Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "show password"
-
How I've decided to answer the "can you hack" question from here on in...
"Can you show me how to hack this account please?"
"Sure, you'll need a hammer, a blow torch, chloroform, some pliers and couple of bottles of really pure vodka!"
"What the hell?!"
"Oh, it's so much quicker to just extract a password from a person, than it is to break into a system, I'm not exactly trained in inflicting pain on the human body, but I'm sure you'll be able to figure it out through trial and error, good luck!"15 -
So, since I hear from a lot of people (on here and irl) that Linux has a 'very high learning curve', let me share my experiences with the first time my dad touched Linux (Elementary OS) without me interfering at all! (keep in mind that he is very a-technical)
*le me boots the system* (I already did setup a user account for him and gave him the password).
Dad: *enters password and presses enter*
Me: "Hmm that went faster than expected."
Dad: "Uhm I know how to login son, it's not that hard and pretty obvious".
Me: "Alright, why don't you try to open up the default word documents editor on here! I'll be right back!"
Me: *Goes away and returns after a minute*.
Dad: *already a few test sentences typed in LibreOffice writer* it's going pretty well :)!
Me: "Oo how did you find that?!"
Dad: "Well, there's a thingy that says 'applications' so I clicked in and found it in the "Office" section, do you think I am blind or something?!"
Me: 😐. uhm no but I just didn't think you'd find it that quickly. Now try to install Chromium browser! *thinking: he'll fail this one for sure* I'll be right back :).
Me: *returns again after a minute or so*
Dad: *already searching for stuff through Chromium*
Me: "wait, how the hell did you do that so quickly, it's not the easiest thingy for most people".
Dad: "Jesus, it's not that hard! I went to the application browsing thingy, typed 'software' and then a sorta software store icon showed up so I clicked it and it opened a windows with a search bar saying something like 'search for applications/software'. clicked in it, typed 'chromium', saw it coming up, there was a very clear 'install' button, it asked for my password, I put it in and after a little it gave a notification that it was installed. Then I went to that application browsing thingy again and typed Chromium. Then I hit enter because it selected an icon called chromium...."
Me: O.o. Okay this is going very good, now open an email client and login to your email address!
Dad: *goes to application browsing thingy, types 'email', evolution icon shows up, dad clicks it, email address setup steps show up and dad follows them quickly. After about a minute, everything is setup.
I expected this to be a hard process for someone who dealt with Windows his entire life but damn, I underestimated it.
Asked him if he found it easy/what he liked about it:
"Well, it's very clear where I can find everything, default browser/email/word document editor programs are easy to find and that's about all I need so yeah, great system!"
I am proud of you, dad!77 -
There's this guy that sits next to me in a class.
Guy: Hey, you're a hacker right?
Me: I'm a programmer.
Guy: Can you hack into my email account?
Me: Nope, I work in a different field of computer science.
In reality, I want to give him a piece of my mind.
I already know his email so I open up the login page and enter it. I click "forgot password", and it asks for his favorite teacher's name. Keep in mind that he made this account this year.
Me: So anyways, who's your favorite teacher?
Guy: *proceeds to give me favorite teacher's name*
Me: 🤦♂️
I change his password and log into his account. After that, I show him and tell him about how he should keep his account secure.
He left class with a priceless look on his face.14 -
So, i tried to demonstrate my roommate how many people push their credentials to github by searching for "password remove" commits.
I decided to show him the file and noticed something interesting. A public IP, and mysql credentials.
I visit the IP and what do i see there, a directory listening with a python script, with injects the database into a webpage (???) and a log of all http requests. Lots of failed attacks aiming at the PHP CGI. Still wondering how they failed on a python server 🤔🤔🤔
Edit phpmyadmin to connect to the mysql database. Success.
Inserted a row telling him the his password is on github. Maybe i should also have told him how to actually remove it. 😅
Yes, root can login from %
This is how far i can get with my current abilities.
------------------------------
Scary how insecure this world is.4 -
Hello!
I'm a member of an international hacker group.
As you could probably have guessed, your account [cozyplanes@tuta.io] was hacked, because I sent message you from it.
Now I have access to you accounts!
For example, your password for [cozyplanes@tuta.io] is [RANDOM_ALPHABET_HERE]
Within a period from July 7, 2018 to September 23, 2018, you were infected by the virus we've created, through an adult website you've visited.
So far, we have access to your messages, social media accounts, and messengers.
Moreover, we've gotten full damps of these data.
We are aware of your little and big secrets...yeah, you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird, you know..
But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched!
I think you are not interested show this video to your friends, relatives, and your intimate one...
Transfer $700 to our Bitcoin wallet: 13DAd45ARMJW6th1cBuY1FwB9beVSzW77R
If you don't know about Bitcoin please input in Google "buy BTC". It's really easy.
I guarantee that after that, we'll erase all your "data" :)
A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount.
Your data will be erased once the money are transferred.
If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection.
You should always think about your security.
We hope this case will teach you to keep secrets.
Take care of yourself.
>> RE >>
Well f### you, thanks for telling my password which is obviously fake. I have sent your details to the local police department, shall rest in peace. Don't earn money by this kind of action. STUPID!17 -
I'm trying to sign up for insurance benefits at work.
Step 1: Trying to find the website link -- it's non-existent. I don't know where I found it, but I saved it in keepassxc so I wouldn't have to search again. Time wasted: 30 minutes.
Step 2: Trying to log in. Ostensibly, this uses my work account. It does not. Time wasted: 10 minutes.
Step 3: Creating an account. Username and Password requirements are stupid, and the page doesn't show all of them. The username must be /[A-Za-z0-9]{8,60}/. The maximum password length is VARCHAR(20), and must include upper/lower case, number, special symbol, etc. and cannot include "password", repeated charcters, your username, etc. There is also a (required!) hint with /[A-Za-z0-9 ]{8,60}/ validation. Want to type a sentence? better not use any punctuation!
I find it hilarious that both my username and password hint can be three times longer than my actual password -- and can contain the password. Such brilliant security.
My typical username is less than 8 characters. All of my typical password formats are >25 characters. Trying to figure out memorable credentials and figuring out the hidden complexity/validation requirements for all of these and the hint... Time wasted: 30 minutes.
Step 4: Post-login. The website, post-login, does not work in firefox. I assumed it was one of my many ad/tracker/header/etc. blockers, and systematically disabled every one of them. After enabling ad and tracker networks, more and more of the site loaded, but it always failed. After disabling bloody everything, the site still refused to work. Why? It was fetching deeply-nested markup, plus styling and javascript, encoded in xml, via api. And that xml wasn't valid xml (missing root element). The failure wasn't due to blocking a vitally-important ad or tracker (as apparently they're all vital and the site chain-loads them off one another before loading content), it's due to shoddy development and lack of testing. Matches the rest of the site perfectly. Anyway, I eventually managed to get the site to load in Safari, of all browsers, on a different computer. Time wasted: 40 minutes.
