JUST IN: Client wants to give me 25 character, mixed case password over the phone because the internet is UNSAFE

Thank you, Chrome, for telling me that it is unsafe to proceed to localhost. I was unaware that I was trying to steal my own information

I curb procrastination by throwing in a random "sudo rm -rf --no-preserve-root /" to my test cases to see if I have unsafe evals. It's like Russian Roulette every test.

!security

(Less a rant; more just annoyance)

The codebase at work has a public-facing admin login page. It isn't linked anywhere, so you must know the url to log in. It doesn't rate-limit you, or prevent attempts after `n` failures.

The passwords aren't stored in cleartext, thankfully. But reality isn't too much better: they're salted with an arbitrary string and MD5'd. The salt is pretty easy to guess. It's literally the company name + "Admin" 🙄

Admin passwords are also stored (hashed) in the seeds.rb file; fortunately on a private repo. (Depressingly, the database creds are stored in plain text in their own config file, but that's another project for another day.)

I'm going to rip out all of the authentication cruft and replace it with a proper bcrypt approach, temporary lockouts, rate limiting, and maybe with some clientside hashing, too, for added transport security.

But it's friday, so I must unfortunately wait. :<

My friend called me and told me "My I.T teacher said I.E is the safest browser.". I began sighing then he continued on "He said Firefox, the Chromium project and other open source browsers are all unsafe. Because Open Source = More Vulnerabilities".

I only replied with this sentence.
"tell your teacher to eat a dick."

Can someone explain to me why the fuck I should even care about the fact, that some companies collect, use and sell my data? I'm not famous, I'm not a politician and I'm not a criminal, I think most of us aren't and won't ever be. We aren't important. So what is this whole bullshittery all about? I seriously don't get it and I find it somewhat weird that especially tech guys and IT "experts" in the media constantly just make up these overly creepy scenarios about big unsafe data collecting companies "stealing" your "private" information. Welcome to the internet, now get the fuck over it or just don't be online. It's your choice, not their's.

I honestly think, some of these "security" companies and "experts" are just making this whole thing bigger than it actually is, because it's a damn good selling point. You can tell people that your app is safe and they'll believe you and buy your shit app because they don't understand and don't care what "safe" or "unsafe" means in this context. They just want to be secure against these "evil monster" companies. The same companies, which you portrayed them as "evil" and "unfair" and "mean" and "unrepentant" for over a decade now.

Just stop it now. All your crappy new "secure" messenger apps have failed awesomely. Delete your life now, please. This isn't about net neutrality or safety on the internet. This is all about you, permanently exaggerating about security and permanently training people to be introverted paranoid egoistic shit people so that they buy your elitist bullshit software.

Sorry for my low english skills, but please stop to exist, thank you.

Learning Python after starting with C# is proving difficult...
Where are my brackets and semi-colons?! I feel so unsafe.

not wearing a black hoody, gloves, 3 holed ski mask while programmming.

I was told by my manager that I (the guy hired to be the lead developer on this project) was not a developer I was a designer and that writing php instead of using a knockoff version of dreamweever to drag and drop all of the items was an "unsecure and unsafe practice". He screamed at me for another 30 mins over this and then sent me on my way and laid me off a week and a half later after I finished the project because "we can't afford you" I was doing ITS, network and service installs, security, and web development for $10.00 an hour. #stupidboss

So I have too many posts for wk110. It's sad. Here we go. I got a bad grade on an assignment for a hello world program in college. How do you write a hello world program that successfully prints hello world and not get 100 percent?

The teacher insisted that we write a console "hello world" program in C++, on windows. If he can't read hello world, you fail. So you must add `system("pause")` at the end so the window stays open. One problem: system() is horribly insecure and im stubborn. I refused to write exactly what he wanted, like everyone else did, because I try to not write code I know is unsafe. So I ended my script with cin.get() which also pauses for input. Unlike pause however it can't be any key, it reads a line, so you must hit enter. This was "unfavorable behavior" and ultimately I got something like a high C, low B grade. Only person to not get 100%

So Microsoft edge now suspects chrome is unsafe??

