A friend needed to test an API so, I told him to download Postman to start testing POST request and he ask if he needed to download Getman for testing the GET ones 🤣

Was lead developer at a small startup, I was hiring and had a budget to add 3 new people to my team to develop a new product for the company.

Some context first and then the rant!

Candidate 1 - Amazing, a dev I worked with before who was under utilized at the previous company. Still a junior, but, she was a quick learner and eager to expand her knowledge, never an issue.

Candidate 2 - Kickass dev with back end skills and extras, he was always eager to work a bit more than what was expected. I use to send him home early to annoy him. haha!

Candidate 3 - Lets call him P.

In the interview he answers every question perfectly, he asks all the right questions and suggests some things I havent even thought of. CTO goes ahead and says we should skip the technical test and just hire the guy, his smart and knows what his talking about, I agree and we hire him. (We where a bit desperate at this stage as well.)

He comes in a week early to pick up his work laptop to get setup before he starts the next week, awesome! This guy is going to be an asset to the company, cant wait to have him join the team - The CTO at this stage is getting ready to leave the company and I will be taking over the division and need someone to take over lead position, he seems like the guys to do it.

The guys starts the next week, he comes in and the laptop we gave him is now a local server for testing and he will be working off his own laptop, no issue, we are small so needed a testing stack, but wasnt really needed since we had procedures in place for this already.

Here is where everything goes wrong!!! First day goes great... Next day he gets in early 6:30am (Nice! NO!), he absolutely smells, no stinks, of weed, not a light smell, the entire fucking office smells of weed! (I have no problem with weed, just dont make it my problem to deal with). I get called by boss and told to sort this out people are complaining! I drive to office and have a meeting with him, he says its all good he understands. (This was Friday).

Monday comes around - Get a call from Boss at 7:30am. Whole office smells like weed, please talk to P again, this cannot happen again. I drive to office again, and he again says it wont happen again, he has some issues with back pain and the weed helps.

Tuesday - Same fucking thing! And now he doesnt want to sign for the laptop("server") that was given to him, and has moved to code in the boardroom, WHERE OUR FUCKING CLIENTS WILL BE VIEWING A DEMO THAT DAY OF THE PRODUCT!! Now that whole room smells like weed, FML!

Wednesday - We send P a formal letter that he is under probation, P calls me to have a meeting. In the meeting he blames me for not understanding "new age" medicine, I ask for his doctors prescription and ask why he didnt tell me this in the interview so I could make arrangements, we dont care if you are stoned, just do good work and be considerate to your co-workers. P cant provide these and keeps ranting, I suggest he takes pain killers, he has none of it only "new age" medicine for him.

Thursday - I ask him to rather "work" from home till we can get this sorted, he comes in for code reviews for 2 weeks. I can clearly see he has no idea how the system works but is trying, I thought I will dive deeper and look at all of his code. Its a mess, nothing makes sense and 50% of it is hard coded (We are building a decentralized API for huge data sets so this makes no sense).

Friday - In code review I confront him about this, he has excuses for everything, I start asking him harder questions about the project and to explain what we are building - he goes quiet and quits on the spot with a shitty apology.

From what I could make out he was really smart when it came to theory but interpreting the theory to actual practice wasnt possible for him, probably would have been easier if he wasnt high all the time.

I hate interview code tests, but learned a valuable lesson that day! Always test for some code knowledge as well even if you hate doing it, ask the right questions and be careful who you hire! You can only bullshit for so long in coding before someone figures out that you are a fraud.

Me: **posts 🔥rant**
Me: **gets flood of devRant notifs**
Coworker: "What push API are you testing?"

😉

"Don't deploy on Friday" is a public admittance that your company either has no CI/CD pipeline, or that all your devs are retarded rhesus monkeys who only wipe their ass if the product manager wrote it as a spec.

If the saying was: "Don't port your whole API to GraphQL on a Friday", or "Don't switch from MySQL to Postgres on a Friday", I would agree.

But you should be able to do simple deploys all the time.

I deployed on Christmas & New Year's eve. I've deployed code while high on LSD, drunk-peeing 2 liters of beer against a tree after a party. I've deployed code from the hospital while my foot was being stitched up. On average, we deploy our main codebase about 194 times a week.

If you can't trust your deploys, maybe instead of posting stupid memes about not deploying on Fridays, you should fix your testing & QA procedures.

My little brother (still in school , learning security and pen testing): i found a bug in a website , it returns an xml file instead of the web page , i reported it to them and i think i'm gonna get rewarded like 2k $ for it .
Me : cool ! Show me .
Him : shows me his phone ...
Me : wait , gotta rant this .

Things have been a little too quiet on my side here, so its time for an exciting new series:

practiseSafeHex's new life as a manager.

Episode 1: Dealing with the new backend team

It's great to be back folks. Since our last series where we delved into the mind numbing idiocy of former colleagues, a lot has changed. I've moved to a new company and taken a step up as a Dev manager / Tech lead. Now I know what you are all thinking, sounds more dull and boring right? Well it wouldn't be a practiseSafeHex series if we weren't ...

<audience-shouting>
DEALING! ... WITH! ... IDIOTS!
</audience-shouting>

Bingo! so lets jump right in and kick us off with a good one.

So for the past few months i've been on an on-boarding / fact finding / figuring out this shit-storm, mission to understand more about what it is i'm suppose to do and how to do it. Last week, as part of this, I had the esteemed pleasure of meeting face to face with the remote backend team i've been working with. Lets rattle off a few facts to catch us all up:

- 8 hour time difference to me
- No documentation other than a non-maintained swagger doc
- Swagger is reporting errors and several of the input models are just `Type: String`
- The one model that seems accurate, has every property listed as optional, including what must be the primary key
- Properties go missing and get removed at the drop of a hat and we are never told.
- First email I sent them took 27 days to reply, my response to that hasn't been answered so far 31 days later (new record! way to go team, I knew we could do it!!!)
- I deal directly with 2 of them, the manager and the tech lead. Based on how things have gone so far, i've nick named them:
1) Ass
2) Hole

So lets look at some example of their work:

- I was trying to test the new backend, I saw no data in QA. They said it wouldn't show up until mid day their time, which is middle of the night for us. I said we need data in our timezone and I was told: a) "You don't understand how big this system is" (which is their new catch phrase) b) "Your timezone is not my concern"

- The whole org started testing 2 days later. The next day a member from each team was on a call and I was asked to give an update of how the testing was going on the mobile side. I said I was completely blocked because I can't get test data. Backend were asked to respond. They acknowledged they were aware, but that mobile don't understand how big the system is, and that the mobile team need to come up with ideas for the backend team, as to how mobile can test it. I said we can't do anything without test data, they said ... can you guess what? ... correct "you don't understand how big the system is"

- We eventually got something going and I noticed that only 1 of the 5 API changes due on their side was done. Opened tickets. 2 days later asked them for progress and was told that "new findings" always go to the bottom of the backlog, and they are busy with other things. I said these were suppose to be done days ago. They said you can't give us 2 days notice and expect everything done. I said the original ticket was opened a month a go *sends link* ......... *long silence* ...... "ok, but you don't understand how big the system is, this is a lot of work"

- We were on a call. Product was asking the backend manager (aka "Ass") a question about a slight upgrade to the new feature. While trying to talk, the tech lead (aka "Hole") kept cutting everyone off by saying loudly "but thats not in scope". The question was "is this possible in the future" and "how long would it take", coming from management and product development. Hole just kept saying "its not in scope", until he was told to be quiet by several people.

- An API was sending down JSON with a string containing a message for the user with 2 bits of data inside it. We asked for one of those pieces to also come down as a property as the string can change and we needed it client side. We got that. A few days later we found an edge case and asked for the second piece of data to be a property too. Now keep in mind, they clearly already have access to them in order to make the string. We were told "If you keep requesting changes like this, you are going to delay the release of the backend by up to 2 weeks"

Yes folks, there you have it, the most minuscule JSON modifications, can delay your release by up to 2 weeks ........ maybe I should just tell product, that they don't understand how big the app is, and claim we can't build it on our side? Seems to work for them

Thats all the time we have for today,

Tune in for more, where we'll be looking into such topics as:

- If god himself was an iOS developer ... not
- Why automate when you can spend all day doing it by hand
- Its more time-efficient to just give everything a story point of 5
- Why waste time replying to emails ... when you can do nothing instead

See you all next week,
practiseSafeHex

!rant
!!git

Who here uses `master` for development?

My boss (api guy) tried to convince me that was normal practice. I gently told him that it sounded crazy and very very bad.

Here's the dev path I'm enforcing on my repos:

(feature branches) -> dev -> qa* -> master -> production*

*: the build server auto-pulls from these branches, and pushes any passing builds to staging/production.

Everyone works on their own feature branches, and when they're happy with their work, they merge it into `dev`. `dev`, therefore, is for feature integration testing. After everything is working well on `dev`, it gets merged into `qa` for the testers to fawn over and beat with sticks. Anything that passes QA gets merged into `master`, where it sits until we're ready to release it. When that time comes (it's usually right away, but not always), `master` gets merged into `production`.

This way, `master` is always stable and contains the newest code, so it's perfect for forking/etc. Is this standard practice, or should I be doing something different?

Also, api guy encourages something he calls "running a racetrack" -- each dev has their own branch (their initials) and they push to that throughout the day. everyone else pulls from it regularly and pushes to their own branch. When anyone's happy with their code, they push from their (updated) branch to `qa` (I insisted on `dev` instead.)

Supposedly this drastically reduces the number of merge conflicts when pushing to an upstream branch due to having a more recent ancestor node?

I don't quite follow that, but it seems to me that merging/pushing throughout the day would just make them happen sooner? idk.

What are your thoughts?

Worst dev team failure I've experienced?

One of several.

Around 2012, a team of devs were tasked to convert a ASPX service to WCF that had one responsibility, returning product data (description, price, availability, etc...simple stuff)
No complex searching, just pass the ID, you get the response.

I was the original developer of the ASPX service, which API was an XML request and returned an XML response. The 'powers-that-be' decided anything XML was evil and had to be purged from the planet. If this thought bubble popped up over your head "Wait a sec...doesn't WCF transmit everything via SOAP, which is XML?", yes, but in their minds SOAP wasn't XML. That's not the worst WTF of this story.

The team, 3 developers, 2 DBAs, network administrators, several web developers, worked on the conversion for about 9 months using the Waterfall method (3~5 months was mostly in meetings and very basic prototyping) and using a test-first approach (their own flavor of TDD). The 'go live' day was to occur at 3:00AM and mandatory that nearly the entire department be on-sight (including the department VP) and available to help troubleshoot any system issues.

3:00AM - Teams start their deployments
3:05AM - Thousands and thousands of errors from all kinds of sources (web exceptions, database exceptions, server exceptions, etc), site goes down, teams roll everything back.

3:30AM - The primary developer remembered he made a last minute change to a stored procedure parameter that hadn't been pushed to production, which caused a side-affect across several layers of their stack.

4:00AM - The developer found his bug, but the manager decided it would be better if everyone went home and get a fresh look at the problem at 8:00AM (yes, he expected everyone to be back in the office at 8:00AM).

About a month later, the team scheduled another 3:00AM deployment (VP was present again), confident that introducing mocking into their testing pipeline would fix any database related errors.

3:00AM - Team starts their deployments.
3:30AM - No major errors, things seem to be going well. High fives, cheers..manager tells everyone to head home.
3:35AM - Site crashes, like white page, no response from the servers kind of crash. Resetting IIS on the servers works, but only for around 10 minutes or so.
4:00AM - Team rolls back, manager is clearly pissed at this point, "Nobody is going fucking home until we figure this out!!"
6:00AM - Diagnostics found the WCF client was causing the server to run out of resources, with a mix of clogging up server bandwidth, and a sprinkle of N+1 scaling problem. Manager lets everyone go home, but be back in the office at 8:00AM to develop a plan so this *never* happens again.

About 2 months later, a 'real' development+integration environment (previously, any+all integration tests were on the developer's machine) and the team scheduled a 6:00AM deployment, but at a much, much smaller scale with just the 3 development team members.

Why? Because the manager 'froze' changes to the ASPX service, the web team still needed various enhancements, so they bypassed the service (not using the ASPX service at all) and wrote their own SQL scripts that hit the database directly and utilized AppFabric/Velocity caching to allow the site to scale. There were only a couple client application using the ASPX service that needed to be converted, so deploying at 6:00AM gave everyone a couple of hours before users got into the office. Service deployed, worked like a champ.

A week later the VP schedules a celebration for the successful migration to WCF. Pizza, cake, the works. The 3 team members received awards (and a envelope, which probably equaled some $$$) and the entire team received a custom Benchmade pocket knife to remember this project's success. Myself and several others just stared at each other, not knowing what to say.

Later, my manager pulls several of us into a conference room
Me: "What the hell? This is one of the biggest failures I've been apart of. We got rewarded for thousands and thousands of dollars of wasted time."
<others expressed the same and expletive sediments>
Mgr: "I know..I know...but that's the story we have to stick with. If the company realizes what a fucking mess this is, we could all be fired."
Me: "What?!! All of us?!"
Mgr: "Well, shit rolls downhill. Dept-Mgr-John is ready to fire anyone he felt could make him look bad, which is why I pulled you guys in here. The other sheep out there will go along with anything he says and more than happy to throw you under the bus. Keep your head down until this blows over. Say nothing."

I'm trying to sign up for insurance benefits at work.

Step 1: Trying to find the website link -- it's non-existent. I don't know where I found it, but I saved it in keepassxc so I wouldn't have to search again. Time wasted: 30 minutes.

Step 2: Trying to log in. Ostensibly, this uses my work account. It does not. Time wasted: 10 minutes.