Step 5: Contact info. After getting the site to work, I clicked the [Enroll] button. "Please allow about 10 minutes to enroll," it says. I'm up to an hour and 50 minutes by now. The first thing it asks for is contact info, such as email, phone, address, etc. It gives me a warning next to phone, saying I'm not set up for notifications yet. I think that's great. I select "change" next to the email, and try to give it my work email. There are two "preferred" radio buttons, one next to "Work email," one next to "Personal email" -- but there is only one textbox. Fine, I select the "Work" preferred button, sign up for a faux-personal tutanota email for work, and type it in. The site complains that I selected "Work" but only entered a personal email. Seriously serious. Out of curiosity, I select the "change" next to the phone number, and see that it gives me four options (home, work, cell, personal?), but only one set of inputs -- next to personal. Yep. That's amazing. Time spent: 10 minutes.
Step 6: Ranting. I started going through the benefits, realized it would take an hour+ to add dependents, research the various options, pick which benefits I want, etc. I'm already up to two hours by now, so instead I decided to stop and rant about how ridiculous this entire thing is. While typing this up, the site (unsurprisingly) automatically logged me out. Fine, I'll just log in again... and get an error saying my credentials are invalid. Okay... I very carefully type them in again. error: invalid credentials. sajfkasdjf.
Step 7 is going to be: Try to figure out how to log in again. Ugh.
"Please allow about 10 minutes" it said. Where's that facepalm emoji?
But like, seriously. How does someone even build a website THIS bad?rant pages seriously load in 10+ seconds slower than wordpress too do i want insurance this badly? 10 trackers 4 ad networks elbonian devs website probably cost $1million or more too root gets insurance stop reading my tags and read the rant more bugs than you can shake a stick at the 54 steps to insanity more bugs than master of orion 313 -
Dear EA games.
If you want to tell me my password needs to be “more” secure in your error message, at least tell the fucking truth about it.
- 100 random character password entered on mobile
- response: password needs to be more secure
- WTf!
- loads on pc
- notices password rules
- must be between 8 and 16 characters...
- I think that’s a Wii little Less secure you ass hats, and WHY can’t you show this fucking notice on mobile 😖12 -
A couple of weeks ago, I asked the "brand manager" if he knew how to reset printers to their defaults before reconfiguring them, knowing full well that he did not. He assured me that he did. I smiled and let him leave.
He called me yesterday, frantic, because he didn't know how to reconfigure a printer that already had a password. After reminding him of the above, I told him how to put the printer in diagnostic mode and how to navigate the menus. Literally: "Turn the printer off, then hold down the feed paper button while turning the printer on. It will print out a bunch of diagnostics, and a menu at the bottom. Just follow the instructions at the bottom to use the menu"
Apparently following simple instructions is well outside of his abilities. After he spent five minutes fighting with it and complaining, I called him and walked him through powering the printer on while holding down the feed paper button. Terribly difficult.
The next step amounts to "hold down the feed paper button for more than 1 second." He spent ten minutes (ten!) on this unimaginably challenging step, and, frustrated at his inability to outsmart a simple button, he gave up completely.
He literally couldn't follow the instructions on the printout. I've attached a picture to show how ridiculous this is, and it saddens me terribly to report that I'm quite serious. he was literally unable to figure this out.
HE SPENT TEN MINUTES TRYING TO PUSH A BUTTON FOR >1 SECOND! TEN MINUTES!
That's what was too difficult for him! A button! With written instructions!
I can't even.
But the kicker?
Now he and the bossman want me to drive half an hour so I can push a button for ~1.2 seconds because they're utterly incapable.
I'm soo done.
So. done.7 -
About a year ago I switched my job.
At the start everything seemed like magic. I was the It director, I've finally was able to call the shots on technologies, on new software architecture.
First step was to check the current state of the company.
"qqqq" as each pc password? Ok
No firewall from outside? Lovely
Servers running on Windows Server 2008? Spectacular
People leaving pc on after work and left the machine unlocked just not to type the password? Hell yeah
The IT dude playing games instead of working? But ofcourse
Plaintext passwords publically accessible eshop? Naturally.
The list goes on and on.
After all this time, I'm working to fix every hole like that like crazy and because it doesn't show results, I'm soon to lose my job. Well better luck next time as an intern I guess :')19 -
One of our newly-joined junior sysadmin left a pre-production server SSH session open. Being the responsible senior (pun intended) to teach them the value of security of production (or near production, for that matter) systems, I typed in sudo rm --recursive --no-preserve-root --force / on the terminal session (I didn't hit the Enter / Return key) and left it there. The person took longer to return and the screen went to sleep. I went back to my desk and took a backup image of the machine just in case the unexpected happened.
On returning from wherever they had gone, the person hits enter / return to wake the system (they didn't even have a password-on-wake policy set up on the machine). The SSH session was stil there, the machine accepted the command and started working. This person didn't even look at the session and just navigated away elsewhere (probably to get back to work on the script they were working on).
Five minutes passes by, I get the first monitoring alert saying the server is not responding. I hoped that this person would be responsible enough to check the monitoring alerts since they had a SSH session on the machine.
Seven minutes : other dependent services on the machine start complaining that the instance is unreachable.
I assign the monitoring alert to the person of the day. They come running to me saying that they can't reach the instance but the instance is listed on the inventory list. I ask them to show me the specific terminal that ran the rm -rf command. They get the beautiful realization of the day. They freak the hell out to the point that they ask me, "Am I fired?". I reply, "You should probably ask your manager".
Lesson learnt the hard-way. I gave them a good understanding on what happened and explained the implications on what would have happened had this exact same scenario happened outside the office giving access to an outsider. I explained about why people in _our_ domain should care about security above all else.
There was a good 30+ minute downtime of the instance before I admitted that I had a backup and restored it (after the whole lecture). It wasn't critical since the environment was not user-facing and didn't have any critical data.
Since then we've been at this together - warning engineers when they leave their machines open and taking security lecture / sessions / workshops for new recruits (anyone who joins engineering).26 -
Be me:
> turns on laptop
> enter funky town password
> presses enter
> expects wallpaper to show
Be windows:
> fuck you mother fucker!
> surprise asshole
> I magically updated on you without warningjoke/meme you checked the tags didn't you 👀 yes another windows meme windows 10 auto updates strike again10 -
So I'm sick. But my inner coder tells me that I could atleast do some basic design for my project.
So I go to sit down at my home computer and immediately feel my nose literally start dripping of snot as soon as I lean in to sit. So lile any normal man i take a tissue, wipe and blow my nose and it's now time to login on the computer.
*Wrong password*
Oh, I've must been to quick
*Try again*
*Wrong password*
Wtf?!
*Slowly type my password in*
*Wrong password*
*Fuck it, show password*
A space is missing.
Alright I'll just add it in then.
*Tap spacebar*
*Nothing*
*Tap harder*
*Nothing*
So I rip out the space bar and find a two little drops of snot that must have juuuust fallen between the cracks.
