The website i made has been hacked today.

Stored in their server.

They didnt give me an access for it.

The user account in the cms i used for updating content while building the website was revoked when the website is completed.

Now they ask me for the latest backup.

I have no backup because how the hell i do a backup when i got no access to the cpanel.

The only backup is the zip file for initial uploading into their server and the contents were added after the website is on their server.

That goddamn IT guy who wont give me any access for “securty sake” is calling me furiously asking for the backup and how to set up the stuffs from the beginning.

I thought he was the one who know his shit but i was wrong.

Fuck me?

No.

Fuck you.

But i still responding to him telling him step by step how to do shit with some swearing and sarcasm.

ALWAYS BACKUP YOUR SHITS, MATE

So... I just remembered a story that's perfect for devrant.

My brother got into engineering in university, and during the second semester they had their introductory class to programming. They had weekly homeworks that the lecturer would check and give grades accordingly.

The factors that could influence the grading were: execution (meaning that the code would excecute as intended), efficiency and readabilty. The weeks passed and everyone was doing well, getting fairly good grades. Everyone was happy.

Until one day a random guy we'll call bob got the worst grade possible. Bob wasn't a bad student. He had over-the-average grades in all the weekly homeworks and even impressed the professor in some. Naturally, he was baffled when he saw his grade on the google spreadsheet. He was pretty sure his code ran well. He always tested it on different machines and OSs. So, at the end of the class, he went straight to the helper of the class, in a pretty imperative manner, to demand to know how the fuck he got that grade. It's impossible he got excecution, efficiency and readabilty, wrong. All three wrong? Impossible. Even the stupidiest kid in the class had some points on readabilty.

"Oh, so you are Bob. Huh?" said the helper in a laid-back attitude. "Come with me. Prof. X is waiting for you in his office."

This got Bob even more confused. As they approached the office, the courage he had in a first moment banished and gave way for nervousness and fear.

The helper nocks the door. "Prof., Bobs here"

As soon as Bob sits in the chair in front of Prof. X's, he knew something bad was coming.
"In all these years of teaching..." said Prof. X hesitantly. "In all these years of teaching I have not come even close to see something similar to what you've done. You should be ashamed of yourself." Needless to say, Bob was panicked.

"In all these years I have not seen such blatant mockery!" added the professor. "HOW THE FUCK DID YOU EVEN DARE TO SEND A HOMEWORK WITH SUCH VARIABLE NAMING" That's when Bob realised the huge mistake he made. "NEVER IN ALL THESE YEARS I HAVE SEEN SOMEONE NAME HIS VARIABLES *opens the file on his desktop *: PENIS, SHIT, FUCKSHIT, GAYFUCKING<insert Prof. X's name>MAN, GOATSE, VAGINAVAR, CUMFUNCTION, [...]" The list of obcenities went on and on. In each word, the professor hit the table harder than the last time.

Turns out Bob felt so in comfort with the ease of the course he decided to spice things up by using "funny naming conventions" while coding, and then tidying everything up before uploading the homework. This week he forgot, and fucked it big time.

So remember folks, always check your code before committing/giving it in/production. And always adhere to naming conventions.

To people who don't know how to use Linux: Just because I use nano instead of gedit or any other GUI text editor does not mean I'm showing off. Why can't you understand that ssh-ing into a server and opening a file in the terminal itself to edit three lines of configuration is much easier than opening FileZilla, connecting, downloading the file, making the changes and uploading it again. It's fine if you want to do it that way. But please don't judge me for doing it my way.

To people who are good with Linux: Can you please stop suggesting me to use vim instead, EVERY FUCKING TIME? I know it's more powerful, but I haven't been using Linux enough to have surpassed it's learning curve. Plus I google up how to use it and do use it when I have the need. Please let me be?

To people who tell me to use Windows for everything: Go suck a fat dick, you uncultured morons.

Don't cha just love it when you download your "native" desktop application to host a meeting, only to find out its actually a wrapper around a browser?