Step 3: Creating an account. Username and Password requirements are stupid, and the page doesn't show all of them. The username must be /[A-Za-z0-9]{8,60}/. The maximum password length is VARCHAR(20), and must include upper/lower case, number, special symbol, etc. and cannot include "password", repeated charcters, your username, etc. There is also a (required!) hint with /[A-Za-z0-9 ]{8,60}/ validation. Want to type a sentence? better not use any punctuation!

I find it hilarious that both my username and password hint can be three times longer than my actual password -- and can contain the password. Such brilliant security.

My typical username is less than 8 characters. All of my typical password formats are >25 characters. Trying to figure out memorable credentials and figuring out the hidden complexity/validation requirements for all of these and the hint... Time wasted: 30 minutes.

Step 4: Post-login. The website, post-login, does not work in firefox. I assumed it was one of my many ad/tracker/header/etc. blockers, and systematically disabled every one of them. After enabling ad and tracker networks, more and more of the site loaded, but it always failed. After disabling bloody everything, the site still refused to work. Why? It was fetching deeply-nested markup, plus styling and javascript, encoded in xml, via api. And that xml wasn't valid xml (missing root element). The failure wasn't due to blocking a vitally-important ad or tracker (as apparently they're all vital and the site chain-loads them off one another before loading content), it's due to shoddy development and lack of testing. Matches the rest of the site perfectly. Anyway, I eventually managed to get the site to load in Safari, of all browsers, on a different computer. Time wasted: 40 minutes.

Step 5: Contact info. After getting the site to work, I clicked the [Enroll] button. "Please allow about 10 minutes to enroll," it says. I'm up to an hour and 50 minutes by now. The first thing it asks for is contact info, such as email, phone, address, etc. It gives me a warning next to phone, saying I'm not set up for notifications yet. I think that's great. I select "change" next to the email, and try to give it my work email. There are two "preferred" radio buttons, one next to "Work email," one next to "Personal email" -- but there is only one textbox. Fine, I select the "Work" preferred button, sign up for a faux-personal tutanota email for work, and type it in. The site complains that I selected "Work" but only entered a personal email. Seriously serious. Out of curiosity, I select the "change" next to the phone number, and see that it gives me four options (home, work, cell, personal?), but only one set of inputs -- next to personal. Yep. That's amazing. Time spent: 10 minutes.

Step 6: Ranting. I started going through the benefits, realized it would take an hour+ to add dependents, research the various options, pick which benefits I want, etc. I'm already up to two hours by now, so instead I decided to stop and rant about how ridiculous this entire thing is. While typing this up, the site (unsurprisingly) automatically logged me out. Fine, I'll just log in again... and get an error saying my credentials are invalid. Okay... I very carefully type them in again. error: invalid credentials. sajfkasdjf.

Step 7 is going to be: Try to figure out how to log in again. Ugh.

"Please allow about 10 minutes" it said. Where's that facepalm emoji?

But like, seriously. How does someone even build a website THIS bad?

aslkfjasf. i've spent 12 hours today (and lots more over the past two days) trying to reproduce a bug that my [sort of] coworker insists is present. I haven't seen any proof of it anywhere, let alone steps to reproduce it.

I've poured through the code, following all of its tangled noodles of madness from start to fuck-this-shit. I've read and reread the pile of demon excrement so many times i can still read the code when i close my eyes. so. not. kidding.

anyway, the coworker person is getting mad because i haven't fixed the bug after days, and haven't even reproduced it yet. This feature is already taking way too fucking long so I totally don't blame him. but urghh it's like trying to unwind a string someone tied into a tight little ball of knots because they were bored.

but i just figured out why I haven't been able to reproduce it.

the stupid fucking unreliable dipshit ex-"i'm a rockstar and my code rocks"-CTO buffoon (aka API Guy, aka the `a=b if a!=b`loody pointless waste of mixed spaces and tabs) that wrote the original APIs ... 'kay, i need to stop for breath.

The dumbfuck wrote the APIs (which I based the new ones on mostly wholesale because wtf messy?), but he never implemented a very fucking important feature for a specific merchant type. It works for literally every type except the (soon-to-be) most common one. and it just so happens that i need that very specific feature to reproduce this bug.

Why is that one specific merchant type handled so differently? No fucking idea.

But exactly how they're handled differently is why I'm so fking pissed off. It's his error checking. (Some) of his functions return different object types (hash, database object, string, nullable bool, ...) depending on what happened. like, when creating a new gift, it (eventually...) either returns a new Gift object or a string error basically saying "ahhh everything's broken again!" -- which is never displayed, compared against, or recorded anywhere, ofc. Here, the API expects a Hash. That particular function call *always* returns a Hash, no matter what happens in the myriad, twisting, and interwoven branches the code could take. So the check is completely pointless.

EXCEPT. if an object associated with another object associated with the passed object (yep) has a type of 8. in which case, one of the methods in the chain returns a PrintQueue that gets passed back up the call stack. implicitly, and nested three levels in. ofc.

And if the API doesn't get its precious Hash, it exclaims that the merchant itself is broken, and tells the user to contact support. despite, you know, the PrintQueue showing that everything worked perfectly. In fact, that merchant's printer will be happily printing away in the background.

All because type checking is this guy's preferred method of detecting errors. (Raise? what's that? OOP? Nah, let's do diverging splintered-monolithic with some Ruby objects thrown in.)

just.
what the crap.

people should keep their mental diarrhea away from their keyboards.

Anyway. the summary of this long-winded, exhaustion-fueled tirade is that our second-most-loved feature doesn't work on our second-most-common merchant type.

and ofc that was the type of merchant i've been testing on. for days. while having both a [semi] coworker and my boss growing increasingly angry at me for my lack of progress.

It's also a huge feature, and the boss doesn't understand that. (can't or won't, idk)

So.
yep.
that's been my week.

...... WHAT A FUCKING BUFFOON!

Friend of mine killed his MacBook with some Softdrink.

Just poured it all over his poor a1502.

He let it dry for a few days, it starts to work again.
Except the battery.

Goes on Amazon and buys a new battery.

New battery doesn't work either and so he tells me about it and I as stupid as I am couldn't resist the temptation to finally work on a MacBook like my "hero" Lois Rossmann does.

So turns out the board is good.
Cleaned it up and basically nothing happened to it.

So what's the deal with "los batlerias"?

The first got hit by liquid, the second had a broken connection to a cell.
That could have happened through my friend, installing it without testing it first, or at the seller, so it being a DOA battery.

Now away from the stupidity of my friend and the situation to the actual source for this rant.

Once something happens to a modern Managed battery, the Battery Management System (BMS) disconnects the voltage from the system and goes into an error state, staying there and not powering anything ever again.
For noobs, it's dead. Buy a new one.

But It can be reset, depending you know how to, and which passwords were set at the factory.
Yes, the common Texas instruments BQ20Zxx chips have default passwords, and apple seems to leav them at default.

The Usb to SMBus adaptors arrived a few days ago and I went to prod the BMS.

There is a very nice available for Windows called BE2works, that I used the demo of to go in and figure out stuff. The full version supports password cracking, the demo not.

After some time figuring out how Smart Battery Systems (SBS) "API" works, I got to actually enter the passwords into the battery to try get into manufacturer and full access mode.

Just to realise, they don't unlock the BMS.

So, to conclude, my friend bought a "new" battery that was most likely cut out of a used / dead macbook, which reports 3000mah as fully charged instead of the 6xxx mah that it should have, with 0 cycles and 0hours used.
And non default access.

This screams after those motherfuckers scaming the shit out of people on Amazon, with refurb, reset, and locked fucken batteries.

I could kill those people right now.

Last but not least,
My friend theoretically can't send it back because I opened the battery to fix the broken connection.
Though maybe, it'll get send back anyway, with some suprise in the package.

I wrote a database migration to add a column to a table and populated that column upon record creation.
But the code is so freaking convoluted that it took me four days of clawing my eyes out to manage this.
BUT IT'S FINALLY DONE.
FREAKING YAY.

Why so long, you ask? Just how convoluted could this possibly be? Follow my lead ~

There's an API to create a gift. (Possibly more; I have no bloody clue.)
I needed the mobile dev contractor to tell me which APIs he uses because there are lots of unused ones, and no reasoning to their naming, nor comments telling me what they do.

This API takes the supplied gift params, cherry-picks a few bits of useful data out (by passing both hashes by reference to several methods), replaces a couple of them with lookups / class instances (more pass-by-reference nonsense). After all of this, it logs the resulting (and very different) mess, and happily declares it the original supplied params. Utterly useless for basically everything, and so very wrong.

It then uses this data to call GiftSale#create, which returns an instance of GiftSale (that's actually a Gift; more on that soon).

GiftSale inherits from Gift, and redefines three of its methods.

GiftSale#create performs a lot of validations / data massaging, some by reference, some not. It uses `super` to call Gift#create which actually maps to the constructor Gift#initialize.

Gift#initialize calls Gift#pre_init (passing the data by reference again), which does nothing and returns null. But remember: GiftSale inherits from Gift, meaning GiftSale#pre_init supersedes Gift#pre_init, so that one is called instead. GiftSale#pre_init returns a Stripe charge object upon success, or a Gift (and a log entry containing '500 Internal') upon failure. But this is irrelevant because the return value is never actually used. Pass by reference, remember? I didn't.

We're now back at Gift#initialize, Rails finally creates a Gift object using the args modified [mostly] in-place by all of the above.

Another step back and we're at GiftSale#create again. This method returns either the shiny new Gift object or an error string (???), and the API logic branches on its type. For further confusion: not all of the method's returns are explicit, and those implicit return values are nested three levels deep. (In Ruby, a method will return the last executed line's return value automatically, allowing e.g. `def add(a,b); a+b; end`)

So, to summarize: GiftSale#create jumps back and forth between Gift five times before finally creating a Gift instance, and each jump further modifies the supplied params in-place.

Also. There are no rescue/catch blocks, meaning any issue with any of the above results in a 500. (A real 500, not a fake 500 like last time. A real 500, with tragic consequences.)

If you're having trouble following the above... yep! That's why it took FOUR FREAKING DAYS! I had no tests, no documentation, no already-built way of testing the API, and no idea what data to send it. especially considering it requires data from Stripe. It also requires an active session token + user data, and I likewise had no login API tests, documentation, logging, no idea how to create a user ... fucking hell, it's a mess.)

Also, and quite confusingly:
There's a class for GiftSale, but there's no table for it.
Gift and GiftSale are completely interchangeable except for their #create methods.

So, why does GiftSale exist?
I have no bloody idea.
All it seems to do is make everything far more complicated than it needs to be.

Anyway. My total commit?
Six lines.
IN FOUR FUCKING DAYS!

AHSKJGHALSKHGLKAHDSGJKASGH.

As a Java developer, reasons to kill other programmers:

- static mutable variables
- WRITING to static mutable variables
- API call with Framework X didn't work. Add Framework Y along with X and try that. Wrap X in try/catch statement. Catch block fires framework Y.
- six, seven, ten levels of nested code. Zero thought put in organization
- 6K LOC Java files
- spring (singleton? Maybe) object assigning values in static mutable (see pt.1)
- a couple of unit tests in code base that no longer work. Zero unit tests in new code
- unit testing disabled in CI pipeline
- empty catch blocks
- pass mutable data between threads. Modify in various places concurrently.

Long story short, I'm unofficially the hacker at our office... Story time!

So I was hired three months ago to work for my current company, and after the three weeks of training I got assigned a project with an architect (who only works on the project very occasionally). I was tasked with revamping and implementing new features for an existing API, some of the code dated back to 2013. (important, keep this in mind)

So at one point I was testing the existing endpoints, because part of the project was automating tests using postman, and I saw something sketchy. So very sketchy. The method I was looking at took a POJO as an argument, extracted the ID of the user from it, looked the user up, and then updated the info of the looked up user with the POJO. So I tried sending a JSON with the info of my user, but the ID of another user. And voila, I overwrote his data.

Once I reported this (which took a while to be taken seriously because I was so new) I found out that this might be useful for sysadmins to have, so it wasn't completely horrible. However, the endpoint required no Auth to use. An anonymous curl request could overwrite any users data.

As this mess unfolded and we notified the higher ups, another architect jumped in to fix the mess and we found that you could also fetch the data of any user by knowing his ID, and overwrite his credit/debit cards. And well, the ID of the users were alphanumerical strings, which I thought would make it harder to abuse, but then realized all the IDs were sequentially generated... Again, these endpoints required no authentication.

So anyways. Panic ensued, systems people at HQ had to work that weekend, two hot fixes had to be delivered, and now they think I'm a hacker... I did go on to discover some other vulnerabilities, but nothing major.

It still amsues me they think I'm a hacker 😂😂 when I know about as much about hacking as the next guy at the office, but anyways, makes for a good story and I laugh every time I hear them call me a hacker. The whole thing was pretty amusing, they supposedly have security audits and QA, but for five years, these massive security holes went undetected... And our client is a massive company in my country... So, let's hope no one found it before I did.

Warning: contains swearwords!

Do you guy's also have coder-"friend" that:
- Always asks how to do things
- ask for code snippets
- steals your fucking code from Anydesk
- steals your passwords while testing
- steals your code from deobfuscated jar
- steals your jar and deobfuscate it
- steals your database to store stolen passphrases
- tries to convince you to build RATs for your users
- tries to convince you to build RATs for his users
- and so on...

??FOR FUCKING REAL THIS ISN'T EVEN ALL THAT HAPPENED TO ME!

HE IS A FUCKING SUCKER CUNT! HE PROMISED ME MULTIPLE TIMES THAT HE DELETED MY PROJECTS AND TELLS ME HE IS STILL USING THEM TO RESEARCH MY CODE FOR HIS CODE!!!

