Worst dev I've interviewed?

"Archie" ran his own consulting business for almost 20 years. Prior to his interview, Archie sent HR (to send to us) his company's website, where he had samples of code for us to review (which was not bad, this guy did know his stuff).
What I found odd was Archie was the lone wolf at his company, but everything I found about him (the about page, his bio, etc), Archie was referred to as 'Mr. Archie Brown'.
Ex. 'Mr. Archie Brown began his humble career and 'Mr. Archie Brown is active in his church and volunteers his time in many charities ...'
Odd to refer to yourself in the third person on your own site, but OK, I like putting hot sauce on my mac & cheese (no judgement here).

Then the interview..standard stuff, then..
Me: "Given your experience, this is an entry level developer position. Do you feel the work would be challenging enough for you?"
Archie: "Yes, Mr. Archie Brown would have no problem starting at bottom. You see ..."

Almost any time he would reference himself, instead of 'me' or 'I', he would say 'Mr. Archie Brown'. As the interview continued, the ego and self-importance grew and grew.
My interview partner wanted to be done by using the escape clause, "PaperTrail, I'm good, do you have any questions?"

Yes, yes I do. I was having too much fun listening to this guy ramble on about himself. I made the interview go the full hour with the majority of time 'Archie' telling us how great he is.

The icing on the cake was my partner caught his gold cuff-links and tie-pin where his initials and how he kept raising his hands and playing with his tie to show us (which I totally missed, then was like "oh yea, that was weird")

After the interview, talking with HR:
HR-Jake: "How did it go?"
John: "Terrible. One of the worst. We would have been done in 10 minutes if PaperTrail didn't keep asking questions."
Me: "Are you kidding!? I had the best time ever. I wish I could have stayed longer."
HR-Jake: "Really? This guy was so full of himself I wasn't sure to even schedule with you guys. With his experience, I thought it deserved at least a round with you two. You think we should give him a chance?"
Me: "Hell no. Never in a million years, no. I never in my whole life met anyone with such a big ego. I mean, he kept referring to himself in the third person. Who does that?"
HR-Jake: "Whew!...yea, he did that in the phone interview too. It was a red flag for us as well."

Couple of weeks later I ran into HR-Jake in the break room.
HR-Jake: "Remember Mr. Archie Brown?"
Me: "To my dying day, I will never forget Mr. Archie Brown."
HR-Jake: "I called him later that day to tell him the good news and he accused me of being a racist. If we didn't give him the job, he was getting a lawyer and sue us for discrimination."
Me: "What the frack!"
HR-Jake: "Yep, and guess what? Got a letter from his lawyer today. I don't think a case will come in front of a judge, but if you have any notes from the interview, I'll need them."
Me: "What are we going to do?"
HR-Jake: "Play the waiting game between lawyers. We're pretty sure he'll run out of money before we do."

After about 6 months, and a theft conviction (that story made the local paper), Mr. Archie Brooks dropped his case (or his lawyers did).

Le monday morning after a commit on sunday evening...

PM: BLAAAH!!!! Your commit broke the site, nothing is working!!!!!!
Me: What? All of tests passed (coverage 95%), no issues were found.
PM: NOO!!!! Site is broken, we can't use it no more!!!
Me: Ok, what's the problem?
PM: I've tried to enter -10021 into this field on that page and it gived me an error.
Me: Ok? So, that single page is broken?
PM: No, whole site!!!! This is important
Me: Sure... Let me take a look

* PM tried to enter a negative value into an unsigned field that I've mutated yesterday after checking LIVE database if there was no records with negative value. Reason: we've hit an int limit and there was no chance that the value would be negative. Validation? Well, yes.... Except that page was added by him this morning without even checking everything else *

Me: Here, this is the issue, *gives explanation*
PM: Well.... You shouldn't do this. This is unacceptable. You must never leave int fields without negative values. Didn't they teach you in school that integers can be negative?!
Me: What? *consufed as hell*
PM: *More morale... blah blah blah....* Revert it back!
Me: Ok but if anything else breaks, copy of this slack conversation will be kept.
PM: Don't care! Fix it!
Me: * Reverts the fix, saves chat copy * - Done.
PM: Great.

* 5 wild minutes later *
PM: BLAAAH!!!! Site is down, service is not working, what have you done?
Me: Reverted the change needed for it to work. Todays schedule is full with other important tasks. * pastes a screenshot as a proof that he asked me to do this *
PM: FIX IT NOW! Apply your fix.
Me: You're the PM. - Done.
PM: Great, now I'll fix my code. You should be more careful next time.
Me: * YOU DENSE MATHA...KER * Sure.

How's your morning going? :)

Rant
Why do shithead clients think they can walk away without paying us once we deliver the project !!!

So, here goes nothing..
Got an online gig to create a dashboard.
Since i had to deal with a lot of shitheads in the past, I told them my rules were simple, 20% advance, 40% on 50% completion and 40% after i complete and send them proof of completion. Once i receive the payment in full, only then i will hand over the code.
They said it was fine and paid 20%.
I got the next 40% also without any effort but they said they also needed me to deploy the code on their AWS account, and they were ready to pay extra for it, so i agreed.
I complete the whole project and sent them the screenshots, asking for the remaining 40% payment. They rejected the request saying my work was not complete as i had not deployed on AWS yet. After a couple of more such exchanges, i agreed to setup their account before the payment. But i could sense something fishy, so i did everything on their AWS account, except registered the domain from my account and set up everything. Once i inform them that its done and ask for the remaining payment.
The reply i got was LOL.
I tried to login to the AWS account, only to find password had been changed.
Database access revoked.
Even my admin account on the app had been removed. Thinking that they have been successful, they even published ads about thier NEW dashboard to their customers.
I sent them a final mail with warning ending with a middle finger emoji. 24 hours later,
I created a github page with the text " This website has been siezed by the government as the owner is found accused in fraud" and redirected the domain to it. Got an apology mail from them 2 hours later begging me to restore the website. i asked for an extra 10% penalty apart from the remaining payment. After i got paid, set an auto-reply of LOL to thier emails and chilled for a week before restoring the domain back to normal.
Dev : 1
Shithead Client: 0

Ubisoft 404 page.

!rant

This was over a year ago now, but my first PR at my current job was +6,249/-1,545,334 loc. Here is how that happened... When I joined the company and saw the code I was supposed to work on I kind of freaked out. The project was set up in the most ass-backward way with some sort of bootstrap boilerplate sample app thing with its own build process inside a subfolder of the main angular project. The angular app used all the CSS, fonts, icons, etc. from the boilerplate app and referenced the assets directly. If you needed to make changes to the CSS, fonts, icons, etc you would need to cd into the boilerplate app directory, make the changes, run a Gulp build that compiled things there, then cd back to the main directory and run Grunt build (thats right, both grunt and gulp) that then built the angular app and referenced the compiled assets inside the boilerplate directory. One simple CSS change would take 2 minutes to test at minimum.

I told them I needed at least a week to overhaul the app before I felt like I could do any real work. Here were the horrors I found along the way.

- All compiled (unminified) assets (both CSS and JS) were committed to git, including vendor code such as jQuery and Bootstrap.
- All bower components were committed to git (ALL their source code, documentation, etc, not just the one dist/minified JS file we referenced).
- The Grunt build was set up by someone who had no idea what they were doing. Every SINGLE file or dependency that needed to be copied to the build folder was listed one by one in a HUGE config.json file instead of using pattern matching like `assets/images/*`.
- All the example code from the boilerplate and multiple jQuery spaghetti sample apps from the boilerplate were committed to git, as well as ALL the documentation too. There was literally a `git clone` of the boilerplate repo inside a folder in the app.
- There were two separate copies of Bootstrap 3 being compiled from source. One inside the boilerplate folder and one at the angular app level. They were both included on the page, so literally every single CSS rule was overridden by the second copy of bootstrap. Oh, and because bootstrap source was included and commited and built from source, the actual bootstrap source files had been edited by developers to change styles (instead of overriding them) so there was no replacing it with an OOTB minified version.
- It is an angular app but there were multiple jQuery libraries included and relied upon and used for actual in-app functionality behavior. And, beyond that, even though angular includes many native ways to do XHR requests (using $resource or $http), there were numerous places in the app where there were `XMLHttpRequest`s intermixed with angular code.
- There was no live reloading for local development, meaning if I wanted to make one CSS change I had to stop my server, run a build, start again (about 2 minutes total). They seemed to think this was fine.
- All this monstrosity was handled by a single massive Gruntfile that was over 2000loc. When all my hacking and slashing was done, I reduced this to ~140loc.
- There were developer's (I use that term loosely) *PERSONAL AWS ACCESS KEYS* hardcoded into the source code (remember, this is a web end app, so this was in every user's browser) in order to do file uploads. Of course when I checked in AWS, those keys had full admin access to absolutely everything in AWS.
- The entire unminified AWS Javascript SDK was included on the page and not used or referenced (~1.5mb)
- There was no error handling or reporting. An API error would just result in nothing happening on the front end, so the user would usually just click and click again, re-triggering the same error. There was also no error reporting software installed (NewRelic, Rollbar, etc) so we had no idea when our users encountered errors on the front end. The previous developers would literally guide users who were experiencing issues through opening their console in dev tools and have them screenshot the error and send it to them.
- I could go on and on...

This is why you hire a real front-end engineer to build your web app instead of the cheapest contractors you can find from Ukraine.

I was hired as a senior software engineer. During handover I found out I'm actually replacing the CTO.

I queried why he was leaving and got a simple "just want a break from working" which I found odd.

Fast forward and now I also just want a break from work, permanently. This place has followed every bad practise and big no-no out there. Every bit of software is a built in house knockoff janky piece of crap that doesn't work and makes people's jobs 5000 times harder.

The UI looks worse than Windows 3.1, absolutely horrendous code formatting, worst database structure I've ever seen.

The mere mention of using a team communication tool results in being yelled at from the CEO whom communicates purely via email, who then gets annoyed when you don't reply because they sent the email to a client instead of you.

We get handed printed out "tickets" to work instead of the so called "amazing in house ticket system" built using PHP 5 and is literally crammed into an 800x600 IFrame. Yes a F$*#ing IFRAME!

It's not like we have an outdated TFS server that has work items we can use...

Why not push for changes you say. I have, many times, tried to suggest better tools. The only approval I've gotten is using PhpStorm. Everything else is shutdown immediately and you get the silent treatment.

The CEO hired me to do a job, then micromanages like crazy. I can't make UI changes, I can't make database changes, why? They insists they know best, but has admitted multiple times to not knowing SQL and literally uses a drag and drop database table builder.

Every page in the webapps we make are crammed into 800x600 iframes with more iframes inside iframes. And every time it's pointed out we need to do something, be it from internal staff or client suggestions, the CEO goes off about how the UI is industry leading and follows standards.. what in the actual f....

Literally holding on by a thread here. Why hire a CTO under the guise of being a senior developer but then reduce the work that can be done down to the level of a junior?

Sure the paycheck is really nice but no job is worth the stress, harassment and incompetent leadership from the CEO.

They've verbally abused people to the point they resign, best part is that was simply because the CEO made serious legal mistakes, was told about it by the employee then blamed it on others.

Welcome back to practiseSafeHex's new life as a manager.

Episode 2: Why automate when you can spend all day doing it by hand

This is a particularly special episode for me, as these problems are taking up so much of my time with non-sensical bullshit, that i'm delayed with everything else. Some badly require tooling or new products. Some are just unnecessary processes or annoyances that should not need to be handled by another human. So lets jump right in, in no particular order:

- Jira ... nuff said? not quite because somehow some blue moon, planets aligning, act of god style set of circumstances lined up to allow this team to somehow make Jira worse. On one hand we have a gigantic Jira project containing 7 separate sub teams, a million different labels / epics and 4.2 million possible assignees, all making sure the loading page takes as long as possible to open. But the new country we've added support for in the app gets a separate project. So we have product, backend, mobile, design, management etc on one, and mobile-country2 on another. This delightfully means a lot of duplication and copy pasting from one to the other, for literally no reason what so ever.

