Everyone here ranting about a fucking missing semicolon. I can't remember the last time a missing semicolon was the issue...

You wanna know what's REALLY BALL-BUSTING????

WHEN THE FUCKING 10 y/o LEGACY CODEBASE, CODED BY FUCKING PHP WORDPRESS SCRIPTERS WHO THOUGHT THEY COULD BUILD AN ENTERPRISE SHIT CAUSE ZF2 "LOOKS EASY" AND THEN FILL IT UP WITH SPAGHETTI, IS SO BAD WRITTEN THAT IN ORDER FOR THE PAGE TO RENDER YOU ACTUALLY ****HAVE**** TO DISABLE ERROR REPORTING SO WHENEVER A FUCKING ERROR HAPPENS ON THE TEMPLATE RENDER COMPONENT OF ZEND FRAMESHIT 2, YOU'RE LEFT WITH A FUCKING BLANK PAGE AND NOTHING IS LOGGED TO THE LOG FILE, SO YOUR ONLY OPTION IS DIE() DEBUGGING LINE BY LINE ON THE 1300 LINES PHTML FUCKFEST OF A VIEW THEY HAVE.

MISSING SEMICOLON? YES PLEASE, GIVE ME MORE OF THAT SHIT

Me: *puts small piece of tape over webcam*

NSA: Okay guys, shut it all down. No way we can record from the microphone, log keys, access the file system, USB devices, network data or watch the screen. He did the tape.

So, i tried to demonstrate my roommate how many people push their credentials to github by searching for "password remove" commits.

I decided to show him the file and noticed something interesting. A public IP, and mysql credentials.

I visit the IP and what do i see there, a directory listening with a python script, with injects the database into a webpage (???) and a log of all http requests. Lots of failed attacks aiming at the PHP CGI. Still wondering how they failed on a python server 🤔🤔🤔

Edit phpmyadmin to connect to the mysql database. Success.

Inserted a row telling him the his password is on github. Maybe i should also have told him how to actually remove it. 😅
Yes, root can login from %

This is how far i can get with my current abilities.
------------------------------

Scary how insecure this world is.

This is super childish but it's the gameserver insidstry and karma is a bitch.

TLDR: I hacked my boss

I was working for a gameserver and I did development for about 3 months and was promised pay after the network was released. I followed through with a bunch of dev friends and the guy ended up selling our work. He didn't know that I was aware of this as he tried to tell people to not tell us but one honest person came forward and said he sold our work for about 8x the price of what he owed ALL OF US collectively.

I proceeded to change the server password and when he asked why he couldn't log in I sent him an executable (a crypted remote access tool) and told him it was an "encryption tunnel" that makes ssh and file transfers secure. Being the idiot that he is he opened it and I snagged all of his passwords including his email and I changed them through a proxy on his machine to ensure I wouldn't get two factored with Google. After I was done I deleted system 32 :3

Me: you should not open that log file in excel its almost 700mb
Client: its okay, my computer has 4gb ram
Me: *looking at clients computer crashing*
Client: the file is broken!
Me: no, you just need to use a more memory efficient tool, like R, SAS, python, C#, or like anything else!

Waaaay too many but let's go with this one for now.

At my previous job there was a web application which was generating about 1gb of log data a second. Server was full and the 'fullstack engineers' we called had zero clue about backend stuff and couldn't fix it.

Me and another engineer worked our asses off to figure this out but eventually the logging stopped and it went back to normal.

Great, right?

For that moment. I was the on-call server engineer and at like 3am I got called awake because this shit was happening again.
Sleep drunk with my phone I ssh'd into the server, not sure about what to do at first but then suddenly: let's chattr the goddamn log file...

$ chattr +i /var/log/logfile

Bam, worked, done, back to sleep.

(this comment + param marks the file in a way that it can only be read until the mark is removed, so you can't write to it or move it or remove it or whatever)

Holy fuck, this is starting to work!

Problem: I am highly anti google/facebook/few others and I'd rather null route those DNS requests.
The problem is that the pihole only can blacklist domains or wildcard domains but not words. So if Google would come up with a new name for some of their domains, I'd be fucked because I can't filter out the word Google through the pihole.

Today I fucking found the solution (still a work in progress but a PoC is nearly working):
Compiled a program which can monitor DNS queries/requests and logs them to a file.
Have a php (yes I write most of my cli tools in php) script tailing the log file and gathering the requested domains from it.
Then I can see if the domain contains the substring which I don't like (google as word for example) and echo it to the end of my hosts file with 0.0.0.0 in front of it if that's the case.

Holy fuck this seems to be working! 😍

Haven’t been on here for ages, but I felt like I needed to post this:

Warning:
This is long, and it might make you cry.

Backstory:
A couple of months back I worked for a completely clueless dude who had somehow landed a contract for a new website for a huge company. After a while he realised that he was incapable of completing the assignment. He then hired me as a subcontractor and I deleted literally everything he had done and started from scratch. He had over promised and under explained what needed to be done to me. It took many sleepless nights to get this finished with all the amendments and I had to double my pricing because he kept changing the brief.

Even after doubling my prices I still put in way too many hours of work. At one point I had enough and just ghosted the guy as I had done what he asked, and when he submitted it to them they wanted changes. He couldn’t make the changes, so I had to. He wouldn’t pay me extra though. I decided it wasn’t worth my time.

A couple of days ago I heard from him again. He had found another subcontractor to finish the changes. He still needed a few things though, so he promised me that I would get paid after fixing those things. I looked at the few things he had listed in our KANBAN and thought it was a few easy tasks.. until I opened the project..

I had my computer set up to sync with his server because he wanted everything done live and in production. So I naturally thought I would just “sync down” everything that the other subcontractor had done.

Here is where the magic started to happen.. I started the sync and went to grab a glass of water, and it was still running when I came back. I looked at the log and saw a bunch of “node_module” files syncing - around 900 folders. Funny thing is; neither the site nor server has anything to do with node..

I disregarded this and downloaded the files in a more manual fashion to a new folder. Interestingly I could see that my SCSS folders had not been touched since I stopped working on the project.. interesting, I thought to myself..

Turns out, the other subcontractor had taken my rendered and minimised CSS file, prettified it and worked from there. This meant that the around ~1500 lines of SCSS neatly organised in around 20 files was suddenly turned into a monster of a single CSS file of no less than 17300 lines.

I tried to explain to the guy that the other subcontractor had fucked up, but he said that I should be able to fix it since I was the one that made it initially. I haven’t replied. My life is too short for this.

Some fucker installed a keylogger on my Ubuntu laptop at home and registered it as a systemd service. From Wireshark, it's sending each keystroke to a server in France using irc. Tried accessing the server but the moron shut it down immediately. It's the last time am fucking installing code from prebuilt binaries. If I can't build it from source then fuck off your sniffing cunt. I was about to log in into a database from that machine.

UPDATE: I found the actual file sending the keystrokes but it's binary. Anyone know how I can decode a binary file?

When I was in sixth form, I taught my friend how to create empty files using Python. He soon learnt that you could get around the quota enforcer this way.

He was curious to see what would happen if you filled the entire drive to maximum so he ran the code for an ~8TB file. Before he could delete it, he was told to log off. Nobody could save their work and backups weren't performed for 24 hours.

It's safe to say they weren't impressed when they found this.

!security

(Less a rant; more just annoyance)

The codebase at work has a public-facing admin login page. It isn't linked anywhere, so you must know the url to log in. It doesn't rate-limit you, or prevent attempts after `n` failures.

The passwords aren't stored in cleartext, thankfully. But reality isn't too much better: they're salted with an arbitrary string and MD5'd. The salt is pretty easy to guess. It's literally the company name + "Admin" 🙄

Admin passwords are also stored (hashed) in the seeds.rb file; fortunately on a private repo. (Depressingly, the database creds are stored in plain text in their own config file, but that's another project for another day.)

I'm going to rip out all of the authentication cruft and replace it with a proper bcrypt approach, temporary lockouts, rate limiting, and maybe with some clientside hashing, too, for added transport security.

But it's friday, so I must unfortunately wait. :<

!Story

The day I became the 400 pound Chinese hacker 4chan.

I built this front-end solution for a client (but behind a back end login), and we get on the line with some fancy European team who will handle penetration testing for the client as we are nearing dev completion.

They seem... pretty confident in themselves, and pretty disrespectful to the LAMP environment, and make the client worry even though it's behind a login the project is still vulnerable. No idea why the client hired an uppity .NET house to test a LAMP app. I don't even bother asking these questions anymore...

And worse, they insist we allow them to scrape for vulnerabilities BEHIND the server side login. As though a user was already compromised.

So, I know I want to fuck with them. and I sit around and smoke some weed and just let this issue marinate around in my crazy ass brain for a bit. Trying to think of a way I can obfuscate all this localStorage and what it's doing... And then, inspiration strikes.

I know this library for compressing JSON. I only use it when localStorage space gets tight, and this project was only storing a few k to localStorage... so compression was unnecessary, but what the hell. Problem: it would be obvious from exposed source that it was being called.

After a little more thought, I decide to override the addslashes and stripslashes functions and to do the compression/decompression from within those overrides.

I then minify the whole thing and stash it in the minified jquery file.

So, what LOOKS from exposed client side code to be a simple addslashes ends up compressing the JSON before putting it in localStorage. And what LOOKS like a stripslashes decompresses.

Now, the compression does some bit math that frankly is over my head, but the practical result is if you output the data compressed, it looks like mandarin and random characters. As a result, everything that can be seen in dev tools looks like the image.

So we GIVE the penetration team login credentials... they log in and start trying to crack it.

I sit and wait. Grinning as fuck.

Not even an hour goes by and they call an emergency meeting. I can barely contain laughter.

We get my PM and me and then several guys from their team on the line. They share screen and show the dev tools.

"We think you may have been compromised by a Chinese hacker!"

I mute and then die my ass off. Holy shit this is maybe the best thing I've ever done.

My PM, who has seen me use the JSON compression technique before and knows exactly whats up starts telling them about it so they don't freak out. And finally I unmute and manage a, "Guys... I'm standing right here." between gasped laughter.

If only it was more common to use video in these calls because I WISH I could have seen their faces.

Anyway, they calmed their attitude down, we told them how to decompress the localStorage, and then they still didn't find jack shit because i'm a fucking badass and even after we gave them keys to the login and gave them keys to my secret localStorage it only led to AWS Cognito protected async calls.

Anyway, that's the story of how I became a "Chinese hacker" and made a room full of penetration testers look like morons with a (reasonably) simple JS trick.

Me: opens the log file for some answers

Log file:

I hate Wordpress. I hate Wordpress. I hate Wordpress.

Wordpress can take a big shit on itself and crawl into a deep dark hole far away from all that is good.

Who even uses Wordpress? Bloggers? Come on, let’s be honest, they’re using more intuitive sites like weebly, wix, and square space. So WHAT is Wordpress for? I’ll tell you, it’s just to FUCKING TORTURE PEOPLE.

So, being the “techy guy” of the family, a relative contacts me asking for some help with their website because they need to install an SSL certificate but they don’t know how to. I tell them I’d gladly do it because, sure, they’re family and how long can it possibly take to install a certificate? I’ve done it before!

Well, I get to work and log into the sluggish Wordpress dashboard and try to use a plugin that would issue a LetsEncrypt certificate because they are free and just as good as any other SSL. But one plugin after the next I keep getting errors about how my hosting wouldn’t allow it.

So I contact GoDaddy (don’t get me fucking started) and ask them about the issue. The guy tells me it’s “policy” to only be able to use GoDaddy’s certificates. How much do they cost? Oh, how about $100 a year?! Fuck you.

I figured out the only way to escape this hell was to ask them to open an economy Linux hosting account with cPanel on GoDaddy (the site was formerly hosted on a “Managed Wordpress” account which is just bullshit for not wanting to give you any control over your own goddamn content). So now I have to deal with migrating the site.

GoDaddy representative tells me that it should only take 20 minutes for me to do this (I’ve already spent way too much time on this but whatever) so I go forward with the new account. I decide I should migrate the site by exporting a backup and manually placing everything on the new server. Doesn’t it end up taking an entire hour to back up a 200MB site because GoDaddy throttled the processing speed?!

So, it’s another hour later and I’ve installed all the databases and carried over all the files. At this point, I’m really at the end of my rope and can’t wait to install the certificate and be done with this fuckery.

I install the certificate and finally get ready to be on my way, but then I see it. A warning. A warning from my browser telling me the site is only partially secure. It turns out the certificate was properly installed but whoever initially made the site HARDCODED ALL THE LINKS to images, websites, and style sheets to be http instead of https.

I’m gonna explode.

I swear, I’m gonna fucking explode.

After a total of 5 hours of work, I finally get the site secure by using search and replace on every fucking file.

Wordpress can go suck a big one. Actually, Wordpress can go suck the largest fuckin one in existence and choke on it.

TL;DR I agree to install an SSL certificate but end up with much more work than I bargained.

Anyone here put Easter eggs in their code, and care to share examples?

I made a custom script to rotate a log file once a day in my program. So at the bottom of the roll I added a nice little print. See attached.

At my old job, me and a colleague were tasked with designing a new backup system. It had integrations for database systems, remote file storage and other goodies.
Once we were done, we ran our tests, and sure enough. The files and folder from A were in fact present at B and properly encrypted. So we deployed it.
The next day, after the backup routine had run over night, I got to work and noone was able to log in. They were all puzzled.
I accessed a root account to find the issue. Apparantly, we had made a mistake!
All files on A were present at B... But they were no longer present at A.
We had issued 'move' instead of 'copy' on all the backups. So all of peoples files and even the shared drives have had everything moved to remote storage :D
We spent 4 hours getting everything back in place, starting with the files of the people who were in the office that day.
Boss took it pretty well at least, but not my proudest moment.

*Stay tuned for the story of how I accidentally leaked our Amazon Web Services API key on stack overflow*

/facepalm

As usual finished the task just an hour before demo meeting. That hour is for transportation. Obviously I didn't test nor rehearse.

As usual, in to 2 mins of demo and greeted by error page.

As usual
1) stay the fuck calm
2) this features was already demo-ed and fixed and went fine few weeks ago
3) what the fuck happen now
4) stay the fuck calm, smile.
5) "ah please give me one minute, I forgot to clean up some stuff while working on new features"
6) shit shit. read the error message and log
7) oh I did refactor some files last week. Reorganized the files and folders for better structure and easier understanding. Thought I corrected every occurrences. Obviously I missed few.
8) ssh to the server while screen is still showing on projector
9) dig into the file quick
10) stay the fuck calm
11) fix
12) refresh
13) sorry all good, so I was saying ....

Well finally it's done for today and going back to office. After all it went ok. 👌

Not a rant but it's Friday and thought people could use a laugh.

When I was a teen we used AOL and for those who don't know, it was a test of patience to log on. It had to dial in, actually connect, and then you hoped it wouldn't disconnect for whatever reason. Just getting it to connect would take 30 min or more some days. After you were logged in you would get an audio of *Ding Ding*, followed by "Welcome!" and if you had email, "You've got mail!"

So, I decided to play a prank on my dad by swapping the Welcome sound file with the Goodbye sound file. He was waiting for a long time to connect, getting so frustrated. Then it finally does and he hears:

*Ding Ding*
"Goodbye!"

And loses it. Then he notices he is still online and calms down, confused.

I told him about it later but my brother and I got a good laugh out of it.

OK I can't deal with this user anymore.

This morning I get a text. "My laptop isn't getting emails anymore I'm not sure if this is why?" And attached is a screenshot of an email purporting to be from "The <company name> Team". Which isn't even close to the sort of language our small business uses in emails. This email says that his O365 password will soon be expiring and he needs to download the attached (.htm) file so he can keep his password. Never mind the fact that the grammar is awful, the "from" address is cheesy and our O365 passwords don't expire. He went ahead and, in his words, "Tried several of his passwords but none of them worked." This is the second time in less than a year that he's done this and I thought we were very clear that these emails are never real, but I'll deal with that later.

