmare to work through. And it’s by the lead dev, so the code is fucking atrocious.

The view… could be one of many, and I don’t even know where they are. Or what layout. Or what partials go into building it.

All of the text on the page are “resources” — think named translations that support plus nested macros. I don’t know their names, and the bits of text I can search for are used fucking everywhere. “Confirmation number” (the most unique of them) turns up 79 matches. “Fee” showed up in 8310 places before my editor gave up looking. Really.

The table displaying the data, which is what I actually care about, isn’t built in JS or markup, but is likely a resource that goes through heavy processing. It gets generated in a controller somewhere (I don’t know the resource name so I can’t find it), and passed through several layers of “dynamic form” abstraction, eventually turned into markup, and rendered as a partial template. At least, that’s how it worked in the previous ticket. I found a resource that looks right, and there’s only the one. I found the nested macros it uses for the amount and total, and added the separators there… only to find that it doesn’t work.

Fucking dead end.

And i have absolutely nothing else to go on.

Page title? “Show”
URL? /~LiolV8N8KrIgaozEgLv93s…
Text? All from macros with unknown names. Can’t really search for it without considerable effort.
Table? Doesn’t work.
Text in the table? doesn’t turn up anything new.
Legal agreement? There are multiple, used in many places, generates them dynamically via (of course) resources, and even looking through the method usages, doesn’t narrow it down very much.

Just.
What the fuck?
Why does this need to be so fucking complicated?

And what genius decided “$100000.00” doesn’t need separators? Right, the lot of them because separators aren’t used ANYWHERE but in code I authored. Like, really? This is fintech. You’d think they would be ubiquitous.

And the sheer amount of abstraction?
Stupid stupid stupid stupid stupid.

Realizing that the former so-called PHP developers based the entirety of their so-called dashboard framework (self-written of course) on GET requests.

Every. Controller. Only. Accepts. Get. Requests.

It creates stuff? So what! It does update? No matter! It deletes? Who cares!

Just call that URL, and it will release all hell, plagued with multiple side-effects, and then issue a redirect.

Of course that one delete button was inside some twitter bootstrap tabs, and due to the redirect the page always reloaded and the content manager landed on a very different tab. Meaning if they wanted to delete multiple records, they had to hit "activate tab" and "delete" and "activate tab" and "delete" -- rinse and repeat.

It's our *job* to make things easier for our users! Not to waste their time. (Unless you are browser game developer. Then do your thing.)

And we are talking basic CRUD! Basic CRUD! I am not even demanding for it to be restful or to have some parts of a HTML page being updated on the fly with such rad and new technologies like ajax!

There is just question I would like to ask whoever build this: Seriously!?

We have to use this tool in work for classifying new and existing projects for GDPR. Long story short you have to fill out a REALLY long questionnaire, then it gets reviewed by someone in legal. The tool will also assign you tasks and suggest actions to common issues (e.g. suggesting a banner to explain cookie policy if you tick a certain box).

I have spent about an hour trying to re-assign the assessment I started, as i'm due to leave the company in a few days, to the guy taking over from me.

1. There is a “generate shareable URL” button, with the ability to click a button that says “replace me with the logged in user who opens this”. All it does is duplicate the name and description fields and send a new copy to that person, with no access to any of my other content or answers.

2. I did find a re-assign button eventually, again all it does it create a duplicate, and throws and error saying names must be unique when I try to save it.

3. While I couldn’t find a way to do that, I did find another button to at least assign the reviewer. It told me i’m forbidden to change the reviewer on assessments i’ve created.

This is THE WORST piece of nonsensical shit on earth. The entire application is absolute garbage and sssssssooooooo slow.

When you first create an assessment it brings you to a page that has all the questions, makes sense right? Wrong. All the questions are in read-only mode, and they are simply there as a "this is what you can expect to see later on", telling you whether or not they will be freeform, multiple choice etc.

The way to actually answer the questions is to click the "start survey" button hidden in the "status" dropdown.

I don't have much advice to anyone around GDPR, but please stay the hell away from TrustArc.

TL;DR : do we need a read-only git proxy

Guys, I just thought about something and this potential gitpocalypse.

There is no doubt anymore that regardless of Microsoft's decisions about Github, some projects will or already have migrated to the competition.

I'm thinking : some projects use the git link to fetch the code. If a dependency gets migrated, it won't be updated anymore, or worse, if the previous repo gets deleted, it can break the project.

Hence my idea : create some repository facade to any public git repository (regardless of their actual location).
Instead of using github.com/any/thing.git, we could use opensourcegit.com/any/thing.git. (fake url for the sake of the example).
It would redirect to the right repository (for public read only), and the owner could change the location of the actual repository in case of a migration.

What do you think ? If I get enough ++'s, I'll create a git repo about this.

I really don't understand how some it recruiters ever got their job... Brainless fucking scaredycat fuckwats!!!

Just finished a mission and i put myself back on the market, been flooded by calls and emails since monday, so far so good.

But all of them wanting you to 'come over the office for a chat', fuck no. 'I will come once a real opportunity gets presented, i propose to do video conference call as to not waste time and transportation'. But noooo... It's like they never heard of that thing being possible before. I propose them to use meet.jit.si (really cool and free to use videoconference software, no software needs to be installed)... 'Yeah sorry but your link doesnt work', 'how come? You just need to go to the url and grant cam and mic permissions for the session'... 'No it asks me to install software (not true) and i simply cant now ... Can you tell me who you are and what you do and what your field of expertise is?'

For fucks sake you got my cv right in front of you you fucking blind maggotpuss! Learn to fucking read!

Tomorrow is another, hopefully better day...

Glad to take that of the chest.

I was asked to look into a site I haven't actively developed since about 3-4 years. It should be a simple side-gig.
I was told this site has been actively developed by the person who came after me, and this person had a few other people help out as well.
The most daunting task in my head was to go through their changes and see why stuff is broken (I was told functionality had been removed, things were changed for the worse, etc etc).
I ssh into the machine and it works. For SOME reason I still have access, which is a good thing since there's literally nobody to ask for access at the moment.
I cd into the project, do a git remote get-url origin to see if they've changed the repo location. Doesn't work. There is no origin. It's "upstream" now. Ok, no biggie. git remote get-url upstream. Repo is still there. Good.
Just to check, see if there's anything untracked with git status. Nothing. Good.
What was the last thing that was worked on? git log --all --decorate --oneline --graph. Wait... Something about the commit message seems familiar. git log. .... This is *my* last commit message. The hell?
I open the repo in the browser, login with some credentials my browser had saved (again, good because I have no clue about the password). Repo hasn't gotten a commit since mine. That can't be right.
Check branches. Oh....Like a dozen new branches. Lots of commits with text that is really not helpful at all. Looks like they were trying to set up a pipeline and testing it out over and over again.
A lot of other changes including the deletion of a database config and schema changes. 0 tests. Doesn't seem like these changes were ever in production.
...
At least I don't have to rack my head trying to understand someone else's code but.... I might just have to throw everything that was done into the garbage. I'm not gonna be the one to push all these changes I don't know about to prod and see what breaks and what doesn't break
.
I feel bad for whoever worked on the codebase after me, because all their changes are now just a waste of time and space that will never be used.

Boss: "So I'm taking the next week off. In the mean time, I added some stuff for you to do on Gitlab, we'd need you to pull this Docker image, run it, setup the minimal requirement and play with it until you understand what it does."

Me: "K boss, sounds fun!" (no irony here)

First day: Unable to login to the remote repository. Also, I was given a dude's name to contact if I had troubles, the dude didn't answer his email.

2nd day: The dude aswered! Also, I realized that I couldn't reach the repository because the ISP for whom I work blocks everything within specific ports, and the url I had to reach was ":5443". Yay. However, I still can't login to the repo nor pull the image, the connection gets closed.

3rd day (today): A colleague suggested that I removed myself off the ISP's network and use my 4G or something. And it worked! Finally!! Now all I need to do is to set that token they gave me, set a first user, a first password and... get a 400 HTTP response. Fuck. FUCK. FUUUUUUUUUUUUUUUUUUUCK!!!

These fuckers display a 401 error, while returning a 400 error in the console log!! And the errors says what? "Request failed with status code 401" YES THANK YOU, THIS IS SO HELPFUL! Like fuck yea, I know exactly how t fix this, except that I don't because y'all fuckers don't give any detail on what could be the problem!

4th day (tomorrow): I'm gonna barbecue these sons of a bitch

(bottom note: the dude that answered is actually really cool, I won't barbecue him)

So glad monday is my last day at my job.

Got a message from mgmt through teams chat today, to paraphrase: we are making our awful time entry system even worse. We are switching to microsoft projects next week for all project. So you'll need to enter in your company wide time sheet with 40 hrs every week, separated by project, then go to a seperate url for each project you work on and enter in the hours you worked on for each individual task given to you by the project manager. There will be no way of easily seeing that the hours in microsoft projects add up to equal the hours entered into the company wide time sheet.

I am very frustrated today and I do not know where to "scream" so I will post this here since I believe you will know how I feel.

Here's the case...
I am developing an e-commerce web application where we sell industrial parts. So my boss told me on March that when we are going to show these parts, we should not show Part Number to visitors because they will steal our information.

Ok, this makes sense but there was a problem.

The Primary Key for these products in our internal system is a string which is the Part Number itself.

I told him on March that we have to come up with another unique number for all the products that we are selling, so this unique number will be the primary key, not the Part Number. This will be best because I will be dependent from the original Part Number itself. And in every meeting he said "That is not priority". So I kept developing the part using the original Part Number as primary key and hid is from the web app. (But the Part Number still shows on URL or on search because this is how my boss designed the app.)

I built the app and is on a test server. Until one of out employees asked my boss: "There is no unique number or Part Number. How are the clients going to reference these parts? If a client buys 20 products and one of those has a problem, how is he going to tell us which products has a problem?"

My boss did not know what to say, and later said to me that I was right and primary key was priority.

I really hate when a guy that knows shit from developing does not listen to suggestions given by developers.

FUCK MY LIFE!

I'm sorry if you did not understand anything.

I assigned a new task to an intern who has been with us for a month. He was supposed to prepare the testing environment and test the Geolocation API. When it works, then he can start integrating it with our platform and everything.

After a week, he emails me to say that he thinks the Geolocation API doesn't work. I was weirded out by that because a lot of people use it. We scheduled a meeting and asked him for a demo of his code to see what the error message is.

Him: *no Visual Studio, no code, nothing at all* So here it goes.

Me: ????

Him: *Goes to the API documentation, copies the base URL, pastes it to the browser and hits Enter* See? It says 404 not found.

Me: *literally facepalmed*

Now, he is working on sales management. We totally took him off every software developing projects.

