So a fucking friend of mine makes me meet this fella who is a big shot according to his LinkedIn and please note has too much experience with Web Apps and Python

Me being naive actually trusted that and I meet him.

Fella: So what do you do?
Me: I am into Cyber Security nothing much I just do bug hunting for now
Fella: You know python will help you right?
Me: Sorry?
Fella: You see you have to be a python programmer for anything you want to do in CS
Me: Me yeah I kinda know python actually I am more into Ruby from start so ( Around this time I kinda sensed that he is a fake tech guy he is a corporate asshole)
Fella: show me any of your work
Me: (So to show him one of the thing I was working on I open GitHub desktop app) Me explaining blah blah blah
*Fella is in shock*
So at this point I was thinking probably he is impressed and that's why the shock right?

No a big fucking no
Apparently he never heard about GitHub or git and got blown away by the interface.

And the friend who made me meet that guy is not my fucking friend anymore that prick can die for ruining my day

When you FINALLY manage to reproduce that bug that's been hunting you for 4 FUCKING MONTHS

Ok story of my most most recent job search (not sure devRant could handle the load if I was to go through them all)

First a little backstory on why I needed to search for a new job:

Joined a small startup in the blockchain space. They were funded through grants from a non-profit setup by the folks who invented the blockchain and raised funds (they gave those funds out to companies willing to build the various pieces of the network and tools).

We were one of a handful of companies working on the early stages of the network. We built numerous "first"s on the network and spent the majority of our time finding bugs and issues and asking others to fix them so it would become possible, for us to do what we signed up for. We ended up having to build multiple server side applications as middleware to plug massive gaps. All going great, had a lot of success, were told face to face by the foundation not to worry about securing more funds at least for the near term as we were "critical to the success of the network".

1 month later a bug was discovered in our major product, was nasty and we had to take it offline. Nobody lost any funds.

1-2 months later again, the inventor of the blockchain (His majesty, Lord dickhead of cuntinstein) decided to join the foundation as he wasn't happy with the orgs progress and where the network now stood. Immediately says "see that small startup over there ... yeah I hate them. Blackball them from getting anymore money. Use them as an example to others that we are not afraid to cut funds if you fuck up"

Our CEO was informed. He asked for meetings with numerous people, including His royal highness, lord cockbag of never-wrong. The others told our CEO that they didn't agree with the decision, but their hands were tied and they were deeply sorry. Our CEO's pleas with The ghost of Christmas cuntyness, just fell on deaf ears.

CEO broke the news to us, he had 3 weeks of funds left to pay salaries. He'd pay us to keep things going and do whatever we could to reduce server costs, so we could leave everything up long enough for our users to migrate elsewhere. We reduced costs a lot by turning off non essential features, he gave us our last pay check and some great referrals. That was that and we very emotionally closed up shop.

When news got out, we then had to defend ourselves publicly, because the loch ness moron, decided to twist things in his favour. So yeah, AMAZING experience!

So an unemployed and broken man, I did the unthinkable ... I set my linkedin to "open to work". Fuck me every moronic recruiter in a 10,000 mile radius came after me. Didn't matter if I was qualified, didn't matter if I had no experience in that language or type of system, didn't matter if my bio explicitly said "I don't work with X, Y or Z" ... that only made them want me more.

I think I got somewhere around 20 - 30 messages per week, 1 - 2 being actually relevant to what I do. Applied to dozens of jobs myself, only contacted back by 1, who badly fucked up the job description and I wasn't a fit at all.

Got an email from company ABC, who worked on the same blockchain we got kicked off of. They were looking for people with my skills and the skills of one other dev in the preious company. They heard what happened and our CEO gave us a glowing recommendation. They largely offered us the job, but both of us said that we weren't interested in working anywhere near, that kick needing prick, again. We wanted to go elsewhere.

Went back to searching, finding nothing. The other dev got a contract job elsewhere. The guy from ABC message me again to say look, we understand your issues, you got fucked around. We can do out best to promise you'll never have to speak to, the abominable jizz stain, again. We'll also offer you a much bigger role, and a decent salary bump on top of that.

Told them i'd think about it. We ended up having a few more calls where they showed me designs of all the things they wanted to do, and plans on how they would raise money if the same thing was to ever happen to them. Eventually I gave in and signed up.

