Three days ago I wrote a comment:

"It's weird how the internet shifted from protocols to platforms.

Devs still know the plumbing, but for most people IRC became Whatsapp, FTP became Dropbox, RTSP became Netflix, SIP became Zoom and RSS became Google Now... so people might eventually forget about SMTP and this whole "email" hype.

In a decade or two we'll have forgotten about URLs and HTTP and the "internet" as well. You just pay your monthly $10 sub to Google or Amazon or Apple to have your condensed streams of memes & bait funneled right into your eyeballs."

And now Chrome devs are considering removing URLs just like in Safari, just showing the domain you are on....

Enjoy your retard web, people.

What's next, new Macbook & Chromebook standardized designs to prevent people from being confused?

Thanks for @PonySlaystation for coming up with this idea!

Wrote my first ever Firefox extension. It loads a json list from a server containing domains which, according to the snowden leaks of 2013, are integrated within a US powered mass surveillance network.

If it finds any urls on the page being loaded, it puts a fullscreen red background with a warning text and the links which match the surveillance criteria.

There's no way to continue to the web page yet, will try to add that later on.

The Linux Kernel, not just because of the end product. I find it's organizational structure and size (both in code and contributors) inspirational.

Firefox. Even if you don't use it as your main browser, the sheer amount of work Mozilla has contributed to the world is amazing.

OpenTTD. I liked the original game, and 25 years after release some devs are still actively maintaining an open source clone with support for mods.

Git. Without it, it would not just be harder working on your own source code, it would also be harder to try out other people's projects.

FZF is possibly my favorite command line tool.

Kitty has recently become my favorite terminal.

My favorite thing open source has brought forth though is a certain mindset, which in the last decade can be felt most heavily in the fact that:

1. Scientific papers with accompanying GitHub urls, especially when it comes to AI. Cutting edge research is one git clone away.

2. There are so many open hardware projects. From raspberry pi to 3d printers to laser cutters, being a "maker" suddenly became a mainstream hobby.

I eat URLs for breakfast
Q:how many?
A:200 OK

Way to many...

- Passwords stored in plain text on the year 2014
- Not supporting HTTPS because to expensive
- Hidden admin URLS
- Databases available all over the internet
- Client Side validation
- IoT

Example #1 of ??? Explaining why I dislike my coworkers.

[Legend]
VP: VP of Engineering; my boss’s boss. Founded the company, picked the CEO, etc.
LD: Lead dev; literally wrote the first line of code at the company, and has been here ever since.
CISO: Chief Information Security Officer — my boss when I’m doing security work.

Three weeks ago (private zoom call):
> VP to me: I want you to know that anything you say, while wearing your security hat, goes. You can even override me. If you need to hold a release for whatever reason, you have that power. If I happen to disagree with a security issue you bring up, that’s okay. You are in charge of release security. I won’t be mad or hold it against you. I just want you to do your job well.

Last week (engineering-wide meeting):
> CISO: From now on we should only use external IDs in urls to prevent a malicious actor from scraping data or automating attacks.
> LD: That’s great, and we should only use normal IDs in logging so they differ. Sounds more secure, right?
> CISO: Absolutely. That way they’re orthogonal.
> VP: Good idea, I think we should do this going forward.

Last weekend (in the security channel):
> LD: We should ONLY use external IDs in urls, and ONLY normal IDs in logging — in other words, orthogonal.
> VP: I agree. It’s better in every way.

Today (in the same security channel):
> Me: I found an instance of using a plain ID in a url that cancels a payment. A malicious user with or who gained access to <user_role> could very easily abuse this to cause substantial damage. Please change this instance and others to using external IDs.
> LD: Whoa, that goes way beyond <user_role>
> VP: You can’t make that decision, that’s engineering-wide!

Not only is this sane security practice, you literally. just. agreed. with this on three separate occasions in the past week, and your own head of security also posed this before I brought it up! And need I remind you that it is still standard security practice!?

But nooo, I’m overstepping my boundaries by doing my job.

Fucking hell I hate dealing with these people.

So today our CFO stepped into IT and angrily proclaimed someone using tech@ e-mail and fake name is defrauding company funds buying themselves... "used female lingerie with extra virgin juice" (sic!).

I work for an IPSP, we handle finance for commercial services (think PayPal but smaller). One of our clients is a big platform where girls can sell items like bath water, used socks and more. CFO demanded our admins found out who and when connected to that website, what URLs and so on.

As mentioned, said platform is pretty big, hence, from time to time we help them with their service when they ask us to, that's why we have a tech@ account. Last month there was a minor issue with one of the banks, someone fixed it and, as per usual, made a small payment of €1 topping up the account wallet to make sure everything works. It was an intern whose will to live is still strong and unencumbered with experience so she jokingly wrote "panties juice, extra virgin" in the payment note. What she *didn't know*, however, is that admins on that platform used the very same account to test new billing system they've implemented and our CFO received an invoice.

"What technologies do you know?"
"I can write pretty URLs that return JSON"
"You mean REST?"
"No, I mean pretty URLs that return JSON"

So apparently two "senior" "laravel-engineers" spent a total billed 35 hours trying to figure out a "critical bug" which "doesn't happen locally".

I went to the dev-console, saw it is generating http urls (fronted by cloudflare https, running on http server-side) and fixed that in maybe ~15 minutes, fucking morons.

Pasting stackoverflow URLs as comments and skipping documentation.

I still miss my college days. Our crappy IT Dept restricted internet usage on campus. Each student used to get 10 GB of internet data and they used Cyberoam for login (without HTTPS). 10 GB was so less (at least for me).

Now, thanks to CS50, I learned that HTTP was not secure and somehow you can access login credentials. I spent a night figuring things out and then bam!! Wireshark!!!!

I went to the Central Library and connected using Wireshark. Within a matter of minutes, I got more than 30 user ids and passwords. One of them belonged to a Professor. And guess what, it had unlimited data usage with multiple logins. I felt like I was a millionaire. On my farewell, I calculated how much data I used. It was in TBs.

Lesson: Always secure your URLs.

!!pointless story

Bug report comes in from a coworker. "Cloudinary uploads aren't working. I can't sign up new customers."

"I'll look into it" I say.

I go to one of our sites, and lo! No Cloudinary image loads. Well that can't be good.

I check out mobile app -- our only customer-facing platform. None of the images load! Multiple "Oops!" snackbars from 500 errors on every screen / after every action.

"None of our Cloudinary images load, even in the mobile app," I report.

Nobody seems to notice, but they're probably busy.

I go to log into the Cloudinary site, and realize I don't have the credentials.

"What are the Cloudinary credentials, @ceo?" I ask.

I'm met with more silence. I use this opportunity to look through the logs, try different URLs/transforms directly. Oddly, everything seems fine except on our site.

I check Slack again, and see nothing's changed, so I set about trying to guess the credentials.

Let's see... the ceo is basically illiterate when it come to tech, so it's probably not his email. It's a startup, and custom emails for things cost money, and haven't been a thing here forever, so it's probably oen of the CTO's email aliases. he likes dots and full names so that narrows it down. Now for the password.... his are always crappy (so they're "easy to remember") and usually have the abbreviated company name in them. He also likes adding numbers, generally two-digit numbers, and has a thing for 7s and 9s. Mix in some caps, spaces, order...

Took me a few minutes, but I managed to figured it out.

"Nevermind, I guessed them." I reported.

After getting into Cloudinary, I couldn't find anything amiss. Everything looked great. No outage warnings, metrics looked fine, images all loaded. Ex-cto didn't revoke payment or cancel the account.

I checked our app; everything started loading -- albeit slowly.

I checked the aforementioned site; after a few minutes, everything loaded there, too.

Not sure what else to do, and with everything appearing to work, I said "Fixed!" and closed the issue.

About 20 minutes later, the original person said "thanks" -- never did hear anything from the ceo. I've heard him chatting away in the other room the entire time.

Regardless, good thing for crappy passwords, eh?

Fucking URLs, people.
They're not hard.

If you're going to give me a bug report, TELL ME THE GODDAMN URL.

If, after yelling at you several times for not providing the url, you instead just fucking GUESS at the url, YOU'RE A GODDAMN BLITHERING IDIOT AND YOU'RE WASTING MY GODDAMN TIME.

ALT+D, CTRL+C or CMD+L, CMD+C

SO HARD. ASDFASDJGHLKASDHFLJKSGDFSKDF

I'm editing the sidebar on one of our websites, and shuffling some entries. It involves moving some entries in/out of a dropdown and contextual sidebars, in/out of submenus, etc. It sounds a little tedious but overall pretty trivial, right?

This is day three.
I learned React+Redux from scratch (and rebuilt the latter for fun) in twice that long.

In my defense, I've been working on other tasks (see: Alerts), but mostly because I'd rather gouge my freaking eyes out than continue on this one.

Everything that could be wrong about this is. Everything that could be over-engineered is. Everything that could be written worse... can't, actually; it's awful.

Major grievances:
1) The sidebars (yes, there are several) are spread across a ridiculous number of folders. I stopped counting at 20.
2) Instead of icon fonts, this uses multiple images for entry states.
3) The image filenames don't match the menu entry names. at all. ("sb_gifts.png" -> orders); active filenames are e.g. "sb_giftsactive.png"
4) The actions don't match the menu entry names.
5) Menu state is handled within the root application controller, and doesn't use bools, but strings. (and these state flags never seem to get reset anywhere...)
6) These strings are used to construct the image filenames within the sidebar views/partials.
7) Sometimes access restrictions (employee, manager, etc.) are around the individual menu entries, sometimes they're around a partial include, meaning it's extremely difficult to determine which menu entries/sections/subsections are permission-locked without digging through everything.
8) Within different conditionals there are duplicate blocks markup, with duplicate includes, that end up render different partials/markup due to different state.
9) There are parent tags outside of includes, such as `<ul>#{render 'horrific-eye-stabbing'}</ul>`
10) The markup differs per location: sometimes it's a huge blob of non-semantic filthiness, sometimes it's a simple div+span. Example filth: section->p->a->(img,span) ... per menu entry.
11) In some places, the markup is broken, e.g. `<li><u>...</li></u>`
12) In other places, markup is used for layout adjustments, such as an single &nbsp; nested within several divs adorned with lots of styles/classes.
13) Per-device layouts are handled, not within separate views, but by conditionally enabling/disabling swaths of markup, e.g. (if is_cordova_session?).
14) `is_cordova_session` in particular is stored within a cookie that does not expire, and within your user session. disabling it is annoying and very non-obvious. It can get set whether or not you're using cordova.
15) There are virtually no stylesheets; almost everything is inline (but of course not actually everything), which makes for fun layout debugging.
16) Some of the markup (with inline styling, no less) is generated within a goddamn controller.
17) The markup does use css classes, but it's predominately not for actual styling: they're used to pick out elements within unit tests. An example class name: "hide-for-medium-down"; and no, I can't figure out what it means, even when looking at the tests that use it. There are no styles attached to that particular class.
18) The tests have not been updated for three years, and that last update was an rspec version bump.
19) Mixed tabs and spaces, with mixed indentation level (given spaces, it's sometimes 2, 4, 4, 5, or 6, and sometimes one of those levels consistently, plus an extra space thereafter.)
20) Intentional assignment within conditionals (`if var=possibly_nil_return_value()`)
21) hardcoded (and occasionally incorrect) values/urls.

