Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
So, I grew up on the US/Mexican border, in a city where saying there's no opportunity is like saying the Titanic suffered a small leak on its maiden voyage. There were two kinds of people in said town: Mexicans trying to find something less shit than juarez and white trash reveling in their own failure. I came from the latter, for whatever that's worth.
I graduated high school when I was almost 16 years old. Parents couldn't really afford to support three kids and pay the rent on the latest in a long line of shit holes we migrated in and out of. If being a serial eviction artist is a thing, my family were savants.
I applied to college and got accepted only to be told by my father that he didn't see the need. Turns out the only reason he'd helped me graduate early was so I could start working and help pay his bills. I said okay, turned around and tossed a bag and my shitty af spare parts computer into the back of the junkyard Vega I generously referred to as a car and moved cross country. Car died on arrival, so I was basically committed.
Pulled shifts at two part times and what kids today call a side hustle to pay for school, couch surfed most of the time. Sleep deprivation was the only constant.
Over the first 4 months I'd tried leveraging some certs and previous experience I'd obtained in high school to get employment, but wasn't having much luck in the bay area. And then I lost my job. The book store having burned down on the same weekend the owner was conveniently looking to buy property in Vegas.
Depression sets in, that wonderful soul crushing variety that comes with what little safety net you had evaporating.
At a certain point, I was basically living out of the campus computer lab, TA friend of mine nice enough to accidentally lock me in on the reg. Got really into online gaming as a means of dealing with my depression. One night, I dropped some code on a UO shard I'd been playing around on. Host was local, saw the code and offered me a job at his firm that paid chump change, but was three times what all my other work did combined and left time for school. Ground there for a few years until I got a position with work study at LBL that conflicted too much for it to remain mutually beneficial. Amicable parting of the ways.
Fucking poverty is what convinced me to code for a living. It's a solid guarantee of never going back to it. And to anyone who preaches the virtues of it and skipping opportunity on grounds of the moral high ground, well, you know.15
So, some time ago, I was working for a complete puckered anus of a cosmetics company on their ecommerce product. Won't name names, but they're shitty and known for MLM. If you're clever, go you ;)
Anyways, over the course of years they brought in a competent firm to implement their service layer. I'd even worked with them in the past and it was designed to handle a frankly ridiculous-scale load. After they got the 1.0 released, the manager was replaced with some absolutely talentless, chauvinist cuntrag from a phone company that is well known for having 99% indian devs and not being able to heard now. He of course brought in his number two, worked on making life miserable and running everyone on the team off; inside of a year the entire team was ex-said-phone-company.
Watching the decay of this product was a sheer joy. They cratered the database numerous times during peak-load periods, caused $20M in redis-cluster cost overrun, ended up submitting hundreds of erroneous and duplicate orders, and mailed almost $40K worth of product to a random guy in outer mongolia who is , we can only hope, now enjoying his new life as an instagram influencer. They even terminally broke the automatic metadata, and hired THIRTY PEOPLE to sit there and do nothing but edit swagger. And it was still both wrong and unusable.
Over the course of two years, I ended up rewriting large portions of their infra surrounding the centralized service cancer to do things like, "implement security," as well as cut memory usage and runtimes down by quite literally 100x in the worst cases.
It was during this time I discovered a rather critical flaw. This is the story of what, how and how can you fucking even be that stupid. The issue relates to users and their reports and their ability to order.
I first found this issue looking at some erroneous data for a low value order and went, "There's no fucking way, they're fucking stupid, but this is borderline criminal." It was easy to miss, but someone in a top down reporting chain had submitted an order for someone else in a different org. Shouldn't be possible, but here was that order staring me in the face.
So I set to work seeing if we'd pwned ourselves as an org. I spend a few hours poring over logs from the log service and dynatrace trying to recreate what happened. I first tested to see if I could get a user, not something that was usually done because auth identity was pervasive. I discover the users are INCREMENTAL int values they used for ids in the database when requesting from the API, so naturally I have a full list of users and their title and relative position, as well as reports and descendants in about 10 minutes.
I try the happy path of setting values for random, known payment methods and org structures similar to the impossible order, and submitting as a normal user, no dice. Several more tries and I'm confident this isn't the vector.
Exhausting that option, I look at the protocol for a type of order in the system that allowed higher level people to impersonate people below them and use their own payment info for descendant report orders. I see that all of the data for this transaction is stored in a cookie. Few tests later, I discover the UI has no forgery checks, hashing, etc, and just fucking trusts whatever is present in that cookie.
An hour of tweaking later, I'm impersonating a director as a bottom rung employee. Score. So I fill a cart with a bunch of test items and proceed to checkout. There, in all its glory are the director's payment options. I select one and am presented with:
"please reenter card number to validate."
Bupkiss. Dead end.
OR SO YOU WOULD THINK.
One unimportant detail I noticed during my log investigations that the shit slinging GUI monkeys who butchered the system didn't was, on a failed attempt to submit payment in the DB, the logs were filled with messages like:
"Failed to submit order for [userid] with credit card id [id], number [FULL CREDIT CARD NUMBER]"
One submit click later and the user's credit card number drops into lnav like a gatcha prize. I dutifully rerun the checkout and got an email send notification in the logs for successful transfer to fulfillment. Order placed. Some continued experimentation later and the truth is evident:
With an authenticated user or any privilege, you could place any order, as anyone, using anyon's payment methods and have it sent anywhere.