So far it was absolutely the right call. Haven't had to speak to the scrotum at all. The company is run entirely by engineers. Theres no 14 meetings per week to discuss "where we are" which just involves reading our planning tool tickets, out loud. I'm currently being left alone 99% of the week to get work done. and i'm largely in-charge of everything mobile. It was a fucking hellhole of a trip, but I came out the other side better off

I'm sure there is a thought provoking, meaningful quote I could be writing now about how "things always work out" or that crap. But remembering it all just leaves me with the desire to find him and shove a cactus where the sun don't shine

.... happy job hunting everyone!

That awkward moment when you find bug instead of porn on "Pornhub" 😂😂😂

a missing semi colon is overated, the white space character at the end of a string is the real OG. Been hunting a bug for three days because of it!!

Interesting bug hunt!

Got called in because a co-team had a strange bug and couldn't make sense of it. After a compiler update, things had stopped working.

They had already hunted down the bug to something equivalent to the screenshot and put a breakpoint on the if-statement. The memory window showed the memory content, and it was indeed 42. However, the debugger would still jump over do_stuff(), both in single step and when setting a breakpoint on the function call. Very unusual, but the rest worked.

Looking closer, I noticed that the pointer's content was an odd number, but was supposed to be of type uint32_t *. So I dug out the controller's manual and looked up the instruction set what it would do with a 32 bit load from an unaligned address: the most braindead thing possible, it would just ignore the lowest two address bits. So the actual load happened from a different address, that's why the comparison failed.

I think the debugger fetched the memory content bytewise because that would work for any kind of data structure with only one code path, that's how it bypassed the alignment issue. Nice pitfall!

Investigating further why the pointer was off, it turned out that it pointed into an underlying array of type char. The offset into the array was correctly divisible by 4, but the beginning had no alignment, and a char array doesn't need one. I checked the mapfiles and indeed, the old compiler had put the array to a 4 byte boundary and the new one didn't.

Sure enough, after giving the array a 4 byte alignment directive, the code worked as intended.

Watch out for these fucking bug bounty idiots.

Some time back I got an email from one shortly after making a website live. Didn't find anything major and just ran a simple tool that can suggest security improvements simply loading the landing page for the site.

Might be useful for some people but not so much for me.

It's the same kind of security tool you can search for, run it and it mostly just checks things like HTTP headers. A harmless surface test. Was nice, polite and didn't demand anything but linked to their profile where you can give them some rep on a system that gamifies security bug hunting.

It's rendering services without being asked like when someone washes your windscreen while stopped at traffic but no demands and no real harm done. Spammed.

I had another one recently though that was a total disgrace.

"I'm a web security Analyst. My Job is to do penetration testing in websites to make them secure."
"While testing your site I found some critical vulnerabilities (bugs) in your site which need to be mitigated."
"If you have a bug bounty program, kindly let me know where I should report those issues."
"Waiting for response."

It immediately stands out that this person is asking for pay before disclosing vulnerabilities but this ends up being stupid on so many other levels.

The second thing that stands out is that he says he's doing a penetration test. This is illegal in most major countries. Even attempting to penetrate a system without consent is illegal.

In many cases if it's trivial or safe no harm no foul but in this case I take a look at what he's sending and he's really trying to hack the site. Sending all kinds of junk data and sending things to try to inject that if they did get through could cause damage or provide sensitive data such as trying SQL injects to get user data.

It doesn't matter the intent it's breaking criminal law and when there's the potential for damages that's serious.

It cannot be understated how unprofessional this is. Irrespective of intent, being a self proclaimed "whitehat" or "ethical hacker" if they test this on a site and some of the commands they sent my way had worked then that would have been a data breach.

These weren't commands to see if something was possible, they were commands to extract data. If some random person from Pakistan extracts sensitive data then that's a breach that has to be reported and disclosed to users with the potential for fines and other consequences.

The sad thing is looking at the logs he's doing it all manually. Copying and pasting extremely specific snippets into all the input boxes of hacked with nothing to do with the stack in use. He can't get that many hits that way.

After serveral weeks of stress, bug hunting, despair and fun - I JUST COMPLETED A PROJECT MILESTONE !!

Time for a reward :]

A woman has bugs in her home, she wants to find a bug hunter to get rid of them. She calls a man who does bug hunting, he comes to her house and says: "I am a bug hunter, you called me. Where's your laptop?"
Woman confused as she is asks the man: "Why do you need a laptop to hunt and get rid of the bugs?"

"Well how else am I going to debug those bloody programs you wrote?"

Note: I promise I made this up, if anyone else already posted this, I wasn't aware.