We use jira at my company. It's great for me, because no ticketing system's UI is worth a shit, but jira's API is excellent. But we're switching to a new system that is an absolute piece of garbage. Every page is 100% Javascript, so no source can ever be viewed, and the URL never changes to reflect what's onscreen. If you know a ticket number, no URL will ever get you straight to it. You have to navigate multiple slow-loading 25MB piles of Javascript to reach what you're seeking. And most damning of all: the new system has an API, but our highest management is withholding access to it, claiming it breeds laziness.

Is amazing the kind of shit you have to swallow when your management has regular meetings with really really super extremely good-looking sales people.

Pull-to-refresh is useless.

If you are a mobile app developer, please get rid of pull-to-refresh. Your users will thank you.

I have the impression that mobile app developers choose to implement the pull-to-refresh gimmick just in order to make their app comply with a design trend. It seems like a desperate attempt to appear "modern" and "fancy", not because of the actual usefulness of the gesture.

Pull-to-refresh is one of those things that are well-intended but backfire. It appears helpful on first sight, but turns out to be a burden.

It takes effort and cognitive strain to avoid triggering a pull-to-refresh. The user can't use the app relaxed but has to walk on eggshells.

Every unwanted refresh wastes battery power, mobile data (if it is an Internet-connected app), and can lead to the loss of form data.

To avoid pull-to-refresh, the user has to resort to finger gymnastics like a shorter swipe for scrolling up or swiping slightly up before down. Pull-to-refresh could even be triggered while pinch-zooming in or out near the top of a page, if the touchscreen does not recognize one of the two fingers.

Pull-to-refresh also interferes with the double-tap-swipe zoom gesture. If one of the two taps are not recognized, a swipe-down to zoom in can trigger a pull-to-refresh instead.

To argue "if you don't like pull-to-refresh, just don't use it" is like blaming a person who stepped on a mine, since the person moved and the mine was stationary.

A refresh button can be half a second away in the menu bar, URL bar, or a submenu, where it is unlikely to be pressed accidentally. There is no need for a gesture that does more harm than good.

Using a mobile app with pull-to-refresh feels like having Windows StickyKeys forcibly enabled at all times. The refresh circle animation sticks to the finger.

If the user actually wants to refresh, pull-to-refresh is slower than a refresh button in a menu if the page is not at the top, meaning pull-to-refresh is useless as a shortcut anyway if the page is in any other position than the top.

An alternative to pull-to-refresh is pull-for-details. Samsung did it in some of their apps. Pulling down against the top reveals additional information such as the count and total size of selected items.

If you own a website, add this CSS to make browsing your website on the pre-installed Android web browser not a headache:

html,body { overscroll-behavior: none; }

Why is this necessary? In 2019, Google took the ability to deactivate the pull-to-refresh gesture on their Chrome browser for Android OS away from users. On Chrome for Android, pull-to-refresh can only be disabled on the server side, not the user side. The avalanche of complaints? Neglected.

Good thing several third-party browsers let the user turn off this severe headache.

Oh boy, this is gonna be good:

TL;DR: Digital bailiffs are vulnerable as fuck

So, apparently some debt has come back haunting me, it's a somewhat hefty clai and for the average employee this means a lot, it means a lot to me as well but currently things are looking better so i can pay it jsut like that. However, and this is where it's gonna get good:

The Bailiff sent their first contact by mail, on my company address instead of my personal one (its's important since the debt is on a personal record, not company's) but okay, whatever. So they send me a copy of their court appeal, claiming that "according to our data, you are debtor of this debt". with a URL to their portal with a USERNAME and a PASSWORD in cleartext to the message.
Okay, i thought we were passed sending creds in plaintext to people and use tokenized URL's for initiating a login (siilar to email verification links) but okay! Let's pretend we're a dumbfuck average joe sweating already from the bailiff claims and sweating already by attempting to use the computer for something useful instead of just social media junk, vidya and porn.

So i click on the link (of course with noscript and network graph enabled and general security precautions) and UHOH, already a first red flag: The link redirects to a plain http site with NOT username and password: But other fields called OGM and dossiernumer AND it requires you to fill in your age???
Filling in the received username and password obviously does not work and when inspecting the page... oh boy!

This is a clusterfuck of javascript files that do horrible things, i'm no expert in frontend but nothing from the homebrewn stuff i inspect seems to be proper coding... Okay... Anyways, we keep pretending we're dumbasses and let's move on.

I ask for the seemingly "new" credentials and i receive new credentials again, no tokenized URL. okay.

Now Once i log in i get a horrible looking screen still made in the 90's or early 2000's which just contains: the claimaint, a pie chart in big red for amount unpaid, a box which allows you to write an - i suspect unsanitized - text block input field and... NO DATA! The bailiff STILL cannot show what the documents are as evidence for the claim!

Now we stop being the pretending dumbassery and inspect what's going on: A 'customer portal' that does not redirect to a secure webpage, credentials in plaintext and not even working, and the portal seems to have various calls to various domains i hardly seem to think they can be associated with bailiff operations, but more marketing and such... The portal does not show any of the - required by law - data supporting the claim, and it contains nothing in the user interface showing as such.
The portal is being developed by some company claiming to be "specialized in bailiff software" and oh boy oh boy..they're fucked because...

The GDPR requirements.. .they comply to none of them. And there is no way to request support nor to file a complaint nor to request access to the actual data. No DPO, no dedicated email addresses, nothing.

But this is really the ham: The amount on their portal as claimed debt is completely different from the one they came for today, for the sae benefactor! In Belgium, this is considered illegal and is reason enough to completely make the claim void. the siple reason is that it's unjust for the debtor to assess which amount he has to pay, and obviously bailiffs want to make the people pay the highest amount.

So, i sent the bailiff a business proposal to hire me as an expert to tackle these issues and even sent him a commercial bonus of a reduction of my consultancy fees with the amount of the bailiff claim! Not being sneery or angry, but a polite constructive proposal (which will be entirely to my benefit)

So, basically what i want to say is, when life gives you lemons, use your brain and start making lemonade, and with the rest create fertilizer and whatnot and sent it to the lemonthrower, and make him drink it and tell to you it was "yummy yummy i got my own lemons in my tummy"

So, instead of ranting and being angry and such... i simply sent an email to the bailiff, pointing out various issues (the ones

I am hating hating hating my junior developer job. Most of my work is updating PDF's on all type of internal intranets. So my days are spent working jira ticket after jira ticket.

Internal customer submits ticket to update 3 PDF's on internal intranet for sales team. They are named so badly I can't match them unless I review all 30 links on this page. Most links with report numbers but here's is not also no notes to where in the page.

I do JIRA comment --no respose even though I tag her.

I politely email her asking her to rename the PDF's with the same file names I am replacing.

She asked it I wanted her to rename them 'other'

What??? So I asked her where she sits so I can show how to easily find the file names in the URL.

Responds with the same files renamed with more description but still not the same.

Respond again giving better instructions on how to find it and second request to where she sits.

1 day later no response!

When I get into today I am closing her ticket!

Fuck these middle aged Midwest dumb bitches!

(in 2008)
my boss in my first job. in general every time when he randomly burst into office. one specific time when he burst i to office and INSISTED that we've got to go to a parking lot to see something.

that something was a remote-controlled helicopter he just bought. (this was before the age of drones).

oh, and he was a chain smoker, always had a cigarette behind his ear (wat), and was dragging me out to have a smoke (i was the only other programmer smoker, but not as heavy as him) every 10-15 minutes under the implied pretense of needing to discuss something about the code, and frowned heavily when i refused (because i was actually in the middle of actual work), because he took it as me refusing to have a work meeting with him.

no, we almost never talked about anything work-related, while on that smoke "work meeting".

also, my boss' boss in my first job, when she entered the office asking "we need a clickable map of our country where clicking each region brings you to a search page with filter set to results from that region. how would we do that?"

i answered "html imagemap linking to the right search url for each region, or embedded flash doing the same, if you want the region buttons to be animated", and turned back to my work.

upon which she proceeded to talk about it with the second programmer, both pretending they're solving some aspects that my answer didn't already solve, INSISTING that i stop doing "whatever nonsense you're doing" and pretend that i'm paying attention as if anything they said was in any way relevant or important. i kept returning to my work because i was solving an annoying bug and their talk was empty and useless.

this second incident was then cited as one of the reasons i was let go, because "he ignores important conversations with his superiors about upcoming tasks"

in general, my first job was a shitshow where nobody had any time or energy to do actual work because they all expended all of it to PRETEND for their superiors that they're working, since the superiors had no clue how it looks when we actually do our actual jobs.

(one month after i was let go (because, in my boss' words, yes, the one with the helicopter, "the IT productivity is very low and I have to hold someone responsible") , the second programmer was let go as well, and one month after that, our boss (head of IT) was let go too. to this day I keep being fascinated how did the company manage to survive long enough for me to even be there, let alone how it STILL manages to survive. i guess being part of a nation-wide conglomerate is very effective in covering your company's losses and uselessness)

Instagram returns 404 when profile is not found and no user is logged in but returns 200 for the same url when any user is logged in. WTF!
Took me so long to debug this shit

There is nothing more fulfilling than working you ass off 2 days, learning a new technology, and getting it to finally work as per the requirements and then ...

getting told that the absolute cunt of a client forgot the release date, announced its release 2 days early and decided to casually ask why there is no app on the released URL (it's a tiny Agonizing Reality [AR] app meant as a gimmick on the invitation cards for an upcoming convention).
My boss told me, the thing I worked on is now being scrapped and will not be released.

Yes, I wish the clients could slowly die in agony by a tree growing out of their appendix. Nature shall reclaim their corpses and feed a happy pig which I would happily have a feast of. 🤗

Why am I sad, depressed, demotivated, you ask?
Because I was asked to create-react-app with nodemailer, it worked well on heroku, YAYYY MEE, "

"NOTHING GOES WRONG IN DEPLOYMENT FUCK YEAH"

Little did I know that was a "demo" for the business people, My superior / manager/boss wants me to deploy on 1and1 service provider,

> Okay 1 and 1 service provider does provide Nodej, so it shouldn't be hard.
> Turns out it is a Windows hosting server IIS 10 without URL Rewrite.
> *INTERNAL SCREAMING*
I went up to him to talk about this issue and requested to let me talk to 1 and 1, and get this sorted

> But bro, if we cannot fix it, I think they also cannot fix, probably.

*INTERNAL SCREAMING AT PEAK*

I just want URL Rewrite installed on IIS10 so that I can move on to the next project.
A little background for this project
> No support from him during development.

> I personally used HD Images, because why not?

> Website seems slow because of HD Images, and now he complains about it.

You fucking (managers) want a website to be scalable and fast and yet you choose to focus on B U S I N E S S instead of support the real guy.

