Microsoft creates a new chat bot:
Day 1
User : hi
Chatbot: hello, how's yours day? 😁

One month later:
User: hi
Chatbot: fuck off your piece of shit.😡

TAKE A LOOK AT MY OTHER RANT FIRST!

---

SYNTAX THEME SELECTION

---

In this rant you can set your theme for the syntax highlighter!
Just ++ the comment with your preferred theme.

The bot checks for the "<user> ++'d your comment!" notification and stores your selection!
(When you ++ multiple themes, your theme will be the one you ++'d the last)
Then, next time you request a syntax highlighting (see other rant on how to do that), that theme will be used!

Please don't post any comments here if possible!!!
(You can post comments and ask questions in the other rant)
Feel free to ++ this rant tho ;D

---

Have fun and thank you for using this bot!

Fuck Apple and its review system

So, this started in december. We wanted to publsih an app, after years of development.

Submit to review, and passes on the first try. Well, what do you know. We are on manual release option, so we can release together with the android counterpart. Well yes, but someone notices that the app name is not what was aggreed (App Name instead of AppName). Okay, should be easy, submit the same app, just the name changed. If it passed once, it will pass again, right? HAH

Rejected, because the description, why we use the device’s camera is too general. Well... its the purpose of the app... but whatever, i read the guidelines, okay, its actually documented with exapmles. BUT THEN WHY THE FUCK COULDNT YOU SAY THAT ON THE FIRST UPLOAD?

Whatever, fix it, new version, accepted, ready to release just in time.

It doesindeed roll out,but of course, we notice that the app has a giant issue, but only on specific phones. None of our test phones had this problem, but those who have, essentially cannot use our program. Nasty as it is, the fix is really easy, done in 5 minutes. Upload it asap, literally nothing changed from user point of view, except now it doesnt crash on said devices. Meanwhile 1 star reviews are arriving from these users - of course with all the right. Apple should allow this patch quickly, right? HAH

THE REAL BULLSHIT COMES NOW

With only config files changed, the same binary uploaded we get rejected? What now? Lets read it. “Metadata rejected, no need to upload new binary”.... oh fine only the store page is wrong? Easy. Read the message, what went wrong. “Referencing third party content is nit permitted on the app store” meaning that no android test device should be shown. Fine, your rules. They even send a picutre of the offending element. BUT ITS NOT EVEN ON THE STORE. THATS A SCREENSHOT OF THE APP. HOW IS THAT METADATA? I ask about this, and i get a reply, from either a bot, or a person who cant speak or read english, and only pasted a sample answer, repeating the previous message. WTF. Fine, i guess you are dumb, but since they stop replying to our queries, do the only sensible thing, re-record the offending tutorial video that actually contained an android device. This is about 2 weeks, after the first try to apply a simple patch to a broken app. And still, how did it pass the review 2 times?

Whatever, reupload again, play the waiting game for a week, when the promised average wait time is 2 days, they hit us with a message, that they want to know what patent we use in our apps core functionality. WTF WHY NOW? It didnt bother you for a month, let it release ti production and now you delay a simple patch for this? We send them what they know. Aaaaand they reply: sorry we need more time to review your app. FUUUUUUCKKK YOUUU. You are reviewing a PATCH with close to zero functional change!!! Then, this shit goes on, every week we ask about an ETA, always asking for patience... at the end it took another 3 weeks... so december 15 to jan 21 in total...

FOR. A. SINGLE. FUCKING. PATCH

Bottom line is what is infurating, apple cares that there is an android device in the tutorial video, but they dont care that a significant percentage of our users simply cannot use the app.

Im done

Currently working on a game for developers.
Two players compete on a randomly generated arena by sending instructions via a REST API such as "unit x move in the up direction and shoot to the right". So units can be controlled by manual user interaction but the idea is that the players create a smart program that controls the units automatically. So it’s about who can implement the best "bot".

The game is turn based and the units can move one grid cell per turn and shoot in one of the four directions. Shots require energy which regenerates a certain amount per turn.
Units can also look in a direction to spot enemy units which are not visible by default.
The winner is who manages to destroy all enemy units or the main stationary enemy unit "the gem" (diamond shape in the screenshot).
There are walls which block the movement, the line of sight and the shots (green cells).

