!Story

The day I became the 400 pound Chinese hacker 4chan.

I built this front-end solution for a client (but behind a back end login), and we get on the line with some fancy European team who will handle penetration testing for the client as we are nearing dev completion.

They seem... pretty confident in themselves, and pretty disrespectful to the LAMP environment, and make the client worry even though it's behind a login the project is still vulnerable. No idea why the client hired an uppity .NET house to test a LAMP app. I don't even bother asking these questions anymore...

And worse, they insist we allow them to scrape for vulnerabilities BEHIND the server side login. As though a user was already compromised.

So, I know I want to fuck with them. and I sit around and smoke some weed and just let this issue marinate around in my crazy ass brain for a bit. Trying to think of a way I can obfuscate all this localStorage and what it's doing... And then, inspiration strikes.

I know this library for compressing JSON. I only use it when localStorage space gets tight, and this project was only storing a few k to localStorage... so compression was unnecessary, but what the hell. Problem: it would be obvious from exposed source that it was being called.

After a little more thought, I decide to override the addslashes and stripslashes functions and to do the compression/decompression from within those overrides.

I then minify the whole thing and stash it in the minified jquery file.

So, what LOOKS from exposed client side code to be a simple addslashes ends up compressing the JSON before putting it in localStorage. And what LOOKS like a stripslashes decompresses.

Now, the compression does some bit math that frankly is over my head, but the practical result is if you output the data compressed, it looks like mandarin and random characters. As a result, everything that can be seen in dev tools looks like the image.

So we GIVE the penetration team login credentials... they log in and start trying to crack it.

I sit and wait. Grinning as fuck.

Not even an hour goes by and they call an emergency meeting. I can barely contain laughter.

We get my PM and me and then several guys from their team on the line. They share screen and show the dev tools.

"We think you may have been compromised by a Chinese hacker!"

I mute and then die my ass off. Holy shit this is maybe the best thing I've ever done.

My PM, who has seen me use the JSON compression technique before and knows exactly whats up starts telling them about it so they don't freak out. And finally I unmute and manage a, "Guys... I'm standing right here." between gasped laughter.

If only it was more common to use video in these calls because I WISH I could have seen their faces.

Anyway, they calmed their attitude down, we told them how to decompress the localStorage, and then they still didn't find jack shit because i'm a fucking badass and even after we gave them keys to the login and gave them keys to my secret localStorage it only led to AWS Cognito protected async calls.

Anyway, that's the story of how I became a "Chinese hacker" and made a room full of penetration testers look like morons with a (reasonably) simple JS trick.

async functions, the easy way

If you didn't think NodeJS dependency hell was that bad, you should try sequentially parsing a graph that's stored as an array of nodes and their references, where processing of said nodes forces you to use some async functions that depend on other async functions.

What should have been 20 lines of code written in 30 minutes has turned into 3 hours of horror, reading about babel, realizing that it's just adding more problems without solving one, assessing the effort of modification of async libraries to include sync methods as well, trying out asyncwait, async, and everything else there is, trying to rethink the recursive algorithm, rewriting it several times, cursing and hating myself for not choosing to use Python or .NET Core, screaming senselessly at my wife in a language as familiar to her as Klingon, crying in the bathroom, re-assessing my life choices, thinking whether it was a mistake to dedicate 10 years to this career, maybe I'm just not cut out for it since I can't handle this simple task, watching noose tying tutorials on youtube, thinking about my naked empty RPI that won't connect to the server any time soon.

Seriously. Why is it SO BAD?! Or is it just me?

Web Development is so easy!

Sorry, need to vent.

In my current project I'm using two main libraries [slack client and k8s client], both official. And they both suck!

Okay, okay, their code doesn't really suck [apart from k8s severely violating Liskov's principle!]. The sucky part is not really their fault. It's the commonly used 3rd-party library that's fucked up.

Okhttp3

yeah yeah, here come all the booos. Let them all out.

1. In websockets it hard-caps frame size to 16mb w/o an ability to change it. So.. Forget about unchunked file transfers there... What's even worse - they close the websocket if the frame size exceeds that limit. Yep, instead of failing to send it kills the conn.