- Everything on Jira is found through a label. Every time something happens, a new one is created. So I need to check for "iOS", "Android", "iOS-country2", "Android-country2", "mobile-<feature>", "mobile-<feature>-issues", "mobile-<feature>-prod-issues", "mobile-<feature>-existing-issues" and "<project>-July31" ... why July31? Because some fucking moron decided to do a round of testing, and tag all the issues with the current date (despite the fact Jira does that anyway), which somehow still gets used from time to time because nobody pays attention to what they are doing. This means creating and modifying filters on a daily basis ... after spending time trying to figure out what its not in the first one.

- One of my favourite morning rituals I like to call "Jira dumpster diving". This involves me removing all the filters and reading all the tickets. Why would I do such a thing? oh remember the 9000 labels I mentioned earlier? right well its very likely that they actually won't use any of them ... or the wrong ones ... or assign to the wrong person, so I have to go find them and fix them. If I don't, i'll get yelled at, because clearly it's my fault.

- Moving on from Jira. As some of you might have seen in your companies, if you use things like TestFlight, HockeyApp, AppCenter, BuddyBuild etc. that when you release a new app version for testing, each version comes with an automated change-log, listing ticket numbers addressed ...... yeah we don't do that. No we use this shitty service, which is effectively an FTP server and a webpage, that only allows you to host the new versions. Sending out those emails is all manual ... distribution groups?? ... whats that?

- Moving back to Jira. Can't even automate the changelog with a script, because I can't even make sense of the tickets, in order to translate that to a script.

- Moving on from Jira. Me and one of the remote testers play this great game I like to call "tag team ticketing". It's so much fun. Right heres how to play, you'll need a QA and a PM.

*QA creates a ticket, and puts nothing of any use inside it, and assigns to the PM.
*PM fires it back asking for clarification.
*QA adds in what he feels is clarification (hes wrong) and assigns it back to the PM.
*PM sends detailed instructions, with examples as to what is needed and assigns it back.
*QA adds 1 of the 3 things required and assigns it back.
*PM assigns it back saying the one thing added is from the wrong day, and reminds him about the other 2 items.
*QA adds some random piece of unrelated info to the ticket instead, forgetting about the 3 things and assigns it back.

and you just continue doing this for the whole dev / release cycle hahaha. Oh you guys have no idea how much fun it is, seriously give it a go, you'll thank me later ... or kill yourselves, each to their own.

- Moving back to Jira. I decided to take an action of creating a new project for my team (the mobile team) and set it up the way we want and just ignore everything going on around us. Use proper automation, and a kanban board. Maybe only give product a slack bot interface that won't allow them to create a ticket without what we need etc. Spent 25 minutes looking for the "create new project" button before finding the link which says I need to open a ticket with support and wait ... 5 ... fucking ... long ... painful ... unnecessary ... business days.

... Heres hoping my head continues to not have a bullet hole in it by then.

Id love to talk more, but those filters ain't gonna fix themselves. So we'll have to leave it here for today. Tune in again for another episode soon.

And remember to always practiseSafeHex

Worst dev team failure I've experienced?

One of several.

Around 2012, a team of devs were tasked to convert a ASPX service to WCF that had one responsibility, returning product data (description, price, availability, etc...simple stuff)
No complex searching, just pass the ID, you get the response.

I was the original developer of the ASPX service, which API was an XML request and returned an XML response. The 'powers-that-be' decided anything XML was evil and had to be purged from the planet. If this thought bubble popped up over your head "Wait a sec...doesn't WCF transmit everything via SOAP, which is XML?", yes, but in their minds SOAP wasn't XML. That's not the worst WTF of this story.

The team, 3 developers, 2 DBAs, network administrators, several web developers, worked on the conversion for about 9 months using the Waterfall method (3~5 months was mostly in meetings and very basic prototyping) and using a test-first approach (their own flavor of TDD). The 'go live' day was to occur at 3:00AM and mandatory that nearly the entire department be on-sight (including the department VP) and available to help troubleshoot any system issues.

3:00AM - Teams start their deployments
3:05AM - Thousands and thousands of errors from all kinds of sources (web exceptions, database exceptions, server exceptions, etc), site goes down, teams roll everything back.

3:30AM - The primary developer remembered he made a last minute change to a stored procedure parameter that hadn't been pushed to production, which caused a side-affect across several layers of their stack.

4:00AM - The developer found his bug, but the manager decided it would be better if everyone went home and get a fresh look at the problem at 8:00AM (yes, he expected everyone to be back in the office at 8:00AM).

About a month later, the team scheduled another 3:00AM deployment (VP was present again), confident that introducing mocking into their testing pipeline would fix any database related errors.

3:00AM - Team starts their deployments.
3:30AM - No major errors, things seem to be going well. High fives, cheers..manager tells everyone to head home.
3:35AM - Site crashes, like white page, no response from the servers kind of crash. Resetting IIS on the servers works, but only for around 10 minutes or so.
4:00AM - Team rolls back, manager is clearly pissed at this point, "Nobody is going fucking home until we figure this out!!"
6:00AM - Diagnostics found the WCF client was causing the server to run out of resources, with a mix of clogging up server bandwidth, and a sprinkle of N+1 scaling problem. Manager lets everyone go home, but be back in the office at 8:00AM to develop a plan so this *never* happens again.

About 2 months later, a 'real' development+integration environment (previously, any+all integration tests were on the developer's machine) and the team scheduled a 6:00AM deployment, but at a much, much smaller scale with just the 3 development team members.

Why? Because the manager 'froze' changes to the ASPX service, the web team still needed various enhancements, so they bypassed the service (not using the ASPX service at all) and wrote their own SQL scripts that hit the database directly and utilized AppFabric/Velocity caching to allow the site to scale. There were only a couple client application using the ASPX service that needed to be converted, so deploying at 6:00AM gave everyone a couple of hours before users got into the office. Service deployed, worked like a champ.

A week later the VP schedules a celebration for the successful migration to WCF. Pizza, cake, the works. The 3 team members received awards (and a envelope, which probably equaled some $$$) and the entire team received a custom Benchmade pocket knife to remember this project's success. Myself and several others just stared at each other, not knowing what to say.

Later, my manager pulls several of us into a conference room
Me: "What the hell? This is one of the biggest failures I've been apart of. We got rewarded for thousands and thousands of dollars of wasted time."
<others expressed the same and expletive sediments>
Mgr: "I know..I know...but that's the story we have to stick with. If the company realizes what a fucking mess this is, we could all be fired."
Me: "What?!! All of us?!"
Mgr: "Well, shit rolls downhill. Dept-Mgr-John is ready to fire anyone he felt could make him look bad, which is why I pulled you guys in here. The other sheep out there will go along with anything he says and more than happy to throw you under the bus. Keep your head down until this blows over. Say nothing."

I’m surrounded by idiots.

I’m continually reminded of that fact, but today I found something that really drives that point home.

Gather ‘round, everybody, it’s story time!

While working on a slow query ticket, I perused the code, finding several causes, and decided to run git blame on the files to see what dummy authored the mental diarrhea currently befouling my screen. As it turns out, the entire feature was written by mister legendary Apple golden boy “Finder’s Keeper” dev himself.

To give you the full scope of this mess, let me start at the frontend and work my way backward.

He wrote a javascript method that tracks whatever row was/is under the mouse in a table and dynamically removes/adds a “.row_selected” class on it. At least the js uses events (jQuery…) instead of a `setTimeout()` so it could be worse. But still, has he never heard of :hover? The function literally does nothing else, and the `selectedRow` var he stores the element reference in isn’t used elsewhere.

This function allows the user to better see the rows in the API Calls table, for which there is a also search feature — the very thing I’m tasked with fixing.

It’s worth noting that above the search feature are two inputs for a date range, with some helpful links like “last week” and “last month” … and “All”. It’s also worth noting that this table is for displaying search results of all the API requests and their responses for a given merchant… this table is enormous.

This search field for this table queries the backend on every character the user types. There’s no debouncing, no submit event, etc., so it triggers on every keystroke. The actual request runs through a layer of abstraction to parse out and log the user-entered date range, figure out where the request came from, and to map out some column names or add additional ones. It also does some hard to follow (and amazingly not injectable) orm condition building. It’s a mess of functional ugly.

The important columns in the table this query ultimately searches are not indexed, despite it only looking for “create_order” records — the largest of twenty-some types in the table. It also uses partial text matching (again: on. every. single. keystroke.) across two varchar(255)s that only ever hold <16 chars — and of which users only ever care about one at a time. After all of this, it filters the results based on some uncommented regexes, and worst of all: instead of fetching only one page’s worth of results like you’d expect, it fetches all of them at once and then discards what isn’t included by the paginator. So not only is this a guaranteed full table scan with partial text matching for every query (over millions to hundreds of millions of records), it’s that same full table scan for every single keystroke while the user types, and all but 25 records (user-selectable) get discarded — and then requeried when the user looks at the next page of results.

What the bloody fucking hell? I’d swear this idiot is an intern, but his code does (amazingly) actually work.

No wonder this search field nearly crashed one of the servers when someone actually tried using it.

Asdfajsdfk.

page not found

I'm trying to sign up for insurance benefits at work.

Step 1: Trying to find the website link -- it's non-existent. I don't know where I found it, but I saved it in keepassxc so I wouldn't have to search again. Time wasted: 30 minutes.

Step 2: Trying to log in. Ostensibly, this uses my work account. It does not. Time wasted: 10 minutes.

Step 3: Creating an account. Username and Password requirements are stupid, and the page doesn't show all of them. The username must be /[A-Za-z0-9]{8,60}/. The maximum password length is VARCHAR(20), and must include upper/lower case, number, special symbol, etc. and cannot include "password", repeated charcters, your username, etc. There is also a (required!) hint with /[A-Za-z0-9 ]{8,60}/ validation. Want to type a sentence? better not use any punctuation!

I find it hilarious that both my username and password hint can be three times longer than my actual password -- and can contain the password. Such brilliant security.

My typical username is less than 8 characters. All of my typical password formats are >25 characters. Trying to figure out memorable credentials and figuring out the hidden complexity/validation requirements for all of these and the hint... Time wasted: 30 minutes.

Step 4: Post-login. The website, post-login, does not work in firefox. I assumed it was one of my many ad/tracker/header/etc. blockers, and systematically disabled every one of them. After enabling ad and tracker networks, more and more of the site loaded, but it always failed. After disabling bloody everything, the site still refused to work. Why? It was fetching deeply-nested markup, plus styling and javascript, encoded in xml, via api. And that xml wasn't valid xml (missing root element). The failure wasn't due to blocking a vitally-important ad or tracker (as apparently they're all vital and the site chain-loads them off one another before loading content), it's due to shoddy development and lack of testing. Matches the rest of the site perfectly. Anyway, I eventually managed to get the site to load in Safari, of all browsers, on a different computer. Time wasted: 40 minutes.

Step 5: Contact info. After getting the site to work, I clicked the [Enroll] button. "Please allow about 10 minutes to enroll," it says. I'm up to an hour and 50 minutes by now. The first thing it asks for is contact info, such as email, phone, address, etc. It gives me a warning next to phone, saying I'm not set up for notifications yet. I think that's great. I select "change" next to the email, and try to give it my work email. There are two "preferred" radio buttons, one next to "Work email," one next to "Personal email" -- but there is only one textbox. Fine, I select the "Work" preferred button, sign up for a faux-personal tutanota email for work, and type it in. The site complains that I selected "Work" but only entered a personal email. Seriously serious. Out of curiosity, I select the "change" next to the phone number, and see that it gives me four options (home, work, cell, personal?), but only one set of inputs -- next to personal. Yep. That's amazing. Time spent: 10 minutes.

Step 6: Ranting. I started going through the benefits, realized it would take an hour+ to add dependents, research the various options, pick which benefits I want, etc. I'm already up to two hours by now, so instead I decided to stop and rant about how ridiculous this entire thing is. While typing this up, the site (unsurprisingly) automatically logged me out. Fine, I'll just log in again... and get an error saying my credentials are invalid. Okay... I very carefully type them in again. error: invalid credentials. sajfkasdjf.