... and last but not least:
22) Adding a new "menu sections unit" (I still haven't determined what the crap that means) requires changing two constants and writing a goddamn database migration.

I'm not even including minor annoyances like non-enclosed ternaries, poor naming conventions, commented out code, highly inefficient code, a 512-character regex (at least it's even, right?), etc.

just.

what the _fuck_

Who knew a sidebar could be so utterly convoluted?

MAJOR RANT:

Bug in question: Shortened URLs (that we generate dynamically because fuck you) would have a pipe character added in them, obviously breaking the URL.

I SPENT 3.5 DAYS DEBUGGING A MASSIVE, FRANKENSTEIN-LIKE CODE BASE TO FIND THIS:

Yeah sex is nice, but have you tried building your own CMS from scratch and finally begin to use the UI your set up yourself instead of typing urls in the address bar?

IF YOU HARD CODE URLS INTO YOUR CODE I WILL HARD CODE MY FIST INTO YOUR FACE

I just hardcoded some urls just to make a deployment amd go home

I'm sorry.

I spent an hour arguing with the CTO, pushing for having all our new products' data in the database (wow) with an API I could hit to fetch said data (wow) prior to displaying it on our order page.

He never actually agreed with me, but he finally acquiesced and wrote the migrations, API, and entered my (rather contrived) placeholder data. (I've been waiting on the boss for details and copy for three days.)

Anyway, it's now live on QA. but. I don't know where QA is for this app, and it's been long enough that i'm kind of afraid to ask.

Does that sound strange?
well.

We have seven (nine?) live applications (three of which share a database), and none of their repos match their URLs, nor even their Heroku app names. (In some of these Heroku names, "db" is short for the app's namesake, while in the rest it's short for "database").

So, I honestly have no idea where "dbappdev" points to, and I don't have access to the DNS records to check. -.-

What's more: I opened "dbappdev" on Heroku and tested out his new API -- lo and behold! it returns nada. Not a single byte. (Given his history I expected a 500, so this is an improvement, I think. Still totally useless, however.)

And furthermore: he didn't push the code to github, so I cannot test (or fix) it locally.

just. UGH.

every day with this guy, i swear.

Get yourself a friend that sends you URLs like this:

Boss : Can you please make a page where I can add a magazine cover image, summary and source urls.

Me : Sure.
..
..
..
Me : here you go.

Boss : How do I upload multiple images in this page ?

Wk92 reminds me of the time when our professor spent 45 minutes talking about the difference between absolute and relative URLs.
45 FUCKING MINUTES!!
I was about to just pack up in and leave mid-class because I couldn't take it anymore. But he noticed, looked at me, then continued talking with the most annoying smug smile on his face.
He knew that if I got another warning, he could get me almost kicked out.
I just sat in the back, headphones in, slowly dying.
And he just smiled...

Highlights from my week:

Prod access: Needed it for my last four tickets; just got it approved this week. No longer need it (urgently, anyway). During setup, sysops didn’t sync accounts, and didn’t know how. Left me to figure out the urls on my own. MFA not working.

Work phone: Discovered its MFA is tied to another coworker’s prod credentials. Security just made it work for both instead of fixing it.

My merchant communication ticket: I discovered sysops typo’d my cronjob so my feature hasn’t run since its release, and therefore never alerted merchants. They didn’t want to fix it outside of a standard release. Some yelling convinced them to do it anyway.

AWS ticket: wow I seriously don’t give a crap. Most boring ticket I have ever worked on. Also, the AWS guy said the project might not even be possible, so. Weee, great use of my time.

“Tiny, easy-peasy ticket”: Sounds easy (change a link based on record type). Impossible to test locally, or even view; requires environments I can’t access or deploy to. Specs don’t cover the record type, nor support creating them. Found and patched it anyway.

Completed work: Four of my tickets (two high-priority) have been sitting in code review for over a month now.

Prod release: Release team #2 didn’t release and didn’t bother telling anyone; Release team #1 tried releasing tickets that relied upon it. Good times were had.

QA: Begs for service status page; VP of engineering scoffs at it and says its practically impossible to build. I volunteered. QA cheered; VP ignored me.

Retro: Oops! Scrum master didn’t show up.

Coworker demo: dogshit code that works 1 out of 15 times; didn’t consider UX or user preferences. Today is code-freeze too, so it’s getting released like this. (Feature is using an AI service to rearrange menu options by usage and time of day…)

Micromanager response: “The UX doesn’t matter; our consumers want AI-driven models, and we can say we have delivered on that. It works, and that’s what matters. Good job on delivering!”

Yep.
So, how’s your week going?

#4

Only 7 of the ~200 Routes are named. The former dev just created URLs within the views with the url() method.

#4.1

There are just GET & POST request. Even though stuff is getting edited or deleted.

😓🔨

I'M BACK TO MY WEBDEV ADVENTURES GUYS! IT TOOK ME LIKE 4 MONTHS TO STOP BEING SO FUCKING DEPRESSED SO I CAN ACTUALLY STAND TO WORK ON IT AGAIN

I learned that the linear gradient looks cool as FUCK. Honestly not too fond of the colors I have right now, but I just wanted to have something there cause I can change it later. The page has evolved a bunch from my original concept.

My original concept was the bar in the middle just being a URL bar and having links on the sides. If I had kept that, it would have taken me a few hours to get done. But as time went on when I was working on it, my idea kept changing. Added the weather (had a forecast for a while but the code was gross and I never looked at the next days anyways, so I got rid of it and kept the current data). I wanted to attempt an RSS reader, but yesterday I was about to start writing the JavaScript to parse the feeds, then decided "nah", ended up making the space into a todo list.

The URL bar changed into a full command bar (writing the functions for the commands now, also used to config smaller things, such as the user@hostname part, maybe colors, weather data for city and API key, etc)....also it can open URLs and subreddits (that part works flawlessly). The bar uses a regex to detect if it's a legit URL (even added shit so I don't need http:// or https://), and if it's not, just search using duckduckgo (maybe I'll add a config option there too for search engines).

At this very moment it doesn't even take a second to fully load. It fetches weather data from openweathermap, parses it, and displays it, then displays the "user" name grabbing a localstorage value.

I'm considering adding a sidebar with links (configurable obviously, I want everything to be dynamic, so someone else could use my page if they wanted), but I'm not too sure about it.

It's not on git yet because I was waiting until I get some shit finished today before I commit. From the picture, I want to know if anyone has any suggestions for it. Also note that I am NOT a designer. I can't design for shit.

Took a job during the summer vacation and was expected to sit through excel and click products and fill in info (mundane tasks). Overheard the boss talking to the coworkers "We need to translate 77,000 urls into images, how do we split this work up?" I jumped in and said "I can write that in code so you don't have to do it" They all looked at me like I was some sort of magician O_O. Had the program running during the weekend on three computers and all of the 77,000 urls are now a beautiful mess of pdfs and jpgs. Do you have a story that made you feel like a wizard?

I miss old times rants...So i guess, here it goes mine:

Tomorrow is the day of the first demo to our client of a "forward-looking project" which is totally fucked up, because our "Technical Quality Assurance" - basically a developer from the '90-s, who gained the position by "he is a good guy from my last company where we worked together on sum old legacy project...".
He fucked up our marvellous, loose coupling, publish/subscribe microservice architecture, which was meant to replace an old, un-maintainable enormous monolitch app. Basically we have to replace some old-ass db stored functions.
Everyone was on our side, even the sysadmins were on our side, and he just walked in the conversation, and said: No, i don't like it, 'cause it's not clear how it would even work... Make it an RPC without loose coupling with the good-old common lib pattern, which made it now (it's the 4th 2 week/sprint, and it is a dependency hell). I could go on day and night about his "awesome ideas", and all the lovely e-mails and pull request comments... But back to business

So tomorrow is the demo. The client side project manager accidentally invited EVERYONE to this, even fucking CIO, legal department, all the designers... so yeah... pretty nice couple of swallowed company...

Today was a day, when my lead colleague just simply stayed home, to be more productive, our companys project manager had to work on other prjects, and can't help, and all the 3 other prject members were thinking it is important to interrupt me frequently...

I have to install our projects which is not even had a heart beat... not even on developer machines. Ok it is not a reeeeaaally big thing, but it is 6 MS from which 2 not even building because of tight coupling fucktard bitch..., But ok, i mean, i do my best, and make it work for the first time ever... I worked like 10 ours, just on the first fucking app to build, and deploy, run on the server, connect to db and rabbit mq... 10 FUCKING HOURS!!! (sorry, i mean) and it all was about 1, i mean ONE FUCKING LINE!

Let me explain: spring boot amqp with SSL was never tested before this time. I searched everything i could tought about, what could cause "Connection reset"... Yeah... not so helpful error message... I even have to "hack" into the demo server to test the keystore-truststore at localhost... and all the fucking configs, user names, urls, everything was correct... But one fucking line was missing...
EXCEPT ONE FUCKING LINE:
spring.rabbitmq.ssl.enabled=false # Whether to enable SSL support.

