Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "total security"
-
A former colleague made an online shopping app. Boss wanted to promote him to Senior Developer when he still working with us.
14 days ago another colleague checked the code and told the boss that it's ready for production. No one asked me because everyone in the company thinks am the stupid developer of them all.
So what happened?
Well the total value of the cart was being over to payment gateway using a hidden field. Well you know the rest of the story.
The client has sued our company for this issue and boss came running to me and asked me to check if it was our fault or something else.
I checked and found the hidden value where the total value of cart was being stored and send over to payment gateway. The following is the conversation between me and the colleague who checked the code:
Me: So you checked the code and everything was okay?
Him: Yes, all good.
Me: Did you see this hidden field where the total value of cart is being passed to the payment gateway?
Him: Yes
Me: Why didn't you fix this?
Him: What's there to fix?
Me: Well someone can temper the value and let it pass to the payment gateway.
Him: No, they can't we are using https
Me: I' am done with you
He has Masters in software engineering and has few security certificates.25 -
Root encounters HR at her new job.
So, I left my job a few weeks ago. I was pretty sad about it, so I didn't want to write anything about it. It was a great place to work, with great managers, decent coworkers, and interesting work. I also had free reign over how I built things, what to improve, etc. Within about four months, I authored over half of the total commits on their backend repo, added a testing suite with 90% coverage, significantly improved the security (more accurately: added security), etc. but I got a job offer that allowed me to work remotely, and make well over six figures (usd). I couldn't turn it down, even though I wanted to. So, I left. I'm still genuinely sad about that. I had emotions and everything. 🙁 I stayed on long enough to finish the last of the features for their new product launch, and make sure everything was stable. I'm welcome back whenever, though they don't want to have remote employees, and I want to move, so. that's probably not going to happen. sigh.
Anyway, I started my new job this week. Rented an office (read: professional closet) and everything! It's been veritable mountains of HR paperwork so far. That's all I've done besides some accounts setup. I've seriously only worked on and completed one ticket so far in two and a half days, and I still have six documents/contracts to sign! (and benefits; that'll probably take my weekend.)
But getting an I9 thing notarized? Apparently I only have three days before I'm legally unemployable by them or something, idk. HR made it sound ridiculously dire and important, and reminded me like five or more times. I figured it was just some notary service; that takes like 10 minutes, right? So I put it off until my second day so I didn't have to disappear in the middle of my first day. Anyway, I called a bunch of notary services on day 2, and apparently only like 5% of them both do notary services this time of year and aren't booked full. And of those, probably another 5% will notarize I9 documents.. No idea why it's rare, but whatever, I'm not a notary.
The HR lady assured me that I didn't need any special documents; I should just go there, present my IDs, and the notary will provide or draft documents for everything else. Totally doesn't sound right, but fine; I'm not a notary nor will I ever work in HR, so I'm not very knowledgeable about this. So, against my better judgement I decided to just go anyway. I called around and finally found a place that wasn't closed, busy, or refusing, and drove over there. Waited. Waited. Waited. Notary lady was super slow in every single action. (I should mention that it's now 10am, and I have a meeting with the Senior VP of Engineering [a stern, stubborn old goat who enjoys making people feel inadequate] at 12:30pm.) The notary lady looks like she's an npc updating in slow motion (maybe at 0.25x speed?) and can't seem to understand what I need. Eventually, she tells me exactly what I had assumed: if there's no document, she can't notarize said document, and she doesn't have an I9 for the company I'm trying to work for. (like, duh.) So I thank her for proving the flow of time is variable, which she ignores in slow motion, and drive back home. It's now about 11.
I message the same HR lady, and the useless wench gawks in surprise and says she's never heard of that ridiculous request before. It took prodding to get her to respond every time, but after some (very slow) back and forth, she says she wants to call the notary personally and ask what they need. I waited around for another response that never came, and eventually just drove to the notary place again to have them notarize the required ID documents. That plus my chat history with HR should be enough to show that I bloody well tried, and HR just shit the bed instead. I finally got them notarized at like 12:10, and totally broke the speed limit the entire way to the office, found the last remaining parking spot, and made it to my office just in time for the meeting. seriously, less than two minutes to spare. Meeting was interesting (mostly about security), but totally made me facepalm, shout "Seriously!? What the hell are you thinking!?" and make slapping motions at some of the people talking. I will probably rant about that next.