I quickly log into the O365 admin portal and reset his password to a randomly-generated one. I set this to be permanent since this isn't actually a password he should ever be needing to type. I call him up and explain to him that it was a phishing email and he essentially just gave some random people his credentials so I needed to reset them. I then help him log into Outlook on his PC with the new password. Once he's in, he says "so how do I reset this temporary password?" I tell him that no, this is his permanent password now and he doesn't need to remember it because he shouldn't ever need to be typing it anyway. He says "No no no that won't work I can't remember this." (I smile and nod to myself at this point -- THAT'S THE IDEA). But I tell him when he is in the office we will store the password in a password manager in case he ever needs to get to it. Long pause follows. "Can't I just set it back to what it was so I can remember it?"

The website for our biggest client went down and the server went haywire. Though for this client we don’t provide any infrastructure, so we called their it partner to start figuring this out.
They started blaming us, asking is if we had upgraded the website or changed any PHP settings, which all were a firm no from us. So they told us they had competent people working on the matter.

TL;DR their people isn’t competent and I ended up fixing the issue.

Hours go by, nothing happens, client calls us and we call the it partner, nothing, they don’t understand anything. Told us they can’t find any logs etc.

So we setup a conference call with our CXO, me, another dev and a few people from the it partner.
At this point I’m just asking them if they’ve looked at this and this, no good answer, I fetch a long ethernet cable from my desk, pull it to the CXO’s office and hook up my laptop to start looking into things myself.

IT partner still can’t find anything wrong. I tail the httpd error log and see thousands upon thousands of warning messages about mysql being loaded twice, but that’s not the issue here.
Check top and see there’s 257 instances of httpd, whereas 256 is spawned by httpd, mysql is using 600% cpu and whenever I try to connect to mysql through cli it throws me a too many connections error.

I heard the IT partner talking about a ddos attack, so I asked them to pull it off the public network and only give us access through our vpn. They do that, reboot server, same problems.

Finally we get the it partner to rollback the vm to earlier last night. Everything works great, 30 min later, it crashes again. At this point I’m getting tired and frustrated, this isn’t my job, I thought they had competent people working on this.

I noticed that the db had a few corrupted tables, and ask the it partner to get a dba to look at it. No prevail.

5’o’clock is here, we decide to give the vm rollback another try, but first we go home, get some dinner and resume at 6pm. I had told them I wanted to be in on this call, and said let me try this time.

They spend ages doing the rollback, and then for some reason they have to reconfigure the network and shit. Once it booted, I told their tech to stop mysqld and httpd immediately and prevent it from start at boot.

I can now look at the logs that is leading to this issue. I noticed our debug flag was on and had generated a 30gb log file. Tail it and see it’s what I’d expect, warmings and warnings, And all other logs for mysql and apache is huge, so the drive is full. Just gotta delete it.

I quietly start apache and mysql, see the website is working fine, shut it down and just take a copy of the var/lib/mysql directory and etc directory just go have backups.

Starting to connect a few dots, but I wasn’t exactly sure if it was right. Had the full drive caused mysql to corrupt itself? Only one way to find out. Start apache and mysql back up, and just wait and see. Meanwhile I fixed that mysql being loaded twice. Some genius had put load mysql.so at the top and bottom of php ini.

While waiting on the server to crash again, I’m talking to the it support guy, who told me they haven’t updated anything on the server except security patches now and then, and they didn’t have anyone familiar with this setup. No shit, it’s running php 5.3 -.-

Website up and running 1.5 later, mission accomplished.

I was called over by a colleague. She needed help because her computer kept telling her that she did not have permission to run certain programs or access certain files.

She logged in to Windows in front of me. The first thing that I noticed that the username was her office email address. I asked her about it.

Me: Why is your username your email address?
Her: It was this way when I got it.
Me: That is impossible. I made every Windows installation here and I always use the same username which is [companyname] as it is our policy.
Her: I'm telling you, this is the way it was when I got it.
Me: Are completely sure?
Her: Well.... someone else must have renamed it.
Me: So someone fired up your laptop, used your password to log in and changed the username to your email?
Her: I don't understand it either. Is it possible that it happened accidentally, on its own?
Me: ...

Then I explained to her that changing the username on Windows 10 may result in problems with file permissions.

I am not mad because she didn't know about this. I am mad because of her idiotic lies.

Windows troubleshooting:
- Works on my system, therefore it's not an issue.
- Must be a hardware error.
- Obviously it's just cheap hardware.
- Have you tried turning it off and on again?
- Here's some obscure error code that leads nowhere.
- Have you tried "sfc /scannow"?
AS IF SFC IS A FUCKING SILVER BULLET!!!
- Our Indian support chap from answers.microsoft.com will help you.

RRRREEEEEEEEEEEEE!!!!!!!
Solution: quietly weep and reinstall your system.

Linux troubleshooting:
- There are good quality log files.
- You can run the program from the command-line and read both stdout and stderr from it.
- You can usually run the program with high verbosity options to help you track down the error.
- Even daemons can have their commands spawned from a dedicated shell, to see why they failed.
- Usually it's a configuration error and you can easily edit the configuration file.
- More often than not, the program will tell you why it failed.

Solution: usually easy to find.

I fucking love Windows. Because you know, it's so easy to troubleshoot and the support is so great!!!

> dockerized gitea stops working 502,
> other gitea with same config works just fine
> is the same config the issue? maybe the network names can't be the same?
> no
> any logs from the reverse proxy?
> no
> does it return anything at all on that port?
> no
> any logs inside the container?
> no
> maybe it logs to the wrong file?
> no others exist
> try to force custom log levels
> ignored
> try to kill the running pid
> it instantly restarts
> try to run a new instance with specifying the new config
> ignores config
> check if theres anything even listening
> nothing is listening on that port, but is listening in the other working gitea container
> try to destroy the container and force a fresh container
> still the same issue
> maybe the recent docker update broke it? try to make a new one and move only necessary
> mkdir gitea2
> all files seem necessary
> guess I'll try to move the same folder here
> it works
> it is exactly the same files as in gitea1, just that the folder name is different
>

My typical development workflow:

$ ssh user@devserver
$ cd /appdir
$ git clone/pull
$ vim file
$ vim another file
$ tail -f /var/log/applog
$ vim file
$ git commit -am 'fixed the glitch'
$ git push origin dev
^D

I had a huge epiphany on Friday... not all developers enjoy coding.

Discovered when they brought down 2 of our environments, well told them what was wrong with the changes in their code that caused the environments to break, gave them links directly to the file in the gitlab repo that needed to be updated, and...

They fucking went home. The change would’ve taken all of about 30-45 seconds to update and they fucking left.

This person’s team lead come storming in pissed off because her manager is furious about 2 environments going down and preventing everyone else from being able to deploy their changes.

We provide the exact same details to the team lead about what needs to be changed, and advise that her team member took off....

30 mins later, her manager is storming up to us (devops/sre) livid as hell.

Explain the situation for a third time... manager is like, why can’t you guys fix it?

Look here you dense motherfuckers, we can fix the code. We can be the plumbers that clean up your shit. But what value do you gain as a developer if you don’t understand how the systems work and you keep pushing shit in?

Made the changes, fixed the environments, done right? Wrong.

The original developer made more changes not knowing what would happen and thoroughly fucked the environments again.

This dumb-fucking dumpster fire of a dude then sends us a slack message. “It’s down again, can you fix it?”

Our manager steps in and tells us to send him a link to the logs and have him fix it himself!

Thank goodness we have a badass manager.

Send logs, send repo file links (again), and send line numbers in the logs to try and help just a bit more. Dude goes almost the whole day without fixing it, environments are down, other devs are pissed, we throw this dude to the wolves. His manager starts to head over and was about to talk with my team lead when our manager steps out of his office and tells him the in’s and out’s of the situation and that our job isn’t to play log parser/error fixer for the developers. This dude that’s breaking the environments needs to be the one to fix the issue and his team lead should be aware of the problems and should have been able to correct his errors before it ever came to us.

The amount of hand-holding we do is ridiculous.

(Disclaimer, this one guy making some mistakes doesn’t sound too bad, but this is actually a common occurrence for like 40% of all of our developers)

We literally have interns still in college running circles around some of our full time devs. I know I’m not a developer, but for anyone that’s new-ish to developing, when you see shit like that please don’t lose hope. Those ass-hats got into programming purely for a paycheck, not because of passion.

Stick with it and your greatness will know no bounds 👍

As for you craptastic dipstick lickers, FUCK YOU!!! Go back to school and learn how to give a damn.

I've found and fixed any kind of "bad bug" I can think of over my career from allowing negative financial transfers to weird platform specific behaviour, here are a few of the more interesting ones that come to mind...

#1 - Most expensive lesson learned

Almost 10 years ago (while learning to code) I wrote a loyalty card system that ended up going national. Fast forward 2 years and by some miracle the system still worked and had services running on 500+ POS servers in large retail stores uploading thousands of transactions each second - due to this increased traffic to stay ahead of any trouble we decided to add a loadbalancer to our backend.

This was simply a matter of re-assigning the IP and would cause 10-15 minutes of downtime (for the first time ever), we made the switch and everything seemed perfect. Too perfect...

After 10 minutes every phone in the office started going beserk - calls where coming in about store servers irreparably crashing all over the country taking all the tills offline and forcing them to close doors midday. It was bad and we couldn't conceive how it could possibly be us or our software to blame.

Turns out we made the local service write any web service errors to a log file upon failure for debugging purposes before retrying - a perfectly sensible thing to do if I hadn't forgotten to check the size of or clear the log file. In about 15 minutes of downtime each stores error log proceeded to grow and consume every available byte of HD space before crashing windows.

#2 - Hardest to find

This was a true "Nessie" bug.. We had a single codebase powering a few hundred sites. Every now and then at some point the web server would spontaneously die and vommit a bunch of sql statements and sensitive data back to the user causing huge concern but I could never remotely replicate the behaviour - until 4 years later it happened to one of our support staff and I could pull out their network & session info.

Turns out years back when the server was first setup each domain was added as an individual "Site" on IIS but shared the same root directory and hence the same session path. It would have remained unnoticed if we had not grown but as our traffic increased ever so often 2 users of different sites would end up sharing a session id causing the server to promptly implode on itself.

#3 - Most elegant fix

Same bastard IIS server as #2. Codebase was the most unsecure unstable travesty I've ever worked with - sql injection vuns in EVERY URL, sql statements stored in COOKIES... this thing was irreparably fucked up but had to stay online until it could be replaced. Basically every other day it got hit by bots ended up sending bluepill spam or mining shitcoin and I would simply delete the instance and recreate it in a semi un-compromised state which was an acceptable solution for the business for uptime... until we we're DDOS'ed for 5 days straight.

My hands were tied and there was no way to mitigate it except for stopping individual sites as they came under attack and starting them after it subsided... (for some reason they seemed to be targeting by domain instead of ip). After 3 days of doing this manually I was given the go ahead to use any resources necessary to make it stop and especially since it was IIS6 I had no fucking clue where to start.

So I stuck to what I knew and deployed a $5 vm running an Nginx reverse proxy with heavy caching and rate limiting linked to a custom fail2ban plugin in in front of the insecure server. The attacks died instantly, the server sped up 10x and was never compromised by bots again (presumably since they got back a linux user agent). To this day I marvel at this miracle $5 fix.

!!oracle

I'm trying to install a minecraft modpack to play with a friend, and I'm super psyced about it. According to the modpack instructions, the first step is to download the java8 jre. Not sure if I actually need it or not, but it can download while I'm doing everything else, so I dutifully go to the download page and find the appropriate version. The download link does point to the file, but redirects to a login page instead. Apparently I need an oracle account to download anything on their site. stupid.

So I make an account. It requires my life story, or at least full name and address and phone number. stupid. So my name is now "fuck off" and I live in Hell, Michigan. My email is also "gofuckyourself" because I'm feeling spiteful. Also, for some reason every character takes about 3/4ths of a second to type, so it's very slow going. Passwords also cannot contain spaces, which makes me think they're doing some stupid "security" shenanigans like custom reversible encryption with some 5th grade math. or they're just stupid. Whatever, I make the stupid account.

Afterwards, I try to log in, but apparently my browser-saved credentials are wrong? I try a few more times, try enabling all of the javascripts, etc. No beans. Okay, maybe I can't use it until I verify the email? That actually makes some sense. Fine, I go check the throwaway inbox. No verification email. It's been like five minutes, but it's oracle so they probably just failed at it like everything else, so I try to have them resend the email. I find the resend link, and try it. Every time I enter my email address, though, it either gives me a validation error or a server error. I try a few mores times, and give up. I try to log in again; no dice. Giving up, I go do something else for awhile.

On a whim later, I check for the verification email again. Apparently it just takes bloody forever, but it did show up. Except instead of the first name "Fuck" I entered, I'm now "Andrew", apparently. okay.... whatever. I click the verify button anyway, and to my surprise it actually works, and says that I'm now allowed to use my account. Yay!

So, I go back to the login page (from the download link) and enter my credentials. A new error appears! I cannot use redirects, apparently, and "must type in the page address I want to visit manually." huh? okay, i go to the page directly, and see the same bloody error because of course i do because oracle fucking sucks. So I close the page, go back to the download list, click the link, wait for the login page redirect (which is so totally not allowed, apparently, except it works and manual navigation does not. yay backwards!), and try to log in.

Instead of being presented with an error because of the redirect, it lets me (try to) log in. But despite using prefilled creds (and also copy/pasting), it tells me they're invalid. I open a new tab container, clear the cache (just to be thorough), and repeat the above steps. This time it redirects me to a single signon server page (their concept of oauth), and presents me with a system error telling me to contact "the Administrator." -.- Any second attempts, refreshes, etc. just display the same error.

Further attempts to log in from the download page fail with the same invalid credentials error as before.

Fucking oracle and their reverse Midas touch.

TLDR: Small family owned finance business woes as the “you-do-everything-now” network/sysadmin intern

Friday my boss, who is currently traveling in Vegas (hmmm), sends me an email asking me to punch a hole in our firewall so he can access our locally hosted Jira server that we use for time logging/task management.

Because of our lack of proper documentation I have to refer to my half completed network map and rely on some acrobatic cable tracing to discover that we use a SonicWall physical firewall. I then realize asking around that I don’t have access to the management interface because no one knows the password.

Using some lucky guesses and documentation I discover on a file share from four years ago, I piece together the username and password to log in only to discover that the enterprise support subscription is two years expired. The pretty and useful interface that I’m expecting has been deactivated and instead of a nice overview of firewall access rules the only thing I can access is an arcane table of network rules using abbreviated notation and five year old custom made objects representing our internal network.

An hour and a half later I have a solid understanding of SonicWallOS, its firewall rules, and our particular configuration and I’m able to direct external traffic from the right port to our internal server running Jira. I even configure a HIDS on the Jira server and throw up an iptables firewall quickly since the machine is now connected to the outside world.

After seeing how many access rules our firewall has, as a precaution I decide to run a quick nmap scan to see what our network looks like to an attacker.

The output doesn’t stop scrolling for a minute. Final count we have 38 ports wide open with a GOLDMINE of information from every web, DNS, and public server flooding my terminal. Our local domain controller has ports directly connected to the Internet. Several un-updated Windows Server 2008 machines with confidential business information have IIS 7.0 running connected directly to the internet (versions with confirmed remote code execution vulnerabilities). I’ve got my work cut out for me.

It looks like someone’s idea of allowing remote access to the office at some point was “port forward everything” instead of setting up a VPN. I learn the owners close personal friend did all their IT until 4 years ago, when the professional documentation stops. He retired and they’ve only invested in low cost students (like me!) to fill the gap. Some kid who port forwarded his home router for League at some point was like “let’s do that with production servers!”

At this point my boss emails me to see what I’ve done. I spit him back a link to use our Jira server. He sends me a reply “You haven’t logged any work in Jira, what have you been doing?”

Facepalm.

Last week my company thought it would be a great idea to introduce a new sh*tty internal web portal that gives federated access to aws (instead of using our own accounts to assume dev roles like we used to do).

This broke a lot of sh*t that simply used to ask for an MFA token and used our practically permissionless accounts to assume a proper dev role. An MFA token that we'd enter directly into the terminal/tool. It was very seamless. But nooooooo we now have to go a webpage, login with sso (which also requires mfa), click "generate credentials," copy-paste those into terminal/creds file and _then_ continue our aws cli call. Every. Single. Day.

BUT TODAY I HAD ENOUGH.