I tried to wipe it away and put the space bar back, but it's dead. :(5 -
TL; DR: please save me from IT hell
Note 1: this is a rant that comes after a couple other rants I'm going to call "family business saga" from now on because I feel like this is gonna go on for a while
Note 2: the following may look exaggerated but it's because of how pissed off I am at said person
So I have to help this one family member with his computer but he's worned me out so much last summer that I can't stand him (it's all tech based). At all. Both in person and via text calls. I dread and become pissy each time he's nearby, just his presence makes me want to jump in a hole and stay there for eternity.
And he's not the smartest cookie in the jar when it comes to tech, so he comes to me for help (instead of going to my brother. Aaagh why doesn't he go for my brother as well, it's mentally tiring having to "help" him - as he doesn't learn what I'm trying to teach him even after several attempts). I don't really mind being sought for help when it comes to tech, but this guy takes it one step further.
He entered my room with his computer in his hands saying this friend of his has installed W7 on his PC (why didn't he handle all the things he wants to do, it would save me a lot of anger containment) and that I *had* (it's always "YOU HAVE" because I'm a tech-ish person and I'm in uni for CS) to help him do a bunch of things.
So he boots up the thing and there are 32 updates to do, so I'm guessing that he didn't boot it up after the OS update until now. He leaves my room and I sigh out of relief. He comes back with the AC remote complaining it's too hot in my room and that he's gonna put it down a degree or 2. Jesus christ do not tamper with my AC settings, it's fine to me. The updates are still going on. He leaves again.
The computer takes its time to update and so does he. I'm happily playing minecraft when he comes back, the computer off after updating. He looks at it and says "why is it off?". I reply back "it finished updating.", trying to keep my cool. Even the most simple questions are irritation inducing.
He reboots it and lets it run. After it boots and it's ready to go he just stays there for like 2' without doing anything because the hard drive light was going off. I think he thinks the computer is going to explode if he touches it while the light is blinking 😬
He goes to connect the computer to the internet and gets all surprised that the computer doesn't recognize our home's internet (he has been here before with his computer, I guess, so he had connected, so I think he was expecting it to auto connect like that). I tell him that the computer doesn't recognize our home's connection because it has had a fresh OS installation and so it didn't have any connection registered. He types in the password and the connection is established.
He them starts going on about that he wants to get these pics on the business' website and how does he put them in his computer and all that. I do that for him and he's all like "how did you do that?? 😮" like it's a magic trick
And he's always going on at everything as if it's all a big undoable thing. "How do I do this? You know what, do it yourself and show me because I don't wanna fail". Dude. Bro. Everything - EVERYTHING - you are afraid of doing is undoable. EVERYTHING. Good christ.
I swear I've never felt so glad I'm going back for uni next week9 -
Sorry if this sounds like retard question on linux system
I installed nvidia driver on my laptop (720M) and it showed black screen after reboot, BUT if I enter my password and hit enter the screen goes back to normal on desktop, it just didn’t show anything on the first lock screen
I’ve followed linux mint nvidia driver instructions, removing the package re installing, etc.
P.S. All of the question I found on the internet seems to be total black screen after installing the driver, whereas mine could work after I entered my password8 -
Taking IT classes in college. The school bought us all lynda and office365 accounts but we can't use them because the classroom's network has been severed from the Active Directory server that holds our credentials. Because "hackers." (The non-IT classrooms don't have this problem, but they also don't need lynda accounts. What gives?)
So, I got bored, and irritated, so I decided to see just how secure the classroom really was.
It wasn't.
So I created a text file with the following rant and put it on the desktop of the "locked" admin account. Cheers. :)
1. don't make a show of "beefing up security" because that only makes people curious.
I'm referring of course to isolating the network. This wouldn't be a problem except:
2. don't restrict the good guys. only the bad guys.
I can't access resources for THIS CLASS that I use in THIS CLASS. That's a hassle.
It also gives me legitimate motivation to try to break your security.
3. don't secure it if you don't care. that is ALSO a hassle.
I know you don't care because you left secure boot off, no BIOS password, and nothing
stopping someone from using a different OS with fewer restrictions, or USB tethering,
or some sort malware, probably, in addition to security practices that are
wildly inconsistent, which leads me to the final and largest grievance:
4. don't give admin priveledges to an account without a password.
seriously. why would you do this? I don't understand.
you at least bothered to secure the accounts that don't even matter,
albeit with weak and publicly known passwords (that are the same on all machines),
but then you went and left the LEAST secure account with the MOST priveledges?
I could understand if it were just a single-user machine. Auto login as admin.
Lots of people do that and have a reason for it. But... no. I just... why?
anyway, don't worry, all I did was install python so I could play with scripting
during class. if that bothers you, trust me, you have much bigger problems.
I mean you no malice. just trying to help.
For real. Don't kick me out of school for being helpful. That would be unproductive.
Plus, maybe I'd be a good candidate for your cybersec track. haven't decided yet.
-- a guy who isn't very good at this and didn't have to be
have a nice day <3
oh, and I fixed the clock. you're welcome.2 -
Seriously, fuck that incompetent ISP of mine.
Stores passwords in fucking plaintext. Does VoIP calling in plaintext! Passwords are sent over postal mail! Passwords are at least not sent in plain via email anymore when you want to reset them. The password reset form, "cannot contain `", "cannot contain "", "cannot contain '", "must contain a special character" because why the fuck not mess with people's password manager's password generation function over our own incompetence, right?! And showing all those errors for a single password? Eh, no. Let's just show one error that applies to whatever password you've given at that time. JUST ONE, because "reasons"! And to top it all off, when I finally made myself a nice password with some padding to remove unwanted chars and put that in my password store and on the website. THE BLOODY THING CAN'T EVEN FUCKING LOGIN?!
Now I ain't no ISP, but being a sysadmin clearly isn't a requirement when you're going to apply for work at an ISP, THAT DOES NOTHING BUT FUCKING SYSADMIN STUFF!!! Incompetent pieces of SHIT!!!3 -
NO FUCKING GOOD NIGHT FOR FLOYD.
THIS MULTI FACTOR AUTHENTICATION IS A FUCKING NIGHTMARE.
So my organisation uses some MFA app as an SSO to access any and everything. Fantastic. Absolutely wonderful. No VPN shit and one password to rule them all.
But, for some reason I accidentally deleted the app from my phone and as any normal human being would do, I also reinstalled the app.
Well, post reinstalling, the app does not detect the linked Org account.
I was cool, when I'll login, the system will throw a prompt to map the phone.
So I login to org URL from my machine and lo and behold, the URL says that MFA is already linked to the phone and I have to enter the Citrix type code to login.
But phone does not show the code because account is no longer linked and web does not have option to change/re-register the phone.
What the actual unholy fuck?????? Bloody retards. How am I suppose to get in now?
So after a Googling for a bit, a thread mentioned that this is most common issue faced by users with this MFA app. The only way to get this resolved is to contact your IT team.
Cool. Let's do that.
I opened the link to my IT portal and it asks me to login via SSO which is what I need help with in first place.
I can't login to Slack because fuckers ask SSO every time the app is exited. So no contact there.