When your college blocks the Windows start button because it's deemed "unsafe" FML

I propose that the study of Rust and therefore the application of said programming language and all of the technology that compromises it should be made because the language is actually really fucking good. Reading and studying how it manages to manipulate and otherwise use memory without a garbage collector is something to be admired, illuminating in its own accord.

BUT going for it because it is a "beTter C++" should not constitute a basis for it's study.

Let me expand through anecdotal evidence, which is really not to be taken seriously, but at the same time what I am using for my reasoning behind this, please feel free to correct me if I am wrong, for I am a software engineer yes, I do have academic training through a B.S in Computer Science yes, BUT my professional life has been solely dedicated to web development, which admittedly I do not go on about technical details of it with you all because: I am not allowed to(1) and (2)it is better for me to bitch and shit over other petty development related details.

Anecdotal and otherwise non statistically supported evidence: I have seen many motherfuckers doing shit in both C and C++ that ADMIT not covering their mistakes through the use of a debugger. Mostly because (A) using a debugger and proper IDE is for pendejos and debugging is for putos GDB is too hard and the VS IDE is waaaaaa "I onlLy NeeD Vim" and (B) "If an error would have registered then it would not have compiled no?", thus giving me the idea that the most common occurrences of issues through the use of the C father/son languages come from user error, non formal training in the language and a nice cusp of "fuck it it runs" while leaving all sorts of issues that come from manipulating the realm of the Gods "memory".
EVERY manual, book, coming all the way back to the K&C book talks about memory and the way in which developers of these 2 languages are able to manipulate and work on it. EVERY new standard of the ISO implementation of these languages deals, through community effort or standard documentation about the new items excised through features concerning MODERN (meaning, no, the shit you learned 20 years ago won't fucking cut it) will not cut it.

THUS if your ass is not constantly checking what the scalpel of electrical/circuitry/computational representation of algorithms CONDONES in what you are doing then YOU are the fucking problem.

Rust is thus no different from the original ideas of the developers behind Go when stating that their developers are not efficient enough to deal with X language, Rust protects you, because it knows that you are a fucking moron, so the compiler, advanced, and well made as it is, will give you warnings of your own idiotic tendencies, which would not have been required have you not been.....well....a fucking idiot.

Rust is a good language, but I feel one that came out from the necessity of people writing system level software as a bunch of fucking morons.
This speaks a lot more of our academic endeavors and current documentation than anything else. But to me DEALING with the idea of adapting Rust as a better C++ should come from a different point of view.

Do I agree with Linus's point of view of C++? fuck no, I do not, he is a kernel engineer, a damn good one at that regardless of what Dr. Tanenbaum believes(ed) but not everyone writes kernels, and sometimes that everyone requires OOP and additions to the language that they use. Else I would be a fucking moron for dabbling in the dictionary of languages that I use professionally.
BUT in terms of C++ being unsafe and unsecured and a horrible alternative to Rust I personaly do not believe so. I see it as a powerful white canvas, in which you are able to paint software to the best of your ability WHICH then requires thorough scrutiny from the entire team. NOT a quick replacement for something that protects your from your own stupidity BY impending the use of what are otherwise unknown "safe" features.

To be clear: I am not diminishing Rust as the powerhouse of a language that it is, myself I am quite invested in the language. But instead do not feel the reason/need before articles claiming it as the C++ killer.

I am currently heavily invested in C++ since I am trying a lot of different things for a lot of projects, and have been able to discern multiple pain points and unsafe features. Mainly the reason for this is documentation (your mother knows C++) and tooling, ide support, debugging operations, plethora of resources come from it and I have been able to push out to my secret project a lot of good dealings. WHICH I will eventually replicate with Rust to see the main differences.

Online articles stating that one will delimit or otherwise kill the other is well....wrong to me. And not the proper approach.

Anyways, I like big tits and small waists.