This little bitch took me 6 hours to figure out...so please guys, learn from my fault and check the spring boot appendix for default application properties, if everything is correct, but it is not working...

And of course, if you want SSL then ENABLE it...
spring.rabbitmq.ssl.enabled=true

BTW i really miss those old rants from angry devs, and i hope someone will smile on my fucking torture

First personal project in my new employment.

This is the situation:

[ • ] Frontend
Drupal with custom module which load an Angular 6 application inside certain urls. Da hell for my eyes but interesting in somewhat.

[ • ] Back end
SharePoint "database" middled by a my-boss-written Java layer used to map SharePoint tokens in something more usable

I’m LOLing at the audacity of one of our vendors.

We contract with a vendor to build and maintain a website. Our network security team noticed there was a security breach of the vendor’s website. Our team saw that malicious users gained access to our Google Search console by completing a challenge that was issued to the vendor’s site.

At first, the vendor tried to convince us that their site wasn’t comprised and it was the Google search Console that was compromised. Nah dude. Our Search Console got compromised via the website you maintain for us. Luckily our network team was able to remove the malicious users from our search console.

That vendor site accepts credit card payments and displays the user’s contact info like address, email, and phone. The vendor uses keys that are tied to our payment gateway. So now my employer is demanding a full incident report from the vendor because their dropping the ball could have compromised our users’ data and we might be responsible for PCI issues.

And the vendor tried to shit on us even more. The vendor also generates vanity urls for our users. My employer decided to temporarily redirect users to our main site (non vendor) because users already received those links and in order to not lose revenue. The vendor’s solution is to build a service that will redirect their vanity urls to our main site. And they wanted to charge us $5000 usd for this. We already pay them $1000 a month already.

WTAF we are not stupid. Our network service team said we could make the argument that they do this without extra charge because it falls in the scope of our contract with them. Our network team also said that we could terminate the contract because the security breach means they didn’t render the service they were contracted to do. Guess it’s time for us to get our lawyer’s take on this.

So now it looks like my stakeholders want me to rebuild all of this in house. I already have a lot on my plate, but I’m going to be open to their requests because we are still in the debrief phase.

Time to make a deal with the devil

@theabbie since you love downloading the entire devRant db and writing little gimmicks, I have an idea for you.

Avatars are envcoded as URLs. Each part of an avatar is separated by an underscore. Shirt, pants, desk, whatever.

Make a bot or script or website or what-fucking-ever to query users with the same avatar as you. This would be:

- Same EXACT avatar (desk, pets, etc)
- Same body parts as you (face, skin color, hair, etc)
- Same body parts and clothing (everything that shows in the mini avatar next to comments, plus pants and shoes, I guess)

The doppelganger finder. Honestly I think it would be neat.

Would be even cooler if you could filter by active users (last post/comment within past 3 months)

I have discovered a fresh hell

Some guy I’ve never met or heard of in the office lobbed a comment at one of my *approved and merged* pull requests. He doesn’t say anything specific, only that my REST urls are not in line with naming convention. That’s all he says, and I’ve already walked the URL consumers through the code and given them the URLS.

I’m really annoyed that this guy won’t just say what he has in mind, but fine whatever this is a professional environment and developers are not known for being a diplomatic people. Let it go and get your work done!

I do some googling and find an obvious change that needs to happen- I implement it, open a new pull request and inform my URL consumers of the change.

This rando still isn’t satisfied and still won’t say what needs to change. I am on round 3 of this wonderful cycle and this guy is acting all fuckin HAUGHTY about it. “Here is a list of conventions I found googling, you should read them even if it takes 4 hours because it will benefit your career”

Sure dog you’re probably right on that one but we are in a professional environment and at this point you are holding up production so you can wave your dick around! Just SAY WHAT YOU MEAN SO WE CAN MAKE THE CHANGES AND GET OUR WORK DONE

Rant!!!!!!!
When you work hard on building frontend and suddenly, you realise whenever you restart your localhost, some URLs don't work. And it's random. Error logs also seem meaningless as the latest error report keeps changing the error location from file to file. Wasted hours to identify the abnormal behaviour.
I always had the mentality to keep its programmers fault in order to always consider all possible flaws.
But realised later that it was the OS setting issue. Did a stacktrace about 300 lines and found out the root cause(hopefully as no issues till now). The bug was related to total allowed open files at a time.

SEO analyst (hired by client) sends his inform to client, designer and developer (me) and all it says is: use friendly urls, proper use of h1, h2..., use alt in img tags...

Come on dude! Those are obvious things to any webdev out there who earns his salary. Do YOUR fucking job, do some fucking research and DO NOT dare to tell me page title and meta description are important (Really? No shit genius!) and tell me THE page title and THE fucking meta description... Or...

Fuck off and go find some other victim to trick with your bullshit marketing slang.

A friendly reminder that Firefox is using Google SafeBrowsing by default. Some of your browsing data may be sent to https:// sb-ssl.google.com/safebrowsing and other Google urls.

I get an email about an hour before I get into work: Our website is 502'ing and our company email addresses are all spammed! I login to the server, test if static files (served separately from site) works (they do). This means that my upstream proxy'd PHP-FPM process was fucked. I killed the daemon, checked the web root for sanity, and ran it again. Then, I set up rate limiting. Who knew such a site would get hit?

Some fucking script kiddie set up a proxy, ran Scrapy behind it, and crawled our site for DDoS-able URLs - even out of forms. I say script kiddie because no real hacker would hit this site (it's minor tourism in New Jersey), and the crawler was too advanced for joe shmoe to write. You're no match for well-tuned rate-limiting, asshole!

!Rant

Do you guys have a idea how I can call my new snippet manager application? The application allows you to save code and URLs to view Inside of the application. Also the application is highly customizable supporting 42 coding Languages and over 42 Themes. Currently its named: "SNIPR". But i would like a Name thats not directly connected to the application and what it does. Maybe you guys have some ideas? Because im not that creative😀😀👌

This is a example of the main ui using the dark theme

So my time saver automation can not be used because automation is not reliable.

Yeah sure make me extract data manually from 800 urls by hand and see if there is no human error.

Fuck my life.

I hate using the phone. When dealing with urls, email addresses and lists of changes/fixes all day, this is the least accurate and efficient way of getting information to me. Especially when I'm in the middle of doing things and get a call from a boss. I rarely even answer calls from the bosses.

My boss gave my cell to a vendor to get some urls. For 3 days I've been getting voicemail about sending some urls via email. I sent the urls on day one to the first person. 2 other people from the company have called me requesting the same thing. Why does any of this warrant a phone call. A quick paragraph email would solve all of this. I shouldn't even be talking to these people. My boss could have given the urls when he talked to them the first time. They call him when they can't get ahold of me.

At this point, I just want to be as difficult as I can be to continue wasting all of their time for being difficult and wasting mine.

!rant

This is a major part of my workflow, and I wanted people to see it. So I went an inch-deep on quicktime screen recording and ffmpeg flags to produce this low-quality gif.

I pop open the alfred text window with cmd-space, and have it set to use DDG as my default search provider fallback. In this way, I'm able to execute bang-searches without having to load any urls, or even move the pointer.

What kinds of productivity/workflow tricks do you use?

Imagine being a software engineer:
You invent a new CMS called "WordPress"
and you decide to store all internal links as complete URLs in the fucking database.
PEAK BRAIN USAGE

Holy shit firefox, 3 retarded problems in the last 24h and I haven't fixed any of them.
My project: an infinite scrolling website that loads data from an external API (CORS hehe). All Chromium browsers of course work perfectly fine. But firefox wants to be special...
(tested on 2 different devices)
(Terminology: CORS: a request to a resource that isn't on the current websites domain, like any external API)

1.
For the infinite scrolling to work new html elements have to be silently appended to the end of the page and removed from the beginning. Which works great in all browsers. BUT IF YOU HAPPEN TO BE SCROLLING DURING THE APPENDING & REMOVING FIREFOX TELEPORTS YOU RANDOMLY TO THE END OR START OF PAGE!
Guess I'll just debug it and see what's happening step by step. Oh how wrong I was. First, the problem can't be reproduced when debugging FUCK! But I notice something else very disturbing...

2.
The Inspector view (hierarchical display of all html elements on the page) ISN'T SHOWING THE TRUE STATE OF THE DOM! ELEMENTS THAT HAVE JUST BEEN ADDED AREN'T SHOWING UP AND ELEMENT THAT WERE JUST REMOVED ARE STILL VISIBLE! WTF????? You have to do some black magic fuckery just to get firefox to update the list of DOM elements. HOW AM I SUPPOSED TO DEBUG MY WEBSITE ON FIREFOX IF IT'S SHOWING ME PLAIN WRONG DATA???!!!!

3.
During all of this I just randomly decided to open my website in private (incognito) mode in firefox. Huh what's that? Why isn't anything loading and error are thrown left and right? Let's just look at the console. AND IT'S A FUCKING CORS ERROR! FUCK ME! Also a small warning says some URLs have been "blocked because content blocking is enabled." Content Blocking? What is that? Well it appears to be a supper special supper privacy mode by firefox (turned on automatically in private mode), THAT BLOCKS ALL CORS REQUESTS, THAT MAY OR MAY NOT DO SOME TRACKING. AN API THAT 100% CORS COMPLIANT CAN'T BE USED IN FIREFOXs PRIVATE MODE! HOW IS THE END USER SUPPOSED TO KNOW THAT??? AND OF COURSE THE THROWN EXCEPTION JUST SAYS "NETWORK ERROR". HOW AM I SUPPOSED TO TELL THE USER THAT FIREFOX HAS A FEAUTRE THAT BREAKS THE VERY BASIS OF MY WEBSITE???

WHY CAN'T YOU JUST BE NORMAL FIREFOX??????????????????

I actually managed to come up with fix for 1. that works like < 50% of the time -_-

Can't copy text/urls from rants. Why, oh lord, why?

Finally got my anime api somewhat working.

Tomorrow (or in a couple of hours 😅) I'll try to register my first domain and and get my first vps(?) up and running

The api features the data from /r/animethemes, so it'll have 2000+ animes entries with opening / ending urls.

I've also tried to implement some form of searching ('%term%' stuff 🤣), but you better know your abime by its romanized name, or you're gonna have a bad time since I have no alternative names per anime yet.