Thankfully bastards allow Outlook so was able to drop a note to one of my team member, whom I connected recently and is very nice, asking her to help me sort this IT team.
If this is the most common use case then why the fuck not add a feature to help people overcome this shit?
And my IT team is absolute nuts. No other way allowed to reset the linking or connect them or any help links provided on login page.
Whoever was behind this design should be dipped in donkey shit and deep fried in pig urine.6 -
Cracking old recovery CDs for the 9x/2000/XP era shines some light into how companies operated and when concepts came to be in that time:
Packard Bell: An EXE checks that you're running on a Packard Bell machine and reboots if it's not. How do we bypass it? Easy: just fucking delete it. The files to reinstall Windows from scratch come from...
...
C:?
Yup. Turns out Packard Bell was doing the recovery partition thing all the way back to the 9x era, maybe even further. Files aren't even on the restore disc so if your partition table got fucked (pretty common because malware and disk corruption) you were totally fucked and needed to repurchase Windows. (My dad, at the time, only charged at-cost OEM prices for a replacement retail copy. He knew it was dumb so he never sold PB machines.)
Compaq:
Computer check? Nope, remove one line from a BATCH file and it's gone.
Six archives, named "WINA.ZIP" through "WINF.ZIP" (plus one or two extras for OEM software) hold Windows. Problematic? Well... only because they never put the password anywhere so the installer can't install them. (Some interesting on-disc technician-only utils, though!)
Dell:
If not a Dell machine, lock up. Cause? CONFIG.SYS driver masquerading as OAK (the common CD driver) doing the check, then chainloading the real OAK driver. Simple fix: replace the fake driver with the real one.
Issues?
Would I mention this one if there weren't?
Disc is mounted on N:. Subdirectories work, but doing anything in them (a DIR, trying to execute something, trying to view shit in EDIT.COM) kicked you back to the disc root.
Installer couldn't find machine manifest in the MAP folder (it wanted your PC's serial before it'd let you install, to make sure you have the correct recovery disc) so it asked for 12-digit alphanumeric serial. The defined serials in the manifest were something like "02884902-01" or similar (8-2, all numbers) and it couldn't read the file so it couldn't show the right format, nor check for the right type.
Bypassing that issue, trying to do the ACTUAL install process caused nothing to happen... as all BATCHes for install think the CD should be on X:.
Welp.
well that was fun. Now to test on-real-PC behavior, as VBOX and VMWare both don't like the special hardware shit it tries to use. (Why does a textmode GUI need GPU acceleration, COMPAQ?????)4 -
These motherfucking incompetent programmers... Demon spaghetti code base saga continues.
So they have a password change functionality in their web app.
We have to change the length of it for cybersecurity insurance. I found a regex in the front end spaghetti and changed it to match the required length.
Noticed 7 regexes that validate the password input field. Wtf, why not just use one?! REGEX ABUSE! Also, why not just do a string length check, it's fucking easy in JS. I guess regex makes you look smart.
So we test it out and the regexes was only there for vanity, like display a nicely designed error that the password doesn't have x amount of characters, doesn't have a this and that, etc.
I check the backend ColdFusion mess that this charismatic asshole built. Finally find the method that handles password updates. THERE'S NO BACKEND VALIDATION. It at least sanitises the user input...
What's worse is that I could submit a blank new password and it accepts it. No errors. I can submit a password of "123" and it works.
The button that the user clicks when the password is changed, is some random custom HTML element called <btn> so you can't even disable it.
I really don't enjoy insulting people, but this... If you're one of the idiots who built this shit show and you're reading this, change your career, because you're incompetent and I don't think you should EVER write code again.8 -
Fucking Square Enix Website is just a huge pile of shit. NOTHING WORKS!
Wanna change your password? Nah sorry an error occured.
Wanna change your username? Nah sorry I'll just show you a loading symbol forever.
Wanna add a game to your collection? Nah sorry the "add" button is on fucking holiday and doesn't do anything.
Wanna change your avatar? Nah sorry I'll just redirect you and don't do anything.
Most amazing part is where you log in, then get redirected to the home page but it still shows the "Log in" button. Then you click on that "Log In" button and wosh! Home page reloads and tada! You're logged in!
Seriously who let this code into production? Also I know that you're using GraphQL now, due to an error message. Thank you!
Fucking bullshit...6 -
Oh boy, this is gonna be good:
TL;DR: Digital bailiffs are vulnerable as fuck
So, apparently some debt has come back haunting me, it's a somewhat hefty clai and for the average employee this means a lot, it means a lot to me as well but currently things are looking better so i can pay it jsut like that. However, and this is where it's gonna get good:
The Bailiff sent their first contact by mail, on my company address instead of my personal one (its's important since the debt is on a personal record, not company's) but okay, whatever. So they send me a copy of their court appeal, claiming that "according to our data, you are debtor of this debt". with a URL to their portal with a USERNAME and a PASSWORD in cleartext to the message.
Okay, i thought we were passed sending creds in plaintext to people and use tokenized URL's for initiating a login (siilar to email verification links) but okay! Let's pretend we're a dumbfuck average joe sweating already from the bailiff claims and sweating already by attempting to use the computer for something useful instead of just social media junk, vidya and porn.
So i click on the link (of course with noscript and network graph enabled and general security precautions) and UHOH, already a first red flag: The link redirects to a plain http site with NOT username and password: But other fields called OGM and dossiernumer AND it requires you to fill in your age???
Filling in the received username and password obviously does not work and when inspecting the page... oh boy!
This is a clusterfuck of javascript files that do horrible things, i'm no expert in frontend but nothing from the homebrewn stuff i inspect seems to be proper coding... Okay... Anyways, we keep pretending we're dumbasses and let's move on.
I ask for the seemingly "new" credentials and i receive new credentials again, no tokenized URL. okay.
Now Once i log in i get a horrible looking screen still made in the 90's or early 2000's which just contains: the claimaint, a pie chart in big red for amount unpaid, a box which allows you to write an - i suspect unsanitized - text block input field and... NO DATA! The bailiff STILL cannot show what the documents are as evidence for the claim!
Now we stop being the pretending dumbassery and inspect what's going on: A 'customer portal' that does not redirect to a secure webpage, credentials in plaintext and not even working, and the portal seems to have various calls to various domains i hardly seem to think they can be associated with bailiff operations, but more marketing and such... The portal does not show any of the - required by law - data supporting the claim, and it contains nothing in the user interface showing as such.
The portal is being developed by some company claiming to be "specialized in bailiff software" and oh boy oh boy..they're fucked because...
The GDPR requirements.. .they comply to none of them. And there is no way to request support nor to file a complaint nor to request access to the actual data. No DPO, no dedicated email addresses, nothing.
But this is really the ham: The amount on their portal as claimed debt is completely different from the one they came for today, for the sae benefactor! In Belgium, this is considered illegal and is reason enough to completely make the claim void. the siple reason is that it's unjust for the debtor to assess which amount he has to pay, and obviously bailiffs want to make the people pay the highest amount.