But anyway, I'm willing to bet that the useless wench won't get back to me before the notary closes, if at all, and will somehow try to blame it completely on me if I bring it up again. Passive aggressive bitch. She's probably thinking: "If I don't help her with these mandatory legal processes, it'll be her fault she didn't get them done in time. I mean, they're so easy! She's just doing it wrong." I fucking hate HR.13 -
* How other sites charge for a domain name
- The domain (abc.com) is available
---- Price => $14
* How AWS charges
- Your domain (abc.com) is available
--- Domain name => $18.99
--- DNS resolution => $17.88
--- Hosted zone (1) => $10.97
--- Route53 Interface => $45.67
--- Network ACL => $63.90
--- Security Group => $199.78
--- NAT Gateway (1) => $78.99
--- IP linking => $120.89
--- Peer Connection => $67.00
--- Reverve Endpoint => $120.44
--- DNS Propagation => $87.00
--- Egress Gateway => $98.34
--- DNS Queries (1m) => $0.40
--------------------------------
---- TOTAL => $2903.99
(Pay for what you use... learn more)
--------------------------------13 -
Worst WTF dev experience? The login process from hell to a well-fortified dev environment at a client's site.
I assume a noob admin found a list of security tips and just went like "all of the above!".
You boot a Linux VM, necessary to connect to their VPN. Why necessary? Because 1) their VPN is so restrictive it has no internet access 2) the VPN connection prevents *your local PC* from accessing the internet as well. Coworkers have been seen bringing in their private laptops just to be able to google stuff.
So you connect via Cisco AnyConnect proprietary bullshit. A standard VPN client won't work. Their system sends you a one-time key via SMS as your password.
Once on their VPN, you start a remote desktop session to their internal "hopping server", which is a Windows server. After logging in with your Windows user credentials, you start a Windows Remote Desktop session *on that hopping server* to *another* Windows server, where you login with yet another set of Windows user credentials. For all these logins you have 30 seconds, otherwise back to step 1.
On that server you open a browser to access their JIRA, GitLab, etc or SSH into the actual dev machines - which AGAIN need yet another set of credentials.
So in total: VM -> VPN + RDP inside VM -> RDP #2 -> Browser/SSH/... -> Final system to work on
Input lag of one to multiple seconds. It was fucking unusable.
Now, the servers were very disconnect-happy to prevent anything "fishy" going on. Sitting at my desk at my company, connected to my company's wifi, was apparently fishy enough to kick me out every 5 to 20 minutes. And that meant starting from step 1 inside the VM again. So, never forget to plugin your network cable.
There's a special place in hell for this admin. And if there isn't, I'll PERSONALLY make the devil create one. Even now that I'm not even working on this any more.8 -
Customer: «We want all the users belonging to this organization share the same username and password»
[Editor's note: we are talking about 500 users, more or less half of the total in the system]
Customer, after some minutes: «It's very important for us having the web interface using HTTPS, because we care security a lot».
So, please, go fuck yourself. And die.6 -
First company I worked for, built around 40 websites with Drupal 7...in only a year (don't know if it's a lot for today's standards, but I was one guy doing everything). Of course I didn't have the time to keep updating everything and I continually insisted to the boss that we need more people if we are going to expand. Of course he kept telling me to keep working harder and that I "got this". Well, after a year a couple of websites got defaced, you know the usual stuff if you've been around for some time. Felt pretty bad at the time, it was a similar feeling to having your car stolen or something.
Anyways, fast forward about 2 years, started working on another company, and well...this one was on another level. They had a total of around 40 websites, with about 10 of them being Joomla 1.5 installations (Dear Lord have mercy on my soul(the security vulnerabilities from these websites only, were greater than Spiderman's responsibilities)) and the others where WordPress websites, all that ON A SINGLE VPS, I mean, come on... Websites being defaced on the daily, pharma-hacks everywhere, server exploding from malware queing about 90k of spam emails on the outbox, server downtime for maintenance happening almost weekly, hosting company mailing me on the daily about the next malware detection adventure etc. Other than that, the guy that I was replacing, was not giving a single fuck. He was like, "dude it's all good here, everything works just fine and all you have to do is keep the clients happy and shit". Sometimes, I hate myself for being too caring and responsible back then.
I'm still having nightmares of that place. Both that office and that VPS. -
This happened via mail thread today.
Boss: we need this new brilliant feature I just made up and running asap! Top priority, it has to be done well, for my reputation is on the line!
Me: *looks at the specifics* 'kay, looks easy enough, this evening max and it will be ready. I just nees some extra info about what kind of data validations (I speak no accountant) are needed, and some other details (a total of 3 questiona).
B: Sure! Remember, it needs to be perfect, as my reputation is at stake. Call me on the phone and I'll give you the details!