I spent the entire day rewriting the auth part of our tools so they would basically read the cookie that's set by the web portal, and use it to call the internal api that generates the credentials, and just automatically save those. Now all we need to do is log into the portal, then return to the tool and voilà, the tool's also got access! Sure, it's not as passive as just entering an MFA token directly, but it's as passive as it gets. Still annoyed by this sh*tty and unnecessary portal, but I learned a thing or two about cookies.

Life Before the Computer

An application was for employment
A program was a TV show
A cursor used profanity
A keyboard was a piano!

Memory was something that you lost with age
A CD was a bank account
And if you had a 3-inch floppy
You hoped nobody found out!

Compress was something you did to garbage
Not something you did to a file
And if you unzipped anything in public
You'd be in jail for awhile!

Log on was adding wood to a fire
Hard drive was a long trip on the road
A mouse pad was where a mouse lived
And a backup happened to your commode!

Cut - you did with a pocket knife
Paste you did with glue
A web was a spider's home
And a virus was the flu!

I guess I'll stick to my pad and paper
And the memory in my head
I hear nobody's been killed in a computer crash
But when it happens they wish they were dead!

Am I the only one who create a function to save the logs?

All of my friends say that is useless 😞

Open notepad and type:

.LOG

then save as a text file.

I watched today one of our devs working in Windows with a Docker Environment.

I think I'm pretty insensitive regarding pain, horror and morbid stuff.

But damn. I really needed to turn off the stream or else I'd walk to the company and rip his fucking workstation out of the server rack to put it out of his misery...

Errors? ignore them....

Weird python messages? Ignore them...

wild copy pasta between notepad++ containing shell commands and a git bash... Per mouse context. Yes. Move the cursor, mark the text, right click, copy, go to terminal, right click, paste.

Understanding of whats happening. Zero. Like literal zero.

He was wondering why there were strange characters when he pasted log output in a text file...

My question: How do you think colored text works in a terminal environment?
was answered by : "Don't know, never thought about it. But don't think this has something to do with the weird characters?"

I don't wanna talk about the rest.

Retarded humanity can please kindly kill itself so the intelligent above average nice people can live in peace...

The meeting was 2 hours. I drank 5 bottles of beer after it in1 hour and I'm please to announce I'm forgetting large parts of what has happened.

Cheers.

Recently wrote a script that would check 2 years worth of images, crop them, and resize to different sizes as changes to front end required those.

Eventually the script went into an infinite loop and crashed the whole CMS.
The worst part was that my manager was on a date and I had to call him back into office, since his laptop was still at the office.

The actual problem wasn't the loop.. I forgot to check if file actually exists before cropping... Error log size was 10gb!

And this, ladies and gentlemen, is why you need properly tested backups!

TL;DR: user blocked on old gitlab instance cascade deleted all projects the user was set as owner.

So, at my customer, collegue "j" reviews gitlab users and groups, notices an user who left the organisation
"j" : ill block this user
> "j" blocks user
> minutes pass away, working, minding our own business
> a wild team devops leader "k" appears
k: where are all the git projects?
> waitwut?.jpg
> k: yeah all git projects where user was owner of, are deleted
> j.feeling.despair() ; me.feeling.despair();
> checks logs on server, notices it cascade deletes all projects to that user
> lmgt log line
> is a bugreport reported 3(!) years ago
> gitlab hasnt been updated since 3 years
> gitlab system owner is not present, backup contact doesnt know shit about it
> i investigate further, no daily backup cron tasks, no backup has been made whatsoever.
> only 'backups' are on file system level, trying to restore those
> gitlab requires restore of postgres db
> backup does not contain postgres since the backup product does not support that (wtf???)
> fubar.scene
> filesystem restore finished...
> backup product did not back up all files from git tree, like none of refs were stored since the product cannot handle such filenames .. Git repo's completely broken

Fuck my life

My coworker doesn't know how to use a terminal. He talked himself into his position and instead of taking the time to learn about the basic commands he keeps asking someone else (including the teammanager, who's actually a software engineer) to do things for him.
For reference; we need the terminal to tail log files, keep track of processes, cron jobs, manipulate file structures, use scp (I use sshfs) to move things between other workstations and servers etc. Being able to use a terminal is one of the basic requirements for our job.

What.
Why.
How.

Why do people do this?

What features would you want in a logger?

Here's what I'm planning so far:
- Tagged entries for easy scanning of log file
- Support for indenting to group similar sequential entries
- Multiple entry types (normal, info, event, warning, error, fatal, debug, verbose)
- Meta entries, so the logger logging about itself, e.g. disk i/o failures.
- Ability to add custom entry types, including tag, log-level, etc.
- Customizable timestamp function
- Support for JS's async nature -- this equates to passing a unique key per 'thread'; the logger will re-write all the parent blocks for context, if necessary. if that sounds confusing, it's okay; just trust that it makes sense.
- Caching, retries, etc. in the event of disk i/o issues.
- Support for custom writers, allowing you to e.g. write logs to an API rather than console or disk.

How about these features?
- Multiple (named) logs with separate writers (console, disk, etc.)
- Ability to individually enable/disable writing of specific entry types. (want verbose but not info? sure thing, weirdo!)
- Multiple writers per log. Combined with the above, this would allow you to write specific entry types (e.g. error, warning, fatal) to stderr instead of stdout, or to different apis.
- Ability to write the same log entry to multiple logs simultaneously

What do you think of these features?
What other features would you want?
I'm open to suggestions!

> tries opening a 2gb log file with notepad ++
> notepad reee: file too big
> pu*** a** b****

Please explain it to me again why you need more space for your 200 mb database that has a 500 gb log file.

- Back in October 2019 -

- Me: Hey, these two servers are having weird problems. Several services we use stop functioning every 7-10 days. I can temporarily fix them by taking them off the domain and putting them back on, but I don’t know why they’re happening or what further damage this workaround causes.
- Boss: Thats not good. Well. Keep doing the fix when it’s needed.
- Me: We should really reach out to someone at Microsoft through our support plan. I have no idea how to fix any of this and it’s making our Hyper-V environment very unstable.
- Boss: K. Let’s not worry about that now, let’s just keep working around it.

- In January 2020 -

- Me: Hey boss. More and more errors are generating from these servers. I’ve created a log of everything Ive found to hand off to a support agent. We really need to.
- Boss: Okay. Let’s talk to our internal team that uses Hyper-V and see what they did since they don’t have any problems.
- Me: Its not Hyper-V specific. It’s stemming from AD and authentication. It causes problems even without Hyper-V installed, so I don’t think it will help.
- Boss: K. Let’s just do what we can with what we got.

- Today, May 2020 -

- Me: Hey. The servers no longer work at all, and the workaround has no effect anymore. I’m completely stalled on my project now and have nothing to do.
- Boss: What?? What happened to them?
- Me: *Sends 17 page PDF file documenting all found issues, errors, warnings, and weird anomalies in both servers, as well as troubleshooting steps I’ve already performed*
- Boss: None of this makes any sense. I need you to start troubleshooting right away.
- Me: But... I can’t... *Sends screenshots of errors having no search results on the web, screenshots of Microsoft Support Techs on forums telling me we need to open tickets with Microsoft directly, other reasons why I’m completely blocked*
- Boss: Keep trying to figure it out. We need this resolved as soon as possible and we can’t let it happen again in the future.

Now I’m completely alone in our office, bitterly staring at the servers, trying to force an epiphany on how to fix these dumb boxes.

I previously worked as a Linux/unix sysadmin. There was one app team owning like 4 servers accessible in a very speciffic way.
* logon to main jumpbox
* ssh to elevated-privileges jumpbox
* logon to regional jumpbox using custom-made ssh alternative [call it fkup]
* try to fkup to the app server to confirm that fkup daemon is dead
* logon to server's mgmt node [aix frame]
* ssh to server directly to find confirm sshd is dead too
* access server's console
* place root pswd request in passwords vault, chase 2 mangers via phone for approvals [to login to the vault, find my request and aprove it]
* use root pw to login to server's console, bounce sshd and fkupd
* logout from the console
* fkup into the server to get shell.

That's not the worst part... Aix'es are stable enough to run for years w/o needing any maintenance, do all this complexity could be bearable.

However, the app team used to log a change request asking to copy a new pdf file into that server every week and drop it to app directory, chown it to app user. Why can't they do that themselves you ask? Bcuz they 'only need this pdf to get there, that's all, and we're not wasting our time to raise access requests and chase for approvals just for a pdf...'

oh, and all these steps must be repeated each time a sysadmin tties to implement the change request as all the movements and decisions must be logged and justified.

Each server access takes roughly half an hour. 4 servers -> 2hrs.

So yeah.. Surely getting your accesses sorted out once is so much more time consuming and less efficient than logging a change request for sysadmins every week and wasting 2 frickin hours of my time to just copy a simple pdf for you.. Not to mention that threr's only a small team of sysadmins maintaining tens of thousands of servers and every minute we have we spend working. Lunch time takes 10-15 minutes or so.. Almost no time for coffee or restroom. And these guys are saying sparing a few hours to get their own accesses is 'a waste of their time'...

That was the time I discovered skrillex.

tl;dr:
The Debian 10 live disc and installer say: Heavens me, just look at the time! I’m late for my <segmentation fault

—————

tl:
The Debian 10 live cd and its new “calamares” installer are both complete crap. I’ve never had any issues with installing Debian prior to this, save with getting WiFi to work (as expected). But this version? Ugh. Here are the things I’ve run into:

Unknown root password; easy enough to get around as there is no user password; still annoying after the 10th time.

Also, the login screen doesn’t work off-disc because it won’t accept a blank password, so don’t idle or you’ll get locked out.

The lock screen is overzealous and hard-locks the computer after awhile; not even the magic kernel keys work!

The live disc doesn’t have many standard utilities, or a graphical partition editor. Thankfully I’m comfortable with fdisk.

The graphical installer (calamares) randomly segfaults, even from innocuous things like clicking [change partition] when you don’t have a partition selected. Derp.

It also randomly segfaults while writing partitions to disk — usually on the second partition.

It strangely seems less likely to segfault if the partitions are already there, even if it needs to “reformat” (recreate) them.

It also defaults to using MBR instead of GPT for the partition table, despite the tooltip telling you that MBR is deprecated and limited, and that GPT is recommended for new systems. You cannot change this without doing the partitions manually.

If you do the partitions manually and it can’t figure out where to install things, it just crashes. This is great because you can’t tell it where to install things, and specifying mount points like /boot, /, and /home don’t seem to be enough.

It also tries installing 32bit grub instead of 64bit, causing the grub installer to fail.

If you tell it to install grub on /boot, it complains when that partition isn’t encrypted — fair — but if you tell it to encrypt /boot like it wants you to, it then tries installing grub on the encrypted partition it just created, apparently without decrypting it, so that obviously fails — specific error: cannot read file system.

On the rare chance that everything else goes correctly, the install process can still segfault.

The log does include entries for errors, but doesn’t include an error message. Literally: “ERROR: Installation failed:” and the log ends. Helpful!

If the installer doesn’t segfault and the install process manages to complete, the resulting install might not even boot, even when installed without any drive encryption. Why? My guess is it never bothered to install Grub, or put it in the wrong place, or didn’t mark it as bootable, or who knows what.

Even when using the live disc that includes non-free firmware (including Ath9k) it still cannot detect my wlan card (that uses Ath9k).

I’ve attempted to install thirty plus times now, and only managed to get a working install once — where I neglected to include the Ath9k firmware.

I’m now trying the cli-only installer option instead of the live session; it seems to behave at least. I’m just terrified that the resulting install will be just as unstable as the live session.

All of this to copy the contents of my encrypted disks over so I can use them on a different system. =/

I haven’t decided which I’m going with next, but likely Arch, Void, or Gentoo. I’d go with Qubes if I had more time to experiment.

But in all seriousness, the Debian devs need some serious help. I would be embarrassed if I released this quality of hot garbage.

(This same system ran both Debian 8 and 9 flawlessly for years)

I call this one the tester than knew too much.

Note: The server the tester is running on has a hard drive that is breaking down...

Tester: Remember the error I talked to you about yesterday?

Me: Yeah, what about it?

Tester: Well the server hasn't recovered yet and I haven't restarted anything...

Me: Well the application itself hasn't crashed so our monitoring application doesn't seem to notice that the service is in a bad state. The error seems only to have brought down certain threads within the application.

Tester: No, I think there is a different issue here and has nothing to do with that error, the application is still doing things.
*tails the log*
Tester: See?

Me: As I said some things are still running and are unaffected by the error.

Tester: NO! It has to be caused by the other error I had a week ago where my file got corrupted. As we said I removed the file, restarted it and it worked again, but had the same problem a day later...

Note: The problem is not related, this time the application is running out of file descriptors

Me: Well... If the problem is the same it would have complained about the file descriptors then aswell, not an I/O error.

Tester: Nope, I think you are wrong!

Me: ¯\_(ツ)_/¯

FML

Java dev here. I rewrote an app and replaced a system call to ssh with a modern jaxrs post for uploading a file and (new) some additional data.
I even used a stream.

1 hour in production, first client doesn't get his file. Log says OutOfMemoryError: heap.

Me: wtf? I already use streams.
Looking at the Jersey library. Docs say nothing. An issue from 2013 says: oh if you silly don't use the Apache httpclient addon, we disable chunking and buffer the whole body, because our tests fail with the jdk included http client otherwise.

Me: meh.

No warning in the logs. Thank you soooooo much! Who could have known?

The MS Teams SDK is bullshit. It's so half baked and comes with instructions like "you'll probably want a better implementation for production, good luck cause you'll have to write it yourself."

Oh and don't forget to cache your installations in a file called "notifications.json"

Deploying will create 2 app registrations (OIDC) and about 6 resources in Azure... But "you'll probably want to log to app insights in production"... So I hope you're very familiar with Bicep cause you'll have to figure out how to add that to your template properly and there are about 7 Bicep files to decipher and it doesn't create an app insights out of the box.

Probably written by an intern.

Setup git push notifications (to each of their own channels), together with automatic deployment via webhook, though I'll add notifications to that too, as it currently doesn't have any besides the log file.

Gitea really has been a blast for me to finally get all things git - done, maybe because it is just so lightweight.

Want to make someone's life a misery? Here's how.

Don't base your tech stack on any prior knowledge or what's relevant to the problem.

Instead design it around all the latest trends and badges you want to put on your resume because they're frequent key words on job postings.

Once your data goes in, you'll never get it out again. At best you'll be teased with little crumbs of data but never the whole.

I know, here's a genius idea, instead of putting data into a normal data base then using a cache, lets put it all into the cache and by the way it's a volatile cache.

Here's an idea. For something as simple as a single log lets make it use a queue that goes into a queue that goes into another queue that goes into another queue all of which are black boxes. No rhyme of reason, queues are all the rage.

Have you tried: Lets use a new fangled tangle, trust me it's safe, INSERT BIG NAME HERE uses it.

Finally it all gets flushed down into this subterranean cunt of a sewerage system and good luck getting it all out again. It's like hell except it's all shitty instead of all fiery.

All I want is to export one table, a simple log table with a few GB to CSV or heck whatever generic format it supports, that's it.

So I run the export table to file command and off it goes only less than a minute later for timeout commands to start piling up until it aborts. WTF. So then I set the most obvious timeout setting in the client, no change, then another timeout setting on the client, no change, then i try to put it in the client configuration file, no change, then I set the timeout on the export query, no change, then finally I bump the timeouts in the server config, no change, then I find someone has downloaded it from both tucows and apt, but they're using the tucows version so its real config is in /dev/database.xml (don't even ask). I increase that from seconds to a minute, it's still timing out after a minute.

In the end I have to make my own and this involves working out how to parse non-standard binary formatted data structures. It's the umpteenth time I have had to do this.

These aren't some no name solutions and it really terrifies me. All this is doing is taking some access logs, store them in one place then index by timestamp. These things are all meant to be blazing fast but grep is often faster. How the hell is such a trivial thing turned into a series of one nightmare after another? Things that should take a few minutes take days of screwing around. I don't have access logs any more because I can't access them anymore.

The terror of this isn't that it's so awful, it's that all the little kiddies doing all this jazz for the first time and using all these shit wipe buzzword driven approaches have no fucking clue it's not meant to be this difficult. I'm replacing entire tens of thousands to million line enterprise systems with a few hundred lines of code that's faster, more reliable and better in virtually every measurable way time and time again.

