!dev - cybersecurity related.

This is a semi hypothetical situation. I walked into this ad today and I know I'd have a conversation like this about this ad but I didn't this time, I had convo's like this, though.

*le me walking through the city centre with a friend*
*advertisement about a hearing aid which can be updated through remote connection (satellite according to the ad) pops up on screen*

Friend: Ohh that looks usefu.....
Me: Oh damn, what protocol would that use?
Does it use an encrypted connection?
How'd the receiving end parse the incoming data?
What kinda authentication might the receiving end use?
Friend: wha..........
Me: What system would the hearing aid have?
Would it be easy to gain RCE (Remote Code Execution) to that system through the satellite connection and is this managed centrally?
Could you do mitm's maybe?
What data encoding would the transmissions/applications use?
Friend: nevermind.... ._________.

Cybersecurity mindset much...!

A lot of docker containers.

I often have to use docker containers while I don't understand it as well yet and quite some containers literally come with zero documentation or bad docs.

This both as for how to set the containers up and how to debug stuff.

This is one of the big reasons why I'm not as big of a fan of docker yet.

Especially painful being a cybersecurity engineer;

Did something wrong with an if-statement.

Caused authentication to break completely; anyone could login as any user.

Was fixed veeeeeeery quickly 😅 (yes, was already live)

I was curious about how the Genetic Algorithm works, wanted to try it out.

So I've created some toy cars using Three.js and "asked" them to do the self-parking with a little bit of Genetic Algorithm help.

It was fun to see how those toy cars were evolving and actually started to be less stupid :D

Here are some more details:
https://trekhleb.dev/blog/2021/...

SSL denied to shake his hand

Please stay at home...

You know what the worst type of screwups are? Those that have already happened but you don't know about yet.

There you are, coasting along, thinking everything's OK, blissfully unaware that you're fucked. And no matter what you do, you're still fucked.

Now finally im in a phase of my life..... Where.... I dont know what the fuck is going on anymore 🤣🤣🤣🤣

"My rates are as follows:
$50/hr.
$75/hr. if you watch
$100/hr. if you help" - An Autobody Sign

Recently (last 6 month) I am getting a feeling like I don't know what to do in my life. I don't have any short and long term plan for my life. No ambition and no will power to do anything. procrastinating all task and doing them when there is no time.

Recently I was offered equity in my company and I don't know if I want that. I don't have any answer to any question in my life.

Does anyone know what to do?

Started new job almost two moths ago..

For almost 3 years I was developing custom themes, plugins, and widget for WordPress using PHP, jQuery/AJAX, and MySQL.

The new company that hired me brought me on as a backend developer to help rebuild their custom PHP Framework, and other web based software/products as their moving toward Google Cloud Platform.

When I started, MVC and OOP was new to me... took a couple weeks to get the hang of things, and understand their system.

Just when I was getting comfortable, I had a task assigned to me that was all NodeJS...

Had a 30 check-in the week I started the Node task, and was feeling pretty beat down because it was all new to me and I wasn’t making a lot of progress, and still not comfortable with Promises yet, and some other ES6 features but finding my way around slowly but surely.

Manager reassured me that I wasn’t going to be fired and it wasn’t unique to myself. Very encouraging to hear, but I’m my own worst critic so it’s frustrating not being able to make progress like I would with PHP projects.

Fast forward to this week, I started to review another task for a feed and found it’s all Ruby! Another language I have no familiarity with... and started to question if I’ll every get the hang of all these languages and be a solid team member...

Not only do I have to get a grasp on NodeJS and Ruby now, but then I’ll also have to get familiar with GCP and whatever else comes along with it...

Oh and I’m using Linux now instead of Windows/ OSX... so there’s that too.. plus the other command line tools the company built, and uses..

I was comfortable developing in PHP and know I needed to take a step and accept this job to move my career forward but it seems like I’m always behind the 8 ball...