HE FUCKING RECORDED ME WHILE CODING WITH AN API I AM NOT USED TO WHILE I ASK HIM FREQUENTLY BECAUSE I HAVE NO CLUE AND HE THEN SENDS IT TO HIS FRIENDS TO PISS ME OF AND LAUGH ABOUT ME!!

WHAT THE FUCK IS WRONG WITH PEOPLE WHY THE FUCK ARE ASSHOLES LIKE HIM NOT IN FUCKING PSYCHIATRY!

AND I CAN'T GET RID OF HIM BECAUSE I AM TOO FUCKING NICE!!

FOR GODS SAKE PLS LET A LIGHTNING STRIKE HIT HIM IN HIS FUCKING FACE!

AT FUCKING LEAST I GOT SENT AN IMAGE OF HIS ADDRESS SO I WILL SHIT IN A FUCKING BOX AND SEND IT TO THAT CUNT!

Somebody asked me my API doc.
I don't have any API at all.

I will lie, and I'll write a swagger specification in few hours and I'll send them.

They will try to read it and understand, and after maybe a week, when they will ask for testing and endpoint I'll pretend to be on holiday for 2 weeks.

3-4 weeks gone already, I checked they should be on holiday by then. Only then, I'll answer with a fake endpoint with fake data.

I'll get another 2 weeks if I'm lucky.
When they discover about fake data, I'll say there is a bug.

In total if I play well, I have 2/2.5 months to implement some kind of API server with some more or less true implementation.

Thanks to Swagger. Swag

My devGoals for 2018:
- Build a RESTful API with NodeJS just for learning.
- Finish my first product (electronics sideproject).
- Convert more people to use CraftCMS or at least not use Joomla or WP.
- Get a raise.
- Add Continuous Integration to more projects.
- Add more unit testing where appropriate.
- Create and release a mobile app.

To be continued...
*playing to be continued meme sound*

!!office drama

I haven't been around much in recent weeks. Due to family illness, christmas shopping, dealing with estranged parents, and brooding over the foregoing, I haven't had a lot of time or energy left to myself.

tl;dr: The CTO ("API Guy") is ostensibly getting fired, and I might be taking over his job. I don't know if I should accept, try to stave this off, or simply flee.

------

Anyone who has been following my recent rants knows that API Guy is my boss, and he often writes terrible code. It's solid and unbreakable, but reading it is a *nightmare.* One of our applications is half the length of Leo Tolstoy's War and Peace, and it's difficult to tell what code is live and what amounts to ancient, still-active landmines. This is one application; we have several, most of which I've never even looked at.

Ostensibly the code is so terrible because the company grew extremely quickly, and API Guy needed to cram in lots of unexpected / planned-against features. From what I can see, that seems about right, but I haven't checked timeframes [because that's a lot of work!].

Here's a brief rundown of the situation.
- API Guy co-founded the company with the CEO.
- CEO and API Guy have been friends for a long time.
- CEO belives the company will fail with API Guy as head of tech.
- They could just be testing me; I have zero way of knowing. API Guy seems totally oblivious, and CEO seems sincere, so this feels pretty doubtful.
- CEO likes pushing people around. CEO believes he can push me around. API Guy doesn't budge. (I probably won't, either, except to change task priorities.)
- API Guy's code is huge and awful, but functional.
- API Guy is trying to clean up the mess; CEO doesn't understand (maybe doesn't care).
- Literally nobody else knows how the code works.
- Apart from API Guy and myself, the entire company is extroverted sales people.
- None of these sales people particularly like me.
- Sales people sell and sell and sell without asking development if they can pull enough magic features out of their hat to meet the arbitrary saleslines. (because the answer is usually no)
- If I accept, I would be the sole developer (at first) and responsible for someone else's mountain of nightmarish code, and still responsible for layering on new features at the same pace as he. Pay raise likely, but not guaranteed.
- My getting the position is contingent upon the CEO and the investors, meaning it's by no means guaranteed.
- If I don't accept, likely API Guy will be replaced with someone else of unknown ability, who doesn't know the code, and whom I must answer to regardless. Potentially OK, potentially a monumental disaster.

Honestly, it feels like I'm going to be screwed no matter what course I choose.

Perhaps accepting is slightly better?

The best would be to assume the position of CTO and keep API Guy around -- but that would feel like an insult to him. I doubt he'd be okay with it. But maybe. Who knows? I doubt the CEO would seriously consider that anyway.

I feel like a lamb between a dim, angry rhino, and an oblivious one.

Series of events between me (Mi) and dude in office (DIO).

Instance 1
DIO: There is not psql installed on staging.
Mi: Install it.
DIO: YUM is not working.
Mi: *tries yum it works* It is
DIO: Oh. Didn't work earlier.
Mi: *blank* Make sure you install 9.6
DIO: Cannot find psql
Mi: *types psql, it is already installed*
DIO: Oh, didn't work earlier.

Instance 2
DIO: Made this change to the API, the endpoint is not returning the right value
Mi: *restarts server, shit starts working*
DIO: I am pretty sure I did that, don't know what happened.

Instance 3
DIO: Cannot alter role to give login to this db user.
MI: *runs alter role db_user with login* works
DIO: Don't know why it wasn't working before.

Instance 4
DIO: I have been stuck on this test for the past 1 day, cannot get the API to return the right data while the Rest Endpoint works fine.
Mi: You are hitting the wrong endpoint in the test.
DIO: Oh, I put an extra 's'
Mi: BTW you are testing Spring-Boot with that test and nothing else.
DIO: Yes but what if Spring Boot has a bug?
Mi: ok.

FUCKING TELEGRAM FUCK YOU STAY IN YOUR FUCKING API DOCUMENTATION AND STOP FUCKING TESTING YOUR SHIT ON A PRODUCTION SYSTEM WHY WOULD YOU DO THAT FUCK OFF WHY AM I EVEN DEVELOPING SHIT FOR YOUR PLATFORM ANYMORE WHEN FOLLOWING YOUR DOCUMENTATION LEADS TO FUCKING ERRORS AND WE HAVE TO DECOMPILE AND REVERSE ENGINEER YOUR FUCKING "OPEN SOURCE" APPS BECAUSE YOU DONT EVEN BOTHER TO FUCKING UPDATE THE SOURCE CODE ONCE A YEAR WHAT THE FUCK

Thank you for your attention

Hi,
I'm not a ranty person so I never actually thought I'd post anything here but here it goes.

From the beginning.
We use ancient technologies. PHP 5.2, Symfony 1.2 and a non RFC complient SOAP with NO documentation.
A year ago We've been thrown a new temporary project. An VOIP app for every OS.
That being iOS, Android, MAC, PC, Linux, Windows mobile. With a 3 month deadline. All that thrown at 4 PHP developers. The idea being that They'll take it, sign the delivery protocol, everyone happy. No more updates for the app needed. They get their funds they needed the app for and we get paid.

Fast forward to today...

Our dev team started the year with great news that We'll most likely have to create a new project. Since the amount of new features would be far greater than current feature set, we managed to finally force our boss to use newer technologies (ie. seperate backend symfony4 PHP7+/frontend react, rest api and so on). So we were ecstatic to say the least. With preestimates aimed at a minimum 3 month development period. Since we're comfortable with everything that needs to be done.
Two days later our boss came to me that one of our most annoying clients needs a new feature. Said client uses ancient version written on a napkin because They changed half of the specification 2 weaks before deadline in a software made not by a developer but some sysadmin who didn't know anything. His MVC model was practically VVV model since he even had sql queries in some views. Feature will take 3 days - fixing everything that will break in the meantime - 1-2 months.
F*** it, fine. A little overtime won't kill me.
Yesterday boss comes again... Apparently someone lost a delivery protocol for a project we ended that half a year ago. Whats even better at the time when we asked for hardware to test we never got any. When we asked about any testing enviornment - nothing. The app being SEMI-stable on everything is an overstatement but it was working on the os'es available at the time. Since the client started testing now again, it turns out that both Android app does not work on 8.1/9 and the iOS app does not work on ios12. The client obviously does not want to pay and we can do little with it without the protocol, other than rewriting the apps.
It will take months at least since all of those apps were written by people that didn't know neither the OS'es nor the languages. For example I started writing the iOS one in swift. Only to learn after half of the development time, that swift doesn't like working by C Library rules and I had to use ObjC also. With some C thrown in due to the library. 3 unknown languages, on an unknown platform in 3 months. I never had any apple device in my hand at that time nor do I intend to now. I'm astonished it worked out then. It was a clusterf**k of bad design and sticking everything together with deprecated apis and a gum. So I'll have to basically fully rewrite it.

If boss decides we'll take all those at the same time I'll f***ing jump of a bridge.

Manager: I want the front ends to be more dumb, too much logic is happening on the frontend.

Me: both of the sites are just multi step forms, I’m confused about the complexity part.

Manager: yea but don’t we have a bunch of third party api calls?

Me: we have 4 and they are public facing apis.

Manager: yea, make a new api and move this api calls to the backend and I want both frontend teams to send the same shape payload.

Me: but…

Manager: oh and I don’t like how the business team does the a/b testing and splitting traffic, let’s move that to the backend as well.

Me: but… that a/b testing platform they use in ran by another team and they have a full set of features for business analytics…

Manager: yea let’s just replicate those features and move them to the backend.

Me: but it’s a product!

Manager: look! You are the best backend engineer we got! I know you can do this!

Me: I lead the frontend teams…

Manager: ….

Manger: good news we are giving you a promotion with raise you are now a senior engineer.

Me: I confused but happy… I think..

Frequently used answers :)

UI developer - I think API is not working
Backend developer - Front end is not sending the request correctly
Tester - Testing! Testing!
UI/UX - As per android/ios standards...
QA - Let me check one more time
PM - Let us have another meeting and get on the same page
Dev-Ops - It's very complicated you know
CTO - We're working on a next-gen solution
Founder - Let us build something that no one has built, something similar to what google...facebook...

Cridits: My EX-CPO

Freelance project I was working on was deployed. Without my knowledge. At 11pm. Their in-house "tech guy" thought that the preview build i gave them was good enough for deployment. Massive bug, broke their api endpoints.
Got a call at 2 in the morning,asking for a fix. I told them how it was their fault and the App they deployed had TESTING written right on the main screen.
They promised additional payment to get me to fix it asap.
Went through the commit history (thank goodness their tech guy knew git, fuck him for committing on production though) and the crash reports.
Removed three lines. All became right with the world again. 😎

I shit you not. This this a job qualifications qualifications entry level on LinkedIn.

7+ years working as part of a development team and with the following technologies:
Node.js Typescript and Java-based, microservice-driven applications using Spring Boot or similar framework
RESTful API design / microservice architectures
MongoDB or any other NoSQL DB
Message queues e.g. RabbitMQ, Kafka etc.
Modern MV*(MVC, MVVM, etc..) frameworks e.g. React, Angular, Vue etc.
JavaScript and design patterns, CSS and HTML
Modern CSS and view libraries e.g. RxJS, Angular Material, Typescript, JS ES6 etc.
Unit and UI testing using third party tools e.g. Jest, Cucumber, Groovy & Spock, etc.
Bachelor's degree in computer science or related field

I wrote a todo list program, which also is my first self written api. Currently load testing. Server is ok.

Had an idea for an app. I started writing the prototype in Node since I just had a simple API in mind. Wanted to have some very basoc crud functionality going and then hook up a nice interface to it. It has to do with logistics and analytics so I just wanted to start sketching something small, and being that i have been successful in doing an API like this in the pass with node and mongo for a local company I said why not.

I have finished a good chunk of it. Gotta love that js productivity. But what tripped me out about it was:

Check how big the folder size is: 387mb

EXCUSE ME??!!

I tripped, there was no way in hell this shit was that heavy. I am basically using Koi(to give it a whirl instead of express, gotta start testing koi sometimes right?) And some joi with morgan and winston. That is it. I am using mongo since legit its the only one i know, even with that there really can't be that much right?

Check node_modules size.....10mb....wtf? What
Wait
Did it?

Sure as shit....forgot that i was storing the mongo data folder inside the app's root folder.

This would have been nothing if it would have taken me 30 seconds to figure it out.

I was losing my mind for 30 mins before i decided to properly verify

I need some sleep

Not ONLY does the new code a coworker wrote straight up not work (and they somehow managed to merge it to master) but it also broke an entirely unrelated endpoint due to an abstraction they tried to make. Very clear they didn't even run their code at all.

I'm having an existential crisis with this client.

We are spending millions of $s every year to make sure the product's performance is perfect. We are testing various scenarios, fine-tuning PLABs: the environment, application, middleware, infra,... And then we provide our recommendations to the client: "To handle load of XX parallel users focusing on YY, yy and Zy APIs, use <THIS> configuration".

And what the client does?
- take our recommendations and measure the wind speed outside
- if speed is <20m/s and milk hasn't gone bad yet, add 2x more instances of API X
- otherwise add 3xX, 1xY and give more CPUs to Z
- split the setup in half and deploy in 2 completely separate load-balanced prod environments.
- <do other "tweaking">

- bomb our team with questions "why do we have slow RTs?", "why did the env crash?", "why do we have all those errors?", "why has this been overlooked in PLABs?!?"

If you're improvising despite our recommendations, wtf are we doing here???

One day I will crack. Hopefully, not sometime soon.

Just spent 30 minutes confused as hell because an API call I wrote just randomly stopped working.

Forgot that I hardcoded an ID for testing purposes and then ended up creating a new object with a new ID.

Needless to say... they didn't match. Explains why my query retrieved zero results.

Not sure if it was 2016 or late 2015, but it's a fun story anyway (and if it's not you'll at least learn something from it).