Step 7 is going to be: Try to figure out how to log in again. Ugh.

"Please allow about 10 minutes" it said. Where's that facepalm emoji?

But like, seriously. How does someone even build a website THIS bad?

> Root struggles with her ticket
> Boss struggles too
> Also: random thoughts about this job

I've been sick lately, and it's the kind of sick where I'm exhausted all day, every day (infuriatingly, except at night). While tired, I can't think, so I can't really work, but I'm during my probationary period at work, so I've still been doing my best -- which, honestly, is pretty shit right now.

My current project involves legal agreements, and changing agent authorization methods (written, telephone recording, or letting the user click a link). Each of these, and depending on the type of transaction, requires a different legal agreement. And the logic and structure surrounding these is intricate and confusing to follow. I've been struggling through this and the project's ever-expanding scope for weeks, and specifically the agreements logic for the past few days. I've felt embarrassed and guilty for making so little progress, and that (and a bunch of other things) are making me depressed.

Today, I finally gave up and asked my boss for help. We had an hour and a half call where we worked through it together (at 6pm...). Despite having written quite a bit of the code and tests, he was often saying things like "How is this not working? This doesn't make any sense." So I don't feel quite so bad now.

I knew the code was complex and sprawling and unintuitive, but seeing one of its authors struggling too was really cathartic.

On an unrelated note, I asked the most senior dev (a Macintosh Lisa dev) why everything was using strings instead of symbols (in Rails) since symbols are much faster. That got him looking into the benchmarks, and he found that symbols are about twice as fast (for his minimal test, anyway), and he suggested we switch to those. His word is gold; mine is ignorable. kind of annoying. but anyway, he further went into optimizing the lookup of a giant array of strings, and discovered bsearch. (it's a divide-and-conquer lookup). and here I am wondering why they didn't implement it that way to begin with. 🙄

I don't think I'm learning much here, except how to work with a "mature" codebase. To take a page from @Rutee07, I think "mature" here means the same as in porn: not something you ever want ot see or think about.

I mean, I'm learning other things, too, like how to delegate methods from one model to another, but I have yet to see why you would want to. Every use of it I've explored thus far has just complicated things, like delegating methods on a child of a 1:n relation to the parent. Which child? How does that work? No bloody clue! but it does, somehow, after I copy/pasted a bunch of esoteric legacy bs and fussed with it enough.

I feel like once I get a good grasp of the various payment wrappers, verification/anti-fraud integration, and per-business fraud rules I'll have learned most of what they can offer. Specifically those because I had written a baby version of them at a previous job (Hell), and was trying to architect exactly what this company already has built.

I like a few things about this company. I like my boss. I like the remote work. I like the code reviews. I like the pay. I like the office and some socializing twice a year.

But I don't like the codebase. at all. and I don't have any friends here. My boss is friendly, but he's not a friend. I feel like my last boss (both bosses) were, or could have been if I was more social. But here? I feel alone. I'm assigned work, and my boss is friendly when talking about work, but that's all he's there for. Out of the two female devs I work with, one basically just ignores me, and the other only ever talks about work in ways I can barely understand, and she's a little pushy, and just... really irritating. The "senior" devs (in quotes because they're honestly not amazing) just don't have time, which i understand. but at the same time... i don't have *anyone* to talk to. It really sucks.

I'm not happy here.
I miss my last job.

But the reason I left that one is because this job allows me to move and work remotely. I got a counter-offer from them exactly matching my current job, sans the code reviews. but we haven't moved yet. and if I leave and go back there without having moved, it'll look like i just abandoned them. and that's the last thing I want them to think.

So, I'm stuck here for awhile.
not that it's a bad thing, but i'm feeling overwhelmed and stressed. and it's just not a good fit. but maybe I'll actually start learning things. and I suppose that's also why I took the job.

So, ever onward, I guess.
It would just be nice if I could take some of the happy along with me.

So before today, I'd never used GoDaddy before. Not even once. My supervisor walks in and happily informs me that I'm going to be adding photos to a website that she does editing for. Okay, fine, that's stupidly easy. What I did not realize, however, is that this entire website had been built using GoDaddy's site builder, and if you're not familiar with it, thank whatever gods you worship that you've dodged that bullet. I hardly want to go wandering around somebody else's web hosting, so I search about for a bit praying that there's SOME semblance of a normal text editor someplace, because text editors make me happy and all, and find very little on the regular site. Already not thrilled. So I figure, how bad is this site editor? Really, how bad can it possibly be?
Oh, you poor misguided son of a -
Anyway, I go in and look at the site. Slideshows everywhere, nothing is aligned correctly, it's a web designer's nightmare. Thankfully, I'm not a web designer, so I press on and reorganize a little bit. I try slapping a new slideshow on their, and discover that unlike the way it SHOULD work, elements do not move to allow for other elements, they just sit there and let you throw things on top of them. I stare at my neatly-stacked slideshows for a second in utter disbelief, knowing but not really accepting that I'm going to need to take every last one of those slideshow elements and slide those little so-and-so's down by hand. ....why? Who designed this? Who decided that was a good idea? I do some Googling to see if there's anything out there to make this less horrid, and lo and behold I find a GoDaddy page about their FTP file manager! It's under web/classic hosting, which apparently means it's deprecated because I spent the next ten minutes hunting around for the "web hosting" link those chicken-lickers were so proud of and it's nowhere to be found.
Alright, so they want to do this the hard way.
At this point I'm screaming internally and PRAYING that I'm just being stupid and not seeing anything to make it easi-
No, not even easier. Just less stupid. This website builder makes no sense. It's like hiring a contractor to build a bridge and handing him a box of Legos and a banana.
So I do more googling and find instructions on getting to the file manager. FINALLY. The first step is find "Hosting" under "My Products." I rush over to My Products joyfully, hoping I can get this stupid website up and running reasonably quickly, and...!
There's no hosting tab.
No button.
Not even a little hard-to-see link. At this point my brain is screaming. WHY would you give me a website builder but absolutely no way to actually write the website? Do people actually use this thing? I mean, I get it if they want to make it nice and accessible for people to make websites without overwhelming them with HTML but if they know how to edit the website and they don't want your help, why would you force me in to this? Why? Then it occurred to me that maybe the organization just hasn't ever had a web developer in it, ever, or at least not one who was willing to help out with the website, so they purposefully signed up for hosting that deprived them of any kind of HTML editor. Then on top of all of that, I noticed that on the home page, which had been edited by someone else long before I ever looked at it, ALSO had one of these stupid slideshows that I had to reorganize by hand, and some sad, angry little man had put in one of the photos sideways. It was SIDEWAYS. Just sitting there on its side, the photo's occupants staring at me with sad eyes begging me to turn them facing up again. I sat there and stared at a badly-designed website in a questionably-designed editor. And I wondered. I wondered who put this all together, and I wondered why *I* was the one doing it, when I work for a university and the website was for some beach homeowner's association. And I wondered if this job was a task that my supervisor had agreed to do and just passed off onto an office monkey. And I wept bitter tears at the realization that I am that office monkey.

Apparently, part of being a software engineer means knowing how to read minds and do other people's jobs.

While implementing a user story for marketing, we found some associated features that, according to the database, have not been used for years. We tell them this. We do the courtesy of asking, "Hey, is there anything on the site that is utilizing these features? We'd like to clean up the DB."

"We don't know."

Engineering suggests, "Ok, lets turn the feature off, then, and see if anyone complains. It's been years according to the DB."

Marketing gets angry and hostile and says, "That's not the way to do things!"

I don't vocalize, "Well, not knowing how to do your own damned job is not the way to do things."
-
Marketing asks us to integrate a third party feature to the site. We ask, "Ok, what page do you want it on, and what information do you want to collect, and what should it look like?"

"I don't know. You're engineering. You tell us."

We implement it as best we can.

Marketing says, "HEY! This isn't done right! It's missing this and this and this!"

"Did you ask us to implement that? According to the user story, it passes acceptance criteria."

Marketing says, "I thought you would just know that! I didn't know it was a separate thing. Just put it on all the pages, then. You guys really should know the site better."

Engineering gets angry and hostile
-
Marketing says, "We need this removed from the site."

Engineering replies, "We have a GUI for that. Just go to this URL and you can do it yourself."

Marketing replies, "Well, if that's a really complicated thing, can you just run a script against the DB?"

Engineering says, "If we've built a UI for you, we really shouldn't be executing SQL scripts directly against the DB."

Marketing gets angry and hostile.
-
Engineering tries asking nicely.

"Marketing, if you want us to add new stuff to the site, or change stuff, please tell us what it is and where it should go and what the customer experience should be like."

Marketing replies, "We don't know the site that well. We are leaning on you to tell us."

I do not vocalize, all while trying to keep my eyes from bulging out of my head, my face red with rage, "YOU ARE IN CHARGE OF SELLING SHIT ON A WEBSITE THAT YOU KNOW NOTHING ABOUT. YOU ARE ASKING FOR CHANGES TO SOMETHING YOU DON'T EVEN UNDERSTAND. WHAT IS WRONG WITH THIS PICTURE?"

Engineering is angry and hostile.

If found a Website with a nice Guestbook. Funny thing: HTML-Code and JavaScript-Code in the message was not getting escaped. So I wrote a little JS-Script wich alerts “Nope“ and the then redirects to pornhub.com after page load.

After about 2 WEEKS of funny redirecting, they updated their site and HTML-Code is now getting escaped.

About 6 years ago, my boss found out about social media and how he could use it to boost his business. So he created a Facebook page.

A week later he called me to his office and asked me to move the page's profile picture from left to right. I told him this was not possible and was something Facebook doesn't allow us to do.

Next thing I know he started telling me to check and try before I say no, and should never say no as anything was possible.

Obviously, I quit.

Prologue
My dad has an acquaintance - let's call him Tom. Tom is an gynecologist, one of the best in Poznań, where I live. He's a great guy but absolutely can not into tech of any kind besides his iPhone and basic PC usage. For about a year now I've been doing small jobs for him - build a new PC for his office, fix printer, fix wifi, etc. He has made a big mistake few years ago by trusting a guy, let's call him Shitface, with crating him software for work. It's supposed to be pretty simple piece of code in which you can create and modify patient file, create prescription from drugs database and such things. This program is probably one of the worst pierces of code I've ever seen and Shitface should burn for that. Worse, this guy is pretentious asshole lacking even basic IT knowledge. His code is garbage and it's taking him few months to make small changes like text wrapping. But wait, there's more. Everything is hardcoded so every PC using this software must have installed user controls for which he doesn't have license and static IP address on network card.
Part 1
Tom asked me to build him a new PC that will be acting like a server for Shitface's program. He needs it in Kalisz (around 150 km from my place). I Agred (pun intended) and after Tom brought me his old computer I've bought parts and built a new one. I have also copied everything of value and everything took me around three hours.
Part 2
Everything was ready but Shitface's program. I didn't know much about it's configuration so when I've noticed that it's not working even on the old PC I got a bit worried. Nevertheless I started breaking everything I know about it and after next three hours I've got it somewhat working. Seeing that there's still some problems with database connection (from Windows' Event Viewer) I wrote quick SMS to Shitface asking what can be wrong. He replied that he won't be able to help me any way until Monday (day after deadline). I got pissed and very courteously asked him for source code because some of libraries used in this project has license that requires either purchase of commercial license or making code open source. He replied within few minutes that he'll be able to connect remotely within next 10 minutes. He was trying to make it work for the next hour but he succeeded. It was night before deadline so I wrapped everything up and went to bed thinking that it won't take me more than an hour to get this new PC up and running in the office. Boy was I wrong.
Also, curious about his code, I've checked source and he is using beautiful ponglish (mixed Polish and English) with mistakes he couldn't even bother to fix. For people from Poland, here's an example:
TerminarzeController.DeleteTerminarzShematyDlaLekarza
Part 3
So I drove to Kalisz and started working on making everything work. Almost everything was ready so after half an hour I was done. But I wanted to check twice if it's all good because driving so far second time would be a pain. So I started up Shitface's program, logged in, tried to open ANYTHING and... KABUM. UNHANDLED EXCEPTION. WTF. I checked trace and for fuck sake something was missing. Keep in mind that then I didn't know he's using some third party control for Windows Forms that needs to be installed on client PC. After next fifteen minutes of googling I've found a solution. I just had to install this third party software and everything will work. But... It had to be exactly this version and it was old. Very old. So old that producent already removed all traces of its existence from their web page and I couldn't find it anywhere. I tried installing never version and copying files from old PC but it didn't work. After few hours of searching for a solution I called Mr Shitface asking him for this control installation file. He told me that he has it but will be able to send it my way in the evening. Resigned I asked for this new PC to be left turned on and drove home. When he sent me necessary files I remotely installed them and everything started working correctly.
So, to sum it up. Searching for parts and building new PC, installing OS and all necessary software, updating everything and configuring it for Tom taste took me around what, 1/3 of time I spent on installing Mr Shitface's stupid program which Tom is not even happy with. Gotta say it was one of worst experiences I had in recent months. Hope I won't have to see this shit again.
Epilogue
Fortunately everything seems to work correctly. Tom hasn't called me yet with any problems. Mission accomplished. I wanna kill very specific someone. With. A. Spoon.