Some days I wonder if it was worth staying a Wordpress developer and just focused on learning ReactJS and stay more Front-end than Backend..

I enjoy working with talented people but I don’t like being the low man on the totem pole knowing I don’t have the experience yet.

Does it feel like this for all devs?!?!

In response to:
https://devrant.com/rants/2149067/...
I took your advice.
She said yes 😁

So a few days ago I felt pretty h*ckin professional.

I'm an intern and my job was to get the last 2003 server off the racks (It's a government job, so it's a wonder we only have one 2003 server left). The problem being that the service running on that server cannot just be placed on a new OS. It's some custom engineering document server that was built in 2003 on a 1995 tech stack and it had been abandoned for so long that it was apparently lost to time with no hope of recovery.

"Please redesign the system. Use a modern tech stack. Have at it, she's your project, do as you wish."

Music to my ears.

First challenge is getting the data off the old server. It's a 1995 .mdb file, so the most recent version of Access that would be able to open it is 2010.

Option two: There's an "export" button that literally just vomits all 16,644 records into a tab-delimited text file. Since this option didn't require scavenging up an old version of Access, I wrote a Python script to just read the export file.

And something like 30% of the records were invalid. Why? Well, one of the fields allowed for newline characters. This was an issue because records were separated by newline. So any record with a field containing newline became invalid.

Although, this did not stop me. Not even close. I figured it out and fixed it in about 10 minutes. All records read into the program without issue.

Next for designing the database. My stack is MySQL and NodeJS, which my supervisors approved of. There was a lot of data that looked like it would fit into an integer, but one or two odd records would have something like "1050b" which mean that just a few items prevented me from having as slick of a database design as I wanted. I designed the tables, about 18 columns per record, mostly varchar(64).

Next challenge was putting the exported data into the database. At first I thought of doing it record by record from my python script. Connect to the MySQL server and just iterate over all the data I had. But what I ended up actually doing was generating a .sql file and running that on the server. This took a few tries thanks to a lot of inconsistencies in the data, but eventually, I got all 16k records in the new database and I had never been so happy.

The next two hours were very productive, designing a front end which was very clean. I had just enough time to design a rough prototype that works totally off ajax requests. I want to keep it that way so that other services can contact this data, as it may be useful to have an engineering data API.

Anyways, that was my win story of the week. I was handed a challenge; an old, decaying server full of important data, and despite the hitches one might expect from archaic data, I was able to rescue every byte. I will probably be presenting my prototype to the higher ups in Engineering sometime this week.

Happy Algo!

I recently met a young fella (14yo) playing League of Legends. He asked:
- What do you do for a living?
- I'm a programmer, do you know anything about programming?
- I don't, actually.

Apparently he was playing from a LAN Gaming center 'cause he didn't have a computer at home (his computer had broken and these Lan centers are pretty affordable).
I figured I could explain to him what was it and what super powers you could get from it. Turns out I recommended a JS course in codecademy and now he goes to the LAN center every day to study programming (he got really into it!).
Now he always pings me with questions about JS and apparently he's learning a ton! He had almost no English skills too (we're Brazilian), and because most of the material in the internet is in English he found himself some free English courses and he's now taking them!

Knowledge is free on the internet and I guess he's just realized that.

Not exactly a rant guys, just figured it was a nice story to tell :)
#TeachAKidHowToCode

I'm starting to realize my place looks more and more like some sort of Batcave...

"I like nonsense, it wakes up the brain cells. Fantasy is a necessary ingredient in living, It’s a way of looking at life through the wrong end of a telescope. Which is what I do, and that enables you to laugh at life’s realities. " - Dr. Seuss

That moment when you ask your friend if he/she has plugged it in and they say yes and your answer is ”send a picture” and they respond with this....

So, I took 4 weeks vacation. I planned to finish so many projects and learn so many stacks.