M: Can't you answer via mail? Thua way both me and the other devs will have clewr guidelines
B: Just call me! Why do you need it to be written down? It's faster this way!
...Fine. I'll keep asking until you're ready to give me a written answer to my questions. No way I'll take security details via phone for something you want in production this evening. No chance in Hell I'll take responsibility for "misunderstanding" what you said on the phone. Why does it always has to be like that?8 -
Watch out for these fucking bug bounty idiots.
Some time back I got an email from one shortly after making a website live. Didn't find anything major and just ran a simple tool that can suggest security improvements simply loading the landing page for the site.
Might be useful for some people but not so much for me.
It's the same kind of security tool you can search for, run it and it mostly just checks things like HTTP headers. A harmless surface test. Was nice, polite and didn't demand anything but linked to their profile where you can give them some rep on a system that gamifies security bug hunting.
It's rendering services without being asked like when someone washes your windscreen while stopped at traffic but no demands and no real harm done. Spammed.
I had another one recently though that was a total disgrace.
"I'm a web security Analyst. My Job is to do penetration testing in websites to make them secure."
"While testing your site I found some critical vulnerabilities (bugs) in your site which need to be mitigated."
"If you have a bug bounty program, kindly let me know where I should report those issues."
"Waiting for response."
It immediately stands out that this person is asking for pay before disclosing vulnerabilities but this ends up being stupid on so many other levels.
The second thing that stands out is that he says he's doing a penetration test. This is illegal in most major countries. Even attempting to penetrate a system without consent is illegal.
In many cases if it's trivial or safe no harm no foul but in this case I take a look at what he's sending and he's really trying to hack the site. Sending all kinds of junk data and sending things to try to inject that if they did get through could cause damage or provide sensitive data such as trying SQL injects to get user data.
It doesn't matter the intent it's breaking criminal law and when there's the potential for damages that's serious.
It cannot be understated how unprofessional this is. Irrespective of intent, being a self proclaimed "whitehat" or "ethical hacker" if they test this on a site and some of the commands they sent my way had worked then that would have been a data breach.
These weren't commands to see if something was possible, they were commands to extract data. If some random person from Pakistan extracts sensitive data then that's a breach that has to be reported and disclosed to users with the potential for fines and other consequences.
The sad thing is looking at the logs he's doing it all manually. Copying and pasting extremely specific snippets into all the input boxes of hacked with nothing to do with the stack in use. He can't get that many hits that way.4 -
My first job was actually nontechnical - I was 18 years old and sold premium office furniture for a small store in Munich.
I did code in my free time though (PHP/JS mostly, had a litte browsergame back then - those were the days), so when my boss approached me and asked me whether I liked to take over a coding project, I agreed to the idea.
Little did I know at the time: I was supposed to work with a web agency the boss had contracted to build their online shop. Only that he had no plan or anything, he basically told them "build me an online shop like abc(a major competitor of ours at the time)"
He employed another sales lady who was supposed to manage the shop (that didn't exist yet). In the end, I think 80% of her job was to keep me from killing my boss.
As you can imagine, with this huuuuge amout of planning and these exact visions of what was supposed to be, things went south fast and far. So far that I could visit my fellow flightless birds down in the Penguin's republic of Antarctica and still need to go further.
Well... When my boss started suing the web agency, I was... ahem, asked to take over. Dumb as I was, I did - I was a PHP kid and thought that Magento, being written in PHP, would be easy to master. If you know Magento, you know that was maybe the wrongest thing I ever said.
Fast forward 3 very exhausting months, the thing was online. Not all of it worked yet, but it was online and fairly secure.
I did next to everything myself, administrating the CentOS box the shop was running on, its (own) e-mail server, the web server, all the coding required for the shop (can you spell 12 hour day for 8 hour pay?)
3 further months later, my life basically was a wreck, I dragged myself to work, the only thing I looked forward being the motorcycle ride home. The system worked though.
Mind you, I was still, at the time, working with three major customers, doing deskside support and some admin (Win Server 2008R2 at the time) - because, to quote my boss, "We could not afford a full time developer and we don't need one".
I think i stopped coding in my free time, the one hobby I used to love more than anything on the world, somewhere Decemerish 2012. I dropped out of the open source projects I was in, quit working on my browser game and let everything slide.
I didn't even care to renew the domains and servers for it, I just let it die without notice.
The little free time I had, I spent playing video games and getting drunk/high.
December 2013, 1.5 years on the job, I reached my breaking point and just left, called in sick at least a week per month because I just could not see this fucking place anymore.
I looked for another job outside of ALL of what I did before. No more Magento, no more sales, no more PHP. I didn't have to look for long, despite what I thought of my skills.