Back at the time I was quite new to unit testing (weird how it has become second nature in a years time). I was writing some software that was supposed to send out some SMS to customers. Of course this had to be tested. However, it was a bit difficult to test (or so I thought) without actually receiving an SMS to know if it was sent. So I decided to use the live API key to make sure the sending of SMS was actually working correctly. I tried it a few times but didn't receive an SMS. So I kept working on it and running tests.

The testing setup I had at the time was just a continues loop that went through all tests to make sure it all still worked (I've moved to only checking on file changes now, but that is besides the point). Keep in mind I was still running these tests, in a loop, with the _live_ API key.

So the end of the working day arrives and I go home and sit in the train. All of the sudden I receive some test SMS. I was thinking "hey nice, it did work". Then I started receiving more. It soon turned out to be an alarmingly big amount of SMS. It stopped around 100, but don't think that was the end of it. Oh no. I had changed the number to send the SMS to from my own number to a different number (+31612345678 to be exact, which I found out later isn't an actual phone number. I really hope I was right about that). I was beginning to become nervous, but there wasn't much I could do.

The next day I returned to work and checked the API for sent SMS. Turns out I had sent a couple of thousand (I think between two and three thousand) SMS in a couple of hours. Most of them to the test number I had supplied.

This probably cost the company a couple of hundred euros. Luckily my colleagues and team leader all thought it was pretty funny, but did tell me not to do it again. And I haven't of course.

Lesson learned: don't use live API keys during testing (among other things :)).

So yeah that was probably my worst dev experience.

Spent a lot of time designing a proper HTTP (dare I even say RESTful) API for our - what is until now a closed system, using a little-known/badly-supported message-over-websocket protocol to do RPC-style communications - supposedly enterprise-grade product.

I make the API spec go through several rounds of review with the rest of the dev team and customers/partners alike. After a few iterations, everybody agrees that the spec will meet the necessary requirements.

I start implementing according to spec. Because this is the first time we're actually building proper HTTP handling into the product, but we of course have to make it work at least somewhat with the RPC-style codebase, it's mostly foundational work. But still, I manage to get some initial endpoints fully implemented and working as per the spec we agreed. The first PR is created, reviews are positive, the direction is clear and what's there already works.

At this point in time, I leave on my honeymoon for two weeks. Naturally, I assume that the remaining endpoints will be completed following the outlines/example of the endpoints which I built. When I come back, the team mentions that the implementation is completed and I believe all is well.

The feature is deployed selectively to some alpha customers to start validation testing before the big rollout. It's been like that for a good month, until a few days ago when I get a question related to a PoC integration which they can't seem to get to work.

I start investigating and notice that the API hasn't been implemented according to the previously agreed upon spec at all. Not only did the team manage to implement the missing functionality in strange and some even broken ways, they also managed to refactor my previously working endpoints into being non-compliant.

Now, I'm a flexible guy. It's not because something isn't done exactly as I've imagined it that it's automatically bad. However, I know from experience that designing a good/clear/future-proof API is a tricky exercise. I've put a lot of time and effort into deliberate design decisions that made up the spec that we all reviewed repeatedly and agreed upon. The current implementation might also be fine, but I now have to go over each endpoint again and reason about whether the implementation still fulfills the requirements (both soft and hard) that we set out to meet.

I'm met with resistance, pushback and disbelief from product management and dev co-workers alike when I raise the concern that the API might actually not be production-ready (while I'm frantically rewriting my integration tests and figuring out how the actual implementation works in comparison to what was spec'ed).

Oh, and did I mention that product management wants to release this by end-of-week?!

*Me testing my api with vue.js*

Me: can you please update salesforce content and add new image.

Coworker: Done,image updated:

Me: did you click the sync button? Image seems to be not loading.

Co-worker: why don't you clear your browsing history and clear your cache.

Me: (talking to myself: you are asking me to clear my cache? ME? ME? ME?) Smiles back to coworker.

Co-worker: Did it work?

Me: Nope! Seems to it that you have not sync the content on salesforce. Please hit the sync button.

Co-worker: I did!

Me: I ask co-worker B he said content is not sync.

Alright so I have to create an API that communicates with a web interface and three different back end systems. And I think my customer might have thought that I am actually Jesus because they didn't have any docs for their systems and their policy did not allow me to gain access to their internal testing environment (which. Drove. Me. NUTS) and expected me to create this API by pure guesswork basically. After teaching the customer's internal IT guy how to capture requests between the systems I managed to somehow got the prototype working. I am proud and sleepy. ... Mainly sleepy

Just received a test for a job I'm interviewing for. I was interviewing for a C++ position. Practice test: Create an REST API using SpringBoot, Spring Data, document with Swagger and implement continuous integration testing.

To be fair, I also mentioned I'm fluent in Java. But I've never touched SpringBoot or done any backend webdev, since my intention was to never get near it.

Deadline: Sunday. Game on...

I assigned a new task to an intern who has been with us for a month. He was supposed to prepare the testing environment and test the Geolocation API. When it works, then he can start integrating it with our platform and everything.

After a week, he emails me to say that he thinks the Geolocation API doesn't work. I was weirded out by that because a lot of people use it. We scheduled a meeting and asked him for a demo of his code to see what the error message is.

Him: *no Visual Studio, no code, nothing at all* So here it goes.

Me: ????

Him: *Goes to the API documentation, copies the base URL, pastes it to the browser and hits Enter* See? It says 404 not found.

Me: *literally facepalmed*

Now, he is working on sales management. We totally took him off every software developing projects.

Kinda all other devs translate incompetent with a lack of knowledge

i would go with not able to recognize his lack of knowledge

Story 1:
once we had a developer, whom was given the task to try out a REST/Json API using Java

after a week he presented his solution,
2 Classes with actual code and a micro-framework for parsing and generating JSON

so i asked him, why he didn't use a framework like jackson or gson, while this presentation he felt pretty offended by this question

a couple of weeks later i met him and he was full of thanks for me, because i showed him, that there are frameworks like that, and even said sorry for feeling offended

- no incompentence here -

Story 2:
once i had a lead dev, who was so self-confident, he refactored (for no reason but refactoring itself) half the app and commited without trying to compile/run test

but not only once, but on a regular basis

as you may imagine, he broke the application multiple times and blamed the other devs

- incompentence warning-

Story 3:

once i had a dev, which wanted to stay up with the latest versions of his libraries

npm update && commit without trying to compile/testing multiple times

- incompentence warning-

Story 4:

once i had a cto

* thought email-marketing is cutting edge
* removed test-systems completely to reduce costs
* liked wordpress
* sets vm to sleep without letting anyone know

- i guess incompetent alert -

Spending all weekend on research and testing for a new feature, finding the perfect framework for it, going trough the API just to come Monday to work and get told by Project Lead: we can't use it, it is not in our stack.

How can it be in our stack!? We've never done anything like that before!

After three weeks looking for decent pdf parser that will handle all documents I gathered for my project I decided to write my own.
All those I tried end up with more then 10% not correctly parsed pdfs or require to much coding.
I was sceptic so I waited another week debating if it’s good idea to do it and I said yes.

Spent 16 hours straight coding pdf document extraction library and command line tool based on pdf.js

Fuck, now when I open pdf I see opcodes instead of text.

Got two more hours until client planning meeting and then I go to sleep for a while.

Time to start testing this more deeply as I have about 60k ~ 20GB pdf documents to parse and then I need to build some dependency graph out of its text.

At least it’s more funny then making boring REST API for money.

Does most memorable in a bad way count? 🤔

He left almost 2 years ago..or even more.. left a bunch of bugs and logical fuckups for me to fix.. some already fixed, some still lingering there..

I want to not blame him for everything, since we lack proper code review protocols and all.. but I've asked on several occasions if he understands the problem and what must be done..and the answer was always yes..results, after I got time to check up on him, the code he wrote was most probably copy pasted from stack overflow or somewhere else.. butchered in any and every way possible..

And of course already checked in to TFS.. along with bunch of files that were not even changed (he didn't bother to check that and exclude them) + a bunch of files from other projects... Told him to not do that on several occasions too, but he still managed to fuck things up this way.. leaving all the uncommented debugger; crap and alerts in the js files..

On one occasion I was working on new GUI..api part I already finished..got the order from above to delegate this to him as it is not much he can fuck up so I could focus on more important & complex stuff..
Maybe additional 4h of work + testing for everything..
I show him the prepared files, one controller, one view..explained what parts of code goes where etc.. a little short of writing everything myself.. Ask if he understands what needs to be done & how and told him if he has any problems/questions to ask me asap..
Said he understood what needs to be done.. after a day or two he asks me why something is not workig as expected.. I check the files, correct initialization was commented out and all the code was stuffed in the view file.. Took him another day to move the code to proper files.. Not sure about the possible bugs left there as the client later decided that they will not be using this..

I later found out that years of C# experience on his CV was actually a school course.. he didn't even know why the changes on api are not showing up..because he didn't know that he has to build the code..

I mean, if he was honest when asked about experience with .net, we would've taken a month or two to just explain everything from the start..

But as he didn't and based on his CV (much more experience with .net than me) and 'I understand everything' attitude from the start I assumed he knows WTF was he doing..

Boy was I wrong..

He was also more interested in how much I get payed and if I have a company phone etc..than actually doing his job.. I fucking hate chit chat, and this..well.. he didn't get the hints that this is in no way appropriate to ask.. I've told him that if he has problems with his pay and bonuses that he should talk to the management and not me about this..and that I'm only interested in his actual work and progress..

So yeah, I'll definitely be remembering this guy till the day I die..

So here I am testing some python code and writing to a file. No big deal. But damn is it taking a long time to get data back from this API. Ah it's fine I'll let it work in the background.

40 minutes later.

Oh! The requests timed out. No big deal. I'll just cut out the parts that are already done.

1st request in.
I wonder what the file is looking like.
Only showing 1 request.

waitaminute.jpeg

I should have more than that.
*Suddenly realizes that I was writing to the file and not appending.

Fuuuuuuuuuuuuuuuuuuck

Some thoughts about time relations in app dev:

10% - minimal ui & coding main functions
10% - testing
10% - writing web api just for fun
70% - try to "design" an ui

Am I the only one having problems with ui?? 🤔

Testing an attendace machine API one by one so i know what does what.

And there’s an API for wiping all the attendance data stored in the machine.

I didn’t realize it until i push the damn button.

The attendance machine just become fresh like new 😱😨😰

Shit.

A testing session just become an extreme sport.

Thankfully the IT guy has a backup but just up to last month.

Well, it’s better than nothing isn’t it?

He just tell his boss that the machine was run out of memory and the attendance data for the current month were not saved.

And he ask him to buy me some machine for testing.

Yes, i was living on the edge by testing in the production machine.

Things that seem "simple" but end up taking a long ass time to actually deploy into production:

1. Using a new payment processor:

"It's just a simple API, I'll be done in 2 hours"

LOL sure it is, but testing orders and setting up a sandbox or making sure you have credentials right, and then switching from test to life and retesting, and then... fuck

2. Making changes to admin stats.

"'I just have to add this column and remove that one... maybe like a couple of hours"

YOU WISH

3. Anything Javascript

"Hah, what, that's like a button, np"

125 minutes later...

console.log('before foo');
console.log(this.foo)
etc..

I downloaded the self-proclaimed "industries #1 API testing tool".

Within 2 minutes I managed to cause it to completely freeze up, and now I cant close it.

So testing starts in 2 weeks ... lets change the api and micro manage the UI before that 🙄

Our project at work goes live in 3 weeks.

The code base has no automated tests, breaks very often, has never had any level of manual testing

will not be releasing with any form of enforced roles or permissions in our first release now due to no time to enforce, however there is a whole admin api where you can literally change anything in our database including roles.

We also have teams in various countries all working separately on the same solution using microservices with shared nuget packages and they aren't using them properly.

Our pull requests are so big - as much as, 75 file changes - in our fe app that I can't keep up with it and I honestly have no idea if it even works or not due to no automated tests and no time to manually test.

We have no testing team, or qa team of any sort.

Every request into the system has to hit a minimum of 3 different databases via 3 different microservices so 1 request = 4 requests with the load on the servers.

We don't use any file streams so everything is just shoved in the buffer on the server.

Most of the people working on the angular apps cba to learn angular, no one across 2 teams cba to learn git. We use git so they constantly face problems. The guy in charge has 0 experience in angular but makes me do things how he wants architecturally so half the patterns make no sense.

No one looks at the pull requests, they just click approve so they may as well push directly to master.

Unfinished work gets put in for pull request so we don't know if the app is in a release state since aall teams are working independently, but on the same code base.

I sat down and tested the app myself for an hour and found 25 fe only issues, and 5 breaking cross browser issues.

Most of our databases are not normalised. Most of our databases make no sense. 99% of our tables have no indexing since there is no expertise with free time to do it.

No one there understands css properly. Or javascript.

Our. Net core microservices all directly use ef in the controller actions so there is no shared code there.

Our customer facing fe app is not dry because no tests so it was decided it was better this way.

Management has no idea on code state, it seems team lead is lieing to them about things like having any level of tests.

Management hire devs that claim to be experts but then it turns out they have basically no knowledge of what they were hired to do, even don't know what json is or the framework or language they are hired for, but we just leave them to get on with it and again make prs too big to review.

Honestly I have no hope that this will go well now but I am morbidly curious to watch. I've never seen anything like the train wreck that we are about to get experience.

Holy crap, I can't take it anymore.
I know that user acceptance testing is supposed to be done by the end user but it's as if they entirely skipped UNIT TESTING and QUALITY ENGINEERING.
Does their API work? Yes. It does.
Are their endpoints working? Sort of... why are query parameters required again?
Is it good overall? No, there are CORNER CASES ALL OVER THE PLACE (are they even still corner cases at this point?). It feels like it was made by amateurs!
Why am I doing quality testing on their services??? holy crap, they should pay ME for doing this

Rant

I'm tired of this shit!!!