My code review nightmare part 2

Team responsible for code 'quality' dictated in their 18+ page coding standard document that all the references in the 'using' block be sorted alphabetically. Easy enough in Visual Studio with the right-click -> 'Remove and Sort Usings', so I thought.

Called into a conference room with other devs and the area manager (because 'Toby' needed an audience) focusing on my lack of code quality and not adhering to the coding standard.

The numerous files in question were unit tests files

using Microsoft.VisualStudio.TestTools.UnitTesting;
using System.Collections.Generic;
using System.Linq;
<the rest of the usings>

T: "As you can see, none of these files' usings are in alphabetical order"
Me: "Um, I think they are. M comes before S"
T: "The standards clearly dictate system level references are to be sorted first."
Mgr: "Yes, why didn't you sort before checking this code in? T couldn't have made the standards any easier to follow. All you had to do is right-click and sort."
Me: "I did. M comes before S."
T: "No You Didn't! That is not a system reference!"
Me: "I disagree. MSTest references are considered a system level reference, but whatever, I'll move that one line if it upsets you that much."
Mgr: "OK smartass, that's enough disrespect. Just follow the fucking standard."
T: "And learn to sort. It's easy. You should have learned that in college"
<Mgr and T have a laugh>
Me: "Are all your unit tests up to standard? I mean, are the usings sorted correctly?"
T:"Um..well..of course they are!"
Me: "Lets take a look."

I had no idea, a sorted usings seems like a detail no one cares about that much and something people do when bored. I navigate to project I knew T was working on and found nearly all the file's usings weren't sorted. I pick on one..

using NUnit;
using Microsoft.Something.Other;
using System;
<the rest of the usings>

Me: "These aren't sorted..."
T: "Uh..um...hey...this file is sorted. N comes before M!"
Me: "Say that again. A little louder please."
Mgr: "NUnit is a system level nuget package. It's fine. We're not wasting time fixing some bug in how Visual Studio sorts"
Me: "Bug? What?..wait...and having me update 10 or so files isn't a waste of time?"
Mgr: "No! Coding standards are never a waste of time! We're done here. This meeting is to review your code and not T's. Fix your bugs and re-submit the code for review..today!"

My parents are real sticklers for who is allowed to be on Netflix. They only let people on when they are present, and they never click 'save password'.

Me being a poor college student and desperate for the Netflix password, created a fake website for one of my parents to sign into.

How did I do this? I created my own localhost server with a backend database for the password to go to. I then copied the Netflix home screen and log in and asked them to log me into their account.

They said I can be on for one hour, and then they were signing me out.

I agreed to these terms.

As a small twist, I had also copied the no internet tab from Chrome for the page to redirect to. Knowing that once they logged in they would be expecting the main UI.

They logged in and then waited for the page to load. I, of course, put in a delay for the page to load and then displayed the no internet tab. They were confused and asked me to refresh, still nothing. I asked them if the router was out, and they went to check.

While they were away I quickly switched back to the real Netflix website and yelled back saying I got it working again. They came back over and saw that it was asking for a password again. They signed in and saw the main homepage and none were the wiser that day.

Once they left I checked inside the DB and found the plaintext password they typed in... The damn password was so simple, I cursed myself for not having figured it out sooner. No matter, I had my parents Netflix password.

So you're probably wondering how they didn't see the URL above and think something was off?

I pressed F11 and fullscreened my entire browser. They did ask, and I simply replied with, I don't like seeing all the crap up above when I'm streaming. No further questions, perhaps I was lucky.

Warning: long read....

I got a call this morning from a client who was panicking about not being able to login to his web panel.

So I went to the web panel and tried to login and was just redirected back to the login page. No errors or anything (at least visible on the page). Went looking for an error_log file and found it.

It turns out there was an error was showing: Disk quota exceeded.

So I went into the cPanel and checked, he used about 16GB out of 100GB and that got me confused. So I looked around and found out he was using about 510000/500000 inodes.

Went looking trough FTP to see where he has so many files and try and remove some.

Well it turns out that there were about 7 injected websites (warez, online casino, affiliate one etc) and a full hacking web panel on his FTP. After detailed analysis some who actually built the site (I just maintain some parts) made an upload form available to public with any checks on it. Meaning anyone could upload whatever they wanted and the form would allow it.

The worst part is that the client is not allowing us to secure the form with some sort of login or remove it completely (the best option) as it is not really needed but he uses it to upload some pdf catalogs or something.

TL; DR;
Old programmer created an upload form that was accessible to anyone on the web without adding any security or check as to see what kind of files was getting uploaded. Which lead to having maximum number on inodes used on server and client being unable to login.

Side note:
And ofc I had to go and fix the mess behind him again, even though he stopped working a long time ago and I started just recently and have been having nightmares of this project.

few years back there was a corruption scandal in my country, serbia. one of the ministries paid around 25,000 euros for a website to a company that was founded few weeks before the open call. for comparrison sake average pay at the time was around 300 euros. the website it self didn t have any special features, just publishing contenet. wordpress would do the job. on a press confference, trying to defend the cost, spokesperson of the ministry said that the website was made in "cms programming language".

it community lost it! mems started immediatelly, "i am learning cms language so i could charge 25.000 per project". and then one guy got intrigued, found the login page, and typed:

username: admin
password: 12345

and got in!!!!
i kid you not!

he posted featured news on the homepage, saying hey guys your credentials probably shouldn t be admin/12345. twitter was on fire, everyone started loging in and posting shit.

and the crasiest part is that this guy was arrested and charged for cyber-crime!

I starten when I was 12 years old. I got bullied and got interested in computers. One day I crashed my dads computer and he reinstalled it. After that my dad made two accounts. The regular user (my account) and the Administrator user (my dads account). He also changed the language from Dutch to English. Gladly I could still use the computer by looking at the icons :')

Everytime I needed something installed I had to ask my dad first (for games mostly because there was no cable internet at that time). Then I noticed the other user account while looking over my dads shoulders. So I tried to guess the password and found out the password was the same as the label next to the password field "password".

At that point my interest in hacking had grown. So when we finally got cable internet and my own computer (the old one) MSN Messenger came around. I installed lots of stuff like flooders etc. Nobody I knew could do this and people always said; he is a hacker. Although it is not.

I learned about IP-address because we sometimes had trouble with the internet. So when my dad wasn't home he said to me. Click on this (command prompt) and type in; ipcondig /all. If you don't see an IP-address you should type in; ipconfig /renew.

Thats when I learned that every computer has a unique address and I started fooling around with hacking tools I found on internet (like; Subseven).

When I got older I had a new friend and fooled around with the hacking tools on his computer. Untill one day I went by my friend and he said; my neighbor just bought my old computer. The best part was that he didn't reinstall it. So we asked him to give us the "weird code on the website" his IP-Address and Subseven connected. It was awesome :'). (Windows firewall was not around back then and routers weren't as popular or needed)

At home I started looking up more hacking stuff and found a guide. I still remember it was a white page with only black letters like a text file. It said sometime like; To be a hacker you first need to understand programming. The website recommended Visual Basic 6 for beginners. I asked my parents to buy me a book about it and I started reading in the holliday.

It was hard for me but I really wanted to hack MSN accounts. When I got older I just played around and copy -> pasted code. I made my own MSN flooders and I noticed hacking isn't easy.

I kept programming and learned and learned. When I was 16/17 I started an education in programming. We learned C# and OOP (altho I hated OOP at first). I build my own hacking tool like "Subseven" and thats when I understood you need a "server" and "client" for a successful connection.

I quit the hacking because it was getting to difficult and after another education I'm now a fulltime back-end developer in C#.

That's my story in short :)

So today, I managed to make one of my colleagues feel like an idiot. In this contract, I work mostly for ui integration, while he build the pages with angular before I add all the html structure and fancy css.

We are building the front-end/ui for an industrial device with a touch screen. For that last 2 days he was blocked on a bug that when you click the confirm button on a delete popup, it would somehow select an input in the page before it was deleted and would lock the ui when showing the virtual keyboard (the poor thing didn't know what to do and wouldn't close).

During those two days, he asked all the other devs for help, trying to find a pattern or anything that could help, while I was focused on writing my css and stuff since it was my priority and I was hired specifically for that (I was aware of the bug and gave my input but I never saw it being reproduced)

So today, he start his new routine of raging at his desk and he decides to show me on my device for some reason. I immediately notice a pattern. It would always select one of the two fields behind the popup, in the click area of the button (it's a big button). Then, I noticed that I could press a random spot on the screen, drag my finger on the button and let go and nothing would happen.

It's at this moment I knew I had found the bug. The button was set to emit an event on mousedown while the inputs behind it were set to emit an event on mouseup (like it should be everywhere). So the popup closed when you placed your finger on the screen and the input was selected immediately after when you removed your finger (which was usually faster than the page code which was not yet optimized)

After that, it was just an easy fix to change the listener and I had a free beer.

Dev: Hay dude , look this page is broken, how long has it been like this.
Me: No? 🤔, Weren't you working on the Database for this yesterday?
Dev: I didn't change anything yet...
Me: Okay, let's do a git bisect and see where this came from.
...After going back in history and checking out like 3 commits.
Dev: It's fine I'll just search for it
Me: 😕, that's what we are doing the bisect for?
Dev: But we've already looked at so many!?
...After some time of convincing, finds good commit, does the bisect and finds offending piece of code. The database details changed.
Me: okay so while it's still pointing to the old database it's working but switch it to the latest one and it breaks. You sure you didn't change anything?
Dev: I didn't do anything.
Me: okay well it seems to me like it must be a database issue, let me know what you find.
10min later...
Dev: Hay dude, soo I found it, I accidentally renamed a table
In my mind: 😲😲😲

I hate working at a company with bad practices like saving database config into git and not making a copy of the database when you intend to work on it, and not edit the f'ing live instance! Not even close to the luxury of migrations.

got given the job of removing a menu link on a site my company hadn't built today.

biggest pile of dung ever! the site had folders for 5 different back end languages all full of random files not in use.

I dug around and found it was using a big framework that produces a massive single variable and outputs it as the page.

Eventually I realised this wasn't in use either but was still being loaded in the site! in fact the site even has a database and an admin login but the stupid original dev hard coded all the content in and runs includes to files in the admin folder directly from config!

such a confusing, pointless, shit site! Its like building a car and driving it like Fred from the Flintstones....

Skipped my lectures at university just to get my new Dell laptop at home.

Here is my experience of dell account portal:

There is a 50-50 chance that your order will appear in the list of orders. It has it's own mind, sometimes it will appear, sometimes it will say it has found no orders.

Now if somehow you do see the order in the list, there is a 50-50 chance that clicking on the order number will actually show you the correct order. Most of the time it will take you to a completely different order, where you can see the name, address and other personal details of a person that you don't know. THANKS DELL!

Now if somehow clicking on the order number takes you to the right order details page, there is a 50-50 chance that there will be no courier information, it will be blank without any information. Sometimes it will show the tracking number, but no courier details.