In February 2014, I told my boss that I quit. It was still seven months until my new job started, but I wanted him to know early so we could migrate and find a replacement.
The search for said replacement started in June 2014. I had considerably less work in the months before, looks like he got the hint.
In August 2014, my replacement arrived and I got him started.
I found a job, which I am still in, and still happy about after almost half a decade, at a local, medium sized ISP as a software dev and IT security guy. Got a proper training with a certificate and everything now.
My replacement lasted two months, he was external and never really did his job - the site, which until I had quit, had a total of 3 days downtime for 3 YEARS (they were the hoster's fault, not mine), was down for an entire month and he could not even tell why.
HIS followup was kicked after taking two weeks to familiarize himself with the project. Well, I think that two weeks is not even barely enough to familiarize yourself with nearly three years of work, but my boss gave him two days.
In 2016, the shop was replaced with another one. Different shop system, different OS, different CI. I don't know why and I can't say I give a damn.
Almost all the people that worked at the company back with me have left for greener pastures, taking their customers (and revenue) with them.
As for my boss' comments, instructions and lines: THAT might not be safe for work. Or kids. Or humans in general. And there wouldn't be much left if you put it through a language filter...
Moral of the story: No, it's not a bad thing to leave a place if you're mistreated there. Don't mistake loyalty with stupidity!
And, to quote one of my favourite Bands: "Nothing matters when the pain is all but gone" (Tragedy + Time by Rise Against).8 -
I know folks do their best, but come on Apple, this can't be that hard. Bought an IPhone at an estate sale (elderly individual died suddenly, so no one had knowledge of the apple id, passwords, etc) and I've been trying to convince apple to clear the activation lock. (AS = Apple Support)
<after explaining the situation>
AS: "Have you tried putting the phone in recovery mode? That should clear the lock"
Me: "I've already done that. It prompts for the apple id and password, which I don't have"
AS: "You need to talk to the owner and get the information"
Me: "As I explained, I purchased the phone at an estate sale of someone who died. I have the bill of sale, serial number, the box, obituary. What else do you need?"
AS: "Have you tried contacting a family member? They might have have that information."
Me: "The family members at the sale told us this is all they had. This kind of thing has to happen. I can't believe Apple can't clear the activation lock."
AS: "Yes, we can, but I'm very sorry we take security seriously."
Me: "I understand, what do I do now?"
AS: "Did you log out of the phone? Go to settings ..."
Me: "Yes, I tried all those steps before calling. It prompts for the AppleID and password."
AS: "Did you try entering the password?"
Me: "No, I don't have it. I already explained there is no way to know"
AS: "Yes..yes...sorry...I'm just reading the information in front of me. I found something, have you tried submitting a activation lock removal request?"
Me: "Yes, it was denied, didn't tell me why, which is why I'm calling. What about taking this phone to an Apple store? I have all the paperwork."
AS: "Sure, you can try. You might need the death certificate. The family or the coroner will have a copy."
Me: "What!? Apple requires a death certificate to unlock a phone!? I'm pretty sure not even the family is going to give a total stranger a death certificate"
AS: "Sorry sir, I'm just reading what is in front of me. Without that certificate, there is no way to prove the person died. You can try the Apple store, but they will likely require it."
Me: "That's a lot of drama for unlocking a phone. A *phone*"
AS: "Yes sir, I understand. If there anything else we can do let us know and thank you for being an a apple customer."
Next stop, the Apple Store.12 -
So someone decides that the employees need to do these stupid Web-based training's that not even high school kids should be looking into.
What is about ?
Security and Cryptography, and now event the real stuff.
What it covers?
Alice and Bob, Bob and Alice.
Alice wants Bob some pics/messages that she suspects someone else will see. DDDDDDAAAAAAAFFFFFFFAAAAAAAAAKKKKKK
A total of 7 useless time wasting interactive and annoying training's, 20+ min each.
But someone forgot that please do not send this shit to engineers of your company, specially Software/Network engineers. Oh another subset, specially not to those who work deeper into the domain.
I'm getting paid to do this time wasting activity, and still.
I also may come back and remove this BUT FOR NOW I NEED TO RANT.rant alice time_waste boolsheet web_training useless fake_security demotivators bob corporate_crap foo -
Alright lads here is the thing, have not been posting anything other than replies to things cuz I have been busy being miserable at school and dealing with work stuff.
