Watch out for these fucking bug bounty idiots.

Some time back I got an email from one shortly after making a website live. Didn't find anything major and just ran a simple tool that can suggest security improvements simply loading the landing page for the site.

Might be useful for some people but not so much for me.

It's the same kind of security tool you can search for, run it and it mostly just checks things like HTTP headers. A harmless surface test. Was nice, polite and didn't demand anything but linked to their profile where you can give them some rep on a system that gamifies security bug hunting.

It's rendering services without being asked like when someone washes your windscreen while stopped at traffic but no demands and no real harm done. Spammed.

I had another one recently though that was a total disgrace.

"I'm a web security Analyst. My Job is to do penetration testing in websites to make them secure."
"While testing your site I found some critical vulnerabilities (bugs) in your site which need to be mitigated."
"If you have a bug bounty program, kindly let me know where I should report those issues."
"Waiting for response."

It immediately stands out that this person is asking for pay before disclosing vulnerabilities but this ends up being stupid on so many other levels.

The second thing that stands out is that he says he's doing a penetration test. This is illegal in most major countries. Even attempting to penetrate a system without consent is illegal.

In many cases if it's trivial or safe no harm no foul but in this case I take a look at what he's sending and he's really trying to hack the site. Sending all kinds of junk data and sending things to try to inject that if they did get through could cause damage or provide sensitive data such as trying SQL injects to get user data.

It doesn't matter the intent it's breaking criminal law and when there's the potential for damages that's serious.

It cannot be understated how unprofessional this is. Irrespective of intent, being a self proclaimed "whitehat" or "ethical hacker" if they test this on a site and some of the commands they sent my way had worked then that would have been a data breach.

These weren't commands to see if something was possible, they were commands to extract data. If some random person from Pakistan extracts sensitive data then that's a breach that has to be reported and disclosed to users with the potential for fines and other consequences.

The sad thing is looking at the logs he's doing it all manually. Copying and pasting extremely specific snippets into all the input boxes of hacked with nothing to do with the stack in use. He can't get that many hits that way.

Xcode storyboards

I can't do it justice by explaining how many times having the entire UI flow in one file has helped me.

Even for unexpected stuff, like an Android dev joining the team and needing to know the workflow of login / registration -> print screen the storyboard.

Manager asking for all the different possible paths through the app -> print screen the storyboard(s).

And then live rendering of custom components to be able to see them while playing with alignments.

While it has its bugs, and could have a few more features, it's too useful to ignore.

I know many iOS devs don't like it, and that's fine because I don't like them either and I don't hire them ;-)

Each time I try firefox after somebody mentions it again or it's in my rss feed, it still seems to never actually advance

It's stuck and either gets worse or goes back to its stable non improving level again, how come do they still not have a proper mobile responsive tester, why are even the upgraded addons still suffering the same container and rendering bugs

how is it more important getting bad image by implementing mr robot malware, than getting on an actual competitive level

why is it default bloated with random pocket addon bullshit, why did it begin to lag, ..

I remember when I was using firefox for a good portion of my life and laughed at how google chrome is laggy, but nowadays theres simply no competition to chrome, its stability and developer tools

I wish there was competition, the grid tools were a great start, but then nothing followed and they just went back to their never improving flatline

DAPHNE: We finally caught the mean old Edge Browser! Now let's find out who you *really* are!
SCOOBY: Ruh-roh!
SHAGGY: Yoink!
DAPHNE: Gasp! It was Old Man Trident Rendering Engine all along!
VELMA: We could have worked it out from how Edge has exactly the same bugs and performance problems is IE!
OLD MAN TRIDENT: And I'd have got away with it if it wasn't for you pesky kids!

Snapchat is by far the worst app ever developed. I like the concept but the actual development of the app is fucking garbage. It hurts my head that they haven't given a fuck about usability, optimisation or anything for that matter considering its one of the top social media platforms. It disgusts me, though Instagram has completely ripped off Snapchat in so many ways; they've done a hell of a better job at it and if people weren't so tired to SC I'm sure it would be dead by now.

Slow UI, slow gestures, probably the highest amount of bugs and crashes, shit camera because it thinks it can do a better job than the native API at rendering, painfully slow upload, stupid "featured" stories that you cannot get rid off and slow the fuck out of the app, battery drain even worse than FB, oh and not to forget that once you accidentally enable your location it's impossible to switch it off, the best you can do is hide it from everyone. I can probably go on and on with the endless issues this shit has.

100% accurate.

I was just wondering why the flying fuck OxyPlot was rendering an unknown node on my chart for monday when I only queued my sql db for a single Tuesday.

Noticed it was an auto generated node, which had the right time, status, everything.