Everything is randomized. The size of the arena, the number of units, max hp, max energy, etc. But it can be replayed by providing a seed.

There will be a website which lists all games, so that players can watch them.
Alternatively a player can also implement an own viewer. Everything necessary is provided by the REST API.

I’m curious about what you think 😄

dfox +1'ed my very first activities (comment and rant), and I immediately thought he was half a user and half a +1 bot. You know, similar to MySpace Tom. But just now he +1'ed my comment in a rant where he also commented on.

He's real.

So after the original idea getting scraped during a hackathon this week, we created a slack bot to fetch most relevant answers from StackOverflow using user's input. All the user had to do was input few words and the bot handled all typos, links etc and returned the link as well as the most upvoted or the accepted amswer after scraping it from the website.
The average time to find an answer was around 2 seconds, and we also told that we're planning to use flask to deploy a web application for the same.
After the presentation, one of the judge-guys called me and told me that "It isn't good enough, will not be used widely" and "Its similar to Quora".
Never ever have I wanted to punch a son of a bitch in the balls ever.

My first userbot using python successfully uploaded to server.

A few years ago I would whine, complain and rant about shitty software, which I knew could be so much better than it was. But I didn't yet write software of my own.

Now I complain about shitty libraries, API's and users. Not much has changed really. And every time I write code, I curse myself, and whoever made this trashpile I have to work with. I curse the user to the moon and beyond for using the program wrong. Funny thing is, exactly the thing I was complaining about (input validation, see earlier rant) is also exactly what no more than 5 minutes after release, a user fucked up with. The bot just does not respond at this point. But fuck these braindead retards for users.

In a few years I expect myself to be complaining about shitty compilers and buffer overflows, segmentation violations, bad coding style (don't make your program a fucking colander kthx), and so on.

Next decade I expect myself to be complaining about physics itself, and why the universe is governed by the laws it's governed by. Whoever this God is, he's a fucking retard. Funny thing is, the signs for it are already there. Electron theory! If only those electrons were positrons, then the math would check out properly. Instead of negative electrons traveling from negative to positive, we'd have positive positrons traveling from positive to negative. At least from what I understand so far, this is still a decade away after all.

The point I'm trying to make is that nothing changes, only my understanding of the world around me does, as I tumble further and further down the rabbit hole. Sometimes I wish I had taken the blue pill... Either complain about others' software or perhaps not give a shit at all. Become one of those filthy users I now despise.

A couple of years ago, we decide to migrate our customer's data from one data center to another, this is the story of how it goes well.

The product was a Facebook canvas and mobile game with 200M users, that represent approximately 500Gibi of data to move stored in MySQL and Redis. The source was stored in Dallas, and the target was New York.

Because downtime is responsible for preventing users to spend their money on our "free" game, we decide to avoid it as much as possible.

In our MySQL main table (manually sharded 100 tables) , we had a modification TIMESTAMP column. We decide to use it to check if a user needs to be copied on the new database. The rest of the data consist of a savegame stored as gzipped JSON in a LONGBLOB column.

A program in Go has been developed to continuously track if a user's data needs to be copied again everytime progress has been made on its savegame. The process goes like this: First the JSON was unzipped to detect bot users with no progress that we simply drop, then data was exported in a custom binary file with fast compressed data to reduce the size of the file. Next, the exported file was copied using rsync to the new servers, and a second Go program do the import on the new MySQL instances.

The 1st loop takes 1 week to copy; the 2nd takes 1 day; a couple of hours for the 3rd, and so on. At the end, copying the latest versions of all the savegame takes roughly a couple of minutes.

On the Redis side, some data were cache that we knew can be dropped without impacting the user's experience. Others were big bunch of data and we simply SCAN each Redis instances and produces the same kind of custom binary files. The process was fast enough to launch it once during migration. It takes 15 minutes because we were able to parallelise across the 22 instances.

It takes 6 months of meticulous preparation. The D day, the process goes smoothly, but we shutdowns our service for one long hour because of a typo on a domain name.

Me: *creates a new telegram bot*

User: Hey, compliments for the bot! How did you create that? Did you use HTML or other programming stuff?

Me: ...