First I receive a task to create a new functionality for the app that I'm working on and some documentation (this is the only good part of all the rant) but no design.

It's been 2 weeks since I got assigned to this and still no design, no assets, no API calls that ACTUALLY WORK.

Today was testing a plist to get a banner link, and for 1 hour that little fucker didn't returned the image I was asking.

Better, I wasn't getting ANY IMAGE. Turns out that the link sends me to a HTML URL that doesn't have any image... go figure!

So I've been working on this from some images inside the PDF with the documentation given.

Oh! Wait! There's more!

The cherry on top is that I'm implementing a chat/voice call/video call into the app and the framework that I will be using is being created now, and it's not even finished!!!!!!

Why is the interviewing process becoming worse over the years?

About 2 years ago I applied for a company and got into 2 interviews: one with the hr to see if I am bsing them and one with the tech people, to be sure I am not using buzzwords without context. Pretty straightforward, could be done in a single interview IMHO, but it's making me waste max 2 weeks.

Fast forward to one year ago: 1 interview with the hr, 1 interview with the tech people, 1 interview with CEO (why? Just.. why?)

Fast forward to today: 1 interview with hr, 1 interview with tech people, 1 interview with the CEO (again... why?), 1 coding assignment which "it's only going to take a couple of hours" and punctually has either poorly documented APIs to rely on or has trick questions/points. So "it takes a couple of hours", but if you want to pass it you need to spend a day on it... (and let's add that they may be using old docker versions so if it doesn't work cause they are using docker 1.0 and it fails too bad, you lost time for nothing, we are not trying to solve it, you just don't pass!).

Not kidding the last assignment I took and dropped required: external API, testing, don't use CSS libraries and make your own CSS, you must use TS and it was supposed to take "3 hours max".

My question is: why? Why is the interviewing process slowly becoming less of a: "I understand that your code may not be perfect for us but that you are a human being able to reason and adapt your code to our standards" and more of a: "You must do everything PERFECTLY and we don't give a sh*t about your time, start giving us your free time and then we see if we want you."

I just keep giving up after I analyze the assignments, cause a part of my brain thinks that if this is the way a professional relationship starts it's too easy to foresee weekend shifts and lots of overtime cause some manager thinks that "come on, it just takes a couple of hours!"

In the mix for today: 5 devs testing MS Teams collaborative drawing for a GaphQL API project structure, with Halloween and coronavirus in mind

Starting to feel like shit about my new job. Every task my boss gives me I return with a "sorry it can't be done" for one reason or another. At first it was because user interface testing is a nightmare, then it was because the API postman tests he wanted is for endpoints we haven't exposed so it can't be done and the automated login on postman and retrieval of cookie information can't be done through postman because it requires rendering the site in a browser. I feel worthless to the company but I also feel he keeps making up tasks for me without checking if they're actually useful to us or even possible first, rather than let me touch any of the real code.. I don't know if I should just quit tbh.

DEI QA: “For step 2 should the checkbox be checked? Or uncheck ?”

… Step 2 of my testing steps reads: “Check it [the checkbox], save it, reload it. The box should still be checked. Repeat to uncheck it, just to be pedantic, then leave it off so we can test the existing behavior.”

🤦🏻‍♀️

DEI QA: “The payment_method_identifier will be in api callback logs if `Return payment method identifier in auth/confirmation callbacks` is checked?”

🤦🏻‍♀️

Me: it does what it says on the tin.

DEI QA: “BTW its a `tin`.”
DEI QA: “In Canada its `Taxpayer Identification Number`”

🤦🏻‍♀️

A "partner" company has created a "REST" API we use on an online shop we developed to send all shop-related requests to.
At least once a month, something fails on their end and the customer calls us every time, expecting that we did something wrong, but it has never been us.
These "partners" do exactly zero testing, are extremely slow in solving API bugs, have almost no logging and have no monitoring on the API at all.
Today at noon, suddenly no customers were able to order anything anymore for 4 hours.

How the fuck can you run a business so unbelievably brainless that this keeps repeating monthly?
Time they fire all their "devs" and everyone in charge of the company and operations. TERMINATE.

We use a third party paid company to produce a service and give ongoing support for it, which all our revenue streams depend upon. They are shit and their service is shit. Here's how my conversation about testing went today.

Me: 'hey X wrote an integration test project for the service. It shows the service is broken 50% of the time. We should give their team access to it and have them run it as part of CI'

Colleague: 'They are too shit to setup CI'

PM: 'we are stuck with them so there is no point. It is what it is'

Boss: just ignores me. Not even a reply.

Some days later

Head of QA: 'Hey Dev and QA are broken'

Me: 'because their service is broken. I made so and so suggestion before but it was rejected. We will just have to accept Dev and QA are broken 50% of the time'

Head of QA: 'no we cant'

Me: 'ok so we should setup the tests to run by giving them access'

Head of QA: 'No we shouldn't. The tests can only be used by us and if they break it tells us so we can act on it, or choose not to'

Me: 'We would not want to act immediately on all our revenue streams breaking? Yes we can reverse engineer their client and fix errors as they occur, or we could just have them run the tests and a team our company pays for can stop adding breaking changes to their own API every other day. Right now it has been broken for 2 weeks.'

Head of QA: 'in an ideal world we would have an internal team so you're wrong'

Me: :)

I really don't understand how they can come to such a conclusion. Am I missing something or am I surrounded by total fucking idiots?

I really hate sales people. My stakeholder wants to buy an address verification service but is hesitant to purchase now because the dev time needed would be substantial. Now the sales rep has planted seeds of doubt in my SH and SH thinks I grossly overestimated the labor I quoted.

Sales rep is all “major corporations have installed this in a weekend.” 🤬🤬🤬 Major corporations also have more than one developer and probably aren’t dealing with a website that has a dozen address forms that all work differently. Oh, and I DON’T WORK WEEKENDS MOFO.

My SH originally requested a labor estimate for installing the AVS on all address forms and that’s what I delivered. My audit revealed a dozen different forms. I’m working with a legacy code base that’s been bandaged together and maintained by an outside dev agency. The only thing the forms have in common is reusable address fields. They all work differently when it comes to validating and submitting data to the server and they all submit to different api endpoints. At least a quarter of those forms are broken and would need to be fixed (these are mostly admin-facing). I also had to provide an estimate on frontend implementation when I have no idea what they want the FE to look like.

My estimate was 5-8 weeks for implementation AND testing. I wrote up my findings and clearly explained the labor required, why it was needed, and the time needed. All was fine until the sales rep tried to get into SH’s head.

My SH is now asking for a new estimate and hoping for 1-2 weeks of labor, which is what will SH to buy the AVS. Then go to the outside dev agency you used to work with and ask for a second opinion. I’m sure they’d also tell you at least month if not more for testing, implementation, and deployment because you have a DOZEN FORMS you want to add this to. 1-2 weeks is only possible for a single form.

My manager doesn’t work in the same coding language I do, but he read my documentation and supports my original estimate.

I honestly want to ask my SH if this sales rep is giving a very good price for the AVS. If not, are there other companies in the mix? Because right now you have a sales rep that’s taking you for a ride and trying to pressure you all so he can get another notch in his belt for getting another “major corporation” as his account. I don’t think it’s a good idea to be locked in with a grimy sales rep.

when youre working on a API and every testCase is all green plus manual testing thru Postman extension is all good..

then makes a web app use that API, authorization works as intended but the token is immedially invalid...

just..how..

Welp, this made my night and sorta ruined my night at the same time.

He decided to work on a new gaming community but has limited programming knowledge, but has enough to patch and repair minor issues. He's waiting for an old friend of his to come back to start helping him again, so this leads to me. He needed a custom backend made for his server, which required pulling data from an SQL/API and syncing with the server, and he was falling behind pace and asked for my help. He's a good friend that I've known for a while, and I knew it wouldn't take to long to create this, so I decided to help him. Which lead to an interesting find, and sorta made my night.

It wasn't really difficult, got it done within an hour, took some time to test and fix any bugs with his SQL database. But this is where it get's interesting, at least for me. He had roughly a few hundred people that did beta testing of the server, anyways, once the new backend was hooked in and working, I realized that the other developer he works with had created a 'custom' script to make sure there are no leaks of the database. Well, that 'custom' script actually begins wiping rows/tables (Depends on the sub-table, some get wiped row by row, some just get completely dropped), I just couldn't comprehend what had happened, as rows/tables just slowly started disappearing. It took me a while of checking, before checking his SQL query logs (At least the custom script did that properly and logged every query), to realize it just basically wiped the database.

Welp, after that, it began to restrict the API I was using, and due to this it identified the server as foreign access (Since it wasn't using the same key as his plugin, even though I had an API key created just so it could only access ranks and such, to prevent abuse) and begin responding not with denied, but with a lovely "Fuck you hacker!" This really made my night, I don't know why, but I was genuinely laughing pretty hard at this response.

God, I love his developer. Luckily, I had created a backup earlier, so I patched it and just worked around the plugin/API to get it working. (Hopefully, it's not a clusterfuck to read, writing this at 2 am with less than an hour of sleep, bedtime! Goodnight everyone.)

OK semi rant... Would like suggestions

Boss wants me to figure out someway to find the maximum load/users our servers/API/database can handle before it freezes or crashes **under normal usage**.

HOW THE FUCK AM I SUPPOSED TO DO THAT WITH 1 PC? The question seems to me to mean how big a DDoS can it handle?

I'm not sure if this is vague requirements, don't know what they're talking about, or they think I can shit gold... for nothing... or I'm missing something (I'm thinking how many concurrent requests and a single Neville melee even with 4 CPUs)

"Oh just doing up some cloud servers"

Uh well I'm a developer, I've never used Chef or Puppet and or cloud sucks, it's like a web GUI, not only do I have to create the instances manually and would have to upload the testing programs to each manually... And set up the envs needed to run it.

Docker you say? There's no Docker here... Prebuilt VM images? Not supported.

And it's due in 2 weeks...

How the hell some devs are releasing to production before passing to QA, Alpha testing, staging at least handle all type of errors and hide your API Keys.

Boss: so we've got to call an app to verify data in this project. But I've got no more info and I'm on holiday next week. Please contact GuyA next week.
Me: ok I guess?
*writes email to GuyA*
GuyB: GuyA is on holiday please hold the line
*1 week later*
GuyA: we need more time it's not ready yet
*2 weeks later?
Me: so?
GuyA: yeah it's ready here's the wsdl etc your client already has the password
*1 week later*
Me: yeah so I got the data but the api says my auth isn't working
GuyB: yeah your user isn't activated on the test system. I'm gonna forward that and come back at you
*1 week later*
GuyA: so we're going live in about 2 weeks hows testing going?
Me: well I'm still waiting for the response and activation
*suddenly it works*
Me: yeah so auth is working but i can't find any data. Is there any special test data?
GuyA: oh no there is NO test data on the test system. You need to wait for GuyB but he us not here today...
Me: are you fking kidding Me?????

... no response since then and it's been days....

In This Rant: A mildly satisfying piece of mind story.

Using code to prove yourself right is a hell of a drug.

A few weeks ago I whipped up a tiny program that downloads configs from hardware we manage. Since the vendor's API documentation is hidden behind a pay wall, my method of extraction is different. It results in bigger files, but testing showed it to still be valid.

Enter today. Interns at work downloaded a config to load onto a spare machine and it won't work.

"TheCapeGreek, your configs don't work"

I was confused since I tested the files when I built it and it worked. I am also currently fleshing out that download utility's features so the fear that I've been wasting the past 2 weeks on improvements is looming.

Last 15 minutes of the day and nothing else to do so I figured I might as well whip up a string comparer. The smaller file's content is scattered in the big file so a direct diff won't work.

Code it all, quick hardcoded proof of concept code, bit it got the job done. I was right, my bigger file is still correct!

Turns out the issue was with the machine they were configuring. They found this out before I finished my test code, so I'm off the hook already, but it was good to have piece of mind haha!

Working on an Android app for a client who has a dev team that is developing a web app in with ember js / rails. These folks are "in charge" of the endpoints our app needs to function. Now as a native developer, I'm not a hater of a web apps way of doing things but with this particular app their dev teams seems to think that all programming languages can parse json as dynamically as javascript...

Exhibit A:

- Sample Endpoint Documentation
* GetImportantInfo
* Params: $id // id of info to get details of
* Endpoint: get-info/$id
* Method: GET
* Entity Return {SampleInfoModel}

- Example API calls in desktop REST client
* get-info/1
- response
{
"a" : 0,
"b" : false,
"c" : null
}
* get-info/2
- response
{
"a" : [null, "random date stamp"],
"b" : 3.14,
"c" : {
"z" : false,
"y" : 0.5
}
}
* get-info/3
- response
{
"a" : "false" // yes as a string
"b" : "yellow"
"c" : 1.75
}

Look, I get that js and ruby have dynamic types and a string can become a float can become a Boolean can become a cat can become an anvil. But that mess is very difficult to parse and make sense of in a stack that relies on static types.

After writing a million switch statements with cases like "is Float" or "is String" from kotlin's Any type // alias for java.Object, I throw my hands in the air and tell my boss we need to get on the phone with these folks. He agrees and we schedules a day that their main developer can come to our shop to "show us the ropes".

So the day comes and this guy shows up with his mac book pro and skinny jeans. We begin showing him the different data types coming back and explain how its bad for performance and can lead to bugs in the future if the model structure changes between different call params. He matter of factually has an epiphany and exclaims "OHHHHHH! I got you covered dawg!" and begins click clacking on his laptop to make sense of it all. We decide not to disturb him any more so he can keep working.