This is constant. It's not one offender, it's not one project, it's not one company, it's not one developer, it's the industry standard. It's all over open source software and all over dev shops. Everything is exponentially becoming more bloated and difficult than it needs to be. I'm seeing people pull up a hundred cloud instances for things that'll be happy at home with a few minutes to a week's optimisation efforts. Queries that are N*N and only take a few minutes to turn to LOG(N) but instead people renting out a fucking off huge ass SQL cluster instead that not only costs gobs of money but takes a ton of time maintaining and configuring which isn't going to be done right either.

I think most people are bullshitting when they say they have impostor syndrome but when the trend in technology is to make every fucking little trivial thing a thousand times more complex than it has to be I can see how they'd feel that way. There's so bloody much you need to do that you don't need to do these days that you either can't get anything done right or the smallest thing takes an age.

I have no idea why some people put up with some of these appliances. If you bought a dish washer that made washing dishes even harder than it was before you'd return it to the store.

Every time I see the terms enterprise, fast, big data, scalable, cloud or anything of the like I bang my head on the table. One of these days I'm going to lose my fucking tits.

I use a library and it gives me some strange error message. No problemo, just file an issue on GitHub asking the maintainer if I'm plain stupid or the lib actually has a flaw. As it was a question, I have not posted a dump and all the shit.
Maintainer responds with a snarky comment about his crystal ball being broken and I have to submit a log, a dump, debug information and a bunch of other stuff.
Well, what choice do I have, I collect all the requested information, create a wall of text comment, all nicely formatted.
And the issue ends here. Myths say, the maintainer got asked to join Elvis on Mars.

I mean, why do you ask all the shit from me in a unprofessional manner just to stop answering? Just say "I have no clue why it behaves like this" and I know whats playin. But that's just ... sad.

In fact I'm a sinful dev, so that I can't easily decide which one is worst. From indenting with tabs, or using nano instead of vim/emacs, to hardcoding database credentials on server, to many hacks and workarounds I use as actual "fixes" when the deadline is upon me and I've tried all I could. But it always led only to my own regret. For instance, my latest sin was that I prefered Debian over Arch and used proprietary graphic drivers to speed up my new setup. But ended up with a curse from St. Ignucius. (check my last rant)

But my worst sin probably goes to when I was "printf-debugging" some issue for a GSM controller on a raspberry pi. I forgot to remove one little print line and deployed the new "fixed" version. I didn't follow that project after that for like a month or so, when the client posted back the device and said that "it just doesn't work anymore". It seemed that raspbian didn't boot beacause the sd card was curroptted. I dd'ed through the card and I noticed that there are billions of lines of "DEBUG:: reading stream from 192.some.shitty.ip", took almost all over the 32G sdcard. Just as I suddenly remembered the cursed line I just added a month ago, I declared the sd card dead with no hesitation, dunce-commented the line (so the history would remember), implemented a time out for the thread containing it, setup a journald unit for my service and removed the redirection of process output to a log file, found a new sd card and installed everything again, and finally posted back the new "fix" to the client.

Moral: Never comfort yourself for the sins you have commited in the past kids, they certainly will come back to you. And also not to do any io especially write to a file on an SD card with ext fs, in a potentially infinite loop with no timeout.

P.S: I'd posted my last rant just before the new week rant last nigh. I really liked the St. Ignucius meme so decided to create a new one. He's very adorable :)

After you automate away task into a tool or program, do you tell your boss or keep it to yourself so they remain amazed at your efficiency and productivity?

And for data analysis ones, that you have godly data processing skills as you can somehow read a 1,000,000 line log file and find the root cause and other insights in an hour or minutes?

Oh boy, this is gonna be good:

TL;DR: Digital bailiffs are vulnerable as fuck

So, apparently some debt has come back haunting me, it's a somewhat hefty clai and for the average employee this means a lot, it means a lot to me as well but currently things are looking better so i can pay it jsut like that. However, and this is where it's gonna get good:

The Bailiff sent their first contact by mail, on my company address instead of my personal one (its's important since the debt is on a personal record, not company's) but okay, whatever. So they send me a copy of their court appeal, claiming that "according to our data, you are debtor of this debt". with a URL to their portal with a USERNAME and a PASSWORD in cleartext to the message.
Okay, i thought we were passed sending creds in plaintext to people and use tokenized URL's for initiating a login (siilar to email verification links) but okay! Let's pretend we're a dumbfuck average joe sweating already from the bailiff claims and sweating already by attempting to use the computer for something useful instead of just social media junk, vidya and porn.

So i click on the link (of course with noscript and network graph enabled and general security precautions) and UHOH, already a first red flag: The link redirects to a plain http site with NOT username and password: But other fields called OGM and dossiernumer AND it requires you to fill in your age???
Filling in the received username and password obviously does not work and when inspecting the page... oh boy!

This is a clusterfuck of javascript files that do horrible things, i'm no expert in frontend but nothing from the homebrewn stuff i inspect seems to be proper coding... Okay... Anyways, we keep pretending we're dumbasses and let's move on.

I ask for the seemingly "new" credentials and i receive new credentials again, no tokenized URL. okay.

Now Once i log in i get a horrible looking screen still made in the 90's or early 2000's which just contains: the claimaint, a pie chart in big red for amount unpaid, a box which allows you to write an - i suspect unsanitized - text block input field and... NO DATA! The bailiff STILL cannot show what the documents are as evidence for the claim!

Now we stop being the pretending dumbassery and inspect what's going on: A 'customer portal' that does not redirect to a secure webpage, credentials in plaintext and not even working, and the portal seems to have various calls to various domains i hardly seem to think they can be associated with bailiff operations, but more marketing and such... The portal does not show any of the - required by law - data supporting the claim, and it contains nothing in the user interface showing as such.
The portal is being developed by some company claiming to be "specialized in bailiff software" and oh boy oh boy..they're fucked because...

The GDPR requirements.. .they comply to none of them. And there is no way to request support nor to file a complaint nor to request access to the actual data. No DPO, no dedicated email addresses, nothing.

But this is really the ham: The amount on their portal as claimed debt is completely different from the one they came for today, for the sae benefactor! In Belgium, this is considered illegal and is reason enough to completely make the claim void. the siple reason is that it's unjust for the debtor to assess which amount he has to pay, and obviously bailiffs want to make the people pay the highest amount.

So, i sent the bailiff a business proposal to hire me as an expert to tackle these issues and even sent him a commercial bonus of a reduction of my consultancy fees with the amount of the bailiff claim! Not being sneery or angry, but a polite constructive proposal (which will be entirely to my benefit)

So, basically what i want to say is, when life gives you lemons, use your brain and start making lemonade, and with the rest create fertilizer and whatnot and sent it to the lemonthrower, and make him drink it and tell to you it was "yummy yummy i got my own lemons in my tummy"

So, instead of ranting and being angry and such... i simply sent an email to the bailiff, pointing out various issues (the ones

Last Monday I bought an iPhone as a little music player, and just to see how iOS works or doesn't work.. which arguments against Apple are valid, which aren't etc. And at a price point of €60 for a secondhand SE I figured, why not. And needless to say I've jailbroken it shortly after.

Initially setting up the iPhone when coming from fairly unrestricted Android ended up being quite a chore. I just wanted to use this thing as a music player, so how would you do it..?

Well you first have to set up the phone, iCloud account and whatnot, yada yada... Asks for an email address and flat out rejects your email address if it's got "apple" in it, catch-all email servers be damned I guess. So I chose ishit at my domain instead, much better. Address information for billing.. just bullshit that, give it some nulls. Phone number.. well I guess I could just give it a secondary SIM card's number.

So now the phone has been set up, more or less. To get music on it was quite a maze solving experience in its own right. There's some stuff about it on the Debian and Arch Wikis but it's fairly outdated. From the iPhone itself you can install VLC and use its app directory, which I'll get back to later. Then from e.g. Safari, download any music file.. which it downloads to iCloud.. Think Different I guess. Go to your iCloud and pull it into the iPhone for real this time. Now you can share the file to your VLC app, at which point it initializes a database for that particular app.

The databases / app storage can be considered equivalent to the /data directories for applications in Android, minus /sdcard. There is little to no shared storage between apps, most stuff works through sharing from one app to another.

Now you can connect the iPhone to your computer and see a mount point for your pictures, and one for your documents. In that documents mount point, there are directories for each app, which you can just drag files into. For some reason the AFC protocol just hangs up when you try to delete files from your computer however... Think Different?

Anyway, the music has been put on it. Such features, what a nugget! It's less bad than I thought, but still pretty fucked up.

At that point I was fairly dejected and that didn't get better with an update from iOS 14.1 to iOS 14.3. Turns out that Apple in its nannying galore now turns down the volume to 50% every half an hour or so, "for hearing safety" and "EU regulations" that don't exist. Saying that I was fuming and wanting to smack this piece of shit into the wall would be an understatement. And even among the iSheep, I found very few people that thought this is fine. Though despite all that, there were still some. I have no idea what it would take to make those people finally reconsider.. maybe Tim Cook himself shoving an iPhone up their ass, or maybe they'd be honored that Tim Cook noticed them even then... But I digress.

And then, then it really started to take off because I finally ended up jailbreaking the thing. Many people think that it's only third-party apps, but that is far from true. It is equivalent to rooting, and you do get access to a Unix root account by doing it. The way you do it is usually a bootkit, which in a desktop's ring model would be a negative ring. The access level is extremely high.

So you can root it, great. What use is that in a locked down system where there's nothing available..? Aha, that's where the next thing comes in, 2 actually. Cydia has an OpenSSH server in it, and it just binds to port 22 and supports all of OpenSSH's known goodness. All of it, I'm using ed25519 keys and a CA to log into my phone! Fuck yea boi, what a nugget! This is better than Android even! And it doesn't end there.. there's a second thing it has up its sleeve. This thing has an apt package manager in it, which is easily equivalent to what Termux offers, at the system level! You can install not just common CLI applications, but even graphical apps from Cydia over the network!

Without a jailbreak, I would say that iOS is pretty fucking terrible and if you care about modding, you shouldn't use it. But jailbroken, fufu.. this thing trades many blows with Android in the modding scene. I've said it before, but what a nugget!

Internal mail form CIO's office:

"Thank you for being part of the internal trial for NPMe, we have decided to remove this tool in favour of Artifactory because of its support for multiple platforms and tools. We are sorry for the inconvenience, here is a link to migration scripts ..."

Migration "script" readme, please clone this repo, create file A, and B, and install these 2 dependencies.

Dependency 1:

- "install via homebrew ..."
- .... homebrew needs to update, checking for updates
- 10 mins later = Update failed, please upgrade to Ruby version 2.3
- Installs ruby version manager
- GPG signature verification failed
- Install GPG v2 + accept keys
- Install ruby version manager
- "please execute this command before running rvm"
- execute command
- "rvm install ruby-2.3"
- Install failed, please see log file
- Opens log file
- "Xcode on its own is not sufficient, please install xcode cli tools"
- Install xcode tools
- 5 minutes later -> "rvm install ruby-2.3"
- 10 minutes later "brew install jq"

Ok back to read me, "login to Artifactory, go here and copy paste XXX."

- Login to Artifactory
- Eventually find repo
- Login again to actually see credentials for some reason
- Screen doesn't match instructions in readme
- Click around
- Back to readme
- Back to artifactory
- Login again
- Execute command auth / setup command
- Copy contents to npmrc file .... now all my scoped packages are going to point to 1 specific repo

Fuck the migration, Fuck these shitty instructions, i'll set them all up again manually. See tags below for further opinions on this matter.

I don't pay much attention to my local file system when developing-- that's what my operating system and IDE are for. ...So I've thought, at least.

Today, my code didn't compile. I'd been noticing some pesky 'running out of memory' notifications, and mostly brushed them aside. I've spent the last hour deleting various log files and defragging the drive.

Ran Windows RAM diagnostic tools because I was too lazy to get my Linux USB-stick. Ran for 20 minutes, restarted - "There are hardware problems present."

NO SHIT. No info how many errors, no log file mentioned, no code or anything. Something happened. How retarded can a diagnostic tool be?

Guess laziness gets you punished immediately...

Long meeting with a coworker presenting a huge, complicated system to track changes to configuration files.

Basically, whenever someone needs to change a config file, this person is supposed to manually enter an entry to a changelog file, and the build system is supposed to give an error if the person forgets to update the changelog.

At the end of the 1 hour long presentation, I raise my hand and say: "we are already using git for our config files, look:

$ git log <filename>

here you can see the list of changes to the file. What you describe is already available, no need to reinvent it."

Long akward silence in the room.

The presenter: "okay, I will look into that. Any other questions?"

Haven't heard about that project since then.

Ahh.. there is nothing like the joyous feeling of writing a working piece of code for your own personal projects.

I spent several weeks and a few hours today to finally get my Python automation script working and I am very proud of myself.

Here's what it does:
* open a text file, extract a specific string from it using rather complicated xpath
* open another text file and do the same
* replace result 1 with result 2
* log results
* close file
* automate the process

Even though it looks easy, I had to mess around with a lot of problems such as permissions, indentation, stream writing, file status, etc.

Now, instead of having to manually do this job, I can just let my machine do it!

Git as a log file control

Beware: Here lies a cautionary tale about shared hosting, backups, and -goes without saying- WordPress.

1. Got a call from a client saying their site presented an issue with a third-party add-on. The vendor asked us to grant him access to our staging copy.

2. Their staging copy, apparently, never got duplicated correctly because, for security reasons, their in-house dev changed the name of the wp-content folder. That broke their staging algo. So no staging site.

3. In order to recreate the staging site, we had to reset everything back to WP defaults. Including, for some reason, absolute paths inside the database. A huge fucking database. Because WordPress.

4. Made the changes directly in a downloaded sql file. Shared hosting, obviously, had an upload limit smaller to the actual database.

5. Spent half an hour trying to upload table by table to no avail.

6. In-house uploads a new, fixed database with the help of the shared hosting provider.

7. Database has the wrong path. Again.

8. In-house performs massive Find and Replace through phpMyAdmin on the production server.

9. Obviously, MySQL crashes instantly and the site gets blocked for over 3 hours for exceeding shared hosting limits.

10. Hosting provider refuses to accept this was caused by such a stupid act and says site needs to be checked because queries are too slow.

11. We are gouging our eyeballs as we see an in-house vs. hosting fight unfold. So we decide to watch a whole Netflix documentary in between.

12. Finally, the hosting folds and enables access to the site, which is obvi not working because, you know, wrong paths.

13. Documentary finishes. We log in again, click restore from backup. Go to bed. Client phones to bless us. Client’s in-house dev probably looking for a cardboard box to pack his stuff first thing in the morning. \_(ツ)_/¯

When you realize that you have only couple of gigs left on your SSD and the culprit is 41 GB log file.

When company gave me a SSH I am a noob I have a filezilla what I do is delete all temp files and clear log files
Because the log file size goes 1gb After next day all are looking weird
Senior developer:wtf are you doing yesterday
Me: delete all the tmp files and log files 😂😂

I'm ashamed of it, but I want to share my tifu-story:
My colleague asked me if I could rename his windows user name because he married and changed his last name. I changed it in the Active Directory, but he got some problems when he wants to log on. On every startup his old name appears. Simpliest task. Let me google that.
Easy going, let me just change this registry entry. Reboot. Old behaviour. Okay, I changed some of the other entries. Reboot. Yeah, his new name appears. But wait a moment. Windows just nulled his entire user profile and deleted all the data. "oh, haha you have a backup, right?" - "no, I saved everything on the desktop, all my work is gone!"
But at the end, the boss was mad at HIM, because he doesn't used the file server or any backup system.

i am not a smart man

Talking to our helpdesk guy, our financial services controller emailed an 'emergency' restore from backups of 'missing' documents, stating they (the networking dept) violated company file retention policy and opened the company up to fines and other regulatory prosecution if we were audited. Once the files were restored, she wanted a system review of the policy to make sure this never happens again. She made sure she cc'ed VPs and other managers.

He found the files, they were moved one directory up and the log showed she had moved the directory earlier in the morning. He moved the files back and let her know.

Her response, "OK, Thanks" (funny, she didn't cc the VPs and other mgrs on the reply)

Glad I'm not the only one subject to end-user bat sht over-reaction craziness.