I'm so fucking done today.

The VB project I ranted about earlier was apparently just the top of the iceberg of madness that is my workplace.
So the same ninjacoder who managed to code himself as a dependency in the VB project apparently had his greasy little fingers in a bunch of other projects around here.
A script for automating new workstation installs that went haywire last week had traces from this Omnipotent mastermind all over it. He got us this time with static urls and zero errorhandling.
Well played sir.
Getting so done with undocumented projects that I have to dig through several hours just to find and fix.

Sometimes human stupidity still surprises me.

Today I was able to stop the release of a ticket at the last moment that intended to put urls WITH A SECURITY TOKEN TO ACCESS USER DATA through a link shortener.
Some PM assumed that it would be a reasonable course of action to map an url secured via jwt through to a 4 character, countable, base64 string so that we don't have to send multiple sms if they contain this url. I can accept that the implications might slip through one person but the fact that this was put into a ticket by a pm, prioritized by PO, estimated by an entire team, implemented by a professional developer, reviewed by a senior and then scheduled for release without anyone asking themselves if there might be a reason for a security token to be long, that one shocks me.

what the fuck is up with devs who always send screenshots of code and/or log files? In Slack, which has great functionality for formatting text snippets in a variety of languages and data types?! screenshots of code are really a pet peeve lately. You can't copy the text or click on any urls or do *anything* with a fucking screenshot. so dumb.

fuck wordpress... Got a request to improve wordpress site speed + pagespeed score. 20-30 plugins, 15 or more additional ones off. Improved the score and noticed that my adblocker is blocking a lot of urls. Sure enough theres a hidden iframe in the bottom with 10 ad network scripts and bidding get requests. Someone is making ad revenue from this shit.. wtf. I've only had problems with shitty wordpress sites being hacked for some reason. It's always a shitty experience. Any tips on fixing hacked wordpress sites?

The largest ISP in my country, a government backed service, hijacks URLs randomly and injects pop up into web browser!

Imagine if getting hijacked during an online transaction... Glad it never happened yet.

But Fuck them for doing this.

One of our projects migrated their file-repository to another one during a major release.

Instead of giving this task to an experienced programmer, they gave it to the head of the respective dev department due to the usual release panic.

Soo.... He wrote the migration tool. It was executed during the release. Everything seemed fine so far.

A few days later. Someone from the above project came to my team due to some "strange behaviour on the production database".
They reported that they couldn't download some of the user's documents due to unknown reasons.

After quickly analyzing the current state of the new file-repository, we concluded that the affected documents did not exist in the new repository.

Then we took a look at the so called migration tool...
Well.. After nearly 30 min. we knew the root cause for that.
They only migrated the first 4 levels of the folder structure. Due to the assumption that "we don't use deeper nesting". (Facepalm)

As the head of their department wrote it, no one seems to questioned it either. Nor did they made a code review and ended up with a tool with hard coded urls to the production db, no version control, no build tool, no ci, nothing. Breaking nearly every possible company standard.

However.. That's not it. When analyzing their migration tool we noticed another even more dangerous thing.
They mixed up the id generation of the migrated documents resulting in a random assignment between customers and documents. Which is quite bad as this contains sensitive information. E.g. passports

They offered us quite a nice amount of money to fix this until EOB. We declinded as it was simply not possible in that time, but agreed to support them with the new tool.

After some time I heard that they migrated production again. And they fucked it up again. They never talked to us after we offered them support...

The third and final migration was written by us. Not only migrated it correctly. It was also way faster. By factor 20.

In the end we haven't gained anything from this rushed project as the penalties were piling up due to this fucked up migration.
After all this time I'm not sure who is to blame. In my opinion, partly all of them.
Head of department who can't and shouldn't code.
Seniors who didn't review the code and didn't ask for help.
Release mgmt who put way too much pressure on the devs.

Ibwish I had remembered this when the weekly theme was office pranks.

In the first or second year of high school we covered basic internet security. Stuff like don't follow suspicious urls, don't open suspicious emails and such.

Our teacher let us play around with some sort of simulated desktop environment, where we could execute some hacks like ad popups and such on each other's environment, if we fell for the trap.

Anyways, one hack I found interesting was a hack, that lockes a user out of their virual desktop, until he enters a password, that will be displayed on his environment.

Yes, a very interesting hack, because it contains two obvious yet major design flaws, which I could exploit 😈

1. It's case sensitive
In itself not a problem, but combined with #2, it's fatal.
2. "IlIlllIlI"
Depending on your font, you probably have no idea what exactly I just typed.

Let's just say, the font displayed uppercase i and lowercase L completely undifferentiable.

Guess whom I let suffer.

It was our teacher, who had to demonstrate us some things and who was connected to the same network.

I swear, nothing beats that feeling when your tearcher has go come to you and embarrassingly ask you to "unhack" them, because they can't type it 😂

!rant
the most popular ecommerce solution in php is a massive (cosmological scale) pile of corporate crap (magento) and the next most popular is an abomination (opencart)
after fucking around with both for a month (the client asked for the project to be using only one of the two) I'm still barely reaching any results, and most of my time is wasted with the stupid bloated spaghetti that is opencart FUCK THIS,
like seriously. who the fuck writes a single line three left joins sql querry with four or five aliases a couple concacts and a bunch sorting fuckeries just to query the categories list, then just query the details of the specific category from a different function,
also why the fuck map each language string manually. or the fucking hardcoded seo urls, or the use of myisam for all tables, and no fucking foreign keys, let that settle for a minute, no foreign keys, the delete method in the model has at least a twenty lines, and then he came with the genius idea of duplicating models, in the front and the backend, accessing the same data, as the same user, but different naming conventions

I'm going to convince him to use something sane like codeigniter/laravel/fuelphp or I'll deny the project

3 weeks.

Am I just stupid? It took me 3 whole weeks to finally come to the realisation today that the Elasticsearch "guide" and Elasticsearch "reference" were different, with different version numbers. I've been ignoring Google search results that say Elasticsearch 2.x for WEEKS and wondering why I couldn't find a solution to simple problems.

Turns out, the current Elasticsearch "guide" is on version 2.x while Elasticsearch itself is on version 6.x.

They even have almost identical URLs that go ../guide/../reference and ../guide/../guide.

WHY? Why would you do that? Am I just stupid? Am I still getting it wrong? What the heck is up with Elasticsearch documentation?

Can we all just agree to stop actively imagining progressively harder to parse CSV formatting options? For fucks sake I’ve had to build in tolerance for quoted and unquoted data, combined data and split data, ways to split the data and recombine it, compare every data point, filter some data, only add data, only remove data, base data updates on non Boolean fields in the file, set end point matching based on arbitrary fields, column number matching, header matching, manipulate malformed urls and reassemble the file with proper ones, it goes the fuck on. CSV’s should just be simple and not hard to format. Why does everyone want to try so fucking hard to do bizarro shit?!

Our Joomla-based site just got a redesign. The developer who did it did something wrong. Articles no longer are attached to their parent categories and are now all referenced at the root level in URLs.

I pulled up the 404 log and now see that some website or bot or whatever is hitting up each category for each article, which screws with our SEO 404 report in Google Search Console.

Which means I have to find a way to programmatically redirect every article within every category "up" a level to the root where each article is now found.

And I have no way of knowing which article belongs to which category anymore. Even if I did, a test shows that articles attached to categories still want to come up at the root level, not in their categories.

Joomla is G.A.R.B.A.G.E.

Me: Hey SEO guy. I am updating our online store from Flask/jQuery in ReactJS.

SEO guy: That is amazing. Google LOVES ReactJS and it will crawl the site very fast.

*fast forward*

SEO guy: Hey, did you change anything in the site because the site is not ranking anymore on Google. The URLs are dynamically generated in front end. Google does not like that.

ME: But you said that Google loves React. It took me nearly 1 month to migrate the code in React.

Fucking hell.

Alright, that’s IT. I am going to just auto-find that fucking mentions and URLs myself, because the offset system in devRant’s metadata is completely unpredictable. Really.

For context look at my last rant (I think).

Give me cool .io URLs. 😅

"Nah we can't implemented that feature cause our urls are hashed". Hmm, that looks like a base64 string. Decode. Profit!

I'm dockerizing this old CMS that needs a database query to resolve URLs for static assets.

Yes, a query for every single static resources. Fuck me.

Apart of the fact that WordPress itself is one big hack, my most creative hacky solution was making it (dev) environment friendly.

First, I created a DB pull and push tool in NodeJS (on TypeScript). Then, because WP is so clever and stores internal URLs in full length in the DB, I had to create a DB migrator (find & replace) and attached it to the DB pull task.
After this, of course WP still has its config in one file, so I used composer to install phpdotenv and filled the config with environment variables.
Bundled with some good ol' Gitlab CI/CD magic, the website is now 10% sanely developable.

It feels like having to shovel piles of shit, but with a golden shovel. Everything stinks as hell but at least there is a tiny bling to it, temporarily.

But in all seriousness: WordPress is a god damn fucking pile of tumors!

Working with a vendor's api. Every call is coming back error. Emails back and forth for two weeks, sending logs, changing settings, encoding urls...

From them: oh, this field needs to be unique.

Me: how are you just now catching that?!

The doc showed it to be a specific value. We must be their first client or something.

Google has a really strange idea of what a rate limit is.

I’m trying to feed a few hundred URLs into the link shortener service. Docs say “1m a day, 1 req per second per user.”

No problem. Put a 1.2s sleep between hits.

Almost to the end... 403 rate limit exceeded.

(╯°□°）╯︵ ┻━┻

What are some of your Linux desktop preferences and workflow improvements?

I use Mutate for app launching, DDG searches, and a dozen or so scripts I wrote myself.

I like different URLs to open in specific browsers, so I wrote a script called xhttp that determines which browser to open with URL regexes, and used freedesktop to register it as a browser, and set it as my default.

Anything fun you've done?

Had a 5 hour call today, where we wanted to set up a system from one of our subcontractors in our own environment. Struggled forever to get the backend up and running.
Turns out that some dependencies were hardcoded as local file URLs...
No, our linux machine does not have C:\Users\<username> 🙄

Dear Chrome, how about when I paste something starting with https%3A%2F%2F into the address bar you get up off your lazy ass and url-decode that shit for me? Ain't nobody got time for this.