How did I find out? Well I innocently tried to drag and drop an image to share, only to have the browser open and render that file instead of uploading it, killing the application it was running behind it, closing the meeting for everyone on it ... and not even be able to access a back button to re-open the session.

viva la hybrid!

*wrestling commentator voice*
"In this weeks episode of encoding hell:
The iiiinnnfamous UTF-8 Byte Order Mark veeeersus PHP!"

For an online shop we developed, there is currently a CSV upload feature in review by our client. Before we developed this feature, we created together with the client a very precise specification, including the file format and encoding (UTF-8).

After the first test day, the client informed us, that there were invalid characters after processing the uploaded file.
We checked the code and compared the customer's file with our template.
The file was encoded in ISO-8859-1 and NOT as specified UTF-8.
But what ever, we had to add an encoding check, thus allowing both encodings from now on.

Well well well welly welly fucking well...

Test day 2: We receive an email from said client, that the CSV is not working, again.
This time: UTF-8 encoding, but some fields had more colums with different values than specified.
Fucking hell.
We tell the customer that.
(I was about to write a nice death threat novel to them, but my boss held me back)

Testing day 3, today:
"The uploading feature is not working with our file, please fix it."
I tried to debug it, but only got misleading errors. After about 30 minutes, at 20 stacks of hatered, I finally had an idea to check the file in a hex editor:

God fucking what!?!!?!11?!1!!!?2!!

The encoding was valid UTF-8, all columns and fields were correct, but this time the file contained somthing different.
Something the world does not need.
Something nearly as wasteful as driving a monster truck in first gear from NYC to LA.

It was the UTF-8 Byte Order Mark.
3 bytes of pure hell.
Fucking 0xEFBBBF.
The archenemy of PHP and sane people.

If the devil had sex with the ethernet port of a rusty Mac OS X Server, then 9 microseconds later a UTF-8 BOM would have been born.

OK, maybe if PHP would actually cope with these bytes of death without crashing, that would be great.

I've found and fixed any kind of "bad bug" I can think of over my career from allowing negative financial transfers to weird platform specific behaviour, here are a few of the more interesting ones that come to mind...

#1 - Most expensive lesson learned

Almost 10 years ago (while learning to code) I wrote a loyalty card system that ended up going national. Fast forward 2 years and by some miracle the system still worked and had services running on 500+ POS servers in large retail stores uploading thousands of transactions each second - due to this increased traffic to stay ahead of any trouble we decided to add a loadbalancer to our backend.

This was simply a matter of re-assigning the IP and would cause 10-15 minutes of downtime (for the first time ever), we made the switch and everything seemed perfect. Too perfect...

After 10 minutes every phone in the office started going beserk - calls where coming in about store servers irreparably crashing all over the country taking all the tills offline and forcing them to close doors midday. It was bad and we couldn't conceive how it could possibly be us or our software to blame.

Turns out we made the local service write any web service errors to a log file upon failure for debugging purposes before retrying - a perfectly sensible thing to do if I hadn't forgotten to check the size of or clear the log file. In about 15 minutes of downtime each stores error log proceeded to grow and consume every available byte of HD space before crashing windows.

#2 - Hardest to find

This was a true "Nessie" bug.. We had a single codebase powering a few hundred sites. Every now and then at some point the web server would spontaneously die and vommit a bunch of sql statements and sensitive data back to the user causing huge concern but I could never remotely replicate the behaviour - until 4 years later it happened to one of our support staff and I could pull out their network & session info.

Turns out years back when the server was first setup each domain was added as an individual "Site" on IIS but shared the same root directory and hence the same session path. It would have remained unnoticed if we had not grown but as our traffic increased ever so often 2 users of different sites would end up sharing a session id causing the server to promptly implode on itself.

#3 - Most elegant fix

Same bastard IIS server as #2. Codebase was the most unsecure unstable travesty I've ever worked with - sql injection vuns in EVERY URL, sql statements stored in COOKIES... this thing was irreparably fucked up but had to stay online until it could be replaced. Basically every other day it got hit by bots ended up sending bluepill spam or mining shitcoin and I would simply delete the instance and recreate it in a semi un-compromised state which was an acceptable solution for the business for uptime... until we we're DDOS'ed for 5 days straight.

