Got yelled at because super important feature for a client was two days overdue.
The kicker is that they never even talked to IT about the feature let alone give us a decent spec/assignment.

So I guess my most unrealistic deadline was the day before yesterday...

Best thing about having two screens and rectangle is that you can collect all the security pop-ups on the smaller one and just continue working till it's actually convenient to restart everything. (Like after the meeting)

Seriously corporate security measures are completely fucked. Not only did they manage to slow down even Go compiles to a crawl with defender and other crap. Just tried to write 6 words to our PO. Focus got stolen by 4 of the 6 words typed.
One of them demanding to restart Firefox and that one can't be closed or moved out of the way unless you have some fancy window manager tool. This isn't security this is harassment.

I paid yet my supporter status has been removed. Does anyone else have this issue?

@trogus @dfox you might want to look into it.

I'm so tired of all these new support channels. Why the fuck would I want 7 electron based apps/accounts just to ask questions or provide support? I don't want slack, gitter, discord, zulip and what not. Can't keep up with this bullshit.

Can we please get back to supporting open source on IRC? And fuck my life even that got split up due to shit happening in freenode (the company). FML distributed good, fragmented bad.

An entire slick customer facing statistics dashboard... in a product that was discontinued a week after the dashboard was finished.

Had a stupid sales dude. Lost his driver's license due to reckless driving (and this was a few in a row including drunk driving) for 6 months. As it was his job required to drive around he got instantly fired.
So he had to leave laptop, iPad and phone with us (IT). His next stop was finance for the lease car but he was pissed, left the building and drove off.

Apparently rules are super shitty for the theft of a lease by the registered employee. So we could not really mark it as stolen. We alerted the police anyway and he was caught next week for driving without a license. So he went to jail and we got the car back

Dude picking his brain over my coke. Yes I mean attempting to tickle his brain trough the nose hole.
A piece of nasal excrement landed in my coke and made it go fizz, that was how I noticed.

My uncle had a computer with a dot matrix printer attached. I remember that there was a Python turtle like drawing program. Spend quite some hours making blocky single line drawings with that. Printed some too.
No clue what kind of computer it was though. Probably a PC clone like headstart.

Regain work life balance.
The last few years especially with COVID I've started to do way to much for the company's I've worked for. Working while I was coughing my lungs out when I had COVID. Working during my holiday because it was finally a fun feature to develop. Working in lunch breaks because people would call me all the time (remote there are no boundaries)

I left that company on a good note, started actually healthy as the new company actually understands flex working. However as I gained responsibly more meetings started to appear also causing rushed lunches no more walks of sport activities. Than I was lead in a project and because of some personal circumstances (death in the family) that was running long. Again started to work overtime trying to catch up.

I need to stop doing this. Caring is fine but I just give to much when I feel responsible. Good thing is that my current company actually wants to help me with this.

MacBook/OSX

Have used all kinds of OSes and computers. Nothing sucked the productivity out of me as much a company provided MacBook. Some issues were related to the company setup (vpn issues after sleep, jamf botched app installs). But most of the day to day work was just due to crappy key handling. Lots of shortcuts that work everywhere don't (think all the alt combos in terminal). Common things require combos and using the actual keys (like home and end) on an external keyboard have undefined behaviour. Out of the box it does not even have decent window management, this means that a third party tool has to provide the shortcuts and they clash with a few programs.

Thank god I can use Linux now to develop for Linux.

Fuck you haters, I'm not dying of corona so PHP dies with it.

PHP is an amazing language. It has evolved nicely has almost all high performing functionally you need build in. Has a good package manager eco system. It's insanely fast (since 7.0, older versions where just fast with opcache).
Most of the called out inconsistencies are actually because it is consistently following C/POSIX equivalent or people that don't understand dynamic typing (it doesn't mean any shit will stick).

https://awesomeopensource.com/proje...
Fuck off with your JS backend solution because it's faster...

This is a big thanks to all the amazing members of the PHP community that worked hard to make PHP the great language it is today!!!

Hang on image selection dialog.

I'm on Android (MIUI 12) and for a long time I've not been able to select an image. Whenever I go into the picker it slows to a crawl. Even when cancelling the pick devrant is all but frozen. I have to kill it and start again to get back. Selecting an image will make it just show a black screen. Does anyone else experience this?

This is the last part of the series
(3 of 3) Credentials everywhere; like literally.

I worked for a company that made an authentication system. In a way it was ahead of it's time as it was an attempt at single sign on before we had industry standards but it was not something that had not been done before.

This security system targeted 3rd party websites. Here is where it went wrong. There was a "save" implementation where users where redirected to the authentication system and back.

However for fear of being to hard to implement they made a second method that simply required the third party site to put up a login form on their site and push the input on to the endpoint of the authentication system. This method was provided with sample code and the only solution that was ever pushed.

So users where trained to leave their credentials wherever they saw the products logo; awesome candidates for phishing. Most of the sites didn't have TLS/SSL. And the system stored the password as pain text right next to the email and birth date making the incompetence complete.

The reason for plain text password was so people could recover there password. Like just call the company convincingly frustrated and you can get them to send you the password.

I have quite a few of these so I'm doing a series.
(2 of 3) Flexi Lexi

A backend developer was tired of building data for the templates. So he created a macro/filter for our in house template lexer. This filter allowed the web designers (didn't really call them frond end devs yet back then) could just at an SQL statement in the templates.

The macro had no safe argument parsing and the designers knew basic SQL but did not know about SQL Injection and used string concatination to insert all kinds of user and request data in the queries.
Two months after this novel feature was introduced we had SQL injections all over the place when some piece of input was missing but worse the whole product was riddled with SQLi vulnerabilities.

