Hacking, Design, Email, Addresses, Formats, Mapping, UpCloud, 2FA, SSO

• Hacking slot machines - Here's my solution. Which I've actually used in several implementations. Not in gambling, but in general. - If there's requirement for win ratio, and PRNG is bad. I would just simply use the PRNG to set number of rolls before small, medium and big win. Now you can't cheat anymore. Because whatever you do, you can't keep winning. There are always losing rolls between.
• Beauty of pure architecture. First we run "complex task 1" and because it doesn't work correctly, we run "fix task 2" from separate code base after the "complex task 1". Sure it works, but I just can't stop loving code like this. But the main point? Getting the CT1 fixed, would take weeks. Doing it the FT2 style, takes around 15 minutes, including figuring out what's wrong. - Fixed. - Because it now works, nobody's interested to fix the CT1 anyway.
• Once again, data quality. Doing some integration tests, but the data quality used for tests is horrible. If there's complex logic, all the data to be passed through the integration should be also coherent and concise. Problem is that you want to test some parts of the whole, which are still depending on some other parts, which aren't available.
• Huge mails - One users doesn't know any other way of transporting files than email. He/She sends dozens of ~32 megabytes email / day... Ugh...
• Invalid addresses - First users set invalid from address and then set invalid to address. And go and complaining about mail not getting received by the recipient. - I think there's just one problem, the user.
• Inconsistent date formats - One project had very strict requirements about field formats. Yet some of the messages delivered, require different date format than other messages. Sigh. Makes no sense whatsoever.
• Mapping tables - Customer requests us to create complex mapping table. I've seen this so many times. At some point they start complaining that it doesn't work. Yes it does... It works exactly as designed. Because it isn't supposed to work.
• Just had to deal with one UpCloud server migration. They're doing it very well, customer communication, etc. I really like it. How many times I've written about companies doing something without informing customer and after that they keep lying and providing disinformation. In this case, I can say, that's absolutely not the case. Everything is pretty much perfect. That's the way I really like it. They called me and told me that they're sorry that they have to restart the server(s). How many providers do restart the systems or change something without ANY prior warning. Quite many. And when you go and ask, wtf you guys did. They don't have any clue what's happened, who did what, etc. In one case (not UpCloud obviously) there was complete data center outage, and they just said there were a problem, and never provided any additional information even if the issue took several hours to be resolved.
• 2FA / TOTP implementation for Windows. Implemented TOTP based 2-FA for Windows administration tasks. Awesome... It's good to have played with all that stuff, so creating fully working piece of software took just one and half hours. I'm very happy with this performance.
• SSO Fail. Once again a true classic. Company X implements SSO and boasts about it. I go and check it out. I had 32 chars long password with all the special characters like `´'☺1a⛄A-$ µ👍ÖÄåẂ ⓴" etc, which I know usually cause trouble if there's bad code along the processing path. Guess what. I was able to set the new password and log to ONE of their around 10 services with that password. All the other services which still used the same credentials failed, claiming my password is invalid. I don't know what kind of bleeps you've hired, but please. You'll need at least one competent guy there. It shouldn't be too hard to make very simple code, which takes in the Unicode blob and hashes it. Yes, if the form got different character set or whatever, you're screwed. But do things right, and it'll work. Even funnier when I complained about this, they asked if that was really my password pasting the password. Which clearly tells they're storing the passwords in plaintext. - Great work guys!

2018-11-04