Our manager left us back in February. Because she was leaving I decided that I wanted to try a different path and went on to become a programmer analyst for my institution, if anything I knew that it was going to be pretty boring work, but it came with nice monetary compensation and a foot in the door for other data science related jobs in the future. Thing is, the department head asked me to stay in the web technologies department because we had a lack of people there and hiring is hard as shit, we do not do remote jobs since our work usually requires a level of discretion and security. Thus I have been working in the web tech department since she left albeit with a different title since I aced the interview for the analyst position and the team there were more than happy to have me. I have done very few things for them, some reports here and there and mostly working directly with the DBA in some projects. One migration project would have costed my institution a total of 58k and we managed to save the cost by building the migration software ourselves.....honestly it was a fucking cake walk, if you had any doubts about the shaddyness of enterprise level applications regarding selling overpriced shit with different levels of complexity, keep them, enterprise is shaddy af indeed. But I digress.
I wrote the specification for the manager position along the previous manager, we had decided that the next candidate needed to be strong with development knowledge as well as other things as to properly understand and manage a software team, we made the academic requirement(fuck you, yes we did ask for academic requirements) to be either in the Computer Science/software engineering area or at least on the Business Administration side. We were willing to consider BA holders in exchange for having knowledge of the development process of different products and a complete understanding of what developers go through. NOT ONE SINGLE motherfucker was able to satisfy this, some of them were idiots that I knew from before that had ABSOLUTELY no business even considering applying to the position, the courage it took for some of these assholes to apply would have hurt their mothers, their God if they had one, and their country, they were just that fucking bad in their jobs as well as being overall shit people.
Then we had 1 candidate actually fall through the cracks enough to get an interview. My dude here was lying out of his ass through the interview process. According to him he had "lots of Laravel experience and experience managing Laravel projects" and mentioned repeatedly how it would be a technology that we should consider for our products. I was to interview him alongside the vice president of our institution due to the head of my department and the rest of the managers for I.T being on vacation leave all at the same bloody time.
Backstory before the interview:
Whilst I was going over the interview questions with the vice president literally offered me the job instead. I replied with honesty, reflecting how I did not originally wanted him but feeling that our institution was ready to settle on any candidate due to the lack of potentials. He was happy to do it since apparently both him and the HOD were expecting me to step up sooner or later. I was floored.
Regardless, out of kindness he wanted to go through the interview.
So, going back to the interview. As soon as the person in question referenced the framework I started to ask him about it, just simple questions, the first was "what are your thoughts on the Eloquent ORM? I am not too fond of it and want to know what you as a full time laravel dev think of it"
his reply: "I am sorry I am not too familiar with it, I don't know what that is" <--- I appreciated his honesty in this but thought it funny that someone would say that he was a Laravel developer whilst not knowing what an ORM was since you can't really get away from using it on the initial stages of learning about Laravel, maybe if one wanted to go through the hurdle of switching to something like doctrine...but even then, it was....odd.
So I met with the hod when he came back, he was stoked at the prospect of having me become the manager and I happily accepted the position. It will be hell, but I don't even need to hit the ground running since I have been the face of the department since ages. My team were ecstatic about it since we are all close friends and they have been following my directions without complaints(but the ocational eat a dick puto) for some time, we work well together and we are happy to finally have someone to stop the constant barrage that comes from people taking advantage of a missing manager.
Its gonna get good, its gonna get fun, and i am getting to see how shit goes.7 -
I find it hilarious the total misconception of hacking that the general public has. I tell people I know cyber security (Not as much as a lot of people around here) but it is a hobby of mine and I find it very useful/interesting.
But I can't stop but laugh when someone is like, can you get all the text messages my bf receives?
Can you hack this for me can you back that?
C'mon even if I knew how to do that without being caught you think I would even admit that to you. Do hackers just walk around with an index card pasted to their forehead of their skill? It's not even slightly reasonable to think this lol even for someone who doesn't know about the field -
what kind of dumb fuck you have to be to get the react js dev job in company that has agile processes if you hate the JS all the way along with refusing to invest your time to learn about shit you are supposed to do and let's add total lack of understanding how things work, specifically giving zero fucks about agile and mocking it on every occasion and asking stupid questions that are answered in first 5 minutes of reading any blog post about intro to agile processes? Is it to annoy the shit out of others?
On top of that trying to reinvent the wheels for every friggin task with some totally unrelated tech or stack that is not used in the company you work for?
and solution is always half-assed and I always find flaw in it by just looking at it as there are tons of battle-tested solutions or patterns that are better by 100 miles regarding ease of use, security and optimization.
classic php/mysql backend issues - "ooh, the java has garbage collector" - i don't give a fuck about java at this company, give me friggin php solution - 'ooh, that issue in python/haskel/C#/LUA/basically any other prog language is resolved totally different and it looks better!' - well it seems that he knows everything besides php!
