A colleague and I spent a month building a Shopify app that allows merchants to give customers store credit.

Since Shopify's API is so limited, we were forced to augment it's functionality with a Chrome extension.

Now before you go throwing full wine bottles at your screen because of how wrong and disgusting that is, note that Shopify's official documentation recommends 5 different extensions to augment functionality in their admin panel, so as gross as it is, it seems to be the Shopify way...

Today we got a reply from their review team. They won't accept the app because it requires a Chrome extension to work properly and that is a security risk.

Are you fucking kidding me? So I guess Shopify is exempt from their own security standards. Good to know.

Not to mention the plethora of published apps that require a staff account's username and password to be provided in plain text upon setup so it can spoof a login and subsequent requests to undocumented endpoints.

Fuck you and your "security standard" Shopify!

Behold this gem I found at a local super market back in July!

Windows, God damn you piece of fucking shit.

Why the fuck can't you make networking fucking easy like literally every other fucking operating system in the goddamn fucking world?

Why the fuck can't I spoof mac addresses so that I have the same IP address regardless of if I'm on a hard line or wireless?

Who in their fucking right mind thought that the pro version of Windows wouldn't need to do that?

I don't even like using you at this point, I'm forced to use you for work.

There's literally not enough explicitives that I can chain together to sufficiently convey how much I fucking hate you Microsoft. So enjoy this seizure inducing tourette's mode compilation.

Fuck shit cock piss mother fucker asshole bitch mother fucker sick and tired of your fucking shit Microsoft you fucking cuck piece of shit nobody fucking likes you they only have to use you because no fucking business in their right mind is going to spend the millions of dollars it cost to fucking switch over to fucking Mac or Linux I hope you fucking choking a bag of HIV riddled flaming dicks you fucking piece of shit.

That feeling when your client connection is more stable than the connection of a fucking game server... Incompetent pieces of shit!!! BEING ABLE TO PUT A COUPLE OF SPRITES DOESN'T MAKE YOU A FUCKING SYSADMIN!!!

Oh and I sent those very incompetent fucks a mail earlier, because my mailers are blocking their servers as per my mailers' security policy. A rant from the old box - their mail servers self-identify a fucking .local!!! Those incompetent shitheads didn't even properly change the values from test into those from prod!! So I sent them an email telling them exactly how they should fix it, as I am running the same MTA on my mailers (Postfix), at some point had to fix my mailers against the exact same issue as well, and clearly noticed in-game that they have deliverability problems (they explicitly mention to unblock their domain). Guess why?! Because their server's shitty configuration triggers fucking security mechanisms that are built against rogue mailers that attempt to spoof themselves as an internal mailer, with that fucking .local! And they STILL DIDN'T CHANGE IT!!!! Your fucking domain has no issues whatsoever, it's your goddamn fucking mail servers that YOU ASOBIMO FUCKERS SHOULD JUST FIX ALREADY!!! MOTHERFUCKERS!!!!!

So apparently some genius motherfucker managed to allow Androids that are missing or have a bad/inaccurate/busted gyro to run VR apps as long as they have a magnetic sensor (compass) and an accelerometer, using both to spoof the gyro. It requires root, but goddamn is that smart... It's even potentially more accurate than a gyro in quite a few situations, since it uses the compass and can even be used to override the ACTUAL gyro, so if the gyro is busted, drifts like a motherfucker, is inaccurate, etc. it can alleviate the issue!

and google's always like "well this shit is impossible to do" then the community comes along a month later and does it

Everyone here deserves the worst.

No, really, you all deserve those dark juicy stories. So here's why I hate password systems that don't have the user experience in mind.

Recently my university went under a huge update, most of it good, but this is DevRant, so let me tell you what's just the worst.

They asked me to change my password, they do this every month or two. So I did it, but as I clicked "Ok" a wild error appeared! It told me I had to use a password that was not one of the FIFTEEN that I'd used previously...

I tried everything, and despite everything else being poorly programmed, or what not, I thought it would be easy to spoof. Nope. Unfortunately this seems to be the ONE thing they did right. Looks like I'll have to go back to basics. Just add a number on the end of my previous password, up to fifteen, and reset :]

I think this rant needs to turn into an email headed straight to them :)

If I exploit ms server 2012 through a wifi hotspot , but logged in to someone else's account (assume it was sniffed) , and I do it using msfconsole connected to the tor with torify command , also I spoof my mac ,
will I stay 100% anonymous ?
If not , what can be done ?

I've seen things...

