Dear self proclaimed wordpress 'developers/programmers', kindly go fuck yourself.

I'm not talking about wordpress devs/designers who don't claim to have a better skillset than they have and are actually willing to learn, those are very much fine.

I'm talking about those wordpress people who claim that they're developers, programmers or whatever kind of bullshit which they're obviously not.

"A client's site crashed, you have to fix it!!!!!" sorry, come again? It's YOUR client's site. It's hosted on our hosting platform meaning that WE are responsible for KEEPING THE SERVERS UP AND FUNCTIONING.
You call yourself a wordpress 'developer' with 'programming experience' for 10 years but the second one of your shitty sites crashes, you come to us because 'it's your responsibility!!!'.
No, it's not. Next to that fact, the fact that you have to ask US why the site is crashing while you could easily login to your control panel, go to the fucking error logs and see that one of your facebook plugins crashes with a quite English error message, shows me that you definitely don't have 10 years of programming experience. And if you can't find that fucking article which tells you exactly where the motherfucking error logs are, don't come crying to us asking to fix your own fucking bullshit.

"My clients site got hacked, you have to clean it up and get it online again ASAP!!!!" - Nah, sorry, not my responsibility. The fact that you explicitly put your wordpress installation on 'no automatic updates' also doesn't help with my urge to fucking end you right now.
Add to that that we have some quite clear articles on wordpress security which you appearantly found too difficult (really? basic shit like 'set a strong fucking password' is too difficult for you?), you're on your own.

"I'm getting an error, please explain what's going wrong as soon as you can! this is a prio 1!!!!" - Nope. You were a wordpress dev/programmer right? Please act like one.

I'm not your personal wordpress agent.

I'm not your personal hacked wordpress site cleanup guy.

I'm not even a fucking wordpress professional. No, I'd rather jump off a bridge than develop wordpress bullshit for a living.

That you chose to do this, not a problem. Just don't rely on me for fixing your shit.

I'm sick of cleaning up your bullshit.

I'm done with answering your high prio tickets about bullshit which any dev could find out with just a few minutes of searching.

Oh your wordpress site isn't showing up so high in google? Yeah sure, shoot a ticket at us blaming us for your own SEO mess. I'm a fucking sysadmin, not a SEO expert.

I'm fucking done with you.

Go die in a fucking corner.

OneDrive:
Login -> Password/Account is wrong
Forgot Password -> Account does not exist
Registration -> There is already an account with this email adress
Well, Fuck you

Sent an email out in work informing everyone that we had pushed updates out to all Windows PC's.

Got the following phone call 10 minutes later:

"Hi, I can't log into the banking account app on my iPhone. Did you do something to it with your updates?"

"Nope. They were PC updates."

"Well, I'm sorry but you're wrong. It must be you! It was working yesterday."

"Again, it's not us. What's the error message you're getting on your app?"

"Invalid password"

".....then could it just be that you're entering an invalid password?"

"No, I know the password. I only changed it yesterday!"

"So it was working before you changed the password?"

"That's what i said!
I'm telling you, it's your updates."

"Okay but before we go 'troubleshoot' it, how about ringing your bank firs-"

"Oh look, it doesn't matter if you don't want to help, I don't have time for this!
I'll ring your boss and he'll uninstall the updates for me and fix the app." *hangs up*

Boy: I love You
Girl: I have a boyfriend
Boy: sudo I love You
Girl: Please enter root password:
Boy: 123456789
Girl: Wrong. Please enter root password:
Boy: root
Girl: Wrong. Please enter root password:
Boy: qwerty
Girl: Wrong. You have tried 3 times.
Girl: I have boyfriend.
Boy: Dammit.
Girl: Command not found.

Tldr :
Office Building : 1
Population: 5000
Number of PC users: 5000
No of Spare mice: 0

Day 1:
Training period commences.
My mouse laser sensor doesn't work.

Solution: Use this mouse to log in to your system.
Open the company portal.
Connect to vpn.
Enter username password.
Create a ticket for mouse replacement.
Done.

Day 3
I bring my own mouse.
Confiscated at security.
Becomes a security violation.

Day 9
I get a call from helpdesk.
Agent- what is the problem?
Me- my mouse is not working.
Agent- why?
Me- what do you mean? Something is wrong with the sensor.
Agent- clean the sensor.
Disconnects call.
Marks ticket as resolved.
Me- WTF just happened!

Naturally, I escalate the issue.

Day 15
Level 2 Agent- what happened? Why have you escalated the issue?
Me- I need a mouse, waiting since 2 weeks.
Him- No mouse is available
Me- you don't have a single spare mouse available in an office with 5000 PC users?
Him- no they're out of stock.
Me- when will it be back in stock?
Him- we will 'soon' launch a tender for quotations from sellers.
Me- time?
Him- 1 week.

Day 34

I email the head of supplies for the city office. Next day I get a used super small mouse, which doesn't have a left button. Anyways, I've given up hope now.

Day 45
I become a master at keyboard shortcuts.
Finish my training.
Get transferred to another city.
No mouse till date.

Surprisingly, this was one of the top recruiters in my country. Never knew, MNCs can be so so inefficient for such simple tasks.
Start-ups are way better in this regard. Latest tech, small community, minimal bureaucracy and a lot of respect and things to learn.

And here comes the last part of my story so far.
After deploying the domain, configuring PCs, configuring the server, configuring the switch, installing software, checking that the correct settings have been applied, configuring MS Outlook (don't ask) and giving each and every user a d e t a i l e d tutorial on using the PC like a modern human and not as a Homo Erectus, I had to lock my door, put down my phone and disconnect the ship's announcement system's speaker in my room. The reasons?
- No one could use USB storage media, or any storage media. As per security policy I emailed and told them about.
- No one could use the ship's computers to connect to the internet. Again, as per policy.
- No one had any games on their Windows 10 Pro machines. As per policy.
- Everyone had to use a 10-character password, valid for 3 months, with certain restrictions. As per policy.
For reasons mentioned above, I had to (almost) blackmail the CO to draft an order enforcing those policies in writing (I know it's standard procedure for you, but for the military where I am it was a truly alien experience). Also, because I never trusted the users to actually backup their data locally, I had UrBackup clone their entire home folder, and a scheduled task execute a script storing them to the old online drive. Soon it became apparent why: (for every sysadmin this is routine, but this was my first experience)
- People kept deleting their files, whining to me to restore them
- People kept getting locked out because they kept entering their password WRONG for FIVE times IN a ROW because THEY had FORGOTTEN the CAPS lock KEY on. Had to enter three or four times during weekend for that.
- People kept whining about the no-USB policy, despite offering e-mail and shared folders.
The final straw was the updates. The CO insisted that I set the updates to manual because some PCs must not restart on their own. The problem is, some users barely ever checked. One particular user, when I asked him to check and do the updates, claimed he did that yesterday. Meanwhile, on the WSUS console: PC inactive for over 90 days.
I blocked the ship's phone when I got reassigned.
Phiew, finally I got all those off my chest! Thanks, guys. All of the rants so far remind me of one quote from Dave Barry:

Was at a friends place recently and he asked me to set a new WiFi password. Fair enough!
Me: what's the routers login?
He: Oo. No clue.
*me trying a few combinations*
*hmmm not working let's try one more time*
Router: you have entered the wrong credentials five times. Fill in a new password to regain access!

😵😨😧😱😷😲

*boots computer*
*login screen appears*
*enters password*
*windows says "Welcome"*
*You have entered wrong password*

Are you fucking serious? Can't you even handle simple login flow? Why the fuck you display welcome screen before validating my fucking password? What the FUCK

Mistyping one character wrong in a password and hitting backspace until I am sure I’ve deleted the entire Wikipedia.

Then starting all over again.

Types first letter of password wrong...

[Backspace] [Backspace] [Backspace] [Backspace] [Backspace] [Backspace] [Backspace] [Backspace] [Backspace] [Backspace] [Backspace] [Backspace] [Backspace] [Backspace] [Backspace] [Backspace] [Backspace]

Sister = bee ( who isn't a stranger to Ubuntu)
Me = Cee

Bee: can I use your laptop?
Cee : why ? Use yours ,it's works fine.
Bee : no I want to use yours and I need to work with windows.
Cee: 🤯
Bee : my work can only be done using windows.
Cee : fine do whatever ( doesn't want to argue )
* Le bee opens MS word, and starts her work *
Cee : 😤😤Seriously?
Bee : I don't like libre
Cee : 😑😑😑^∞
* Few moments later *
Bee : my work is done ,you can have your laptop,btw it's updating.
Cee : 😑😑😑😑😑
* 2000 years later *
*Opens Ubuntu *
*Getting a weird bug*
*Tried to fix *
*Can't open OS files * 👏👏👏🎆
* Windows not shutdown properly *
* Opens windows *
* Not able to login via pin *
* Password ? not accepted *
* Changes outlook password *
* Please chose a password you haven't chosen before *
* Logs in *
* types old pin to change pin *
*You've entered wrong pin too many times *
*System hanging a lot *
* Removes pin *
* Gets huge mcAfee restart system popups , every 10 sec *
* Just shutdown , feels irritated for the rest of the day*

* Regrets dual booting, shd have wiped the windows partition 😫😫*

*Wonders,what the hell did my sister even do to my laptop ?*

At last, my vue module for attacking the user with a swarm of animated bees when they put in the wrong password is almost complete.

Best use of my time yet.

Look, PHPVirtualbox, i love you and all and you've worked very well for me for ages.

But, when I see the authentication is successful and you receive an 'OK', YOU'RE NOT SUPPOSED TO THROW A FUCKING "USERNAME OR PASSWORD WRONG" ERROR.

YOU'RE SUPPOSED TO LET ME FUCKING THROUGH.

MOTHERFUCKER.

Day 1 10:00 am
Login to email account (Zimbra)
Your password is incorrect (I entered it correctly, this was a permanent issue ,used to happen in the company with many employees)
Reset your password by logging into internal company portal.

11:00 am
Logged into company portal, somehow. 2 Mbps internet shared among 104 people, you can imagine the speed.
Reset email password
* your password has been sent to your email id*
Are you fucking kidding me? U have emailed me the password to the same email I can't log in to?
Where did the architecture designer get this top notch weed from?

Day 2
Asked HR to reset my password (using a colleague's email)

Day 3
No reply from HR yet

Day 4
I went to meet HR, she's on vacation. So they have 1 person managing the password reset, for 5000 people with no backup person. Cool.

Day 5
Your internal company password has expired. Check your email for link to create new password. This is some next level shit going on.

Day 6
I called up Internal IT team to generate a new email for me.
They asked me to raise a ticket.
I can't raise a ticket because the only way to do so, is through the portal.

Day 7
Nothing. Btw, personal email and all social networks were banned. You can't even open stackoverflow.
And this was a research lab, amazing huh?

Day 8
Loss of pay for 4 days since I can't login to company portal to fill timesheet.

Day 9
HR comes back. Resets my password.
I try to generate my new password for portal.
The password policy:
Password can't be same as last 10 passwords
Passwords expire every week
8 characters minimum, 2 upper case, 2 lower case, NO SPECIAL SYMBOL. WTF. How long do u think its gonna take to crack that?

Fuckers had a company wise policy to automatically lock PC every 1 min if not used. Who the fuck can keep on using it continuously! I'm reading an article, and bam ! Locked. 2 wrong entries and that's it, repeat all steps again. Fuckers really didn't want to let me do my job, just keep on logging in all day.

That awkward moment when you are focused on talking to a friend, and you realize that you wrote your password in the wrong field

A colleague and I spent a month building a Shopify app that allows merchants to give customers store credit.

Since Shopify's API is so limited, we were forced to augment it's functionality with a Chrome extension.

Now before you go throwing full wine bottles at your screen because of how wrong and disgusting that is, note that Shopify's official documentation recommends 5 different extensions to augment functionality in their admin panel, so as gross as it is, it seems to be the Shopify way...

Today we got a reply from their review team. They won't accept the app because it requires a Chrome extension to work properly and that is a security risk.

Are you fucking kidding me? So I guess Shopify is exempt from their own security standards. Good to know.

Not to mention the plethora of published apps that require a staff account's username and password to be provided in plain text upon setup so it can spoof a login and subsequent requests to undocumented endpoints.

Fuck you and your "security standard" Shopify!

Dev gets hold of me, says my service is down in QA. Works if he hits it locally, works via Postman, but via the QA app server it gives a 401.

I’m like, look, if it works everywhere else, there’s something wrong on your side in QA.

He insists, no, I must help him, and begins CCing all the managers telling them this system has been down for days.

So I eventually climb into his system, check the credentials they’re using in the QA environment, and sure enough, the password is wrong.

Today in train programming:
Pushed a new build before pulling into station
Battery dies
Test on tablet
Build is broken, files missing
Upload files manually to Azure (WHY)
try to log in to my sure to treat, forgotten password
Try to reset password, smtp details in DB are wrong...

I'm doing well

Enter password.

Wrong!
Wrong!
Wrong!

Reset password.
New password can't be same as old password.

*Typing password*

Wrong characters typed = 1
Times backspace key pressed = 78

I absolutely love the email protocols.