When I was in 11th class, my school got a new setup for the school PCs. Instead of just resetting them every time they are shut down (to a state in which it contained a virus, great) and having shared files on a network drive (where everyone could delete anything), they used iServ. Apparently many schools started using that around that time, I heard many bad things about it, not only from my school.
Since school is sh*t and I had nothing better to do in computer class (they never taught us anything new anyway), I experimented with it. My main target was the storage limit. Logins on the school PCs were made with domain accounts, which also logged you in with the iServ account, then the user folder was synchronised with the iServ server. The storage limit there was given as 200MB or something of that order. To have some dummy files, I downloaded every program from portableapps.com, that was an easy way to get a lot of data without much manual effort. Then I copied that folder, which was located on the desktop, and pasted it onto the desktop. Then I took all of that and duplicated it again. And again and again and again... I watched the amount increate, 170MB, 180, 190, 200, I got a mail saying that my storage is full, 210, 220, 230, ... It just kept filling up with absolutely zero consequences.
At some point I started using the web interface to copy the files, which had even more interesting side effects: Apparently, while the server was copying huge amounts of files to itself, nobody in the entire iServ system could log in, neither on the web interface, nor on the PCs. But I didn't notice that at first, I thought just my account was busy and of course I didn't expect it to be this badly programmed that a single copy operation could lock the entire system. I was told later, but at that point the headmaster had already called in someone from the actual police, because they thought I had hacked into whatever. He basically said "don't do again pls" and left again. In the meantime, a teacher had told me to delete the files until a certain date, but he locked my account way earlier so that I couldn't even do it.
Btw, I now own a Minecraft account of which I can never change the security questions or reset the password, because the mail address doesn't exist anymore and I have no more contact to the person who gave it to me. I got that account as a price because I made the best program in a project week about Java, which greatly showed how much the computer classes helped the students learn programming: Of the ~20 students, only one other person actually had a program at the end of the challenge and it was something like hello world. I had translated a TI Basic program for approximating fractions from decimal numbers to Java.
The big irony about sending the police to me as the 1337_h4x0r: A classmate actually tried to hack into the server. He even managed to make it send a mail from someone else's account, as far as I know. And he found a way to put a file into any account, which he shortly considered to use to put a shutdown command into autostart. But of course, I must be the great hacker.

So today was interesting.

I had to extract the domain from an email address and compare the domain to a hard coded whitelist, nothing difficult, fuck takes 2 min really.

Except the project starts throwing 500 errors for no god damn reason, like seriously, I double check syntax, nope looks fine, run pho's syntax checker on the file
# php -l /path/to/file.php

Nope says it's all good.
Checks error log on server -> no log

OoooooooooKay then.

Comments out the few lines, saves, errors gone.

remove comments, error comes back.

Do this a few times, and magically the fucking thing stops throwing errors, now I haven't actually changed anything, and I know this project is so fragile I don't know how it stays running at times but fuck me this is a painful joke.

my busineas user asked me today.

How and why do you read log file
Does it even help..?

So, the Network I was on was blocking every single VPN site that I could find so I could not download proton onto my computer without using some sketchy third-party site, so, being left with no options and a tiny phone data plan, I used the one possible remaining option, an online Android emulator. In the emulator running at like 180p I once again navigated to proton VPN, downloaded the windows version, and uploaded it to Firefox send. Opened send on my computer, downloaded the file, installed it, and realized my error, I need access to the VPN site to log in.

In a panic, I went to my phone ready to use what little was left of data plan for security, and was met with no signal indoors. Fuck. New plan. I found a Xfinity wifi thing, and although connecting to a public network freaked me out, I desided to go for it because fuck it. I selected the one hour free pass, logged in, and it said I already used it, what? When?, So I created a new account, logged in, logged into proton, and disconnected, and finally, I was safe.

Fuck the wifi provider for discouraging a right to a private internet and fuck the owner for allowing it. I realize how bad it was to enter my proton account over Xfinity wifi, but I was desperate and desperate times call for desperate means. I have now changed my password and have 2fa enabled.

I made a bash script for my website that anonymises the visitor IPs in the Awstats logs by replacing the last octet with 0. It can either process all logfiles except the one of the current month, or only the one of the previous month. The latter mode is how I put it in a cron job to be called on the first day of each month.

Everything worked flawlessly with test data, but on the server, some visitor IPs were not anonymised. I noticed that all of them were from the last day of the previous month. Looking at the time stamp of the logfile, it was indeed from the first of the current month, but not from 00:21 where my cron job runs - instead, it was modified around 14:30.

Then I realised that the Awstats engine seems to be configured to batch add the log entries once per day at 14:30 so that when my cron job ran, the visitor data from between 14:30 and 00:00 were not yet in the file!

Solution: batch process all previous logfiles once to clean them up, and schedule the cron job on the 2nd of each month at 00:21.

Pentesting for undisclosed company. Let's call them X as to not get us into trouble.
We are students and are doing our first pentest at an actual company instead of assignments at school. So we're very anxious. But today was a good day.
We found some servers with open ports so we checked a few of them out. I had a set of them with a bunch of open ports like ftp and... 8080. Time to check this out.
"please install flash player"... Security risk 1 found!

System seemed to be some monitoring system. Trying to log in using admin admin... Fucking works. Group loses it cause the company was being all high and mighty about being secure af. Other shit is pretty tight though.

Able to see logs, change password, add new superuser, do some searches for USERS_LOGGEDIN_TODAY! I shit you not, the system even had SUGGESTIONS for usernames to search for. One of which had something to do with sftp and auth keys. Unfortunatly every search gave a SQL syntax error. Used sniffing tools to maybe intercept message so we could do some queries of our own but nothing. Query is probably not issued from the local machine.

Tried to decompile the flash file but no luck. Only for some weird lines and a few function names I presume. But decompressing it and opening it in a text editor allowed me to see and search text. No GET or POST found. No SQL queries or name checks or anything we could think of.

That's all I could do for today. So we'll have to think of stuff for next week. We've already planned xss so maybe we can do that on this server as well.

We also found some older network printers with open telnet. Servers with a specific SQL variant with a potential exploit to execute terminal commands and some ftp and smb servers we need to check out next week.

Hella excited about this!

If you guys have any suggestions let us know. We are utter noobs when it comes to this.

Fuck XCode! -
Yesterday I had the stupid idea to rename an icon file. Checked that XCode was building the application still fine. Ran it over the build server: Failed, complaining about the old missing icon file! Checked again and again, but there was no friggin' reference to the old file in the whole repo.
Log in to the machine clear the build folder and try to build the component again. Bang still same error and the references to no longer existing files reappear.
Turns out XCode was caching those references somewhere in the home directory as "DerivedData" and after deleting those, I could build again... but why on earth are you building a cache if you cannot properly invalidate it? Just to waste our time?
(@xcodesucks)

Developer just emailed our team a complaint that our logging assembly was resulting in their poor test coverage and they sent a change request to give them the ability to mock the underlying log provider (ex. from the event log to ‘something else’).

Looked at their tests, and they are testing whether or not the .Log was executed (on an exception, if the .Log method was not executed, the test failed), which seemed a bit worthless because we’ve already got coverage in our unit tests.
We had a meeting to discuss the issue.
Me: “I’m OK with changing the logging code if it’s necessary, but I want to understand why.”
DevA: “Logging errors is crucial to the database transaction. If someone removes the logging, the tests should fail.”
Me: “If someone removes the error logging on purpose, then they likely have an agenda and will remove the test validation too. It wouldn’t be an accident.”
DevA: “That’s not my problem. They will have to deal with HR.”
Me: “We purposely prevented someone from intercepting the logging just for that purpose. Your test code already covers the business rule, testing the logging seems out of place. That would like writing a test to make sure the System.IO.File.ReadAllText actually reads all the text from a file. You kinda assume a few smart Microsoft engineers already wrote tests for that.”
DevA: “Yea, I guess that would be silly.”

Got cc’ed an email a little bit ago from DevA to his boss..
“We’re not going to be able to change logging assembly. This may have some impact on our overall test coverage as those lines of code will not get testing coverage. You will have to let the DevMgr know we will not meet our test coverage goals.”

WTF!

I figured out why FS2020 crashed all the time.

One day when I was just casually playing FS2020, I bluescreened with a watchdog violation. For some reason this corrupted a DLL which was part of my graphics driver which is not required for the output to come out of course. The DLL is “atidxx64.dll”.

Somehow, this went unnoticed.

After digging into the extremely well-hidden crash log I found out that it accuses this DLL file, dug up on it and I saw that it is made by AMD.

Reinstalled the drivers and now it works fine.

FUCK MY LIFE I REDOWNLOADED THIS 95GB SIMULATOR 4 TIMES BEFORE DIVING INTO THIS

Existing code:
Logger class would block the caller, lock a mutex, call CreateFile(), write a single line to the file, unlock the mutex and return.

Improvement:
Added two logging queues and created a thread that will periodically lock one queue and write it to the disk, around 500 entries at a time, while new entries are being inserted into the other queue. Kinda like a bed pan or urine bottle. While emptying one bottle, the logs go into the other one. Added fatal exception handlers so that the log queues are dumped when the application is crashing. When the exception handler is triggered, logging method does not return so that the application STOPS working to make sure there are no "not logged" activities.

Today I had to restart a VM that should contain only an apache server, after a period of time some clients complained that there a functionality in the system is not working. I checked the code and I found that this functionality is depends on local server in deferent port, so I back to VM log and found there was a node server was working on this port.
Every thing was fine till now, I check folders but there is no FUCKIN js files for node server.
After hours of searching I found 5 files in the public/assets/dist/js path that named with the same functionality name and a number 1 to 4 and the 5th one is a TEST.js. After checking all files I discovered that the server file is the TEST.js !!!!! seriously WTF ...

My boss keeps looking into the system log file and being scared of some totally irrelevant messages (for him). Time to introduce permissions in the control panel...

Yesterday was a horrible day...
First of all, as we are short of few devs, I was assigned production bugs... Few applications from mobile app were getting fucked up. All fields in db were empty, no customer name, email, mobile number, etc.
I started investigating, took dump from db, analyzed the created_at time stamps. Installed app, tried to reproduce bug, everything worked. Tried API calls from postman, again worked. There were no error emails too.
So I asked for server access logs, devops took 4 hrs just to give me the log. Went through 4 million lines and found 500 errors on mobile apis. Went to the file, no error handling in place.
So I have a bug to fix which occurs 1 in 100 case, no stack trace, no idea what is failing. Fuck my job.

Me: Ok I've updated the docs, I'll open a PR with the changes

Maintainer: Looks great! Can you remove the changes to the package-lock.json? (I assume it got updated when you ran npm install to start the webserver)

Me: Ok sure, I'll update it soon

And this is where the troubles begin. The file was commited 2 commits ago, so I have to roll back to then. However, the remote repository has been updated since then, so I git fetch to keep up to date.

This makes the rollback a hell of a lot harder, so I run git log to see the history. I try a reset, but I went back to the wrong commit, and now a shit ton of files are out of sync.

I frantically google 'reset a git reset', and come across the reflog command. Running that fucks things up even worse, and now so much shit is out of sync that even git seems confused.

I try to fix the mess I've created, and so I git pull from my forked repo to get myself back to where I was. Git starts screaming at me about out of sync files, so I try to find a way to overwrite local changes from the origin.

And by this point, the only way to describe what the local repo looks like is a dumpster fire clusterfuck that was involved in a train wreck

I resolved the mess by just deleting the local copy and git cloning again from my fork.

I gotta learn how to use Git better

So I set up a raspberry pi to control my bedroom lights last year. I decided I wanted to add some more features to it and for the first time since I created it, started looking through the code I wrote.

First thing I noticed was the excessive amount of files I have. Like I get that I just wanted to throw this thing together as quick as I could but did I really need to create a file specifically for storing a 1 or 0 depending if the lights were last turned on or off for a startup check.

Secondly, I seem to have 2 index.html files for some reason.

And finally, the code itself is pure spaghetti. The website is running with a python script, which sends calls to a nodejs server, which executes additional python scripts to control the lights. No comments anywhere, and badly named variables are also a great combo.

And finally there is the occasional "Why the fuck isn't it working, fuck it I'll just unplug the pi and reboot it" that I have been dealing with lately.

Oh and don't forget that the log file is spammed by a debug message that is printed every minute.

God I feel so ashamed. I was proud of this until I looked at it just now.

I remember someday from a few years ago, because i just got off the phone with a customer calling me way too early! (meaning i still was in my pyjamas)

C:"Hey NNP, why si that software not available (He refers to fail2ban on his server)
Me: "It's there" (shows him terminal output)
C: " But i cannot invoke it, there is no fail2ban command! you're lieing"
Me: "well, try that sudoers command i gave you (basically it just tails all the possible log files in /var/log ) , do you see that last part with fail2ban on it?
C: "Yeah, but there is only a file descriptor! nothing is showing! It doesnt do anything.
Me: "That's actually good, it means that fail2ban does not detect any anomalies so it does not need to log it"
C:" How can you be sure!?"
Me: "Shut up and trust me, i am ROOT"

(Fail2ban is a software service that checks log files like your webserver or SSH to detect floods or brute force attempts, you set it up by defining some "jails" that monitor the things you wish to watch out for. A sane SSH jail is to listen to incoming connection attempts and after 5 or 10 attempts you block that user's IP address on firewall level. It uses IPtables. Can be used for several other web services like webservers to detect and act upon flooding attempts. It uses the logfiles of those services to analyze them and to take the appropriate action. One those jails are defined and the service is up, you should see as little log as possible for fail2ban.)

When you are creating a tool for a direct client that has no idea about development. She asks you to develop a tool to open a log file and format in a specific way inside Excel.

Ok, this is simple. In about 4 hours I can do that. After delivery and the client has tested, they answer: "Oh, it's working fine. You just forgot to include Y".

Of course Y were not in the initial scope. They supposed it was as it would makes sense to them, but at first they just asked a tool open a log. Ok, not a problem, I will implement it.

Weeks after implementation they answered it was not working with another specific file format (from a not industry default tool), but they have this client and my code should work with it too.

Ok, let's implement that. I had to change some functions and with some extra hours I could make it work. Once more, after delivery, they said the tool has to use a specific formatting for this file extension, that was not only different to the others, but I had to rewrite the entire code to make it work.

At least they paid me some extra hours...

I hate it when people ask for help, but then they don't stop and listen to what you are saying to help them. They just continue trying stuff on their own.

Through skype chat today I asked a coworker what the log said and provided the exact location of the log file. After he keeps sending me messages for 10 minutes on different things he is trying and changing, I ask him to just send me the log file and I'll look at it. His response was, I don't know where the log file is for this program.

This literally happened in my current team, and I'm not even an experienced dev yet.
Incident happened like this :
Our team is working on a RCP based on eclipse plugins, which has a headless mode and a GUI mode. Now, in the GUI mode, my manager cum architect thought there are no need of user log files (long story) because the user can see the info on screen, whereas in the headless mode, she wanted me to print the logs onto the console and a log file as well.
Now it just so happened that our team had got a recent addition as a replacement to our lead developer (she left the company) who claimed she had 3 years of expertise and a masters degree, and she was assigned a task. The task was to format a custom file we were generating out of the product (basically dumping info in a file) in a human-readable format. Miss new-addition-masters-degree decided it would be a very good idea to redirect the standard java output stream to a file output stream ( which she used for generating the formatted file ) but somehow never realized that she needed to reset the output stream back to standard output.
Consequences were devastating. I wrote the logic for the logger ( yes, apparently any available logging mechanism won't do it, again, long story ) and had it printing to a file in tmp directory. The logs seemed to be working fine initially but after a few logs, specifically from the point where the formatter started working, all the logs got printed in the formatted file. And this file was supposed to be used by our clients to develop something on top of it. Naturally, I got the heat of it and then naturally, worried and nervous and curious and in a frenzied state of mind, I started debugging.
When I got to the actual fault, I seriously could not decide whether to cry or laugh or call up miss masters and scream at her. I decided to ask her about what the hell she had written and her answer was most of it was written by the developer she replaced, so she didn't know it would cause this much problem. Anyway, I fixed the leak after that and averted the catastrophe.
And that, fellow devs, is the story of how I solved a crisis in my first year at corporate.

I like my log messages to indicate automatically where in the code something happened, so that I can easily identify where a message originated from while tracking down problems.

In C/C++ this is nice and easy - write a logging routine, wrap it in macros for the different log levels and have that automatically output __FILE__, __LINE__ etc.