It was an internship. They wanted me to spoof the government's digital signature on some online tax-filing documents by reverse engineering the government's application, just because the whole process of recieving authentic signatures would have taken time, and they wanted it _now_

Gotta love the IoT.

They set up a new surveillance camera in the company, that can stream live footage over the network and that little shit picked the IP adress of a coworker one day AFTER being set up.
Hurray for static routing. Hurray to the person who didn't disable DHCP on the router (Should probably configure my PC to use a static IP as well lel)

Anyways, this happened outta nowhere when I, the only guy who knows shit about IT and is usually present at yhe office, wasn't there and could not connect remotely.

The other, remote programmer, who set up the network, could guide the coworker to get a new IP but, he was worried that we got ourselves an intruder.

Since nobody told me yet that we (should) have static routing, I thought there was a mastermind at work who could get into a network without a wifi-access point and spoof the coworker in order to access the some documents.

The adrenaline rush was real 😨

Scanning the network with nmap solved the mystery rather quickly but thought me that I need to set up a secure way to get remote access on the network.

I would appreciate some input on the set up I thought of:
A raspberry Pi connected to a vpn that runs ssh with pw auth disabled and the ssh port moved.
Would set up the vpn in a similar fashion.

This phising email I just received in my yahoo account almost got me fooled with the very convincing email design, but thankfully the culprit didn't smart enough to spoof his email address.
Ohh and they attach a suspicious pdf file too despite the message didn't say anything about attachment.
Apparently the spam detector in yahoo is not very good as this one was received in my main inbox.

Sadly, I’m not a good enough developer to have clever and hacky solutions to anything. In college I did once use Visual Basic to spoof a Novell login screen and steal other students’ passwords and write them to a diskette, which I’d recover after they walked away from the machine. The worst I did to them was log into their messaging and send them messages from themselves. Oh, and I also set up an “underground” web site that the campus sysadmins didn’t discover for a while. I used it to set up a forum where students could sell their used textbooks for better prices than the buy back program at the campus bookstore.

(I'm not completely sure of what I'm saying here, so don't take this too seriously)

Settling on a language to write the api for ranterix is hard.

I'm finding a lot of things about elixir to be insanely good for a stable api.

But I'm having a lot of gripes with the most important elixir web framework, phoenix.

Take a look at this piece of code from the phoenix docs:

defmodule Hello.Repo.Migrations.CreateUsers do
use Ecto.Migration
def change do
create table(:users) do
add :name, :string
add :email, :string add :bio, :string
add :number_of_pets, :integer
timestamps()
end
end
end

Jesus christ, I hate this shit.

Wtf are create, add and timestamps. Add is somehow valid inside the create, how the fuck is that considered good code? What happens if you call timestamps twice? It's all obscure "trust me, it works" code.

It appears to be written by a child.

js may have a million problems. But one thing I like about CJS (require) or ESM (import) is that there's nothing unexplained. You know where the fuck most things come from.

You default export an eatShit() function on one file and import it from another, and what do you get?
The goddamn actual eatShit function.

require is a function the same way toString is a function and it returns whatever the fuck you had exported in the target file.

Meanwhile some dynamic langs are like "oh, I'll just export only some lang construct that i expect you to specify and put that shit in fucking global of the importing file".

Js is about the fucking freedom. It won't decide for you what things will files export, you can export whatever the fuck you want, strings, functions, classes, objects or even nothing at all, thanks to module.exports object or export statement.

And in js, you can spy on anything external, for example with (...args) => debugger; fnToSpyOn(...args)

You can spoof console.log this way to see what the fuck is calling it (note: monkey patching for debugging = GOOD, for actual programming = DOGSHIT)

To be fair though, that is possible because of being a dynamic lang and elixir is kind of a hybrid typed lang, fair enough.

But here's where i drop the shit.

Phoenix takes it one step further by following the braindead ruby style of code and pretty DSLs.

I fucking hate DSLs, I fucking hate abstraction addiction.

Get this, we're not writing fucking poetry here. We're writing programs for machines for them to execute.

Machines are not humans with emotions or creativity, nor feel.

We need some level of abstraction to save time understanding source code, sure.

But there has to be a balance. Languages can be ergonomic for humans, but they also need to be ergonomic for algorithms and machines.

Some of the people that write "beautiful" "zen" code are the folks that think that everyone who doesn't push the pretty code agenda is a code elitist that doesn't want "normal" people to get into programming.

Programming is hard, man, there's no fucking way around it.

Sometimes operating system or even hardware details bleed into code.

DSLs are one easy way to make code really really easy to understand, but also make it really fucking hard to debug or to lose "programming meaning".