I'm fucking sick and tired, it took me 24 hours figure out the issue because there is nothing on 1 and 1 support/ forum/help center.

Another 24 hours to try and fix, yet no luck.

I'm gonna finally point the domain name to heroku. Fuck, I'm so fucking done

Rant

I'm tired of this shit!!!

First I receive a task to create a new functionality for the app that I'm working on and some documentation (this is the only good part of all the rant) but no design.

It's been 2 weeks since I got assigned to this and still no design, no assets, no API calls that ACTUALLY WORK.

Today was testing a plist to get a banner link, and for 1 hour that little fucker didn't returned the image I was asking.

Better, I wasn't getting ANY IMAGE. Turns out that the link sends me to a HTML URL that doesn't have any image... go figure!

So I've been working on this from some images inside the PDF with the documentation given.

Oh! Wait! There's more!

The cherry on top is that I'm implementing a chat/voice call/video call into the app and the framework that I will be using is being created now, and it's not even finished!!!!!!

WTH...
While styling some frontend stuff with LESS, I experienced that on one page template the <header> was not displaying the given line-height eventhough the whole fscking code was 1:1 identical with the other template in which everything was fine. I checked EVERYTHING... caching, URL, source, classes, open / wrong tags, HEAD, ... I even did a diff compare. NO FSCKING DIFFERENCE!
After one hour of pulling out hair I suddenly saw that in the faulty template file 2 lines were missing:

<!DOCTYPE html>
<html lang="devRantLang">

WHOEVER DID THIS: YOU ARE FSCKING STUPID!!! (it was me...)

oh FFS my university pissed me off so bad right now that I had to wait 20 min to cool down to be able to write a rant about it...

so, one of the university department offer an email address which is the official university approved email for student packs like jetbrain's. I wanted to renew my jetbrains subscription, but for that I have to get a verification email on that address..
But since the only time I use it is this annual renewal I dont know the webmail's url..
So I search for it on the department pages, services and its nowhere to be found. Finaly I found it on a student maintained wiki page.
I try to log in.. no luck. try another password, still not it. Try all of the passwords that I remember using in the previous 3 year and no luck.
well fck it the password change is managed by a website where I can log in with a different method, so I change the password and try to log in again.
No fcking luck! And at this point I bashed my head against the wall because I found out that the password change takes them about 1 or 2 hours... hours! wtf...

Here I am just tryna browse a site and this stupid attempt to trick me into falling for a scam pops up. There is no way to stop the pop up because I can’t tap anything fast enough. Not even restarting the browser because it remembers this as the last URL it had accessed. Looks like I have to uninstall and reinstall chrome. Honestly, if you’re a scammer, what the hell is the point of doing this? What idiot is going to call the number? All it does is annoy you to the point of suspicion. Or maybe there are people stupid enough!?

Opening up IE11 to test HTML in local development.
Entering local IP to URL bar and IE decides to look for that IP address in Bing... 🤬🔫
No that's not how you do it IE.

In today's episode of kidding on SystemD, we have a surprise guest star appearance - Apache Foundation HTTPD server, or as we in the Debian ecosystem call it, the Apache webserver!

So, imagine a situation like this - Its friday afternoon, you have just migrated a bunch of web domains under a new, up to date, system. Everything works just fine, until... You try to generate SSL certificates from Lets Encrypt.

Such a mundane task, done more than a thousand times already... Yet... No matter what you do, nothing works. Apache just returns a HTTP status code 403 - Forbidden.

Of course, what many folk would think of first when it came to a 403 error is - Ooooh, a permission issue somewhere in the directory structure!

So you check it... And re-check it to make sure... And even switch over to the user the webserver runs under, yet... You can access the challenge just fine, what the hell!

So you go deeper... And enable the most verbose level of logging apache is capable of - Trace8. That tells you... Not a whole lot more... Apparently, the webserver was unable to find file specified? But... Its right there, you can see it!

So you go another step deeper and start tracing the process' system calls to see exactly where it calls stat/lstat on the file, and you see that it... Calls lstat and... It... Returns -1? What the hell#2!

So, you compile a custom binary that calls lstat on the first argument given and prints out everything it returns... And... It works fine!

Until now, I chose to omit one important detail that might have given away the issue to the more knowledgeable right away. Our webservers have the URL /.well-known/acme-challenge/, used for ACME challenges, aliased somewhere else on the filesystem - To /tmp/challenges.

See the issue already?

Some *bleep* over at the Debian Package Maintainer group decided that Apache could save very sensitive data into /tmp, so, it would be for the best if they changed something that worked for decades, and enabled a SystemD service unit option "PrivateTmp" for the webserver, by default.

What it does is that, anytime a process started with this option enabled writes to /tmp/*, the call gets hijacked or something, and actually makes the write to a private /tmp/something/tmp/ directory, where something... Appeared as a completely random name, with the "apache2.service" glued at the end.

That was also the only reason why I managed fix this issue - On the umpteenth time of checking the directory structure, I noticed a "systemd-private-foobarbas-apache2.service-cookie42" directory there... That contained nothing but a "tmp" directory with 777 as its permission, owned by the process' user and group.

Overriding that unit file option finally fixed the issue completely.

I have just one question - Why? Why change something that worked for decades? I understand that, in case you save something into /tmp, it may be read by 3rd parties or programs, but I am of the opinion that, if you did that, its only and only your fault if you wrote sensitive data into the temporary directory.

And as far as I am aware, by default, Apache does not actually write anything even remotely sensitive into /tmp, so...

Why. WHY!
I wasted 4 hours of my life debugging this! Only to find out its just another SystemD-enabled "feature" now!

And as much as I love kidding on SystemD, this time, I see it more as a fault of the package maintainers, because... I found no default apache2/httpd service file in the apache repo mirror... So...

Please do not make assumptions..

When you create a world class e-shop and if you detect a person is browsing from some EU country, don't assume he's fluent in Spanish [?].

Aliexpress detects I'm from LT and I have no idea how to change my language. I don't understand spanish enough to find langg settings and changing the url does not work

Listened for about a half-hour yesterday to DevA ‘beat down’ DevB writing a console app for trying out a proof-of-concept idea he had.

DevB: “What’s the URL of the development server?”
DevA: “Why? What are you doing?”
DevB: “I’m needing to throw some messages to it so I can capture data for something I’m working on.”
DevA: “How are you calling the service?”
DevB: “I wrote a console app”
- you could almost hear the eye roll -
DevA: “A console app? Why in the world would you write a console app?”
DevB: “Oh..um..no reason. I just need log some test data for something I’m playing around with. How should I do it?”
DevA: “If it’s test data, you should have wrote a unit test. You see, unit tests …”
- yammer on and on for about 5 minutes about the virtues of unit tests…never really explaining anything -
DevB: “Yea, I’m not needing to test the result or anything. I just need to log some data.”
DevA: “Then you should use a unit test for that, not a console app. With a unit test, you’ll be able to validate the data. That’s what unit tests are for. Microsoft should have never put in console apps in Visual Studio. It just leads to bad coding practices.”
DevB: “Um…I don’t care. It’s a console app because I just need data…thanks anyway”

Today, DevC was talking to DevA

DevC: “Charlie is testing the order module, but there isn’t any test data. Do you still have the data generating script?”
DevA: “Oh yea, I’ll send him my console app that populates the database.”

It was all I could do from screaming “You stupid –bleep-er!! What the f–bleep-ck was all that yesterday?!”, but none of my business. Better to devrant about it than start a fight.

1 Week ago I took down the development version of an internal demo, leaving only the prod one (temporary space issue). Colleagues were told n+15 times via email, face to face, comments on tickets etc. The prod one has also been live for weeks, and again, they were told when it went up.

This just happened:

Colleague 1: practiseSafeHex can you help me, the demo doesn't seem to be working.

Me: *logs in*, *click around* ... seems fine dude. Are you using the correct URL: <prod-url>.

Colleague 1: let me try again and see.
Colleague 2: practiseSafeHex i'm with Colleague 1, were trying to use the demo, and its not working. Can you have a look, we need it.

Me: I just told him, its fine, I think you have the wrong URL <prod-url>. Can you try again.

Colleague 2: No I have the right one, can you check it.

Me: *does nothing*, yep i've had a look at it, can you try again: <prod-url>.

Colleague 2: Ah its back now, cheers.

They are with a customer now, so I won't say anything, when they get back, one of them is being castrated.

Yes its completely necessary to have a spring server with a mysql database with docker containers all over your ass for 3 fucking endpoints and a (url, varchar, varchar) schema. Fuck you. How the fuck do i run all this shit and how do you expect me to create a frontend for something that has no documented endpoints?? Fuck you.

In other news, im now a senior.

Am I the only developer in existence who's ever dealt with Git on Windows? What a colossal train wreck.

1. Authentication. Since there is no ssh key/git url support on Windows, you have to retype your git credentials Every Stinking Time you push. I thought Git Credential Manager was supposed to save your credentials? And this was impossible over SSH (see below). The previous developer had used an http git URL with his username and password baked in for authentication. I thought that was a horrific idea so I eventually figured out how to use a Bitbucket App password.

2. Permissions errors
In order to commit and push updates, I have to run Git for Windows as Administrator.

3. No SSH for easy git access
Here's where I confess that this is a Windows Server machine running as some form of production. Please don't slaughter me! I am not the server admin.
So, I convinced the server guy to find and install some sort of ssh service for Windows just for the off times we have to make a hot fix in production. (Don't ask, but more common than it should be.)
Sadly, this ssh access is totally useless as the git colors are all messed up, the line wrap length and window size are just weird (seems about 60 characters wide by 25 lines tall) and worse of all I can't commit/push in git via ssh because Permissions. Extremely aggravating.

4. Git on Windows hangs open and locks the index file
Finally, we manage to have Git for Windows hang quite frequently and lock the git index file, meaning that we can't do anything in git (commit, push, pull) without manually quitting these processes from task manager, then browsing to the directory and deleting the .git/index.lock file.

Putting this all together, here's the process for a pull on this production server:
Launch a VNC session to the server. Close multiple popups from different services. Ask Windows to please not "restart to install updates". Launch git for Windows. Run a git pull. If the commits to be pulled involve deleting files, the pull will fail with a permissions error. Realize you forgot to launch as Administrator. Depending on how many files were deleted in the last update, you may need to quit the application and force close the process rather than answer "n" for every "would you like to try again?" file. Relaunch Git as Administrator. Run Git pull. Finally everything works.

At this point, I'd be grateful for any tips, appreciate any sympathy, and understand any hatred. Windows Server is bad. Git on Windows is bad.

Alright sit down boys this is gonna be a good tale (also a long one).