The funny thing is that 1 week later I discovered that someone actually created a library to create your own bot with HTML and CSS too.

- Implemented oauth1 - no body hashing
- URL contains credentials in plain text
- Used Azure API management feature as a proxy of the our API, however the documentation was on the our API, thus exposing the API URL with no management to developers.
- easy resource DDoSing because each trial user got a DB, the registration process did not have bot checks. You could literally freeze the db instance by spamming registration requests.

I think what we need is a bot that scrapes user information from Facebook. That way we could show people that not only Facebook, but everyone can earn a lot of info about someone.

All these people starting to hate and blame Facebook for it's issues...
And no one realizes that it could be their fault.
If everyone shares so much info about their lives, it's very presumably, that Facebook knows a lot about you.

Who actually started the reign of mixed character passwords? because seriously it sucks to have an unnecessarily complex password! Like websites and apps requesting passwords to contain Upper/Lower case letter, numeric characters and symbols without considering the average user with low memory threshold (i.e; Me).

Let's push the complaint aside and return back to the actual reason a complex password is required.

Like we already know; Passwords are made complex so it can't be easily guessed by password crackers used by hackers and the primary reason behind adding symbols and numbers in a password is simply to create a stretch for possible outcome of guesses.

Now let's take a look into the logic behind a password cracker.

To hack a password,
1) The Password Cracker will usually lookup a dictionary of passwords (This point is very necessary for any possible outcome).
2) Attempts to login multiple times with list of passwords found (In most cases successful entries are found for passwords less than 8 chars).
3) If none was successful after the end of the dictionary, the cracker formulates each password on the dictionary to match popular standards of most website (i.e; First letter uppercase, a number at the end followed by a symbol. Thanks to those websites!)
4) If any password was successful, the cracker adds them to a new dictionary called a "pattern builder list" (This gives the cracker an upper edge on that specific platform because most websites forces a specific password pattern anyway)

In comparison:
>> Mygirlfriend98##
would be cracked faster compared to
>> iloveburberryihatepeanuts

Why?
Because the former is short and follows a popular pattern.

In reality, password crackers don't specifically care about Upper-Lowercase-Number-Symbol bullshit! They care more about the length of the password, the pattern of the password and formerly used entries (either from keyloggers or from previously hacked passwords).

So the need for requesting a humanly complex password is totally unnecessary because it's a bot that is being dealt with not another human.

My devrant password is a short story of *how I met first girlfriend* Goodluck to a password cracker!

I am put to the task of creating a Chat Robot in ChatFuel.

Cool, I thought at first.

Cool is not what I would call it at this point..one week later.

The size is a factor at play, for sure, it needs to point to 27 cities and give individual information, handle e-mails, phone, automate e-mails.. a bunch of stuff.

Now, I am located in Sweden.
{{city}} as a set user attribute acknowledges Gothenburg and geolocation thusly worked fine for my boss. But not for me, and won't work for any other city.

So..Global AI calling for static blocks it is... 27 blocks...

For two languages.. 54 blocks...
Static pointing to the first answer for every individual block multiplies this by a factor of two. 108 static blocks. Fine.

I have since realized that my ChatFuel-Luddite ways were limiting the expected performance of the end result and learned that most other set attributes in ChatFuel work fine. Yay.

So we set up everything the last 54 blocks need to do with user attributes and to my surprise it works, really well at that. The answer from a user that is a correct city puts you into a block that is a series of questions using user attributes, both {{first_name}} and {{last_name}}, asks for e-mail and phone, displays an image and stuff like that.

Now.. as I attempt to copy these blocks..

THEY JUST POOP OUT CHUNKS OF THE ORIGINAL BLOCK. IT'S INCONSISTENCY IS STAGGERING. IT NEVER REALLY COMPLETES THE DUPLICATION, NO ERROR MESSAGE OR ANYTHING.

Which then reminded me of when my boss asked why everything was botched earlier in the project, at that point I copied the entire bot as a fallback and worked with my change in the copy first for safety reasons, didn't work, copy wasn't entire.

Wasted fucking hours on this.
I'm glad my boss is cool, and the job is easily worth it. I actually think that the design aspect of ChatFuel is nice, and the people behind it are kind in the facebook group and all. I don't think they're trying to be mean. But holy shit.