Yeah we will change all the fucking tech we use in this huge ass app because your inability to learn to focus on the friggin problem in the friggin language you got the job for.
Guy works with react, asked about thoughts on react - 'i hope it cease to exists along with whole JS ecosystem as soon as possible, because JS is weird'. Great, why did you fucking applied for the job in the first place if it pushes all of your wrong buttons!
Fucking rockstar/ninja developers! (and I don't mean on actual 'rockstar' language devs).
Also constantly talks about game development and we are developing web-related suite of apps, so why the fuck did you even applied? why?
I just hate that attitude of mocking everything and everyone along with the 'god complex' without really contributing with any constructive feedback combined with half-assed doing something that someone before him already mastered and on top of that pretending that is on the same level, but mainly acting as at least 2 levels above, alas in reality just produces bolognese that everybody has to clean up later.
When someone gives constructive feedback with lenghty argument why and how that solution is wrong on so many levels, pulls the 'well, i'm still learning that' card.
If I as code monkey can learn something in 2 friggin days including good practices and most of crazy intricacies about that new thing, you as a programmer god should be able to learn it in 2 fucking hours!
Fucking arrogant pricks!8 -
Right.. I spent the hours leading up to the year change by adding a YouTube to MP3 downloader into my Telegram bot. After a bit of fiddling it turned out okay, and the commit for it was mentioned to the last for the year 2020.
I mentioned this in one of my chats, and users came in with more issues. Told them it's the last commit for the year and I'll keep myself to it. I did adjust the code a bit though to fix those issues, awaiting a commit after midnight.
Midnight passes and 2020 turns into 2021.
I commit the new features, and quickly implemented another one I already thought of as well, but needed its own commit.
Quickly afterwards it turns out that the /mp3 feature actually breaks the bot somewhat, especially on long tracks. Users add a slew of 10h songs into what essentially became a long queue of single-threaded bot action (or rather lack thereof).
I made the /mp3 command accessible to myself only like I did with some other administrative commands already. Still no dice, the bot rejected the commands but executed part of the /mp3 command anyway.
I look a bit further into the code and it turns out that while I was restructuring some functions, I forgot to make the admin() function exit the script after it sends the rejection onwards. This was a serious security issue and meant that all authentication was void. Fortunately the chat did not realize this - one of the commands that became available as a result was literally a terminal on the bot's system.
I fix the issue in 7 commits after midnight total, 3 of which were related to /mp3 and admin(). We're now 1 hour after midnight.
Happy New Year everyone... :')6 -
I don't know the current total number of daily active users and rants counts on devRant. But maybe it would be nice to have a group tagged/mentioned feature. Or something similar. Or subscription to a tag?
Like for example, when it comes to security and privacy and google-free-life all of us usually mentioned linuxxx and the gang. When it comes to server, if I'm not wrong Linux and electrical hardwares for Condor, etc.
But there might be (should be) other who should be mentioned and who would want to get mentioned as well.
Might be fun as well. All those Raven and clans can communicate easily with such feature.
Thoughts anyone? If I got positive responses here, I'll open a feature request on GitHub 🤔31 -
I've been working on the ecommerce website from hell for over a year now. I should have heard the alarm bells when the studio who were running the project took a month to pay my deposit but still expected me to start working, but I explained that I wouldn't start without some form of security and they were cool with it, so I carried on.
It started off as a simple build with simple products, no product variations etc and a few links on the designs which appeared to lead to external links, and checkout and cart pages were nowhere to be seen. It wasn't a big money job so I just build them in as plain and straightforward as I could, in line with how the rest of the site looked. They then changed their mind about how they wanted these to look, and added loads of functionality to the site throughout the build, so by the end of the line, the scope of work had completely changed. I also had loads of disagreements in terms of design and useability, as their designs straight-up weren't going to function otherwise, plus every round of changes meant that I had to prolong the job further and fit it around work for other clients.