3 hours goes by...

He burst out of our conference room shouting "I am the greatest coder in the world! There's no problem I can't solve! Test it now!"

Weary, we begin testing the endpoints in our REST clients....

His magic fix, every single response is a quoted string of json:

example:
- old response
{
"foo" : "bar"
}
- new "improved" response
"{ \"foo\" : \"bar\" }"

smh....

Gotta love it when everything works flawlessly with the test API endpoint and credentials, but when I try to go live, there's suddenly a ton of additional configuration to get the third-party APIs working.

Why the fuck do you even provide a testing environment, if it's completely different from the live one?

It's only Monday. Why do i feel so tired. T_T

Today's work:
- 3hrs check point meeting on Project A
- quick API fix, testing and dev assistance on Project A
- prelive deployment of Module B
- code review and enhancements for Script C
- prelive deployment and testing for Script C

Have you heard of "Thunder client"? Meh... That shit is cool. I came across it on my YouTube recommendations, installed and gave it a try. I'm probably not going back to postman.

lets just wait till the day before deploy to finally authorize api testing for users outside of the network - and then get super upset when we aren't adjusted, prepared, and tested in time for next-day deployment

¡rant|rant

Nice to do some refactoring of the whole data access layer of our core logistics software, let me tell an story.

The project is around 80k lines of code, with a lot of integrations with an ERP system and an sql database.

The ERP system is old, shitty api for it also, only static methods through an wrapper to an c++ library

imagine an order table.

To access an order, you would first need to open the database by calling Api.Open(...file paths) (yes, it's an fucking flat file type database)

Now the database is open, now you would open the orders table with method Api.Table(int tableId) and in return you would get an integer value, the pointer.

Now for the actual order. first you need to search for it by setting the search parameter to the column ID of the order number while checking all calls for some BS error code

Api.SetInt(int pointer, int column, int query Value)
Then call the find method.

Api.Find(int pointer)

Then to top this shitcake of an api of: if it doesn't find your shit it will use the "close enough" method of search.

And now to read a singe string 😑

First you will look in the outdated and incorrect documentation given to you from the devil himself and look for the column ID to find the length of the column.

Then you create a string variable with ALL FUCKING SPACES.

Now you call the Api.GetStr(int pointer, int column, ref string emptyString, int length)

Now you have passed your poor string to the api's demon orgy by reference.

Then some more BS error code checking.

Now you have read an string value 😀

Now keep in mind to repeat these steps for all 300+ columns in the order table.

News from the creators: SQL server? yes, sql is good so everything will be better?

Now imagine the poor developers that got tasked to convert this shitcake to use a MS SQL server, that they did.

Now I can honestly say that I found the best SQL server benchmark tool. This sucker creams out just above ~105K sql statements per second on peak and ~15K per second for 1.5 second to read an order. 1.5 second to read less than 4 fucking kilobytes!

Right at that moment I released that our software would grind to an fucking halt before even thinking about starting it. And that me & myself and I would be tasked to fix it.

4 months later and two weeks until functional beta, here I am. We created our own api with the SQL server 😀

And the outcome of all this...

Fixes bugs older than a year, Forces rewriting part of code base. Forces removal of dirty fixes. allows proper unit and integration testing and even database testing with snapshot feature.

The whole ERP system could be replaced with ~10 lines of code (provided same relational structure) on the application while adding it to our own API library.

Best part is probably the performance improvements 😀. Up to 4500 times faster and 60 times less memory usage also with only managed memory.

PM: Page load times are up. It might be your API blocking requests.

Me: Possible, though most of my load testing was performed against a random sample of requests at nearly 5 times the expected average per minute rate. I can add some logs but I think this is a red herring theory.

PM: Yes add logs, and New Relic and get it released ASAP.

Me: To confirm, you want me to make a bunch of diagnostic changes to a mission-critical API the day before Holiday break...

I felt like that guy from the Apollo 13 team warning Gene Kranz that the LEM was not built for this and I can make no guarantees... Released an hour before we went home for the weekend.

Fuck cookies.
Fuck API testing.

I remember my colleague who was DevOps guy (15+ years exp) in our one very good project about kids' edutainment.

He always breaks things & blames others when only he had admin access of the tool.

When client was very much interested in Android app, our that DevOps focusing totally on REST API & ignored Android app related DevOps tasks.

Our Android CI/CD was not complete till project ended. Due to his stubborn nature we couldn't take benifit of automation testing.

You can't tell him how to do any task, if you tell then it will be taken by him as an insult to his intelligence.

He would waste his 2 business weeks to find a way to do that task, then he would do some frugal trick half heartedly then he will leave it. Still he wouldn't accept your help due to his ego & he would work on tasks which he likes even though they are of low priority.

He was hellbent on cost cutting so he reduced caching availability to save extra billing, now we couldn't had enough speed for even 10 users to show recommendation feed by API.

Due to this our client couldn't show demo to angel investors properly & didn't get funding.

I don't how with such a bad attitude, he could survive so long.

He had plenty of training certificates (Salesforce etc.) with very little practical knowledge.

God save people of his current & future projects.

So i was working on an android app that communicate with restfull web service. I setup everything , started the web service api at localhost and launched the app on genymotion (virtual machine android) .Nothing seems to work . I checked the code , debugged some stuff and it turns out i couldn't communicate with the api server. I tested the api on my browser and nothing is wrong ,I tried to test on the phone vm browser and voila 404 not found . How the hell it's working on my windows and not on the vm (with localhost url :/ ) .I kept debugging for more then 3 hours with no solution to be found .
The moment I realised wtf I'm doing and how stupid I was => shut down my laptop went to coffee shop and bought a lifeless dark espresso .

In case you didn't understand what the issue is, I was running the api on my windows localhost and testing it with same url on my android vm (I should've changed localhost with my machine IP )

I was hired as a wpf dev for a large scale project and I was told that the backend is perfectly complete and that I am able to work right away, then after I started working, I noticed that every request I sent was returning a 500 internal error, I thought it was a problem on my end, but later I found out that they didn't even implement the api yet, it was just a "reference" for devs, which basically means that I should work and give them a perfectly functional app without testing anything at all.

Sometimes I commit fixes for issues on my crypto exchange api repos without testing them and tell the issue author to test it themselves because "I don't have api keys for the respective api" to test it.

I'm fully registered on every exchange from here to Japan. 🙄

Fuck UPS and their API Documentation. Has anyone here ever integrated their API ?
Their API documentation doesn't mention any sandbox or testing accounts.
If I click on their create access key button, it takes me to a form which requires a real payment method and address which seems like it's meant for real stuff not testing.

Did you ever had to integrate a fucking "API" that is done via mail bodies?

Fuck this shit! Who need responses about success or failure?! Guess this will take a long time to test this fucking piece of garbage... We don't get a test system, we need to test this with the production system of the other company. I hope their retarded application crashes when receiving malicious mails.

Not speaking about security, I bet everyone can send a mail to their stupid mail address and modify their data 🙈

And inside of this crap mail you also have to send the name, street and email of their company. Why do you fucking need this information?!

I found out that apache had built-in support ( via a module - mod_md ) for automatic TLS certificate management with Let's Encrypt since October 2017.

Bloody Hell! Why didn't I hear of this sooner?

So, I ran off into my cloud to set up this so-called ManagedDomain ( mod_md ).

Found the module in the package repositories, installed it and started testing it out.
I started writing IfModule conditions under mod_ssl so that I wouldn't have to overwrite my existing TLS configurations ( which was already issued by Let's Encrypt via certbot, by the way ).

After a whole night of twisting and turning with the configurations, it turns out that the module in the package repositories were built for ACMEv1 and that API has been dead for as long as the module has been around.

I had noticed that the module was 'experimental', but I still hoped that they had the packaged the module.

Finally, I cozied back up with certbot. At least, until this so-called mod_md becomes stable and mainstream.
I hope certbot doesn't make a fuss. I'm sure, it got offended that I was trying to cheat it with mod_md.

I am forced to work with a client's notoriously slow SOAP api. Slow in this case is 1.5-2s per request.
The api is structured rather... creatively... at the same time. So we have to bombard it with thousands of requests to build our data base with historical SOAP data. Also the data sometimes is a couple of hours late, giving a flat line (all values at 0) until retroactively fixing the output for the same requests.
So to fill one dev data base with a year's worth of historical data (nice to have when testing a dashboard application) we hammer the api with ~20k requests (~1 million if we want to be thorough).
Best thing about that: There is no staging/test api and the prod api seems not to handle lots of requests at the same time very well...
Latest thought: Maybe we could put a varnish cache in front of the SOAP for testing. Better have wrong data, than nothing at all and we don't kill the prod clients every time we ramp up a new instance.
Also that would dramatically decrease the 4.2 hours of data pumping to about 7 minutes after the first run.

Today, I have installed/uninstalled a combination of [windows 7, arch linux, dual-boot] a total of 9 times...

I wouldn't be surprised if my 120G SSD fails next week

It all started when I had to whip up a GUI-wrapped youtube-dl based program for a windows machine.

Thinking a handy GUI python library will get it done in no time, I started right away with the Kivy quick-start page in front of me.

Everything seemed to be going fine, until I decided it would be "wise" to first check if I can run Kivy on said windows machine.

Here I spent what felt like a day (5 hours) trying to install core pip modules for kivy.. only before realizing my innocent cygwin64 setup was the reason everything was failing, and that sys.platform was NOT set to "win32" (a requirement later discovered when unpacking .whl files)

"Okay.. you know what? Fuck........ This."
In a haze of frustration, I decided it was my fault for ever deciding to do Python on windows, and that "none of this would've happened if I were installing pip modules on a Linux terminal"...

I then had the "brilliant" idea of "Why don't I just use Linux, and make windows a virtual machine within, for testing."

And so I spent the next hour getting everything set up correctly for me get back to programming.... And so I did.

But uh... you're doing GUI stuff, right? -> Yeah...

And you uh.. Kivy uses OpenGL on windows, doesn't it? -> Yeah..?

OpenGL... 2.

-> Fuck.

That's when I realized my "brilliant" idea, was actually a really bad prank. Turns out.. I needed a native windows environment with up-to-date non-virtual graphics drivers that supported at least OpenGL2 for Kivy GUI programs!

Something I already had from square 1.

And at this point, it hurts to even sigh knowing I wasted hours just... making... poor decisions, my very first one being cygwin64 as a substitution for windows cmd.

But persistent as any programmer should be in order to succeed, I dragged my sorry ass back to the computer to reinstall windows on the actual hardware... again.

While the windows installer was busy jacking off all over my precious gigabytes (why does it need that much spaaace for a base install??? fuck.). I had "yet another brilliant idea" YABI™

Why not just do a dual-boot? That way, you have the best of both worlds, you do python stuff in Linux, and when it's time to build and test on the target OS, you have a native windows environment!

This synthetic harmony sounded amazing to the desperate, exhausted, shell of a man that I had become after such a back-breaking experience with cygwin

Now that my windows platter with a side of linux was all set-up and ready-to-go, I once again booted up windows to test if Kivy even worked.

And... It did!

And just as I began raising my victory flags, I suddenly realized there was one more thing I had to do, something trivial, should take me "no time" to do, being in a native windows environment and all.................... -.- (sigh)

I had to make sure it compiles to a traditional exe...

Not a biggy, right? Just find one of those py2exe—sounding modules or something, and surprisingly enough, there was indeed a py2exe—sounding module, conveniently named... py2exe.

Not a second thought given, I thought surely this was a good enough way of doing it, just gonna look up the py2exe guide and...

-> 3 hours later + 1 extra coffee

What do you meeeeean "module not found"? Do I need to install more dependencies? Why doesn't it say so in the DAMN guide? Wait I don't? Why are you showing me that error message then????

-------------------------------

No. I'm not doing this.
I shut off my computer and took a long... long.. break.

Only to return sometime the next day and end up making no progress, beating my SSD with more OS installs (sometimes with no obvious reason to do so).

Wondering whether I should give up Kivy itself as it didn't seem compatible with py2exe.. I discovered pyInstaller, which seemed to be the way Kivy wants exe's to be made on windows..

Awesome! I should've looked up how Kivy developers make exe's instead of jumping straight into py2exe land, (I guess "py2exe" just sounded more effective to me then)

More hours pass, and you'd think I'd have eliminated all of my build environment problems by now... but oh, how wrong you'd be...

pyInstaller was failing, and half the solutions I found online were to download some windows update KB32946..whatever...

The other half telling me to downgrade from Python 3.8.1 to Python 3.8.0000.009 (exaggeration! But you get the point)

At the end of all that mess, I decided it wasn't worth some of my lifespan, and that maybe.. just maybe.. it would've been better to create WINDOWS GUI with the mother fuc*ing WINDOWS API.

Alright, step 1: Get Visual Studio..
Step 2: kys
Step 3: kys again.

Been wanting to get into OOP and unit testing, haven't found a single semi big project that I can use to study these techniques...

Wrote myself a class when asked to do an API call last week, and I think it looks pretty decent...

Does anyone have a ressource to just see how to do it "properly" on medium sized projects? (100k loc)

Spent an hour trying to figure out why my API request was returning unauthorized, turned out I had a trailing space after the ID (hard coded for testing purpose) T_T

Well, been awhile. The latter half of this is probably gonna be unpopular, but the gist of it is that all of the devs working on camera-centric apps, get your shit together, if possible. As mentioned there may not be a way for you to get your shit together, because Google and the others involved ultimately are a mess. In that case, you're dismissed. I haven't proof-read this, so don't take it exactly verbatim.