First 3 weeks:

Today I met a girl who’s super cute, down to earth, smart, uses no social media, and games. I would normally wake up soon after such dreams, but this actually happened today. I asked her out before it was too late 😊

i am rly lonely and that depresses me so can someone reply to this post so i can feel like i exist and important

Today I learned:

`/usr` stands for “universal system resources” not “user”

`/dev` stands for “device” not “development”

Had no idea.

So basically there's this guy, that work with us that relocated from a small village south of Italy to the city where we have the HQ.

So after a while this guy has found a girlfriend here and after few days we discovered that he never had sex in his life. you may ask, how did you discover it? Yes, basically he disappeared for a week, his phone was off, no slack, no Facebook, nothing. We couldn't contact him in any way. After a week he gave a call to our cto saying sorry about what happened and explaining that he spent the whole week having sex with his girl, day and night. This story has also a good end because he still has his job.

I was told that my comment on another rant needed to be its own rant. So here it is:

I had a client that runs a tattoo shops website to be updated and more modern. He wanted nothing to do with looking at or approve mock ups or designs so I just did my thing and took care of it. Once I was finished I showed him what I had and said “now I just need some content from you all so I can replace all the placeholder text and images”.
He seemed completely onboard. Took down notes of all the content needed, assigned all of it out to his artists to gather what I needed and provide it to me.
After 6 months, and several emails asking if they ever got that content together I finally get a response:
“LOOK MAN, if you didn’t want to do the site then you shouldn’t have accepted the money. I know you don’t need all these from us to finish up, you’re just stalling! I need the site up now!”
So I’m like “Sure man, I’ll publish it exactly as it stands now.”
An hour later I get a call “who are these people in these pictures? Why do you have our pricing all wrong? Why is everything in French or something (Lorem ipsum)? I just need my money back at this point.”
I explained that he’s not getting his money back because I already did my part, but just because it’s important to me that a client is satisfied (and seemingly what he wants is money) I can waive his hosting fee for the next 3 years.
It’s been a year now. Sites still up in all “French”, wrong pricing, random stock photos. Couple weeks ago he called to apologize for being a dick before.
Still haven’t gotten any content to finish up.
I don’t understand. It’s like these people think if you want to publish a book for instance that you just give the publisher the title you came up with and they’ll fill in the pages with story/info for you.
I’m a web developer, not a content manager.

Few months ago, I ate so many MBs (just 300+ GBs) in a month that my ISP blocked my connection and sent a worker to check if i was sharing my internet connection with neighbours etc. { They say UNLIMITED downloads when selling packages }
I was so pissed that after restoration I wrote autorun-on-startup powershell which keeps downloading a 100MB file forever just to eat bandwidth.
This month my downloads crossed a TB.
I feel like I've pissed in ISP's face just to show that if I'm not eating TBs every month, it doesn't mean i can't do it.

Things have been a little too quiet on my side here, so its time for an exciting new series:

practiseSafeHex's new life as a manager.

Episode 1: Dealing with the new backend team

It's great to be back folks. Since our last series where we delved into the mind numbing idiocy of former colleagues, a lot has changed. I've moved to a new company and taken a step up as a Dev manager / Tech lead. Now I know what you are all thinking, sounds more dull and boring right? Well it wouldn't be a practiseSafeHex series if we weren't ...

<audience-shouting>
DEALING! ... WITH! ... IDIOTS!
</audience-shouting>

Bingo! so lets jump right in and kick us off with a good one.

So for the past few months i've been on an on-boarding / fact finding / figuring out this shit-storm, mission to understand more about what it is i'm suppose to do and how to do it. Last week, as part of this, I had the esteemed pleasure of meeting face to face with the remote backend team i've been working with. Lets rattle off a few facts to catch us all up:

- 8 hour time difference to me
- No documentation other than a non-maintained swagger doc
- Swagger is reporting errors and several of the input models are just `Type: String`
- The one model that seems accurate, has every property listed as optional, including what must be the primary key
- Properties go missing and get removed at the drop of a hat and we are never told.
- First email I sent them took 27 days to reply, my response to that hasn't been answered so far 31 days later (new record! way to go team, I knew we could do it!!!)
- I deal directly with 2 of them, the manager and the tech lead. Based on how things have gone so far, i've nick named them:
1) Ass
2) Hole

