Admin: "Wait, I noticed unusual traffic."

Me: "What is it?"

Admin: "Looks like we have a bot here."

Me: "A bot? Didn't know we are so popular."

Admin: "It makes constantly login requests through our API, it already surpassed 600.000! I will ban it right away."

Me: "wait, that just sounds like my bot.."

Admin: "DUDE, WTF? ARE YOU SERIOUS?"

When there is bug, you don't know of, it can end up quite embarrassing.

Bossman freaks out over every little thing (ironically unless it's important).

Bossman also just set our papertrail 500 filter to forward him a copy of every "critical alert."

Fuck me.

He has zero technical knowledge and zero reading comprehension. He literally forwarded one and said "This has one lots of info in it. explain it to me." (It was a log usage notification. in plain English. It had maybe three numbers in it.)

There's lots of useless "500"s in the list we don't care about. API Guy used the finer as a debugging alert system, and peppered his logs with "500 internal hey look at this." In fact, none of the 500s were even interesting; all but one was spam.

All day I've been tending to freakouts and accusations of me not doing anything. Ugh.

Never gonna happen:

* Port our API to graphql. Or even make it just vaguely rest-compliant. Or even just vaguely consistent.
* Migrate from mysql to postgres. Or any sane database.
* Switch codebase from PHP to... well, anything else.
* Teach coworkers to not commit passwords, API keys, etc.
* Teach coworkers to write serious commit messages instead of emoji spam
* Get a silent work environment.
* Get my office to serve better snacks than fermented quinoa spinach bars and raw goat milk kale smoothies
* Find an open source IDE with good framework magic support. Jetbrains, I'll give you my left testicle if you join the light side of the force.
* Buy 2x3 equally sized displays. I'm using 6, but they're various sizes/resolutions.
* Master Rust.
* Finish building my house. I completely replaced the roof, but still have to dig out a cellar (to hide my dead coworkers).
* Repair/replace the foundation of my house (I think Rust is easier)
* Get slim and muscular.

Realistically:

* Get a comfortable salary increase, focus more on platform infrastructure, data design, coaching
* Get fat(ter). Eating, sitting, gaming, coding and sleeping are my hobbies after all.
* Save up for the inevitable mental breakdown-induced retirement.

The nightmare continues.

Currently dealing with a code review from a “principal” dev (one step above senior), who is unironically called a “legendary dev” by some coworkers. It’s painfully obvious he didn’t read the code, and just started complaining and nitpicking.

It’s full of requests to do things that make absolutely no sense, and would make the code an unmaintainable mess.
• Ex: moving the logic and data collection from the module’s many callers into the module instead of just passing in the data.
• Ex: hiding api endpoint declarations by placing them in the module itself, and using magic instance variables to pass data to it. Basically: using global functions and variables instead of explicit declarations and calls.
• Ex: moving the logic to determine which api endpoint to use, for all callers, into the view.

More comments about methods being “too complex” (barely holds water) right next to comments saying “why are these separate? merge them together!”

Incredulously asking how many times I’m checking permissions and how ridiculous it all is. (The answer? Twice.)

Conflating my “permissions” param and method names with a supposedly forthcoming permissions system overhaul, and saying I shouldn’t use permissions because my code will all have to get rewritten. Even if that were true, and it’s likely not, the ticket still needs to use the current permissions. I can’t just ignore them because they might be rewritten someday.

Requests to revert some code cleanup because the reviewer thought the previous heavily-nested and uncommented versions (with code duplication) were easier to read. Unsurprisingly, he wrote them.

On the same ticket, my boss wants me to remove all styling and clientside validation, debouncing, and error messages from a form. Says “success” and “connection failed” messages are good enough. The form in question sends SMS and email using arbitrary user input for addresses. He also says it shouldn’t be denounced on the server, and doesn’t want me to bother checking permissions. Hello, spam!

Related: the legendary dev reviewer says he can’t think of a reason why we would want to disable the feature for consumers, so I should remove the consumer feature flag.

You can’t make this stuff up.

I need to make a confession about my terribly unprofessional project I made. Around two years ago I got thrown for the first time into back end development - I had to work on the project alone. As a very smart man I basically exposed our SMTP server as a nice and very flexible API.

Fortunately it was, by the design, a very short-lived project, taken down from the web completely and for good after around 2 months. I'm still happy I had more luck than brains and nobody used our server as a spam sending service in our name and I have learned a valuable and relatively cheap lesson in security this way.

Stupid javascript.
Stupid hoisting-oblivious "frontend devs."
Stupid browser-specific javascript behavior.
Stupid thrown-together javascript minifier that literally only strips out whitespace and comments.
Stupid poorly-written javascript spamming my api.

Time to rewrite it. Grumble grumble. Soo not how I wanted to spend my morning-turn-afternoon.

Leading to the last but not least:
Stupid me forgetting javascript's quirks.

We got DDoS attacked by some spam bot crawler thing.

Higher ups called a meeting so that one of our seniors could present ways to mitigate these attacks.

- If a custom, "obscure" header is missing (from api endpoints), send back a basic HTTP challenge. Deny all credentials.

- Some basic implementation of rate limiting on the web server

We can't implement DDoS protection at the network level because "we don't even have the new load balancer yet and we've been waiting on that for what... Two years now?" (See: spineless managers don't make the lazy network guys do anything)

So now we implement security through obscurity and DDoS protection... Using the very same machines that are supposed to be protected from DDoS attacks.

When you sign up for an email/api service and the confirmation email they send you goes to the spam folder....

not a good look

Seriously, all these FB groups have bunch of newb members and content creator whores who spam them with these links to their "Free source code VB6 shit", "Inventory System using PHP", and all those sorts of BS.

When was the last time you went to FB to learn something?

And also, some of these folks post their works when they only glued these libraries or some kind of API thingy together made by awesome people yet they get the praise from these kidds!

Many smartphone cameras lack the ability to turn off burst shot mode.

The burst shot feature on smartphone camera software is almost always not helpful, only annoying. All it does is spam the storage with useless near-duplicate photos.

"Then simply don't hold the camera shutter button!"

Sometimes, this happens by accident. Or the phone has an I/O lag in the moment of releasing the shutter button, so the release of the shutter button is not registered and burst mode is initiated after the I/O lag.

The only purpose of burst shot seems to be making many low light photos to find one that is not shaken. Even then, there must be an option to turn it off.

Also, the point-and-shoot intuition of holding the camera shutter button to set focus and exposure, and releasing to capture a photo is far more convenient. On newer phones, that has been replaced with highly annoying burst shots.

"Then use a third-party app that does allow turning off burst mode."

The problem with third-party applications is that they are awfully slow, since they can not be optimized for a specific device like pre-installed camera applications are. This slowness, as one might expect, leads to missed moments.
On some smartphones, third-party applications can not even access all camera features, such as 2160p video recording. Some phones use a proprietary API that can only be accessed with the pre-installed camera app.