My hands were tied and there was no way to mitigate it except for stopping individual sites as they came under attack and starting them after it subsided... (for some reason they seemed to be targeting by domain instead of ip). After 3 days of doing this manually I was given the go ahead to use any resources necessary to make it stop and especially since it was IIS6 I had no fucking clue where to start.

So I stuck to what I knew and deployed a $5 vm running an Nginx reverse proxy with heavy caching and rate limiting linked to a custom fail2ban plugin in in front of the insecure server. The attacks died instantly, the server sped up 10x and was never compromised by bots again (presumably since they got back a linux user agent). To this day I marvel at this miracle $5 fix.

Support elevates a ticket.

Ticket: customer is getting a weird error uploading photo.

Can’t recreate. Tell support to call them back. I’ll sit in on the call.

Watch the process. Noting extraordinary...

Hmm.

Me: can you get the customer to open the pic in photo viewer?

Support asks as much.

Support: uh, he says he gets a similar error opening this photo in the photo viewer.

Me: 🤦‍♂️ that is a corrupt file!

I just spent the last 2 hours trying to set a new max size file upload for nginx from 1MB (default) to 10MB, almost lost my mind when I realized I was testing uploading a file that was 10.9MB the whole time

When I started my current job 6 years ago I was given a desk phone with a 100mb port. Speed didn't matter at the time as everyone was given laptops for our desks. I changed positions in the company where I'm going to be provisioning servers and whatnot over the network. Started using a desktop that didn't have a Wi-Fi adapter. I requested a new phone with a Gig switch port, if possible, so doing file transfers on the network wouldn't be limited. IT had a couple of questions...

IT-Have you noticed slowness when downloading/uploading?
Me-No, but its a 100mb port...so.
IT-Well I just did a speed test and we're getting 60up/5down. Your phone is over that.
(Working from home? Our fiber was way faster than that I thought.)
Me-That's fine, but this will be for internal network transfers. Not going out to the internet. We have gigabit switches on campus correct?
It-Yes but you shouldn't notice a speed difference.
Me, now lost-If you can't change out the phone that's fine. I'll figure our something.
IT-Now now, lets troubleshoot your issue. Can you plug your phone in?
Me-Yes I have it, but I'm remote today. There is no way for it to reach the call manager.
IT-Let's give it a try.

40 min of provisioning later he gave up and said maybe it is broke. Got a "working" one the next week.

PS first post, and writing on phone. Yay insomnia!

In the past, we used skype, hipchat, slack and now ... Microsoft Teams. What a tool.

Yes Teams, it makes total sense to tell me that my message is too long. I totally get it that you want me to rewrite my message and yes Teams, I should have rather attached it as a file to my message to begin with. Yes Teams, I wait for you to finish uploading those files before I can send the message. I'm sure there would be disastrous consequences if you send the message with my attached files as soon as you finished uploading. I don't even want to be productive. Thanks for helping me out.

I had to demonstrate file uploading, clicked “Select file…”, it opened a file dialog, and there were photos of me posing with cum on my face.

Java dev here. I rewrote an app and replaced a system call to ssh with a modern jaxrs post for uploading a file and (new) some additional data.
I even used a stream.

1 hour in production, first client doesn't get his file. Log says OutOfMemoryError: heap.

Me: wtf? I already use streams.
Looking at the Jersey library. Docs say nothing. An issue from 2013 says: oh if you silly don't use the Apache httpclient addon, we disable chunking and buffer the whole body, because our tests fail with the jdk included http client otherwise.

Me: meh.