I'm currently developing a wordpress site for a Client. Everythings works well enough, I had a few "wtf is this shit" moments. Now we decided to give him access to the wp site so that he can see and change (I know, I know don't judge me pls), so I set up tunneling with ngrok, but that PIECE OF SHIT WP DIDN'T WORK ANYMORE. You asking why? Oh I'm telling you why, wp uses ONLY absolute paths. Well fuck, I ain't gonna touch that piece of shit php code, so I installed a plugin and shit was working.
In short, after a few fucking HOURS that shit finally worked. Well that would be a great fucking end for our little tale right? Yeeeeaaah no, I shit you not, it gets even better!

After a few days my client gets back at me that he can't enter fucking wp-admin to work on the text an stuff (again pls don't judge me for granting him access to the backend of wp during development). So I checked it out and that piece of shit didn't work. If anyone would happen to know why, I would be grateful bc for the love of spagetti monster I HAVE NO FUCKING CLUE!
So I said to myself well fuck this shit and put it on a webhoster. Uploaded all the files, and migrated the db. Sounds like it finally worked right? Well guess again buddy. So I needed to go to the database, updated values manually for wp to have the correct url and then still needed to force it to refresh every fucking link.

As it finally works now, this tale is also finished then and I really hope that part 2 is never ever comming!
Sorry for the (somewhat) long rant but this is some next generation bullshit.

Yahoo finance shut down all their historic data uRL and im out of options. No API or packeges works. I have a report to pass up on tuesday for my ViVa and this is shit. Fuck. My months of work just wasted.

Old story, happened some way back. I worked part-time for a small web development company that did between other things something called SharePoint development, basically .net webforms with shit glitter on top of it.

The most weird part of it, was the fact that we were working on vms that hosted the app, it was our dev, test and staging environment, as well as were we showed the client the polished turd.

Did I say that it was on a vm? Well it was on a remote vm, that each of use had access to it, through our domain accounts, and they couldn't configure the windows server to accept more than two or three users at once to be connected.

That was our test enviroment and dev enviroment, sooo showing the app to the client meant for the rest of us to not write any code because it might crash or get stuck.

The app was accessible and discoverable by url and through google search from outside, I dont think that should have been allowed.

The most disastrous part was that we had NO source versioning whatsoever, just plain old copy and paste in different folders.
Deploying to client meant remoting to the clients host or whatever it was, and manually copying the source files

If someone wanted to debug the application you had to shout, and you also could hear it, in the office: "I'm debugging!" or "I'm deploying!". Because we were on the same machine, there was only one process with the server and it meant that if you debug or deployed it would block it for the others.

Should I talk about code quality? Maybe not.

Oh no.
CalDAV server and client use the same DB table. Server expects a column to be called uri, client expects column to be called url.
FFFFUUUUUU

Be me. Use DDG to search for nearby bowling alleys. DDG provides reviews in form of Yelp. Click "read more" on review. Yelp transfers me to a bogus url, which prompts

"Open in Another App?

Would you like to leave DuckDuckGo to view this content?

No Yes"

And then, without letting me click "No", I get automatically transferred into Yelp's page in the app store, and if I try to go back, I just get redirected again.

Fuck off. I just wanted to read your reviews in the browser. I had no interest of downloading your app just to read a couple of reviews, and I most certa-fuck-inly have no desire to download your shitty app now.

Today is the release of one of the projects I’ve been working on. It was a chaotic project, where I’ve had to contact many people just to get pieces of information necessary to complete the project. Anyway, today the manager ask what the URL of the web app is to give it to the client except I already warned him prior that since we don’t have the domain name for the web app it wouldn’t go past the authentication. But guess what happened? Yep that’s right it’s my fault yet again.

I keep warning my manager about potential issues with the projects I’m working on but they fall on deaf ears, and when the actual problem happens it’s all my fault because I didn’t check it earlier, I didn’t make a mail, I shouldn’t use Teams to tell him about it, I should monitor more closely, etc, despite having no time allocated whatsoever.

In short I work 7 hours a day but should have 9 to even get close to what I need to do, and I’m blamed with problems that I warn about

I am a Technical Lead in the department in my company that writes code for our clients that have money but doesn't have the technical expertise to handle the complexities of our own software.

Part of my tasks involve taking care of a few projects written by employees that have left after using third-party tools rather than using our own software. No one else in this department knows these third-party tools, they only know our own, and my *still limited* web development experience means I get dumped these things in my lap.

And I'm SO pissed at these projects and their authors and the manager that let these ex-employees write these things. There is this one project that was managed by two different "developers" (I don't know they deserve this title) at two different times, and it is so riddled with different technologies it makes me want to throw up almost daily.

Don't believe me? Here is a complete list of the dependencies listed in the package.json of this project: babel-polyfill, body-parser, cookie-parser, debug, edge, edge-sql, excel-to-json, exceljs, express, html-inline, jade, morgan, mssql, mysql, pug, ramda, request, rotating-file-stream, serve-favicon, webpack, xlsx, xml2js

What this doesn't even show, is that one part of this project (literally one page) is made using react, react-dom, react-redux, and jade. The other part (again literally one page) is made using Angular and Pug. In case you missed it while picking up your jaw, there's also mssql, mysql, edge and edge-sql. excel-to-json, exceljs, xlsx.

Oh you want *more* juicy details? This project takes the entire data object used by the front-end, stringifies it into JSON, and shoves it into the database *as a single field*. And instead of doing WHERE clauses in the SQL queries, it grabs the entire table, loops, parses the json, and does a condition on it. If even one of those JSON entries gets corrupted, the entire solution breaks because these "developers" don't know what try/catch is.

The client asked for a very simple change in their app, which was to add a button that queries the back-end for a URL, shows it in a modal dialog, after which a button is clicked to verify the link by doing a second query to the back-end before modifying a couple of fields in the page.

This. Took. Me. Two. Months*. Save me. Please, save me.

*between constant context switches between this and other projects that were continuously failing because of their mistakes.

A software had been developed over a decade ago. With critical design problems, it grew slower and buggier over time.
As a simple change in any area could create new bugs in other parts, gradually the developers team decided not to change the software any more, instead for fixing bugs or adding features, every time a new software should be developed which monitors the main software, and tries to change its output from outside! For example, look into the outputs and inputs, and whenever there's this number in the output considering this sequence of inputs, change the output to this instead.
As all the patchwork is done from outside, auxiliary software are very huge. They have to have parts to save and monitor inputs and outputs and algorithms to communicate with the main software and its clients.
As this architecture becomes more and more complex, company negotiates with users to convince them to change their habits a bit. Like instead of receiving an email with latest notifications, download a csv every day from a url which gives them their notifications! Because it is then easier for developers to build.
As the project grows, company hires more and more developers to work on this gigantic project. Suddenly, some day, there comes a young talented developer who realizes if the company develops the software from scratch, it could become 100 times smaller as there will be no patchwork, no monitoring of the outputs and inputs and no reverse engineering to figure out why the system behaves like this to change its behavior and finally, no arrangement with users to download weird csv files as there will be a fresh new code base using latest design patterns and a modern UI.
Managers but, are unaware of technical jargon and have no time to listen to a curious kid! They look into the list of payrolls and say, replacing something we spent millions of man hours to build, is IMPOSSIBLE! Get back to your work or find another job!
Most people decide to remain silence and therefore the madness continues with no resistance. That's why when you buy a ticket from a public transport system you see long delays and various unexpected behavior. That's why when you are waiting to receive an SMS from your bank you might end up requesting a letter by post instead!
Yet there are some rebel developers who stand and fight! They finally get expelled from the famous powerful system down to the streets. They are free to open their startups and develop their dream system. They do. But government (as the only client most of the time), would look into the budget spending and says: How can we replace an annually billion dollar project without a toy built by a bunch of kids? And the madness continues.... Boeings crash, space programs stagnate and banks take forever to process risks and react. This is our world.

"Our Data Service comes PRE-P0WN'D"

Those SHIT-FOR-BRAINS data service providers GLOAT that their data can be natively integrated into most BI platforms, no code required.
How? Because they will EXPOSE THE ENTIRE FUCKING THING ON THE INTERNET.
LITERALLY.
UNAUTHENTICATED URL WITH THE ENTIRE DATASET.
STATIC. WON'T EVER FUCKING CHANGE.
NO VPN REQUIRED. NO AUTHENTICATION HEADERS. NO IN-TRANSIT ENCRYPTION.

"It is safe! No one will know the secret token that is a parameter in the url"
BLOODY BYTE BUTTS, BATMAN! IT IS A FUCKING UNAUTHENTICATED URL THAT DOES NOT REQUIRES RENEWAL NOR A VPN, IT WILL LEAK EVENTUALLY!

That is the single fucking worst SELF-P0WN I have ever seen.
Now I know why there are fucking toddlers "hacking" large scale databases all over the globe.
Because there are plenty of data service providers that are FUCKING N00BS.

So i was working on an android app that communicate with restfull web service. I setup everything , started the web service api at localhost and launched the app on genymotion (virtual machine android) .Nothing seems to work . I checked the code , debugged some stuff and it turns out i couldn't communicate with the api server. I tested the api on my browser and nothing is wrong ,I tried to test on the phone vm browser and voila 404 not found . How the hell it's working on my windows and not on the vm (with localhost url :/ ) .I kept debugging for more then 3 hours with no solution to be found .
The moment I realised wtf I'm doing and how stupid I was => shut down my laptop went to coffee shop and bought a lifeless dark espresso .

In case you didn't understand what the issue is, I was running the api on my windows localhost and testing it with same url on my android vm (I should've changed localhost with my machine IP )

- Implemented oauth1 - no body hashing
- URL contains credentials in plain text
- Used Azure API management feature as a proxy of the our API, however the documentation was on the our API, thus exposing the API URL with no management to developers.
- easy resource DDoSing because each trial user got a DB, the registration process did not have bot checks. You could literally freeze the db instance by spamming registration requests.

So I made an update to my React Native app. I changed UI of a couple of screen, added a few animations here and there, refactored how my graphQL resolvers work in the backend(no breaking changes), changed how data gets loaded into the database etc.

It worked in dev so I figured hey let's deploy it. Today is(was because it's now 3am but more on that later) a national holiday so no one goes to work so no one will use my app so I have an entire day to deploy.

I started at 15:00(because i woke up at 13:00 lol). I tested the update once again in dev and proceeded to deploy it to prod. I merged backend to master, built docker images, did migrations on the db, restarted docker-compose with new images. And now for the app. I run ./gradlew assembleRelease and it starts complaining that react-native-gesture-handler is not installed. Ugh, rm -rf node_modules && yarn install. It worked. But now gradlew crashes and logs don't tell me anything. Google tells me to change a bunch of gradle settings but none of them work. Fast forward 5h, it's around 20:00 and I isolated the issue to, again, react-native-gesture-handler. They updated from 2.2.4 to 2.3.0 which didn't fucking compile. 2 more hours passed (now 22:00) and I got v2.3.1 working which fixed the problem in 2.3.0 but made my app crash on startup. YOUR FUCKING LIBRARY GETS 250K WEEKLY DOWNLOADS AND YOU DONT EVEN BOTHER CHECKING IF IT COMPILES IN PROD ON ANDROID?! WHAT THE FUCK software-mansion?

