Question:- Why did a programmer quit his job?

Answer:- Because he didn't get arrays

Oh boy I got a few. I could tell you stories about very stupid xss vectors like tracking IDs that get properly sanitized when they come through the url but as soon as you go to the next page and the backend returns them they are trusted and put into the Dom unsanitized or an error page for a wrong token / transaction id combo that accidentally set the same auth cookie as the valid combination but I guess the title "dumbest" would go to another one, if only for the management response to it.

Without being to precise let's just say our website contained a service to send a formally correct email or fax to your provider to cancel your mobile contract, nice thing really. You put in all your personal information and then you could hit a button to send your cancelation and get redirected to a page that also allows you to download a pdf with the sent cancelation (including all your personal data). That page was secured by a cancelation id and a (totally save) 16 characters long security token.

Now, a few months ago I tested a small change on the cancelation service and noticed a rather interesting detail : The same email always results in the same (totally save) security token...
So I tried again and sure, the token seemed to be generated from the email, well so much about "totally save". Of course this was a minor problem since our cancelation ids were strong uuids that would be incredibly hard to brute force, right? Well of course they weren't, they counted up. So at that point you could take an email, send a cancelation, get the token and just count down from your id until you hit a 200 and download the pdf with all that juicy user data, nice.

Well, of course now I raised a critical ticket and the issue was fixed as soon as possible, right?
Of course not. Well I raised the ticket, I made it critical and personally went to the ceo to make sure its prioritized. The next day I get an email from jira that the issue now was minor because "its in the code since 2017 and wasn't exploited".

Well, long story short, I argued a lot and in the end it came to the point where I, as QA, wrote a fix to create a proper token because management just "didn't see the need" to secure such a "hard to find problem". Well, before that I sent them a zip file containing 84 pdfs I scrapped in a night and the message that they can be happy I signed an NDA.

Anyone remembers that in windows XP you coud set any exe as screen saver, and it would run on time, even before you log into any user, as a default system user with administrator privileges?

Android: where ProgressBars go around in circles and Spinners don’t spin

Indian web dev companies suck ( for developers )

when I finished 3 year grad program in computer application here in my country (India), I thought life's gonna be fun working as a developer. Oh boy, I was so wrong.

I started out working for a small service based IT company, followed by 2 more. I realized really quickly that they're nothing short of a scam. If your company's only agenda to somehow survive in the market and showing no signs of growth in 8 fucking years, then I'm sorry you're working for scamsters.

Now I'm not saying that all of them are alike. But most of them sorta are.

They don't give a shit about quality, not one bit. Quality means no money in the short run. And they haven't been able to develop any strategy to deal with that. Hence, no growth.

They promise 100 things on their website but only provide shitty services in 10.

There is no pair programming, no code review, no code quality check, no architect, no database designer. They won't give you extra time to write test cases. They use git as a storage device.

They don't put their developers (especially the ones who are learning) under any sort of managed development framework to ensure smooth work.

At the end of the day, their main objective is to somehow NOT deliver a project but finish a milestone and make money out of it.

After cashing out for a milestone, they want you to put your current project on hold and start working on a new project until you have like 10-15 projects in the pipeline and you're severely overwhelmed and you just wanna fucking QUIT.

They would say YES to literally every fucking thing, only to disappoint the client later.

I can't believe someone in the US, or UK thought it'd be a good idea to approach these companies
for their brand new app ideas. They're so fucked.

They're rarely finishing any project.

I'm sorry if I hurt your feelings. I had to get it out of my system.

Time for a REAL fucking rant.

io_uring manpages say you can set the CAP_SYS_NICE capability to allow SQPOLL to work. You can't, you still get an operation not permitted errno result.

Why? I checked, it says 5.10 mainline is required. Pretty sure I just manually downloaded and installed the Deb's myself. uname reports that I am at 5.10. So what gives?

Maintainer submitted a patch because they fucked up and made the *actual* capability check look for what's basically root permissions (CAP_SYS_ADMIN... c'mon...) and is now trying to rectify a glaring security shortcoming.

Patch hasn't been accepted or even addressed yet but they already updated the manpages with the estimated mainline kernel release as if it had made it into the release candidate. Manpages have made it into latest debs but the actual change has not.

Where the fuck is the Linus Torvalds that would ream the fuck out of shitty developers doing shitty things? The political correctness climate has discouraged such criticism now and the result... this. This fucking mess, where people are allowed to cut corners and get away with it because it would hurt their feelings when faced with pressure.

I'm not just guessing either. The maintainer has already said some of the "tone" of criticisms hurt his feelings. Yes, sorry, but when you claim 90% speedup over a typical epoll application using your new magical set of syscalls, and nobody can even get 1-2% speedup on a similar machine, people are going to be fucking skeptical. Then when you lower it to 60% because you originally omitted a bunch of SECURITY RELATED AND CORRECTNESS CHECKING CODE, we're going to call you the fuck out for fudging numbers.