Fastforward a few more months and I get sent a really angry email with some of the client's complaints, including one that raised an issue with the user journey, and the finger of blame was pointed at me. The user journey had been a part of the designs from the start, and this was never raised as an issue for A WHOLE YEAR. They then said that it had to go live on Monday (three days after they sent email with these huge new structural changes). I told them I could no longer work on the project but was happy to waive the rest of my fee (3/4 of the total fee, when I had essentially completed the site, minus 2 minor bugs), so they could find another developer in the limited time they had. At first they refused to hire another developer, claiming that it would be too expensive, which made no sense, as for a few minor fixes and out of scope additions he could get paid a wage that would have otherwise paid for the majority of the work I had done on the site. I stood my ground and finally they found someone, so I sent over all of the files and database to their new developer and asked him to give me a heads up when I could remove the staging site from my server. The next day, I received an email from the studio asking me to fix some bugs the developer was requesting I fix so he could carry on with the site. They were basically asking me to work more, for free, to enable him to walk off with the majority of the money and do less work. They also forwarded a suuuuuper shitty, condescending email from him, listing all the things he thought was wrong with the site (he even listed 'no favicon' although they'd never supplied a graphic for this). He also wrote a paragraph at the bottom EXPLAINING MY JOB TO ME and telling me:
I get the feeling you like to write Javascript, while being one of the easiest languages to learn, it can also be one of the hardest to master. While I applaud you for writing Vanilla JS, it looks like you have a general problem with structuring your application.
Not sure if I'm being oversensitive here but it felt so patronising, and i couldn't even go for an angry walk to get it out my system because of social distancing lol.
Let a girl quarantine in peace!!!!!!2 -
1. As i was freelancing on upwork some company contacted me and said my CV looks interesting and they gave me a link from their site to download a .rar file with details about their company and dev positions
2. Ok i open the link and the whole site is just blank page with 1 single button: "Download 5.8 mb"
3. Thought to myself: who the fuck has this low quality site of a company, shitty as fuck and as if its built in the 90s. But ok
4. About 2 days later they got banned on upwork and we cant chat anymore. I send this .rar file to virus total and 7 anti virus softwares scanned a trojan + 14 security vendors flagged the rar as malicious malware
Are you FUCKING kidding me? This is the type of bullshit I'm expecting to see in web3 world. Who the FUCK comes on upwork to infect ENGINEERS?? Are you FUCKING KIDDING ME? I'll publish their data right now:
Link:
https://hsatrack.com/files/...
Password: 49-49Zb2
Their site:
https://hsatrack.com/
Honestly if i opened this fucking home page site first i would have smelled a virus miles away. But i just didnt expect a fucking virus AT ALL on UPWORK. Never happened to me before. This is the type of criminal fraud malware shit i expect AND SEE DAILY on WEB3 -- WHO TF DOES IT IN WEB2 IN 2023?? I'LL FUCK THIS CEO'S LIFE UPSIDE DOWN 180 RIGHT NOW2 -
So while exploring some new ideas, I decided to figure out if I could use variables in the known set to determine the bounds of variables in the unknown set.
The variables in question are algebraic identities derived from the semiprimes, so you already know where this is going.
The existing known set is 1194 identities.
And there are, if I recall, roughly two dozen unknowns.
Many knowns have the unknowns as their factors. The d4 product set for example is composed of variables d4a, d4u, d4z, d4z9, d4z4, d4alpha, d4theta, d4omega, etc.
The component variables themselves are unknown, just their products are known. Anyway.
What I've found interesting is if you know the minimum of some of these subsets, for example d4z is smallest out of the d4's for some semiprimes, then you know the upperbound of both the component variables d4 and z.
Unless of course either of them is < 1.
So the order of these variables, based on value, changes depending on the properties of the semiprime, which I won't get into. Most of the time the order change is minor, but for some variables they can vary a lot between semiprimes, rapidly shifting their rank in the known set. This makes it hard to do anything with them.
And what I found myself asking, over and over again, was if there was a way to lock them down? Think of it like a giant switch board, where flipping one switch lights up N number of others, apparently at random. But flipping some other switch completely alters how that first switch works and what lights it seemingly interacts with. And you have a board of them thats 1194^2 in total. So what do you do?
I'd had a similar notion a while back, where I would measure relative value in the known set, among a bunch of variables, assign a letter if the conditions were present, and generate a string, called a "haplotype."
It was hap hazard and I wrote a lot of code to do filtering, sorting, and set manipulation to find sets of elements in common, unique elements, etc. But the 'type' strings, a jumble of random letters, were only useful say, forty percent of the time. For example if a semiprime had a particular type starting with a certain series of letters, 40% of the time a certain known variable was guaranteed to be above a certain variable from the unknown set...40%~ of the time.
It was a lost cause it seemed.
But I returned to the idea recently and revamped the entire notion.
Instead what I would approach it from a more complete angle.
I'd take two known variables J and K, one would be called the indicator, and the other would be the 'target'.
Two other variables would be the 'component' variables (an element taken from the unknown set), and the constraint variable (could be from either the known or unknown set).
The idea was that relationships between the KNOWN variables (an indicator and a target variable) could be used to indicate the rank relationship between the unknown component variable and the constraint variable.