No warning in the logs. Thank you soooooo much! Who could have known?

when I was a newbie I was given a task to upload a site.
I had done that many times before so I thought it wont be a big deal so I thought I never gave a try uploading through ftp.
Okay I began work on it the server was of godaddy and credentials I got were of delegate access.
right I tried connecting through ftp but it wasn't working thought there's some problem with user settings why shouldn't I create my own user to stay away from mess.
Now I creater my own user and could easily login but there were no files in it saw that by creating user my folder is different and I dont have access to server files I wanted to take backup before I do upload.
now I was thinking to give my user access to all files so I changed the access directory to "/" checked ftp again there was still no file.
don't know what happened to me I thought ahh its waste of time for creating ftp user it does nothing and I deleted my ftp account.
now I went through web browser to download data and earth skids beneath my foots. Holy fuck I lost all the data, all were deleted with that account it scared the shit out of me.
There were two sites running which were now gone.
Tried every bit to bring them back but couldn't do so. i contact support of godaddy they said you haven't enabled auto backup so you can't have them for free however they can provide their service in $150. Which is 15k in my country.
I decided to tell my boss about what happened and he got us away :p I wasn't fired gladly

Fuck Homestead.

For the fortune of you not to know, Homestead is a sad attempt at a Wix-like build your own website platform.

However, Homestead is the most unusable piece of shit platform that humans have ever had the misery of interacting with

Lets start off with the login page. The login page is small, unresponsive and half the time just deletes your input whenever you press submit.

It's important to note that unless you're running MacOS or Windows, Homestead will send to an error page on which there's a link to contact support, but pressing that link requires MacOS or Windows.

Fine, I'll fiddle around with my user-agent, and we'll be in soon enough. But now we come to the joy that is the website editor itself.

The website editor is clunky, hard to use, and has enough menus and submenus and sidebars to make the Jira UI shake with fear. Each interface option label is either ridiculously ambiguous or just straight up wrong. The built-in HTML editor doesn't support HTML5, in the name of "browser compatibility".

CSS? Pah! Who needs it! Our psuedo-90s skeuomorphic ugly-as-shit prebuilt styles will work just fine. Responsive design? Bullshit! Nobody uses a smartphone to browse the web, so why do we need to handle it?

Uploading a file? Good fucking luck buddy. There's a complicated dance among the minefield of pop-ups that ask you to confirm some shit or modify some shit and you gotta click the right option each time or else the file won't upload.

Wanna use https like 86% of the entire web and all modern websites? That's a premium feature. Fork over an extra $10 a month

Ok ok, I made it through all that. Dig through the thousands of menus to find the 'publish changes' button, and sigh with relief.

Open up a private browser tab to check my work, and nope. The site looks like shit, even by Homestead's standards. That's because Homestead claims to be a WYSIWYG editor, but it's a damn lie. The site looks like shit, so it's time do dive back into the hellhole that is this damn site editor.

And rinse and repeat. Deal with the shitty editor, publish, and pray it doesn't look like garbage. Be too scared to test on other devices because this flaming pile of dog shit pretending to be a website is bad enough on my device.

Two more months, then I'm done with this client. Someone get me a drink

Fuck you scp. I was uploading 6GB file to an EC2 server. Well, needless to say, "no space left on device" after all 6GB transferred was the biggest FUCK YOU moment. Seriously. Send the file size and check before you waste 30 minutes of my time. Oh, and don't read CLI command data as part of the transfer. You suck.

The whole application was tested by 1 QA who was uploading only one 3MB file.
Now on production ~300 users upload in a batch one hundred 100 MB files... and nothing works now
WHO WOULD EXPECT THAT?

Dev Diary Entry #56
Dear diary, the part of the website that allows users to post their own articles - based on an robust rights system - through a rich text editor, is done! It has a revision system and everything. Now to work on a secure way for them to upload images and use these in their articles, as I don't allow links to external images on the site.

Dev Diary Entry #57
Dear diary, today I finally finished the image uploading feature for my website, and I have secured it as well as I can.

First, I check filesize and filetype client-side (for user convenience), then I check the same things serverside, and only allow images in certain formats to be uploaded.

Next, I completely disregard the original filename (and extension) of the image and generate UUIDs for them instead, and use fileinfo/mimetype to determine extension. I then recreate the image serverside, either in original dimensions or downsized if too large, and store the new image (and its thumbnail) in a non-shared, private folder outside the webpage root, inaccessible to other users, and add an image entry in my database that contains the file path, user who uploaded it, all that jazz.