IMAP:
x1 LOGIN user@domain password
x2 LIST "" "*"
x3 SELECT Inbox
x4 LOGOUT

Because a state machine is clearly too hard to implement in server software, clients must instead do the state machine thing and therefore it must be in the IMAP protocol.

SMTP:
I should be careful with this one since there's already more than enough spam on the interwebs, and it's a good thing that the "developers" of these email bombers don't know jack shit about the protocol. But suffice it to say that much like on a real letter, you have an envelope and a letter inside. You know these envelopes with a transparent window so you can print the address information on the letter? Or the "regular" envelopes where you write it on the envelope itself?
Yeah not with SMTP. Both your envelope and your letter have them, and they can be different. That's why you can have an email in your inbox that seemingly came from yourself. The mail server only checks for the envelope headers, and as long as everything checks out domain-wise and such, it will be accepted. Then the mail client checks the headers in the letter itself, the data field as far as the mail server is concerned (and it doesn't look at it). Can be something else, can be nothing at all. Emails can even be sent in the future or the past.

Postfix' main.cf:
You have this property "mynetworks" in /etc/postfix/main.cf where you'd imagine you put your own networks in, right? I dunno, to let Postfix discover what your networks are.. like it says on the tin? Haha, nope. This is a property that defines which networks are allowed no authentication at all to the mail server, and that is exactly what makes an open relay an open relay. If any one of the addresses in your networks (such as a gateway, every network has one) is also where your SMTP traffic flows into the mail server from, congrats the whole internet can now send through your mail server without authentication. And all because it was part of "your networks".

Yeah when it comes to naming things, the protocol designers sure have room for improvement... And fuck email.

Oh, bonus one - STARTTLS:
So SMTP has this thing called STARTTLS where you can.. unlike mynetworks, actually starts a TLS connection like it says on the tin. The problem is that almost every mail server uses self-signed certificates so they're basically meaningless. You don't have a chain of trust. Also not everyone supports it *cough* government *cough*, so if you want to send email to those servers, your TLS policy must be opportunistic, not enforced. And as an icing on the cake, if anything is wrong with the TLS connection (such as an MITM attack), the protocol will actively downgrade to plain. I dunno.. isn't that exactly what the MITM attacker wants? Yeah, great design right there. Are the designers of the email protocols fucking retarded?

Anyone ever entered a password and it keeps saying wrong password, so you decide to reset the fucking password and now the problem is ....the systems/website tells you that you can't reset the password to your current password or a password you are already using... like okay what the fuck!!!!!.....

Aww SwiftKey, after two letters youre suggesting the right password, that's so nice of you...

Wait a minute... WHY DO YOU EVEN KNOW THAT?

You're not a password manager and you don't do that with other passwords, what's wrong with you?

Why do users find it so hard to understand short and clear error messages that are in place to inform them what's going wrong? Why do they instead waste my time when the message clearly says that the password is too short and hasn't got any special characters? FFS!

So I'm sick. But my inner coder tells me that I could atleast do some basic design for my project.

So I go to sit down at my home computer and immediately feel my nose literally start dripping of snot as soon as I lean in to sit. So lile any normal man i take a tissue, wipe and blow my nose and it's now time to login on the computer.

*Wrong password*

Oh, I've must been to quick

*Try again*
*Wrong password*

Wtf?!

*Slowly type my password in*
*Wrong password*

*Fuck it, show password*

A space is missing.
Alright I'll just add it in then.

*Tap spacebar*
*Nothing*
*Tap harder*
*Nothing*

So I rip out the space bar and find a two little drops of snot that must have juuuust fallen between the cracks.
I tried to wipe it away and put the space bar back, but it's dead. :(

Oh man. Mine are the REASON why people dislike PHP.

Biggest Concern: Intranet application for 3 staff members that allows them to set the admin data for an application that our userbase utilizes. Everything was fucking horrible, 300+ php files of spaghetti that did not escape user input, did not handle proper redirects, bad algo big O shit and then some. My pain point? I was testing some functionality when upon clicking 3 random check boxes you would get an error message that reads something like this "hi <SENSITIVE USERNAME DATA> you are attempting to use <SERVER IP ADDRESS> using <PASSWORD> but something went wrong! Call <OLD DEVELOPER's PHONE NUMBER> to provide him this <ERROR CODE>"

I panicked, closed that shit and rewrote it in an afternoon, that fucking retard had a tendency to use over 400 files of php for the simplest of fucking things.

Another one, that still baffles me and the other dev (an employee that has been there since the dawn of time) we have this massive application that we just can't rewrite due to time constraints. there is one file with (shit you not) a php include function that when you reach the file it is including it is just......a php closing tag. Removing it breaks down the application. This one is over 6000 files (I know) and we cannot understand what in the love of Lerdorf and baby Torvalds is happening.

From a previous job we had this massive in-house Javascript "framework" for ajax shit that for whatever reason unknown to me had a bunch of function and object names prefixed with "hotDog<rest of the function name>", this was used by two applications. One still in classic ASP and the other in php version 4.something

Legacy apps written in Apache Velocity, which in itself is not that bad, but I, even as a PHP developer, do not EVER mix views with logic. I like my shit separated AF thank you very much.

A large mobile application that interfaced with fucking everything via webviews. Shit was absolutley fucking disgusting, and I felt we were cheating our users.

A rails app with 1000 controller methods.

An express app with 1000 router methods with callbacks instead of async await even though async await was already a thing.

ultraFuckingLarge Delphi project with really no consideration for best practices. I, to this day enjoy Object Pascal, but the way in which people do delphi can scare me.

ASP.NET Application in wich there seemed to be a large portion of bolted in self made ioc framework from the lead dev, absolute shitfest, homie refused to use an actual ioc framework for it, they did pay the price after I left.

My own projects when I have to maintain them.

WHAT THE ACTUAL FUCKING FUCK MICROSOFT?!!
I go to log into my laptop:
me: *enter the pin*
Windows: Error
me: Ok let's try the password...
Win: WRONG PASSWORD!
me: *checking my password manager* Nope, pretty sure that's correct... Ok, whatever let's try to reset it.
me: *generates new password and resets the password for the account*
Windows: You can now log in
me: *enters the new password*
Windows: WRONG PASSWORD!
me: that's weird... let's try that again
Windows: WRONG PASSWORD!
me: Ok... reset once more *I enter the same password I generated before*
Windows: ThAt Is An OlD pAsSwOrD
me: *getting really pissed* FINE, GODDAMIT, HERE, NEW PASSWORD
Windows: You can now log in
me: *enters the new new password*
Windows: wRoNg PaSsWoRd!

jdjsjcjj+3+@!o(€;#@!(&(1!!#((#(€_"jsjeucjcjfdjosdifhshabxnfnxjsosoguwqlqqlall#7@+1(
aaaaaáaaaaaaaaaaaaaaaaaaaaaaaaaa

FUCK FUCK FUCK FUCK FUCK FUCK FUCK
YOU FUCKING INCOMPETENT CUNTS AT MICROSOFT!!!!!1!!!!!!!

I'M GONNA FUCKING TEAR YOU INTO THOUSAND PIECES AND THEN RUN YOU THROUGH A SHREDDER!!

YOU MOTHERFUCKING IDIOTIC CUNTS
FREAKING DEGENERATES

Client: I can't login with my lastpass
Me: Oh, why not, how are you trying?
Client: So, I've entered my lastpass password into my bank account, and it says 'wrong login credentials'
Me: °-°

Part of a product I used to work on contained a one time password generator that randomly strung together a few words from a word list.

Nothing wrong with the security, but this word list hadn't been filtered, so we did have a "bug report" from a customer who had a one time password that contained a questionable phrase:

"fucking pork Muslim"

...Call me a terrible person, but I never did get around to fixing that...

Saw this security blunder a while ago. Went onto some site and it showed me this username/password dialog (probably an apache's htpasswd or nginx one). Went away but returned quickly because I noticed I could see all content. Then I thought 'why the fuck not try?' so I dragged the auth popup thingy to the side of the screen and et voila... I could interact with the page as if nothing was wrong while the authentication popup was hovering above the page on the right!

I sat there giggling dramatically for a while.

Real fact: 1999

IT: IT, how can I help?
MrB: I'm Butcheek. This program is shit, I can't even log-in!
IT: oh.. Ok Mr. Butcheek, let’s see if I can help...
MrB: of course you can: fix this shitty program and made me log in!
IT: I’ll try to do my best to assist you, can you...
MrB: I just want to log in! Can you speak my language? This new program is ridiculous, I wonder why you IT guys changed the old one, it was a mess but at least I could log in...
IT: I'm sorry you are experiencing this problem, but to assist you I need to know exactly what's the problem
MrB: I CANT LOG IN!!!
IT: ok, I understand this, but can you please provide some more information? Do you receive any particular error messages?
MrB: it says “wrong password” but it's not true!
IT: Ok, that's strange. Look, I'm resetting your password and then you will try again. At the first log in you will be asked to change it again, ok?
MrB: just be quick, I can't waste any more time on this!
IT: sure... Ok done. Please, can you try again? The password is “butcheek”
MrB: it asks for the username. What am I supposed to write here?
IT: “butcheek”
MrB: oh... Ok. And what's the password?
IT: “butcheek”
MrB:... No... Wait... Ok, “butcheek” is the password but what's the username?
IT: “butcheek”!
MrB: you don't understand, I have to put both username AND password!
IT: I know! “butcheek”! For both username AND password!
MrB: so I have to write “butcheek”-”butcheek”?
IT: yes, “butcheek”-”butcheek”!
MrB: so... “butcheek”...twice? Sounds weird... are you sure?
IT: yes I'm sure! However, you can choose either to write “butcheek” twice or “ASS” once, if you prefer...

We were in a college group. Five people. Making project in PHP. Some forced us to use cakePHP framework than left. One guy decided to not participate and decited to do it next year. One guy didn't know PHP at all. The two of us have to do all the work for five people.

On the presentation day we have ten minutes to do it. Guy without PHP knowledge forget password for our app, make three wrong guesses and locked us out of our app for five minutes.

When your client wants you to store password in plain text and it makes your life easier but it still feels really wrong

TIL how to enable "insults" on the terminal. So every time I type my password wrong it insults me :D

So I just wanted to log back into windows. Typed in the password. Wrong password...
Then I tried being super accurate while typing and also checked keyboard layout, etc. Still, wrong password.
Then I noticed that the letter p is not working. Shit, keyboard seems to be broken.
On screen keyboard -> p is not working...

What the hell? What kind of error is this?

NT Kernel code has to be something like this:
if(timeSinceLastError > someValue)
keyboard.p.enable = false;

I guess you could also replace the keyboard error with some random error.

If you encounter this, restart Windows.

!dev

Ffuuuuucckk

This day just sucks.
Got a speeding ticket, went to pay it first thing in the morning. To renew insurance I had to call the bank to update my phone nr for 2FA. In this endless loop of „for this, press 1, for that, press2“ I pressed the wrong number and it invalidated my e-Banking password.
After a while got my number updated, after that called the insurance, after waiting for like 20min got that sorted and wanted to check my bank balance but I couldn’t log in. Now I can’t reset it either because it’s locked.
Need to call then again but needed a break and wanted to cook something but now my FUCKING SINK is clogged.

Have to uninstall half of the kitchen to get to t he pipes..

And it’s only noon.

The company that I currently work for has a strict clean-desk policy. So strict, there's even have a little booklet that they have about 1000 copies of lying around the office everywhere. In the booklet is a playful description (with cartoons!) of what can go wrong when sensitive information is lying around, or shared with outsiders through careless talk, etcetera. Employees are encouraged to take a copy of the booklet home.

Also in the booklet is a description of the importance of having a good password. It mentions the required minimum (x) and maximum (x+1) length of passwords, mandatory character classes, and how often the passwords have to be changed.

Joined a call during a potentially important life event. Work laptop password expired this morning, personal laptop didn't connect to vpn, desktop not connecting to vpn. No one knew what's wrong on the call (just that it's not working).

Not a good call.

26 or so hours up now. And I've got a few stories to tell :) feel free to refresh your cup of coffee and take a seat.

Last few days I've been going into this odd place called intown.irl to get in touch with its inhabitants. An odd place I have to say. But in some cases quite rewarding, even got a MILF home with me and into bed at some point. Anyway...

3 days ago I think it is now? Thursday evening I took my laptop to this local bar where I had this issue about dihydrogen monoxide with one of the bartenders earlier (you'll find that rant on those keywords). Still wanted to visit it regardless though, as I met that first woman there earlier that approached me. Unfortunately I didn't see her there that day.

Some bald guy who was clearly drunk approached me. Many people were already giving curious looks at this laptop I brought to the bar. I finally tuned it up with the stickers from FOSDEM.. I'll put a picture of it in the comments. My theme was one of privacy (central), distributions and Google's open source initiative (which aligns with the keychain token I got from them as well). But of course.. that guy.. he thought that a pimped/riced laptop obviously meant that I was a hacker.