I have a few of these so I'll do a series.
(1 of 3) Public privates

We had a content manager that created a content type called "news item" on a Drupal site. There where two file fields on there. One called "attachments" and the other called "private attachments". The "private attachments" are only for members to see and may contain sensitive data. It was set to go trough Drupals security (instead of being directly hosted by the webserver) but because the permissions on the news items type where completely public everybody had access. So basically it was a slow public file field.

This might be attibuted to ow well Drupal is confusing. Howerver weeks earlier that same CM created a "private article". This actually had permissions on the content type correctly but had a file field that was set to public. So when a member posted the URL to a sensitive file trough unsafe means it got indexed by google and for all to read. When that happend I explained in detail how the system worked and documented it. It was even a website checklist item.

We had two very embarrassing data leaks :-(

After 2 years at the uni with 6 programming courses, I stopped studying and started working.

So I kinda left with some expectation or demand for some level of standard, not the highest, but at least not expecting diarrea dog shit level of quality.

On my first jobs, I was pretty shocked with their outdated technologies, terrible workflows, insanely unsafe setups and vomit inducing management. I thought "this isn't normal, this shouldn't be happening"

After being for a week on devrant, I now think the opposite is not normal.

@Fast-Nop This one's for you, buddy. Took me all freaking day to figure out how to avoid unsafe-inline when registering a service worker. XD

I found this on a wiki with Haskell Humor... it's interesting...

How to Shoot Your Self in the Foot With Haskell: Putting the unsafe in unsafePerformIO!

You shoot the gun, but the bullet gets trapped in the IO monad.
Couldn't match expected type 'Deer' against inferred type 'Foot'.
While compiling your program the compiler produces a type error long enough to overflow a kernel buffer, overwrite the trigger control register and shoot you in the foot.
After trying to decipher the type errors from the compiler, your head explodes.
After you've finally found a way to circumvent the type system and shoot yourself in the foot, Oleg appears out of nothing and shoots you in the foot for coming up with it before him.
You shoot the gun but nothing happens (Haskell is pure, after all).
Your foot is fine, until you try to walk on it, at which point it becomes mangled.
You have a shootFoot function which you've proven correct. QuickCheck validates it for arbitrary you-like values. It will be evaluated only when you end up at the hospital. You hope this doesn't come to pass, as it actually returns a bullet-ridden copy of yourself and you don't want to be garbage-collected.
foreign import ccall "shootparts.h shootfoot" shoot_foot :: Gun -> Programmer -> IO ()
shootSelfInFoot = unsafePerformIO . shoot . foot $ self -- Shoot self in foot 0 or more times depending on evaluation order
No instance for (Target Foot)
arising from use of `shoot' at SelfInflictedInjury.hs:1:0
Possible fix: add an instance declaration for (Target Foot)
In the expression: shoot foot
You go to shoot yourself in the foot but the bullet is in the ST monad and the gun is in the IO monad, so you can't.
You ask Haskell to shoot you in the foot but by the rules of lazy evaluation you don't need the result yet so it doesn't happen.
You decide to shoot yourself in the foot but get distracted devising a ballistics algebra and wondering if you can do the calculations in the type system.
You want to shoot yourself in the foot but realize there is no Gun datatype so use Arrows instead.
You shoot in the direction of your foot, but since you are inside the STM monad you can just retry until you figure out what to do.
You shoot yourself in the foot, but you are perfectly fine as long you just don't evaluate the foot.
You shoot yourself in the foot, but nothing happens unless you start walking.
Don't forget about memory consumption! If you don't look, the bullet causes heap overflow. If you look, the bullet causes stack overflow.
You *appear* to have deliberately shot yourself in the foot, and yet your program actually runs perfectly OK due to lazy evaluation. (So long as you remember to not look at your foot...)
You aim the gun at your foot, pull the trigger and remove the clip. When you look at your undamaged foot, the hammer clicks on an empty barrel.

How do you debate the "it's more complex in my opinion" statement?