I have a few of these so I'll do a series.
(1 of 3) Public privates

We had a content manager that created a content type called "news item" on a Drupal site. There where two file fields on there. One called "attachments" and the other called "private attachments". The "private attachments" are only for members to see and may contain sensitive data. It was set to go trough Drupals security (instead of being directly hosted by the webserver) but because the permissions on the news items type where completely public everybody had access. So basically it was a slow public file field.

This might be attibuted to ow well Drupal is confusing. Howerver weeks earlier that same CM created a "private article". This actually had permissions on the content type correctly but had a file field that was set to public. So when a member posted the URL to a sensitive file trough unsafe means it got indexed by google and for all to read. When that happend I explained in detail how the system worked and documented it. It was even a website checklist item.

We had two very embarrassing data leaks :-(

For me Jetbrains idea based IDE/editor in part does just about everything right. Only need to really change the redo shortcut. They provide a warning now so you don't lose your undo history on ctrl+y.

On console both Emacs and vim work for me. These days I prefer vim. Nano will work when I'm a pinch but the lack of undo is really annoying. Especially when the cat walks over the keyboard. You just need start all over unless you can see what he did.
Vim has vertical block so you comment/uncommented stuff real fast. The cange word and change till are also real time savers. Vi is to basic and annoying for me, rather use nano than.

Gedit works great for me when viewing or editting a file real quick.

So yeah the situation dictates what tool suites the best.

Idea is where I can spend my time the entire day so if I had to choice one that would be it.

The JavaScript everywhere trend.

Sure it's possible and the language develops at a fast pace since ES6 but JS like any other language just is not suited for everything. I think JS will stay in server side automation and as scripting language for customisation but not how it is abused now in electron or even node.js.

There will be better solutions if they are not already there.

Not sure if it's the worst code review but it's a recent one.

We don't really do code reviews where I work unfortunately but my coworker used my framework for the first time (build some nice composer libraries for cmdline projects) and asked if I could make them do autoloading.
He never used namespaces before so I was glad to help him out.

What I saw was a dreadful mess. His project was called "scripts" so good luck picking a namespace...

Than it was all lose functions in the executable file. All those functions are however called by a class in another file (if they where not calling eachother as a cascading mess). That class was extending an abstract class from my library as instructed. However I never imagined my lib being raped like that.

The functions themselves are a horrible mess. Nothing uniform completely different style (our documentation states PSR's should be used).
Parameters counts higher than 5.
Variable names like Object and Dobject (in calling function Dobject is Object but it needs a fresh one.

If statements on parameters that need basically split it in two (should simply be to functions)
If else statement with return of same variable as a single line (sane people use ternary for that)

Note that I said functions. All of it should have been OO and methods. Would have saved at least some of the parameter hell.

I could go on and on. Do I think the programmer is bad yes (does not even grasp interfaces, dep injection, foreach loops). Is this his best work no. He said that for a one of script like this it just has to work. Not going to be used elsewhere. I disagree as it is a few thousand lines of code that others have to read too.

TL;DR I'm fucking sick and tired of Devs cutting corners on security! Things can't be simply hidden a bit; security needs to be integral to your entire process and solution. Please learn from my story and be one of the good guys!

As I mentioned before my company used plain text passwords in a legacy app (was not allowed to fix it) and that we finally moved away from it. A big win! However not the end of our issues.

Those Idiot still use hardcoded passwords in code. A practice that almost resulted in a leak of the DB admin password when we had to publish a repo for deployment purposes. Luckily I didn't search and there is something like BFG repo cleaner.

I have tried to remedy this by providing a nice library to handle all kinds of config (easy config injection) and a default json file that is always ignored by git. Although this helped a lot they still remain idiots.
The first project in another language and boom hardcoded password. Dev said I'll just remove before going live. First of all I don't believe him. Second of all I asked from history? "No a commit will be good enough..."

Last week we had to fix a leak of copyrighted contend.
How did this happen you ask? Well the secure upload field was not used because they thought that the normal one was good enough. "It's fine as long the URL to the file is not published. Besides now we can also use it to upload files that need to be published here"
This is so fucking stupid on so many levels. NEVER MIX SECURE AND INSECURE CONTENT it is confusing and hard to maintain. Hiding behind a URL that thousands of people have access to is also not going to work. We have the proof now...
Will they learn? Maybe for a short while but I remain sceptic. I hope a few DevrRanters do!

So yesterday I said to my private laptop update and shutdown...

Fast forward to this morning. Hell breaks loose. Have to fix it asap! We have downtime. But fucking windows update!!!

You fucking peace of shit should have done this yesterday. And why does it have to take so long.

Life is sweet. Until you encounter the bug. Than life is just... extra crunchy.

I have just thought of the perfect solution when support for fucking ancient IE versions creaps in the requirements (and asking the assholes to produce numbers to support the crazy does not help)

Just do browser detection and if IE < 9 Replace body with one of those winXP alert boxes that tell them there Computer is infected and that they can get a free scan (it's what they are used to anyway). Put a link to the installer of your favourite browser over the entire image.😎

Good news is 100℅ code reuse! Works on every outdated IE and every website that requires IE support.

Every once in a while the flexibility of dynamic types comes back and bites you in the ars:

So I created method that returns the date significance (day, month, year) or null when no date is set.
I chose a class constant DAY with the value 0.
This is not a problem in if statements as I always use === but in this case a switch made more sense. And as you can guess no date set (NULL) was handled in the self::DAY (0) case... 😐😑😶 Silently resulting in wrong results when no date is given! #£#@$& (and other comic swearing symbols)

Even though php7 finally has decent type hinting resulting in much clearer defined API's we can still go very wrong.
More love to Go for less verbose static typing! To bad we can rarely use it at the office 😥