Guy went to the toilet.. went back.. and suddenly grabbed my laptop and turned it towards him. Boy was I never more smugly satisfied that those rubber pads on the bottom are quite resilient. Could've almost damaged my screen by trying to grab it like that. But it's a CCFL display.. so high voltage. If it were to become broken.. worth it. 😈

On it at the time was a terminal, pinging Google (had network issues at that bar, to the point where one of the - I think - staff members got up to me and offered the WiFi password and got to talk with me.. more on that later), and my usual Linux desktop along with the Arch anime wallpaper with the quote of Da Vinci.. simplicity is the ultimate sophistication. Of course the guy saw the terminal.. and probably reaffirmed.. yep, that's a hacker. At least he wasn't too wrong about the general term.. but the hat.. most likely he was wrong on that one.

Guy left with this question.. "you are a hacker, aren't you."
I replied to him: "No sir. I'm not a hacker. I've got no idea what you're talking about."
Guy kept looking at me weirdly for the whole night to come.

Back to that companion guy though. Mac user, yada yada.. but he told me about his backup solution. Apparently - I shit you not - he has not only the photos on his local device, he's also frequently backing them up in Time Machine (which I was really curious about whether it uses mirroring or snapshots.. he couldn't tell, lmk if you do) but not only that.. he was storing another offsite backup in that very bar, in case his house went on fire.

Now that is a proper backup scheme!!! If only more people were like that.

Seriously though.. that bald guy who took my laptop just like that... I just let it slide for that one time, but I tend to treat my machines as an extension of my very self. I think that was a very uncalled for move. Asshole...

How would you have reacted to such a thing? And.. maybe that's why we technologists don't get outside too often? Fucking everything is hacking these days if it's not Knopkes and Blinkenlights… Not every shell is a h4xx0ring console for h3kk1ng de fasbuk…

Why the fuck did Oracle change their policies on the official JDK and made the website nigh impossible to use?!

It was shit from the 90s before, and now its still shit just modern.

Why do I have to register do get the JDK, you know Im going to use the fucking 10min mail. I just wanted to setup a freaking build server and I had to go over your retarded website that for some reason *refreshes* and erases the username field everytime I put in the wrong password. Why?

Why is oracle just outright bad at making websites?! Its always a maze to navigate and now it also takes seconds to even load...

This shit is why everyone uses openJDK and adopt. 3 billion devices running java?! Not with your jre/jdk they are not, because It's a pain to get... Don't me even get started on the mess it does on windows server. Why wasn't my JAVA_HOME set automatically?! I lost almost 2 hours because I trusted your piece of shit software to so the one job it has, even reinstalled it completely...

Get your shit together Oracle, this was unacceptable 10 years ago, let alone now

tl;dr:
The Debian 10 live disc and installer say: Heavens me, just look at the time! I’m late for my <segmentation fault

—————

tl:
The Debian 10 live cd and its new “calamares” installer are both complete crap. I’ve never had any issues with installing Debian prior to this, save with getting WiFi to work (as expected). But this version? Ugh. Here are the things I’ve run into:

Unknown root password; easy enough to get around as there is no user password; still annoying after the 10th time.

Also, the login screen doesn’t work off-disc because it won’t accept a blank password, so don’t idle or you’ll get locked out.

The lock screen is overzealous and hard-locks the computer after awhile; not even the magic kernel keys work!

The live disc doesn’t have many standard utilities, or a graphical partition editor. Thankfully I’m comfortable with fdisk.

The graphical installer (calamares) randomly segfaults, even from innocuous things like clicking [change partition] when you don’t have a partition selected. Derp.

It also randomly segfaults while writing partitions to disk — usually on the second partition.

It strangely seems less likely to segfault if the partitions are already there, even if it needs to “reformat” (recreate) them.

It also defaults to using MBR instead of GPT for the partition table, despite the tooltip telling you that MBR is deprecated and limited, and that GPT is recommended for new systems. You cannot change this without doing the partitions manually.

If you do the partitions manually and it can’t figure out where to install things, it just crashes. This is great because you can’t tell it where to install things, and specifying mount points like /boot, /, and /home don’t seem to be enough.

It also tries installing 32bit grub instead of 64bit, causing the grub installer to fail.

If you tell it to install grub on /boot, it complains when that partition isn’t encrypted — fair — but if you tell it to encrypt /boot like it wants you to, it then tries installing grub on the encrypted partition it just created, apparently without decrypting it, so that obviously fails — specific error: cannot read file system.

On the rare chance that everything else goes correctly, the install process can still segfault.

The log does include entries for errors, but doesn’t include an error message. Literally: “ERROR: Installation failed:” and the log ends. Helpful!

If the installer doesn’t segfault and the install process manages to complete, the resulting install might not even boot, even when installed without any drive encryption. Why? My guess is it never bothered to install Grub, or put it in the wrong place, or didn’t mark it as bootable, or who knows what.

Even when using the live disc that includes non-free firmware (including Ath9k) it still cannot detect my wlan card (that uses Ath9k).

I’ve attempted to install thirty plus times now, and only managed to get a working install once — where I neglected to include the Ath9k firmware.

I’m now trying the cli-only installer option instead of the live session; it seems to behave at least. I’m just terrified that the resulting install will be just as unstable as the live session.

All of this to copy the contents of my encrypted disks over so I can use them on a different system. =/

I haven’t decided which I’m going with next, but likely Arch, Void, or Gentoo. I’d go with Qubes if I had more time to experiment.

But in all seriousness, the Debian devs need some serious help. I would be embarrassed if I released this quality of hot garbage.

(This same system ran both Debian 8 and 9 flawlessly for years)

Hey Citrix:

FUCK YOU.

Learn to make an accessible log in page you fucks.

Maybe instead of vague fucking "you're user name and password is wrong" say things like "your account is locked because we somehow decided we don't like your password anymore. . . . without telling you"

Fucking 2 hours of my day wasted trying to log into my company's VM because first it wouldn't take my password (that I've had for over a month and doesn't expire for another month) over and over again. I changed it, logged in. Got up to do something that'd take less than 5 minutes. And OF COURSE the people who set up the VM made them log you out if you're gone for more than 3 minutes (fuck that guy too). Come back to a log in screen and it won't accept my new password.

Change it again. Except this time it won't accept my new password because it's "like my old password." It is in that it uses the alphabet and numbers, but it's also different in that those alphanumeric characters are LITERALLY DIFFERENT IN EVERY PLACE. I finally get it to accept a new password.

I'm also loving the whole "answer these security questions that literally anyone who does minimal research on you can answer" before I get to change my password. Yeah. Because finding my mother's maiden name or the city I was born in is so fucking hard. Literally impossible to find out what my Dad's dad's name is. Shit like that isn't publically available. Nope. Why the fuck are we still using "security" questions?

I log into Citrix again. And it takes me to . . . the log in for Citrix.

There is no word in elvish, entish or the tongues of men for this stupidity.

Fuck Citrix. Fuck the people behind the password manager (Aviator or something like that), and fuck whatever administrator setting turns my computer off due to inactivity in such a stupid short amount of time. 10 minutes, 15 minutes, that'd be fine. But it's more like 3 or 5, like wtf.

Umm Trello tells you specifically if the password is wrong... /:

Long story short: University fucked up single sign on.

For every online service I have, I set a different password, randomly generated ~ 20 characters long. At our university we have multiple systems but they offer a single sign on service which is quite nice because it is so non-transparent which service now uses which authorization. I changed my password a while ago and around the same time they also updated our mail client. Since then I am not able to log in which is not a big deal for me because I have mail forwarding.

Yesterday however I needed another service and also got rejected with my password. I knew from a friend that the passwords are fucked up and that some services have different restrictions (only 12 chars max.), so I decided to search how to reset my password. What the fuck was wrong with these people? It takes you five different pages to get the tiniest bit of information how to reset the password. Then on one page you can login with your single sign on and change the password. On that page you can also set the single sign on password, but if you enter an invalid password (in respect of the the other services) guess what? No feedback that you just locked yourself out of half the systems. Nice job. Also the password requirements are not next to the input fields where you change the password. Noo. That would be way to easy, remember the little small one line on the wall of text three pages ago? There you go.

Ok step one done. Now it should work, shouldn't it? Ohh no not so fast. One needs to activate the seperate service. Where you ask? Perfectly fine question. On the top of page four is a fucking one line table which looks like some five year old had some fun in excel. The button which takes you to the activation page is nearly invisible because of the non existing contrast. Also it is not a button but some arrow pointer thingy. Behind set arrow you have a page listing all differnt kinds of services, the description which you find on page two btw. No padding to decipher this shit what so ever. Nearly on the bottom is your needed button. Yes finally.

Finally I want to login, no good. Try again. Still no good. Go back to the fucked up excel table look at my username and think to myself what's the difference here? The table is so small and again no margin or padding. Apparently they cut of the last character of my normal username which i have which is fucking ridiculous.

What is wrong with you people, we are a TECHNICAL UNIVERSITY, is it so hard for you to find someone decend to unify this shit?

I wanna make you feel what you have brought into my house!!

I was working with security cameras once in a home automation project. One of those camera particularly stand out by offering a cgi without password request to view and change the current passwort and username.

Seriously wtf is wrong with you? I mean this thing automatically connects to an internet service offering everyone to connect to it with that passwort and username. And I know some of you might say "hey chill the cgi is only available on the wifi" - dammit no. Security is a lifestyle do it complete or get the fuck out. God knows what other mistakes there might be hidden in that thing screaming out to everyone to watch me taking a shit.

But that's not the end of it. My company arranged a call to the technical support of that camera so that I can explain the problem and a patch gets released. Those guys didn't give a shit about it and were even laughing at me. Fuck you!

So whoever is responsible - I will find you - and you will never see me coming.

IF YOU DONT WANT ME TO INSTALL SOMETHING WITHOUT UPDATING THEN FUCKING SAY SO INSTEAD OF SAYING MY PASSWORD IS WRONG.

A few days ago Aruba Cloud terminated my VPS's without notice (shortly after my previous rant about email spam). The reason behind it is rather mundane - while slightly tipsy I wanted to send some traffic back to those Chinese smtp-shop assholes.

Around half an hour later I found that e1.nixmagic.com had lost its network link. I logged into the admin panel at Aruba and connected to the recovery console. In the kernel log there was a mention of the main network link being unresponsive. Apparently Aruba Cloud's automated systems had cut it off.

Shortly afterwards I got an email about the suspension, requested that I get back to them within 72 hours.. despite the email being from a noreply address. Big brain right there.

Now one server wasn't yet a reason to consider this a major outage. I did have 3 edge nodes, all of which had equal duties and importance in the network. However an hour later I found that Aruba had also shut down the other 2 instances, despite those doing nothing wrong. Another hour later I found my account limited, unable to login to the admin panel. Oh and did I mention that for anything in that admin panel, you have to login to the customer area first? And that the account ID used to login there is more secure than the password? Yeah their password security is that good. Normally my passwords would be 64 random characters.. not there.

So with all my servers now gone, I immediately considered it an emergency. Aruba's employees had already left the office, and wouldn't get back to me until the next day (on-call be damned I guess?). So I had to immediately pull an all-nighter and deploy new servers elsewhere and move my DNS records to those ASAP. For that I chose Hetzner.

Now at Hetzner I was actually very pleasantly surprised at just how clean the interface was, how it puts the project front and center in everything, and just tells you "this is what this is and what it does", nothing else. Despite being a sysadmin myself, I find the hosting part of it insignificant. The project - the application that is to be hosted - that's what's important. Administration of a datacenter on the other hand is background stuff. Aruba's interface is very cluttered, on Hetzner it's super clean. Night and day difference.

Oh and the specs are better for the same price, the password security is actually decent, and the servers are already up despite me not having paid for anything yet. That's incredible if you ask me.. they actually trust a new customer to pay the bills afterwards. How about you Aruba Cloud? Oh yeah.. too much to ask for right. Even the network isn't something you can trust a long-time customer of yours with.

So everything has been set up again now, and there are some things I would like to stress about hosting providers.

You don't own the hardware. While you do have root access, you don't have hardware access at all. Remember that therefore you can't store anything on it that you can't afford to lose, have stolen, or otherwise compromised. This is something I kept in mind when I made my servers. The edge nodes do nothing but reverse proxying the services from my LXC containers at home. Therefore the edge nodes could go down, while the worker nodes still kept running. All that was necessary was a new set of reverse proxies. On the other hand, if e.g. my Gitea server were to be hosted directly on those VPS's, losing that would've been devastating. All my configs, projects, mirrors and shit are hosted there.

Also remember that your hosting provider can terminate you at any time, for any reason. Server redundancy is not enough. If you can afford multiple redundant servers, get them at different hosting providers. I've looked at Aruba Cloud's Terms of Use and this is indeed something they were legally allowed to do. Any reason, any time, no notice. They covered all their bases. Make sure you do too, and hope that you'll never need it.

Oh, right - this is a rant - Aruba Cloud you are a bunch of assholes. Kindly take a 1Gbps DDoS attack up your ass in exchange for that termination without notice, will you?

Me and my developer friend worked with my ex-colleague with this fitness directory website because he promised to give us {{ thisAmount }} upon the {{ completionDate }}.

He was my friend and I trusted him.

It took me weeks of sleepless nights building the project. I had a full-time job that time, and I worked on the project during evenings. All went well, and as we reach the {{ completionDate }}, the demo site is already up and running.