So, some months ago I was looking at some code which has stuff as 300 lines of code function(s) and I could feel the bad smell irl...

I analyze it a bit and there is a lot of stuff which is misplaced, repeated or unsafe.
I first re-arrange it and remove redundancy, then break it down in about five functions (plus a caller), all is now readable and assignIcon k(made-up name) only assigns an icon, it doesn't also send a rocket in space.

But then I put the code in review and the previous author of the code says that it's now unreadable, because s/he has to look as multiple functions. I counter by showing how s/he does not need to read 300 lines of code to find a bug, but approximately 60, and I point at how misleading having an `assignIcon` function which also sends rockets in space is.
The counter? "But it looks confusing to have smaller functions, revert it."

How would you debate that? I am shy and hate myself a lot, so I have issues debating good points, but I am really really sure a lot of bugs I encountered were due to stuff like this so I would like to be able to explain my point in a more efficient way, for future teams.

Just discovered one of our core systems had literally used api key validation of "drop into database, if exists, its fine"

Well, around 30 seconds later, I have successfully authenticated with apikey "%". Wonder why.... Sigh... Patch already pushed, but still it left bad taste in my mouth...

lesson for beginers:
validate, validate, validate. If user could touch it, treat is as broken unsafe and if used it will nuke your home. check if it will, than use it.

Back when I was still in school for comp sci we had an advanced software engineering and design class with c++. At this time, everyone was expected to be proficient enough with cpp to go ahead and properly work with whatever the instructor would throw at us. And pretty much everyone was since past classes included a lot of c++ development. Of course, efficient at least related to academic studies rather than actual real world development.

Our teacher would mix in a lot pf phyisics and mathematics into what we were doing, something that I greatly enjoyed, while at the same time putting real world value concerning cpp best practices to avoid common pitfalls in the development of said language. Since most bugs seemed to be memory based he would be particularly strict about that.

One classmate, good friend and an actual proper developer now a days would ALWAYS forget to free his resources...ALWAYS for whatever fucking reason he would just ignore that shit, regardless of how much the instructor would make a point on it.

At one point during class on a virtual lecture the dude literally addressed a couple of students but when he got to my boy in particular he said: "you are the reason why people are praying to Mozilla and Hoare to release Rust as fast as possible into a suitable alternative to high performant code in C++, WHY won't you pay attention to how you deal with memory management?"

And it stuck with me. I merely a recreational cpp dev, most of my profesional work is done on web development, so I cannot attest to all the additional unsafe code that people encounter in the wild when dealing with cpp on a professional level.

But in terms of them common criticisms of C and C++ for which memory is so important to work with, wouldn't you guys say that it comes more from the side of people just not knowing what they are doing rather than a fault on the language itself?

I see the merits and beauty of Rust, I truly do, it is a fantastic language, with a standardized build system and a lot of good design put into it. But I can't really fathom it being the cpp killer, if anything, the real cpp killers are bad devs that just don't know what they are doing or miss shit.

What do y'all ninjas think?

Am i whiny or is resilience so glorified in this field?

I am a junior developer. I was assigned with two projects together with a friend and a senior. My friend and I finished our assigned tasks way before the deadline. Fast forward, my senior got reassigned to a different project since we are lacking with manpower. Naturally, his transactions were assigned to me and my friend. And my goodness, his existing codes are a piece of shit! It's all over the place. His variable naming is shit, his codes are all around the place, his codes doesn't even follow our company's coding standards, no try catch, a lot of unsafe practices. In short, cleaning his code is a pain in the ass and my friend and I got really busy with cleaning his mess. The testing of our system is really near but I just thought that maybe he's really busy with the other project that's why the quality of his codes deteriorated.

He's not. One day, I saw his in discord that he's playing during work hours lol. And the worse part is that he is playing with our boss! YES. DURING WORK HOURS. I got mad but I couldn't say anything because he is really tight with the boss.