I looked up my code and found out that the date somehow bugged out, and if c# isn't sure what to do with an empty date it initializes a date on 1.1.0001

And what do you know. Appearantly thats a Monday.

I broke my head way harder over this than I should have, assuming the worst possible bugs in the render engine. fml

- Install Overwatch via Lutris on Linux.
- Get absolutely terrible performance and rendering bugs.
- Disable DXVK.
- Get slightly better performance (wtf?).
- Still runs at like 20% of potential performance.
- Give up and try to install Windows.
- Windows install fails.

Aaand so I spent my weekend configuring shit instead of relaxing/gaming. Ugh.

v0.0005a (alpha)
- class support added to lua thanks to yonaba.
- rkUIs class created
- new panel class
- added drawing code for panel
- fixed bug where some sides of the UI's border were failing to drawing (line rendering quark)

v0.0014a (alpha) 11.30.2023 (~2 hours)
- successfully retrieving basic data from save folder, load text into lua from files
- added 'props' property to Entity class
- added a props table to control what gets serialized and what doesn't
- added a save() base method for instances (has to be overridden to be useful beyond the basics)
- moved the lume.serialize() call into the :save() method on the base entity class itself
- serialized and successfully saved an entities property table.
- fixed deserializion bugs involving wrong indexes (savedata[1] not savedata[2])
- moved deserialization from temp code, into line loading loop itself (assuming each item is on one line)
- deser'd test data, and init()'d new player Entity using the freshly-loaded data, and displayed the entity sprite

All in all not a bad session. Understanding filing handling and how to interact with the directory system was the biggest hurdle I was worried about for building my tools.

Next steps will be defining some basic UI elements (with overridable draw code), and then loading and initializing the UI from lua or json.

New projects can be set as subfolders folders in appdata, using 'Setidentity("appname/projectname") to keep things clean.

I'm not even dreading writing basic syntax highlighting!

Idea is to dogfood the whole process. UI is in-engine rendered just like you might see with godot, unity, or gamemaker, that way I have maximum flexibility to style it the way I want. I'm familiar enough with constructing from polygons, on top of stenciling, on top of nine-slicing, on top of existing tweening and special effects, that I can achieve exactly what I want.

Idea is to build a really well managed asset pipeline. Stencyl, as 'crappy' as it appeared, and 'for education' was a master class in how to do things the correct way, it was just horribly bloated while doing it.

Logical tilesets that you import, can rearrange through drag-n-drop, assign custom tile shapes to, physics materials, collisions groups, name, add tag data to, all in one editor? Yes please.
Every other 2D editor is basic-bitch, has you importing images, and at most generates different scales and does the slicing for you.

Code editor? Everything behavior was in a component, with custom fields. All your code goes into a list of events, which you can toggle on and off with a proper toggle button, so you can explicitly experiment, instead of commenting shit out (yes git is better, but we're talking solo amateurs here, they're not gonna be using git out the gate unless they already know what they're doing).

Components all have an image assignable to identify them, along with a description field, and they're arranged in a 2d grid for easy browsing, copying, modifying.

The physics shape editor, the animation editor, the map editor, all of it was so bare bones and yet had things others didn't.

I want that, except without the historic ties to flash, without the overhead of java, and with sexier fucking in-engine rendering of the UI and support for modding and in-engine custom tools.

Not really doing it for anyone except myself, and doubt I'll get very far, but since I dropped looking for easy solutions, I've just been powering through all the areas I don't understand and doing the work.

I rediscovered my love of programming after 3-4 years of learning to hate it, and things are looking up.

ChatGPT is so much better than Google:
instead of wasting my time by linking to unhelpful / outdated / unrelated StackOverflow resources, it tells me to do the work by myself right away:

> To ensure consistent pseudo-element width across different browsers, including Safari, you can follow these steps: [...]
> (some basic HTML/CSS 101 seemingly quoted from a 2015 textbook)
>
> It's important to note that browser behavior might vary due to different rendering engines or versions. While following best practices helps achieve consistent results, you might still encounter small discrepancies. Cross-browser testing is always recommended to ensure your design looks consistent across different browsers, including Safari.
>
> For any specific issues you encounter in Safari, consider checking for known bugs or quirks that might affect pseudo-elements and their sizing. Online resources, developer forums, and documentation can provide valuable insights into Safari-specific behavior and workarounds.

Some high quality rendering here, iOS / Twitter - you'd think these bugs would've been caught in alpha or beta, but noooooo...

i developed a code some days back,
QA was completed successfully and no bugs were raised.
i was wondering how in the name of god there is no bug at all as we have to test it for IE🤔
now today on go live day they found a bug specific to IE for text rendering direction.😛 in all other browser its working fir.

At what point is it acceptable to stop trying fix outlook rendering bugs?