A week before the {{ completionDate }}, he hired his new wife as the COO of the startup. It was cool, she keep noticing things on the site which shouldn't be there, and keeps on suggesting sections that has to be there. I was okay with it, until I realized that we are already a month late with the deadline.

Every single hour, I get a message from them like, "it's not working", "when can you finish this feature?", blah blah blah.. and so on.

I got frustrated.

"I want my fucking life back", I told them. No one cared about the {{ completionDate }}, the sleepless zombies they are working with and our payment. They keep on coming up with this "amazing" ass features, and now they are not paying because they said "it's not complete".

Idiot enough to trust a friend. I was unprotected, there was no legal-binding document that states their obligation to pay.

My dev friend and I handed over the project to this web development company which they prefer, and kept a backdoor on the application.

I kind of moved on with the payment issue after a month. But without their knowledge, I kept an eye on the progress and made sure that I still have the access to their server, DNS, etc..

BUT when they announced the official launch on social media, I realized that I was on the wrong train the whole time.

They switched to a different server.

They thanked all the people involved with the project via social media, EXCEPT me and my coding partner who originally built the site from ground up. A little "thank you" note from them will make us feel a little better. But, never happened.

I checked up the site and it was rewritten from originally Laravel 5 to CodeIgniter 1. That is like shifting from a luxury yacht where you can bang some hot chicks, to a row boat where your left hand is holding the paddle whilst your right hand is wanking yourself.

I almost ran out of bullets.

Luckily, CodeIgniter 1 was prone to SQLi by default.

I was able to get the administrator password in plain text and fucked with their data. But that didn't make me feel better because other people's info are involved.

So, I looked for something else to screw with. What I found? A message with the credit card details.

Finally, a chance to do something good for humanity. I just donated a few thousand dollars to different charity websites.

This is the last part of the series
(3 of 3) Credentials everywhere; like literally.

I worked for a company that made an authentication system. In a way it was ahead of it's time as it was an attempt at single sign on before we had industry standards but it was not something that had not been done before.

This security system targeted 3rd party websites. Here is where it went wrong. There was a "save" implementation where users where redirected to the authentication system and back.

However for fear of being to hard to implement they made a second method that simply required the third party site to put up a login form on their site and push the input on to the endpoint of the authentication system. This method was provided with sample code and the only solution that was ever pushed.

So users where trained to leave their credentials wherever they saw the products logo; awesome candidates for phishing. Most of the sites didn't have TLS/SSL. And the system stored the password as pain text right next to the email and birth date making the incompetence complete.

The reason for plain text password was so people could recover there password. Like just call the company convincingly frustrated and you can get them to send you the password.

I once agreed to maintain and develop an application used in a different section of the school to keep inventory and make sure everything is where it is supposed to be.

At first there was enthusiasm, together with 2 of my classmates we agreed and git clone-d the .NET application that now graduated students built and maintained for the past few years. What could go wrong right?!

It became clear that the original students that worked on it followed an older curriculum, meaning they still got taught .NET instead of the core variant that we get now, not only that but it also seemed that they either did not fully grasp the Clean/Onion architecture or didn't get it in class since there were infrastructure components in the 'Domain' project of the solution. Think of 2 DBContexts in the domain model, yep.

One of us bailed in the first week, the other one and I felt bad for the people using the app so we went on and tried to work on the first bugs that were described in a document. One of these bugs was 'whenever I filter on something in the list, everybody gets to see that filter on their screen instead of only me'. Woah that's weird! Let's see how they put that together!

Oh god, they are using a _static_ variable to store filters, no wonder that it doesn't work properly. Ever heard of sessions?!

Second bug: Sometimes people can't create an account when we sign them up from the admin panel. Alright that is weird, let's figure that one out! Wait a second it seems to work in development? What's this about.

Oh wait I can't create an account on production either? Oh that's weird, wait a second... Why do I have to put my e-mail in a form that was sent to me through e-mail? Why is my address not filled in already? OOH, if someone types in the wrong e-mail address (which is easy since our school has 4 variants of the same f*cking e-mail address) it won't work since it can't recognize the user! Brilliant! Remove e-mail input box and make a token/queryparam determine the user account.

Ah that seems good, it's a mess but it seems a tiny bit better now, great! We're making progress and some sweet buck.

Next bug, trillions of 50x errors on random pages, that's a weird one.

Hm everything works in development, that's odd. Is the production data corrupted?

DID I MENTION that in order to get into the system in development we have to load in a f*cking production database backup ON OUR DEVELOPMENT MACHINE and then ask one of the users' password to login to it and create an account for ourselves? Seeding? What's that, right?!

Anyway, back to bug fixing. I e-mail the the people responsible for the app and get a production admin account, oh I also can't ssh into it because of policies so I have to do everything over e-mail and figure out what's causing the errors. I somehow also wonder if they have any kind of virtualization in place, giving students a VM to do that stuff in doesn't seem so weird does it ? Even with school policies?

Oh btw, 'deploying' means sending a .zip file to a guy in another building and telling him how to configure it, apparently this resulted in a missing folder that the application needed to work and couldn't make on its own. This after 2 weeks of e-mailing back and forth.

After 3 months i quit out of despair and sadness, and due to the fact that I just couldn't do it anymore. I separated everything into logical subprojects and let the last guy handle it, he was OK with that and understood why I left.

Luckily, around that time I already had an actual job at a software development company :)

Earlier this year I had to deploy an "emergency" fix to production for (luckily) an internal facing, but customer impacting, web application.

It was only the login page they were changing. I backed up the original, copied the new file into place, and marked my task complete.

Then I went and read the details on the incident. Someone discovered that if you supply ANY valid username and leave the password blank, you're in! Put the wrong password and you're blocked, of course. But blank? You must be legit!

Curious, I looked at the timestamp on the original file I had backed up to see how long it had been like this.

4 years.

Damn it gitpush focus when type the damn password!! I locked my self out of my server again 😭

Time to visit the portal and login 😒

WTF is wrong with these Govt websites...!!!

Trying to login
"Password is incorrect"
Clicked on reset password,
Now guess what happened next...

They said,

.
ENTER YOUR CURRENT PASSWORD!!!

Wrote a small code to test my "Reset Password" feature, service console kept printing: User not found and returns 404

I was 100% I added that user manually to the database....

Well it turned out I added that user to the wrong database. I need to sleep T_T

So, I just created an account on a premium objective information website. It basically sells access to several articles on laws and general "financial relevant subjects". It is important for my work and they have pretty strict password requirements, with minimum: 18 characters length, 2 HC, 2 LC, 2 special, 2 numbers.

Without thinking twice, openned Keepass and generated a 64 length password, used it, saved it. All's good. They then unlocked my access and... wrong password. I try again... wrong password.

Thinking to myself: "No, it can't be that, maybe I only copied a portion of the password or something, let me check on CopyQ to see what password I actually used."

Nope, the password is indeed correct.

Copy the first 32 characters of the password, try it... it works...

yeah, they limit password length to 32 characters and do not mention it anywhere ... and allow you to use whatever length you want... "Just truncate it, its fine"

So, I was able to hack into a local business (legally) in under two minutes today... great and scary right? Get this, it was from my iPhone. All switches were still the default username and password... after seeing that they didn't think anything was wrong and didn't sign the contract... imagine what I could have done with my laptop and my PWNtools...

Fuck it, more (l)user data for me to log.😏

tldr: Fuck Apple AND Microsoft...

Tried to check my "me" email today (iCloud)... and well it's apparently "locked" for god only knows what reason, and they will only let me recover it through a Hotmail account that I haven't used in >10years.. So I tried that and after one login attempt outlook.com is telling me "you've entered too many wrong password attempts, you must reset your password"... ugh OK, so I hit the button and it's asking me "my" security question.. 'where did you and your spouse meet?'.. wtf? I'm not married now nor was I @12yrs old when I made this account....

Well thanks so I guess that's fucked for forever...

Halfway through typing my password and I know I've gotten it wrong, but keep going to the end just in case it magically works.

Being the dumbest smart person is way better than being the smartest dumb person. Here is looking at anyone ever trying to tell me how to do my job yet you cannot read a fucking error messag. Yes incorrect password means you got it wrong, dim witted cunt

How to log in to CMS Of Doom™...
What could go wrong?
MD5 password hashing? HTTP links? Extracting the whole $_POST array?

!rant

Need some opinions. Joined a new company recently (yippee!!!). Just getting to grips with everything at the minute. I'm working on mobile and I will be setting up a new team to take over a project from a remote team. Looking at their iOS and Android code and they are using RxSwift and RxJava in them.

Don't know a whole lot about the Android space yet, but on iOS I did look into Reactive Cocoa at one point, and really didn't like it. Does anyone here use Rx, or have an opinion about them, good or bad? I can learn them myself, i'm not looking for help with that, i'm more interested in opinions on the tools themselves.

My initial view (with a lack of experience in the area):

- I'm not a huge fan of frameworks like this that attempt to change the entire flow or structure of a language / platform. I like using third party libraries, but to me, its excessive to include something like this rather than just learning the in's / out's of the platform. I think the reactive approach has its use cases and i'm not knocking the it all together. I just feel like this is a little bit of forcing a square peg into a round hole. Swift wasn't designed to work like that and a big layer will need to be added in, in order to change it. I would want to see tremendous gains in order to justify it, and frankly I don't see it compared to other approaches.

- I do like the MVVM approach included with it, but i've easily managed to do similar with a handful of protocols that didn't require a new architecture and approach.

- Not sure if this is an RxSwift thing, or just how its implemented here. But all ViewControllers need to be created by using a coordinator first. This really bugs me because it means changing everything again. When I first opened this app, login was being skipped, trying to add it back in by selecting the default storyboard gave me "unwrapping a nil optional" errors, which took a little while to figure out what was going on. This, to me, again is changing too much in the platform that even the basic launching of a screen now needs to be changed. It will be confusing while trying to build a new team who may or may not know the tech.

- I'm concerned about hiring new staff and having to make sure that they know this, can learn it or are even happy to do so.

- I'm concerned about having a decrease in the community size to debug issues. Had horrible experiences with this in the past with hybrid tech.

- I'm concerned with bugs being introduced or patterns being changed in the tool itself. Because it changes and touches everything, it will be a nightmare to rip it out or use something else and we'll be stuck with the issue. This seems to have happened with ReactiveCocoa where they made a change to their approach that seems to have caused a divide in the community, with people splitting off into other tech.

- In this app we have base Swift, with RxSwift and RxCocoa on top, with AlamoFire on top of that, with Moya on that and RxMoya on top again. This to me is too much when only looking at basic screens and networking. I would be concerned that moving to something more complex that we might end up with a tonne of dependencies.

- There seems to be issues with the server (nothing to do with RxSwift) but the errors seem to be getting caught by RxSwift and turned into very vague and difficult to debug console logs. "RxSwift.RxError error 4" is not great. Now again this could be a "way its being used" issue as oppose to an issue with RxSwift itself. But again were back to a big middle layer sitting between me and what I want to access. I've already had issues with login seeming to have 2 states, success or wrong password, meaning its not telling the user whats actually wrong. Now i'm not sure if this is bad dev or bad tools, but I get a sense RxSwift is contributing to it in some fashion, at least in this specific use of it.

I'll leave it there for now, any opinions or advice would be appreciated.

Oh man, I fucked up...
I was doing after hours work for client, setup website with https.

Can't work over sftp with current user,so I give it the same user ID as apache, get files transferred and shit.
Go back to change uid, set wrong uid, now my user is ntp, I can't get into root, can't set password...
I fucked up

Tail between the legs, sent email to clients support, asking them to fix my user fuck up, waiting for reply

What the fuck is wrong with Google?!!

Trying to log into Gmail.
Forgot password.
Gmail: To reset, code from authenticator app is required.
Me: Super. Good thing I set it up.
Enters code.
Gmail: Recovery email.
Me : Uh... Forgot that too.
Gmail: Some email address to communicate.
Me: Super!
Enters some other email address.
Receives mail with a link.
Me: Finally!
Opens link

Gmail: "When did you create your account?"
Me: Uh... If I had that kind of memory, we wouldn't be dancing right now.
.
.
.
Gmail: Sorry we couldn't verify you.

WHAT THE FUCK, GOOGLE?!
What sort of sadist play is this?!

Dropped them a mail to get access back. Got a link in the auto reply that explains how to repeat the above process. WTF?!

What the actual fuck?!

1. When i was 11 years old i came across a trojan horse program and i sent it to all my school friends to get their messenger password.
(I had a list of passwords of all the people in my class... dont worry, i didnt even used the passwords, i just stored them in my list lol)

2. Took data structures 10 years later, hated it and switched to electrical eng

3. I was working on a manufacturing plant as the lead engineer and one of my prototypes was misbehaving and i was blaming software and software was blaming me...typical stuff... So i said "im going to get a masters is software so i can know wtf you are talking about, and tell you that you are wrong😠!!"

Got in school, started in the masters and quit that place i was working for 🤣.. (they were shitty people and unethical business... fyi)

Now im back to where i was was when i was 11... (minus the hacking email accounts of my classmates)

Today I was debugging some shitty code left by unknown developer whos linkedin account is dead and phone number left in contact card calls local pizza house.

I knew it qould be hard so i've made myself comfortable, gathered 5 redbulls and other items that diabetes people would kill for eating again.