Later on that day, we had our meeting. I was surprised when my boss told me that she's expecting that the excel part of our system is already finished. A little background here, my boss asked me to study Excel VB. However, I didnt get to study that much because I was so busy fixing bugs and after that came the cleaning of our senior's shit codes.

So I tried to say these things to my boss but I was cut out by the same senior shouting "You can do it!" over and over again. No one listened to what I was trying to say! And to make it even worse, the boss had a very proud look on her face and she even had the audacity to tell me that I'm lucky I have such a good support system. I dont.

Now, the company is planning to put me in a very demanding project. I havent finished cleaning up my senior's codes, I havent started anything with the excel and the deadline is next week!

The boss told me that even if I enter the other project, that I will still be responsible for the Excel part of our system. So fucking shoot me in the face.They were telling me that I should have a good time management system, that I should be flexible, that I should adapt easily, yada yada yada. She just makes you feel bad about yourself if you're not as 'flexible' as her.

The thing is, even if I have the best time management techniques in the world, if you bombard me with a shitload of tasks, then I won't be able to do it properly! I don't even take breaks anymore! I work literally 8 hours a day, even more than that. And I dont understand, why the hell is she overworking me when her friend (the senior dev) is just playing during work hours?

Another funniest thing is that she told us that when we encounter technical problems, we should ask our senior dev. Oh boy, if only she knows how shitty his codes are.

!rant

I was playing with adb logcat some apps and I saw some sensitive info from my bank app. So I decided to go deeper , I saw my entire banking information , WHAT THE FUCK? I feel unsafe now using this bank.

Btw this bank is using react native and forgot to obscured their code in production

MTP is complete garbage. I want mass storage back.

The media transfer protocol (MTP) occasionally discovers new creative ways of failure. Frequently, directory listings take minutes to load or fail to load at all, and it freezes up infinitely (until disconnected) when renaming an item, and I can not even do two things simultaneously.

While files are being moved, I can not browse pictures or watch videos from the smartphone.

Sometimes, files are listed with the date 1970-01-01 (Unix epoch) instead of their correct date. Sometimes, files do not appear at all, which makes it unsafe to move directories from the device.

MTP lacks random access. If I want to play a two-gigabyte 4K 2160p video and seek in the video, guess what: I need to copy it to my computer's local mass storage first because MTP lacks random access.

When transferring high numbers of files, MTP has to slooooowly enumerate (or "prepare" or "calculate the time of") them all, which might even take longer than mass storage would need for the entire process. This means MTP might start copying or moving the actual files when mass storage is already finished.

Today, the "preparing to move" process was especially slow: five minutes for around 150 files! How am I supposed to find out what caused this random malfunction?

MTP sometimes drives me insane. I want mass storage back, at least for the MicroSD memory card, which uses a widely supported file system.

Imagine a 2010 $100 Android phone is better at file transfer than a 2022 $1000 Android phone (or iPhone, for that matter).

Is it OK to punch a game dev who codes stupid numeric bugs?

So my wife got into Stardew Valley, that admittedly awesome comfort game farming simulator.
She went pretty far in the game, and found some item that was supposed to highly increase the damage she could inflict onto cute little monster thingies.
It didn't work as intended.
Since equipping the piece of shit all her hits did 0 damage. She tossed the item away but the problem persisted. And on and on...
She took to the googles to try and find some explanation, and apparently that is a fairly common bug for mobile devs.
Then she called in the big guns (that is how I'm calling myself in this case, you will see why).

Apparently there is some buggy piece of shitcode somewhere in the game with a numerical insecure routine that overflows the attack modifier. I.e. if it was supposed to increase from 1.990 to 2.010, it actually went all the way down to -0.4.
She was lucky her attacks weren't increasing the monsters' HP.

We found a forum post where some dude said that he managed to edit the game save file and reset the negative-value attack increase modifier variable. Seems easy enough at first, but my wife uses iOS. Nothing is ever so straightforward with apple stuff.