I wanted to do something similar in NodeJS, as I'd found myself manually writing the file name in the log message and then splitting functionality out into new files and it became a mess.

The only way I found to be able to do this was to create an "Error" object and access the "stack" member of it. This is a string containing a stack backtrace, suitable for writing to console/file. I just wanted the filename/line/routine.

So I ended up splitting the string into lines, then for each of the lines, trimming the surrounding spaces (or tabs?), and parsing them to see if the stack entry is inside my logger module. The first entry outside of that module must therefore be the thing that called it, so I then parse out the routine or object and method, filename and line number.

It's a lot of clumsy work but the output is pretty neat. I just wish it were simpler!

I'm working as an intern in a company and i have another intern that i must supervise (it like internception) .here is my daily nightmare :
- To start this intern never google something she copy paste from my code and if she got an error she send me a screenshot . Once the error message clearly said "cannot call function from array" and even that she didn't know what's the problem (she was supposed to it on array items)
-Before we started working together she spent a week complaining that a sending email function didn't work for her so the manager called me to check what's her problem. She had an antivirus that blocked request via ssl port.all i had done is open the log file and read the errors.
- She had a function should iterate over an array and for each item check a condition this is a part of what she wrote :
For ($i=0;count($categories);$i++){
if ($getrelativepath=null)
{
....etc other​ stuff she copy pasted.
Ps: the name of the function that she must call on array items is getRelativePath

- she wrote once
$response=array();
for (...){
array_push($response,$data[$i]);
return $response;}
She thought the function can iterate and return response at the same time.
- we are working on a website and she told me she doesn't know how to code Javascript and jquery (she think it's a language) and she never knew what ajax is.
- without mentioning the hundreds of empty spaces and multiple empty divs in html .
This year she'll become a computer science engineer .

User A: So, we have some issue with uploading files. You guys need to fix it.
Me: Yeah, sure. We'll put it in our issue log. I'll let you know when its fixed so you can try uploading.
> Solving other issues which they said was more important.
A few days later:
User A: Uhhh..so guys, we have this issue while uploading..
Me: Yes, I know. We'll solve it and let you know when you can test it again.
> Working on that uploading issue
User A: So, I sent you an email. Its about the file upload. It doesnt seem to be working

Is it really hard to understand when I said to wait till we get it fixed?

PROBLEM:
We need to log out phone calls in and outlet of the company

How we wanted to do it:
Use node.js to read the serial port from the phone system then store the data into the MsSQL database

Eventual solution:
1) Read serial port
2) store in local MySQL database
3) every 3 minutes create a CSV file containing the last 3 minutes of calls and store on a Windows shared directory
4) have a access 2000 programme collect these files every 30 minutes
5) insert into MsSQL database

I swear the God I'm considering getting a rabied dog just to bite your balls off in case I ever see you in the streets..

- guys X are running load tests on env A
- load tests complete
- analysis of test results is being done
- slow response times are obsered
- someone asks whether X guys took a thread dump for further analysis
- a guy from team X (Mr. Xx) replies: "Will take the Thread Dump now."
- 10 minutes later uploads the whole fucking 2GB log file to Slack
- Xx replies: "I do not see anything wrong in the dump"

A fucking retard... Shove that useless dump up your ass and THEN tell me there's nothing wrong with it! Why the FUCK do you think that's the case? Moron

Help. I work with a guy who really wants to learn programming (he’s sales/support rn) and is even taking some courses on it. He seems eager enough to learn, the problem is he is just so fucking stupid I don’t know whether to encourage him or level with him.

He somehow managed to pass a course on Java (which I still don’t believe since I had to help him put his lines of code in the right order ffs), but now he’s signed up for C++ and data structures and I honestly don’t know how he’s going to do it.

This is the type of guy who loves “coding” but thinks debugging is a waste of time.

Normally I encourage anyone who wants to learn programming do so, but let’s be honest it does take a modicum of intelligence and this guy has zero common sense at all. We’re talking about a guy who sent me a *screenshot* of an Excel file that I needed to copy some activation codes from. And then had absolutely no idea what was wrong when I replied “are you fucking with me right now?”

*sigh*

And that’s not even scratching the surface. I sent him a zip file containing some updated code and walked him through how to update them on Slack (really basic, copy/replace files stuff). Then the VERY next day when I sent him a second update he asks “is there something you want me to do with this?”

The instructions were literally the last thing we talked about in the chat log.

I actually fear the stuff this guy would unleash upon the world if someone were actually able to teach him how to write a whole program.

What should I do? Right now my plan is to be vaguely supportive but secretly hope he will realize he’s in over his head and drop out before any damage is done. But my worry is he may just be SO dumb that he actually thinks he can do it. At that point I guess I just have to put my faith in his school and pray that they aren’t just giving degrees away to whoever can afford them. Because fear the day this guy ever gets a degree in programming.

So I created a little script for my mother because otherwise she had to combine 70 spreadsheets manually, I just couldnt sit there and do nothing. So I wrote a simple Python script in like 30 mins, decided that it needed a GUI because in the end it is for my mother. So wrote a GUI and partly learnt PyQt during that in an hour, which was all working fine.

Then I got to the point where I actually had to hand it over to my mother, preferably as an executable so that there is no hassle at all. So found this tool, Pyinstaller which seems to work great. Created an executable with all the dependencies and stuff in a single file, it worked on my win10 machine (because I developed on Linux of course). So I distributed it to her and she immediately gets an error. Of course there is no description and stuff because I made it a simple program, no log files and such. But fortunately she told me that it errorred when she wanted to run it, so I knew it had to be due to the executable.

Turns out she is still using windows 7 at work, which of course is different that windows 10 and here I am at 11pm, installing updates on a fresh windows 7 machine just to create a new build in that environment and make it work on her machine.

Fuck you, windows update. I swore to never see that ugly ass progress bar again, but yet here I am. Send halp.

I am almost just at the point where Im going to teach my mother how to run a python application from the command line because wheels are actually available for all python dependencies (instead of compiling them)!

Are there better python executable creators out there for wincrap?

The joy when tools do not have machine parseable output.

I'm looking at you SBT. My favorite pile of poo.

Remove the logging level from each line, then trim the line, then stab around inside the line with regexes, fishing for a possible match which hopefully is right...

Then stripping scala information like the object type, cause yeah...
A line can be for example "[info] Vector(File(...),File(...))" where info is the log level, Vector the wrapping sequence type, File(...) the wrapping element type and the string inside File(...) what yours truly needs.

As this is lot of shitty shabby string stabby stabby, we need to add a fuckton of boiler plate validation cause who knows what we just murdered.

To make it even more fucked up, a multi project project can produce different output for the same key.

:-)

Yeah. So we need to fix that too.

By the way, one can set log output to unbuffered in SBT.

Then the output is in random order :-)

Isn't that fun? Come on, you wanna poke that pile of shit, too.

The SBT plugin way is by the way no alternative, as I need a full Java environment for execution.

Which brings me to the last point:

For fucks sake, writing CLI applications in Java is so much bloody boilerplate code.

There's ugly and then there's the "please kill me" kind of level.

50 lines just to write a basic validation of argc / argv with commons cli.

That's 6 lines in python. Not kidding. :(

I currently hate everything.

Moments where the job sucks: When you have to hotwire two electric cables with high currency by giving both cables the blowjob of your life.

Trying to bulk upload users to Office 365, something is going wrong and all the log file says is

"[]"

Thanks, that helps a lot -_-

Spent over an hour on a shell script that wasn't working properly. I use it, works perfectly. Every time cron executes, does nothing, not even log an error.

It took me that long to realize that the user I was getting the cron to run on didn't have permission to write to my log file... You would think I'd realize this when my error scripts didn't log...

(on that note, the Bandit games at OverTheWire have been awesome refresher on getting back into the swing of linux - highly recommend)

Trying to use authenticate a JWT token from an Azure service, which apparently needs to use Azure AD Identity services (Microsoft Entra ID, Azure AD B2C, pick your poison). I sent a request to our Azure admin. Two days later, I follow up, "Sorry, I forgot...here you go..."
Sends me a (small) screenshot of the some of the properties+GUIDs I need, hoping I don't mess up, still missing a few values.
Me: "I need the instance url, domain, and client secret."
<hour later>
T: "Sorry, I don't understand what those are."
Me: "The login URL. I assume it's the default, but I can't see what you see. Any shot you can give me at least read permissions so I can see the various properties without having to bother you?"
T: "I don't see any URLs, I'll send you the config json, the values you need should be in there."
<10 minutes later, I get a json file, nothing I needed>
<find screenshots of what I'm looking for, send em to T>
Me: "The Endpoints, what URLs do you see when you click Endpoints?"
<20 minutes later, sends me the list of endpoints, exactly what I'm looking for, but still not authenticating the JWT>
Me: "Still not working. Not getting an error, just that the authentication is failing. Don't know if it's the JWT, am I missing a slash, or what. Any way I can get at least read permissions so I don't have to keep bugging you to see certain values?"
T: "What do you need, exactly?"
Me: "I don't know. I don't know if I'm using the right secret key, I can't verify if I'm using the right client id. I feel like I'm guessing trying to make this work."
T: "What exactly are you trying to get working?"
<explain, again, what I'm trying to do>
T: "That's probably not going to work. We don't allow AD authentication from the outside world."
Me: "Yes we do. Microsoft Teams, Outlook, the remote access services. I can log into those services from home using my AD credentials."
T: "Oh yea, I guess we do. I meant what you are trying to do. Azure doesn't allow outside services to authenticate using a JWT. Sorry."

FRACK FRACK FRACK!!

Whew! Putting the flamethrower away.

Thanks devrant for letting me rant.

> Mister BossDeveloper, I'm calling this method called "consoleLogger" and I'm not seeing anything in console, why is that happening?
> Mister IHateForALiving, it's redirected to some pm2.log file

The 180iq move: create a method, explicitly call it "PRINT TO CONSOLE" and make sure it doesn't print to console, ever.

FUCK FUCK FUCK Windows share feature
just fuck it !
and fuck the people who made it!!!44

ok calm mode on

I had to copy a 30 gb file from my computer to my sister's one, and since the largest pendrive I have is 8gb, and I'm just lazy to split the file into parts, I thought it would be a great idea to copy it over LAN. (tldr: it's not)

First attempt:
Right click on file and share it with everyone = fail
Enable network discovery in sharing settings = still fail
Ohh, right, I just forgot it, disable firewall, it usually solves everything = still fail (2)
Google the problem and try every possible solution = still fking fail

Second attempt:
Ok, when last time I had the same problem, I made a homegroup and it worked.
Let's enable it on my Win10 = it's missing
After some googling: "We removed the home group feature from Windows 10, because why not and we would be fired if the change log was empty."
Ok, fuck it.

Third attempt:
Download a portable FTP server.
Enable it.
Create an account.
It works.

Aside from simple programs I wrote by hand-transcribing code from the "Basic Training" section of 3-2-1 Contact magazine when I was a kid in the '80s, I would say the first project I ever undertook on my own that had a meaningful impact on others was when I joined a code migration team when I was 25. It was 2003.

We had a simple migration log that we would need to fill out when we performed any work. It was a spreadsheet, and because Excel is a festering chunk of infected cat shit, the network-shared file would more often than not be locked by the last person to have the file open. One night after getting prompted to open the document read-only again, I decided I'd had it.

I went to a used computer store and paid $75 out of pocket for an old beater, brought it back to the office, hooked it to the network, installed Lunar Linux on it, and built a simple web-based logging application that used a bash-generated flat file backend. Two days later, I had it working well enough to show it to the team, and they unanimously agreed to switch to it, rather than continue to shove Excel's jagged metal dick up our asses.

My boss asked me where I was hosting it, as such an application in company space would have certainly required his approval to procure. I showed him the completely unauthorized Linux machine(remember, this was 2003, when fortune 500 corporations, such as my employer, believed Ballmer's FUD-spew about Linux being a "virus" was real and not nonsense at all), and he didn't even hesitate to back me up and promise to tell the network security gestapo to fuck off if they ever came knocking. They never did.

I was later informed that the team continued to use the application for about five years after I left.

Python file truncate instead of actually deleting file contents...
there goes a weekend of log backups.. FML

I take the day off for a dr appointment cause I know shots make me tired and I won't work well after

But..... my coworker breaks a super important batch script by not reading a pop up note on a recent fix and (temporary) manually needed adjustment that pauses the script until you press a button

Then proceeds to skip all THREE places across the process to catch the problem caused by that not reading the note

And finally sees an issue AFTER final version is already sent out to clients....

So as soon as I get home I need to log on and rerun the process taking my time to read the check spots to make sure values and counts are correct and a new file is sent out

It feels great to take a chunk of my day off to cover a mistake of someone else's

Also should note I'm salaried. So I don't get paid extra for logging on and fixing this on my day off. Kinda sucks but whatever

Ok... so I have a unique question/opportunity. I can't give all the details but here's the jist:

3yrs ago I was hired to consult a now prominent(still decently well known then) web-based company with many thousands of users, dealing with a lot of money and leveraging a social environment. They had several issues but initially they really needed me to find/train chat mods.

I did not take the offer for monetary reasons, like all consulting I've done, I had additional reason and/or fondness to fix the issues. In this case it was an interesting challenge and I knew several customers and some support staff so it'd be worthwhile.

They (without request) reduced their typical 2mo probationary period to 2wk for me. With less than a day left of that period, I was 'hacked' via a pushed telegram update, on the account they made me create for work purposes (they had control of the phone number not me).

During this 'hack' one of the 2, currently active, culprits sent a message to his tg account from the 'hacked' one and quickly deleted the entire convo. The other pretended (poorly) to be me in the chat with the mods in training (at least a few directly witnessed this and provided commentary).

Suddenly, I was fired without any rationale or even a direct, non-culprit, saying anything to me.

The 'hack' also included some very legit, and very ignorantly used, Ukrainian malware.

This 'hack' was only to a 2nd gen lenovo yoga I got due to being a certified refurbisher... just used for small bs like this chat mod/etc job. I even opened up my network, made honey pots, etc., waiting for something more interesting... nope not even an attempt at the static ip.

I started a screen recording program shortly after this crap started (unfortunately after the message sent be 'me' to the dude who actually sent it happened... so i still dont know the contents).

I figured I'd wait it out until i was bored enough or the lead culprit was at a pinnacle to fall from...

The evidence is overwhelming. This moron had no clue what he was doing (rich af by birth type)... as this malware literally created an unhidden log file, including his info down to the MAC id of his MacBook... on my desktop in real time (no, not joking... that stupid)

Here's my quandary... Due to the somewhat adjacent nature of part of our soon to be public start-up... as i dont want it to turn into some coat tail for our tech to ride on for popularity... it's now or never.

Currently im thinking, aside from any revenge-esq scheme, it'd be somewhat socially irresponsible to not out him to his fellow investors and/or the organisation that is growing with him as one of few at the forefront... ironically all about trust/safety/verification of admins in the industry.

I tried to reach out to him and request a call... he's still just as immature. Spent hours essentially spamming me while claiming it wasnt him but hed help me find whoever it was... and several other failed attempts to know what i had. When i confirmed he wasnt going to attempt a call, i informed him id likey mute him because i don't have time for back and forth bs. True to form he deleted the chat (i recorded it but its of no value).

So... any thoughts?