Trying to maintain the equivalent of academic integrity within the computer science field is an exercise of insanity. You'd be fired and shunned from publishing in journals if you pulled that shit in ANY OTHER FUCKING FIELD, but because the CS scene is all about jerking each other off at every corner because the mean people keep saying mean things on Twitter and it hurts your feelings therefore we're all allowed to contribute subpar work and be protected from criticisms when others realize it's subpar.

These aren't mistakes anymore, it's clear you're just trying to farm clout at Facebook - maybe even FOR Facebook.

Fuck you. Do it right, the first time. Sick of shitty code being OK all of a sudden.

Love Letter To The Future

Go read it, seriously, dont wait. If you wait it might gone before you even have a chance. This is what we face. The elections don't matter.

This is the real danger we all face.

https://swcs.medium.com/love-letter...

You look like someone who unironically puts “JSON” on their resume as one of programming languages they know.

You probably have casual pictures of Dan Abramov saved on your phone.

Now go finish your top 10 coding productivity lifehacks insta tiktok, or go adjust your standing desk one more time, or go type on your custom mechanical keyboard (which probably has different switches for functional keys. Should I call the keys “functional” if a person like this is the only person who presses them though?)

Yeah, you’re a rockstar. Yeah, that next medium article you’ll write is gonna make you famous. Yeah.

We should not tolerate censorship.
Beyond all the u.s. hype over elections
(and the division in the west in general), the real story is all the censorship on both sides.
Reasonable voices are quickly banned, while violent voices and loud angry people are amplified.

I broke out of the left-right illusion when
I realized what this was all about. Why
so much fighting in the street was allowed, both
justified and unjustified. Why so much hate
and division and slander, and back and forth
was allowed to be spread.

It's problem, reaction, solution.
The old order of liberal democracy, represented
in the u.s. by the facade of the GOP and DNC,
doesn't know how to handle the free *distributed*
flow of information.

That free-flow of information has caused us to
transition to a *participatory* democracy, where
*networks* are the lever of power, rather than
top down institutions.

Consequently, the power in the *new era* is
to decide, not what the *narrative* is, but
who can even *participate*, in spreading,
ideating, and sharing their opinions on that
narrative, and more broadly, who is even allowed
to participate in society itself.

The u.s. and west wants the chinese model of
control in america. you are part of a network, a
collective, through services and software, and
you can be shut off from *society* itself at
the drop of a pin.

The only way they get that is by creating a crisis,
outright fighting in the streets. Thats why
people keep being released after committing serious
fucking crimes. It's why the DOJ and FBI are
intent on letting both sides people walk.
They want them at each others literal throat,
calling for each other's blood. All so they
can step back and then step in the middle when
the chorus for change cries out loud enough.

And the answer will be

1. regulated tech

2. an end to television media as we know it

3. the ability to shut someone off from any service on a dime

4. new hatespeech laws that will bite *all* sides in the ass.

5. the ability to shape the narrative of society by simply 'pruning' networks as they see fit, limiting the reach of individuals on all sides, who are problematic to
the collective direction.

I was so caught up in the illusion of us-vs-them I didn't
see it before now. This is a monstrous power grab.

And instead of focusing on a farce of election, where the party *organizations* involved are institutional facades for industrialists, we should be focusing on the real issue:

* Failure of law to do its job online, especially failures of slander and libel laws, failures of laws against conspiracy to commit crime or assault

* New laws that offer injunctive relief against censorship, now that tech really is the commons. Because whats worse than someone online whipping up a mob on either side, is
someone who is innocent being *silenced* for disagreeing with something someone in authority said, or for questioning a politician, party, or corporation.

* Very serious felony level laws against doxxing and harassment on all sides, with retroactive application of said laws because theres a lot of people on all sides who won't be satisfied with the outcome until people who are guilty are brought to justice.

One of the biggest reality checks you will run into when starting your first dev related job - and which they don't teach you about in school - is that a lot of the time will be spent working with other people's code, and rewriting it into "your own" is rarely an option.

You might be super into making things, but not everyone manages to maintain that same spark while taking over a 15 year old project with fundamental issues that have to be triaged "for now" because you need a hotfix on this other specific thing out in prod before lunch.

There are no gods now. They left the company years ago and nobody knows why they used the windows registry as a user repo.

Spread operator is so fucking based!!!

I don’t like to judge people based on what languages they like (because I like all of them). But I can’t deny the pattern anymore.

Smart people know and enjoy smart languages: Smalltalk, OCaml, Clojure, Lisp, Haskell, etc. They may use JavaScript or PHP to make money, but ask them to code in their smart language and they’ll be more efficient. Getting old, some of those people say “screw it” and find a Haskell job.

You, my friend, are not one of those people. You are VSCode-dwelling goblin who thinks lambda calculus has something to do with JS arrow function notation, is scared of reduce() and not even good at the single fucking language they know.

Insta coders and that mechanical keyboard collector dorks are not “superstars” you got to be like.