Webdev, I should send a form to a site that gets the results and redirects back to the webpage that stands in an invisible form data (very weird!).
Okay, I did...
When I was finished the site didn't redirect to the URL I gave in the form, instead it showed parts(!) of the webpage's HTML.
Okay, I was a little bit surprised and mailed the dev of this weird thing. He answered with this:
"In this Internet thingy, you know, URLs start with 'http://', it's the newest shit!"
Holy shit! Is he serious!? Who the heck programmes such a site that needs a 'http://' in the beginning? (Does this guy know about https?)
And why, why!?, did it show contents of the target URL's site if you give it one without http!?

I, I will go now and get a mild tea, yeah...

Spent months building a full regression testing framework app at the request of my boss...

Now he just says need a simple app to test a few static URLs...

I could've written that in 1 day... FML...

And now I've been pulled away from the main thing he wanted me to work on...

and keeps asking if it's done yet...

Hey all devRanters!
Comment down your dev portfolio urls,
I am building mine so need some cool inspiration and ideas.
Extra points if it looks different from the traditional portfolios.

The fuck? I'm trying to automate login for an asp.net website from a C# console app using HttpWebRequests. I used Fiddler to see how the login happens and how the browser obtains the session and auth cookies from the server. When I replicate the same procedure from C#, I am able to get both cookies withoth a problem, but when I try to use them to get data about the user, I get a 500 ISE. What the actual fuck? I've double-checked every single header and the URLs and it's doing literally the same thing as chrome: Get asp session id (POST)-> get an auth cookie (POST username and passwd) -> interact with the site using the session id and auth cookie (GET). And obiviously I don't have access to the server logs... :/

QA/stakeholder person: can you add the following links to the footer?
devs: sure. easy.
devs: oh wait, 3 of those links are 404. Are you planning to create those pages? or were those urls just a suggestion?
<crickets>
devs: ok well for now we'll leave those out.
stakeholder (a day later): hey these 3 links are still not in the footer!
devs: yeah we asked about that yesterday.
boss: the links are there now
devs (quietly): fuck you.

Trying to use authenticate a JWT token from an Azure service, which apparently needs to use Azure AD Identity services (Microsoft Entra ID, Azure AD B2C, pick your poison). I sent a request to our Azure admin. Two days later, I follow up, "Sorry, I forgot...here you go..."
Sends me a (small) screenshot of the some of the properties+GUIDs I need, hoping I don't mess up, still missing a few values.
Me: "I need the instance url, domain, and client secret."
<hour later>
T: "Sorry, I don't understand what those are."
Me: "The login URL. I assume it's the default, but I can't see what you see. Any shot you can give me at least read permissions so I can see the various properties without having to bother you?"
T: "I don't see any URLs, I'll send you the config json, the values you need should be in there."
<10 minutes later, I get a json file, nothing I needed>
<find screenshots of what I'm looking for, send em to T>
Me: "The Endpoints, what URLs do you see when you click Endpoints?"
<20 minutes later, sends me the list of endpoints, exactly what I'm looking for, but still not authenticating the JWT>
Me: "Still not working. Not getting an error, just that the authentication is failing. Don't know if it's the JWT, am I missing a slash, or what. Any way I can get at least read permissions so I don't have to keep bugging you to see certain values?"
T: "What do you need, exactly?"
Me: "I don't know. I don't know if I'm using the right secret key, I can't verify if I'm using the right client id. I feel like I'm guessing trying to make this work."
T: "What exactly are you trying to get working?"
<explain, again, what I'm trying to do>
T: "That's probably not going to work. We don't allow AD authentication from the outside world."
Me: "Yes we do. Microsoft Teams, Outlook, the remote access services. I can log into those services from home using my AD credentials."
T: "Oh yea, I guess we do. I meant what you are trying to do. Azure doesn't allow outside services to authenticate using a JWT. Sorry."

FRACK FRACK FRACK!!

Whew! Putting the flamethrower away.

Thanks devrant for letting me rant.

Today. I had to argue against using unencoded characters in URLs. The manager did not take me seriously.

Fuck everything about this. The contract jobs I've had lately are the worst jobs I've had in the past 10 years. This latest company hires junior developers because they "need senior level experts".

Who the hell hardcodes their localhost ports in a web.config without updating the release config to the correct production URLs? And why doesn't our ops team pick up on this shit before clicking their fancy deploy button? And why in holy heaven do we even have a pre-production server if it isn't an exact mirror of production?

God help me, I need a drink.

Are sql joins a bad practice? :o
I recently did some work on a page for a site ive never worked on cause my boss told me to. So they recently added product detail video urls to a table that has a relationship to the products table. The existing code was querying for the products on that said page and then during the loop that was outputting the products ,there was another query for getting the url for the current iteration/product. Told my coworker that this imo was pretty inefficient way to do it and switched it to a join and did 1 query then output that but his words were "The way it is now maybe ineffecient in your opinion but it works. Also combining inner joins with left or right is not a good practice. If the data is changed upstream the entire query would need to be redone to accommodate the change". Mind you that they query views a lot which are all made from queries that use joins and I'm also pretty sure these views were written by someone who used to be here because these guys are not good at sql or at least that's what there queries show. I'm at the point now where I'm realizing that my boss and this other guy don't give a fuck about efficiency or doing things the right way they just want it "to work". So this coworker changed my query back to the way it was because he said it broke the shopping cart even though that was already broken when I started... What is life? Maybe I'm the stupid one?

MORE WEBDEV ADVENTURES

Took a break for a while due to personal stuff. Just got a job (have to get a stupid work permit from school first to actually be able to work tho), had some shit happen with two close friends that now hate me. Right now I'm upset about something that another really good friend did. So I've been doing some webdev to distract myself for a bit.

So I'm turning my URL bar that I had into a little command bar. It'll be what I use to configure stuff along with URLS and shit. I was building a little config menu that I really hated doing, was just becoming too much of a mess. Currently changing the look of it just a bit, then I'm gonna work on the functionality of it later.

Made my weather divs dynamically generated. Turned like 65 lines in the HTML file to ~20 lines of JavaScript that makes that ~65 lines. And it turns out that it doesn't really affect the loading time at all, which was my original worry. My next task for that is to save the weather predictions so the script doesn't have to grab a whole 14kb file every reload (I know, that part's a little bad). The entire page with the icons and all comes out to ~30kb so far. The icons make up about half of that, but they'll never all be in use because only 5 are on screen at any time and there are 7 total. Plus the fact that one may be in use multiple times (like this very moment actually).

Then I want to have an RSS reader which I've been putting off for a while now. Trying to get everything else done before I do that.

At this very moment, the page takes about 1.4 seconds to load. I'm trying to avoid putting anything I don't need in it. Like I'm using vanilla everything. No frameworks or anything. But that's just my personal preference.

I'll make sure to share it with you guys when I have everything built and functional. I've had a lot of interruptions while doing this. My personal life tends to get in the way of shit I try to do, because I let it get to me.

Anyways I'm just rambling at this point. I fucking love you guys

Microsoft is always at it.

Hello, I recently discovered this eye candy of a looking website and how good the CSS looks (Kudos to whoever made this) , and I decided to post a rant of my own. And its about MS Edge and other applications.

So I built my own ATX tower a while back (Loving it) , and I found that it was WONDERFUL to have a computer that was brand new, that didnt have candy crush preinstalled on it when I got it.

Windows 10 users, do this:

Press WIN+I to open the settings menu.
Go to "Apps"
Scroll down the list....

How many applications do you see there that are actually useful , or that you have downloaded?

I never downloaded a Realtek Driver... and I never need it for anything to work. This is the case for 90% of the things you may see in the applications.

Why is HULU installed?
Why is NETFLIX installed?
Why is MINECRAFT BETA INSTALLED? THE BETA HASNT BEEN OUT IN YEARS?

But I digress, this is the case when I work on a computer such as my grandmothers who, bless her soul, isnt very adept at basic file management. Heck , she uses free Norton Antivirus against my recommendation to use the PAID active firewall application on her computer (VIPRE)

So needless to say she needs help. All the time.

So here comes microsoft recently, reinstalling like 15 different programs on her computer , including MS edge. Who else is tired of bloating? I know I am.

I recently found this program on Git!
Its the Sycnex Windows 10 DeBloater
But guess what? DONT USE IT.

Wanna know why?

Because if you do, it works, and if it works, it disables:

- Cortana (basic search engine for your OS, good luck finding candy crush).
- Microsoft Store (That means no XBOX games pass either)
- It breaks part of the file explorer

Wanna know why? BeCaUsE it geTs riD oF Ms EdGe

And believe it or not, apparently MS edges source code is Mandatory for certain functions on your computer. So even If you try to uninstall the browser, it stays behind in some form.

So there you have it. They hard coded it into windows.
Enjoy!

So its not even the author of the GITHUB programs fault, its just a real techincal limitation of the platform.

I hate that stuff man. I really do. There should be 20 things installed on my computer and thats it. Everything else is just, space for games on a solid state. Or Eclipse Photon, etc.

I would post links to show you guys a few things but. Unfortunately I cant post URLs yet!

However, thats my first rant. Hope you liked it.

There's people that should be in jail.

Or at least they should be banned to use a computer. And I'm looking directly at this company that provides a dodgy API, which is just a ton of static XML files hosted behind an apache. One file per language, of course. You want the prices too? Another url. In German? Oh, another url.

Wait, they're working on v3!! Which will support... json! I don't give a damn about json as long as you provide some sanity with your urls godfuckit.

A customer specialising in identification and security solutions called today, claiming "they" found malware on their website. Then they provided a weird link to some shady malware scanner, and the "malware" turned to be a <noscript> tag which adds ?noscript to the page url, so we can serve no-JS optimised content. As a bonus, the scanner only detected it on two URLs, even though every single page on the site contains that same line of code.

Joke's on them, have fun paying for priority support outside of the business hours for nothing.

Reading "duh... that link looks sketchy" time after time when attempting to nudge people in the direction of good resources, e.g., on-line manual pages, becomes rather irritating. Is typing the URL into VirusTotal or something really such a fucking hassle? Are you sufficiently special to warrant the creation of an IP grabber which is dedicated to targeting you... AFTER you posted your exact location on Instagram last week?