So, i sent the bailiff a business proposal to hire me as an expert to tackle these issues and even sent him a commercial bonus of a reduction of my consultancy fees with the amount of the bailiff claim! Not being sneery or angry, but a polite constructive proposal (which will be entirely to my benefit)
So, basically what i want to say is, when life gives you lemons, use your brain and start making lemonade, and with the rest create fertilizer and whatnot and sent it to the lemonthrower, and make him drink it and tell to you it was "yummy yummy i got my own lemons in my tummy"
So, instead of ranting and being angry and such... i simply sent an email to the bailiff, pointing out various issues (the ones6 -
Saw a classmate returning an plain text password from a function to try to push it in a JSON file for an API we have to build for class.
I try to correct him and show him a few things that are better practices and for security, I get yelled at and called a know-it-all for trying to help... I'm so done with people -.-4 -
Whelp. I started making a very simple website with a single-page design, which I intended to use for managing my own personal knowledge on a particular subject matter, with some basic categorization features and a simple rich text editor for entering data. Partly as an exercise in web development, and partly due to not being happy with existing options out there. All was going well...
...and then feature creep happened. Now I have implemented support for multiple users with different access levels; user profiles; encrypted login system (and encrypted cookies that contain no sensitive data lol) and session handling according to (perceived) best practices; secure password recovery; user-management interface for admins; public, private and group-based sections with multiple categories and posts in each category that can be sorted by sort order value or drag and drop; custom user-created groups where they can give other users access to their sections; notifications; context menus for everything; post & user flagging system, moderation queue and support system; post revisions with comparison between different revisions; support for mobile devices and touch/swipe gestures to open/close menus or navigate between posts; easily extendible css themes with two different dark themes and one ugly as heck light theme; lazy loading of images in posts that won't load until you actually open them; auto-saving of posts in case of browser crash or accidental navigation away from page; plus various other small stuff like syntax highlighting for code, internal post linking, favouriting of posts, free-text filter, no-javascript mode, invitation system, secure (yeah right) image uploading, post-locking...
On my TODO-list: Comment and/or upvote system, spoiler tag, GDPR compliance (if I ever launch it haha), data-limits, a simple user action log for admins/moderators, overall improved security measures, refactor various controllers, clean up the code...
It STILL uses a single-page design, and the amount of feature requests (and bugs) added to my Trello board increases exponentially with every passing week. No other living person has seen the website yet, and at the pace I'm going, humanity will have gone through at least one major extinction event before I consider it "done" enough to show anyone.
help4 -
Worst error message to show a new user...
"An account with that email and password already exist. Please try again or login to your account." 😂😂😂😂💀💀💀💀3 -
They've been in a meeting with some clients the whole morning.
12PM, time for me to go. Say Happy New Year and am on my way home.
12:20 Got home, took shirt off, got something to eat from the fridge.
12:22 Bit the first slice of pizza. Phone rings.
- "Yo' we wanted to show them app 2 but I can't log in."
+ "I left the laptop (and the whole dev environment) there, and there's no PC on in my house (and no dev environment whatsoever)."
- "Well check with your phone. [SIC] Tell me when you fix it."
12:32 I had turned my personal computer on; checked the problem was what I imagined (unpkg lib with no version defined on the link had a new major/non-retrocompatible version); grabbed an online FTP tool; remembered IP, user & password; edited the single line that caused the problem; and checked it worked. Calling back.
+ "It's fixed."
- "Thanks!"
12:38 CEO sent me an image of the app not working, due to a known bug.
+ "That happens if you try to access app 1 having accessed app 2 and not logging off." (app 2 isn't being used / sold, as it's still in development) "Try logging off and logging in again from app 1."
- * radio silence *
+ * guess they could get in *
They had the whole freaking morning. 😠
I'm the hero CMMi's level one warns you about. But at what cost.
Happy early New Year's Eve everyone.2 -
Let's talk about the cargo cult of N-factor authentication. It's not some magic security dust you can just sprinkle onto your app "for security purposes".
I once had a client who had a client who I did server maintenance for. Every month I was scheduled to go to the site, stick my fingerprint in their scanner, which would then display my recorded face prominently on their screens, have my name and purpose verified by the contact person, and only then would the guards let me in.
HAHA no of course not. On top of all of that, they ask for a company ID and will not let me in without one.
Because after all, I can easily forge my face, fingerprints, on-site client contact, appointment, and approval. But printing out and laminating a company ID is impossible.
---
With apologies to my "first best friend" in High School, I've forgotten which of the dozens of canonicalisations of which of your nicknames I've put in as my answer to your security question. I've also forgotten if I actually listed you as my first best friend, or my dog - which would actually be more accurate - and actually which dog, as there are times in my High School life that there were more tails than humans in the house.
I have not forgotten these out of spite, but simply because I have also forgotten which of the dozen services of this prominent bullshit computer company I actually signed up for way back in college, which itself has been more than a decade ago. That I actually apparently already signed up for the service before actually eludes me, because in fact, I have no love for their myriad products.
What I have NOT forgotten is my "end of the universe"-grade password, or email, or full legal name and the ability to demonstrate a clear line of continuity of my identity from wherever that was to now.
Because of previous security screwups in the past, this prominent bullshit company has forced its users to activate its second, third, and Nth factors. A possibly decade-old security question; a phone number long lost; whatever - before you can use your account.
Note: not "view sensitive data" about the account, like full name, billing address, and contact info. Not "change settings" of the account, such as changing account info, email, etc. Apparently all those are the lowest tier of security meant to be protected by mere "end of the universe"-grade passwords and a second factor such as email, which itself is likely to be sold by a company that also cargo cults N-factor auth. For REAL hard info, let's ask the guy who we just showed the address to "What street he lived in" and a couple others.
Explaining this to the company's support hotline is an exercise in...
"It's for your security."
"It's not. You're just locking me out of my account. I can show you a government ID corroborating all the other account info."
"But we can't, for security."
"It's not security. Get me your boss."
...
"It's for security."8 -
The hand of IT guy in family
My family sees me as guy who works on IT stuff. The best part is that I will have to help them whenever they encounter problem regarding electronics in daily activities.
Son! The internet is not working
Son! The printer is not working
Son! The TV is not working
Son! My phone didnt get any signals
Son! The microwave is not working
Son! The TV remote is not working
Son! Why is this whatsapp popup always appear whenever I opened it
Son! The dvd player is not working
Son! My phone wont charged
Son! I want to buy online stuff
Son! The email that ur uncle sent me cannot be opened
Son! The email that ur aunt sent me is not there
Son! Can u help me download this travelling app
Son! I opened a website and it told me that I have 163718362 virus!
Son! I forget my password of my facebook account!
Son! Some guy idk on facebook added me as his/her friends, what should i do?
....
Son! The internet is not working (again)
The fact is that, most if these problem, I helped them by just.. restarting the router, reboot the router for 1 min interval, find specific toggler in disfunctional hardware that they accidentally hit during sweeping the floor, take out the power and put it back again, show them how to's in many account/payment mechanism in apps, etc
The very best part that whenever they satisfied, whenever things back to work again, whenever they can reset the password:
"I've tried what you told me, but it just didnt work, but idk when u did it, it works! you are really an IT guy"
And i was like
🙃4 -
Why do most apps have a password reset page that redirects to a mobile site ?