I feel like writing or telling people about the time I jumped from Windows 7 Ultimate and jumping to Windows 10. (I'm not against 10, but I'm never updating after what had happened to me)
It all starts when none of my games will play due to a possible issue with my graphics card. I look up "3D source game bug" and not many results pop up. I go on Microsoft's Qna areas and ask this question but to my surprise nothing they say would make sense. "Clean the pins of your graphics card, make sure you verify the games on Steam". I verified the games and they checked out as perfectly fine. I don't have access to my graphics card because this is a laptop, sadly not a tower.
Two months pass and my computer is already showing signs of stress, like it didn't want to live in a sense. It was three times slower than when I was on Windows 7 and it was unallocating areas of my main hard drive where I could make virtual hard drives.
Instantly I start looking up Linux distros and find Linux Mint. 17.3 was the current version at the time. I downloaded it and burned it onto a DVD-rom and rebooted my computer. I loaded into the disc and to my surprise it seemed almost like Windows 7 apart from the Linux part. I grab my external hard drive and partition it to hold the Linux distro and leave it plugged in incase Windows 10 does actually fail.
On December 19, a few months after Windows 10 had released. I start my laptop to try and continue my studies in video game development. But to my surprise, Windows 10 had finally crashed permanently. The screen flickered blue and black, and an error box saying Loginui.exe failed to start. I look at it for a solid minute as my computer had just committed suicide in a sense.
I reboot thinking it would fix the error but it didn't. I couldn't log in anymore.
I force shutdown the laptop and turn it back on putting it into safe mode.
To my surprise loginui.exe works and I sign in. I look at my desktop, the space wallpaper I always admired, the sound files, screen shots I had saved.
I go into file explorer and grab everything out of my default hard drive Windows was installed on. Nothing but 400gb got left behind and that was mainly garbage prototypes I had made and Windows itself. I formatted my external hard drive and placed everything on it. Escaping Windows 10 with around 100GB of useful data I looked at the final shutdown button I would look at.
I click it and try to boot into normal Windows 10. But it doesn't work. It flickers and the error pops up once more.
I force it to shutdown and insert the previous Linux Mint disc I made and format the default hard drive through Linux. I was done. 10 gave me a lot of shit. Java wouldn't work, my games has a functional UI but no screen popped up except a black abyss and it wouldn't even let me try to update my graphics card, apparently my AMD Radeon 5450 was up to date at the AMD Radeon 5000's.
I installed Linux Mint and thinking the games would actually play I open steam and Launch Half-Life 2 to check if Linux would be nicer to me than Windows 10 had been.
To my surprise the game ran. The scene from Highway 17 popped on screen and the UI was fully functional. But it was playing at 10-15fps rather than the usual 60-70fps. Keep look at my drivers and see my graphics card isn't in use. I do some research and it turns out I have a Hybrid Laptop.
Intel HD Graphics and an AMD Radeon 5450 and it was using the Intel and not the AMD. Months of testing and attempts of getting the games to work at high frame rates pass and the Damn thing still functions at a low terrible fps. Finally I give up. I ask my mom for a Windows 7 disc and she says we can't afford it. A few months pass and I finally get a Windows 7 installation disc through money I've saved up. Proudly I put it into my optical disc drive and install it to my main hard drive deleting Linux completely. I announced to all my friends my computer was back in working order and I install everything I needed, Steam, Skype, Blender, and Unity as well as all my games. I test Half-Life 2 and it's running exceptionally smoothly, I test Minecraft at max settings and it's working beautifully. The computer was functioning properly once again and my life as a developer started as I modeled things and blender, learned beginners C# and learned a lot of Batch. Today the computer still runs at a great speed and I warn others of what happened to me after I installed Windows 10 to my machine if they are thinking of switching from 7 or 8 on an older machine.
Truly the damage to my data cannot be undone. But the memory of the maintenance, work, tests, all are a memory of how Windows 10 ruined me and every night before the one year anniversary of Windows 10's release, I took out the battery of my laptop and unplugged it from the a.c. power, just so Windows 10 doesn't show it's DLLs, batch scripts, vbs scripts, anything on my computer. But now, after this has happened and I have recovered, I now only have a story to tell

So today I debug the code from the previous developer.... I show this in the file I wonder what it is as I debug , it give the log which is I don't know what to react .....

<<prev. #wk235 advices>>

~ Study the Error log deeply, Google each line if needed. Don't give up.
~ Learn by doing. Don't just read/watch.
~ Practice breaking down the problem statement first in different components and hierarchies. Don't jump into coding right away.
~ Write some, review some. Don't put off review for later.
~ Even if you don't exactly follow the best security practices - always ensure that your program is safe for use. Especially for user-inputs, etc, pay attention.
~ Never distribute code with passwords/keys written in it.
~ Don't hard code stuff, use Config file, environment variables, etc.
~ Try to automate repetitive stuff like build and deploy etc
~ Save and backup you code.
~ No one knows everything, also, today's knowledge gets outdated tomorrow. Continuous learning is synonymous with this field.

<<next #wk235 advices>>

That moment when you have to file your hours worked, but the service we use to do so *exclusively* runs on *Internet Explorer* so you have to shut down your Linux distro with all the stuff you have running, boot up your Windows pro partition and log into your service, just to punch in a couple numbers.

Seriously. A website that runs *exclusively* on IE?? What the fuck.

Log4j. My boss asked me to add it to a project. Had an issue with logging, went to docs. why do I need to read a whole fucking textbook to log messages to a file?

After brute forced access to her hardware I spotted huge memory leak spreading on my key logger I just installed. She couldn’t resist right after my data reached her database so I inserted it once more to duplicate her primary key, she instantly locked my transaction and screamed so loud that all neighborhood was broadcasted with a message that exception is being raised. Right after she grabbed back of my stick just to push my exploit harder to it’s limits and make sure all stack trace is being logged into her security kernel log.
Fortunately my spyware was obfuscated and my metadata was hidden so despite she wanted to copy my code into her newly established kernel and clone it into new deadly weapon all my data went into temporary file I could flush right after my stick was unloaded.
Right after deeply scanning her localhost I removed my stick from her desktop and left the building, she was left alone again, loudly complaining about her security hole being exploited.
My work was done and I was preparing to break into another corporate security system.
- penetration tester diaries

Magento Debugging Horror!
Changing lots of things in magento with no problem. Continuing development for quite sometime. Suddenly decide to clear cache to see affect of a change on a template in frontent. Suddenly magento crashes! There's no error message. No exception log. No log in any file anywhere on the disk. All that happens is that magento suddenly returns you to the home page!
Reverting all the changes to the template. Clear the cache. Nope! Still the same! Why? Because the problem has happened somewhere in your code. Magento just didn't face it, because it was using an older version of your code. How? Because magento 2 even caches code! Not the php opcache. Don't get me wrong. It has it's own cache for code, in a folder called generated. Now that you cleared all the caches including this folder, you just realized that, somewhere something is wrong. But there is no way for you to know where as there is absolutely no exception logged anywhere!
So you debug the code, from index.php, down to the deepest levels of hell. In a normal php code, once the exception happens, you should see the control jumps to an exception handler, there, you can see the exception object and its call stack in your debugger. But that's not the case with magento.
Your debugger suddenly jumps to a function named:
write_close();
That's all. No exception object. No call stack. No way to figure out why it failed. So you decide to debug into each and every step to figure out where it crashes. The way magento renders response to each request is that, it calls a plugin, which calls a plugin loop, which calls another plugin, which calls a list of plugins, which calls a plugin loop, which calls another plugin.....
And if in each step, just by accident, instead of step through, you use the step over command of your debugger, the crash happens suddenly and you end up with the same freaking write_close() function with no idea what went wrong and where the error happened! You spend a whole day, to figure out, that this is actually a bug in core of magento, they simply introduced after your recent update of magento core to the latest STABLE version!!! It was not your mistake. They ruined their own code for the thousandth of time. You just didn't notice it, because as I said, you didn't clear the `generated` folder, therefore using an older version of everything!
Now that after spending 7 hours figuring out what has failed with absolutely no standard way of debugging and within a spaghetti of GOTO commands (Magento calls them plugin), why not report it to github? So you report it with a pull request. This also takes 1 hour of your time. Just to next day get informed that your pull request is rejected because another person already fixed the bug and made the same pull request. It was just not on the latest stable version yet!
So you decide to avoid updating magento as much as possible. Because you know that the next Stable version will make your life and career unstable. But then the customer complains that the Admin Panel is warning him of using old Magento version which might pose SECURITY THREATS!

While debugging a service on a linux server...
Log-level info: no really useful information and no hint about the bug
Log-level debug: OMFG TAKE THAT 2GB LOG FILE
Why all the time 😧

Oh boyyy, I just had to work with Asterisk again. And holy shit it is still the clusterfuck it was many years ago.
We got:
- Inconsequent documentation that is mixed through all versions.
- The config sprinkled over what feels like 20 gazillion files.
- AEL being a half assed attempt at a "pRoGRamMinG LanGuAgE"
- The fuck you mean with extensions, endpoints and AOR's?
- Inconsistent config parameter naming. Some are snake case, some camel case some are just everything smushed into a single word.
- queue_log determines wheter to write a log to a file. queue_log_to_file Says to do so independent of you having a realtime backend. Whatever the fuck that is.
- Log compression is done by executing a gzip command after a rotation??!!?!!

rant/!rant

So I just started working at the beginning of January and I have no fucking clue about anything especially Web development.
But now I have a week to figure out how in the world I am going set up a workflow for some secretaries so that the higher ups get a printed coupon with a password on it, so they can log into our WLAN via a captive portal that I also need to set up.
I am thinking about a website that takes a list of names and settings (probably excel or smt) passes them to the WiFi management softwares API and then generates some PDF file for download that just needs to get printed.
Did I mention that I have no Dev tools (I have notepad, yeah the one without ++), no test environment, no prior experience and no clue how to do it?
But somehow I love this challenge and am glad that my colleagues don't send me to get coffee but let me work.
Am I insane?

A common walkthrough with Laravel deployment:
1.) Error 403
2.) Internal server error 🤔
3.) bad require paths in index.php....
4.) Whooops something went wrong.. What?.... Look at log file with 2MB size
5.) View not found

Am I the only one to hate Google drive window's client? It Is far slower than OneDrive/Dropbox. If you work inside the drive you could lose shit, If you remove a file window says it can't be removed but after the error message he does it and If you log out the client..It removes the virtual drive with your files on😑😑 what the fuck Google, what the fuck

Even if Microsoft has done considerably steps forward in recent years with dotnet core being an open source platform, it still retains a bit of its microsoftian dna. Let me make an example. Start a new test project with xUnit. It doesn't log to console. Decide to use the standard Microsoft.Extensions.Logging that should be the new, performant way of logging. It comes with 4 providers and **it doesn't log on file system**. Bottom line: all the complexity of a complex stack without the solution you were looking at the beginning. Resorting to thirdy party tools to do the job (serilog).

So I'm now experiencing the worst case of "pacman -Syu breaks everything" I've ever had. For whatever reason, when I updated mesa, my entire GUI decided to go to shit. As I'm typing this, lightdm is crashing over and over again. My Xorg log file has no errors at all. Honestly have no fucking clue what's going on.

Other build tools:

Here is a plugin, use it . Be done.

Scala Build Tool aka SBT:

Build your own plugin.

Everything is scala...
You can create by the way funny endless loops when using the wrong syntax - yet it might compile successfully. And then when you load the plugin, it works. Till it is evaluated - lazy evaluation for the fun.

Error messages are at best cryptic.

*If* you manage to get a working plugin and *if* it runs...

Surprise. Surprise.

You might need to parse the log output of SBT.

Another funny surprise: Log output isn't configurable. You can configure the log level. That's it.

So after a lot of pain stakingly putting together a fucking shitty plugin, you can now grind the rest of your brain with ...
sed.

Cause yeah. You can now use regex to parse an sbt build log and extract the necessary information.

:)

...

So....

Are we there?

Mwahahahhaa.

Only if you haven't forgotten to either disable colored output for SBT... Or take an extra mile with e.g. less -R.

Otherwise you have ASCII control characters in your file. :-)

After getting that shit to work, you now have finally a parseable build log.

Just took days instead of hours.

But that's SBT. :-)

Got a call about production was going to fail. They thought it's the application server.

I'm the end it was bogus file mods which were scrambled by the backup tool.

Why we didn't find out earlier? Because the java application was coded like this:

-------

String content;

Try {
File bla = new File
content = ... Read operation
} catch (IoException | SecurityEx | RuntimeEx ex)
// nothing we can do here
}

doWork(content);

---------

Why the fuck do we have code reviews? Why not just log or throw a Runtime Exception? Argh... I thought it would be better in enterprise applications. Perhaps I should tell them to not just use pmd, also spotbugs and sonarqube. But the department for the build tools does not have enough employees. Dang.

Anyway. Earned some money for that.

Now it's 2018 and I still get money for the same kind of bugs as 2008.

I enjoy Visual Studio, but the installer is GARBAGE.

My install of 2017 didn't come with a certain package, so I go to the installer to add it. Thing constantly fails with "could not find file" in the txt log. Decided I might as well update studio while I'm here. Turns out I had python packages for it too, since during this update python decided to have a fit in another project because modules and pylint suddenly disappeared.

Wtf?

Ended up dong an internship for my school (not really internship, more along the lines of formal volunteering, but whatever) helping set up laptops for a statewide standardized assessment.

I made a program to log the machine's identifying info (Serial, MAC addresses, etc), renames it, joins it to the school's Active Directory, and takes notes on machines, which gets dumped into a csv file.

Made the classic rookie mistake of backing things up occasionally, but not often enough. Accidentally nuked the flash drive with the data on it, and spent a good while learning data recovery and how grep works.

Lesson Learned? Back up frequently and back up everything

What a mess ^^

From one moment to another unit-tests on my local machine stopped working.

There was a PHP fatal error, because of insufficient memory.

Actually, there was a ducking "unit"-test of a controller action "log".

This action returns the content of the projects log file...

Since this log file grew over the time, PHP tried to assert the response of the controller action which was sized about 400MB.

C'moooooon guys!
What were your thoughts behind this bullshit? ^^

How difficult is it to write an installation script?! Suddenly have dozens of computers with just a few MB free space...Reason: 150 GB tmp-files (which turns out to be log files), containing "Can't replace file, file in use" a gazillion times until the disk got full!

Taking care of someone else's children without experience of doing such task feels like following a log file live without the severity field filled in.

Hey their did anybody notice unauthorized login attempt over ssh. Means I have a demo digitalocean droplet I just left it for some logs their isn't any imp data over but when I try to ssh back that machine after an interval of max 5 to 6 days after login message displayed their were 9876 login attempts were made, then I directly go to ssh log over secure log file get all those IP, found out max were from China some from France and all are doing random login names like user, admin etc etc and with random password over multiple ports even non standard one, is anyone finds this happening

Just spent 10 minutes wondering why my change log hadn't updated after I knew I made a change to a file.

I updated the public version instead of the src.

In college, during Novell's heyday, I was working on my Certified Network Administrator certification (totally worthless, in retrospect). As I was becoming an expert in all things Novell, I found a security flaw. Using Visual Basic it was possible to code up an exact replica of the Novell login screen that launched at boot time from a batch file stored on a floppy. You could log peoples' usernames and passwords all day as long as they didn't realize your floppy was in the drive, which worked in certain computer lab setups on campus. I wasn't in it for stealing info or being a criminal. I just did it for the lulz. But if I had gained access to a few of the right computers in admin offices on campus, I could've gotten access to anyone's student profiles and grades.

>finally gets around to installing vsftpd on home server RPi
>doesn't work
hmm.mp2
>configurating
>confusing as fuck template documentation
>man page isn't much better
>gets it working
>goes to log in
User: pi
Password: a
(What? It's a home file/command server isolated from the Internet. Sue me.)
nope.avi
>why
>tries again
nope.svg
>FUCK
>sees small raw-command log in bottom-right of phone FTP client
hmm.flac
>tries again, watches log
PASS *****
>the fuck
>goes to change user pass over SSH
# passwd
"Current password?"
about half a second later
"passwd: auth token manipulation denied"
>the delay tho
>WAIT A SECOND
one time i got past some parental software bullshit on a tablet by abusing the delay between opening a banned app and the redirect to the normal software at like age 7. (Doing so let me enable remote wipe through Google. bye bye software!)
>*inner 7 year old has autistic screech*
# nano temp
a
abcdefghi
abcdefghi
^O Y ^X
# passwd < temp
>fucking works
>logs in to FTP server successfully
>does the one file download that was needed

why and how did that fucking work

Tonight I learned that none of our automatically installed systemd-based servers had the /etc/machine-id created, and that that file used to be pretty central in the systemd world.

So that was the warning at the beginning of the boot log about a missing /etc/machine-id! Though until today, everything still worked fine. Only today, the machinectl utility was unable to find the local machine with the machine id missing.

Oops? At least I'll have stuff to fix tomorrow lol.

So i'm trying to upload a file to an SSH server using node. First I try the obvious putFile method provided by the obvious node-ssh package. On any other server this would work fine but this server doesn't have sftp installed so that doesn't work.