Similarly, some pants-shitting, worm-eating troglodytes who have the gall to claim to know anything about cybersecurity STILL think that for all Web sites k, that k's URL begins with "https" implies that k is secure. NO! Unencrypted Web sites are FINE unless sensitive information is being transferred. Are publicly available manual pages sensitive information now?

Grabbing the campaign hat and writing death threats and very personal insults is sometimes slightly tempting.

When the QA report comes back with no screenshots, no urls, no browser info.

one of the most annoying things about our system at work is that we're constantly updating broken links because we're in the process of updating a lot of legacy code. there's this one service to retrieve links for a module, but half the links in the legacy code are hard-coded strings anyway, so the whole thing is just a huge maintainability disaster. anyone ever come up with any interesting solutions for managing links between modules?

I haven't got in for a while but dude, I want to rant.
This guy originally wanted a simple online shopping system, with the "cart" sent to WhatsApp. No big deal, most of it was done in 2 days.
Then he wanted geolocation so the app would show you the nearest sites. Sure, why not. I had never worked with something like that so it might be worth it to try and learn.
Then he wanted custom URLs. It took me a little but this wasn't in the plans...
Then a copy of the system but focused on workers instead of products.
And another for big providers.
Then an integration with a delivery service.
And more in the following weeks...
Dude. WTF, I was only paid some weeks and he keeps adding and adding stuff. All at the same time while the first still didn't have the final design. It's been 3 months.
I hate this kind of guys. I didn't know the kind but now I hate them.

Here we go. GDPR(?) again.

Don't know where to ask this kind of stuff, SO is prolly too much and from my experience, you guys here always gave the best answers to stuff..

I'm currently working on a website as a project for finals (it's called Maturita/SOČ here :/) and it's supposed to be a dasboard where teachers can add some info about upcoming stuff and shit like that. Few things: No frameworks, just JS, PWA and Firebase. I've been hearing a lot of stuff about GDPR that I should comply with it and so on.

Here's the question: It's PWA and the data is currently stored in localStorage and planning to sync it to Firebase. What I store is name of the school, few URLs they enter in and the information they provide, like the upcoming events and such. Should I worry about GDPR in this case, and if so, what can I do?

Was working on setting up a ci/CD pipeline. The ci part with automated testing and deployment to a on-premise docker registry worked already, so I thought "hey I could try to actually run one of those fresh containers" so I tried it with the usual docker run command.. "Manifest not found" suddenly appeared, it confused me a bit since I used the same url I used for publishing... So I googled around only to find NOTHING that is even remotely connected to my issue. "Eh let's let the guy that runs that registry fix it" was what I thought and called it a day. The next day I was eager to try it again and checked the urls case by case only to notice that I wrote secret-project-backend-client instead of secret-project-api.. I tried it with the new name and it worked!
Never felt so retarded in my life....

This is the story of probably the least secure CMS ever, at least for the size of it's consumer base. I ran into this many years ago, before I knew anything about how websites work, and the CMS doesn't exist anymore, so I can't really investigate why everything behaved so strangely, but it was strange.

This CMS was a kind of blog platform, except only specially authorised users could view it. It also included hosting. I was helping my friend set it up, and it basically involved sending everybody who was authorized a email with a link to create an account.

The first thing my friend got complaints about was the strange password system. The website had two password boxes, with a limit of (I think) 5 characters each. So when creating a account we recomended people simply insert the first 5 characters in the first box, and the rest in the second. I can not really think of a good explanation for this system, except maybe a shitty way to make sure password are at least 5 characters? Anyway, since this website was insecure the password was emailed to you after the account was created. This is not yet the WTF part.

The CMS forced sidebar with navigation, it also showed the currently logged in users. Except for being unreadable due to a colorful background image, there where many strange behaviors. The sidebar would generally stay even when navigating to external websites. Some internal links would open a second identical sidebar right next to the third. Now, I think that the issue was the main content was in an iframe with the sidebar outside it, but I didn't know about iframe's back then.

So far, we had mostly tested on my friends computer, which was logged in as the blog administrator. At some point, we tried testing with a different account. However, the behavior of sidebars was even stranger now. Now internal links that had previously opened a second, identical sidebar opened a sidebar slightly different from the first: One where the administrator was logged in.

We expirimented somewhat, and found that by clicking links in the second sidebar, we could, with only the login of a random user, change and edit all the settings of the site. Further investigation revealed these urls had a ending like ?user=administrator2J8KZV98YT where administrator was the my friends username. We weren't sure of the exact meaning of the random digits at the end, maybe a hash of the password?

Despite my advice, my friend decided to keep using this CMS. There was also a proper way to do internal links instead of copying the address bar, and he put a warning up not to copy links to on the homepage. Only when the CMS shut down did he finally switch to a system where formatting a link wrong could give anybody admin access.

I just started a new job last week. Old-school sysadmin role for a pretty old-school company, but the pay is nice and the kids've gotta eat.

They gave me a windows laptop. I haven't used windows for work or as a daily driver since 2016, and now, a week into trying to make this machine work for me, I have the following observations to report.

WSL is nice. It's nice to have it installed(though actually installing it was an adventure unto itself), and to set alacritty to open my default user prompt straight into that is very nice. As terminal emulators are by far my most used piece of software, that's nice to have.

Command-line software management through powershell, winget, and chocolatey are also very nice.

I like the accessibility offered by autohotkey, though there is something of a learning curve on it. Once I get better with it, I suspect that what follows will be largely mitigated.

The Bad:
In general, Windows is janky. It feels like it's all kinda taped together without any particular cohesion in mind. As a desktop, it feels decidedly amateur, compared to the feature-mountain polish of MacOS, and especially compared to the flexibility and infinite possibilities of Linux.

Lots of screen real estate is wasted, with window decorations, and fonts that look terrible at smaller sizes, because the antialiasing of fonts is just terrible. Almost all the features I depend on in other desktops: ad-hoc searches and launches(alfred, rofi) are-- again --janky. They work, but they typically require more typing than alfred or rofi. I admit I haven't spent weeks on this problem yet, but I haven't found a workable solution yet with wox, hain, and keypirinha. Quick searches like what you get with alfred, alfred workflows, and the swiss army knife that is rofi, just aren't possible or reliable with the tools I've used so far, and most require some kind of indexing agent to fully function.

It beggars imagination that a desktop in which users are subjected to "default apps" that is purported to be acceptable for enterprise, professional use, does not have a default entry for text editor. I installed nvim-qt, and I want to use it to edit anything and everything I ever edit with text, but all too often, apps have hard-coded instructions to open text files with notepad.

I want to open certain URLs with firefox, certain ones with firefox developer edition, and others with vivaldi, and yet there is not an app available that I have seen yet in my searches that allows me to set this kind of configuration. I found one that's supposed to, but it just ignores everything I put into its config, and just opens MS Edge for everything. Jank.

Simple things take too long. Like the delay between when I laboriously hit ctrl-alt-del to bring up the login and when the actual text field appears, and the delay between that and when I want to start using the computer.

Changing some settings requires a reboot. Updating some software requires a reboot. Updating permissions on something sometimes requires a reboot. And those are all on top of the frequent requests to reboot for updates.

I would have thought Windows would have overcome most of the issues that create these problems, but it's just, as I said, amateur.

Maxi-Rant, rest in the first comment!

Yay, I've caught up with my "watch later" list on YouTube! Next thing: Just quickly go through my subscribed channels and add old videos that I haven't seen yet to the watch later list so that I have more stuff to watch the next months. The easiest way to do that is to go to the "all uploads" playlist of the channel (that is luckily always linked now, it used to be hidden sometimes) and use "add all to" to get them on my playlist. Then sort out the stuff that I've already seen and turn on automatic sorting by date, easy. Yeah...
Firstly, in the new design there's no "add all to", I have to go to the old design. For my own playlists, there's a handy "edit" button to do that, but on other pages I have to do it manually. Luckily I have set Ctrl+Shift+1 as a shortcut for "&disable_polymer=true" long ago.
Next surprise: On "all uploads" playlists, there is no "add all to" button. It's on every single other playlist on YouTube, including "liked", "watch later", "favourites" and so on, just not there.
Fine, I'll just abuse my subscription playlist script that I already have by making a copy of it, putting the channel IDs in it and setting the last execution date to 1.1.2001. Little problem with that: Google apps scripts can run for at most 5 minutes and the YouTube API restricts it to add one video per second. So it doesn't work for more than 300 videos. I could now try to split it up by dates, but I didn't write the script myself and I don't know how it sorts the videos to add, so I'll just google for another solution instead.
Found one: Go to the video overview of the channel in the old layout, Ctrl+Shift+I, paste this little Javascript thing and it automatically clicks all the little clocks that add the video to the watch later list. Yay, that works! Ok, i'm restricted to 5000 videos, because that's the maximum size of a YouTube playlist, so I can't immediately add all 8000+, but whatever, that's a minor problem and I'll sort out later anyway. Still another little problem: For some reason I can't automatically sort the watch later list. Because that would be too easy.
But whatever, I'll just use "add all to" from there to add it to my creatively named "WL" list. If that thing is restricted by the same rate limit of 1 video per second, it should be done in about 1½ hours. A bit long, but hey, I'm dealing with 5000 videos. Waiting 2 hours... Waiting 3 hours... Nothing happens. It would be nice if it at least added them one by one, but no, it waits an eternity and then adds all at once. At least in theory, right now it does absolutely nothing.
Shortly considered running it for more hours or even days on my Raspberry Pi, but that thing already struggles when using Chromium normally, I shouldn't bother it with anything that has to do with 5000 videos.
Ok, what else can I do then? Googling, trying out different things, mainly external services that have their own concept of "playlists" and can then add them to an arbitrary playlist later...
Even tried writing my own Java program with the YouTube API, but after about an hour not even the example program in the YouTube API tutorial worked (50 errors and even more open questions, woohoo), so I discarded that idea.
Then I discovered "DiskYT". Everything looked like it would work and I'm still convinced that I can do it with that little pile of shit. Why is it a pile of shit? Well, for example the site reloads itself after a while, so it can at most add 700 videos to a playlist. Also I can't just paste the channel link (even though it recognises those links, but just to show an error message that it can't copy from channels). I can't enter/paste URLs, I have to drag them. The site saves absolutely nothing (should in theory work, but in practise it doesn't), so I have to re-drag everything on every try. In one network, the "authorise YouTube" button (that I have to press again on every computer) does absolutely nothing ("inspect" reveals that there isn't even any action bound to the button), in another network the page mostly doesn't work at all or the button to copy from playlists is suddenly gone or other weird stuff. Luckily I have the WiFi at home, there it works in theory. But just on my desktop PC, no other device, wow. I tried to run it on my new laptop, but it's so new that it still has the preinstalled OS and there I can't deactivate going to standby when closing the laptop, so while I expected it to add 5000 videos, it instead added 4 and went to standby. But doesn't matter, because it would have failed at about 700 anyway. Every time I try to use this website, I get new problems, but it seems to still be the best option, because everything else just doesn't do anything. This page at least got to 700 before.