We did get to the save file, she emailed it to me (the file has no extension and no line breaks in it, so we facepalm'd on a couple attempts at editing it directly).
I finally manage to get it into my personal 11-yo laptop... that won't open a single line file that big.

Cue the python terminal. Easy enough to read the file into a string var and search for the buggy XML tag. Edit the value and overwrite into a new file. Send it back to her by email. Figure out how to overwrite the file in iOS.

Some tense moments while the game reloads... and it works!!!! Got some serious hubby goodwill points here.
Srsly, this troubleshoot process is not for technophobes. It is out of reach to pretty much every non-techy user.

And now back to the original question: If I ever manage to find the kid who coded a game-breaking numerically unsafe routine and shipped it as if every test in the planet had waved it bye-bye, can I punch them? Or maybe buy them a beer, let's see how I get to cash that hubby goodwill tonight :)

Ehh.....
Another day of problems with Windows, just removed 96 unsafe files (Trojans, Malware, Adware etc.)...
At first, Defender refused to work with me, I tried to remove that with Defender (which found just 7 treats), but 'remove' or 'quarantine' didn't work, so I downloaded Malwarebytes and now works fine. Still, some minor problems, gonna format this crap soon...or maybe it's time to move to Linux or macOS finally? 🤔

~dev, not in front of computer stuff

Playing with the controller and power management using the torque sensor, managed to get this flatland cook-off going today on the fat tire ebike with only 50watts of assistance. Efficiency gains over stock of 28%! 30mph on a bike feels ridiculously unsafe, but the looks you get from cars are even better.

Love being able to gather all this telemetry (GPS, elevation, pulse, durations), gives me stuff to fish through and data to play with.

That's how I keep my cool in the summer.

A bit improvised, maybe a little unsafe, but it does the job quite well.

i am i such a shitty situation. i have recently started to love my job as i find the work to be lesser and lesser stressful. i finish my tickets in 2-3 hours exch day, and i am almost free after 3 pm and officially free after 6.30 pm every day (kinda officially, as i have set an unavailable notice on my calendar for 6.30 to 8.30 and after that no one really is online).

i get time to go out, jog, play with my pets do home taks, and even study sometime.

everything is going great except 2 things: they are ending the remote work policy in 2022 and giving esops instead of appraisal/promotion :'( will have to either switch or go live in the city where my office is, which is the most expensive city in my country ( and maybe in top 10 most expensive in the world) + very unsafe. and its obvious that my boss won't be letting me code lying flat on a mattress with a bag of cheetos and in just boxers and flip-flops

Imagine being so rich that you're too lazy to implement payment methods for countries where you product is popular. Microsoft (one drive) and Android (play) was like that for years. I want to pay for openai but it doesn't support ideal/paypal which is the payment method in the Netherlands. Credit card only. Credit cards is so unsafe, I don't understand it's the standard. I won't get one. Is there an api for generating content besides openai?

Mozilla has announced plans to remove support for the FTP protocol from Firefox. Users won't be able to download files via the FTP protocol and view the content of FTP folders inside the Firefox browser.

According to the report of ZDNet: Michal Novotny, a software engineer at the Mozilla Corporation said "We're doing this for security reasons, FTP is an insecure protocol and there are no reasons to prefer it over HTTPS for downloading resources. Also, a part of the FTP code is very old, unsafe and hard to maintain and we found a lot of security bugs in it in the past." Novotny says Mozilla plans to disable support for the FTP protocol with the release of Firefox 77, scheduled for release in June this year.

Users will still be able to view and download files via FTP, but they'll have to re-enable FTP support via a preference inside the about:config page.

I had a compile error that I was missing a com reference. But on the pc of a colleague it compiled fine.

It was something from vlc, so I reinstalled vlc.
2 seconds after that my virus scan started shouting, alert, activeX element detected, removing.....