So naturally, I pack the crucifixion-worthy body of evidence up and walk it into the IT director's office. I show him the defect, and he turns sheet fucking white. He knows there's no recovering from it, and there's no way his shitstick service team can handle fixing it. Somewhere in his tiny little grinchly manager's heart he knew they'd caused it, and he was to blame for being a shit captain to the SS Failboat. He replies quietly, "You will never speak of this to anyone, fix this discretely." Straight up hitler's bunker meme rage.15
The way 90% of the population wears their face masks really explains a lot about their approach to using software, apps & websites as well.
I feel like giving up.
I am not a developer for the salary, or just to solve analytical puzzles. Those are motivators, but my main drive is to make the world more comfortable and enjoyable, better optimized, build ethical services which bring happiness into people's lives. I want to improve society, even if it's just a tiny bit.
But if users invest absolutely zero percent of their limited brain capacity into understanding a product that already has a super-clean design and responds with helpful validation messages...
...why the fuck bother.
I used to think of the gap between technology and tech-incompetent people as an optimization problem.
As something which could be fixed by spending a fortune on UX research. Write tests, hire QA employees, decrease tech debt, create a bold but unified & simple design.
But the technologically incompetent just get more entitled with every small thing you simplify.
It's never fucking fool-proof enough.
Why can't I upload a 220MB PDF as profile picture? Why doesn't the app install on my 9 year old Android Froyo phone? Why can't I sign up if my phone number contains a ￼ U+FFFC? Why does this page load so slowly from my rural concrete bunker in East Ukraine? WHY DO I HAVE PNEUMONIA, HOW DID I GET INFECTED EVEN THOUGH I WAS WEARING A MOUTH MASK ON MY FOREHEAD?
This is why I ran away from Frontend, to Backend, to DBA.
If I could remove myself further from the end user, I would.
At least I still have a full glass of tawny port and a huge database which needs to be normalized & migrated.
Fuck humans, I'm going to hug a server.32
Drinking game: Take a shot whenever you’re staring at work and don’t feel like working.
Bonus game: try not to die or get fired.21
"We need to do operation X about 50 times a second constantly."
X is a database heavy NP-hard problem with an input size of a few million.
And this new thing has to run on the same already stretched hardware that everything else is on.
I spent so long making python notebooks showing graphs why it wouldn't work, eventually someone built the naive exhaustive search anyway to prove it was slow. They pushed that out to production without testing it under any real load. Needless to say clients were annoyed.6
I applied for the wrong job for my placement year. Put down COMPSCI on the form (which, it turns out, is computational biology, which I knew nothing about) rather than ITSEC, which was the software dev side of things.
I only found out in the interview, when the first question was asked:
"So Almond, I'm a bit confused as to why you've applied to this role specifically given you've no biology background at all - could you fill us in?"
I spewed some kind of crap on the spot about wanting to work in a field where I saw a direct & differing application of computing than I'd seen before, and thought my focus on the technical, rather than the scientific side of things might be an asset to them. This awkward exchange went on for a while - but somehow it seemed to work, because I was offered the job, and decided to take it - had a fantastic year there.6
"doEs AnYOnE HAVE IssUeS wiTh gETTing gIrl beCoz CodIng"
lmao what a fucking dweeb. What a loser really. How about we don't make a fucking job something akin to a personality trait?
were I single, would I sell myself as a "cODER" to a girl? fuck no, do some of you nerds really introduce yourself in such way? is this bs ass job your end all be all? aye, this be the easiest way to poise yourself in the complete opposite direction of the female sexual organ.
Fucking quit that shit, ain't no one really gasping for air because you can lay down some fucking js in a website, who gives a fuck? like really? these posts are so fucking annoying.
Grow a pair, and some personality.
Background: some dweeb complaining to me about finding it hard to get girls because of his "passion" station women would lose interest because all he would talk about is dev shit113
I have been messing up my commitments for a good chunk of my life because of one simple word:
And only realised it like 4 months ago.
I lived so far under the impression that it means 'complex' ( it actually means 'simple')
"This is a trivial task" : Me to my manager 2 years ago
"Sounds simple but is quite trivial" : Me to my project lead
Yes, I am ashamed.
A lot of fuck-ups suddenly make sense.
I realise how I have been 'under delivering' on a 'trivial' task.
This will haunt me for life!!15
Especially painful being a cybersecurity engineer;
Did something wrong with an if-statement.
Caused authentication to break completely; anyone could login as any user.
Was fixed veeeeeeery quickly 😅 (yes, was already live)9
Straight from a marketing analyst (we didn't have a PM) I once had the displeasure of working with:
The guy didn't believe me when I told him it was impossible (barring exploits that would break the browser's sandbox), unethical, and probably illegal. I had to escalate all the way to the CEO to get him to drop it.8
Why do people use emojis in commit messages, it might look cool on Github UI but I do not want to see :art: :wheelchair: when I am going through the git log on terminal!!5