So lets look at some example of their work:

- I was trying to test the new backend, I saw no data in QA. They said it wouldn't show up until mid day their time, which is middle of the night for us. I said we need data in our timezone and I was told: a) "You don't understand how big this system is" (which is their new catch phrase) b) "Your timezone is not my concern"

- The whole org started testing 2 days later. The next day a member from each team was on a call and I was asked to give an update of how the testing was going on the mobile side. I said I was completely blocked because I can't get test data. Backend were asked to respond. They acknowledged they were aware, but that mobile don't understand how big the system is, and that the mobile team need to come up with ideas for the backend team, as to how mobile can test it. I said we can't do anything without test data, they said ... can you guess what? ... correct "you don't understand how big the system is"

- We eventually got something going and I noticed that only 1 of the 5 API changes due on their side was done. Opened tickets. 2 days later asked them for progress and was told that "new findings" always go to the bottom of the backlog, and they are busy with other things. I said these were suppose to be done days ago. They said you can't give us 2 days notice and expect everything done. I said the original ticket was opened a month a go *sends link* ......... *long silence* ...... "ok, but you don't understand how big the system is, this is a lot of work"

- We were on a call. Product was asking the backend manager (aka "Ass") a question about a slight upgrade to the new feature. While trying to talk, the tech lead (aka "Hole") kept cutting everyone off by saying loudly "but thats not in scope". The question was "is this possible in the future" and "how long would it take", coming from management and product development. Hole just kept saying "its not in scope", until he was told to be quiet by several people.

- An API was sending down JSON with a string containing a message for the user with 2 bits of data inside it. We asked for one of those pieces to also come down as a property as the string can change and we needed it client side. We got that. A few days later we found an edge case and asked for the second piece of data to be a property too. Now keep in mind, they clearly already have access to them in order to make the string. We were told "If you keep requesting changes like this, you are going to delay the release of the backend by up to 2 weeks"

Yes folks, there you have it, the most minuscule JSON modifications, can delay your release by up to 2 weeks ........ maybe I should just tell product, that they don't understand how big the app is, and claim we can't build it on our side? Seems to work for them

Thats all the time we have for today,

Tune in for more, where we'll be looking into such topics as:

- If god himself was an iOS developer ... not
- Why automate when you can spend all day doing it by hand
- Its more time-efficient to just give everything a story point of 5
- Why waste time replying to emails ... when you can do nothing instead

See you all next week,
practiseSafeHex

It has been every loooong time since I have visited our huge local forest with its small mountains. About 10 years actually.
It feels great!

Who needs screenshots?

At my first job in a web agency, we had this client who wanted to make some changes to his website and sent them to us by email. So far nothing unusual ... until I opened the email. To show us the changes he wanted to make the guy has done these steps:

1) He took the picture of his PC screen with the smartpone
2) Printed the photo of the screen
3) He made some pencil scribbles on the paper with comments like "Here we change the font, here we change the color" and the arrows that indicated where to move some blocks of the layout
4) Then he scanned the sheet with scribbles and sent it to us as a pdf by email

Of course, all our attempts to explain how a screenshot works have been useless and he went on like this for weeks

I FUCKING HATE THOSE TWATS GODDAMIT I CANT HOLD IT I WANT TO FUCKIN SLAP THEM

I'm not, by far, what you pros call 'decent' at being a Linux wiz but installing Discord on Manjaro got me feeling 1337.

And all I did was run packer -S discord.

Hey everyone! @trogus and I are headed to TechDay New York tomorrow (May 10) and there will be a devRant booth in the social network section. If any devRanters are attending, you should definitely stop by our booth! There will be free swag and we’d love to meet some fellow ranters!