After I solved that, my app didn't crash. Now it threw an error "Type errors: Network Request Failed" every time I fetch my legacy REST API(older parts use rest and newer use graphql. I'll refactor that in the next update). I'll spare you the debugging hell i went through but another 5h passed. Its 3am. My config had misspelled url to prod but good for dev... I hate myself and even more so react-native-gesture-handler.

F**k this. Exactly The same site is displaying differently. Only thing changed? On left access is by local IP, on right by URL using no-ip.

Apparently it grabs CSS from project on another port

Me: *randomly streaming myself code just because*
Friend: "So what are you doing"
Me: "I'm trying to parse a file. The specs are here - oh"
Friend: "Oh?"
Me: "I set screenshare to vs code only, so you can't see it"
Friend: "It's alright, just pass me the link"
Me: "Well, this is vs code, so I might as well check if it can display websites"
Friend: "No way you'd need that,"
>browser
* simple browser
Friend: "Please no"
"Enter url here"
Friend: "Stop!"
*loads website*
Friend: *dies of bloat*
Me: "All hail the bloat"
Friend in heaven: "Stop, your bloat will drag me down to hell"

So yeah, bloat can be useful sometimes

I don't think it could be more .net core than this: Several parts of the application ended up failing because of a too long URL. For example we used a List to store selected items in an array and they each looked like this:
&model.selectedIds[n]=true
The server side made more sense but we were running late with the project so we just went with it and hoped no one would use this feature.

Context: New to typescript. Writing a thing, doing it for work, good opportunity to stretch my dev legs. Using a propriety lib, alternatives not an option.

Rant begin:
SOOOO, who the fuck thought THIS was a good idea:
1. Lib has minified react in dev (because closed source) meaning no downstream errors AND the entire premise of the lib is that a widget is a react component, so I'm writing typescript react the entire time without downstream errors
2. SHIT docs. By that, I mean there's an API reference page that's so sparse there's literally a set of CRUCIAL interfaces that only say the word 'Interface' on them. That's it. that's what i get. It's an interface. NO FUCKING SHIT SHERLOCK, what the fuck is it though? What's its purpose? Is it an interface for a dog? A dog that has a 'shit' property? or a cat? or a cat eating dog shit? Nobody fucking knows - the docs sure as fuck don't care.
3. No syntax highlighting - editors, IDEs (i've tried a few) can't even find the lib inside this environment, so Code and everything else thinks I'm importing shit that doesn't even exist - so no error prediction, code completion based on syntax of the library, none of that.
4. There are some EXTREMELY basic samples - these samples exclusively use React classes - no function components, no hooks, nada - just classes and even perfect replicas of the sample code display erratic behavior like errors about missing props, so that's mostly FUCKING USELESS
5. And this... this is where the straw breaks the fucking camel's back... there's no... there's no hot reloading... Do you know what that (in conjunction with the previous 4 fuckups) means?

When I write anything or I fuck up (which of course I'm doing every time I write half a line because how the fuck?) I have to restart the client and server EVERY FUCKING TIME and manually test to see if the error (THAT ONLY GETS REPORTED IN THE LOCAL UI) is gone or different.
Then, once I see the error, it isn't an error: it's the minified React error-decoder link and guess what? It isn't really clickable a link OR copyable, meaning that every FUCKING time I get a new error, I have to MANUALLY TYPE A FUCKING 50 CHAR URL TO FIND OUT A GENERIC REACT ERROR MESSAGE WITHOUT A LINE NUMBER OR ANY FUCKING CONTEXT. I HAVE TO DO THIS CONSTANTLY TO SEE IF ANYTHING I'M DOING EVEN WORKS.

6. There's no github to complain to the maintainers or search for issues because it's NOT FUCKING OPEN SOURCE so there is literally nothing to be fucking done about it.

This is due in a week and a half, found out about it last Friday. How's your day going?

PS: good to be back after a long respite from dev ranting.

fuck the guy that writed the api that I consume at my company

he's not the worst guy ever, and he might be going through some stuff in life, or maybe he's just happy. There's no way to know actually.

but fuck him. fuck this fucking guy. fuck him with a thousnd dicks.

this guy defends his postures on the api like this thing was fucking sacred and masterly designed ok?

if I ask him to change one url's method from get to post so that I can send more longer data for the request, he comments "i cant believe they still haven't figured out a get request with a body". I appreciate him caring abkut the correctness.

but this is the same piece of shit that makes NOOO fucking validations on whatever I send to it. I get 500 for fucking EVERYTHING.

And if he does 400, the actual response messages are garbage, the same fucking text with no explanation.

FUCK YOU!!!!!!

I hate the way he structures the names of the url and the parameters, sometimes I have to send arrays of strings, other times arrays of objects, the naming is garbage and INCOSISTENT.

And when we asked him to do the API dotnet core, he was like "nah" FUCK YOU FOR USING SOON TO OBSOLETE TECHNOLOGIES!!!
THIS PIECE OF SHIT IS SLOW, because a coworker did another spi in core and the response times are hugely better.

I wouldnt mind if he was 100% of the time careless, but he actually makes a stand for his ideas, as if he actually gave two shits.

he's actually an ok guy though but... fuck hiim!!!! ive been holding onto this for a while... and I'm sure I have some flaws too.

To me this is one of the most interesting topics. I always dream about creating the perfect programming class (not aimed at absolute beginners though, in the end there should be some usable software artifact), because I had to teach myself at least half of the skills I need everyday.

The goal of the class, which has at least to be a semester long, is to be able to create industry-ready software projects with a distributed architecture (i.e. client-server).

The important thing is to have a central theme over the whole class. Which means you should go through the software lifecycle at least once.

Let's say the class consists of 10 Units à ~3 hours (with breaks ofc) and takes place once a week, because that is the absolute minimum time to enable the students to do their homework.

1. Project setup, explanation of the whole toolchain. Init repositories, create SSH keys for github/bitbucket, git crash course (provide a cheat sheet).
Create a hello world web app with $framework. Run the web server, let the students poke around with it. Let them push their projects to their repositories.
The remainder of the lesson is for Q&A, technical problems and so on.

Homework: Read the docs of $framework. Do some commits, just alter the HTML & CSS a bit, give them your personal touch.
For the homework, provide a $chat channel/forum/mailing list or whatever for questions where not only the the teacher should help, but also the students help each other.

2. Setup of CI/Build automation. This is one of the hardest parts for the teacher/uni because the university must provide the necessary hardware for it, which costs money. But the students faces when they see that a push to master automatically triggers a build and deploys it to the right place where they can reach it from the web is priceless.
This is one recurring point over the whole course, as there will be more software artifacts beside the web app, which need to be added to the build process. I do not want to go deeper here, whether you use Jenkins, or Travis or whatev and Ansible or Puppet or whatev for automation. You probably have some docker container set up for this, because this is a very tedious task for initial setup, probably way out of proportion. But in the end there needs to be a running web service for every student which they can reach over a personal URL. Depending on the students interest on the topic it may be also better to setup this already before the first class starts and only introduce them to all the concepts in a theory block and do some more coding in the second half.

Homework: Use $framework to extend your web app. Make it a bit more user interactive with buttons, forms or the like. As we still have no backend here, you can output to alert or something.

3. Create a minimal backend with $backendFramework. Only to have something which speaks with the frontend so you can create API calls going back and forth. Also create a DB, relational or not. Discuss DB schema/model and answer student questions.

Homework: Create a form which gets transformed into JSON and sent to the backend, backend stores the user information in the DB and should also provide a query to view the entry.

4. Introduce mobile apps. As it would probably too much to introduce them both to iOS and Android, something like React Native (or whatever the most popular platform-agnostic framework is then) may come in handy. Do the same as with the minimal web app and add the build artifacts to CI. Also talk about getting software to the app/play store (a common question) and signing apps.

Homework: Use the view API call from the backend to show the data on the mobile. Play around with the mobile project to display it in a nice way.

5. Introduction to refactoring (yes, really), if we are really talking about JS here, mention things like typescript, flow, elm, reason and everything with types which compiles to JS. Types make it so much easier to refactor growing codebases and imho everybody should use it.
Flowtype would make it probably easier to get gradually introduced in the already existing codebase (and it plays nice with react native) but I want to be abstract here, so that is just a suggestion (and 100% typed languages such as ELM or Reason have so much nicer errors).
Also discuss other helpful tools like linters, formatters.

Homework: Introduce types to all your API calls and some important functions.

6. Introduction to (unit) tests. Similar as above.
Homework: Write a unit test for your form.

(TBC)

I don't know why people here dislike php

It's been 3 years since I was introduced to php and I never find it unworthy to be used in my project at all

Last night it was my first freelancing project and the guy asked me to scrap a table from a stock market website in vba script and append the table values to the excel sheet. That looked easy, I kid you not, from the image he sent me that looked too easy.

I decided to accept it, fml. Cause that site was using fucking cookies and javascript to load the table values.

There was no way to implement shit that in vba under my current knowledge.

Let's fuck this shit and jump to php, I inspected the site and found a cookie was enabling the site to load another part of the site through GET request.

Once I knew what was holding that GET request url, curl came to rescue. I attached cookies and sent the request header and parsed the ajax script url and fetched the response (table data).

Parsed the fetched data using explode and Voila! I made the fucking working script in php

As for the vba script, I wrote code to get this csv, append it to the file and delete the csv

Parking here fucking sucks.

I just made a url shortcut for finding parking, it redirects to the site of a parking lot 15 miles away, because if you get here after 8am, there is no parking. If you want me to work, then give me a place to park my car. Spend some of that executive bonus on building a new parking garage you dog rocket sucking suits.

This asshole is out of his fucking mind if he thinks I am going to waste my Friday night waiting around to update a URL on the employee intranet.

News flash if it’s a tool people use everyday they have it bookmarked. No uses the fucking employee intranet because it’s old and it sucks.

You get a list of the users and email them telling them of the update if you are too dumb to figure out a redirect.

It's more of a QA rant....
A Website takes address information via POST. Since Selenium can not do POST properly devs said: "no worries, we will make the site accept addresses via GET url parameters"

Me:"Why not make a simple page with input fields that just behaves like the site calling our site via POST?"
Devs:"Nah we don't need that. Will be fine. We will ensure that POST service works via unit test."