I then serve the image to the users through a server-side script instead of allowing them direct access to the image. Great success. What could possibly go horribly wrong?

Dev Diary Entry #58
Dear diary, I am contemplating scrapping the idea of allowing users to upload images, text, comments or any other contents to the website, since I do not have the capacity to implement the copyright-filter that will probably soon become a requirement in the EU... :(

Wat to do, wat to do...

File hosting like GitHub?

Basically.. I want to let my Patreons download major updates to my game before I upload them to Github. Now, I will get a GitHub Developer upgrade once I get $7+ per month from Patreon, and host the updates on a private repository for a few days before uploading it to my main dev repository, but I something until then. Some place I can host the loose files, or a .zip at a static link for free. (that can only be accessed by that link) ^~^

Why is accidentally uploading a binary file in ASCII mode via FTP still something people do? Aside from the obvious point that FTP needs to die and something else needs to be used instead, isn't it about time binary was the default?

When you have to stay awake until 4:30am uploading and importing 134 .sql files split up from a larger single exported file because for some stupid reason MySQL can only handle importing the data at this insane level of incremental push.

well that's curious... Apparently, when uploading a csv file via bot, Slack now appends a .py suffix to it.

I wonder what's the logic behind it. Trick as many users as possible into executing potentially malicious code?

User A: So, we have some issue with uploading files. You guys need to fix it.
Me: Yeah, sure. We'll put it in our issue log. I'll let you know when its fixed so you can try uploading.
> Solving other issues which they said was more important.
A few days later:
User A: Uhhh..so guys, we have this issue while uploading..
Me: Yes, I know. We'll solve it and let you know when you can test it again.
> Working on that uploading issue
User A: So, I sent you an email. Its about the file upload. It doesnt seem to be working

Is it really hard to understand when I said to wait till we get it fixed?

Customer asks us to add an exception report to a file upload process, to show which users failed to be added, and why.

File has 4 fields per record: id, first name, last name, and email.

Customer: "some of these records aren't uploading, and when I look at the new report, it says 'email required' for those users. I don't understand. Does that mean they can't be uploaded without an email?"

First post yay!
I'm a "tech" lead for my team. The "tech" stands for technically, I can go on a whole different rant there but that's not why we're here today.
So we have a new PM on our side and a new PM on the client side. I've been working on this project longer than any of the devs and PMs have.
One of the tasks that my team does is validate and ingest data. It's pretty straightforward and it's fully automated. It takes minutes, and at most an hour, to complete this task. We get these tasks from users randomly and they don't have any schedule to it. It's FIFO basis and we just add it to our current sprint if we have bandwidth or add it to the next one if we don't. Not a big deal, no users have complained about it before, it's just business as usual. And we have a tracker of when we received it, how big it was and when it's been ingested. Super simple.
So now comes in the new client PM. He's been asking us to come up with timelines for these ingestions. My project's new PM is bending over to him and saying okay we'll come up with it, no problem. Well, there is a problem. We don't know that far in advance for when these tasks are coming in. Even if we did, now we're supposed to create timelines for a 10 min task? It literally is uploading a file and our system handles everything and I've explained that to my pm but he still is like well that's what they want. It takes less effort to do the ingestion than to make these timelines. It just means project managers bothering devs about timelines.
Idk how to deal with this. Thoughts? Any similar experiences?

I started an e2e encrypted Dropbox clone, meaning file names and contents get encrypted client side prior to uploading. It also has a fairly advanced system for sharing links to files etc. But I got stuck at PDF previews which can't be generated on the server cause the file can't be decrypted there and I never finished it.

So this is the most idiotic thing I have ever done!

Was resolving an issue in a module in our application on "Test" Instance, instead of uploading file to "Test" I was uploading to "Dev" and I was wondering for the last 2 hours why the hell changes are not working!!!

I need a break, Thank god its half day today... its a rest day now 🙈

Current fix for uploading a file to an android webview, start in debug mode start file chooser, go get coffee, return step through and voila!

now to make it work with tea too..