Why not give them a code they can enter into the app which would then show a password reset page within the app or a link which opens the page within the app.
Isn't it good practice to keep the user within the app?
Isn't it better to serve a token than serve an entire html webpage for the server.
I've been thinking about this but 90% people follow the website pattern and Idk why. Am I missing something ?
Please fill me in on it. (Even devrant uses the same pattern)5 -
Can we stop that trend of only showing the username field and then show the password field after filling the username clicking next? It messes with my Keepass browser addon.
Apart from that, it messes with human workflow as well. Enter Username -> TAB -> Enter Password -> ENTER. With that stupid UI you have to either focus the next button with Tab and hope hitting Enter does not already submit the login form or switch to mouse and click the Next button.10 -
We hired someone to make the new front site because I was too busy.
The guy had a plain text password system to show, mispronounced "FontAwesome", and used WordPress.
He was not an instructor but was supposed to be the "senior option" for when I couldn't do something for any reason.
I later asked him for some opinion on how to translate the site, and he disabled the Captcha plugin. I. Don't. Know. Why. I figured because of all the spam I got suspiciously after he "took a look" at the admin panel.
Luckily I could get him out of the contacts and now we are looking for more devs. -
any fucker who has written code for the indian ewaybill portal needs to be fucking assassinated. couldn't even get a simple aspx login page to work. motherfuckers.
They just display a message that if we are having troubles we should try clearing our cache.
Like for fucks sake build it properly. This is the main source of income for this fucking nation, probably.
- the password reset doesn't work.
- the userid reset doesn't work.
- sometimes i show up as not registered. i just fucking transacted yesterday you buffoons.
- there is an error alert, that says "error". i god fucking know there is an error. please fucking tell how may we please your ass to bypass those fucking errors 😭.
fuck every developer that works for that portal 😤. Good for nothings.
thanks for creating devrant, dfox and trogus. feels better now 😌.7 -
Those little assholes who code the web interfaces for the provider specific router. You also can't replace it with a fritzbox or something similar.
1. Password field only
2. Password field is no password field
3. This red internet thing doesn't tell me what's fucking wrong
4. The "diagnose" says everything is alright with my internet
5. It always complains because not every device in my network supports gigabit yet (there is an old switch). No reason to show everything in fucking red imo.
6. The things it lists I have to check can be and also should be checked by the fucking thing itself. Like wtf. They wanted a lot of money from me for this shitty thing and there is no temperature sensor to check if it's too hot.
7. It just stops working on hot days... Restart manually solves it. Let's restart manually from work when I have to access my files on my NAS from fucking 40 km away..
(see comments for more screenshots)4 -
It was the last year of high school.
We had to submit our final CS homework, so it gets reviewed by someone from the ministry of education and grade it. (think of it as GPA or whatever that is in your country).
Now being me, I really didn’t do much during the whole year, All I did was learning more about C#, more about SQL, and learn from the OGs like thenewboston, derek banas, and of course kudvenkat. (Plus more)
The homework was a C# webform website of whatever theme you like (mostly a web store) that uses MS Access as DB and a C# web service in SOAP. (Don’t ask.)
Part 1/2:
Months have passed, and only had 2 days left to deadline, with nothing on my hand but website sketches, sample projects for ideas, and table schematics.
I went ahead and started to work on it, for 48 hours STRAIGHT.
No breaks, barely ate, family visited and I barely noticed, I was just disconnected from reality.
48 hours passed and finished the project, I was quite satisfied with my it, I followed the right standards from encrypting passwords to verifying emails to implementing SQL queries without the risk of SQL injection, while everyone else followed foot as the teacher taught with plain text passwords and… do I need to continue? You know what I mean here.
Anyway, I went ahead and was like, Ok, lets do one last test run, And proceeded into deleting an Item from my webstore (it was something similar to shopify).
I refreshed. Nothing. Blank page. Just nothing. Nothing is working, at all.
Went ahead to debug almost everywhere, nothing, I’ve gone mad, like REALLY mad and almost lose it, then an hour later of failed debugging attempts I decided to rewrite the whole project from scratch from rebuilding the db, to rewriting the client/backend code and ui, and whatever works just go with it.
Then I noticed a loop block that was going infinite.
NEVER WAIT FOR A DATABASE TO HAVE MINIMUM NUMBER OF ROWS, ALWAYS ASSUME THAT IT HAS NO VALUES. (and if your CPU is 100%, its an infinite loop, a hard lesson learned)
The issue was that I requested 4 or more items from a table, and if it was less it would just loop.
So I went ahead, fixed that and went to sleep.
Part 2/2:
The day has come, the guy from the ministry came in and started reviewing each one of the students homeworks, and of course, some of the projects crashed last minute and straight up stopped working, it's like watching people burning alive.
My turn was up, he came and sat next to me and was like:
Him: Alright make me an account with an email of asd@123.com with a password 123456
Me: … that won't work, got a real email?
Him: What do you mean?
Me: I implemented an email verification system.
Him: … ok … just show me the website.
Me: Alright as you can see here first of all I used mailgun service on a .tk domain in order to send verification emails you know like every single website does, encrypted passwords etc… As you can see this website allows you to sign up as a customer or as a merc…
Him: Good job.
He stood up and moved on.
YOU MOTHERFUCKER.
I WENT THROUGH HELL IN THE PAST 48 HOURS.
AND YOU JUST SAT THERE FOR A MINUTE AND GAVE UP ON REVIEWING MY ENTIRE MASTERPIECE? GO SWIM IN A POOL FULL OF BURNING OIL YOU COUNTLESS PIECE OF SHIT
I got 100/100 in the end, and I kinda feel like shit for going thought all that trouble for just one minute of project review, but hey at least it helped me practice common standards.2 -
Yet another day at my company, Im rewriting some old code for client (rewriting old, php 4 system for vindications managment) and you know the moment when you are focused and someone comes to you to absolutely ruin your focus. Fine, whatever. Oh, for fuck sake. Again dev is doing as support becouse one moron with second can't login into zimbra admin panel and add fucking mailbox. I show them exacly how they login, remind them they are admins too, slowly show them, so you click "manage" than you click that gear icon and than you click "new", fill in email address and password. As simple as 1-2-3. Okay, fuck it, time to go for a cig. I just finish up few lines and stand, grab my vape and start walking towards door. In door I find my buddy with 2 random people. He told me that they are interns and that I should show them some basics and stuff around that. Oh god, fuck my life. If anything, Im definitely very bad teacher, mainly becouse I often have problems with saying what I mean in the way that somebody actually understans and knows what I am trying to say. Whatever. Fuck it all. I grab two of our old laptops that nobody used in like a year or so, and first thing I quickly figure out, is that one day for some what the fuck reason I dont even dont bothered to remember I installed Arch on both while I dont usually use Arch. I just needed it for some specific reason. Whatever. So I guess I will need to upgrade fucking system. Our network isn't really great so that was like... hour or so. In the meantime I figured what they know about coding in general etc, and holly shit. One of them (there was boy and girl), girl, apparently never ever in her life even touched code. Well... fuck. Why am I wasting my time? Becouse there was some programme or some shit like that... Someone could tell me before so I could mentally prepare.. fuck it. whatever. So while laptops are doing their pacman thing, I sit with them and slowly start to explain based on my machine some really basic concepts. Second guy actually had some expirience, he knew how to make some really really basic logic and stuff, so he had another world of problems, becouse it was PHP and, as we all know, everyone hates PHP, and... yeah.. You can probably imagine his approach. Yes, you get user input in super global array. I really wanted to say "Now shut the fuck up and write that fucking $_POST".