Right, now let's say that I don't give a fuck about any of these. I stayed home, skipping my lecture, just so that I can get my laptop. They promised me that they will deliver it today and I trust them 🙂

BUT YOU MOTHERFUCKER, not only that they will not deliver it today, they haven't even bothered to give me a call and say that they won't be delivering it today. YOU PIECE OF HORSESHIT, I skipped my fucking lectures for you. Now I have to skip my lectures for another day, just to get my GODDAMN laptop.

FUCK YOU DELL, DIE IN HELL!

Watch out for these fucking bug bounty idiots.

Some time back I got an email from one shortly after making a website live. Didn't find anything major and just ran a simple tool that can suggest security improvements simply loading the landing page for the site.

Might be useful for some people but not so much for me.

It's the same kind of security tool you can search for, run it and it mostly just checks things like HTTP headers. A harmless surface test. Was nice, polite and didn't demand anything but linked to their profile where you can give them some rep on a system that gamifies security bug hunting.

It's rendering services without being asked like when someone washes your windscreen while stopped at traffic but no demands and no real harm done. Spammed.

I had another one recently though that was a total disgrace.

"I'm a web security Analyst. My Job is to do penetration testing in websites to make them secure."
"While testing your site I found some critical vulnerabilities (bugs) in your site which need to be mitigated."
"If you have a bug bounty program, kindly let me know where I should report those issues."
"Waiting for response."

It immediately stands out that this person is asking for pay before disclosing vulnerabilities but this ends up being stupid on so many other levels.

The second thing that stands out is that he says he's doing a penetration test. This is illegal in most major countries. Even attempting to penetrate a system without consent is illegal.

In many cases if it's trivial or safe no harm no foul but in this case I take a look at what he's sending and he's really trying to hack the site. Sending all kinds of junk data and sending things to try to inject that if they did get through could cause damage or provide sensitive data such as trying SQL injects to get user data.

It doesn't matter the intent it's breaking criminal law and when there's the potential for damages that's serious.

It cannot be understated how unprofessional this is. Irrespective of intent, being a self proclaimed "whitehat" or "ethical hacker" if they test this on a site and some of the commands they sent my way had worked then that would have been a data breach.

These weren't commands to see if something was possible, they were commands to extract data. If some random person from Pakistan extracts sensitive data then that's a breach that has to be reported and disclosed to users with the potential for fines and other consequences.

The sad thing is looking at the logs he's doing it all manually. Copying and pasting extremely specific snippets into all the input boxes of hacked with nothing to do with the stack in use. He can't get that many hits that way.

Highlights from my week:

Prod access: Needed it for my last four tickets; just got it approved this week. No longer need it (urgently, anyway). During setup, sysops didn’t sync accounts, and didn’t know how. Left me to figure out the urls on my own. MFA not working.

Work phone: Discovered its MFA is tied to another coworker’s prod credentials. Security just made it work for both instead of fixing it.

My merchant communication ticket: I discovered sysops typo’d my cronjob so my feature hasn’t run since its release, and therefore never alerted merchants. They didn’t want to fix it outside of a standard release. Some yelling convinced them to do it anyway.

AWS ticket: wow I seriously don’t give a crap. Most boring ticket I have ever worked on. Also, the AWS guy said the project might not even be possible, so. Weee, great use of my time.

“Tiny, easy-peasy ticket”: Sounds easy (change a link based on record type). Impossible to test locally, or even view; requires environments I can’t access or deploy to. Specs don’t cover the record type, nor support creating them. Found and patched it anyway.

Completed work: Four of my tickets (two high-priority) have been sitting in code review for over a month now.

Prod release: Release team #2 didn’t release and didn’t bother telling anyone; Release team #1 tried releasing tickets that relied upon it. Good times were had.

QA: Begs for service status page; VP of engineering scoffs at it and says its practically impossible to build. I volunteered. QA cheered; VP ignored me.

Retro: Oops! Scrum master didn’t show up.

Coworker demo: dogshit code that works 1 out of 15 times; didn’t consider UX or user preferences. Today is code-freeze too, so it’s getting released like this. (Feature is using an AI service to rearrange menu options by usage and time of day…)

Micromanager response: “The UX doesn’t matter; our consumers want AI-driven models, and we can say we have delivered on that. It works, and that’s what matters. Good job on delivering!”

Yep.
So, how’s your week going?

Time to rant about JavaScript tutorials.

If you don't know the 'jQuery basic arithmetic' joke, Google it now. It'll make you laugh, promised.

In that manner i just remembered a JavaScript tutorial my fiancee tried to follow when she did an internship at the company i work for last year.

She was tasked to create a temperature interface for our server rack, which she wanted to do via an Arduino and a webserver aswell as an SQL database.

The Arduino part wasn't really a problem, but since she had no experience with js she very closely clinged to a chart visualisation tutorial.

All of that worked very well, but beeing the person i am i looked at the code and found something off.

The chart library had no dependencies to external libraries or any local files for any of them. Though the tutorial used a jQuery import.

So why did it use jQuery?
Well...
To load the chart initialization after the page has loaded.

So they pulled the entirety of jQuery in just to do what fucking window.addEventListener('DOMContentLoaded',function(){...}); could have done.

I wonder how many people who just want something to work did this shit. I hate it that so many tutorials do not adhere any kinds of standards, override behavior because they don't like it, even though it may have a very good reason to exist, pull entire libraries in for something vanilla <language> can do in 3 lines, etc.

Fuck.

Sure thing.

Disclaimer: Long tale of a tech support job. Also the wk29 story is at the bottom.

One time I was working tech support for a website and email hosting firm that was in town. I was hired and worked as the only tech support person there, so all calls came in through me. This also meant that if I was on a call, and another one came through, they would go straight to voice mail. But I couldn't hang up calls either, so, sometimes someone would take up tons of time and I'd have to help them. I was also the "SEO" and "Social Media Marketing" person, as well; managed peoples' social media campaigns. I have tons of stories from this place but a few in particular stick out to me. No particular order to these, I'm just reminiscing as I write this.

I once had to help a man who couldn't find the start button on his computer. When I eventually guided him to allowing me to remote into his computer via Team Viewer, I found he was using Windows XP. I'm not kidding.

I once had to sit on the phone with a man selling Plexus Easy Weight Loss (snake oil, pyramid scheme, but he was a client) and have him yell at me about not getting him more business, simply because we'd built his website. No, I'D not built his website, but his website was fine and it wasn't our job to get him more business. Oh yeah, this is the same guy who said that he didn't want the social media marketing package because he "had people to hide from." Christ.

We had another client who was a conspiracy theorist and wanted the social media marketing package for his blog, all about United States conspiracies. Real nut case. But the best client I've ever had because sometimes he'd come into the office and take up my time talking at me about how Fukushima was the next 911 and that soon it'll spill into the US water supply and everybody was going to die. Hell, better than being on the phone! Doing his social media was great because he wanted me to post clearly fake news stories to his twitter and facebook for him, and I got to look at and manage all the comments calling him out on his bullshit. It was kinda fun. After all, it wasn't _me_ that believed all this. It felt like I was trolling.

[wk29] I was the social media and support techie, not a salesperson. But sometimes I was put in charge _alone_ in front of clients for status meetings about their social media. This one time we had a client who was a custom fashion-type person. I don't really remember. But I was told directly to make them a _new_ facebook page and post to it every day with their hot new deals and stuff. MONTHS pass since I do that and they come in for a face-to-face meeting. Boss is out doing... boss things and that means I have to sit in with her, and for some fucking reason she brought her boyfriend AND HER DAD. Who were both clearly very very angry with me, the company, and probably life. They didn't ever say anything at first, they didn't greet me, they were both just there like British royal guards. It was weird as fuck. I start showing them the page, the progress on their likes goals, etc etc. Marketing shit. They say, "huh, we didn't see any of these posts at home." Turns out they already had a Facebook page, I was working on a completely seperate one, and then the boyfriend finally chimes in with the biggest fucking scowl, "what are you going to do about this?" He was sort of justified, considering this was a payed and semi-expensive service we offered, but holy shit the amount of fire in all three of them. Anyway, it came down to me figuring out how to merge facebook pages, but they eventually left as clients. Is this my fuck up? Is it my company's? Is it theirs? I don't know but that was probably the most awkward meeting ever. Don't know if it comes across through text but the anxiety was pretty real. Fuck.

tl;dr Tech support jobs are a really fun and exciting entry level position I recommend everybody apply for if they're starting out in the tech world! You'll meet tons of cool people and every day is like a new adventure.

I knew I'm in this too deep last night when I lay awake on my bed at 4:04 and all I thought was 404 sleep not found

Do you have a ‘Drama Queen’ on your team?
This happened last week.
DK = Drama Queen
DK: “OMG..the link to the document isn’t working! All I get is page not found. I’m supposed to update the notes for this project…and now I can’t! What the _bleep_ and I supposed to do now?!...I don’t understand how …”
This goes on for it seems 5 minutes.
Me: “Hold on...someone probably accidently mistyped the file name or something. I’m sure the document is still there.”
DK: “Well, I’ll never find it. Our intranet is a mess. I’m going to have to tell the PM that the project is delayed now and there is nothing I can do about it because our intranet is such a mess.”
Me: “Maybe, but why don’t you open up the file and see where the reference is?”
DK: “Oh, _bleep_ no…it is HTML…I don’t know anything about HTML. If the company expects me to know HTML, I’m going to have to tell the PM the project is delayed until I take all the courses on W3-Schools.”
Me: “Um…you’ve been developing as long as I have and you have a couple of blogs. You know what an anchor tag is. I don’t think you have to take all those W3 courses. It’s an anchor tag with a wrong HREF, pretty easy to find and fix”
DK: “Umm…I know *my* blog…not this intranet mess. Did you take all the courses on W3-Schools? Do you understand all the latest web html standards?”
Me: “No, but I don’t think W3 has anything to do the problem. Pretty sure I can figure it out.”
DK: “ha ha…’figuring it out’. I have to know every detail on how the intranet works. What about the javascript? Those intranet html files probably have javascript. I can’t make any changes until I know I won’t break anything. _bleep_! Now I have to learn javascript! This C# project will never get done. The PM is going to be _bleep_issed! Great..and I’ll probably have to work weekends to catch up!”
While he is ranting…I open up the html file, locate the misspelling, fix it, save it..
Me: “Hey..it’s fixed. Looks like Karl accidently added a space in the file name. No big deal.”
DK:”What!!! How did you…uh…I don’t understand…how did you know what the file name was? What if you changed something that broke the page? How did you know it was the correct file? I would not change anything unless I understood every detail. You’re gonna’ get fired.”
Me: “Well, it’s done. Move on.”

TLDR; Go to bottom of post.