I've been hunting for a new job for several months because my current company isn't growing my skills any further. There have been many setbacks, a few rejections, and that awful lingering imposter syndrome. So I finally dug myself out of my self pity and began learning things that my current company doesn't implement – JS frameworks, UX practices, etc. Today I had an interview that felt more like a conversation and collaboration than getting grilled about terminology and bug fixes. No matter what the result, I've been inspired to learn again 😌

My nipples are hard, as hard as diamond. For no fucking reason at all.

But aside from that important update, does anyone just get this absolute light-headed euphoria whenever they realize they've fixed a bug?

Like my god, its the best feeling. I've only fixed other people's bugs a few time, and even then I experienced it.

The ability to understand every codebase immediately to the point where I:
* don't need to rely on the documentation
* know exactly where bugs are
* know how a change (bug fix, new feature, etc.) affects other areas of the project recursively

Obviously because it's a waste of time hunting that occur when modifying a codebase, no matter how carefully one writes tests or tests their code, something could always sneak in because it's not always apparent how a change ripples through your codebase.

It's tiresome and especially annoying when working with core modules

Witch hunting:

I just spent the last 90 trying to fix a visual bug with the UI

I made a functional component to render pretty forms with minimal information in React
Turns out some random ass fields were not rendering with their respective lower borders

Refactored the shit out of the components
Actually got them to follow a strict styling

Two cups of coffee later it clicked: everything was perfectly functional, I just have a shitty small monitor and tried zooming in
WOULD YOU LOOK AT THAT, IT'S THE FUCKING BORDER I WAS LOOKING FOR ALL ALONG!

Don't be like me: check les differents view ports

Spent 2 hours last night (leaving an hour late) with the IT guy hunting down a problem that affected at least 12 other teams. It didn't crash the app, but did prevent MANY scripts from working, and thus nothing could be committed.
I found the culprit, made a solution, and posted in the email chain my solution. (it required a code review and a client-side update)
Someone responded asking for another dev to confirm my report. That dev did and them dumbed it down for those who can't understand programming talk. Then EVERY EMAIL after that thanked that dev for "fixing the root problem" and "solving their scripts".
And just now, the PO for the bug was replaced to that dev's team. (previously was my team's PO)

>Sitting at desk pondering over what is wrong with code.

:Top

BRAIN : "maybe we will think better with /another/ cup of cofee?"

Repeat until

BRAIN : "damn now im too jittery to think about code. Maybe if I relax woth some music/meme hunting ill be able to focus"

Repeat until

BRAIN : "Damnit i spent 2 hours on 9gag and not coding. Gotta get back to this bug squashing but im now so tired. Maybe some cofee will help me think"

Goto Top

I'm tired of "agile" development. Sure the concept of a hacky POC that gets thrown out for a real implemention sounds great. But it never gets thrown out. That shitty POC become the foundation for a horrible mangled mess of hacky improvement after improvement. I'm tired of my boss telling me "do it the easy quick way and fix it later", like fuck off no. I can save man weeks worth of bug hunting a year down the road by actually taking an extra day to do it right. Like fuck does no one care about quality engineering anymore?

Sometimes that extra day to write a general vs a specific implementation is worth it.

Keep hunting the Bug :)

Bug hunting

Just found out the crazy bug I've been hunting the past two days was because I simply had the wrong filepath to the input and wasn't checking that.

So how's your guy's day?

Node: The most passive aggressive language I've had the displeasure of programming in.

Reference an undefined variable in a module? Prepare to waste your time hunting for it, because the runtime won't tell you about it until you reference a property or method on the quietly undefined module object.

Think you know how promises work? As a hiring manager, I've found that less than 5% of otherwise well-experienced devs are out of the Dunning Kruger danger zone.

Async causes edge cases and extra dev effort that add to the effort required to make a quality product.

Got a bug in one of your modules? Prepare yourself for some downtime because a single misplaced parentheses can take out the entire Node process, killing unrelated pages and even static file hosting.

All this makes for a programming experience that demands much higher cognitive load, creates more categories of bugs, and leads to code bloat/smell much more quickly than other commonly substituted languages.

From a business perspective, the money you save on scaling (assuming your app is more compute efficient under Node) is wasted on salaries and opportunity costs stemming from longer dev time, more QA, and more frequent outages.

IMO, Node is an awesome experiment, a fun language, a great tool for specific use cases, and a terrible fucking choice for an entire website.

At a previous job I had, there was a bug in the payment code, we did not know anything was wrong until the customer support team began receiving some crazy emails stating that our company emptied their bank account. Then we investigated further and thousands of customers had their banks emptied. So the payment team went big hunting, found the problem to eliminate further chaos.

Unfortunately the person responsible for this huge screw up was not fired immediately, but did resign soon there after.