OK, so next I learn how scp works (it runs the command "scp -t" on the remote server, and sends to stdin a command like "C0666 1234 file.txt" and then sends the contents of the file) and I write some javascript code to do this. It's pretty finicky, the first few tries I forget to close the stream right or detect the program finishing. I add some logging and that helps me figure out what the problem is, and finally I get it to not output any errors.

So I log into the server and check and the file isn't there. I try again several times, file still isn't there. I try running scp -t manually on the server, typing in exactly what my program is sending, and it works. This goes on for a while until I realize that I've been sending a file to one server and logging into a different server to check if the file was sent. grrr

I might sound stupid, but why don't solo-developers use things like dropbox for active file history that keeps track of every change and also gives diff options and up to 1 year log - instead of git?

Don't get me wrong, git is amazing when you have to work with a team or multiple people in general, but it's simply a pain in the ass when working alone and having to keep track of every state yourself.

When I implemented a supplier's library, I noticed my app froze every time I called that library. I then asked the suppliers if they were doing any heavy stuff on the main thread and they told me they weren't.

Luckily, they were "right", StrictMode told me they were only dumping a whole log file...

Experience with Plasma Mobile, part 2.

I was able to clone the official master repository and commit my hacks to it, but when I sent the pull request, the current active maintainer said that the master branch was actually severely out of date and to try the "halium-flash" branch.

So I did. I checked out the "halium-flash" branch and attempted to install Plasma Mobile. The bash file used to flash the phone still needed to be hacked around, though my previous commit was made irrelevant by the change. However, I did get it working on my phone.

So, here are my thoughts: It's most definitely not ready. The lock screen looks pretty and is well put together, and the "desktop" and icons for applications look very nice.

However, my phone does not have a physical "home" button, and Plasma Mobile to date does not have a digital "home" button. So, in order to close an application I have to literally reboot my phone.

As of yet there seems to not be any tactile feedback or visual feedback, which is odd when typing in the passcode to log into Plasma Mobile or trying to open an application.

Firefox crashes if you try to open it, and currently there are two choices of wallpaper. I haven't tried calling someone, but I'm fairly certain that Plasma Mobile does not support telephony on my phone type.

So, my verdict is still the same: I have great hopes for the Plasma Mobile project, but unless you are a developer who is interested in making it a better product, I would stay away for now.

God I HATE UNRAID! FUCK THIS PIECE OF JUNK

CRASHING EVERY FEW FUCKING HOURS

AND. I. CANT. EVEN. GET. A. FUCKING. LOG. FILE! LIKE WHAT THE HELL!

Oh, its sooo reliable they said, use Unraid they said, the docker support is amazing, they said...

FUCK IT! FUCK THIS PIECE OF GARBAGE!

I JUST WANT TO RUN PLEX AND SONARR ON ONE FUCKING MACHINE, AND UNRAID IS JUST LIKE: yeah, its a good time to crash now, YEET!

and its gone...

Fuck you google for changing the filters in the chrome console. Before I could ignore warnings if they were fixed by another teammate in a diff branch. Now I have to go over 20 fucking lines of missing exports from a common lib file, which has 0 impact on my current work, because google decided to treat devs as retards.

If you dont know:
Before I could pick whichever outout I want (log, debug, warnings etc), and now I can only use "verbose", "info", "warnings" and "errors" 😡

Always valued my every minute but seems I have given up the principle for a cron job which I have to wait for every minute to run so I can see what I am doing on the log file.

Imagine enabling verbose logging for a complex ETL process that typically takes 8 hours to run but has been failing for some reason after running for about 7 hours. Naturally, you want to check the log file to find out what went wrong.
Now imagine not having read access to the log file.

Learning to use logging in Python for an existing application.
🙇Feeling enlightened looking at the first log file output.

Pushed some changes to PROD today. Go to login and check changes .. noooooope!

Still a bit new to Symfony 5... but I'm just not a fan right now. The login screen just jumps back to itself. No login failed message and prod log had a size of 0 so that was no help.

Traced this thing way down into the CSRF Authentication functions. \is_callable(...namespace) just returning null so no go on getting a token for isTokenValid() =/
ugh! This is truly the most torturous junk I've ever seen. Nothing in the logs so I decided to just use the good old ECHO'HERE' debugger.

What was the issue you might ask?... effin' yaml file
Fix for now is to set the session handler_id back to null

> totally disable logging on console
> logging is redirected instead on some 1200 separated files (no, not "log files rotated through 1200 days"; every part of the program has its own log file, and there's 1200 of them)
> still, in all those files, none of them contains MY log; somehow it disappeared

Why some people even chose to become developers will always elude me

I’m working on a new app I’m pretty excited about.

I’m taking a slightly novel (maybe 🥲) approach to an offline password manager. I’m not saying that online password managers are unreliable, I’m just saying the idea of giving a corporation all of my passwords gives me goosebumps.

Originally, I was going to make a simple “file encrypted via password” sort of thing just to get the job done. But I’ve decided to put some elbow grease into it, actually.

The elephant in the room is what happens if you forget your password? If you use the password as the encryption key, you’re boned. Nothing you can do except set up a brute-forcer and hope your CPU is stronger than your password was.

Not to mention, if you want to change your password, the entire data file will need to be re-encrypted. Not a bad thing in reality, but definitely kinda annoying.

So actually, I came up with a design that allows you to use security questions in addition to a password.

But as I was trying to come up with “good” security questions, I realized there is virtually no such thing. 99% of security question answers are one or two words long and come from data sets that have relatively small pools of answers. The name of your first crush? That’s easy, just try every common name in your country. Same thing with pet names. Ice cream flavors. Favorite fruits. Childhood cartoons. These all have data sets in the thousands at most. An old XP machine could run through all the permutations over lunch.

So instead I’ve come up with these ideas. In order from least good to most good:

1) [thinking to remove this] You can remove the question from the security question. It’s your responsibility to remember it and it displays only as “Question #1”. Maybe you can write it down or something.

2) there are 5 questions and you need to get 4 of them right. This does increase the possible permutations, but still does little against questions with simple answers. Plus, it could almost be easier to remember your password at this point.

All this made me think “why try to fix a broken system when you can improve a working system”

So instead,

3) I’ve branded my passwords as “passphrases” instead. This is because instead of a single, short, complex word, my program encourages entire sentences. Since the ability to brute force a password decreases exponentially as length increases, and it is easier to remember a phrase rather than a complicated amalgamation or letters number and symbols, a passphrase should be preferred. Sprinkling in the occasional symbol to prevent dictionary attacks will make them totally uncrackable.

In addition? You can have an unlimited number of passphrases. Forgot one? No biggie. Use your backup passphrases, then remind yourself what your original passphrase was after you log in.

All this accomplished on a system that runs entirely locally is, in my opinion, interesting. Probably it has been done before, and almost certainly it has been done better than what I will be able to make, but I’m happy I was able to think up a design I am proud of.

Another great website error code fail (dumped its full error output to the website):
Traceback (most recent call last):
File "/usr/lib/python2.4/site-packages/trac/web/api.py", line 436, in send_error
data, 'text/html')
File "/usr/lib/python2.4/site-packages/trac/web/chrome.py", line 808, in render_template
template = self.load_template(filename, method=method)
File "/usr/lib/python2.4/site-packages/trac/web/chrome.py", line 768, in load_template
self.templates = TemplateLoader(
File "/usr/lib/python2.4/site-packages/trac/web/chrome.py", line 481, in get_all_templates_dirs
for provider in self.template_providers:
File "/usr/lib/python2.4/site-packages/trac/core.py", line 78, in extensions
return filter(None, [component.compmgr[cls] for cls in extensions])
File "/usr/lib/python2.4/site-packages/trac/core.py", line 213, in __getitem__
component = cls(self)
File "/usr/lib/python2.4/site-packages/trac/core.py", line 119, in maybe_init
init(self)
File "/usr/lib/python2.4/site-packages/authopenid/authopenid.py", line 157, in __init__
db = self.env.get_db_cnx()
File "/usr/lib/python2.4/site-packages/trac/env.py", line 335, in get_db_cnx
return get_read_db(self)
File "/usr/lib/python2.4/site-packages/trac/db/api.py", line 90, in get_read_db
return _transaction_local.db or DatabaseManager(env).get_connection()
File "/usr/lib/python2.4/site-packages/trac/db/api.py", line 152, in get_connection
return self._cnx_pool.get_cnx(self.timeout or None)
File "/usr/lib/python2.4/site-packages/trac/db/pool.py", line 172, in get_cnx
return _backend.get_cnx(self._connector, self._kwargs, timeout)
File "/usr/lib/python2.4/site-packages/trac/db/pool.py", line 105, in get_cnx
cnx = connector.get_connection(**kwargs)
File "/usr/lib/python2.4/site-packages/trac/db/sqlite_backend.py", line 180, in get_connection
return SQLiteConnection(path, log, params)
File "/usr/lib/python2.4/site-packages/trac/db/sqlite_backend.py", line 255, in __init__
user=getuser(), path=path))
TracError: The user apache requires read _and_ write permissions to the database file /home/trac/morituri/db/trac.db and the directory it is located in.

Quick Plesk config question...

Been getting open_basedir() notices in the WordPress logs, and frankly it's flooding the log right now. Sample below:

[24-Feb-2019 07:05:19 UTC] PHP Warning: file_exists(): open_basedir restriction in effect. File(/var/www/vhosts/webspacedomain.com/SiteInstallDirectory/wp-content/db.php) is not within the allowed path(s): (/var/www/vhosts/webspacedomain.com/:/tmp/) in /var/www/vhosts/webspacedomain.com/SiteInstallDirectory/wp-includes/load.php on line 397

Checking the settings for open_basedir in the domain's PHP settings, it's currently set to the following default value:

{WEBSPACEROOT}{/}{:}{TMP}{/}

By my read, that **should** be granting permission to the directory. I just checked it against the setting on the dev server (which doesn't report this error), and it's configured in the same manner. Only difference between Dev environment and this one is that the one in Dev is in vhosts/webspacedomain.net/DEV instead of just vhosts/webspacedomain.net

Is there something I'm missing here?

Relatively often the OpenLDAP server (slapd) behaves a bit strange.

While it is little bit slow (I didn't do a benchmark but Active Directory seemed to be a bit faster but has other quirks is Windows only) with a small amount of users it's fine. slapd is the reference implementation of the LDAP protocol and I didn't expect it to be much better.

Some years ago slapd migrated to a different configuration style - instead of a configuration file and a required restart after every change made, it now uses an additional database for "live" configuration which also allows the deployment of multiple servers with the same configuration (I guess this is nice for larger setups). Many documentations online do not reflect the new configuration and so using the new configuration style requires some knowledge of LDAP itself.
It is possible to revert to the old file based method but the possibility might be removed by any future version - and restarts may take a little bit longer. So I guess, don't do that?

To access the configuration over the network (only using the command line on the server to edit the configuration is sometimes a bit... annoying) an additional internal user has to be created in the configuration database (while working on the local machine as root you are authenticated over a unix domain socket). I mean, I had to creat an administration user during the installation of the service but apparently this only for the main database...

The password in the configuration can be hashed as usual - but strangely it does only accept hashes of some passwords (a hashed version of "123456" is accepted but not hashes of different password, I mean what the...?) so I have to use a single plaintext password... (secure password hashing works for normal user and normal admin accounts).

But even worse are the default logging options: By default (atleast on Debian) the log level is set to DEBUG. Additionally if slapd detects optimization opportunities it writes them to the logs - at least once per connection, if not per query. Together with an application that did alot of connections and queries (this was not intendet and got fixed later) THIS RESULTED IN 32 GB LOG FILES IN ≤ 24 HOURS! - enough to fill up the disk and to crash other services (lessons learned: add more monitoring, monitoring, and monitoring and /var/log should be an extra partition). I mean logging optimization hints is certainly nice - it runs faster now (again, I did not do any benchmarks) - but ther verbosity was way too high.

The worst parts are the error messages: When entering a query string with a syntax errors, slapd returns the error code 80 without any additional text - the documentation reveals SO MUCH BETTER meaning: "other error", THIS IS SO HELPFULL... In the end I was able to find the reason why the input was rejected but in my experience the most error messages are little bit more precise.

So I'm sitting here trying to bodge my way through a member system. These fucknuts really made a bad system..

The task: Export a list of users and their info.

Is there an API available? No, who the fuck would need that shit, even tho the system is built upon Odoo, which has an API!
But it has an export function, you just have to log in and press the right sequence of buttons, because you need the running ID...
Here I discovered the first of many security flaws... "What happens if I post the wrong ID?"... Well, I get access to a file that has nothing to do with me or my users.... What?
Well after some fiddling It works, but holy fuck I found a lot of bugs. And this is a system that is launching in 7 days for us.. Some users have been on it for a year....

How can they ship this bad a product? There's absolute no documentation only a 15-page manual. Guess they don't want developers to develop shit that works in junction with theirs.

I'm trying to create log files with the PID or some JVM arg like app name but File appender doesn't parse ${myVar} in the config.

Issue is we have multiple instances of an app running but they can't be all writing to the same file.

I tried creating a custom Appender by pretty much copying the source code of FileAppender and then adding a function to add PID to the filename.

But when I use it, get some error saying "name, and fileName" are invalid parameters.

So wondering if anyone has experience building one that works out maybe there an existing code for such an appender?

PR done and dusted. Welp! Somehow all permissions on files have been changed. I didnt change it. Wtf happened? Log search turns up I did change it while resolving merge conflicts. I don't know how. Anyway now I am spending my afternoon working on the vaguest fucking issue and reverting back all file permissions. Might have somehow fucked up two repos and will have to fix them all. Kill me. Now

I spent half a day trying to figure out why the app on the staging server does not log in the app log file while it does on the dev server.
Server log said log config file found but could not find the root logger.

Problem was that the directory was readable for the app, but not the logfile configuration file.

Dear devs, when a file is not readable that might be some interesting information one could write into a log. AT LEAST MORE INTERESTING THAN "APPLICATION STARTING..."

I was away sick for a week. Come back to a chat log with messages about how the other dev team is trying to figure out a solution to a bug that they only show three services listed in the system.

Me couple of weeks ago on my second day in the project figured it out relating to a task I was doing. It's not a bug, it's a feature. It's a constant defined in the constants-file.

And the best thing: my team mate quoted me and said "Lankku figured it out last week". And it was passed down back to the team who had actually developed the whole feature and couldn't figure out why it was working so now. xD

Just these little things that can drive you insane: TCP should guarantee that the order of packages is preserved, but somehow through a splitting of the message I get them files mangled. OK, might be our own fault, but then I just do a simple grep on the log file, but it won't display anything if I escape the f** dot.
Google it. No I didn't do it wrong, try different quotes. Nothing. Why then does it display the thing if I delete the dot?
Beginning to question my sanity. Grep just. has. to. work.
And that very moment the blinds of the window automatically go up, so the blazing sun blinds us, which as management told us, is not a bug but a feature, protection from freezing bla bla - and the control of the blinds gives me static shocks but refuses to shut them down again.. *sigh*
Just these little things. - Don't know, but I am convinced at the right time, a little mispunctuation or a glitch in a UI could drive a programmer mad.

Log() method blocking caller to

1) Enter a critical section
2) Open the log file
3) Move to the end of the file
4) Write the log
5) Close the log file
6) Exit the critical section

And this was already in production.

Make's running but i'm piping its output to a log file so i'm slowly starting to feel as though i'm about to end up slipping and doing a "sudo chmod -x /mnt/human/consciousness -R" please help i'm so fucking tired man...

CRON JOBS SUCK. @LINUX YEAH YOU HEARD ME

MY PROGRAM WRITES INFO TO A DATABASE, SENDS EMAILS AND OUTPUT IS PIPED TO A LOG FILE. NONE OF THESE THINGS HAVE OCCURRED DURING THE CRON RUN SO I DON'T KNOW WHAT IS OR ISN'T WORKING.

Am I the only one who's hands start shaking when about to send "CHANGE MASTER TO" on a dev server?

Happened to me yesterday, replication got stuck after corrupting a relay log file when the database segfaulted under my hands.

I could check and recheck the positions I was about to reset it to a bilion times and I was still nervous!

Any good recommendations on how to gather user metrics/instrumentation and visualize data?

The program is a WPF application with not internet connection so logging to file and get file is probably the only solution.

I've played a little with Serilog to file and trying to import the log into elastic search and visualize data with Kibana.