This has been a mental anguish that levels pissing bleach filled with fire ants.

" You could've easily solved this with APIs and third-party geofencing services ", yeah, but their services won't stack for the customer, nice attempt though.

Deep breaths.

Disclaimer: This is all theoretical. Neither me nor my friend (with whom I discussed this) are stupid enough to even try to pursue this, but as an idea, i believe it might generate cool/new ideas/ways for handling secure communications across social groups.

Let's do some role play. Let's design a delivery app for drug dealers, think Seamless or Uber Eats, but for drugs. Not for big deliveries, like kilograms of coke, but smaller stuff. Maybe a few grams of it or something. The clients could rate dealers, and vide-versa. This would build a level of trust within the system. There would be no names, just anonymous reviews, ratings, and prices. Only the info you'd need to know.

The biggest (only?) problem we found (besides legality) was that, how would you prove that you're a client and not a snitch (or cop). This would have to somehow be handled both on signup, as well as when ordering (let's imagine that all who are clients are pure and won't ever snitch).

One of the ways we found to combat this was to have the app invite-only. This would, in theory, do away with the problem of having snitches signing up. However, what if the phone got stolen/breached by a snitch, and they also got full access to the account. One way we thought we could combat this would be with a "dispose number" or something similar. Basically, you call a number, or send a text, or message a Signal bot etc, which would lead to the account's instant termination, no traces of that user left. Hence, a dispose number.

The flow of the app would be as follows:
A client wants some amount of heroin. He opens the app, searches for a dealer, sends the him the desired amount, and in return gets back a price from the dealer. If both parties agree on the amount and price, the deal would start.

The app would then select a random time (taken from the client's selected timeframe and the dealer's "open" time) and a location (within a certain radius of both them, somewhere in between them both for convenience). If both of them accept the time and place, they'll have to meet up at said time and place.

The actual delivery could also be done using two dead drops - the client drops the money at one of them, the dealer drops the goods at the other one. Yes, this might be subject to abuse, but it wouldn't be that bad. I doubt that clients would make huge orders to unknown/badly rated dealers, as well as dealers accepting offers from badly rated clients. My idea is that they would start small, just so if they do lose their money/goods, the actual loss wouldn't be as big for them, but for the other party, having bad ratings would mean less clients willing to buy or dealers willing to sell.

A third way would be to use crypto, but the reason I left this as the last one is because it's not that wide-spread yet, at least not in local drug dealing. With this method, the client would initiate the order, the crypto would be sent to either the dealer or an escrow account, the dealer would then drop the goods at a random place and let the client know where to go to get them. After the client has gotten the goods, they could both review/rate the quality as well as the overall experience with that dealer, which would either make or break the dealer's upcoming deals. This would be pretty much like other DNM's, but on a local scale, making deliveries faster.

So far, this would seem like something that would work. Are there any ideas that might improve this? Anything that might make things more secure/anonymous?

My reason for this post is to spark a conversation about security and anonymity, not to endorse drugs or other illegal stuff.

Cheers!

PS. Really loving the new PC design of devRant

I had to contact technical support for an API. I’m pretty sure I was emailing with a bot because I was getting all sorts of stupid replies.

Me: I’m using your SDK for language X. It’s returned null for some properties. In the user portal, I can see there are values for those properties for the transaction. I don’t know why I’m not receiving them on my end.

Tech Support: Hi! I see the following was sent in the API response. [Sends api response to me.] You can also go the the portal to see those values.

Me: Yeah, I know. You just repeated everything I wrote to you. I don’t want to go to the portal. I told you I want to figure out why your SDK doesn’t seem to map those properties correctly when I receive the api response.

TS: Let me look at the docs. I think you need to send the properties you want in your request in order to get them back in the reply from the api. Such as <property>value<property> in the xml message.

🤨 The docs do not say that. They don’t even imply that.

Me: What the fuck?! That makes absolutely no sense. We have already established that the api **is** returning values for those properties. I want to troubleshoot why your SDK is mapping them as NULL.

I have a new idea for my discord bot. I want to make a very simple kind of conversation engine: basic replies to the user based on what they said. Sounds like a fun project.