Continuing in first comment!

fuck the overengineered bulshit that ZF2 is... fuck crappy mvc in web, fuck shitty design, tuck events, fuck 'security feature' that obfuscates the fucking redirect login/logout urls fuck not having your full link, but just the path everywhere, fuck whitelabeling, fuck somebody's sister, fuck me and fuck you....

This is my frontend tip of the day.
If you have a frontend that consumes an external API:
1) Retrieve the json responses from devtools
2) Save them in your project as json files (trim the data a bit if it's too long)
3) When starting your app with a special env var like MOCK_DATA, make your app mock the data and use your saved json data instead.

You can associate each response with an url regex.

The package fetch-mock mocks fetch really well, it lets through the urls that don't match anything.
This way you can incrementally add responses.

And voila, you have a mode where you have near instant page loads to test things manually, and you also have mocked data ready for testing eg, cypress.

Adding a new feature to a mobile app that has a bunch of classes for getting URLs! Want some examples?

FallbackUrlProvider
CompositeUrlProvider
CompositeRouteUrlProvider
CompositeBaseUrlProvider
RootUrlProvider

I was half expecting to find FallbackRootBaseCompositeUrlProvider!

Not only that, but there were a load of interfaces that sometimes didn't match the name of the class!!!

For example,

class RootUrlProvider : ICompositeUrlProvider

Ugh! But I managed to get the new feature in... Somehow... After trying something... Throwing it away... Trying something else... Throwing it away...

😭😭😭

You're allowed to flame me for being a clueless idiot btw.

Why do so many sites append things like titles and words from posts to urls (Devrant included)? I know for sure that this isn't necessary for it to find posts (there are ID's). If there were just those strings of text and the site had to figure it out I would probably kill someone. But really, why are they there? User convenience? So that people see what they're going to read about when you link them to something?

TL;DR Why do urls for rants/posts have lots of text at the end?

I want to finish my Chrome extension.its an extension that you can create a "workspace" and save URLs to that workspace.You can then click on a button and it will open all urls in the workspace as tabs and there's another button to add the current tabs url to the workspace.i want to add quite a few features to it.It is currently on github.

this whole conversation is 4 hours before a UAT deploy.

PM: Do we have the new keys?
me: did they devs give you the new keys?
PM: no. what about the new URLs?
me: what are the new URLs.

she walks away.

Not a bad experience per say, but it was the only one I have been to so far...

Went to a hackaton with my friend for the Amazon Alexa and we were asked to create a skill in 30 minutes.

My friend and I had never used JavaScript or the Alexa API but we came up with the idea of having Alexa respond with a voice clip of Larry David saying "pretttay prettay good" from Curb Your Enthusiasm.

Unfortunately we couldn't get the error regex or something thing on Alexa to recognise video URLs but we still likely our idea 🙃

Recently we got a new project assigned and as always you are hyped, really really hyped...........

We were supposed to find all kind of driver updates (especially bios ones) for all devices the company owns. So first of all we thought:

EAAAASY! A little bit of web crawling, regex, etc.
.
.
.
.
B
U
U
U
U
T
!

We were sooooo soooo wrong these fucking manufacturer websites are absolutely awful to crawl or parse and nowadays there are no proper FTP Servers or something else anymore you could use to get the information. Every subsite is little bit different...
While coding and literally brute forcing possible urls (there was some kind of vague pattern) we learned AGAIN to appreciate proper developed and designed websites. Especially by devs who may have some more usage scenarios in mind for their site than simple human clients.

So thank you to all of you awesome web developers who design proper websites and web tools!

All in all it took us 2 weeks to come up with a proper solution (by the way we are a smal team of 3 devs) which somewhat works reliable and can deal with site changes etc.

When our app encounters an error, it shows an alert with an option to copy the error details to the clipboard, that includes the full stack trace, broadcasting to the world that we are coding in C#. Also, our page URLs show .aspx at the end, so anyone using it can see details of our implementation. Not exactly world-stopping since the desktop portal is only available on customer servers and the ipad app requires username/password AND pin authentication. But still....

Today the product designer (like he calls himself) on my team decided we should not use urls containing more meaningful information in our web app as absolutly necessary. It would be easy to use RESTful Urls displaying more details about the current navigation in the app with angular. But he thinks that would go against the "app feeling" and customers might think it is "just a website". Bookmarks, browser history, a useful "back" button in the browser and more power to the user "might be confusing" and "it's better for markting purposes". -.-
Well, if he thinks so... I made my point clear and he ows me beer if this feature is ever requested.

My stupid Messages app won't send urls with a .xyz on the end. No error, no explanation. It just won't send. What the fuck?

Been picking up Go recently and am really liking the idea of using git repos as library urls, just makes so much sense to me.

Also in general go is just kinda cool and makes me like lower level programming a lot - although I had to learn the hard way with Mutexes and locking.

Finally release the next version of my own asocial (*) medium, wegurus, which will feature SEO friendly urls, responsive layout, and a lot of minor and major fixes under the bonnett.

(* Asocial because it's basically just me and my mum using it atm ;))

Hey guys I need help.
There was a video or gif posted here in which there was tool running with in Chrome or some browser where the guy first open a web page with adblock disable and then with enable. The tool show the links in pages present in tree like graph. And with adblock enable the graphs was smaller. I want to know the name of particular tool

Sorry, I don't know how to describe it, but it's driving me crazy now. I already searched all Chrome inbuilt urls.

So. Spent most of the morning furiously trying to work out why I wasn't getting a reasonable response from my Rest Service "RS", calling it from some other system. Only got something vague along the lines of "value must not be null". Both systems are set up on my local machine, IIS bindings set up all correct and URLs and authentication settings double and triple checked. I was doing a lot of work on RS six months ago so it just had to be set up right.

Forgot I got a new machine a couple of months ago and never built the WS .dlls. -_-

while coding i listen to a combination of FKJ, George Duke, Lalah Hathaway, some snarky puppy ... i'm running out, please what playlist do you use while coding... send soundcloud or youtube urls too. thanks

Anyone familiar with Wordpress site migration?

I'm trying to move a client site from my dev server to theirs, seem to do so fine, but all urls still point to my dev domain.

A search and replace plugin was recommended but it doesn't seem to be updating the database references correctly...or at all.

Not sure if anyone would mind lending some insight so I don't have to essentially redo the whole website over :p

So I've tried to unsubscribe myself from a newsletter for the past two weeks ...

It's a service I used exactly once and apparently I got signed up for their newsletter somehow.

When I got the first mail two weeks ago, I clicked that unsubscribe button in the footer to get to their unsubscribe landingpage and hit that confirmation button.

It said something like "... within 24 hours ..." and I was okay with that, but I kept getting a newsletter / offer / whatever every single day for the following two weeks.

Today I figured out, why the unsubscription seemingly had no effect.

I used a GMail alias for that website, so my address contained a + character.
Apparently they just put that mail address into some unsubscribe link template without urlencoding it, so that + turned into a space and they attempted to unsubscribe some mail address with a space instead of a + ...

Remember kids, always urlencode stuff in URLs!

It’s a huge nightmare to develop a React front-end when:
- you have to adapt Bootstrap 3/jQuery based components to React
- the “back-end” is a sparse collection of micro services with cryptic URLs and finding the correct name means searching on a laggy WSO2 API manager
- the documentation of said micro services can be outdated and that means wasting a lot of time trying requests on cURL rather than in doing actual development and continuously breaking your concentration
- sometimes the micro services just become unavailable altogether
- the back-end shuts down at
6PM everyday, usually when after I finally achieved a flow and I’m doing meaningful progress