After around 10 minutes i was already frustrated but i kept the pace. "Who is the best, little devie, you!" - I fooled my ego to keep up and shut up.

After around 10 next minutes my attention span has ended. Limbic system started injecting some hormones into my brain, but I remained silent.

First two energy shots were applied. I felt like hero again. Two minutes after I was debugging through some library that was written fo java and found out that it ahots some natives to a c lang lib called "mypreciouslib".

Oh flock, how can i debug it if ita compiled , I cannot do such things, Me be only junior dev. I started swearing, but silently.

Started ollydbg to see what is inside livrary, i searched through but i couldnt match anything it was like mess stirred with fecals of an elephant.

So I opened aida pro " with vitamins" cause obviously, our pm says "but you write in java right " so we dont need those tools right ? Fuck no.

Aida was better at least i could find some funcions calls, but hey, the progress. I was swearing out loud, with earplugs in. And by the time I've sweared all the things in company i got a reminder.

"Hey -insane- stop swearing, the children are here."-sayys pm, it is some kind of " family and work " shitfuck day.

So i asked them: " why wouldnt you buy this fucking tools for programmming for us , you wouldnt have to hear me fucking swearing" . then i realized that , colleagues in room heard all of it, and one of them, total fuckface buttlicker(dev without bit of knowledge) started something like "you are wrong, see how good our software is sellling". Pm was like smiling like he thanked him for buttlicking again. Not to mention he is officially retarded and i know his password to all our services cause he is so smart to put it into text file and then have sharing files in windows turned on.

The other one told aloud, that we would be much better with some debugging tools that are better than fucking eclipse if we have to work without code.

PM told us that he will arrange a meeting. At that point I didnt care any longer. I just fired myself, fuck them.

Please saint Stallman give me hope and joy of programming from my teenage years. Uhhh..

"I need the login credentials for the CMS service"

*sends the email confirmation email*

"No, I can't confirm your email for you. In plain English: send me the email and password to login."

"Ohhhhhhhhh"

Literally what the fuck is wrong with these people.

I swear we're all fucking doomed.

ZNC shenanigans yesterday...

So, yesterday in the midst a massive heat wave I went ahead, booze in hand, to install myself an IRC bouncer called ZNC. All goes well, it gets its own little container, VPN connection, own user, yada yada yada.. a nice configuration system-wise.

But then comes ZNC. Installed it a few times actually, and failed a fair few times too. Apparently Chrome and Firefox block port 6697 for ZNC's web interface outright. Firefox allows you to override it manually, Chrome flat out refuses to do anything with it. Thank you for this amazing level of protection Google. I didn't notice a thing. Thank you so much for treating me like a goddamn user. You know Google, it felt a lot like those plastic nightmares in electronics, ultrasonic welding, gluing shit in (oh that reminds me of the Nexus 6P, but let's not go there).. Google, you are amazing. Best billion dollar company I've ever seen. Anyway.

So I installed ZNC, moved the client to bouncer connection to port 8080 eventually, and it somewhat worked. Though apparently ZNC in its infinite wisdom does both web interface and IRC itself on the same port. How they do it, no idea. But somehow they do.

And now comes the good part.. configuration of this complete and utter piece of shit, ZNC. So I added my Freenode username, password, yada yada yada.. turns out that ZNC in its infinite wisdom puts the password on the stdout. Reminded me a lot about my ISP sending me my password via postal mail. You know, it's one thing that your application knows the plaintext password, but it's something else entirely to openly share that you do. If anything it tells them that something is seriously wrong but fuck! You don't put passwords on the goddamn stdout!

But it doesn't end there. The default configuration it did for Freenode was a server password. Now, you can usually use 3 ways to authenticate, each with their advantages and disadvantages. These are server password, SASL and NickServ. SASL is widely regarded to be the best option and if it's supported by the IRC server, that's what everyone should use. Server password and NickServ are pretty much fallback.

So, plaintext password, default server password instead of SASL, what else.. oh, yeah. ZNC would be a server, right. Something that runs pretty much forever, 24/7. So you'd probably expect there to be a systemd unit for it... Except, nope, there isn't. The ZNC project recommends that you launch it from the crontab. Let that sink in for a moment.. the fucking crontab. For initializing services. My whole life as a sysadmin was a lie. Cron is now an init system.

Fortunately that's about all I recall to be wrong with this thing. But there's a few things that I really want to tell any greenhorn developers out there... Always look at best practices. Never take shortcuts. The right way is going to be the best way 99% of the time. That way you don't have to go back and fix it. Do your app modularly so that a fix can be done quickly and easily. Store passwords securely and if you can't, let the user know and offer alternatives. Don't put it on the stdout. Always assume that your users will go with default options when in doubt. I love tweaking but defaults should always be sane ones.

One more thing that's mostly a jab. The ZNC software is hosted on a .in domain, which would.. quite honestly.. explain a lot. Is India becoming the next Chinese manufacturers for software? Except that in India the internet access is not restricted despite their civilization perhaps not being fully ready for it yet. India, develop and develop properly. It will take a while but you'll get there. But please don't put atrocities like this into the world. Lastly, I know it's hard and I've been there with my own distribution project too. Accept feedback. It's rough, but it is valuable. Listen to the people that criticize your project.

So my colleague sees an iPad on a desk that someone has left by accident. He puts in the wrong password a bunch of times to lock it for an hour as a joke and accidentally wipes it!! Turns out it was about to be used for end of sprint client demo 😂

Great news, I just lost my email account's password. The password is in password manager but apparently, when I was changing it, I did something wrong. Now, neither the old one, nor the new one work and I can't login into my email. I didn't even change the password reset phone number to my new one! And I also forgot the recovery mailbox' password. Fucking great.

Here's the lesson: **ALWAYS** re-check your new password in your browser's private window.

So few of you will know that I was a bit wasted last night (Monday night). Few of you will also know I was having trouble with my new linux installation. (POP!_OS)

After troubleshooting this and that, I gave up. I believe my hardware just doesn't wanna pop. So I installed manjaro xfce.

This morning I woke up with my laptop beside me with a locked screen. I entered the password I remember I setup. Wrong. I entered all usual passwords I normally use. All wrong.

😖 😖 😖

Who is that genius at Microsoft thought about that if adding a new email to outlook on Android and credentials are wrong, CLOSE THE WINDOW AND GO BACK TO SETTINGS!!

Error message says wrong username/password then let me fucking fix them not go back and enter everything from scratch (outgoing, incoming servers, username, password)

Fuck this shit -_-

As someone who uses UNIX and UNIX-like systems on a daily basis, and someone dealing with computer support in a school, I experience so, so many issues, many of which others have already ranted about.

For no reason at all, I find it incredibly frustrating how many high school students' understanding of sudo is limited to this:
Student: Hey, isn't sudo the minecraft command
Me: Erm
Student: You know, the one skeppy uses... to troll players? Anyway, you're doing it wrong. There should be a slash before you run the command
Me: aaargh.
and so on. Happens probably every 10th time I invoke sudo.

I mean, really? Surely these kids, with all their complaints and lines: hacking into the mainframe/whats the admin password/why did you block my VPN/ and so on, would know what sudo is. But NO, they just don't seem to get it. Sometimes I lose my hope in the futures of these kids.

Microsoft and their dev tools...

> Trying to login to Azure VM
> Get an error, saying that password needs to be changed before logging in the first time
> Head over to Azure portal, try resetting password
> Password reset is not successful. Reason: Account already exists (???)
> Google the error message. Found solution (coming from a Microsoft employee!): Create a new user, login with that, fix the password for user #1 inside the VM, then delete the new user

What's wrong with these people? 😂

Microsoft Market:
"You tried a wrong password too many times"
(I know fucker, I made a fucking mistake because I had to restart the pc 20 fucking times already, I've got confused, you pc-fucker)
"The activity is temporarily suspended, try later"

LATER? WHEN? I need to work you moron. Just give me a number!!! 10 minutes? 10 hours? days?
Work on improving security, lazy sod, not on slowing my job.

PS As soon as I can I'll change the password in "ImpotentCrackWhoreFucker8==0-)"

Bought my first VPS, because the shared plan we are using is shit.

Spent just half an hour trying to log in, because upon registration they encouraged a strong password with simbols and everything.

But in reality a root password can only contain letters, numbers, underscore and minus sign... The fuck is wrong with you? Reducing the entropy is one thing, but really fucking up the most essential part of a VPN setup?

Who would be interested in reviewing an old peice of Python code I wrote..? It's a few years old, and it uses basic procedual generation to cypher text (entry, or ASCII files) using a hashed password. It's a command line tool.

I used to brag about how "secure" it was, and now I'm curious if it is secure or not.

I plan on picking it back up and open-sourcing it, but I want to know what problems might be wrong with it now.

I needed to log in on a website in someone else's pc and didn't know the password by heart. I thought I'd log into chrome, if I log out later, what could go wrong right?

Apparently, a lot. It facking merged my bookmarks, history and passwords with hers! And she had shitloads of them! It took me facking hours to clean up the mess chrome created. I trust her, but I still didn't want her to have my passwords etc.

Omg I'm never logging into chrome again elsewhere, what a frustrating facking waste of time

Got tired of Windows 10 giving me BSODs

Tried fixing it (previous rant)

Decided to get rid of it

Purged Windows 10 along with Mint for good

Booted Solus (It's awesome)

Installing..

Installation failed - Input/Output error(5)

?

Maybe ISO got corrupted

Downloaded ISO again (painfully slowly)

Installing...

Success!

Booted to Login screen

Incorrect username/password (shit)

Tried again x times (absolutely correct username and password, I'm sure)

Doesn't work

Booted from the same USB again

Format and Install (again)

Installing..

Installation failed - Input/Output error(5)

:(

I'm not sure what's going wrong here..

My laptop is soulless right now..

I need some opinions on Rx and MVVM. Its being done in iOS, but I think its fairly general programming question.

The small team I joined is using Rx (I've never used it before) and I'm trying to learn and catch up to them. Looking at the code, I think there are thousands of lines of over-engineered code that could be done so much simpler. From a non Rx point of view, I think we are following some bad practises, from an Rx point of view the guys are saying this is what Rx needs to be. I'm trying to discuss this with them, but they are shooting me down saying I just don't know enough about Rx. Maybe thats true, maybe I just don't get it, but they aren't exactly explaining it, just telling me i'm wrong and they are right. I need another set of eyes on this to see if it is just me.

One of the main points is that there are many places where network errors shouldn't complete the observable (i.e. can't call onError), I understand this concept. I read a response from the RxSwift maintainers that said the way to handle this was to wrap your response type in a class with a generic type (e.g. Result<T>) that contained a property to denote a success or error and maybe an error message. This way errors (such as incorrect password) won't cause it to complete, everything goes through onNext and users can retry / go again, makes sense.

The guys are saying that this breaks Rx principals and MVVM. Instead we need separate observables for every type of response. So we have viewModels that contain:

- isSuccessObservable
- isErrorObservable
- isLoadingObservable
- isRefreshingObservable
- etc. (some have close to 10 different observables)

To me this is overkill to have so many streams all frequently only ever delivering 1 or none messages. I would have aimed for 1 observable, that returns an object holding properties for each of these things, and sending several messages. Is that not what streams are suppose to do? Then the local code can use filters as part of the subscriptions. The major benefit of having 1 is that it becomes easier to make it generic and abstract away, which brings us to point 2.

Currently, due to each viewModel having different numbers of observables and methods of different names (but effectively doing the same thing) the guys create a new custom protocol (equivalent of a java interface) for each viewModel with its N observables. The viewModel creates local variables of PublishSubject, BehavorSubject, Driver etc. Then it implements the procotol / interface and casts all the local's back as observables. e.g.

protocol CarViewModelType {
isSuccessObservable: Observable<Car>
isErrorObservable: Observable<String>
isLoadingObservable: Observable<Void>
}

class CarViewModel {
isSuccessSubject: PublishSubject<Car>
isErrorSubject: PublishSubject<String>
isLoadingSubject: PublishSubject<Void>

// other stuff
}

extension CarViewModel: CarViewModelType {
isSuccessObservable {
return isSuccessSubject.asObservable()
}
isErrorObservable {
return isSuccessSubject.asObservable()
}
isLoadingObservable {
return isSuccessSubject.asObservable()
}
}

This has to be created by hand, for every viewModel, of which there is one for every screen and there is 40+ screens. This same structure is copy / pasted into every viewModel. As mentioned above I would like to make this all generic. Have a generic protocol for all viewModels to define 1 Observable, 1 local variable of generic type and handle the cast back automatically. The method to trigger all the business logic could also have its name standardised ("load", "fetch", "processData" etc.). Maybe we could also figure out a few other bits too. This would remove a lot of code, as well as making the code more readable (less messy), and make unit testing much easier. While it could never do everything automatically we could test the basic responses of each viewModel and have at least some testing done by default and not have everything be very boilerplate-y and copy / paste nature.

The guys think that subscribing to isSuccess and / or isError is perfect Rx + MVVM. But for some reason subscribing to status.filter(success) or status.filter(!success) is a sin of unimaginable proportions. Also the idea of multiple buttons and events all "reacting" to the same method named e.g. "load", is bad Rx (why if they all need to do the same thing?)