You'd think this wouldn't work either, but my intuition was there were so many seemingly 'random' rank changes of variables in the known set for any two semiprimes, that 1. no two semiprimes ever shared the same order for every variable, and 2. the order of the known variables had to be leaking information about the relationships of the unknown variables.
It turns out my intuition was correct.
Imagine you are picking a lock, and by knowing the order and position of the first two pins, you are able to deduce the relative position of two pins further back that you can't reach because of the locks security features. It doesn't let you unlock the lock directly, but by knowing this, if you can get past the lock's security features, you have a chance of using information about the third pin to get a better, if incomplete, understanding about the boundary position of the last pin.
I would initiate a big scoring list, one for each known element or identity. And then I would check it in tandem like so:
if component > constraint and indicator > target:
indicator[j]+= 1
This is a simplication, but the idea was to score ALL such combination of relationship, whether the indicator was greater than the target at the same time a component was greater than a constraint, or the opposite.
This worked out to four if checks and four separate score lists.
And by subtracting one scorelist from another, I could check for variables that were a bad fit: they'd have equal probability of scoring for example, where they were greater than the target one time, and then lesser than it for another semiprime.
So for any given relationship, greater or lesser between any unknown variable and constraint variable, I could find any indicator variable and target variable whose relationship strongly correlated to the unknown's.18 -
#RANT_AHEAD
Almost everyone nowadays uses a PC, Laptop, Smartphone but sadly not even 60% of the total potential of the hardware is being used.
.
And no - you don't require custom cooling to use the whole 100% of the total potential, stock cooling is more than enough.
.
IRL "programmers" these days don't do any fscking effort to optimise their code and give it all up as some kinda shitty "hot patch" - code of their looks disturbing with no security features + optimisation. (wAnBlOwS products remain an example)
.
Even when you're using python you can push your project to limits. Instead of shoving face-size ASCII banners why don't chaps stress test their projects? Oh I forgot the community runs on show-offs and CVs ...
.
Note to Self : Optimisation is the key to integrate Technology with Nature.2 -
INFO/WARNING: Some HP audio drivers for certain HP laptops have "integrated keyloggers" enabled. The audio driver would log your keystrokes to look for special keys and saves them to a public folder on your PC (Windows).
I really wonder what kind of total retards decide to implenent features in this way.
https://bleepingcomputer.com/news/... -
Just caught my free antivirus software doing advertisement for another antivirus. I mean like making myself obsolete just because I'm getting the money for it? xD
-
I'm learning Kotlin while trying out Android Things and that sparked my interest in learning more about Java platform again. I tripped upon the news that Oracle had change their commercial plans for the platform by going with the rolling release model and limiting LTS releases for paying customers.
Java SE 8 was one of those former LTS releases that was on my computer, leaving me vulnerable, despite that version still being the most compatible with many applications, and that's been on my computer well passed the date they cut off public support. And I'm, like, "WTF!?"
Luckily this is when open source shines at it's brightest. Both the home brew and corporations, such as Amazon and IBM, alike - mostly the latter - both agreed to create their own LTS releases using the OpenJDK code and all disturbing to the public FOR FREE with no strings attached and the sources opened. I'm sure Richard Stallman is smiling with glee.
It isn't a total finger towards Oracle. Java SE is based on OpenJDK with no difference between the two anymore aside from loss of LTS support from the public - that's it. So Oracle still benefits despite the retaliation. Probably?
Did Oracle learn nothing from OpenOffice? If the point was to get users to pay for security then they've failed in the long run because Java is open source. People have used that fact to create their own free distributions that bypass their paywall, making the need to go through Oracle pointless. And I'm glad. Open source aside, security is a big issue these days and the last thing people need is yet another thing to subscribe too.1 -
Once again the department head fucks up my degree plan!
I'm getting my associates degree in Cyber Security. So we have to take networking courses and what not. So my institution recently became a Cisco certified teaching establishment or something along the lines of that.
The department head said that everyone who was enrolled in classes before the upcoming fall semester would have to take the new Cisco networking classes and not switch to the new degree plan. (We would take 3 Cisco classes instead of the new degree plan which is 5 or 6) so we planned and register for those classes.
Now he comes back and says we don't have to take those new classes. So it just fucks up the whole shit.
Switching to the new degree plan would add like 3 semesters to my total semester count and I'm supposed to graduate. August 2018
Fuck this new shit. Even tho I need Cisco.
I plan on taking The Cisco classes after I graduate with my associates degree while I'm going to a university for a dual degree in Software Engineering and Cyber Security