Which water buffalocock sucking piece of diarrhea stained retard (sorry for the retards I love you all a huggy bunch and you deserve better)
Uses an activeX element which even a virus scan can identify as completely unsafe

So, I made this API which logins to the system and Used it in an android app, there was one roadblock to it, that everytime user enters a password, it has to match the password hash so I, excitingly, used password_verify($password,$passwordHash), unknowingly that it is fucking unsafe and the code is still there, and here's where it gets interesting it is not over SSL/TLS. Fuck me, any bright solutions?

Rust should support explicit variance declarations. Explicit declarations are like the main feature of the language, variance is a critically important part of a type's public interface, and &mut-s that are never reassigned and should thus inherit the referee's variance are extremely common. If the language can't recognize this, I should be able to declare it with a single unsafe rather than constantly casting to and from 'static.

How to react to a coworker using equals() instead of equalsIgnoreCase() for checking case insensitive strings?

Feel dirty writing in c. How do people even deal with unsafe pointer type casting/memory allocation/free? The codebase is plagued with memory leaks and there is no test.

I will just pretend I can't read c code and play dumb when shit happens

I'm still on a regular basis reminded of how I might be wrong despite the absolute certainty in how obviously wrong the other person is.

Lately I've been working on setting up this API with a fairly intricate database integration. One request can lead to multiple db calls if we're not careful, so we have been polishing up the implementation to guard against ddosing ourselves and dealing with thread-unsafe concurrency.

Someone on the team could happily report that they got rid of all async use so there should no longer be threading issues. "You mean it all runs sync now?" "I guess. It works at least".

I'm just internally pulling a surrender cobra. If this was pre-dev me I would have let him and everyone know what a stupidpants he is and that I thought he had some experience in api development. But let's not make an exception to the rule; I might be wrong. I mean I'm not, but let's pretend I could be. Let's pull down the changes and maybe set up a minimal example to demonstrate how this is a bad idea.

Funny story. He got rid of explicit calls to the database entirely. When resolving data, the query is instead constructed virtually and execution is deferred until the last step. Our functions are sync now because they don't call the database, and threading isn't an issue since there's only one call per request context.

Thank god I've learned to keep my mouth shut until I can prove with absolute conclusive certainty that they are wrong. Here's to another day of not making an ass of myself.

should i add to an existing horrible node js program with dependencies that are marked unsafe or no longer supported, or port to a nice shiny c# or python app that will probably be much easier to support and extend and organize ?

I’m a mid level dev in a team of three devs (one jr and another “mid”), but the other mid is super lost all the time and is pretty much useless.

I have to do all his work because he can’t seem to handle simple tasks. He’s taking the whole sprint to do stuff that takes me or even the Jr dev less than 3 days.

I have no idea how he managed to get mid position in the first place. I don’t have a problem in helping someone catch up, but I feel like I’m basically explaining technical stuff to my mom. Nothing seems to catch up on him.

I’ve already talked to my manager about him, but unfortunately we are understaffed so she feels it’s unsafe to get rid of him, but I’m starting to consider taking up the load instead of having to deal with him much longer. This shit is honestly stressing me out so much I’ve considered simply quitting.

PHP is so insecure and vulnerable that it makes me feel unsafe. It has so many features and settings that can lead to security risks, such as register_globals, magic_quotes, and allow_url_fopen. It also has so many functions that can execute arbitrary code or commands, such as eval, exec, and system.

It is like PHP was designed by a bunch of hackers who wanted to exploit every possible loophole.

today has been one of the worst day of my life

- the parking situation went out of hand : i bought a new car 2 days ago, nd since last 2 days i have been just taking it out to practice for 1 hr in morning with the trainer. today one of our pesky neighbour took this opportunity and parked in our spot. i had to call my friend in the early morning to get it parked in a place far away from home . my new car is parked in an unsafe place , just because the neighbour wants to make me mad 😭

- office announced that since cto is coming, you must do wfo fod next 2 days. our office is tuesday nd Thursday, now i will have to go on friday too. plus our team lead is coming, so next weekend is going to be 4days wfo. they are giving random surprises, why not just tell us that its full wfo?