hour or so passed, I was close to giving up to not let my anger rise (im not really good teacher... I mentioned it. I suck at teaching others) but luckly machines upgraded. He wanted to use visual studio code, she didnt care too much, so I installed phpstorm in trial mode. whatever. Since that's linux and they were not comfortable with that, I walked them through installing LAMP stack, and when finally it started to look like LAMP stack, I requested them to google how to install xdebug, becouse xdebug is very usefull and googling skill is your best weapon on that field. I go for cig, come back and what I see boiled me a little bit. The girl was stuck looking at github page randomly looking through xdebug source code and idk... hoping for miracle (she admited she thought there will be instructions somewhere) and the guy was in good place, xdebug has a place to paste your phpinfo() for custom instructions. But it didn't work for him, he claims that wizzard told him it cant help him.. hmm intresting, you are sure you pasted in phpinfo? yes, he is sure. Okay, show me.
Again mindblown how someone can have problems with reading.
so his phpinfo() looked like that:
```<?php
phpinfo();```
I highlighted on the page the words "output of phpinfo". He somehow didn't see it or something. He didnt know, he thought that he needs to put in phpinfo so he did. OMG.
Finally, I figured out I can workaround my intern problem, and I just briefly shown them php.net, how documentation looks, said to allways google in english, if he uses tutorial to read whole fucking thing, not just some parts of it, and left them with simple task, that took them whole day and at which they ultimately failed.
To make 3 buttons labeled "1" "2" "3" and if someone presses one of them, remember in session that they pressed it and disallow pressing other ones.
Never fucking again interns. Especially those who randomly without apparent reason almost literally just spawn in front of you and here, its your fucking problem now.
Fuck it, I have some time to get back to my stuff. Time is running so lets not waste it.
After around 15 minutes my one of my superiors comes in and asks me if I can go on meeting with him and other superior. My buddy goes with us, and next 3 hours I was basically explaining that you cannot do some things (ie. know XYZ happened without any source of information) in code, and I can't listen for callbacks from ABC becouse it wont send anyc cuz in their fucking brilliant idea ABC can't even know that this script would even exist, not to mention it wants callbacks.
Sometimes I hate my job.4 -
Dashlane is the worst password manager to use. I was trying to set up categories and since it does not have a simple selection box change feature I had to grab almost 100 at a time to change. Unfortunately after changing them I realized I had a duplicate and I clicked on that one to delete it. The system was still selecting all 100 (it uses a slightly gray color to show what is selected rather than a clear check box type feature) and it deleted all 100 passwords. It never asked me a question or gave me an undo feature. The interface is very difficult to handle.
Further, to set up a second user and grant them access to a large number of passwords (in this case my wife I wanted to give her access to 128 passwords), you must click them one at a time and then when you set it up they cannot get their own master password. Very cumbersome.1 -
I decided to run the ROCKYOU password list to see if there are any patterns in md5 hashing, not sure why but I am starting to confuse myself and I need a new pair of eyes to have a look.
in advance, sorry for the shitty image, that lappy is a temporary solution.
So the very accurate and not bias numbers show that the letter "0" appears more than the rest, would there be any use in let's say ordering the wordlist with words that have the most "0" and "7" in their hash to appear at the top?
I believe I might be trying to stretch the numbers and see a pattern where there is none but its worth a shot I think.
Note:
- These numbers come from only about ~14m words
My thinking trail is that if statisticaly these hashes are more likely to appear, they are more likely to be the one I am looking for?3 -
Changed db host from sles 11 to sles 12...
Users had to set a new pw...
And there is this guy, who is longer in this business,than i am on this world...
Yet i had to show him passwd...
And now he gets back to me with the following:
C: "since the pw reset my password doesn't work"
> Cutout from the error message, which clearly says ssh algorithm negotiation failed
Me: "just to be sure, are your pws set correctly? And what client do you have, where does this message come from?"
C:"i checked the pws, they match. I still get the error."
...
Me: "... And whats your client? Does putty/cygwin still work"
C:"yeah they still work"
...
Me:"and what throws this error?"
C:"uhm Ant"
*Fyi: some version as old as the brown coals used to do some shady db2 and java stuff"
*Me doin a quick googleing for the error and Ant"
Me:"yup... It appears, that the java lib has some problems with the ssh algorithms.. here are some stackoverflow links, which described your problem." *at least make me try, please*
*Waiting for his response, which will surely result in pure enlightenment and bliss for me...*
Seriously... How dares java to fuck this up... -
Our customer's internal IT department isn't able to offer a solution for a single sign-on when the user needs to navigate into one of their apps. So they just show something like this before that happens: "For security reasons you'll have to enter your username and password again during the next step." Sure, that sounds believable. Oh boy.1
-
Last weekend I was working on a small project for a friend of mine: a dockerized webapp, plus API backend and DB. I had some problems with the installation on the vps and had to try out different images and never really did a complete setup of my usual dotfiles. Got it running on an Ubuntu distro. Everything great.
It was the first release so I still had to check that every configuration worked ok, like letsencrypt companion container, the reverse proxy and all that stuff, so I decided to clone the whole project on the server tho make the changes there and then commit them from there.
Docker compose, 10 lines of code, change the hosts and password. Boom everything working. Great... Except for the images in the webapp.
WTF? Check the repo, here they are, all ok. I try different build tactics. Nothing. Even building the app on another docker always the same. Checked browser cache, all the correct ports are open. I even though that maybe react was still using some weird websocket I didn't know, but no.
Damn, I spent 5 hours checking why the f*** the server wouldn't make it out.
Then, finally, the realization...
I didn't install the f******* git-lfs plugin and all I was working with were stupid symbolics links! Webpack never even throw an error for any of the stupid images and the browser would only show a corrupted image, when decoding the base64 string.
Literally the solution took 5 minutes.
F*** changes on production, now I do everything on a fully automated CI. -
TLDR: I wanted to change email to new one, but I could not remember which one I have
currently. I found out an API in DevRant JS files for email verification and used
it to find it out.
So, I am moving from Gmail to Protonmail Pro, absolutely love their service.
I wanted to do same on Devrant but I could not figure out my current mail for
"I lost my password" form. My Password Manager have only login saved, and profile does
not show email address.