Woke up this morning to a need for this, so here goes:

----
OPEN LETTER TO SNAPCHAT
----
Snapchat,

You guys need to get your shit together. This is a tack-on to what Marques Brownlee already stated.

I woke up this morning to a seriously FUCKED UP UI. UX didn't change as much, still looks Snapchat-esque. But holy hell WHAT THE FUCK?

I'm not averse to change, despite the above. HOWEVER, there's an exception to that: You cannot change out UX/UI from under me with no warning. I need to know that within the coming weeks, there will be changes to how I interact/interface within the app. An option to opt into testing would be nice as well, but doesn't look like you guys have that figured out. With that testing should come feedback, and something like Jira, where issues can be reported and triaged. You're a company, unfortunately, so I doubt you'd be willing to even go as far as accepting feedback in the first place, which is a shame.

Seriously, as Marques pointed out, Android Snaps are shitty because the app takes a screenshot of the viewfinder and uses it as a photo. There's no doubt in my mind this is something that others do, but all Android devs need to either not pull this (because it's not clever) or just not make apps (quality over quantity).

I would like to see either Google step in and require a native API that is the same across all devices and leverages all cameras to their full potential (I want to say that Snap's issue stems from an API provided by Google. In this case, Google, get your shit together), or alternatively I'd like to see manufacturers band up to provide a uniform interface to deal with this. Because I don't see the latter happening anytime soon, Google needs to do something about this, although I feel like they probably won't. That said, IDGAF WHO it is, I just want it FIXED.

The company I worked for had to do deletion runs of customer data (files and database records) every year, mainly for legal reasons. Two months before the next run they found out that the next year would bring multiple times the amount of objects, because a decade ago they had introduced a new solution whose data would be eligible for deletion for the first time.

The existing process was not be able to cope with those amounts of objects and froze to death gobbling up every bit of ram on the testing system. So my task was to rewrite the exising code, optimize api calls and somehow I ended up in multithreading the whole process. It worked and is most probably still in production today. 💨

Because of the amount of complaining I do at work concerning legacy php applications the HOD is trying to push for different technologies to use for backend services. We have met multiple times to discuss the proper way of handling the situation since there are a lot of very obvious things to consider regarding the push for a new tech stack. The typical names have come about, but my biggest issue will be training people for these stacks.

Testing environments with docker and so forth, push for CERTAIN applications to be more API centric and the use of better frontend frameworks that will remain standard for years to come(hard to bet on this one but I tend to orefer React) among other things are the topics of conversation.

Personally I would love to move the shop to something geared towards Golang, thing is, the lead dev is complaining about it saying that the training for a new language would just take time. After a couple of examples he is still not convinced.

I think its wrong of him to center himself on just PHP and JQUERY as the main development stack he uses and learning new things should be part of the job, I also have a case against the spaghetti code that results from just using vanilla php with no proper development practices(composer based systems, oop etc etc you get the gist)

In the end I am starting to think that it will become one of those "fuck off I am the boss" type of deal since I am going to be here after a long time and he has about 2 years before he medically retire.

So today I started looking at an old project (site/api tester) I backlogged due to various blockers.

I started remembering things and after setting up the testing app, I realized it depended on an extraction app that I wrote before that. And this reminds me of the whole start of all this testing stuff going back more then a year ago.

It sorta felt like I just took the cover off a hole? And then remembered how deep it goes.

And thankfully I left myself documentation... Though took me a while to find and still looking... (tracing from 1 project to another)

Why are there so many testing framworks for JavaScript? Jasmine, mocha, buster ... and for spies, stubs and mocks, there is sinon and for assertions, there is chai. And oh you can record entire external api calls with nock and whatever else I forgot. I am a bit overwhelmed by this overambundancy of libraries. Writing tests is supposed to be easy.

I'm losing my mind.

It turns out that the API test environment we are using to test a new payment method is their development/staging environment. A couple of hours ago, they fucked up something, and we have been stuck because of that.

Was working on setting up a ci/CD pipeline. The ci part with automated testing and deployment to a on-premise docker registry worked already, so I thought "hey I could try to actually run one of those fresh containers" so I tried it with the usual docker run command.. "Manifest not found" suddenly appeared, it confused me a bit since I used the same url I used for publishing... So I googled around only to find NOTHING that is even remotely connected to my issue. "Eh let's let the guy that runs that registry fix it" was what I thought and called it a day. The next day I was eager to try it again and checked the urls case by case only to notice that I wrote secret-project-backend-client instead of secret-project-api.. I tried it with the new name and it worked!
Never felt so retarded in my life....

Working with a data scientist on an update to a machine learning api that has dinner logic change with a new model.

He's wondering why his PRs are falling.

He's trying to merge into development from a branch created off of main.

He's renamed all the functions and classes and never updated the call points.

He's using new packages but never includes them in the requirements file, so the docket builds are failing.

His class method definitions don't contain self and are throwing syntax errors.

I've been working with him for 4 days to get him to understand branching, linting, unit testing, and not blindly copy and pasting snippets from jupyter notebook into production api code!

So I am debugging a connector library for an api that users curl.

I am fighting my ass off with errors and a lack of debug, testing or thought for CI

Take a poke around this set of classes only to find.

Postman token in the opts. and a removal of ssl check. What you straight copied from postman.

Like seriously clean up your fucking code if you are gonna put something out as production ready to your team.

Console.log('fuck');

My work product: Or why I learned to get twitchy around Java...

I maintain a Java based test system, that tests a raster image processor. The client is a Java swing project that contains CORBA bindings to the internal API of the raster image processor. It also has custom written UI elements and duplicated functionality that became available in later versions of Java, but because some of the third party tools we use don't work with later versions of Java for some reason, it's not possible to upgrade Java to gain things as simple as recursive directory deletion, yes the version of Java we have to use does not support something as simple as that and custom code had to be written to support it.

Because of the requirement to build the API bindings along with the client the whole application must be built with the raster image processor build chain, which is a heavily customised jam build system. So an ant task calls out to execute a jam task and jam does about 90% of the heavy lifting.

In addition to the Java code there's code for interpreting PostScript files, as these can be used to alter the behaviour of the raster image processor during testing.

As if that weren't enough, there's a beanshell interface to allow users to script the test system, but none of the users know Java well enough to feel confident writing interpreted Java scripts (and that's too close to JavaScript for my comfort). I once tried swapping this out for the Rhino JavaScript interpreter and got all the verbal support in the world but no developer time to design an API that'd work for all the departments.

The server isn't much better though. It's a tomcat based application that was written by someone who had never built a tomcat application before, or any web application for that matter and uses raw SQL strings instead of an orm, it doesn't use MVC in any way, and insane amount of functionality is dumped into the jsp files.

It too interacts with a raster image processor to create difference masks of the output, running PostScript as needed. It spawns off multiple threads and can spend days processing hundreds of gigabytes of image output (depending on the size of the tests).

We're stuck on Tomcat seven because we can't upgrade beyond Java 6, which brings a whole manner of security issues, but that eager little Java updated will break the tool chain if it gets its way.

Between these two components we have the Java RMI server (sometimes) working to help generate image data on the client side before all images are pulled across a UNC network path onto the server that processes test jobs (in PDF format), by reading into the xref table of said PDF, finding the embedded image data (for our server consumed test files are just flate encoded TIFF files wrapped around just enough PDF to make them valid) and uses a tool to create a difference mask of two images.

This tool is very error prone, it can't difference images of different sizes, colour spaces, orientations or pixel depths, but it's the best we have.

The tool is installed in both the client and server if the client can generate images it'll query from the server which ones it needs to and if it can't the server will use the tool itself.

Our shells have custom profiles for linking to a whole manner of third party tools and libraries, including a link to visual studio 2005 (more indirectly related build dependencies), the whole profile has to ensure that absolutely no operating system pollution gets into the shell, most of our apps are installed in our home directories and we have to ensure our paths are correct for every single application we add.

And... Fucking and!

Most of the tools are stored as source bundles in a version control system... Not got or mercurial, not perforce or svn, not even CVS... They use a custom built version control system that is built on top of RCS, it keeps a central database of locked files (using soft and hard locks along with write protecting the files in the file system) to ensure users can't get merge conflicts by preventing other users from writing to the files at all.

Branching is heavy weight and can take the best part of a day to create a new branch and populate the history.

Gathering the tools alone to build the Dev environment to build my project takes the best part of a week.

What should be a joy come hardware refresh year becomes a curse ("Well fuck, now I loose a week spending it setting up the Dev environment on ANOTHER machine").

Needless to say, I enjoy NOT working with Java. A lot of this isn't Javas fault, but there's a lot of things that Java (specifically the Java 6 version we're stuck on) does not make easy.

This is why I prefer to build my web apps in python or node, hell, I'd even take Lua... Just... Compiling web pages into executable Java classes, why? I mean I understand the implementation of how this happens, but why did my predecessor have to choose this? Why?

This is my frontend tip of the day.
If you have a frontend that consumes an external API:
1) Retrieve the json responses from devtools
2) Save them in your project as json files (trim the data a bit if it's too long)
3) When starting your app with a special env var like MOCK_DATA, make your app mock the data and use your saved json data instead.

You can associate each response with an url regex.

The package fetch-mock mocks fetch really well, it lets through the urls that don't match anything.
This way you can incrementally add responses.

And voila, you have a mode where you have near instant page loads to test things manually, and you also have mocked data ready for testing eg, cypress.

Do you believe in QA who only tests the application as a user i.e just blackbox testing of clicking here and there.?
The QAs in my company doesn't have a clue on how the shit works and most of them don't even understand a line of code.
I feel that it's really important to test the application from the web api level as well to test out all the complex business logics which may not be feasible from the UI.

A very long rant.. but I'm looking to share some experiences, maybe a different perspective.. huge changes at the company.

So my company is starting our microservices journey (we have a 359 retail websites at this moment)

First question was: What to build first?

The first thing we had to do was to decide what we wanted to build as our first microservice. We went looking for a microservice that can be used read only, consumers could easily implement without overhauling production software and is isolated from other processes.

We’ve ended up with building a catalog service as our first microservice. That catalog service provides consumers of the microservice information of our catalog and its most essential information about items in the catalog.

By starting with building the catalog service the team could focus on building the microservice without any time pressure. The initial functionalities of the catalog service were being created to replace existing functionality which were working fine.

Because we choose such an isolated functionality we were able to introduce the new catalog service into production step by step. Instead of replacing the search functionality of the webshops using a big-bang approach, we choose A/B split testing to measure our changes and gradually increase the load of the microservice.

Next step: Choosing a datastore

The search engine that was in production when we started this project was making user of Solr. Due to the use of Lucene it was performing very well as a search engine, but from engineering perspective it lacked some functionalities. It came short if you wanted to run it in a cluster environment, configuring it was hard and not user friendly and last but not least, development of Solr seemed to be grinded to a halt.

Elasticsearch started entering the scene as a competitor for Solr and brought interesting features. Still using Lucene, which we were happy with, it was build with clustering in mind and being provided out of the box. Managing Elasticsearch was easy since there are REST APIs for configuration and as a fallback there are YAML configurations available.

We decided to use Elasticsearch since it provides us the strengths and capabilities of Lucene with the added joy of easy configuration, clustering and a lively community driving the project.

Even bigger challenge? Which programming language will we use

The team responsible for developing this first microservice consists out of a group web developers. So when looking for a programming language for the microservice, we went searching for a language close to their hearts and expertise. At that time a typical web developer at least had knowledge of PHP and Javascript.

What we’ve noticed during researching various languages is that almost all actions done by the catalog service will boil down to the following paradigm:

- Execute a HTTP call to fetch some JSON

- Transform JSON to a desired output

- Respond with the transformed JSON

Actions that easily can be done in a parallel and asynchronous manner and mainly consists out of transforming JSON from the source to a desired output. The programming language used for the catalog service should hold strong qualifications for those kind of actions.

Another thing to notice is that some functionalities that will be built using the catalog service will result into a high level of concurrent requests. For example the type-ahead functionality will trigger several requests to the catalog service per usage of a user.

To us, PHP and .NET at that time weren’t sufficient enough to us for building the catalog service based on the requirements we’ve set. Eventually we’ve decided to use Node.js which is better suited for the things we are looking for as described earlier. Node.js provides a non-blocking I/O model and being event driven helps us developing a high performance microservice.

The leap to start programming Node.js is relatively small since it basically is Javascript. A language that is familiar for the developers around that time. While Node.js is displaying some new concepts it is relatively easy for a developer to start using it.

The beauty of microservices and the isolation it provides, is that you can choose the best tool for that particular microservice. Not all microservices will be developed using Node.js and Elasticsearch. All kinds of combinations might arise and this is what makes the microservices architecture so flexible.

Even when Node.js or Elasticsearch turns out to be a bad choice for the catalog service it is relatively easy to switch that choice for magic ‘X’ or component ‘Z’. By focussing on creating a solid API the components that are driving that API don’t matter that much. It should do what you ask of it and when it is lacking you just replace it.

Many more headaches to come later this year ;)

Testing API endpoints

This is an actual transcript...
Since it's way too long for the normal 5000 characters, hence splitting it up...