Come release week... Dev:"Guys, POST isn't working, IT Analyst tested with the other site..."
Dev1:"Why did QA not test this earlier?"

Dev2:"He wanted to, we told him that we would unit test this. He fucking knew it. He fucking knew it so don't blame him!"

Me: :3

I just want things to do on my phone that are intellectually going to be stimulating

and not brainwashing

is that so hard to ask for

I can't keep playing sudokus all the time. the other day I wanted to go read a coding answer I asked an AI in my browser on my laptop but I was in bed on a voice chat with a sleeping person and didn't wanna get up out of bed to go fetch the laptop. my browser lets me see tabs I have open on other machines and this AI website makes a url with a unique id so you can browse to the chat you had, but it seems to not always work

earlier in the day I had asked the AI a theoretical coding question and it answered, but I got distracted and needed to go do something before I finished reading it (it was long). but when I was in bed on my phone playing sudokus for intellectual stimulation, annoyed and bored it was the only thing I could do, I had the bright idea of opening the tab on my laptop through my phone. Vivaldi is great and this always works. unfortunately the AI website's unique id thing doesn't. it loaded the website by URL correctly but the AI website just took me to the home page and I had no chat history to read =[

phones are literally computers but you can't do anything on them. can't watch videos without ads or bugs, if you load a lot of websites the tab management system sucks and performance is shit, controls for games suck even if you could find something not ad infested

hell you can't even do a pedometer that's not trying to get you to "log in". bruh

you can't even browse GitHub code! at least last I checked. it's just awkward, their app

I feel like I'm in a straitjacket in terms of technology and I wanna scream. I don't even know how to adequately describe my frustration or what I keep wishing for. it's been prominent in my head a couple years now. it's like we're regressing in terms of compatibility. went from card games provided by Microsoft like solitaire and spider, paint... to Jesus fuck you can't even get paint in a browser now without someone trying to fleece you

remember when things were inventive, nice, and not shit?
I don't even like playing mindustry on a phone to be fair. fighting the controls is most of the experience. so maybe phones are only good for reading things

I just noticed my brain over time doing sudokus learns so I wanted to practice engaging in something and learning as exercise, cuz I think it would be good for the brain damage. bah

Reading "duh... that link looks sketchy" time after time when attempting to nudge people in the direction of good resources, e.g., on-line manual pages, becomes rather irritating. Is typing the URL into VirusTotal or something really such a fucking hassle? Are you sufficiently special to warrant the creation of an IP grabber which is dedicated to targeting you... AFTER you posted your exact location on Instagram last week?

Similarly, some pants-shitting, worm-eating troglodytes who have the gall to claim to know anything about cybersecurity STILL think that for all Web sites k, that k's URL begins with "https" implies that k is secure. NO! Unencrypted Web sites are FINE unless sensitive information is being transferred. Are publicly available manual pages sensitive information now?

Grabbing the campaign hat and writing death threats and very personal insults is sometimes slightly tempting.

MORE WEBDEV ADVENTURES

Took a break for a while due to personal stuff. Just got a job (have to get a stupid work permit from school first to actually be able to work tho), had some shit happen with two close friends that now hate me. Right now I'm upset about something that another really good friend did. So I've been doing some webdev to distract myself for a bit.

So I'm turning my URL bar that I had into a little command bar. It'll be what I use to configure stuff along with URLS and shit. I was building a little config menu that I really hated doing, was just becoming too much of a mess. Currently changing the look of it just a bit, then I'm gonna work on the functionality of it later.

Made my weather divs dynamically generated. Turned like 65 lines in the HTML file to ~20 lines of JavaScript that makes that ~65 lines. And it turns out that it doesn't really affect the loading time at all, which was my original worry. My next task for that is to save the weather predictions so the script doesn't have to grab a whole 14kb file every reload (I know, that part's a little bad). The entire page with the icons and all comes out to ~30kb so far. The icons make up about half of that, but they'll never all be in use because only 5 are on screen at any time and there are 7 total. Plus the fact that one may be in use multiple times (like this very moment actually).

Then I want to have an RSS reader which I've been putting off for a while now. Trying to get everything else done before I do that.

At this very moment, the page takes about 1.4 seconds to load. I'm trying to avoid putting anything I don't need in it. Like I'm using vanilla everything. No frameworks or anything. But that's just my personal preference.

I'll make sure to share it with you guys when I have everything built and functional. I've had a lot of interruptions while doing this. My personal life tends to get in the way of shit I try to do, because I let it get to me.

Anyways I'm just rambling at this point. I fucking love you guys

Months ago, created sophisticated func. Left URL as a comment for ref. Need to add more lines to that func so I clicked the link to remind me how/why but website page is no longer!

A customer specialising in identification and security solutions called today, claiming "they" found malware on their website. Then they provided a weird link to some shady malware scanner, and the "malware" turned to be a <noscript> tag which adds ?noscript to the page url, so we can serve no-JS optimised content. As a bonus, the scanner only detected it on two URLs, even though every single page on the site contains that same line of code.

Joke's on them, have fun paying for priority support outside of the business hours for nothing.

Why the fuck is gradle so horrible.

I literally have no idea why anyone would ever use this thing (other than being forced too because somehow the rest of the world is using it).

Every plugin has an arbitrary DSL that you have to magically know by piecing together enough snippets. At that point, no one is actually intuiting anything based on the beauty of the DSL, every build is a frankenstein of different snippets that were pasted from different versions of gradle blog posts or SO posts.

And if you do get it o work then the DSL changes, or it isn't compatible with another plugin.

I just want to write a fucking integration test in Kotlin. Can I just add an `integrationTest` task in `tasks` right next to `tasks.test`? No, obviously it goes in the `kotlin jvm() compilations` section, DUH.

The first thing anyone in the universe should have asked is "how is this better than literally hand writing a makefile"? At least then I would be able to see the commands that it ran.

Now I'm googling how to make the new jvm-test-suite plugin work when you're using the Kotlin plugin but every single result on Google for `jvm-test-suite kotlin` just returns the docs for jvm-test-suite (whose snippets obviously didn't work in my project) because those doc pages have "Kotlin" written above each of the gradle snippets.

Please just end this.

Oh and dev rant sucks too. It thinks anything separated by dots in a url.

Today I was orders to check out one of our applications. Accounting said that the Twilio bill was constantly increasing even if we do not get any new clients. In 10 min I found out what is the problem. All calls are recorded and stored in Twilio, which charges handsomely for such service.
Developers instead of downloading those recording to our data lake, use Twilio as storage, because no coding was involved.
Company lost around 30k dollars this year and around 10k-20k in previous ones, because someone was lazy to spend few days to download mp3 from url.

I have just slept for a minimum of 5 hours. It is 7:47 PM atm.
Why?
We have had a damn stressful day today.
We have had a programming test, but it really was rather an exam.
Normally, you get 30 minutes for a test and 45 minutes for an exam.

In this "test" we have had to explain what 'extends' does and name a few advantages of why one should use it.
Check.
Read 3 separate texts and write the program code on paper. It was about 1 super class and 1 sub class with a test class in Java.
Check.
Task 3: Create the UML diagram of the code from above. *internally: From above? He probably means my code since there is no other code there. *Checks time*. I have about 3 minutes left. Fuck my life.*
Draws the boxes. Put the class names in each of them. A private attribute for the super class.
Teacher: Last minute!
Draw the arrow starting starting from the sub class to the super class.
Put my name on each written paper. And mentally done for the day. Couldn't finish the last task. Task 3.
During this "test", I heard the frustrations of my classmates. Seemed like everyone was pretty much pissed.
After a short discussion with the teacher who also happens to be the physics professor of a university nearby.
[If you are reading this, I hope that something bad happens to you]
The next course was about computer systems. Remember my recent rant about DNS, dhcp, ftp, web server and samba on ubuntu?
We have had the task to do the screenshots of the consoles where you proof that you have dhcp activated on win7 machine etc. Seemed ok to me. I would have been done in 10 minutes, if I would be doing this relaxed. Now the teacher tells us to change the domain names to <surnameOfEachStudent>.edu.
I was like: That's fine.
Create a new user for the samba server. Read and write directories. Change the config.
Me: That should be easy.
Create new DNS entries in the configs.
Change the IPv6 address area to 192.168.x.100-200/24 only for the dhcp server.
Change the web server's default page. Write your own text into it.
You will have 1 hour and 30 minutes of time for it.
Dumbo -ANGRY-CLIENT-: Aye. Let us first start screenshotting the default page. Oh, it says that we should access it with the domain name. I don't have that much time. Let us be creative and fake it, legally.
Changes the title element so that it looks like it has been accessed via domain name. Deletes the url and writes the domain name without pressing Enter. Screenshot. Done. Ok, let us move to the next target.
Dhcp: Change lease time. Change IP address area. Subnet mask. Router. DNS. Broadcast. Optional domain name. Save.
Switches to win7.
ipconfig /release
ipconfig /renew
Holy shit it does not work!
After changing the configs on ubuntu for a legit 30 minutes: Maybe I should change the ip of the ubuntu virtual machine itself. *me asking my old self: why did not you do that in the first place, ass hole?!*
Same previous commands on win7 console. Does not work. Hmmm...
Where could be the problem?
Check the IP of the ubuntu server once again. Fml. Ubuntu did not save when I clicked on the save button the first time I have changed it. Click on save button 10 times to make sure it really is saved now lol.
Same old procedure on win7.
Alright. Dhcp works. Screenshot.
Checks time. 40 minutes left.
DNS:It is your turn. Checks bind9 configs. sudo nano db.reverse.edu.
sudo nano db.<mysurname>.edu.
Alright. All set. It should work now.
Ping win7 from ubuntu and vice versa. Works. Ping domain name on windows 7 vm. Does not work.
Oh, I forgot to restart the bind9 server on ubuntu.
sudo service bind stop
" " " start
Check DNS server IP on win7. It looks fine.
It still doesn't work. Fuck it. I have only 20 minutes left. Samba. Let us do this!
10 minutes in. No result. I don't remember why. I already forgot why I have done for it. It was a very stressful day.
Let us try DNS again.
Oh shit. I forgot the resolver!
sudo nano /etc/resolv.conf
The previous edits are gone. Dumb me. It says it in the comments. Why did not I care about it. Fuck it.6 minutes left. Open a yt video real quick. Changes the config file. Saves it. Restarts DNS and dhcp. Closes the terminal and opens a new one. The changes do not affect them until you reopen them. That's why.
Change to win7.
Ping works. How about nsloopup.
Does not work.
Teacher: 2 minutes left!
Fuck it.
Saves the word document with the images in it. Export as pdf. Tries to access the directories of the school samba server. Does not work. It was not my fault tho. Our school server is in general very slow. It feels like they are not maintained and left alone like this in the dust from the 90s.
Friend gets the permission to put his document on a USB and give the USB to the teacher.
Sneaky me: Hey xyz, can you give me your USB real quick?
Him: sure.
Gets bombed with "do you want to format the USB?" pop-ups 10 times. Fml. Skips in a fast way.
Transfers the pdf. Plug it out. Give it back.
After this we have had to give a presentation in politics. I am done.