My thoughts on this are:

- To me its indentical in meaning and architecture, one way is just significantly less code.
- Lets say I agree its not textbook, is it not worth bending the rules to reduce code.
- We are already breaking the rules of MVVM to introduce coordinators (which I hate, as they are adding even more unnecessary code), so why is breaking it to reduce code such a no no.

Any thoughts on the above? Am I way off the mark or is this classic Rx?

Deadlines tomorrow and as per company policies admin rights on our PCs are getting reset every now and then. Today is the third time I ask the IT support for a new admin password, and it’s the third time in a row they give me the wrong password. I cannot debug the apps I’m working on without admin rights.

Getting a little tense over here...

I deployed one of our staging websites to a free plan because the site is rarely used. Project Manager sends the stakeholders the new url. There will be a lot of 🤦‍♀️🤦‍♂️🤦 all around. Some of it’s my fault. A lot of it is just WTF.

Stakeholder: We still need the staging site because we don’t want to test in the live site…

PM: Okay. We didn’t say we were deleting the site. We are just moving it to a new and better hosting platform, so we’re letting you know the url has changed.

Stakeholder: This url is for the front facing page. How do I access the backend? [they mean the admin interface]

Me: The only thing that’s changed is the url for the staging website. So domain-A/account is now domain-B/account.

I thought that was a pretty straightforward way of explaining things, that even a non technical person would get it. They took the /account example as the literal login url.

Stakeholder: I forgot the password for our admin login and I submitted a password reset, but I realize I don’t know if I have access to the admin email. Or if it’s even a real email account.

WTF

I look back at the email chain and I realize that I gave the PM the wrong url.

Also, WTF x 2. How did this stakeholder not realize they were looking at the wrong website?? There are definitely noticeable style and content differences. And why would you have an admin login that uses a fake email??

Me: My apologies. I sent over the incorrect url. My instructions are mostly the same. All that’s changed is the domain.

Stakeholder’s assistant: [DMs me] How do we access the backend?

WTF…are they seriously playing this game and demanding I type out the url for them?! 🤬 I’m not playing this game and I just copy and paste the example that I already sent over.

They figure it out eventually. Apparently, they never used /account to login before They used /admin/index… but that would still bring them to /account, but with ?redirect=/admin/index appended to the url if they weren’t logged in. Again, WTF.

I know I made mistakes in this whole thing, but damn. I can’t even. I’m pretty sure this whole incident is fueling my boss’s push to stop supporting this particular website anymore so I can focus on sites that actually bring in revenue…and have stakeholders that aren’t looney and condescending like this.

Tried to log into my laptop 4 times and got wrong password. Fumed for full 5 mins before realizing that I was using password of workplace laptop.

fml

Those little assholes who code the web interfaces for the provider specific router. You also can't replace it with a fritzbox or something similar.

1. Password field only
2. Password field is no password field
3. This red internet thing doesn't tell me what's fucking wrong
4. The "diagnose" says everything is alright with my internet
5. It always complains because not every device in my network supports gigabit yet (there is an old switch). No reason to show everything in fucking red imo.
6. The things it lists I have to check can be and also should be checked by the fucking thing itself. Like wtf. They wanted a lot of money from me for this shitty thing and there is no temperature sensor to check if it's too hot.
7. It just stops working on hot days... Restart manually solves it. Let's restart manually from work when I have to access my files on my NAS from fucking 40 km away..

(see comments for more screenshots)

Experiences of owning a private server with JFK!

Dropping a prod db: 1
Misplacing passwords: 3
Config errors: Over 9'000
fail2ban banned me: 2
Not reading the docs first since: Forever
Setting up a sever again because I fucked up: 4
Formating the wrong USB stick, which had needed data: 1
Resetting lost DB root password: 2
Server crashes due to insufficient psu: 3
Not knowing the firewall is enabled again, so near to nothing works: 2

Windows 10 Action Center yesterday alerted me to set a PIN for my laptop.

Turned on PC this morning and typed in my regular password then realized it wanted the PIN.

Thinking how this feature came to be....

1. Windows wants you to link your login to your Microsoft/Hotmail Account and it makes it a pain in the ass to set a seperate one (Windows 8)
2. 2018 arrived an logins are a pain, everything is autologin or PIN/code based (aka short 'unsecure' passwords)
3. MS backtracks and realizes email logins are too long so they make a partial fix which basically reverts back to the pre-Win8 days of a seperate system login.. except now its called a new feature!

I realized now under enter a PIN the reason for the checkbox that says: Allow symbols and letters. It's a nice way of saying: please type in your old password again.

**Also rant #2: cuz i dont feel like waiting 1hr**
I felt great yesterday when my boss told me apparantly I have like an Expert designation at the company.

Feel like crap today cuz some user is complaining about some report:
- they asked us to create months ago
- now complaining its all wrong but never gave any formal requirements and actually did sign off on it during testing
- FIXED ASAP

HELLO!!!!!!!!!!! STOP MAKING IT SOUND LIKE IT'S MY FAULT U CAN'T BE BOTHERED TO PROVIDE CLEAR REQUIREMENTS AND THEN TAKING FOREVER TO COME BACK WITH UR PROBLEMS AND NOW NEED IT FIXED ASAP BY USING A NEW DATA SOURCE THAT I HAVE NO IDEA WHAT THE FUCK IS SINCE U USED A RANDOM ABBREVIATION LIKE I CAN MIND READ.

IF I COULD MINDREAD, ID BE WORKING ON A PLAN TO GET UR ASS FIRED.....

Happy friday and long weekend... Got 3 days to relax before i need to deal with this shit again...

Usually websites:
- wrong password -> Password field cleared and focused again

Apple websites:
- wrong password -> Password field cleared and email field focused again and password field hidden because fuck you!

Being in a rush = guaranteed way to make everything take longer.

Example: Typing your long, secure repo password wrong 5+ times in a row... when you are in a rush and just want to push your commit so you can get on with life.

9000 internet cookie points to whoever figures out this shit:

I'm trying to import a secret gpg key into my keyring.
If I run "gpg2 --import secring.gpg" and manually type each possible password that I can think of, the import fails. So far, nothing unusual.
HOWEVER
If I type the same passwords into a file and run:
echo pwfile.txt | gpg2 --batch --import secring.gpg
IT ACTUALLY FUCKING WORKS

What the fuck??? How can it be that whenever I type the pw manually it fails, but when I import it from a file it works??
And no, it's not typos: I could type those passwords blindfolded from muscle memory alone, and still get them right 99% of the time. And I'm definitely not blindfolded right now.

BUT WAIT, THERE'S MORE!!

Suppose my pwfile.txt looks something like this:

password1
password2
password3
password4
password5
password6

Now, I'm trying to narrow it down and figure out which one is the right password, so I'm gonna split the file in two parts and see which one succeds. Easy, right?

$ cat pw1.txt
password1
password2
password3

$ cat pw2.txt
password4
password5
password6

$ echo pw1.txt | gpg2 --batch --import secring.gpg
gpg: key 149C7ED3: secret key imported

$ gpg2 --delete-secret-key "149C7ED3"
[confirm deletion]

$ echo pw2.txt | gpg2 --batch --import secring.gpg
gpg: key 149C7ED3: secret key imported

In other words, both files successfully managed to import the secret key, but there are no passwords in common between the two!!
Am I going retarded, or is there something really wrong here? WTF!

Varies wildly, depending on location and company.

Find yourself in the right location (London, for instance, and some other big cities) and there's heaps of companies all competing for good devs - willing to pay great salaries, great pensions, free food, offer working from home, healthy training budgets, etc.

Find yourself in the wrong place, or not willing to travel, and you may have to settle for being the "IT guy" at Bob's budget consulting co. where your main job is resetting Lauren from HR's password every few days, even though she "definitely hasn't forgotten it, it's the computer's fault."

The dangers of PHP eval()

Yup. "Scary, you better make use of include instead" — I read all the time everywhere. I want to hear good case scenarios and feel safe with it.

I use the eval() method as a good resource to build custom website modules written in PHP which are stored and retrieved back from a database. I ENSURED IS SAFE AND CAN ONLY BE ALTERED THROUGH PRIVILEGED USERS. THERE. I SAID IT. You could as well develop a malicious module and share it to be used on the same application, but this application is just for my use at the moment so I don't wanna worry more or I'll become bald.

I had to take out my fear and confront it in front of you guys. If i had to count every single time somebody mentions on Stack Overflow or the comments over PHP documentation about the dangers of using eval I'd quit already.

Tell me if I'm wrong: in a safe environment and trustworthy piece of code is it OK to execute eval('?>'.$pieceOfCode); ... Right?

The reason I store code on the database is because I create/edit modules on the web editor itself.

I use my own coded layers to authenticate a privileged user: A single way to grant access to admin functions through a unique authentication tunnel granting so privileged user to access the editor or send API requests, custom htaccess rules to protect all filesystem behind the domain root path, a custom URI controller + SSL. All this should do the trick to safely use the damn eval(), is that right?!

Unless malicious code is found on the code stored prior to its evaluation.

But FFS, in such scenario, why not better fuck up the framework filesystem instead? Is one password closer than the database.

I will need therapy after this. I swear.

If 'eval is evil' (as it appears in the suggested tags for this post) how can we ensure that third party code is ever trustworthy without even looking at it? This happens already with chrome extensions, or even phone apps a long time after reaching to millions of devices.

Ouuu today I experienced how web-devs must feel...

Task: create a form to answer questions with yes/no and a database behind it to collect stats.

So login to phpmyadmin
1. Wrong password got error message
2. No error message, still at login screen, but in address I see a token
3. There must be something wrong
4. Reinstalled phpmyadmin and mysql-server several times, wasted one hour on it - still stuck at login screen
5. Tried different browser and it fucking works!
6. Realized that cleaning cache fixed it...

I have fucking HATED Windows 10 from day one. Now I'm hearing there are new vacillations of this genius programming train wreck that I think is designed to force monetize Microsoft's business model.
After a short while I managed to get to a point where I can maintain W 7. In fact, I'm using my old computer right now. Because I could not get this rant to load onto Devrant website. If you are reading this we know that it is because 10 sucks consistently.
I save my files onto a backup hard drive so I can find 'paper file' type solution for whatever random crap might block me at the keyboard. In fact, I still use paper and file cabinets so "technology" doesn't bring me to a screeching halt every time something like "no record of that account" or "wrong password".
Why the hell does my PASSWORD work from W7 but not from W10?! And it's getting WORSE by the day! I'm about to take a fucking hammer to my new fucking computer. And to that guy who smarmy says something to the effect of 'don't be such a pussy... just fix it and you will be happy.' Well. Fuck you too!
Now. That being said. Anybody have a suggestion on what to try next? And don't say something like, 'take your computer to Micro Center or Geek Squad'. I've done those guys twice each. And for a small phenomenal fee they have each time made things slightly worse plus lost parts of my saved data each time.
Oh. And "reset to previous" doesn't work either.
Suggestions?
Probably better at this point to attempt to solve my own problems wrong for free at this point. Maybe I'll learn to program in Linux or some such thing.
Forrest
for suggestions please contact me at
res0naza@yahoo

!rant

I have about a week of holidays left before my classes start and I'm thinking about creating a notepad with password protection and cloud sync so it can be accesed on other devices.

So this is how it will work.
Probably the same interface as windows notepad so no one notices. It can be used to write a personal diary or anything that you don't want other people to know. It will ask for a 4 digit code when you open it(at first you'll see some text, you'll just enter you pin after that text and without pressing enter if you pin is write you'll see the text changes to your previously saved text and if your pin is wrong no error will be displayed itll work as a normal text editor for intruders and probably this wrong pin will be sent to you on you emil with other info). Now even if yoy minimize the window you'll have enter the pin again or even your windows gets out of focus. So you can have it open all the with out worrying.

I'll be using C# for this which I have no experience with. But I'll get it so no problem here.

Provide your feedback on this with some suggestions.

*Sorry I didn't post it on calebs section because I don't have $10.

Today I had to spend the whole day fixing a stupid bug in a legacy application in a completely different tech stack than I'm used to...

At my company we have an Internet application running where we can upload a word document and using some mailmerge variables magic, can set those vars and receive the personalised word doc back...

Now this is great, when it's working, and is used in various projects we have up and running... Suddenly the application decides to crap out for no apparent reason and guess who drew the short straw....

Anyhow I ask our sys admin for the password to the server, I remote desktop to it, turns out its a fucking Windows 2008 server...

But wait it gets better, the application, a shoddy mess of c# code, is not under any sort of version control, has to be developed on that same server and to top it all of, I have to follow some obscure barely documented deployment precedure to get my changes live....

So after a lot of cursing on the dev (not working at the company any more) who did the original setup, and hours of painstakingly piecing together how it works and what went wrong and how to fix it, I finally managed to get it working....

After this rant, I'm mailing my technical lead about this in the hopes we can get someone to do it right (yes, I'm that naive)

Trying to log into my laptop, I got "wrong password" alert five times only for my illiterate girlfriend to notice that the caps lock was on!