Infra Guy: mr Dev, could you please give some rational for update of jjb?
Dev: sparse checkout support is missing
Infra Guy: is this support mandatory to achive whatever you trying to do?
Dev: yes
Infra Guy: u trying to get set of specific folder for set of specific components?
Dev: yes
Infra Guy: bash script with cp or mv will not work for you?
Dev: no
Infra Guy: ?
Dev: when you have already present functionality why reinvent the wheel
Dev: jenkins has support for it
Dev: the jjb is the bottle neck
Infra Guy: getting this functionality onto our infra would have some implications
Dev: why should I write bash script if jenkins allows me to do that
Dev: what implications ??
Infra Guy: will you commit to solve all the issues caused by new jjb?
Dev: you show me the implications first
Infra Guy: like a year ago i have tried to get new jjb <commit_url>
Infra Guy: no, the implications is a grey area
Infra Guy: i cant show all of them and they may hit like in week or eve month
Dev: then why was it not tackled
Dev: and why was it kept like that
Infra Guy: few jobs got broken on something
Dev: it will crop up some time later
Dev: if jobs get broken because of syntax
Dev: then jobs can be fixed
Dev: is it not ???
Infra Guy: ofc
Infra Guy: its just a question who will fix them
Dev: follow the syntax and follow the guidelines
Dev: put up a test server and try and lets see
Dev: you have a dev server
Dev: why not try on that one and see what all jobs fails
Dev: and why they fail
Dev: rather than saying it will fail and who will fix
Dev: let them fail and then lets find why
Dev: I manually define a job
Dev: I get it done
Infra Guy: i dont think we have test server which have the same workload and same attention as our prod
Dev: unless you test how would you know ??
Dev: and just saying that it broke one with a version hence I wont do it
Infra Guy: and im not sure if thats fair for us to deal with implication of upgrading of the major components just cause bash script is not good enough for u
Dev: its pretty bad
Infra Guy: i do agree
Infra TL Guy: Dev, what Infra Guy is saying is that its not possible to upgrade without downtime
Infra Guy: no
Dev: how long a downtime are we looking at ??
Infra Guy: im saying that after this upgrade we will have deal with consequences for long time
Infra Guy-2: No this is not testing the upgrade is the huge effort as we dont have dev resources to handle each job to run
Dev: if your jjb compiles all the yaml without error
Dev: I am not sure what consequences are we talking of
Infra Guy: so you think there will be no consequences, right?
Dev: unless you take the plunge will you know ??
Dev: you have a dev server running at port 9000
Infra Guy: this servers runs nothing
Dev: that is good
Dev: there you can take the risk
Infra Guy: and the fack we have managed to put something onto api doesnt mean it works
Dev: what API ?
Infra Guy: jenkins api
Infra Guy: hmmm
Dev: what have you put on Jenkins API ??
Infra Guy: (
Dev: jjb is a CLI
Infra Guy: ((
Dev: is what I understand
Dev: not a Jenkins API
Infra Guy: (((
Dev: (((((
Infra Guy: jjb build xmls and push them onto api
Infra Guy: and its doent matter
Dev: so you mean to say upgrading a CLI is goig to upgrade your core jenkisn API
Dev: give me a break
Infra Guy: the matter is that even if have managed to build something and put it onto api
Infra Guy: doesnt mean it will work
Dev: the API consumes the xml file and creates a job
Infra Guy: right
Dev: if it confirms to the options which it understands
Dev: then everything will work
Dev: I am actually not getting your point Infra Guy
Infra Guy: i do agree mr Dev
Dev: we are beating around the bush
Infra Guy: just want to be sure that if this upgrade will break something
Infra Guy: we will have a person who will fix it
Dev: that is what CICD is supposed to let me know with valid reasons
Dev: why can't that upgrade be done
Infra Guy: it can be done
Infra Guy: i even have commit in place

>start new job, not very professionally experienced dev
>spend couple of months working on a feature that is supposed to be an MVP kind of thing, be rushed to finish and told to cut corners because it's "just an MVP", still lose sleep and have relationship suffer (and ultimately ruined) as I try to not lose deadlines created by the boss with questions like "you can have this done by <very soon>, right?"
>frontend created by fellow developer is a garbled mess of repeated code and questionably implemented subpages, frontend dev apparently copies CSS from Figma and pastes it into new non-reusable React components as envisioned by designer, I am tasked with making sense of the mess and adding in API consumption, when questioning boss what to do with the mess I am often told to discard stuff that the frontend dev has made and just reuse his styling; all of this on top of implementing the backend feature that a previous developer wasn't able to do
>specs change along the way, I had been using a library as a helper in some part of the original feature, now the boss sees that and (without further testing the library) promises CEO that we'll add that as a separate subfeature, but the performance of the library is garbage for larger inputs and causes problems, is basically shit that might not have been shit if we had implemented it ourselves, however at this point CEO has promised new feature to some customers, all the actual sense of responsibility falls upon my hands
>marketing folk see halfway done application and ask for more changes
>everything is rushed to launch, plenty of things aren't implemented or are done halfway
>while I'm waiting for boss to deploy, I'm called up to company office by CEO, and get new task that is pretty cool and will actually involve assessing various algorithms and experiment with them, rather than just stitching API calls and endpoints together, it involves delving into a whole new field of CS that I never had the opportunity to delve into before
>start working on cool task, doing research, making good progress
>boss finally deploys feature I had been originally implementing
>cut corners of original boring insane feature start showing up, now I have to start fixing them instead of working on cool task, however the cool task also has a deadline which is likely expected to be met

I'm not sure if I'm having it bad or not, is this what a whole career in software development will look like?

How do you implement TDD in reality?

Say you have a system that is TDD ready, not too sure what that means exactly but you can go write and run any unit tests.

And for example, you need to generate a report that uses 2 database tables so:

1. Read/Query
2. Processor logic
3. Output to file

So 1 and 3 are fairly straightforward, they don't change much, just mock the inputs.

But what about #2. There's going to be a lot of functions doing calculations, grouping/merging the data. And from my experience the code gets refactored a lot. Changing requirements, optimization (first round is somewhat just make it work) so entire functions and classes maybe deleted. Even the input data may change. So with TDD wouldn't you end up writing a lot of throwaway code?

A lot of times I don't know exactly what I want or need other than I need a class that can do something like this... but then I might end up throwing the whole thing out and writing a new one one I get a clearer idea of what i or the user wants or needs.

Last week I was building a new REST API, the parameters and usage changed like 3 times. And even now the code is in feasibility/POC testing just to figure out what needs to be used. Do I need more, less parameters, what should they be. I've moved and rewritten a lot of code because "oh this way won't work, need to try this way instead"

All I start with is my boss telling me I need an API that lets users to ... (Very general requirements).

GraphQL or REST?

I'm not really worried about boilerplate (my research reveals it's roughly the same), I currently have a (very incomplete) REST interface, but that was just for testing.

Also, the API has no real usage yet (I only use it for submissions) and it literally exists for the sake of having an API (so I don't need to write it later).

first some background. I'm an intern coming in on the end of my internship (tomorrow's my last day). I've been working on a reasonably important project, more specifically a restful API. We have automation set up so that any commits to master on GitHub are pushed out into a live, accessible version. Some guy (let's call him dumbass) joined our team last week, and has had a few ideas

Dumbass: *opens pull request to my repo*
My boss: *requests changes*
Me: *requests different changes*
(All this before even testing his code, mind you)
Dumbass: *makes requested changes*
Me: *approves changes*

A day passes

My boss: *approves changes*
Me (not even 10 seconds after my boss approved changes): *requests more changes*
(Still haven't tested his code, I just ran A PEP8 compliance test)
Dumbass: *MERGES CHANGES TO MASTER*

Literally EVERYTHING breaks because he was importing a module that's not available

We don't notice until later that day (I'm still working on writing the tests for the automation, for now changes get put on live version even if everything breaks -- tool is still in beta, so everyone working on it (a whole 3 people) knows to TEST THEIR SHIT BEFORE MERGING TO MASTER.)

WHY EVEN BOTHER WITH THE PULL REQUEST IF YOU WERE GOING TO MERGE TO MASTER YOURSELF ANYWAY??!??!??

My frustration cannot be properly conveyed through text, but let's just say this guy's been there a week, I already didn't like him, and then he fucking does this.

"And would any of ya folks be kind enough to write down a small script doin that?"

Yeah, sure... No! That would require us to make testing API keys, write connection logic, test it, debug it, test it again, et.c.

Just because it's simple doesn't mean it takes 0-time. I've learned that by listening to an idea of yours previously and sent months being your personal closed-source programmer for a huge-ass project you later abandoned before production. Go away.

Struggling to write my Engineering Thesis code. Not because I'm afraid of tech, but because I have no idea what it should do.
I'm testing mobile apps performance, but getting the right idea is pain in the ass. :(
Never been too creative, but always have been over ambitious and lazy.
So the deadline is coming slowly, I have specified my 'tests' (authorization, API connection, heavy calculations, graphics, database handling) and still don't know what my app should do.

And ideas or suggestions what else is to test?

Someone from QA just randomly started asking me about API requests and responses today. For our backend which is not actually an API and changes all the time without notice. They just like, casually wanna know the contract of every endpoint on that.

So after having a heart attack thinking my coworker got spear phished I find out QA has decided to start testing our backend without telling us let alone asking us if it's a good idea.

What's your worst case of documentation examples that only cover the most basic of use cases, along with API docs that just repeat the name of the functions with some punctuation... angular js unit testing docs for me

Quick update on our partner's API that doesn't work (see previous rant).

They gave the wrong URL! Wow!! Well we have the new URL but
the production credentials don't work!!!

TLDR: Wrote a custom class for writing apibtest cases for a project with zero code test coverage.

We have a project with zero test coverage. Recently, i was tasked with writing api test cases for said project, it might have taken me months to write tests for all endpoint, plus the main issue was that each endpoint needed to tested for all available user roles and permissions.

I tried the main stream approach of writing api tests, but ended up running into a lot of issues directly linked to our projects roles/permissions architecture (cherry on top some endpoint are apikey specific). Don't get me wrong in my opinion this is by far one of the best user roles architecture out there, but writing test cases keeping it in mind is pain in ***.

After trying out different testing methods and frameworks, i decided to write my own class by extending django test framework (which uses unitest)

- It has generator and validators for request and response.
- Supports testing for user roles and permissions.
- We won't have to make any changes to code after user role or permissions changes
- I just have to copy and past request and responses from postman api collection.😂

Just spent 3 hours on a bs problem

I just start acceptance testing a node.js api.

I'm using frisby

I have logged the export method return data and it is correct

I am loading it into the set header function as the accept-type

On frisby side I run the test and it spits out that there is no accept-type

I really don't get why anymore. Came so close to a blind fury.

CREA DDF (Canada Real state listings API) is what you get when government fucks with technology.

Holy shit! So f*cking inefficient to use it, test it and get data.

I get the protection behind sensitive data but fuck me if there is not a lot of waiting behind their fucking application process just to fetch some testing data.

This is really a rant:
The company i work for uses the wso2 enterprise integrator for message transformation and so on.
I am in charge to get this thing to work.
And i am so annyoid about this fuc**** crap software, there price it as lightweight, fast and easy to use?
EASY TO USE?????
Who the fuck there had the IDEA to use XML as configuration files.
They have kinda no documentation, even searching the web makes no sense because you only can find there crap documentation, once i searched after another problem and found my own Stackowerflow question, which had a totally different term!!
And i guess they are making no testing, i mean if i want to edit a api and i set one bracket false or so, than if i click on save, i am doomed, BECAUSE IT DELETES THE CHANGES WITHOUT WARNING ME, i mean srsly are you kidding me wso2???

!rant

I have a personal dilemma. I'm creating an API wrapper for a small project, and I ran out of API requests. I "requested" the owner to grant me more to keep testing the wrapper.

He tells me that I either need to pay for more or code better. I don't know if I should keep going or just tell him to off himself.

Quick question for you all: How do you deal with a problem in production that you cannot fix, even over an extended period of time (say 2 months)?

For context I feel like I’m losing my sanity here, we’ve had this problem on our production API since the beginning of March this year. I’ve done so much testing, got in contact with various teams of my company to try to figure out any potential candidate that would explain the bug, but none worked out. No need to say I’ve spent a considerable amount of time searching on the internet for others with the same problem or similar… We’ve even opened a ticket with the cloud host to see if they would have more details about the problem without success. So how do you deal with that ?

I refactor, speed up, and generally slim down our api tests - so our 'api test' specialist QAs can happily dump thousands upon thousands of lines of new copy-pasted test cases in again with every commit, without fear of the test execution pipeline timing out again...

Meeeen this is crazy. The director created a testing route inside the actual api controller instead inside the spec file. Common man. We better than this. 🤦🏻‍♂️

I have to mock an API for my tests. The mocks got so complicated, I basically have cloned the API at this point. Now I'm testing my mocks to make sure they work. I'm essentially writing tests for my tests. There's gotta be a better way to do this.

Did any test use parasoft for automated API testing before? Is it a good tool used for API test automation? Never heard that since I usually use SoapUI or Postman.

Anyone know any load testing tool like Jmeter for testing gRPC request

how do I test long scenarios? I have an app with 10 screens to complete. I have a dropdown on the first screen which creates a table row element on the last screen. should I do selenium or unit test or both? selenium will have to click through the whole app and call every API just for 1 assertion. unit test will only check the dropdown has the right options which are subject to change and not really worth testing. I run into this problem every time I want to write a test. i always miss something in my manual testing and introduce defects. what should I do?

Mocha or Tape (both with supertest)? For Backend testing. Api, graphql, that shit.

What would you prefer and why?

Just built out my first app using Cloudflare Workers, Typescript, and DurableObjects. Holy shit, this is nice stuff.

It's taken little to no time to build out:

* JSON API written in Typescript
* JWT verification against my OAuth backend (SAML support too)
* CI Automated Deployments including unit tests
* DurableObject support
* 3rd party HTTP calls + caching (built in to the framework!) to reduce network latency and hiccups.
* Cron-like tasks on each stored object so they can awaken the app on a schedule and update themselves as necessary
* Rapid deployment to new environments

The local testing with coordinated "miniflare" is dreamy too.

I am integrating with different third-party payment provider via their API. Just wondering what is the good approach of testing these third party service/API?

Consumer/Producer contract testing?
end-to-end test?