I once saw an application that would encrypt (not hash, encrypt) passwords but then when a user was logging in, they’d encrypt the password candidate and then compare the cipher texts to see if they were the same. This was using 3des, so no IV.
I just recently joined a company that offers two options for operating systems, Mac or Linux. Windows is explicitly not allowed. Seeing that in my onboarding paperwork was like walking into a warm sunny meadow.
There’s a great interview somewhere with the writers of one of these shows talking about how they knew this was shit and they had unofficial competitions with other shows to constantly one up each other on the stupidity.
ArnoldC is still my favorite of these :D https://lhartikk.github.io/ArnoldC/
I’m sure those folks that took the Louvre aint waiting on no manager to unlock deodorant at CVS.
Fuck it, just to be a little bit contarian, how much of a selection bias do you think might actually be present in the assumption “…then why don’t the rich ascend to this purer existence in a trailer park? Why is it always the poors?”
For sure we hear about the people that get rich and only want to get richer and fuck over everyone that gets in their way, but personally now that I think about it, I actually do know a few people that got lucky, made a bit, and thought “fuck it, I’m done. I’m going to go farm and smoke weed” or some similar equivalent. You’d never hear about those kind of people unless you directly know them. How many trust fund kids are out there just chilling and enjoying life without trying to exploit everyone around them?
I asked a buddy that works at Amazon about the outage and he pointed me to this article.
https://www.theregister.com/2025/10/20/aws_outage_amazon_brain_drain_corey_quinn/
I know quite a few people who currently work there and pretty much all of them are trying to leave.
I don’t remember where I originally heard it, but I like the sentiment that the problem with common sense is that it’s common but not necessarily good.
Hol up, DS is now old enough to be considered retro‽
Why does my back hurt so much? Unrelated I’m sure.
A person I know (and don’t particularly like) created a start up on this idea a couple of years ago already. It’s creepy AF.
This show was the shit when I was a kid!
I especially like the detail of the Thomas the train engine mod being present on her screen.
Actually yeah, that sounds rad af
The design and building of authorization policy systems. And crypto (as in cryptography as the word originally meant) but that one tends to be slightly more common.
A buddy of mine and I used to play this game where one of us tried to think of an absurd metal concept and the other tried to find a band that actually fit that description. The game ended the day that the challenge was Maori folk metal and we discovered the band Alien Weaponry. At that point we pretty much decided that there must exist a rule similar to the internet’s rule 42 along the lines of “if there’s a genre of music, there exists a metal subgenre influenced by it.”
I was openly an atheist in highschool (early 2000s). Death threats weren’t sent, they were spoken to my face
I think I had to step away for a few minutes after that
There are a couple that come to mind.
Definitely the worst, a C# .net mvc application with multiple controllers that were 10s of thousands of lines long. I ran sonarqube on this at one point and it reported over 70% code duplication.
This code base actively ignored features in the framework that would have made things easier and instead opted to do things in ways that were both worse, and harder to do. For example, all SQL queries were done using antiquated methods that, as an added benefit, also made them all injectable.
Reading the code itself was like looking at old school PHP, but c#. I know that statement probably doesn’t make sense, but neither did the code.
Lastly, there was no auth on any of the endpoints. None. There was a login, but you could supply whatever data you wanted on any call and the system would just accept it.
At the time I was running an internal penetration test team and this app was from a recent acquisition. After two weeks I had to tell my team to stop testing so we could just write up what we had already and schedule another test a couple months down the line.