Around this time two years ago was the start of my group project in University. The project was to write an app in android and have a web side to it too. The group was to be overseen by a member of staff. The first meeting was introductions and to look at the spec, during the second we were to decide a group leader (PM) and other positions.
A person I shall call BD and I volunteered for PM. I didn't have experience with leadership but wanted some, and was the only one with confidence in android, the biggest part of the system. I got four of the votes.
BD, with his scouts experience, not being afraid to breathe down people's necks and bash some heads together, and having been PM last year, with his group receiving 69% (he failed the year and was resitting), earned 5. One guy was missing.
When it came to sorting out roles and responsibilities, BD confessed to not being a strong coder but that he'd help here and there. His role was planning our deadlines, doing our Gantt chart for deliverables, and was supposed to write a really detailed spec. He didn't have it at the meeting of the next week, as it was still in the works, and never messaged anyone. Next week he turned up with a Gantt chart of 1A4 page that only included the deadlines and deliverables in the spec, with three colours. One for android team, one for DB guy, and one for web team.
The guy who didn't turn up for voting got a girlfriend, a job at mcdonalds and did barely a thing. One guy in the web team did everything, carrying his friend who wouldn't do work (and also got swept out to see in a rubber boat with one of his bros lol (he was rescued)), and even though I'd done android dev I wasn't as quick a learner as two others in the team. Out of 10 people, 6 did real work.
The web guys stopped coming to meetings as they were taken over by android talk, and as we were quite behind, BG tried yellow carding them. They turned around with the website pretty much done, this one guy doing more than the 4 of us on android had. Yellow card lifted. We'd already complained about BD and his lack of everything (except screen brightness as he sat at the front of the lecture theatres with his wide brimmed hat looking at 9gag and videos (remembering he said he was resitting that year)) but grew a stronger dislike. Found out that he spent most of his time with his gf at our secretary/fellow android dev's house. Come coding week, he disappears entirely, only to attend meetings. He gave us a shell of the android code used for his previous year's project (along with documentation, complete with names and dates of updates, most of them (including the planning ones BD was supposed to do) bearing either one of two names. It was behind where we were at the time and had a lot of differences to our spec, and if we had used it BD may have used that to pull us down with him if things went wrong. He resurfaced at the end with the final documentation of how we'd all done, including reports on how each member had performed, which we were supposed to have reviewed. Our main, most proficient dev he accused of being irritable and brash, and a bad communicator. He was Norwegian, his voice was just a bit gruff, and he was driven and didn't waste time. He bashed the web team for not turning up, and had already been rude and unhelpful to everyone who voted for him in the first place.
In our own reports we all devoted paragraphs to delicately describing his contributions, excluding his suggestion that we use the code he gave us. Before we had our results and our work was completed, he individually kicked us from our group's facebook group and unfriended us.
Our 43% mark at the end, coupled with his -40% penalty from the red card we had him on, felt good, but not as good as a better result would have, especially as the fool that was BD would be inflicted on a group a third time. He changed to some other course after that year finished, so he must have failed his resit of second year.
During third year, a friend of mine who was PM for a group that passed well passed other things with too slim a margin to be happy, so chose to resit the year. He didn't have to do the group project again, and had that time free. But BD had to resit. His group had 69%. A yellow card with a 20% deduction wouldn't do it, so he MUST have had a red card as PM his previous year. Well that didn't come up when he claimed credit for his team's 69% during elections... My housemate's compsci boyfriend 2 years up overheard me talking about him, he was in 1st year with BD. BD failed and resat 1st year too. 4 years and he couldn't make anything stick. I feel bad for him through understanding the pains lack of work and internet distraction bring, and unfortunately I can't wish bad things on him because he brings them on himself. I wish I never see his face again though.

TLDR; Guy in group project lies and is dishonest from start to finish, getting PM pos by 1 vote. Gets what he earns.

- Back in October 2019 -

- Me: Hey, these two servers are having weird problems. Several services we use stop functioning every 7-10 days. I can temporarily fix them by taking them off the domain and putting them back on, but I don’t know why they’re happening or what further damage this workaround causes.
- Boss: Thats not good. Well. Keep doing the fix when it’s needed.
- Me: We should really reach out to someone at Microsoft through our support plan. I have no idea how to fix any of this and it’s making our Hyper-V environment very unstable.
- Boss: K. Let’s not worry about that now, let’s just keep working around it.

- In January 2020 -

- Me: Hey boss. More and more errors are generating from these servers. I’ve created a log of everything Ive found to hand off to a support agent. We really need to.
- Boss: Okay. Let’s talk to our internal team that uses Hyper-V and see what they did since they don’t have any problems.
- Me: Its not Hyper-V specific. It’s stemming from AD and authentication. It causes problems even without Hyper-V installed, so I don’t think it will help.
- Boss: K. Let’s just do what we can with what we got.

- Today, May 2020 -

- Me: Hey. The servers no longer work at all, and the workaround has no effect anymore. I’m completely stalled on my project now and have nothing to do.
- Boss: What?? What happened to them?
- Me: *Sends 17 page PDF file documenting all found issues, errors, warnings, and weird anomalies in both servers, as well as troubleshooting steps I’ve already performed*
- Boss: None of this makes any sense. I need you to start troubleshooting right away.
- Me: But... I can’t... *Sends screenshots of errors having no search results on the web, screenshots of Microsoft Support Techs on forums telling me we need to open tickets with Microsoft directly, other reasons why I’m completely blocked*
- Boss: Keep trying to figure it out. We need this resolved as soon as possible and we can’t let it happen again in the future.

Now I’m completely alone in our office, bitterly staring at the servers, trying to force an epiphany on how to fix these dumb boxes.

Looking for job opportunities, one grabbed my attention and I decided to apply. First, I had to fill a form with 40 questions, explaining and justifying development processes, best practices and overall knowledge. Ok, no problem. Form submitted, and I see a step 2. Now I have to build a single page site from scratch, and send another form with code, link, and more justifications regarding development. After that, my application will be sent.

Then I found this observation, saying the position was for a freelancer, that will receive work occasionally. Not a full time position as I thought.

Sometimes cleaning bathrooms sounds a better option.

This is a story of suffering and despair.

I'm working on a build system for our firmware. Nothing major, just a cmake script to build everything and give me an elf file.

I'm fairly new to cmake at that point, and so it's not abundantly clear to me how the `addDirectory` command works.

Now those of you with experience in cmake will say:
"Hold on there champ, this is not a cmake command, the real thing is add_subdirectory()"

Well, that is not what chatGPT told me. I still trusted the fucking thing at this point, it explained that it was in fact a command, and that it added all subsequent source files from a given folder. When I asked it to provide me with sources, it gave me a dead link in a cmake dot com subdomain.

I spent FUCKING HOURS trying to understand why I couldn't find that shitty command, I looked through that shitty page they call documentation through and through, I fucking checked previous and nightly versions, the command was nowhere to be found.

Until I found an old as time post in stackOverflow...
Someone had made a macro with that name, that did what GPT had described...

On the positive side, I know cmake now. I also don't use this fucking deep Learning piece of shit. Unless you write simple JS or blinking LEDs with Arduino it codes like a Junior, high on every kind of glue on the market.

Not about favorite language but about why PHP is not my favorite language.

I recently launched a web shop built on Prestashop. I found that some product pages are so god damn slow, like taking 50 fuckin' seconds to load. So I started investigating and analyzing the problem. Turns out that for some products we have so many different combinations that it results in a cartesian product totalling about 75K of unique combinations.

Prestashop did a real bad job coding the product controller because for every combination they fetch additional data. So that results in 75K queries being executed for just 1 product detail page. Crazy, even more when you know that the query that loads all these combinations, before iterating through them, takes 7 fuckin' seconds to execute on my dev machine which is a very very fast high end machine.

That said I analyzed the query and now I broke the query down into 3 smaller queries that execute in a much faster 400 ms (in total!) fetching the exact same data.

So what does this have to do with PHP? As PHP is also OO why the fuck would you always put stuff in these god damn associative arrays, that in turn contain associative arrays that contain more arrays containing even more arrays of arrays.

Yes I could do the same in C# and other languages as well but I have never ever encountered that in other languages but always seem to find this in PHP. That's why I hate PHP. Not because of the language but all those fucking retarded assholes putting everything in arrays. Nothing OO about that.

I wrote a node + vue web app that consumes bing api and lets you block specific hosts with a click, and I have some thoughts I need to post somewhere.

My main motivation for this it is that the search results I've been getting with the big search engines are lacking a lot of quality. The SEO situation right now is very complex but the bottom line is that there is a lot of white hat SEO abuse.

Commercial companies are fucking up the internet very hard. Search results have become way too profit oriented thus unneutral. Personal blogs are becoming very rare. Information is losing quality and sites are losing identity. The internet is consollidating.

So, I decided to write something to help me give this situation the middle finger.

I wrote this because I consider the ability to block specific sites a basic universal right. If you were ripped off by a website or you just don't like it, then you should be able to block said site from your search results. It's not rocket science.

Google used to have this feature integrated but they removed it in 2013. They also had an extension that did this client side, but they removed it in 2018 too. We're years past the time where Google forgot their "Don't be evil" motto.

AFAIK, the only search engine on earth that lets you block sites is millionshort.com, but if you block too many sites, the performance degrades. And the company that runs it is a for profit too.

There is a third party extension that blocks sites called uBlacklist. The problem is that it only works on google. I wrote my app so as to escape google's tracking clutches, ads and their annoying products showing up in between my results.

But aside uBlacklist does the same thing as my app, including the limitation that this isn't an actual search engine, it's just filtering search results after they are generated.

This is far from ideal because filter results before the results are generated would be much more preferred.

But developing a search engine is prohibitively expensive to both index and rank pages for a single person. Which is sad, but can't do much about it.

I'm also thinking of implementing the ability promote certain sites, the opposite to blocking, so these promoted sites would get more priority within the results.

I guess I would have to move the promoted sites between all pages I fetched to the first page/s, but client side.

But this is suboptimal compared to having actual access to the rank algorithm, where you could promote sites in a smarter way, but again, I can't build a search engine by myself.

I'm using mongo to cache the results, so with a click of a button I can retrieve the results of a previous query without hitting bing. So far a couple of queries don't seem to bring much performance or space issues.

On using bing: bing is basically the only realiable API option I could find that was hobby cost worthy. Most microsoft products are usually my last choice.

Bing is giving me a 7 day free trial of their search API until I register a CC. They offer a free tier, but I'm not sure if that's only for these 7 days. Otherwise, I'm gonna need to pay like 5$.

Paying or not, having to use a CC to use this software I wrote sucks balls.

So far the usage of this app has resulted in me becoming more critical of sites and finding sites of better quality. I think overall it helps me to become a better programmer, all the while having better protection of my privacy.

One not upside is that I'm the only one curating myself, whereas I could benefit from other people that I trust own block/promote lists.

I will git push it somewhere at some point, but it does require some more work:
I would want to add a docker-compose script to make it easy to start, and I didn't write any tests unfortunately (I did use eslint for both apps, though).
The performance is not excellent (the app has not experienced blocks so far, but it does make the coolers spin after a bit) because the algorithms I wrote were very POC.
But it took me some time to write it, and I need to catch some breath.

There are other more open efforts that seem to be more ethical, but they are usually hard to use or just incomplete.

commoncrawl.org is a free index of the web. one problem I found is that it doesn't seem to index everything (for example, it doesn't seem to index the blog of a friend I know that has been writing for years and is indexed by google).

it also requires knowledge on reading warc files, which will surely require some time investment to learn.

it also seems kinda slow for responses,

it is also generated only once a month, and I would still have little idea on how to implement a pagerank algorithm, let alone code it.

It's my end of probation and I just got demoted, from originally "Senior dev" to "dev".

My manager found it a bit difficult to tell me but funny enough, I am completely fine with it apart from the little dent on my pay check. Let me talk about the bad first: money. I believe I have been on the lower end of the market pay range anyways so this step-back gives me about 5% cut, which is acceptable and fair enough.

And the good? Quite a bit. When I got this job offer 6 months ago, it was when everything literally went to shit. I was upset with a somehow not so smart but stubborn tech lead and I desperately wanted to quit. Then I got the offer, which even after 2 interviews I still didn't recall it was a job ads for "technical lead". The manager thought I was not there yet but wanted to keep me as a senior dev. Then, this pandemic almost took away this job. My manager brought my case to the CEO and convinced him to keep me, by saying a lot of good things about me (which I think might not be true for the tech side...)

Throughout the whole 6 months I have been working remotely from home. WFH is not new to me, just this time it's very challenging as I was starting a new job. I have been struggling to keep my pace. All people in the team are nice. However if I don't reach out, no one would notice I need help. And with zero knowledge for this job, I got stuck with "I don't know what I don't know". This ranges from company culture, practice, new tech.. everything. So, that's how this 6 months feels long, but also short.

In our review meeting I think my manager finally realise this. Otherwise he would have gone for the "terminate employment" option. Taking away the "senior" title also takes away the expectation of "I should know XYZ", which I don't. I told him I am kinda happy with it because this sets me up for a more comfortable position to catch my breathe. He told me he noticed my improvement along the way. I told him yes I have been putting in efforts but just given the situation it's not as quick as anyone would expect. We're on the same page now.

So compared to my previous job, I got paid less. But in return, I get many more opportunities to expose myself to new tech. I get a good team who are respectful and open-minded. This is exactly what I was looking for and the drive for me to quit my previous job.

