Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Just called Asus for a problem with my router, went to send them my systemlog.txt for analysis
"Oh we don't have an email you can send that to"
Me: "(me calling bullshit) let me talk to the tech team.."
*Get transferred*
"Hello this is the supervisor"
Me: "fml"
"Ya we don't have an email you can send that to, but we can use a different departments verification services to get a file from you, has to be a picture though"
Me: "What? I got a .txt file here, I just want to get it to you, does it really have to be a picture?"
"Has to be a picture or a PDF, we can't take txt files"
Me: "fkin.. srsly? Fine"
I can't believe Asus's system srsly. I think it's for virus protection, but viruses can be embedded in both picture formats and PDF, but not in txt. So wtf is going on lol15 -
Our website once had it’s config file (“old” .cgi app) open and available if you knew the file name. It was ‘obfuscated’ with the file name “Name of the cgi executable”.txt. So browsing, browsing.cgi, config file was browsing.txt.
After discovering the sql server admin password in plain text and reporting it to the VP, he called a meeting.
VP: “I have a report that you are storing the server admin password in plain text.”
WebMgr: “No, that is not correct.”
Me: “Um, yes it is, or we wouldn’t be here.”
WebMgr: “It’s not a network server administrator, it’s SQL Server’s SA account. Completely secure since that login has no access to the network.”
<VP looks over at me>
VP: “Oh..I was not told *that* detail.”
Me: “Um, that doesn’t matter, we shouldn’t have any login password in plain text, anywhere. Besides, the SA account has full access to the entire database. Someone could drop tables, get customer data, even access credit card data.”
WebMgr: “You are blowing all this out of proportion. There is no way anyone could do that.”
Me: “Uh, two weeks ago I discovered the catalog page was sending raw SQL from javascript. All anyone had to do was inject a semicolon and add whatever they wanted.”
WebMgr: “Who would do that? They would have to know a lot about our systems in order to do any real damage.”
VP: “Yes, it would have to be someone in our department looking to do some damage.”
<both the VP and WebMgr look at me>
Me: “Open your browser and search on SQL Injection.”
<VP searches on SQL Injection..few seconds pass>
VP: “Oh my, this is disturbing. I did not know SQL injection was such a problem. I want all SQL removed from javascript and passwords removed from the text files.”
WebMgr: “Our team is already removing the SQL, but our apps need to read the SQL server login and password from a config file. I don’t know why this is such a big deal. The file is read-only and protected by IIS. You can’t even read it from a browser.”
VP: “Well, if it’s secured, I suppose it is OK.”
Me: “Open your browser and navigate to … browse.txt”
VP: “Oh my, there it is.”
WebMgr: “You can only see it because your laptop had administrative privileges. Anyone outside our network cannot access the file.”
VP: “OK, that makes sense. As long as IIS is securing the file …”
Me: “No..no..no.. I can’t believe this. The screen shot I sent yesterday was from my home laptop showing the file is publicly available.”
WebMgr: “But you are probably an admin on the laptop.”
<couple of awkward seconds of silence…then the light comes on>
VP: “OK, I’m stopping this meeting. I want all admin users and passwords removed from the site by the end of the day.”
Took a little longer than a day, but after reviewing what the web team changed:
- They did remove the SQL Server SA account, but replaced it with another account with full admin privileges.
- Replaced the “App Name”.txt with centrally located config file at C:\Inetpub\wwwroot\config.txt (hard-coded in the app)
When I brought this up again with my manager..
Mgr: “Yea, I know, it sucks. WebMgr showed the VP the config file was not accessible by the web site and it wasn’t using the SA password. He was satisfied by that. Web site is looking to beat projections again by 15%, so WebMgr told the other VPs that another disruption from a developer could jeopardize the quarterly numbers. I’d keep my head down for a while.”8 -
Buckle up kids, this one gets saucy.
At work, we have a stress test machine that trests tensile, puncture and breaking strength for different materials used (wood construction). It had a controller software update that was supposed to be installed. I was called into the office because the folks there were unable to install it, they told me the executable just crashed, and wanted me to take a look as I am the most tech-savvy person there.
I go to the computer and open up the firmware download folder. I see a couple folders, some random VBScript file, and Installation.txt. I open the TXT, and find the first round of bullshit.
"Do not run the installer executable directly as it will not work. Run install.vbs instead."
Now, excuse me for a moment, but what kind of dick-cheese-sniffing cockmonger has end users run VBScript files to install something in 2018?! Shame I didn't think of opening it up and examining it for myself to find out what that piece of boiled dogshit did.
I suspend my cringe and run it, and lo and behold, it installs. I open the program and am faced with entering a license key. I'm given the key by the folks at the office, but quickly conclude no ways of entering it work. I reboot the program and there is an autofilled key I didn't notice previously. Whatever, I think, and hit OK.