I thought that this user information is stored on server so it have to be some way to retrieve it. I dug
in source code and I've found:
`<div class="signup-title">Verify Your Email</div>`
Which has event assigned to function which uses jQuery.ajax (love it btw :D) to call:
`url: "/api/users/me/resend-confirm",`
This seems like worth a shot. Few copy-pastes and one ajax call later:
*Ding*
From: support@devrant.io
To: dawid@dawidgoslawski.pl
"Welcome to Devrant"
Got it :) So I have already changed in march when DevRant on previous layout.
This is what I love in this profession - problem solving. AI will not replace human
in any way, we will just stop coding array iterations and data manipulation - we will focus
on real problem solving and human touch (like design, convincing management for changes).1 -
I fucking hate people who uses complex words to describe something simple.
Describing a frame work
Show-off : "..you can define what objects/tables to expose, what values in that object you want to expose...if you are using some orm, then because you have models defined. Once you update your model, your endpoints get the new model..."
Simpleton : "something like parse..."
Wtf is 'fixedUUID'?
Show-off: "..hardcoded UUID is fixed (constant) value, with format of UUID, hardcoded UUID will be unique value between backend and frontend,
you will need to store it as constant value in your codebase ( we may encrypt/ decrypt it for security reasons)..."
Simpleton : "a secret password only u & I know"
--why whyyyyyyyyyy2 -
Just upgraded to macOS High Sierra (10.13.1), and holy cow it is buggy as hell.
Some of my findings include:
1. unresponsive "cancel" button on certain dialog boxes.
2. erratic behaviour of the "show password" checkbox.
guess how is trying to downgrade until the requisite patches arrive?2 -
When our app encounters an error, it shows an alert with an option to copy the error details to the clipboard, that includes the full stack trace, broadcasting to the world that we are coding in C#. Also, our page URLs show .aspx at the end, so anyone using it can see details of our implementation. Not exactly world-stopping since the desktop portal is only available on customer servers and the ipad app requires username/password AND pin authentication. But still....
-
!long rant
Trying to work from home is always a pain, since we need to use company laptops (no ifs, ands or buts about it).
Yesterday I took the laptop in to check for updates that just wouldn't run while at home (my first mistake), and I couldn't get past the "Press Ctrl+Alt+Delete to login" screen, laptop keyboard didn't seem to be registering clicks, and an external keyboard wasn't either (and I forgot about the on-screen keyboard). A couple of restarts later with no further changes to the situation, the laptop then didn't get past the BIOS screen.
So I called support (my second mistake) and logged an incident.
Couple of hours later someone comes to my desk and asks about the issue, so I describe it, show them (by now the laptop was once again getting past BIOS screen), and leave them to it. Since these laptops are just used as preconfigured VPN and RDP gateways, I said it would be okay if he just wanted to reinstall the OS (my third mistake).
Several hours later, after staying late last night waiting for it to finish, I loaded my profile, installed updates, shut down, grabbed my stuff and left, without checking VPN or RDP over WiFi (my fourth mistake).
Turns out that some of the buttons on the keyboard just no longer work, but now USB keyboards do work, and I can just use OSK to login while out. I figured this would be my only issue with things, and that it was acceptable.
This morning I attempt to use the laptop, and forgot about OSK and the faulty delete button, so spent a few minutes on that. Try to connect to WiFi and find it can't connect, because of course, it doesn't remember the WiFi password, so I root around for the code in some drawer, enter it, and it works. VPN tries to connect and... get told to insert my smart card, which is already inserted, because the driver is wrong!
So I'm sitting here writing a post, not quite believing that I'm considering cancelling my plans for the day to go into the office because of a bloody driver issue now...1 -
I work in a small team. As the senior dev I tens to focus on important tasks that shape the core of the product but some times I can’t divide my self when there are multiple tasks at hand, so I pass some tasks to the an other mid level dev.
So the task was to create an automation in order to CD (continuously deliver) an order from WHMCS of the (git versioned) product to customers UAT, PROD envs.
To get a background this is an old guy with “constricted” experience in PHP/jQuery/Joomla/Wordpress.
So when we were breaking up the tasks he told me he would like to implement this so i gave him the task as i was busy with core features.
I was like what could go wrong? I know he doesn’t know much about CI/CD but he can read right? He will google right? He will search for CI/CD solutions that do this out of the box right? He will design on paper or what ever and do small POCs right? He will design the flow first before starting the implementation right? RIGHT?
So fast forward to today I had a call with him this morning about some DB staff. And he wanted to show me his progress…
His solution is:
(parentheses is my brain)
1. Customer completes WHMCS order (perfect)
2. Web Hook 🪝 action (YES)
3. cpanel gets source and “automatic!” Init, all using pure PHP code ignoring the usage of the current framework (ok… something is missing)
4. cpanel web hooks(?) WHMCS to send email to customer with the envs initial setup page(?)
5. Customer opens link and adds setup info (ok fuck, fuck, fuck)
(Ok stay cool composed, lets ask some questions maybe he thought it all in a cool way I can’t get my mind around)
Me: So how are you gonna get the correct version from the repo to the env and init the correct schema?
Dev: I haven’t thought about it yet.
Me: Are we gonna save each version to a file system then your code is going to fetch them?
Dev: I haven’t really thought about it we will see. But look on customer init user setup I implemented a password strength validation and it also checks if the password is the same.
So after this Pokémon encounter I politely closed teams. Stood up drank some (a lot) coffee ☕️. Put out the washed laundry while reflecting on life’s good things, while listening to classical music 🎼 .
Then I sat on my office chair drank some more coffee, put some linking park starting with in that order:
“Numb” then “What I’ve Done” and ended with “In the end, it does really fucking matter” -
A fucking space character should never be allowed in a wifi password!!! Just spent 4 hours looking to why the fucker would not connect to find a space on the end!! Trim or show an error!!!4
-
This is not a developer-related rant, but honestly, I'm annoyed, and this felt like the best place to vent.
My Twitter account has been suspended/restricted. I can still log in, but I can't tweet, follow people, anything.
No reason was given to me at all for my restriction, other than an automated reply when I attempted to appeal it stating they suspected my account of being hacked - an account I hadn't used in about a month, has a randomly generated 12 character password and has 2FA.
Here's the thing - I didn't grow up with Twitter, I've never really taken an interest in it, I only have my account to post dev stuff now and then as I know some over devs do - It felt like a good place to easily log what I'm currently working on and show off my work that I was proud of.
There aren't any other platforms I know of where I can do that, other than here (but my work consists of things that are also not dev related, so...)
I have no idea if I will get my Twitter account back; it's been over a week now since I attempted to appeal it with absolutely no response.
If anyone knows decent platforms where I can share my work and progress (dev, art, level design, etc.) and can use it sort of like a dev blog, I would greatly appreciate it.4 -
Im travelling with a show. And we just arrived. Since we are in a foreign land, I do not wish to use my data bundle.
So we see a wifi name that is pretty much our show name. So we naturally assume that it is for us but we havent gotten the wifi password yet.
So i tried 3 passwords and then guessed correctly. The date of our performance....