Not to mention I got a reality check. This is also an indicator for me starting to become an imposter, which is the thing I despise most in the industry. I don't want people to value me for how many years I have got in my career. I want to prove myself by what I am capable of. If I'm not there, I should and will get there.

And the last thing which I'm not very keen but it's 100% worth mentioning, is that my manager said I should aim for taking the "senior" role back. He said the salary raise is waiting when I get there. But... Let me just take my time.

APPLE IM GONNA BURN YOU WITH GASOLINE.

So i want to send my build to app store, from my iphone.

I want to log into iTunesConnect.

"It just works"

Yeah, right. Login page for itunesconnect does not render correctly on Safari web browser, on iphone, login arrow is not visible, and elements are scattered around.

Grrrrrrr.

On Google Chrome, it looks okay!!!!!!!!!!!
Spartaaaaaaaaaa.

After some tapping on screen, and rotating the device, i somehow found invisible arrow and managed to sign in.

BUT. Once inside i was unable to complete the process because UI refuses to scroll down :(

The pain...

I've been lurking around this place for months now and never found a reason to make an account. Well, now I just did.

I was browsing freelancer.com looking for projects and I found one. Guy wants a website for booking seats, with a shopping cart and whatever. At the end, he mentions the only restrictions are we can't use ajax and json.

I made a bid explaining that the very site he was on(the freelancer website) made more then 25 ajax requests when loading a page, and that most if not all of them were transferring data in json.

I'm wondering what do they need that many requests for, but that's already another issue.

Now I'm curious to see if he answers back

A bit different than wk93, but still connected and a fun story.

Back in high school when it began to digitalize everything, so began our teachers journey with technology. We, as IT class were into these things, but as far as I can say, others in the school including both teachers and students were like cave mans when it came to IT.

Most of them kept the different wifi networks password on the windows desktop, in a file 'wifipassword.txt'. When we were on robotics seminar, we had to use a teacher's laptop. The wifi network was incredibly fast and powerful,, yet so poorly configured that even the configuration page user/pass was the default admin/admin, because the IT admin wasn't the most skilled one.

We got the idea to sell the password of the wifi network to other students. Not much, for about 1 dollar a week. The customer came to us, we took the phone, took note of the MAC address, entered the password, and if the guy were to stop paying every week, we just blacklisted that MAC on the next robotics course.

Went well for months, until a new sysadmin came and immediately found it out, we were almost fired from the school, but my principal realized how awesome this idea was. You may say that we were assholes, and partially that is true, I'd rather say we made use of our knowledge.

About a decade ago there was a torrent site for audiobooks audiobookbay I think?, if you forgot your password to your username they would literally just give you a new password on the next page. Naturally being a 1337H4X0R teenager I found the username of one of the admins and got into their account on the site. I don't know if they ever fixed that but that was a serious wtf moment.

Edit: just checked this flaw has not been patched.

So apparently I can't test my apps on my own device without paying my Apple Developer Certificate.

I knew it is needed to pay for it if you want to publish/distribute your app but c'mon... This is ridiculous.

My app was literally a fresh app creation, a fucking white screen one page fucking app and when I tried to run in on my iPhone, then I ended up having this problem:

dyld: Library not loaded: @rpath/libswiftCore.dylib
Referenced from: /var/containers/Bundle/Application/BCD48EAA-82C2-46F6-ADEE-45C740C3B66D/HWorld.app/HWorld
Reason: no suitable image found. Did find:
/private/var/containers/Bundle/Application/BCD48EAA-82C2-46F6-ADEE-45C740C3B66D/HWorld.app/Frameworks/libswiftCore.dylib: code signing blocked mmap() of '/private/var/containers/Bundle/Application/BCD48EAA-82C2-46F6-ADEE-45C740C3B66D/HWorld.app/Frameworks/libswiftCore.dylib'
(lldb)

If any of you guys know how to solve it without paying (even more) PLEASE let me know

THANKS

TL;DR just read this
So my current (student) job. Asked me to count inventory. Did so, on paper because nobody had a list of the product barcodes for easy cumulative scanning. I also made records for every single barcode. Then I had to key it in onto the Bookkeeping and sales software thing. They don't have keyboard shortcuts, so I quickly made an ahk script.
Had to manually type in everything 3ven though I had a digital listing.
Software lets you print barcodes for products but gives you an error when you try because you haven't assigned a code. WHICH YOU CAN'T DO IN THAT Crap. You also can't search for a product based on code.

Found out it used access as a back end for that buggy c++ thing that crashes with 'operation not permitted' when you press the red x. Great! Now I can import! And there is a barcode field. Wow. Fucking fantastic. What a fuckfest.

Their website. Their fucking website. Great from a user's standpoint, but my God. It uses joomla! However, version 2.5. That hasn't been supported for a long time. Part of the images are hard coded into the theme. The text editor flips. Adding a page sometimes works, sometimes it doesn't, and sometimes makes 2 pages.

And their cnc lathe runs on a laptop with Windows 3 on it, but hey, fine

tldr:
first year in college we programmed 24 hrs straight to fix somebody's mess before the deadline. Decided not to screw him over, instead he claimed to have done everything and we failed the assignment.

Long version:
var group= new[]{"Mike", "Gavin", "Gus", "I", "Ben" };
var client = "Jack"';

First year of college we had an assignment to make a web program for somebody.
Ben wanted to join our group and he already knew a client so we let him join.

After joining Ben wanted to be project lead, but we already decided Mike based on his experience.
Ben claimed to be much better in every way than Mike at and kept coming with stuff the following weeks why we should make him project lead. He kept pointing out when Mike did something wrong and he even came with an audio file where he clearly made jack say that he wanted Ben to be project lead .
After that we were all a bit pissed and told him that he should get it in his head that he was not going to be project lead and just start working on his part of the assignment.

We also found out that Ben was a documentation addict, what we could write in a small paragraph, he wrote a whole page about it. No joke, I rewrote a page of his in 5-6 rows with the same information in it.
No problem you thing, wrong! Because of this he kept bothering us arguing and claiming that our documentation was wrong because it was to short.

In the week of the deadline we asked Ben if he was also done, and told us that he was done for a while now.

The day before the deadline we came to school thinking we only had to do some merging and finishing up documentation.
Then we found out that Ben has almost nothing, and what he had the IDE was screaming that it was incorrect, spaces in Id's and css class names for instance. A really good programmer, my ass!
We were so pissed off at this point, but we had 24 hrs and needed to come up with a plan to fix it.

We decided that Mike and I were going to fix Ben his shit in the coming 24 hrs and Ben was going to make our last bit of documentation because we would not have the time for that, Especially if we had to argue with him like we had to do for each bit of documentation. Gus did not have time and Gavin could not program on his own yet, he wanted to help, but helping him help us would cost more time than we had.

We all went home after that and Mike and I started to program 24 hours straight while in a Skype call, making what Ben had 2 months for. Shortly before the deadline Mike looked at our finishing up documentation received from Ben and told me it was "Okay" and zipped everything up and uploaded it to school with a few minutes to spare.

After that we thought everything was good, we made Ben's part work and delivered it in time. We also decided not to throw Ben under the bus, because this would hurt all our grades because we did not work good as a group since we should have noticed it earlier.

A few weeks go by till the assessment.
The assessment start with asking if we want individual grades or as a group when you all think you did equal amount. We choose as a group, because if we chose individual not only Ben but also Gavin would get a lower grade and we did not think that was fair because he tried so hard.

We demo the product and the teachers are positive. When the teachers start about the documentation, the first thing they tell is that they found something interesting in the documentation, and they read it to us:

"I, Ben, have made all the documentation because my group did not want to."

That was so far from the truth, we all did make our documentation about the parts we made. Yes he did do overall a little bit more because every single bit of documentation we had to argue with him, so every time he volunteers to make it, we would all agree. And he made Mike's and i's last bit of documentation.

Telling the teachers on that point would not have mattered, it would only have hurt is in another way, so we did not and all failed the assignment. And we all felt like to strangle him.
This is now a few years back, but i still want too.

Just spent like 5 minutes trying to figure out why my page would raise a blob not found in the console, then finally checked the actual origin script headers and saw this, fuck.. I should go sleep.

So lets start here, as i have been preparing myself for a while for that rant. I have been putting it off for a while, but today I had enough.
Fuck react-native and fuck facebook react-native team. Bunch of lazy incompetent twats.
The all amazing framework that suppose to be speed up your development process, since you don't have to compile your code after each change. SO FUCKING WHAT if the god damned framework is so fucking buggy and so fucking shit that you constantly have to fix build, dependancies etc issues. Every day since I work on this project that is using react-native I have to deal with some of the react fucked up behaviour. You got an issue ? don't worry google it just to find out that 100 other people had the same issue. Scroll through down the bottom of the page just to find out that facebook devs have closed the issue as resolved (without fucking fixing it) because there wasnt recent replies to the post. Are you fucking kidding me? It's ok thou, create a new issue just to get an automatic reply from the bot that locks the thread and keeps it locked till you update your React-native version to the newest one. You do that and guess fucking what? Their newest version fucks up remote debugging on iOS(fucking android been broke for over a year) so say good bye to debugging your js code. Documentation is fucking trash. You found a nice function like autoCaptialise on your text input? Great! Ah wait, its not fucking working, what is wrong? You google this just to fucking found out it, function never worked on android, so why the fuck you still have it exposed and still have it in your docs? You want to add package? So fucking ez, just type npm install <name of the package>. Ha! fuck you, you still have to go and add them fucking manually in gradle in android and in pod in xcode, because obviously react-native is a one big fucking bullshit. Oh and a scroll view is a fucking glorious highlight of that framework, try add some styling to it, you gonna have loads of fun. Fuck react-native. And fuck the fucking idiot who convinced my boss that framework is so fucking great and now I have to work on this shit. Sincerely Xamarin Developer.

Regarding Article 13 (or 17 or wherever it moved to now)… Let's say that the UK politicians decide to be dicks and approve the law. After that, we need to get it engineered in, right? Let's talk a bit about how.. well, I'd maybe go over it. Been thinking about it a bit in the shower earlier, so.. yeah.

So, fancy image recognition or text recognition from articles scattered all over the internet, I think we can all agree.. that's infeasible. Even more so, during this lobby with GitHub and OpenForum Europe, guy from GitHub actually made a very valid point. Now for starters, copyright infringement isn't an issue on the platform GitHub that pretty much breathes collaboration. But in the case of I-Boot for example, that thing from Apple that got leaked earlier. If that would get preemptively blocked.. well there's no public source code for it to get compared against to begin with, right? So it's not just "scattered all over the internet, good luck crawling it", it's nowhere to be found *at all*.

So content filtering.. yeah. Nope, ain't gonna happen. Keep trying with that, EU politicians.

But let's say that I am a content creator who hates the cancer of joke/meme because more often than not it manifests itself as a clone of r/programmerhumor.. someone decides to freeboot my content. So I go out, look for it, find it. Facebook and the likes, make it easier to find it in the first place, you dicks. It's extremely hard to find your content there.

So Facebook implements a way to find that content a bit easier maybe. Me being the content creator finds it.. oh blimey! It can't be.. it's the king of freebooting on Facebook, SoFlo! Who would've thought?! So at that point.. I'd like to get it removed of course. Report it as copyright infringement? Of course. Again Facebook you dicks, don't make it so tedious to fill in that bloody report. And look into it quickly! The videos those SoFlo dicks post is only relevant in the first 48h or so. That's where they make the most money. So act more quickly.

So the report is filled, video's taken down.. what else? Maybe temporarily make them unable to post as a bit of a punishment so that they won't do it again? And put in a limit to the amount of reports they can receive. Finally, maybe reroute the revenue stream to the original content creator instead. That way stolen content suddenly becomes free exposure! Awesome!

*suddenly realizes that I've been talking about the YouTube copyright strike system all along*

… Well.. maybe something like that then? That shouldn't be too hard to implement, and on YouTube at least it seems to be quite effective. Just imagine SoFlo and the likes that are repeat offenders, every 3 posts they get their account and page shut down. Good luck growing an audience that way. And good luck making new accounts all the time to start with.. account verification technology is pretty good these days. Speaking of experience here, tried bypassing Facebook's signup hoops a fair bit and learned a bit about some of the things they have red flags on, hehe.