The program starts fine, and I try with the login they had previously used. Now it doesn't work for some reason. I try it several times to no avail. Then I check the network inspector and notice that when I hit login, no network activity happens in the program, so I conclude the check must be local against some database.
I browse to the program installation directory for clues. Then I see a folder called "Databases".
"This can't be this easy", I think to myself, expecting to find some kind of JSON or something inside that I can crawl for clues. I open the folder and find something much worse. Oh, so much worse.
I find <SOFTWARE NAME>.accdb in the folder. At this point cold sweat is already running down my back at the sheer thought of using Microsoft Access for any program, but curiosity takes over and I open it anyway.
I find the database for the entire program inside. I also notice at this point that I have read/write access to the database, another thing that sent my alarm bells ringing like St. Pauls cathedral. Then I notice a table called "tUser" in the left panel.
Fearing the worst, I click over and find... And you knew it was coming...
Usernames and passwords in plain text.
Not only that, they're all in the format "admin - admin", "user - user", "tester - tester".
I suspend my will to die, login to the program and re-add the account they used previously. I leave the office and inform the peeps that the program works as intended again.
I wish I was making this shit up, but I really am not. What is the fucking point of having a login system at all when your users can just open the database with a program that nowadays comes bundled with every Windows install and easily read the logins? It's not even like the data structure is confusing like minified JSON or something, it's literally a spreadsheet in a program that a trained monkey could read.
God bless them and Satan condemn the developers of this fuckawful program.8 -
Once, at school, last year, we had to present a C# project that, upon clicking a button, took words from a .txt file and showed them in an alphabetical listBox...
Since the file they gave us was so long that we had to wait a minute or so to get the listBox full, I implemented a progressBar which popped up on the button, and upon clicking it, the progressBar advanced for every word it loaded, until, upon finishing, it would have disappear leaving again the button, and the listBox would have been loaded.
Apparently, this choice alone – even if it had next to nothing to do with the exercise – was enough to give me a solid 9 out of 10, because our professors never explained us about progressBars and I used that completely on my own... I tend to do things like this in class, where I explore what my tools could give me.
So long story short, I ended up having the best vote in class for that, and I was so happy and motivated :D
Moral of the story: if you can, always try to learn something new about your tools and your programming language, on your own, because apparently it gives you advantage towards others, at least in school. Or even if you're not in school, it could still be something cool to learn that might be helpful in the future, for your projects or your job's projects.
The more you know, the better!9 -
So a few years ago when I was getting started with programming, I had this idea to create "Steam but for mods". And just think about it - 13 and a half years old me which knew C# not even for a half of a year wanted to create a fairly sizable project. I wasn't even sure how while () or foreach () loops worked back in the day.
So I've made a post on a polish F1 Challenge '99-'02 game forum about this thing. The guy reached out to me and said: "Hey, I could help you out". This is where all started.
I've got in touch with him via Gadu-Gadu (a polish equivalent of ICQ). So I've sent him the source code... Packed in .ZIP file... By Zippyshare… And just think how BAD this code was. Like for instance, to save games data which you were adding they were stored in text files. The game name was stored in one .txt file. The directory in another. The .exe file name in yet another and so on. Back then I thought that was perfectly fine! I couldn't even make the game to start via this program, because I didn't know about Working Directory).
The guy didn't reply to me anymore.
Of course back then it wasn't embarrassing to me at all, but now when I think about it... -
I hoped I would write about other things than EU internet regulation... But I hoped wrong.
The new online antiterror regulation is flawed, too.
What will the new regulation change?
The EU plans stricter anti terror laws for online platforms. In a nutshell, reported terroristic content has to be removed in <1 hour> after reporting. While automated filters are not required (the EVP party and the EU commission wanted those, but couldn't get a majority in the perliament), but it is unclear how to fulfill the regulation without.
What is the current progress of the regulation?
The EU parliament approved the draft, the trialogue will begin after election. The parliament has to approve the final trialogue result again and might reject it then. The characteristics of the regulation might change, too.
Who (platforms) will be affected?
All platforms, "offering servicd in the EU, independent of their business address" (free translation from German).
Will there be exceptions (e.g. for smaller or non commercial platforms)?
No.
At the very first report, the platform will have 12h time.
What are the consequences of not following?
Regularly breaking the law _constantly_, up to 4%/of the total yearly revenue.
Sources?
- The "fact sheet" of last year (upload filters were still a requirement): https://ec.europa.eu/commission/...
- The law proposal itself (also outdated): https://eur-lex.europa.eu/legal-con...
- Proposed changes by the EU parliament (I'm not sure which ones were approved): http://europarl.europa.eu/doceo/...
- German news article: https://golem.de/news/...2 -
So, a new web project came for some small layout changes, nothing to fancy.
It was on the hands of another company and the client didn't want to work with them anymore. Basic Magento with a custom theme.