Uploading an xslx file to office365 to download it as an ods file only to be able to convert it to a csv file via libre office.

Direct conversion attempts with other tools would either fail converting the xslx file or break cells' values (ssconvert, soffice --headless -c, gnumeric).

One of those things where I fail to understand why it has to be so complicated.

This happened to me sometime back.

I want to try out a WordPress plugin in my local machine before installing on a production server. It is an Ubuntu machine. Downloaded and installed Xampp, then setup WordPress with MySQL. Now tried uploading the plugin zip file, it throws some permission error, asking to fix permissions or use FTP. I thought of just chmod 777 recursively for the WordPress directory to fix this easily.

Ran the command, looks like it is hung. Terminated using Ctrl+C and then ran the same command. Again it is taking much time. It should not take so much time to recursively change the permission of just a WordPress directory. Thought something was wrong. Before I realized the damage is already done.

Looks like I ran the command

sudo chmod -R 777 /

instead of

sudo chmod -R 777 ./

Fuck, I missed a dot in the command and it is changing permissions of everything in my machine. Saw the System monitor, CPU usage spiked to 100%. I can't close or open any program. Force shutdown the machine using the power key. It didn't boot again. Recovery mode didn't help. Looks like there is no easy way to restore back from this damage. Most of the files I need are backed up in the cloud, still, need a few more personal files so that I can format and reinstall Ubuntu. Realised I have Windows in dual booting. Boot into Windows and used some ext4 reader to recover the files, formatted and reinstalled the OS. Took a few hours to get back to my previous setup.

Lesson Learned: Don't use sudo unnecessarily.
Double check the command while executing.
Running a wrong command with root permission can fuckup your entire machine.

Somebody out there please tell me why I'm uploading a 17 MB file and PHP isn't showing a $_FILES array? It's just not there. I've set the max post limit and the max upload limit to 128 MB. The files are going to get way bigger than this. Why does this server like hurting me?

I am thinking of how I can make data upload reliable. I am sure that I am making it more complex as it could be and I need some pointer.

My goal is to have a pause/resume feature in file uploading.

Here is how it would work.

In order to start uploading , you give the server

1) File Name
2) Folder path you want to upload it to
3) Checksum of the file

Here the server will check whether you can upload it to a folder, whether the file have been previously uploaded (by file name and checksum)

If you could actually upload to the folder , server will return "unique file token" , "folder path" , "unique byte token". Let call it init_upload().

The client will use "unique file token" (to identify the file) , folder path (to know where to upload it to) , "unique byte token" and byte[] (data which to actually upload). Let call this operation data_upload().

If the operation is actually complete , server will return new "unique byte token"

Internally it will actually work like this.Let say we want to upload "file.mp3", when the client call init_upload() it will create

file.mp3 and unique_byte_token.file.mp3.

When the client upload data first time , it will append data to unique_byte_token.file.mp3.

When the client upload data second time , it will check whether the "byte token" that client put is the same as previous "unique_byte_token". If it is same ,
1) we move the data from unique_byte_token.file.mp3 to file.mp3
2) Delete unique_byte_token.file.mp3
3) Create new unique_byte_token.file.mp3
4) Append data to unique_byte_token.file.mp3

The reason I am using "byte token" is because I want to check whether previous upload is actually success.

Let say we need to call 50 part of data_upload() will put 49 part to file.mp3 and 1 part to byte_token.file.mp3.

Finally the client need to call data_upload_complete() which will

1) Put reminding 1 part to file.mp3
2) Remove byte_token.file.mp3 as cleanup

Maybe one of you can help me, since I can't find something online.
I want to do a transfer.sh-like app in Go. So you can upload a file with curl, it gets stored there for some time and you can download it later.
The problem is, I only found tutorials for uploading files over html-forms, not over curl.

Does any of you know, how to write a handle-function, that accepts something Like
"Curl --upload-file SUPERIMPORTANT localhost:9999/upload"

I need a cordova ios plugin for uploading files. The plugin "cordova-plugin-file" does not come up to the expectations. Please provide me with a link.

Thanks.