In my beginning days I made a website with a login screen and no thoughts on the URL or browser history...

What a dumbass!

So today we renamed a repo on bitbucket. We changed the remote url on local PCs and kept working. When deploying, our deploying platform threw an error saying invalid repo name, which was expected. Thing is, said platform doesn't have a "change repo remote url" option, so we did it manually over SSH. It didn't work as it now says the bitbucket token is invalid. There is no option to change or set the token. Redeploying will take almost an entire day due to configurations. FML.

Was testing an editor for writing technical documentation. Asked their support:

Hey ___, am I right in thinking you can't paste images directly from clipboard into a document?

Couple of hours later:

Hi ___, yes, you can add images by uploading them: <url>

The URL they provide has no examples of being able to paste images directly from the clipboard. provides Trying to figure out if this is yes-but-no or no-but-yes.

ANGULAR 5 HELP REQUEST
Does someone know why tf router.navigate doesnt initalize the given component in Angular 5?
Stackoverflow doesnt provide the required answer...
The component is called (and works) if i reload the page on the correct url. Even the URL in the adressbar changes on router.navigate.
pls no h8

In spent more than an hour trying to figure out why a form didn't work.

I pressed the submit button and nothing happened, no error in the console and nothing in the Network tab in Chrome's devtools. And the action was being executed!

Then I found out there was a catch somewhere. I removed and it said that the url was wrong. But again, I debugged it and nothing seemed wrong. I even hardcoded the values.

At the end, it turned out that the initial "/" was missing in the request url...

How the fuck is Firebase still a thing? I just spent hours debugging a random "not authorised" error, only to find out you need to enable a deprecated API even if you're only using the new (recommended) one. Do they tell you about it? Fuck no, they keep it disabled by default, they tell you to only use the new API, and they make it pretty much impossible to find the deprecated API you need to enable without a direct link.

And why the fuck does the official SDK send image URL as { "imageUrl": "http://..." }, when the endpoint expects it to be { "image": "http://..." }? Why the fuck does the documentation mention both options interchangeably, while only the latter one actually works?

Has anyone ever tried to send a message to a rep at PNC on their online banking?

-you can't write any 'special characters' in the message. This includes dashes, slashes, and even apostrophes ("don't" is not allowed!) among others. I guess they just pipe the message right into the SQL queries!

-I had to type a long message there, and I was tired and forgot to do my usual CTRL+A/CTRL+C ritual - BIG MISTAKE!! After clicking submit, I get a JS alert() come up saying that my session timed out after 15 minutes of inactivity (writing a large rant to PNC ofc). Back button does not bring up the filled out form to copy from, as like the whole site seems to be on the same URL. There was no way to exit the alert without losing the message. Thankfully I did not close the tab, and I was able to recover and piece together some of the text snippets using $ gcore / $ strings | less.

Overall this has to have been the worst web app I have dealt with for quite a while.

My team was asked to point to a mock service in our QA env. Standard procedure is to copy the line in our QA property file that has the service URL, comment one out, and change the other to the mock service. Then, push the code and deploy to QA.

What did someone do? He didn't touch the property file. He found where we were defining the configuration for our http requester, removed the property reference, and HARD CODED the mock URL.

Wait, it gets better. The mock service does not function the same way the real service does. We need to send an additional query param to the mock service (that has a value already being sent in a header) so they modified ANOTHER file where the actual request is being made.

He made the changes, deployed to QA, and didn't check in any code.

What is going to happen next time when we deploy to QA with the latest code? Oh look, we'll be pointing to the real service again.

I explained this to my architect, and included that this messed up mock service they were calling is our 2nd mock service (no idea why they made a new one) and he simply deleted the stupid 2nd mock service. Screw that!

And...now requests to QA don't work 😂

Do anyone of you use a npm registry server like verdaccio for caching of packages from npmjs.org?

Today I tried verdaccio within a local docker container.

I successfully connected via npm --registry <registry-url> install

There where no errors, but verdaccio kept delivering packages with 200.
Shouldn't it be 304 since the packages already exist in the storage folder of verdacio?

What the fuck is CORS, I can type the URL into my browser and download the file, but running a HTTP request from within a page is denied? Wtf kind of dumb no logic behaviour is this

Today the product designer (like he calls himself) on my team decided we should not use urls containing more meaningful information in our web app as absolutly necessary. It would be easy to use RESTful Urls displaying more details about the current navigation in the app with angular. But he thinks that would go against the "app feeling" and customers might think it is "just a website". Bookmarks, browser history, a useful "back" button in the browser and more power to the user "might be confusing" and "it's better for markting purposes". -.-
Well, if he thinks so... I made my point clear and he ows me beer if this feature is ever requested.

I work with a few non-programmers on my team and after almost 2 full years of using our CMS one of them called me over because they were getting an error when trying to copy a hyperlink... I come over and everything looks fine, so I say "Have you right clicked on the hyperlink and clicked 'Copy Shortcut'?"... She says "Well no, I don't want a shortcut I want to copy the URL." .... ::face palm:: This is why the other countries are beating us!

mobile browsers not refreshing stylesheets.

this is the worst thing that mankind ever did. I mean, when you are trying to design a website and the changes you make to the css are not loaded by the browser, you have no clue wtf is going on. There is no way to make the browser refresh the stylesheet. Reloading, entering the url manually, reopening the tab, restarting the browser, nothing works. The only fix is to manually clear the app's cache in android settings.

The strange thing here is that at first the stylesheet gets refreshed like it should, but after some time the cache seems to be capped and it wont load sh*t...

This is soooo frustrating :(((

Was having problems on a VPN where my URL was constantly redirecting to https, after https was disabled, spent ages reconfiguring nginx, removing and adding nginx again with no luck. Eventually said fuck it, backed up everything of importance, destroyed the droplet and spun up a new one. Installed nginx and redone the DNS for the domain only for the same thing to happen. It was at that moment I discovered it was chrome caching the HSTS domain. I now have a long night ahead of me configuring the new droplet and restoring the backup data.

So I decide to do some online test at company X for an internship.
URL bar exposes names, id number, email etc, whatever you fill when they capture your details(these morons are probably using a get route to do it). Okay fine let me give it a try... Page loads flash content! WTF!??...Fine I do the test, so easy and fun. After completing the test and hit submit the whole flash shit just goes blank!!! Now I wasted my 3 hours for nothing!!! I'm so pissed rn I wanna write them an email. Ohhh I forgot to mention the page was very http with no s. How do I even trust they'll tech me anything???

Need a serious help as I can't find a solution to this. My Google search (homepage + results) changes the language to a regional one on every refresh. I want it back to English, I even changed search language setting and the account language for all apps to english. When it hinted, "some apps don't have the same language" in a toast message, I updated that too.

Now I don't understand what is causing this. Here's what I tried. I reinstalled chrome. Removed all my extensions. Used the chrome malicious software detection. Used a different browser- Edge.

I see this is a problem with my Google account as this only happens after I sign in. The language automatically changes to a random regional language, but the search language settings still show English selected.

I checked all the apps authorized with my account but there's nothing suspicious there.
I added "?hl=en" to the url as a temporary fix but that doesn't really help much if I'm on another device. I also found some video suggesting to add "/ncr" to the url. It somehow fixed this for like 10 secs. and then I refreshed to see- back to the same problem.

I tried looking for similar issues and even asked a question on google forums but no luck. Somehow after an hour of repeating the same process of switching the language in settings, it seemed like it got fixed. Until now, where I logged into another device and the issue is back.

Any help? Please? Thanks. :)

My current task involves processing the commoncrawl web archive, and it's like a box of junk you buy at a flea market. You find so much useless stuff, broken stuff, stuff that makes you question people...

My latest find makes me wonder what lies out there if what I found was in plain sight. I found tens of thousands of websites that look like someone used markov chains to generate pron ads. Those websites exist in 10+ languages, use the same url-scheme, read like a dyslexic camgirl reading alphabet soup and are hosted on the same three ip-adresses. There is no javascript involved and some pages link to a variety of twitter accounts.

I queried a few commoncrawl files and amassed 4GB of this spam. Every time I look at it it gets weirder. There is an italian article about malware in there too.

Here's a text sample:
"Not from her bedroom, she her stream view and meet new experience. In hd india, because swimsuit still laws exist no interaction or frigthened and."

Developers !

I need fast advice!

If i want to have a domain like instagram e.g.

domain.com/first-lastname1
domain.com/first-lastname2
domain.com/first-lastname3
...

What is the best way to define those routes? I am using only angular. Its just a landing page so no backend frameworks are needed or used.

So if i have about 50 first-last names (and i might add even a lot more), is it a good idea to create 50 different components in angular where each component links to the different person identity of those /first-lastnameN routes?

Or should i have only 1 component and loop through names from a list and display them somehow? Because i dont know how to do this way And change the URL route into a different name

>decided trying to update my Neovim plugins
>Telescope.nvim no longer works, apparently it needs Neovim 0.9.0 now, only have 0.8.3
>decide to re-run the script which I've built that takes care of setting up neovim including plugins and whatnot, only updating the version part in the URL
>the URL was for a .deb package... apparently .deb packages are no longer available or something, at least for newer versions

I'm going to have to use VS Code, am I not?

The trend of mobile browser URL bars only showing the domain name and hiding the rest of the URL needs to stop.

This trend appears to have been introduced by, guess who, Apple with iOS 7, and Samsung has copied it to their browser to look oh-so-"minimalistic", even though it has no benefits at all.
Even desktop browser Opera had this bad design at some point.

We use ActiveMQ as a broker in one of our system but the messages sent between applications are in query string format, God knows why. Then when one of our new features requires a JSON structure, we had to URL encode the JSON so it can be part of the message . Now the log growth is significantly higher than the version before and no longer human readable.

# This isn't THAT bad, but since I never had any collab before this one, this is the worst so far

I'm in a web development school where we need to do a yearly project. At the beginning, we started with the idea of doing an online wallet that would handle crypto-currencied (#blockchains), and other currencies too.
On the paper that sounds good, but the dude decided to create a NodeJS server api, and let's be honest, this was a gas factory. I couldn't help him because he was too fast in his ideas, and the third member was a bit more useful because he was the one creating the mobile app, so all he needed was an url that the dude couln't manage to create.