While you're typing and you remember this is not the correct password for this account but you're too lazy to backspace all that state of the art you just wrote so you just ENTER the shit out of that ¯\_(ツ)_/¯

Pulled my hair out over one today (and a week ago when I first saw the issue)

Setting up development environment. Created test user and test database and used mysqldump to copy data over.

MySQL was executing a function as the wrong user. Checked my config files, checked my config reader, checked my database connection, checked checked checked. Checked everything twice, I felt like Santa.

Changed the password in the config file to make sure it was logging in right. It threw an error still but not one I had expected so I figured the login still worked (My bias was that I thought the config file was not working or the mysql library was caching authentication. Both were wrong but this blinded my debugging. Foolish, I have forgotten my training)

Logged into the database directly via client. *didn't bother executing the function because I was only testing auth*

Think
Think
Think

Search entire project for database username. It's gotta be hard coded by accident SOMEWHERE.

It's not.

Why
Why
Why

Wait.

-- Flashback to how the test db was created -- What's actually in this damn script?

DEFINER `production_user` CREATE PROCEDURE `old_db`.`procedure_name`

Two issues: definer is old user (this is the error I was seeing) and its creating the procedure on the old db (this would be the next error I would have found if I kept going)

Fuck mysqldump. Install mysqldbcopy. Works

Put hair back in head.

I used to work with another dev who had memory problems. This guy *literaly* could not remeber what he did yesterday...
So, he was trying to change one of the password screens we had in the app. This was a really simple screen. Logo, password prompt, and two buttons. He worked on this small change for two days, but everything he did did not affect the screen at run time.
So finally, he gave up and called me to help him... I come over, and look at his code. It looks ok. I make a small change, and see what happens. Nothing. I think for a moment, and delete the entire screen UI elements. Run the app. Nothing happens - screen still the same.
Then I got it - he kept changing the wrong screen... for two days....
took me a whole 5 minutes to figure out.

Please don't use shake animations to signify errors, dear user interface designers.

The shake animation is a bad idea introduced to the UX (user experience) world by Apple in 2013 with iOS 7 and Mac OS, and is popularly used by FilePond in response to a failed upload. At some point, this animation was added to the Cinnamon desktop environment login screen in response to a wrong password.

The shake animation is not helpful at all. If anything, it is irritating and provocative.

The red "incorrect password" or "failed upload" text clarifies it well enough. There is no need for a shake animation to rub it into the user's face.

Update to previous rant: My e-banking account is blocked, because apparently I already set a password on a website I never seen before.

- Tried the declined one
- Tried the unsecure one I chossed after the declined one
- Tried the pin number from mobile app.

BAM@#%$#%!!1!one1! YOU ARE BLOCKED FOR ENTERING WRONG PASSWORD TOO MANY TIMES. PLEASE CALL THE FUCKING BANK ON MONDAY.

I seriously hate this stupid country, and companies that don't know a first thing about web getting picked on government and public sector projects, sucking 100s of thousands of euros and providing the user experience that gives you a fucking diarrhea, at every SINGLE ONE OUF THEM!

Actually I have two stories

The first one, that one project I talked about with a big company when I was at school. It wasn't that much coding since it was mostly researching, but it was a big project that seems really interesting, with Image Analysis and Machine Learning.
The projects at school this year got drawn randomly for each group, so when I've been announced that I've been chosen for the biggest project, thinking about every side of the project, I was hyped. And even a year after we finished it, I'm still happy and excited about it.

The second is something a little more funny :
So we got some projects to do during December for school including cryptography. Again, those were randomly drawn (but some can really fuck you up) and I got to do a Password Manager, like KeyPass. We were 4, and we thought we had the time to do it.
But we misread the date. At the end of Christmas break, I got a call of a friend saying that the project is due in two days.
Thing is, one of my three co-workers weren't contactable. And we got nothing.
So I kinda took the lead : I said to one to do the UI, another to do the cryptograph helper, and I'll do the linking and all the behaviour of it.

In two days, I literally spent all the time available on it.
Then first meeting with the teacher for saying what is wrong, where bugs are if they exist, ect. so we can fix the issues and deliver a clean code. They were like only 4 big problems. More is, I fixed them all in like two hours while thinking fixing only one. And we got something like the 2nd or the 3rd best mark of the prom. And everyone congratulated me for that. I got so excited I was able to do that in few time.

But never that again lmao

When a banks mobile app, shows the exact number of characters required to login.
Not a blank space, or similar.
Even if the allowed password is within a range, it still shows the exact number of characters.

Correct me if i am wrong but this shouldn't be like this?

The conversations that come across my DevOps desk on a monthly basis.... These have come into my care via Slack, Email, Jira Tickets, PagerDuty alerts, text messages, GitHub PR Reviews, and phone calls. I spend most of my day just trying to log the work I'm being asked to do.

From Random People:
* Employee <A> and Contractor <B> are starting today. Please provision all 19 of their required accounts.
* Oh, they actually started yesterday, please hurry on this request.

From Engineers:
* The database is failing. Why?
* The read-only replica isn't accepting writes. Can you fix this?
* We have this new project we're starting and we need you to set up continuous integration, deployment, write our unit tests, define an integration test strategy, tell us how to mock every call to everything. We'll need several thousand dollars in AWS resources that we've barely defined. Can you define what AWS resources we need?
* We didn't like your definition of AWS resources, so we came up with our own. We're also going to need you to rearchitect the networking to support our single typescript API.
* The VPN is down and nobody can do any work because you locked us all out of connecting directly over SSH from home. Please unblock my home IP.
* Oh, looks like my VPN password expired. How do I reset my VPN password?
* My GitHub account doesn't have access to this repo. Please make my PR for me.
* Can you tell me how to run this app's test suite?
* CI system failed a build. Why?
* App doesn't send logs to the logging platform. Please tell me why.
* How do I add logging statements to my app?
* Why would I need a logging library, can't you just understand why my app doesn't need to waste my time with logs?

From Various 3rd party vendors:
* <X> application changed their license terms. How much do you really want to pay us now?

From Management:
* <X> left the company, and he was working on these tasks that seem closely related to your work. Here are the 3 GitHub Repos you now own.
* Why is our AWS bill so high? I need you to lower our bill by tomorrow. Preferably by 10k-20k monthly. Thanks.
* Please send this month's plan for DevOps work.
* Please don't do anything on your plan.
* Here's your actual new plan for the month.
* Please also do these 10 interruptions-which-became-epic-projects

From AWS:
* Dear AWS Admin, 17 instances need to be rebooted. Please do so by tomorrow.
* Dear AWS Admin, 3 user accounts saw suspicious activity. Please confirm these were actually you.
* Dear AWS Admin, you need to relaunch every one of your instances into a new VPC within the next year.
* Dear AWS Admin, Your app was suspiciously accessing XYZ, which is a violation of our terms of service. You have 24 hours to address this before we delete your AWS account.

Finally, From Management:
* Please provide management with updates, nobody knows what you do.

From me:
Please pay me more. Please give me a team to assist so I'm not a team of one. Also, my wife is asking me to look for a new job, and she's not wrong. Just saying.

Seriously getty images, what is wrong with you. Usually it is bad enough that sign in forms say username or email and then only accept one of those two options. Getty images only allows for the username, so i enter that. Doesn't work. I use the forgot password function, have to enter username and email, doesn't work. Turns out the username is the email adress and what I entered was only the display name. Seriously, how stupid is that? What is the point of a username when you have a separate display name and just set it to the account email adress?

Stupid UX on Apple app store connect website!
*Enters email
*Enters password
*wrong password, password field still focused
*starts typing: email field focused and all content is written there now .....

Why?

Okay this is my first time posting on this site. I've browsed it (definitely not in class) and the community looks beautiful, so I'm going to just kind of slide in here. Anyways this is the part where I use my caps lock button and type lots of naughty words I guess...

<rant type = 'school'>
Our programming classes are fucking DISMAL uuugh... Okay so we have four technology classes: Tech Exploration, Coding 1, Coding 2, and Intro to CS (a 'high school' level class)... So this means a fuck ton of kids in programming classes, mostly because I WANNA MAKE MINCERAFT AND BE A KEWL BOI LIKE GAME DEV BUT I'M ALSO A FUCKING IDIOT AND WILL NOT LEARN ANYTHING YAAAAAAY but that's a mood and so there's a fucking tidal wave of dumb kids in these classes. So right we're dealing with like 80 kids per class period. Sorry if I'm repeating myself but there are a FUCKTON of students. Now, we have... wait for it... ONE FUCKING TEACHER. ONE. I fucking swear this district does not give a SINGLE SHIT about possibly THE SINGLE FUCKING MOST IMPORTANT SUBJECT WHYYYYYY... Okay so the teacher is kinda overworked as fuck lol. She can't really teach eighty kids at once so she mostly gives us exercises from websites but when she can she teaches us shit herself and actually knows a good bit about her field of study. She's usually pretty grumpy, understandably, but if you ask her a good question that makes her think you can see the passion there lol. So anyways that's a mood. Now at the other school it's even worse. They have this new asshole as a teacher that knows NOTHING about ANYTHING IT IS SO FUCKING REDICULOUS OH MY UUUUUGH... THEY STILL DON'T EVEN KNOW WHAT A FUCKING LOOP IS LIKE OKAY YOU'VE BEEN TEACHING PROGRAMMING FOR A YEAR AND YOU'RE THE ONLY ONE TEACHING IT AT THAT DISTRICT SO MAYBE YOU SHOULD AT LEAST FUCKING TRY WHAT IS WRONG WITH YOU... so he just makes them do shit from a website and obviously can't do half of the shit he assigns it's so fucking sad... I swear this district is supposed to be good but maybe not for the ONE THING I WANT IT TO BE GOOD FOR. Funny story: in elementary school once I wrote down school usernames for people I didn't really know and shared them a google doc that said "you have been hacked make a more secure password buddy" etc etc and made them the owner and these dull shits report it to the principal... So I'm in the principles office... Just a fucking dumb elementary school kid lol and the principal is like hAcKiNg Is BaD yOu ShOuLd NoT dO iT and I'm like how did you know it was me... so he goes on to say some bullshit about 'digital footprint' and 'tracing' me to it... he obviously has no clue what he's saying but anyways afterwards he points to where it says last change made by MY SCHOOL ACCOUNT... HOW DULL CAN YOU FUCKING POSSIBLY BE IT WAS FROM MY ACCOUNT THAT LITERALLY PROVED THAT I DID --NOT-- 'HACK' INTO THEIR ACCOUNT YOU DUMB FUCK. Okay so basically my school is a burning pile of garbage but it's better than most apparently but it's GARBAGE MY GOD... Please fucking tell me it gets better...

okay lol that was longer than I thought it would be guess I just needed to vent... later I guess
</rant>

What the hell is wrong with recaptcha? It is solely there to be a nuisance, especially if I use a 2FA device. I do not fear hacking attempts against my username+password, because the 2FA will keep the lucky guess out.

This is the story of probably the least secure CMS ever, at least for the size of it's consumer base. I ran into this many years ago, before I knew anything about how websites work, and the CMS doesn't exist anymore, so I can't really investigate why everything behaved so strangely, but it was strange.

This CMS was a kind of blog platform, except only specially authorised users could view it. It also included hosting. I was helping my friend set it up, and it basically involved sending everybody who was authorized a email with a link to create an account.

The first thing my friend got complaints about was the strange password system. The website had two password boxes, with a limit of (I think) 5 characters each. So when creating a account we recomended people simply insert the first 5 characters in the first box, and the rest in the second. I can not really think of a good explanation for this system, except maybe a shitty way to make sure password are at least 5 characters? Anyway, since this website was insecure the password was emailed to you after the account was created. This is not yet the WTF part.

The CMS forced sidebar with navigation, it also showed the currently logged in users. Except for being unreadable due to a colorful background image, there where many strange behaviors. The sidebar would generally stay even when navigating to external websites. Some internal links would open a second identical sidebar right next to the third. Now, I think that the issue was the main content was in an iframe with the sidebar outside it, but I didn't know about iframe's back then.

So far, we had mostly tested on my friends computer, which was logged in as the blog administrator. At some point, we tried testing with a different account. However, the behavior of sidebars was even stranger now. Now internal links that had previously opened a second, identical sidebar opened a sidebar slightly different from the first: One where the administrator was logged in.

We expirimented somewhat, and found that by clicking links in the second sidebar, we could, with only the login of a random user, change and edit all the settings of the site. Further investigation revealed these urls had a ending like ?user=administrator2J8KZV98YT where administrator was the my friends username. We weren't sure of the exact meaning of the random digits at the end, maybe a hash of the password?

Despite my advice, my friend decided to keep using this CMS. There was also a proper way to do internal links instead of copying the address bar, and he put a warning up not to copy links to on the homepage. Only when the CMS shut down did he finally switch to a system where formatting a link wrong could give anybody admin access.

rants[0] =

"tl;dr: the account creation process at salesforce.com is really flawed.

In a lecture we were supposed to try out different CRM tools, one of them was salesforce. They are the worlds largest CRM software provider - not relevant for the rant, but it means they should have enough $$$ and competence to make something better.

When you create your account, you do not set a password. Instead they send you an email with a link, serving both as account activation and for setting your password. However, if you close the tab without setting a password, your account is still activated and the link in the email won't work anymore.