so I have been trying to make migrations on centos 7 for a while now on my virtual env i keep getting this error
## Traceback (most recent call last):
File "manage.py", line 10, in <module>
execute_from_command_line(sys.argv)
File "/srv/switch/env/lib/python2.7/site-packages/django/core/management/__init__.py", line 364, in execute_from_command_line
utility.execute()
File "/srv/switch/env/lib/python2.7/site-packages/django/core/management/__init__.py", line 356, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/srv/switch/env/lib/python2.7/site-packages/django/core/management/base.py", line 283, in run_from_argv
self.execute(*args, **cmd_options)
File "/srv/switch/env/lib/python2.7/site-packages/django/core/management/base.py", line 327, in execute
self.check()
File "/srv/switch/env/lib/python2.7/site-packages/django/core/management/base.py", line 359, in check
include_deployment_checks=include_deployment_checks,
File "/srv/switch/env/lib/python2.7/site-packages/django/core/management/base.py", line 346, in _run_checks
return checks.run_checks(**kwargs)
File "/srv/switch/env/lib/python2.7/site-packages/django/core/checks/registry.py", line 81, in run_checks
new_errors = check(app_configs=app_configs)
File "/srv/switch/env/lib/python2.7/site-packages/django/core/checks/urls.py", line 16, in check_url_config
return check_resolver(resolver)
File "/srv/switch/env/lib/python2.7/site-packages/django/core/checks/urls.py", line 26, in check_resolver
return check_method()
File "/srv/switch/env/lib/python2.7/site-packages/django/urls/resolvers.py", line 254, in check
for pattern in self.url_patterns:
File "/srv/switch/env/lib/python2.7/site-packages/django/utils/functional.py", line 35, in __get__
res = instance.__dict__[self.name] = self.func(instance)
File "/srv/switch/env/lib/python2.7/site-packages/django/urls/resolvers.py", line 405, in url_patterns
patterns = getattr(self.urlconf_module, "urlpatterns", self.urlconf_module)
File "/srv/switch/env/lib/python2.7/site-packages/django/utils/functional.py", line 35, in __get__
res = instance.__dict__[self.name] = self.func(instance)
File "/srv/switch/env/lib/python2.7/site-packages/django/urls/resolvers.py", line 398, in urlconf_module
return import_module(self.urlconf_name)
File "/usr/lib64/python2.7/importlib/__init__.py", line 37, in import_module
__import__(name)
File "/srv/switch/app/switch/urls.py", line 10, in <module>
url(r'^administration/', include('primary.core.administration.urls')),
File "/srv/switch/env/lib/python2.7/site-packages/django/conf/urls/__init__.py", line 50, in include
urlconf_module = import_module(urlconf_module)
File "/usr/lib64/python2.7/importlib/__init__.py", line 37, in import_module
__import__(name)
File "/srv/switch/app/primary/core/administration/urls.py", line 2, in <module>
from primary.core.administration.views import *
File "/srv/switch/app/primary/core/administration/views.py", line 5, in <module>
from primary.core.api.views import *
File "/srv/switch/app/primary/core/api/views.py", line 8, in <module>
from primary.core.bridge.views import *
File "/srv/switch/app/primary/core/bridge/views.py", line 11, in <module>
from primary.core.bridge.backend.loggers import Loggers
File "/srv/switch/app/primary/core/bridge/backend/loggers.py", line 2, in <module>
from primary.core.bridge.backend.wrappers import Wrappers
File "/srv/switch/app/primary/core/bridge/backend/wrappers.py", line 6, in <module>
import pytz, time, json, pycurl
ImportError: pycurl: libcurl link-time ssl backend (nss) is different from compile-time ssl backend (openssl)

even after uninstalling pycurl and exporting the pycurl variable to my environment can I get any help

Started adding image urls to my database fixture.json for my django project... 57 done... 352 to go.... for the first of 3 different models
why isn't there any consistency in their urls? thank god, there are substances to suffer these parts of development...
so fine, I do what I have to do, for a hopfully thankful community

Help is welcome - I don't get it x.x
Just started scripting and can't find it on google:
Got a little whitelist with urls in it and a huge list with urls in it.

whitelist format:
foobar.com
barfoo.au

format huge list:
blabla=/foobar.com/wo.op
blabla=/barfoo.au/wo.op
blabla=/barfoo.crazy.au/wo.op

blabla/barfoo.crazy/wo.op
should stay in the file.

Now I want to delete the entries of the whitelist from huge list.
I have no clue how I can get the
foobar.com
into
sed -i '/foobar\.com/d' $file
to make it work in my script x.x

So this is really a thing. I'm used to have yarn build/dist/watch and serve commands but my collage is used to laravel mix, and we working with static URLs like client.local. I'm used to localhost:xxxx which is better because you can use hmr. So what do you guys name your development build command and the one for production?? convention

So it's been 4 months and my struggles with Power bi continues. The .net developer I once remains only a bleak memory.
So yesterday the client thought about securing reports, I appreciate the step and suggested embedding them in SharePoint Web parts and securing the access from the desktop app. The client wasn't thrilled with my suggestion as his clients might not have SharePoint, valid point. Instead he wants me to create a small web app with a login page to share the public web url of the reports.
He can't trust client by giving them direct urls but will trust them to login first and then have the url....

If you are one of those developers that hardcode URLS, shame on you.

Some background:

About 2 months ago, my company wanted to build a micro service that will be used to integrate 3 of our products with external ticketing systems.

So, I was asked to take on this task. Design the service, ensure extendability and universality between our products (all have very different use cases, data models and their own sets of services).

Two weeks of meetings with multiple stakeholders and tech leads. Got the okay by 4-6 people. Built the thing with one other guy in a manner of a week. Stress tested it against one ticketing service that is used in a product my team is developing.

Everyone is happy.

Fast forward to last Thursday night.

“Email from human X”: hey, I extended the shared micro service for ticketing to add support for one of clients ghetto ticketing systems. Review my PR please. P.S. release date is Monday and I am on a personal day on Friday.

I’m thinking. Cool I know this guy. He helped me design this API. He must’ve done good. . . *looks at code* . . . work..... it’s due... Monday? Huh? Personal day? Huh?

So not to shit on the day. He did add much needed support for bear tokens and generalized some of the environment variables. Cleaned up some code. But.... big no no no...

The original code was written with a factory pattern in mind. The solution is supposed to handle communication to multiple 3rd parties, but using the same interfaces.

What did this guy do wrong? Well other than the fact that he basically put me in a spot where if I reject his code, it will look like I’m blocking progress on his code...

His “implementation” is literally copy-paste the entire class. Add 3 be urls to his specific implementation of the API.

Now we have

POST /ticket
PUT /ticket
POST /ticket-scripted
PUT /ticket-scripted
POST /callback

The latter 3 are his additions... only the last one should have been added in reality... why not just add a type to the payload of the post/put? Is he expecting us to write new endpoints for every damn integration? At this rate we might as well not have this component...

But seriously this cheeses me... especially since Monday is my day off! So not only do I have to reject this code. I also have to have a call now with him on my fucking day off!!!!

Arghhhhhh

I need to write a standalone server in Java 1.7 and have it

-handle GET urls and map them to different classes/methods
-extract the query params and expose them to the method
-Can respond in JSON by serialising the POJO or a list of them

We have an existing server I think that uses JBoss but takes forever to start and uses a lot of memory.

I also wrote one before with just a (Grizzly?) HttpServer so had to manually implement the above as needed. Only needed it to do one thing so really just 1 path.

Similar situation this time but I'd prefer to not have to implement this stuff manually and need it to be a bit more flexible to extension.

Why are big software documentations versioned by url rather than adding the most current update to relevant sections and signifying it as such?

1) only select parts of the software is updated in between major version updates. Why duplicate the entire docs for only sparingly updating those parts?

2) references hold versioned urls that could go out of date. I imagine it takes some effort to have a banner on each page indicating whether this is the most up-to-date version of the software

3) deprecated documentation is redundant since it's no longer maintained. Why does it continue to exist? Not everyone has upgraded, you say. That, and I guess, it costs the maintainers nothing to have an idle folder 6 major versions behind the most recent

I already have a folder for my v1 but I'm considering pulling them into a permalink. What challenges or disadvantages are there to doing so?

Trying to setup drupal from scratch on main windows desktop, 2 days in fiddling with phpa and apache server to get clean URLs and OPCODE caching working. To finally finish the installation.

Vivaldi browser seemed a good idea to escape Google's misfeatures without swapping it for Microsoft extensions (Edge) or Firefox / Gecko idiosyncrasies (size / magnification issues on Ubuntu, slow Android version, clunky UI). But there are some ongoing issues that I never experienced in any other user agent (maybe I will when switching to Chromium), like URL completion (port URLs without a protocol aren't prepended with https but trigger a xdg-open dialog, autocomplete prefers obscure deep links with long paths instead of the base URL, browsers seems to forget login passwords by default, etc.) - so Chromium seems like the obvious choice. But there seem to be no more Chromium builds for Android? Anyone else disappointed by Vivaldi has a preferred solution?

Msal.js. I give it 3/10..

The docs are duplicated, and in various states of out of date. Half the library seems to be undocumented based on how many edge case bugs I've hit, it offers a popup login but you have to have a set specified white list of urls you can launch the popup from which makes a popup login pointless...

Ontop of that my colleagues shat the bed on it and fucked the whole implementation including the azure b2c setup... We do not even have a backend app listed in the azure b2c apps. The redirect also won't work if you don't instantiate an object in a hidden iframe of your own website that fetches a token... This does not make life easy when you use a SPA framework and you have already implemented a whole pipeline abstracting the creation of this object behind layers dependency injection.. Nice.

After sifting through endless shit I finally have a solution. What a week.

Anyone else having timeout issues connecting to git via ssh?? Had to switch remote urls to https on 3 different repos even with the right keys. Super weird.

Just came across stackblitz dot com (guess we can’t post URLs yet womp womp, how about, I dunno, just letting it be text?!? Crazy I know) & I have a new 12.9 iPad Pro 1TB arriving tomorrow…

Time for an experiment to see if it can be at all feasible to actually develop on an iPad…

TypeScript is bullshit. Change My Mind:

I am a student and I started learning typescript as an advanced project at the recommendation of my teachers because I am a bit ahead of where my software development course is.

I started by testing the logic of types, and then I encountered type: unknown.

According to the TS handbook:

"If you have a variable with an unknown type, you can narrow it to something more specific by doing typeof checks, comparison checks, or more advanced type guards that will be discussed in a later chapter:"

So according to what this says, if you check a variable of type unknown, to equal a certain object type, typescript will allow you to assign that unknown value a I tested this out with a data type - objects and typescript freaks out.

Also, if create object with a property assigned to a function, it won't even show you that property when you console.log the object

ALSO, you can't post urls in this website, so this website is also pretty trash.

I don't get keycloak. Anyone who has experience with it, please help.

We have what I would think is a common setup: a kubernetes cluster with a Spring boot api-gateway and keycloak as oauth2-provider.

The api-gateway needs an issuer-uri to keycloak for endpoint discovery, i.e. to configure a bunch of endpoints to keykloak for different purposes.

The two main purposes are: 1. to redirect the user to keycloak (must be an url reachable from outside the cluster, i.e. ingress) 2. to authenticate tokens directly with keycloak from within the cluster.

Keycloak can be configured to set some of these discovery endpoints to different values. Specifically it makes a separation between backfacing (system calls in cluster) and frontfacing (user call from browser) urls All seems good.

However, when using this setup, each time spring security authenticates a token against keycloak it says the "issuer" is invalid. This is because the issuer is the host on which the token was generated. This host was the one in the url which the user was redirected to i.e. the ingress.

It feels like there is no way around this except running keycloak outside the Kubernetes cluster, but surely there must be a way to run keycloak in the same cluster. What else is the purpose of keycloak having the concept of back- and frontfacing urls?