A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools.
-Douglas Adams

Spring Framework stacktrace... sigh
(I hear the J2EE folks have it worse)

Watch out for these fucking bug bounty idiots.

Some time back I got an email from one shortly after making a website live. Didn't find anything major and just ran a simple tool that can suggest security improvements simply loading the landing page for the site.

Might be useful for some people but not so much for me.

It's the same kind of security tool you can search for, run it and it mostly just checks things like HTTP headers. A harmless surface test. Was nice, polite and didn't demand anything but linked to their profile where you can give them some rep on a system that gamifies security bug hunting.

It's rendering services without being asked like when someone washes your windscreen while stopped at traffic but no demands and no real harm done. Spammed.

I had another one recently though that was a total disgrace.

"I'm a web security Analyst. My Job is to do penetration testing in websites to make them secure."
"While testing your site I found some critical vulnerabilities (bugs) in your site which need to be mitigated."
"If you have a bug bounty program, kindly let me know where I should report those issues."
"Waiting for response."

It immediately stands out that this person is asking for pay before disclosing vulnerabilities but this ends up being stupid on so many other levels.

The second thing that stands out is that he says he's doing a penetration test. This is illegal in most major countries. Even attempting to penetrate a system without consent is illegal.

In many cases if it's trivial or safe no harm no foul but in this case I take a look at what he's sending and he's really trying to hack the site. Sending all kinds of junk data and sending things to try to inject that if they did get through could cause damage or provide sensitive data such as trying SQL injects to get user data.

It doesn't matter the intent it's breaking criminal law and when there's the potential for damages that's serious.

It cannot be understated how unprofessional this is. Irrespective of intent, being a self proclaimed "whitehat" or "ethical hacker" if they test this on a site and some of the commands they sent my way had worked then that would have been a data breach.

These weren't commands to see if something was possible, they were commands to extract data. If some random person from Pakistan extracts sensitive data then that's a breach that has to be reported and disclosed to users with the potential for fines and other consequences.

The sad thing is looking at the logs he's doing it all manually. Copying and pasting extremely specific snippets into all the input boxes of hacked with nothing to do with the stack in use. He can't get that many hits that way.

My uncle introduced me to basic and used to challenge me to solve problems. One day he challenged me to write a program that generates the Fibonacci series. Thirty minutes later I had the solution and was irrevocably hooked :)

Don't forget that today is towel day! So grab one 🧣 and rock this mostly harmless place 📖

XML is meant for computers to read, not humans.

It's 2016. Please use yaml instead!

FP > OOP
I wish the enterprise world starts learning this!

There is a colleague of mine who is loud, arrogant and thinks he knows it all. Except when I worked closely with him turned out he doesn't know shit. And he has been in the industry for over a decade! Why the fuck was he hired, I don't know..

I just remembered some of the "harmless" dev-related insults I've received over the years:

1) most recently, I shared a tool with an acquaintance cuz it bears the same name as something he put together a while back. Background: this guy likes to come across as having infinite programming knowledge and brags to his fb pals about being an expert in multiple languages. While trying to make sense of the cryptic docs of the package I sent him, he implies I don't know what the iframe or html5 canvas are. Claims not to elaborate what package does cuz the docs is meant for advanced desktop and mobile devs

It hurt because this is one of few people who know I built suphle, yet thinks so lowly

2) as you can tell from the first point, I share links I consider interesting with relevant contacts. I'm also quite vocal about my (mostly contrarian) takes on occurrences within the dev space that I'm familiar with. One day on the laravel board, this dude is reprimanding me and asks me to take the opinions I read on blogs and tabloids with a pinch of salt, implying I didn't form them independently but was influenced by what was written by some stranger online

It hurt because I expected him to know better. I felt I'd sufficiently proven to have actually built things that informed my school of thought

3) the oldest happened many years ago but I remember it now because the perpetrator called me out of the blue last week. I was teaching his boss, who managed an office but preferred to keep his student status hidden, to avoid being thought incompetent. This caller guy just so turned out to be learning js at the time. Fast forward some years, we all disbanded. He'd landed a dev job and was doing well. So I sent him one of those js gotchas, asking him to explain his answer

After he replied, I told him his answer was close enough but it had more to do with js passing closure arguments by reference. Dude responded that he knew that was the correct answer but wasn't aware I knew what closures meant. That stung me like hell back then. I missed his call and didn't know who owned the contact, so I searched my chats and saw that last interaction. Pain all over again

I worked on a project that used an archaic homegrown library written by a consultant that had zero documentation, tons of reflection and here is the kicker... the consultant refused to give us the source code as it was "his intellectual property" so we couldn't make any sense of how to actually use it. Moreover, he worked remotely so the timezone difference between us meant that any questions we had took ages to get answered. Glad to be away from that project now.

Poll: camelCase or snake_case?

!rant

Emacs vs Vim? Why not both!
I found a gem of an editor called Spacemacs which combines the power of Emacs and the editing capabilities of Vim! Already replaced intelliJ with spacemacs for my scala and Java projects :)

Why the hell doesn't Go have generics?? You have to teach Go how to access elements of a list n times if you have n things that need to be sorted!

for everything to move on people have to shed their greed but you people also have to shed the pointlessly destructive characteristics which are inherent to your core natures. the idiotic thing you people fought to infect the world with most especially.

life wasnt easy but it wasnt this hard.

someone told me that you people think this stupid color number idiot slave bullshit is cleaved to because its believed that is the only way to have anything in this life.

what did you people really do to earn any of the few things you got ? and there the ability to do these things, travel which is harmless, stay in nice hotels which is harmless, see things, which is harmless, have time to visit museums and the like which is harmless, without your lives being ruined.. which is happening because you all allow this.

a cycle completes its period. something is lost, mostly energy youth and time.

why not simply give the people a promise of some time and some better reward and cap things like inflation and do away with all the stupid shit that originally just derived from bored rich people throwing you all some table scraps in exchange for degrading yourselves and destroying future generations ?