As I was wondering through files, I found out that the old devs echoed, in ".phtml" files, contents from ".txt" files located in base directory. I was shocked and went forward with it. The core of Magento had tons of this "echo"s. Several minutes later I found out that they "coded" another administration panel besides Magento, that had "authentication" with hard-coded user/pass inside index.php and a session start. That admin panel just rewrote the contents of .txt files using textareas. Why/what/when the fuck..they've forgotten the admin password?!?!!!!
This was like 3-4 years ago.
Worst project i've seen, ever... -
A Bible app for Android called Tour the Bible. It uses the Google maps API to put a pin in each location as you read so you can follow along and virtually "tour" the Bible.
I had a basic version built but then I switched to Kotlin then I pretty much completely rewrote it to use an api for the Bible content instead of plain .txt files. I still try to work on it in my spare time but with a family, full time job, full time school and part time freelancing I don't get much spare time.2 -
Anyone else have 100 .txt files on the computer called note(54).txt? Or TODO(32).txt? Yeah... Someday I will compress them into one so I don't miss something important for work. Why don't we have issue tracking?!?!5
-
I find interesting article on the internet but can't / don't want to see it right now so i save it in a .txt file with a random name. I never look at it again and, a week later, i delete all txt files cause desktop looks cluttered.
Is this stupid?8 -
9000 internet cookie points to whoever figures out this shit:
I'm trying to import a secret gpg key into my keyring.
If I run "gpg2 --import secring.gpg" and manually type each possible password that I can think of, the import fails. So far, nothing unusual.
HOWEVER
If I type the same passwords into a file and run:
echo pwfile.txt | gpg2 --batch --import secring.gpg
IT ACTUALLY FUCKING WORKS
What the fuck??? How can it be that whenever I type the pw manually it fails, but when I import it from a file it works??
And no, it's not typos: I could type those passwords blindfolded from muscle memory alone, and still get them right 99% of the time. And I'm definitely not blindfolded right now.
BUT WAIT, THERE'S MORE!!
Suppose my pwfile.txt looks something like this:
password1
password2
password3
password4
password5
password6
Now, I'm trying to narrow it down and figure out which one is the right password, so I'm gonna split the file in two parts and see which one succeds. Easy, right?
$ cat pw1.txt
password1
password2
password3
$ cat pw2.txt
password4
password5
password6
$ echo pw1.txt | gpg2 --batch --import secring.gpg
gpg: key 149C7ED3: secret key imported
$ gpg2 --delete-secret-key "149C7ED3"
[confirm deletion]
$ echo pw2.txt | gpg2 --batch --import secring.gpg
gpg: key 149C7ED3: secret key imported
In other words, both files successfully managed to import the secret key, but there are no passwords in common between the two!!
Am I going retarded, or is there something really wrong here? WTF!4 -
At age of 14 me and my friend started writing browser based game.. It was written using php(no DB, as .txt files where our DB) after that I started writing silly little web applications. I have never learned it in uni or any other place...2
-
When I was on my first internship, I started developing an Android app, while my friend developed a C# program that read a .txt with info and references from a mail service (in my country it's CTT).
The damn .txt files got really really big, na she had to display all of the data in a listbox (it was a PoC) and when he pressed the item, it had to fill some fields at the left of the listbox.
Needless to say, he didn't learn of multi-threading yet, and I had, so I taught him how to multithread so the app wouldn't lock up while loading the massive .txt file.
The listbox filling made a cool animation (like CMD executing commands from a bat file) and we even implemented a progressbar.
I felt like a badass Dev after that. -
Client´s software exports files that have .txt-extension. IN ALL CAPS. And all the other crap concerning their imports/exports, not even going there. I want someone to be held responsible.
Well, this day and then 2 week vacation! -
Fuck encoding and fuck PHP!!!
I'm programming a little vocab trainer to get used to php and MySQL. From an old VB vocab trainer I had ca. 2000 txt-files with words and converted them to sql-queries with a simple python script. When SELECTING words with special characters they become encoded properly. But if I UPDATE words their encoding is just fucked up... The table is utf-8 encoded all the columns are utf-8 encoded. The php mysqli connection is utf-8 encoded. My HTML header is utf-8... WTF? -
I'm working as a cnc operator. I've ask for some txt files, cos I wanted to write a small help to the job management. He said it's ok, but he can't gove me the files, cos there is some problem with the system, he'll have to call the IT department. When he clicked to the file, notepad popped up instead of wordpad and it messed up the outlook of the text. So when I've changed the default applicaton to all txt files to wordpad, he looked at me like I would be Mr. Robot...
-
I've over 17GB of data, downloaded a website, al of the content is .txt and .html.
I want to search inside all of these files.
What is the best tool to do that? any command or some software which can index so it'll be fast?17
Top Tags
Weekly Rant
View