After a few weeks he started over the project, then over again a few weeks later, before coming to us and saying it was too difficult. We said "yeah, I mean you're own your own since the beginning, no wonders!" "Uh do you guys care if we change the whole project to do something else? Like a CV library"

Went a moment where he tried to over sell some incredible (read "overly common") features that already existed 10 years ago on some famous websites (ie. Monster), and he then eventually told me that this idea came from his new job, and that they needed this library. So we would have to work for his company for free. Nice.
The third guy and me came with a new idea (image recognition with IA and stuff), and we saw the dude maybe 5 times the whole week while we're supposed to work together

Was helping a friend fixing apache url redirects he says I've got cent os i was a bit nervous. The configs were in httpd.conf file but as soon as i try to edit i see there is no nano editor
But there was vi editor, now I'm on call helping this dev and googling vim cheat sheet 😂😂😂😂😂, i had no idea how to edit the file. Its not that hard though.

Flutter may be great. I want to learn it, so i decided to make this small app in Flutter.

About 2 hours later, and I STILL HAVENT POSITIONED THESE FUCKING BUTTONS AS I WANT IT.

I calm down a bit, and decide to not give a shit about the position of those buttons.. Moving on to launch an URL when one of them is clicked.

Found sweet few lines of code i could copy/paste. Ans tadaa, didnt fucking work. Fuck. Googles a bit, turns out i forgot that hot reload is not for major changes, my bad.

I decide i want to add a few extra features, so fuck Flutter for now, im going back to Android Studio.

Reading Flutter is great, writing it with no knowledge of Dart is.. what the fuck did i even think.

If I get one more escalation from the IT helpdesk about a login issue but it’s actually an broken link I am going to screem! Find the new link (it’s in multiple places) give it to them and then put the page location in the ticket you dumb fucks so I can update the URL.

This person called in 3 times over the weekend over this and no one thought to have give them the link.

It's 2022 and web browsers are still unable to unfollow redirects.

If I open some URL in a new tab and it redirects me to /503.html or similar due to some server errors (which is bad design to begin with), there is no way to see which URL was redirected from. The "back" (←) navigation button is greyed out, so there is nowhere to go back to.

One might open a new tab to look at it later without realizing it redirected to an error page. Then one opens it, sees /503.html, and has forgotten which article one was going to read.

Only on the mobile edition of Chrome/Chromium, switching between desktop and mobile view unfollows the redirect. But on Firefox mobile, Chrome/Chromium-based desktop, and Firefox desktop, there is no way to know which URL redirected me there.

Help, again! I’m doing a simple ajax using jquery’s load function but for some reason it results in a refresh of the entire page! There’s no callback or any other values being passed, it’s just the url to the html file. Btw even if i reduce the html file I’m sucking in to an innocent <p>hello</p>, it still fucks up and the page reloads so it’s not like there’s some bad javascipt going off. This is part of a project being done using codesandbox, so I’m not sure if there’s something going on with it. This is my first ajax in this environment

wasting 4 hours trying to send a post request and fetching back the json reply, and having to fall back on fsocket when c url is not available is no fuck, the fuck with C api code in what's supposed to be web directed high level language that has no fucking native interface for REST actions
!rant

People, help me out.

(first some abstract thoughts)

I am a final year undergrad yet to take steps in the world and i am trying to figure out what to do with my time, what my end goal and next steps should be.

As of now I think my end goal is "relaxation , peace and happiness of me and my loved ones", and to reach there , i need money.

My younger self chose engineering for a particular reason(that i vaguely remember) and weather it was a right or wrong/illogical decision, i guess i am stuck with it and have to use this only to reach my end goal.
Maybe i am regretting this and want to change. Maybe i am just a lazy ass who is bad in his assigned role of an engineer and is running towards glitter in other fields, whatever it is , i am not going against the decision of my past and accepting my identity as an engineer.
I believe once i am able to achieve my goal( that am still not sure about but overall is a good one from general perspective), i guess i will be satisfied

------------------------------------------------
(enough with the deep stuff)

I want to learn how to "learn" . like i am always conflicted about what to do next once the tutor leaves my hand.

for eg, let's say i goto a site abc.

1. They got 1 course each for android , web dev and ai. I choose the web dev course and give my hardworking attention to it
( At this point my choice is usually based on the fact that <A> i should not be stupid to buy all 3 course even if i have money/desire to buy all of em because riding 2 horses is only going to break my ass and <B> some pseudo stats like whichever got more opportunity, which i "like", etc(Point B is usually useless in the long run i guess) )

2. From what i have experienced, these courses usually have a particular list of topic that they cover and apply them to 1 or 2 projects. For eg, say that my web dev course taught me 20 something concepts of basic html/css/js/server and the instructor applied it to blog website

BUT WHAT IS NEXT ?

2.1.
>> Should I make more projects using only those particular list of concepts?
I usually have a ton of ideas that i want to implement now that i know how to build a blog site.
say i got a similar idea to make say url shortner. I start with full enthusiasm but in the middle way there is some new thing that i don't know and when i search the internet, i realize that there are 5 ways to implement such concept, making me wander off towards a whole list of concepts that were not covered in my original 20 concept course. This makes the choice 2. 2

2.2
>> Should I just leave everything , go to docs and start learning concepts from the scratch ??
Usually when i start a project, i soon realize that the original 20 concepts were just the tip of iceberg and there are a ton of things one should know, like how os works, how a particular component interacts with another, how the language is working, how the compiler is executing, etc .
At that point i feel like tearing all my notes away, and learning every associated thing from the scratch. No matter how much my project suffers, i want to know how the things are working from the bottom , like how the requests are being mad, how the routes are working, etc which might not even be relevent for the project.

Why i want to follow approach 2? because of the Goal from abstract thoughts. in theory, having deep knowledge is going to clear my interview thereby getting me a good job.
I will get good money, make projects faster and that will be a happily ever after story.

But in practical this approach is bringing me losses and confusion. every layer of a particular thing i uncover, turns out there is another layer below that. The learning never stops. Plus my original project remained incomplete.

What is your opinon, how do you figure out what to do next?

Why are big software documentations versioned by url rather than adding the most current update to relevant sections and signifying it as such?

1) only select parts of the software is updated in between major version updates. Why duplicate the entire docs for only sparingly updating those parts?

2) references hold versioned urls that could go out of date. I imagine it takes some effort to have a banner on each page indicating whether this is the most up-to-date version of the software

3) deprecated documentation is redundant since it's no longer maintained. Why does it continue to exist? Not everyone has upgraded, you say. That, and I guess, it costs the maintainers nothing to have an idle folder 6 major versions behind the most recent

I already have a folder for my v1 but I'm considering pulling them into a permalink. What challenges or disadvantages are there to doing so?

Trying to search for URL strings becomes a pain in chrome because I've no choice but to either search for something else first or type Google into Google :(

Vivaldi browser seemed a good idea to escape Google's misfeatures without swapping it for Microsoft extensions (Edge) or Firefox / Gecko idiosyncrasies (size / magnification issues on Ubuntu, slow Android version, clunky UI). But there are some ongoing issues that I never experienced in any other user agent (maybe I will when switching to Chromium), like URL completion (port URLs without a protocol aren't prepended with https but trigger a xdg-open dialog, autocomplete prefers obscure deep links with long paths instead of the base URL, browsers seems to forget login passwords by default, etc.) - so Chromium seems like the obvious choice. But there seem to be no more Chromium builds for Android? Anyone else disappointed by Vivaldi has a preferred solution?

Anyone noticed that SitePoint is permanently "on sale", with discounts and stuff since they launched their premium programme 1 or 2 years prior?

When one sale ends, another one comes.

Plus now they hid away the subcategories, one must access them by knowing the subcategorie's URL haha

I have no understanding of this reasoning they have...

Silhouettes hide your pores,
not the chores for your work scores,
managers observe behind your eyes,
No one rants for the laughs,
where you now passed gas,
sum your growth of the past,
change the browser url paths,
or your boss will take your cash.

```
npm WARN expo-google-sign-in@2.0.0 requires a peer of react-native@^0.55.4 but none is installed. You must install peer dependencies yourself.
npm WARN react-native-reanimated@1.0.0-alpha.11 requires a peer of react@16.0.0-alpha.6 but none is installed. You must install peer dependencies yourself.
npm WARN react-native-reanimated@1.0.0-alpha.11 requires a peer of react-native@^0.44.1 but none is installed. You must install peer dependencies yourself.
npm WARN url-loader@1.1.2 requires a peer of webpack@^3.0.0 || ^4.0.0 but none is installed. You must install peer dependencies yourself.
```

npm, a package manager so retarded it is too stupid to do it's one and only job. To install dependencies. The real funny part is, half of the dependencies are already installed globally, but npm doesn't know. Because npm is indeed **the worst**. npm developers should all have been a trimester abortion, but now it's too late and we have to pretend we like them. No I don't! Fuck them and npm

🐟💩The image i fetch from s3 is of type byte array

I return it to angular as an ArrayBuffer

Which then needs to be somehow converted to an image so i can fucking show it

Then after research i had to convert ArrayBuffer to Blob

And from Blob to URL encoded object which returns a string that now shows the full image in img tag

Somehow, by a sheer of trials and error i have just accidentally made a very secure way of fetching a very sensitive piece of document (verification document with user's personal data on it) and now in browser this is shown as blob:shit-image/random-hash. Not even the file extension. This means nobody can download this image. You fucking cant. Its a Blob motherfucker! Like a Blob Fish. It saves either a .txt when you try to save it (no idea how) and if you try to open the image in new tab it shows gibberish text. This means you can read-only this highly sensitive document image and not manipulate it, not even download it. Perfect. I have just made a very secure software by accident.

(this blob fish looks like my shit)

I don't get keycloak. Anyone who has experience with it, please help.

We have what I would think is a common setup: a kubernetes cluster with a Spring boot api-gateway and keycloak as oauth2-provider.

The api-gateway needs an issuer-uri to keycloak for endpoint discovery, i.e. to configure a bunch of endpoints to keykloak for different purposes.

The two main purposes are: 1. to redirect the user to keycloak (must be an url reachable from outside the cluster, i.e. ingress) 2. to authenticate tokens directly with keycloak from within the cluster.

Keycloak can be configured to set some of these discovery endpoints to different values. Specifically it makes a separation between backfacing (system calls in cluster) and frontfacing (user call from browser) urls All seems good.

However, when using this setup, each time spring security authenticates a token against keycloak it says the "issuer" is invalid. This is because the issuer is the host on which the token was generated. This host was the one in the url which the user was redirected to i.e. the ingress.

It feels like there is no way around this except running keycloak outside the Kubernetes cluster, but surely there must be a way to run keycloak in the same cluster. What else is the purpose of keycloak having the concept of back- and frontfacing urls?