- one of our neighbour's bike got stolen in plain sight. our road is usually having a lot of people going around whole day, as its opposite to park. nd those neighbours have a hon ground floor, so they are almost always outside. we have installed a camera just 2 days ago, nd that caught the incident live. i am 100% sure that if my car had been parked here today, then it would have been my car 😭😭😭

- we friends went for a night stroll in my car. the car was mine, but my friend was driving it as he's experienced. we stopped at a food joint. i took the key from him for sometime because i was having fun playing with it . then when we were heading out, our key was gone!
i almost had a mini heart attack. my friends were not messing up with me. fortunately the restaurant had cameras , so we requested for cctv footage. in the footage we found that i accidentally put the key in the restaurant menu. and that fucking guy had taken away the menu!!!
imagine if he had given that menu to someone else 😭😭😭. our car would have been gone in a moment, as we were not even seeing the car from the window. imagine if the restaurant didn't had the fucking cameras 😭😭😭😭😭😭😭

life fucks super bad in a moment of truth

While fucking my hot blonde gf this morning the Fucking DUREX condom BROKE and i creampied her. Here are the reasons why its not my fault:

1--Im not retarded

- 4 years of fcking my hot blonde gf with no protection and nothing ever happened cos im !retarded. Its a bigger risk to fuck with condom than without, how is this fucking normal???

2--I use condom the right way

- i was holding the tip so air comes out, just like it was explained on the box, but while rolling it down i was still holding the tip to make sure the air doesnt come back up

3--She was wet

- she wasnt dry. My hot blonde gfs pussy was so wet from how horny she was so its impossible that it got torn due to dryness

4--First verification

- it wasnt torn or ripped. It was normal. Everything looked absolutely fine

5--Second verification

- when i put it inside my hot blonde gf and fk her i pull it out in the first 10 seconds just to make sure it isnt torn--it was good and nothing was ripped so i slowly put it back inside

6--Condom is not thin

- i took the regular durex one (fuck this fucking dead fraud company I'll piss and shit on their grave) so it wasnt the thin bullshit one

7--Dont got a big black dick

- its normal. Average. Not small nor big. So latex elasticity isn't my problem

8--50-50%

- every FUcking time when i fked my hot blonde gf with a condom i always stressed if it'll break or not. This is not the first time it broke. FUCK the product that is THIS MUCH unreliable, unsafe and fragile! I'll fuck the whole durex company up. Im not the only one who had this problem. DUREX IS THE BIGGEST OVERRATED SCAM COMPANY SPENDING BILLIONS ON MARKETING FOR A LOW QUALITY SHIT PRODUCT THAT DOESNT EVEN WORK

9--Package didnt expire

- i bought a new box in the store on 8th march for womens day (modern women value having gifted with condoms more than flowers). It wasnt bought in a shit china quality shop. I fked her in the car at night and also creampied her but the condom did NOT break. Then i fked her this morning in bed with condom from the SAME BOX, and now it DID break. Are you Fucking kidding me???

10--Emergency contraception

- i died from high adrenaline of running so fast to the store to buy her contraception. Had to run to 4 fucking stores cause all of them don't work before 7:30am. Finally found one in the 4th store and she drank Escapelle within 20 minutes of incident, as soon as it was physically possible

11--And now what

- now what. What do i do. I did everything i could. Nothing is my fault. My hot blonde gf wanted me to creampied her it was her idea so shes at fault partially. She will get tested in 15 days while this contraception lasts. Dont know what else to try. This bullshit never happened before

bash....................my fucking head in

how the fuck do quotations work for bash variables

='self','unsafe-eval' becomes self','unsafe-eval or wtf???

My browser claims it's unsafe to visit a website via HTTP, even if it's only to view and read. But it's fine to open any crapsite as long as it's via HTTPS and not on a malware blocklist?

Colleague tells me that, in PHP, this is an unsafe selector.

$a = $some_array['foo']['bar'];

And that if ['bar'] has no value, $a will default to $some_array['foo']

Is this right?, because that doesn't seem right to me...