Alright, rather annoying, but that's why you can reset your password via email, right? Wrong. When you try to reset your password, they prompt you with a security question. Even when you never set them up. And obviously can't give the right answer. Who designed this logic?

On top of that, they nicely tell you to contact your sys admin if you are still having issues. My account is private. Not associated with any company.

So yeah, burned 3 emails until I figured that out and created 3 accounts I can never access again.";

Upgraded our internal samba fileshare. Was getting too old. So updating the apt sources list and push the dist-upgrade: what could possibly go wrong?
Everything.
Somehow the locale went astray, updating the manpages gave too many errors and now finally everything's fucked up, because it somehow deleted the sudo binary and root is locked or we don't have password.
We noobs.
But samba was updated and it's still serving our files.

About a month ago, one billion of Yahoo Accounts has been compromised. Today I received two emails from yahoo in my gmail accounts, they were saying that my yahoo password has been changed and my recovery email has been removed (+ a lot of warning emails of old accounts of forum and games that were receiving unknown accesses, but nvm). In the email which informed me about the recovery, I saw a link that would have allowed me to restore the old account, but before to click I thought "Wait! I had like 10 yahoo accounts. What account am I saving?" I check, I read, I read again, but nothing, no information about it in the text. Nevermind, there's a link. This link will be related to a specific account. Right? Wrong. I click, it sends me in a generic page. The link is mute. I attach a screenshot, you can see where the link points in the left-bottom corner. So now I know that one of my accounts has been hacked, I don't know WHICH account has been hacked and I'm not able to recover my account. Luckily it wasn't my main inbox!

Trying to delete facebook. Apparently the password i just used to log myself in is wrong

I can't stress this enough: Fuck Workday as an ATS. Nobody wants to create a new Workday account with a new password for every company that they want to apply to. Like which moron PM at Workday thought this was a good idea? Not to mention Workday's terrible resume parser, which requires you to essentially manually enter your entire resume because the parser only picks up the first word of each job description on your resume (and even then it puts that one word in the wrong field.)

!long rant
Trying to work from home is always a pain, since we need to use company laptops (no ifs, ands or buts about it).
Yesterday I took the laptop in to check for updates that just wouldn't run while at home (my first mistake), and I couldn't get past the "Press Ctrl+Alt+Delete to login" screen, laptop keyboard didn't seem to be registering clicks, and an external keyboard wasn't either (and I forgot about the on-screen keyboard). A couple of restarts later with no further changes to the situation, the laptop then didn't get past the BIOS screen.
So I called support (my second mistake) and logged an incident.
Couple of hours later someone comes to my desk and asks about the issue, so I describe it, show them (by now the laptop was once again getting past BIOS screen), and leave them to it. Since these laptops are just used as preconfigured VPN and RDP gateways, I said it would be okay if he just wanted to reinstall the OS (my third mistake).
Several hours later, after staying late last night waiting for it to finish, I loaded my profile, installed updates, shut down, grabbed my stuff and left, without checking VPN or RDP over WiFi (my fourth mistake).
Turns out that some of the buttons on the keyboard just no longer work, but now USB keyboards do work, and I can just use OSK to login while out. I figured this would be my only issue with things, and that it was acceptable.
This morning I attempt to use the laptop, and forgot about OSK and the faulty delete button, so spent a few minutes on that. Try to connect to WiFi and find it can't connect, because of course, it doesn't remember the WiFi password, so I root around for the code in some drawer, enter it, and it works. VPN tries to connect and... get told to insert my smart card, which is already inserted, because the driver is wrong!
So I'm sitting here writing a post, not quite believing that I'm considering cancelling my plans for the day to go into the office because of a bloody driver issue now...

Why does #Devrant (idk if #'s are a thing here) not have a confirm password field?

Come on... I doubt it annoys users and it saves people a lot of hassle, especially when we are logging in on multiple devices :/ I know lots of people who type their password wrong the first time and later on they can't login and get frustrated and confused then end up resetting via email.

Also why no login with Google etc~ that's kinda annoying too...

I try to log in via SSH to a remote server. In the beginning all is well. It asks for my password, so I enter the password. Next thing: connection closed by the remote server.

So I wonder what the problem might be... I guess that perhaps I forgot to specify the username. Indeed when I try the 2nd time with my user name added in front of the host name - it works just fine.

But why is there no error message? Why not tell the user what's wrong? "User name is required". Can't be that hard?

Sometimes I see stuff and it just blows my mind why on Earth some things function so poorly. SSH exists for dozens of years yet the error message is not there -> it's guessing time.

I'm doing a thing that I *think* will save time, but it's weighing the time saved in having to maintain the secure password against having to convince my manager that using a random string in an ansible deployment for a database is fine because everything that connects to it is in the same stack... What could go wrong?

Fuck you Linux! I thought user password validation would be a piece of cake, like bash one liner. How wrong could I be!

Yeah, it's already ugly to grep hash and salt from /etc/shadow, but I could accept that. But then give me a friggin' tool to generate the hash. And of course the distro I chose has the wrong makepswd, OpenSSL is too old to have the new SHA-512 built in, as it should be a minimal installation I don't want to use perl or python...
And the stupid crypto function that would do me the job is even included in glibc. So it's only one line of C-code to give me all I want, but there is no package that would provide me this dull binary? Instead I will have to compile it myself and then again remove the compiler to keep image small?

I work in a small team. As the senior dev I tens to focus on important tasks that shape the core of the product but some times I can’t divide my self when there are multiple tasks at hand, so I pass some tasks to the an other mid level dev.

So the task was to create an automation in order to CD (continuously deliver) an order from WHMCS of the (git versioned) product to customers UAT, PROD envs.

To get a background this is an old guy with “constricted” experience in PHP/jQuery/Joomla/Wordpress.

So when we were breaking up the tasks he told me he would like to implement this so i gave him the task as i was busy with core features.

I was like what could go wrong? I know he doesn’t know much about CI/CD but he can read right? He will google right? He will search for CI/CD solutions that do this out of the box right? He will design on paper or what ever and do small POCs right? He will design the flow first before starting the implementation right? RIGHT?

So fast forward to today I had a call with him this morning about some DB staff. And he wanted to show me his progress…

His solution is:
(parentheses is my brain)
1. Customer completes WHMCS order (perfect)
2. Web Hook 🪝 action (YES)
3. cpanel gets source and “automatic!” Init, all using pure PHP code ignoring the usage of the current framework (ok… something is missing)
4. cpanel web hooks(?) WHMCS to send email to customer with the envs initial setup page(?)
5. Customer opens link and adds setup info (ok fuck, fuck, fuck)

(Ok stay cool composed, lets ask some questions maybe he thought it all in a cool way I can’t get my mind around)

Me: So how are you gonna get the correct version from the repo to the env and init the correct schema?

Dev: I haven’t thought about it yet.

Me: Are we gonna save each version to a file system then your code is going to fetch them?

Dev: I haven’t really thought about it we will see. But look on customer init user setup I implemented a password strength validation and it also checks if the password is the same.

So after this Pokémon encounter I politely closed teams. Stood up drank some (a lot) coffee ☕️. Put out the washed laundry while reflecting on life’s good things, while listening to classical music 🎼 .

Then I sat on my office chair drank some more coffee, put some linking park starting with in that order:
“Numb” then “What I’ve Done” and ended with “In the end, it does really fucking matter”

TLDR; Send help, need VR video player that works on all the platforms (not IE, that can burn in hell)

Okay, don't get me wrong; I love iOS and most of it's features like being able to connect to the same WIFI-networks without having to fill a password twice.

But holy shit; Fuck Safari.

They made it so hard to access the stupid motion thing which you can use for VR.

Why do I know this? Well of course I have been building an app for a client which needs to display 360 degree video, which would be best viewed by turning your phone instead of swiping across your screen.

First run of an import procedure in the production environment.
Spent all morning with an "Unsupported media type" error.
Finds out that the provided password was wrong and that the Webservice always return that message when there's an error.
Any type of error...

Am I doing something wrong in integrating bootstrap into my web design.
I'm just making some cool looking password reset forms and stuff.
1. Is it overkill?
2. Is there a better alternative?
3. Any good tutorials to understand bootstrap better than what I do know? (afaik it's just a collection of html elements and css styles)
4. I still have a problem with auto padding at different resolutions which messes up the alignments and stuff I'm really inexperienced at this.
5. I'm a noob at web UI and I want to add it to my skill set so I don't mind a good recommendation to some sort of path I can follow. (I'm alright with Photoshop concept designs, I'm bad at implementing them)

I changed my password to "incorrect", so anytime I forget and enter the wrong thing, the computer tells me what it is.

i am currently tasked with testing various small company ERP softwares.
for the current one i have a full 30 days evaluation copy based on MSSQL Server, i had some problems to integrate the local MS Jet Databse into the server so i call support, all is well and good..except it doesnt work. After a while it turns out, my 15 character password was too long for their software to handle. Furthermore, everytime i try to login i have to enter the password twice, after asking the support why that is they say "so you have additional validation if you entered the correct password"

i tried to explain three times that i know the password, i dont create a password, there is no need for validation, the server (hopefully) will report wether my password was right or wrong. Support guy just says "i think differently, this is a good function"

in a few weeks i will visit them personally for a meeting, i dont know yet if i can stop myself stranggling this buffon

Hey Guys!

Hope to find some help here. So i got a MacBook Pro (2015) from my Workplace and upgraded it to High Sierra. I set everything up and it worked fine untill i did some User configurations. I couldnt access the Settings in preferences because my password was wrong (it wasnt really, but it didnt accept it). So i thought reinstalling would help. I did the reinstall process but got an error at the end of it. “Could not create a reboot partition”. I don’t remember the message exactly. So I have tried several things and hope someone can give me a hint.

- reinstall via cmd + r -> failed
- made a time machine backup from my private MacBook (High Sierra) and put it in my work MacBook -> failed
- recovery from internet -> failed
- external drive with High Sierra installer and booting it from there -> failed

Hope you guys have a clue what to do. Thank you :).

This tuesday I saw a really badly made PHP web application. Two actually. I was giving a time estimate for how long it would take to transfer these applications to our servers. While I was reading the code it became apparent that they had more security holes than Emmental cheese. Most views had obvious SQL-injection vulnerabilities and most probably XSS too. Although I didn't think too look for XSS in the moment. It just puzzled me that this bad code even exists.

But cherry on top was that the password wasn't checked at all. The login form was on the organization's website and was sent to the selected application. But the password wasn't checked in the application. And this was made by a real Finnish software development firm, like what the fuck.

Time to redo the applications I guess. Not like there's anything wrong in that if they pay for it.

Trying to make a nodejs backend is pure hell. It doesn't contain much builtin functionality in the first place and so you are forced to get a sea of smaller packages to make something that should be already baked in to happen. Momentjs and dayjs has thought nodejs devs nothing about the fact node runtime must not be as restrained as a browser js runtime. Now we are getting temporal api in browser js runtime and hopefully we can finally handle timezone hell without going insane. But this highlights the issue with node. Why wait for it to be included in js standard to finally be a thing. develop it beforehand. why are you beholden to Ecma standard. They write standards for web browser not node backend for god sake.

Also, authentication shouldn't be that complicated. I shouldn't be forced to create my own auth. In laravel scaffolding is already there and is asking you to get it going. In nodejs you have to get jwt working. I understand that you can get such scaffolding online with git clone but why? why express doesn't provide buildtin functions for authentication? Why for gods sake, you "npm install bcrypt"? I have to hash my own password before hand. I mean, realistically speaking nodejs is builtin with cryptography libraries. Hashmap literally uses hashing. Why can't it be builtin. I supposed any API needed auth. Instead I have to sign and verfiy my token and create middlewares for the job of making sure routes are protected.

I like the concept of bidirectional communication of node and the ugly thing, it's not impressive. any goddamn programming language used for web dev should realistically sustain two-way communication. It just a question of scaling, but if you have a backend that leverages usockets you can never go wrong. Because it's written in c. Just keep server running and sending data packets and responding to them, and don't finalize request and clean up after you serve it just keep waiting for new event.

Anyway, I hope out of this confused mess we call nodejs backend comes clean solutions just like Laravel came to clean the mess that was PHP backend back then.

Express is overrated by the way, and mongodb feels like a really ludicrous idea. we now need graphql in goddamn backend because of mongodb and it's cousins of nosql databases.

Our government's "information and technology institution" ran a ctf yesterday. Their website was a whole template. And like 1 hour before ctf website approximately got 400-500k request and they've hit by a ddos. During the competition individual competitors couldn't log in their accounts due to "wrong password" and also password reset mails not sent.

One of the rules of the competition was that the questions were not leaked out during the contest. But some groups and individuals wanted help for questions on some hack forums. CTF is over and seems like script kiddies gonna win.

Shitstorm.

The fuck symfony again - passwords migration - no error but does not work. One guy in the comment wrote what fixed - I had wrong configuration. Why it cannot give fucking error when the configuration is wrong. And I did not see even in documentation that I need to do that. I do not know if symfony really deserves so much popularity if it wastes so much time. Checked my tracker - I have spent about 13 hours for symfony upgrade from I think 5.1 to 5.3 and password migration.