But yeah, something like that maybe for social media in general. And.. let's face it, the biggest one that would get hurt by something like this would be Facebook. And personally I think it's about time for that bastard company to get a couple of blows already.

What are your thoughts on this?

Saw a reddit thread earlier asking about the most unsettling shit that people have found out Google has on them by downloading their data. I saw a bunch of comments about people finding voice recordings that Google had taken. After reading these, I was wondering what I could find from downloading my data. Decided to download my data, and on the page for it I saw that apparently I had disabled location history, audio activity, and device information.

Knowing companies like Google, I wouldn't be surprised if they didn't stop recording that stuff, just that they're not providing it to me. There were zero voice recordings, but there was location history up until about the beginning of 2017.

Another thing they have is all the pictures from all of my hangouts chats. Apparently there had a good amount of older pictures of myself in there. Going back to probably 2-3 years ago, when I had my emo hair. Just a bit of a throwback. One picture I saw was from last January, when my hair was reaching my chest. Made me really miss my hair.

Other than that, nothing that interesting. Just something I thought I'd share.

So last night a friend randomly found a raw not-yet-installed WordPress instance on a public domain that he found on a Facebook site (it was already linked for I don't know how long, but just not installed).

He told me about it and, being the guy I am, I signed up an account on some free MySQL hosting website, set up a database and used it for that WordPress site.

I then left a kind little note on the front page for the admin telling him that I just saved his ass since others could've done the same but posted racist shit or something and, also, told him not to use WordPress.

Even though I had no bad intentions, I used proxies and VPN connectsions because you never know how these people might react.

Hopefully they'll learn from it 😇

If you are a web developer, consider using proper page titles.

Page titles are one of the most basic elements of a web page and yet websites often fail to make proper use of them.

Without a proper page title, your user does not have an accurate idea of what page is in the tab without having to open the tab, which gets tedious if many tabs are open. With a proper page title, an instant glance on the tab does suffice.

Some sites only put in their site name or something like "Search - Site Name" without including the search query in the page title, or "User profile - Site Name".

An example of this is, disappointingly, archive.org. As thankful as I am for the Archive, they could make better use of page titles to make browsing their library more convenient. While they use proper page titles on item pages (including both title and author!), they use non-descriptive titles on their 2023 search feature (downgraded from lightweight static HTML+AJAX to a JavaScript app) and user profile pages.

The user name of a profile or a search query and ideally a page number should be in the page title so a browser tab with a search can be found faster and can also be seen on social media sites that auto-generate preview cards with page titles.

Descriptive page titles also improve your search engine ranking! You surely don't want to miss out on that, do you?

Client: The new page template you sent us looks different on production compared to the other pages that use the same component.

Me: Oh, that's strange since the styling is at the component level. Hmm, let me dig in to it.

Start poking around trying to figure out what I managed to screw up only to find that it looks exactly the same on local and staging. Eventually find another style sheet the client is importing on the production site to change some of the styles.

You know, a change that isn't anywhere to be found in the repo, and no one ever asked for anything to be changed. Their "Dev" decided he would hack in a fix instead of shooting me an email.

Apparently he tried changing the SCSS file but the changes weren't showing up. He changed the minified stylesheet but his changes were overwritten on the next deployment..... #howdoesSASSwork?!

Same client as my last rant so I'm not sure why I'm surprised by this. Oh well, I'll take that hourly rate.

Rant Mode: ON

Do you know what really grinds my gears? Those dreaded "404 Page Not Found" errors. It's like a digital black hole, sucking your users into a vortex of frustration.

And don't get me started on inconsistent coding standards. It's like trying to decipher hieroglyphics written by different ancient civilizations. Why can't we all just follow the same conventions?

Oh, and software updates that break everything! You spend hours perfecting your code, only for a new update to come along and wreak havoc. It's like the universe is conspiring against developers.

But hey, despite the rants, we developers are a resilient bunch. We thrive on solving problems, no matter how infuriating they can be. So, here's to the endless debugging, the endless coffee, and the endless love-hate relationship with coding. We wouldn't have it any other way.

Rant Mode: OFF

Phew, that felt good. Thanks for letting me vent!

So, this incident happened with me around 2 years ago. I was pentesting one of my client's web application. They were new into the Financial Tech Industry, and wanted me to pentest their website as per couple of standards mentioned by them.

One of the most hilarious bug that I found was at the login page, when a user tries logging into an account and forgets the password, a Captcha image is shown where the user needs to prove that he is indeed a human and not a robot, which was fair enough to be implemented at the login screen.

But, here's the catch. When I checked the "view source" option of the web page, I saw that the alt attribute of the Captcha image file had the contents of the Captcha. Making it easy for an attacker to easily bruteforce the shit outta the login page.

You don't need hackers to hack you when your internal dev team itself is self destructive.

Okay so my brother in law has a laptop that is... To put it mildly, chockful of viruses of all sort, as it's an old machine still running w7 while still being online and an av about 7 years out of date.

So my bro in law (let's just call him my bro) asked me to install an adblock.

As I launched chrome and went to install it, how ever, the addon page said something like "Cannot install, chrome is managed by your company" - wtf?

Also, the out of date AV couldn't even be updated as its main service just wouldn't start.

Okay, something fishy going on... Uninstalled the old av, downloaded malware bytes and went to scan the whole pc.

Before I went to bed, it'd already found >150 detections. Though as the computer is so old, the progress was slow.

Thinking it would have enough time over night, I went to bed... Only to find out the next morning... It BSoD'd over night, and so none of the finds were removed.

Uuugh! Okay, so... Scanning out of a live booted linux it is I thought! Little did I know how much it'd infuriate me!

Looking through google, I found several live rescue images from popular AV brands. But:
1 - Kaspersky Sys Rescue -- Doesn't even support non-EFI systems

2 - Eset SysRescue -- Doesn't mount the system drive, terminal emulator is X64 while the CPU of the laptop is X86 meaning I cannot run that. Doesn't provide any info on username and passwords, had to dig around the image from the laptop I used to burn it to the USB drive to find the user was, in fact, called eset and had an empty password. Root had pass set but not in the image shadow file, so no idea really. Couldn't sudo as the eset user, except for the terminal emulator, which crashes thanks to the architecture mismatch.
3 - avast - live usb / cd cannot be downloaded from web, has to be installed through avast, which I really didn't want to install on my laptop just to make a rescue flash drive
4 - comodo - didn't even boot due to architecture mismatch

Fuck it! Sick and tired of this, I'm downloading Debian with XFCE. Switched to a tty1 after kernel loads, killed lightdm and Xserver to minimize usb drive reads, downloaded clamav (which got stuck on man-db update. After 20 minutes... I just killed it from a second tty, and the install finished successfully)

A definitions update, short manual skimover, and finally, got scanning!

Only... It's taking forever and not printing anything. Stracing the clamscan command showed it was... Loading the virus definitions lol... Okay, it's doing its thing, I can finally go have dinner

Man I didn't know x86 support got so weak in the couple years I haven't used Linux on a laptop lol.

I DIDN'T SIGN UP FOR THIS !!!

After seeing bunch of posts about Enki, decided to give it a try,

enters my info on the sign up page
*email address is already taken* : WHAT !!

changes email address
*your username is already taken* : WHAT !!

goes back and search if there's any mails from Enki
*no results found* : Dafuq !!

Requests password reset
*Receives first mail from enki ever, with a reset link*

Did they change their name from something else to Enki or they have bunch of emails in their database to showoff user base ?

Can anyone shed some light on this, cause I'm 100% sure i didn't sign up for this before.

after resetting the password I'm able to login, but in the Notification section it says
*your email is not confirmed*

well i would confirm it, WHEN I GET IT !!

Bloody scammers and bloody Paypal.
So I bought echo spot just to see how good it's voice recognition is and also wanted to see what the spot does different. So I found out that it was like hello world for AI. So I wanted to sell it on ebay-kleinanzeigen.de. It's a website from Ebay here in Germany where you can easily sell your stuff that you don't need anymore. I put it there and someone just wanted it so badly and he said that he broke his friends spot and he has no money and he need it very badly cheaper. My price was 98€ and I believed him and sold it for 85€. Now he got the device and wants the refund because the device doesn't match the description and the things he mentioned weren't even in the description. The message you see in the pic it says: It doesn't do skype and it is impossible on that device. First It is his responsibility to inform himself about the device features I'm not Amazon to write something like that in the description I've to just say how the device looks. Second it does skype and it is possible but both partners must have the same device and they should connect it to their smartphones.
But that is not the bad part that my money is ceased and got ownd by a scammer. The bad part is that I wanted to reply his message but the bloody paypal design won't let me do that. Remind me how old is paypal now? It's been there for ages and the footer is just stuck in the middle of the page and won't allow me to click on reply button. Of course I later managed to write a reply but paypal shouldn't have these kind of problems.
I'm so upset right now because these things are wasting my time. I've my final exame in a week and I've to develop a parameter based multilingual CMS, just imagine how long would just data structure take.

So I've created this account specifically for this rant. I usually just browse anonymously.

I've recently been hired in a big company that is one of the biggest Microsoft users in the world and my essentially revolves on making it easier for our collaborators to work with SharePoint (and other ms software)

Never in my life have I hit that much of a roadblock. So for the past week I've been trying to integrate what Ms calls webparts. And to modify the default webparts Ms provides you need to their properties (or Metadata). Except here's the big problem these are NOT documented anywhere (unless I failed to find it, if you do know where it is documented please HMU), so I've found myself trying to reverse engineer the js scripts that are served with SharePoint to figure out what the webpart properties are called and what type of data they are! I've been going through endless github repos using the CSOM nuget package (it's the library everyone uses to interact with SharePoint) and I finally found out about this other library called PnP which is a wrapper around CSOM that makes it easier to use. That wrapper has a way for me to load existing page and look at the properties of existing webparts. So here I thought it was the end of my suffering and I could finally get an idea of what it should be. Turns out this method doesn't work because one of the dependencies it has has had breaking changes and they still updated it even though it breaks their code! So for the past two days I've been trying random combinations of key values with different data types and json serialization methods.

Oh and yeah I've also looked at all the http calls via the chrome network tab, the metadata is not served as an individual file but is computed by Ms servers when they're serving you their html files.

So uh yeah run from CSOM if you can..

oh FFS my university pissed me off so bad right now that I had to wait 20 min to cool down to be able to write a rant about it...

so, one of the university department offer an email address which is the official university approved email for student packs like jetbrain's. I wanted to renew my jetbrains subscription, but for that I have to get a verification email on that address..
But since the only time I use it is this annual renewal I dont know the webmail's url..
So I search for it on the department pages, services and its nowhere to be found. Finaly I found it on a student maintained wiki page.
I try to log in.. no luck. try another password, still not it. Try all of the passwords that I remember using in the previous 3 year and no luck.
well fck it the password change is managed by a website where I can log in with a different method, so I change the password and try to log in again.
No fcking luck! And at this point I bashed my head against the wall because I found out that the password change takes them about 1 or 2 hours... hours! wtf...

I got notified that tomorrow I'm gonna start a porting project from a FileNet ecosystem.

Well, I don't know what is FileNet, but at least I've enough time to study its architecture. Let's start from the official IBM page:

The FileNet® P8 platform offers enterprise-level scalability and flexibility to handle the most demanding content challenges, the most complex business processes, and integration to all your existing systems. FileNet P8 is a reliable, scalable, and highly available enterprise platform that enables you to capture, store, manage, secure, and process information to increase operational efficiency and lower total cost of ownership.

Thank you IBM, now I surely know how to use FileNet. Well, I hope that wikipedia explains me what it is:

FileNet is a company acquired by IBM, developed software to help enterprises manage their content and business processes.

Oh my god. I tried searching half an hour so far and everything I found was just advertisements and not a clue about what it is.

Then they wonder why I hate IBM so much

I'm really not sure. When I was 7-8 years old, I liked to view source in IE, then I somehow managed to use Javascript in the browser. First only some dumb opening of windows. And I liked Batch, so I