2. In websockets they are writing data completely async. Without any control handles.. No clue when the write starts, completes or fails. No callbacks, no promises, no nothing other feedback
3. In http requests they are splitting my request into multiple buffers. This fucks up the slack cluent, as I cannot post messages over 4050 chars in size . Thanks to the okhttp these long texts get split into multiple messages. Which effectively fucks up formatting [bold, italic, codeblocks, links,...], as the formatted blocks get torn apart. [didn't investigate this deeper: it's friday evening and it's kotlin, not java, so I saved myself from the trouble of parsing yet unknown syntax]

yes, okhttp is probably a good library for the most of it. Yes, people like it, but hell, these corner cases and weird design decisions drive me mad!

And it's not like I could swap it with anynother lib.. I don't depend on it -- other libs I need do!

Not quite a rant, but looking for opinion/advice.

I have been programming for a little over a year now, excluding those cringy Lua scripting days with if statement hell. I'm pretty far ahead most of the people in my course (1st year Software Engineering), but I'm at this awkward point where I know quite a bit but not enough. All of my projects so far have been small 1-2 source file programs, mostly in javascript although Python is my main hoe. At the moment I'm reading a book on machine learning and I feel like I'm doing fine, not struggling too much with it, but I don't feel confident at all in my abilities. I had two programming internship interviews half a year ago, both of which I wasn't accepted in. I've been thinking of contributing to an open source project lately to get some "real world" experience but I can't find a good project to start with and just don't feel like I'm good enough. There are also a lot of small things I come across such as async and coroutines in Python which I'm not familiar with yet and they make my confidence drop even lower. I'm guessing most of you have been in a similar position. Would you have any advice for me? Should I search for a project or should I keep on studying with books?

Fuck NodeJS. I don't want you to be asynchronous sometimes. My gahwd I need like 3 deep nested loops just to get you to make a request and compile a damn JSON of requests.

I'm learning Golang goodbye forever node.

Generator functions should be treated like sorting algorithms: Not worth your time if all you have is 4 or less async instructions.
Callback hell is actually kind of nice and warm when you're a just a few levels down. If you're really confused by your obfuscated code, you suck at node.

promises in JavaScript have really spoiled me

it's the most optimal way to do async without leaving much on the table

there's a promises library in rust and the guy who wrote it says it sucks because it spawns new thread every time you execute a bunch of promises

and I finally, through my fogged brain, managed to get the bright idea to write what I want to make in rust in JavaScript and holy hell it's sexy to work with promises. there's no performance left on the table. you do things as fast as possible

but if I take this JavaScript usability code I made and make it possible syntax-wise in rust I don't see how I would be able to do it without starting new operating system threads every time I execute any promises (or set)

I can take the overhead hit but this sounds retarded

and this isn't even touching upon how in rust everything needs to have a predetermined data type. so you can do lambdas and capture variables and send in variables into a thread that way, but to return the return object must be a consistent type (synchronizing the order data was sent in to the data sent out aside, haven't written that yet should be fine though)

which is fine if you are making a threadpool and it'll all be returning one data type
but this means you can't reuse a threadpool you made elsewhere in the program

the only thing that could fix async is to literally be compiler-enabled. it would have to work like generics and automatically make an enum of every type that can return, and only then could you re-use the threadpool

What the hell happened to the dotnet ecosystem in terms of stacktraces and async.

You used to be able to pin down your issues to the freaking exact line number using a stacktrace, but now im building a azure function and this is the crap im served when it blows up: How do you debug this?

I don't want to ever hear that you're proficient in JavaScript if you put a callback function call inside of an async function right after using the await command.

All you manage to do in the end was make a simple function that gets data to populate a dropdown menu into something that is absolutely more awful to look at than the worst callback hell possible.

Refactoring this code base has really questioned my sanity and how much I'm willing to spend on alcohol.

I work with server side React rendering and I wanted to do an async job.

I tried to do it since more than 3 hours.

😕🔫

...

...

...

FUCK YOU REACT! GO IN HELL YOU FUCKING SYNCHRONYOUSHIT. FUCK IT!

😡😤

I always find it funny when people fight over certain aspects of Javascript. Like how callback hell is manageable, async functions etc

Do they forget that Javascript itself is a flaming pile of shit language to begin with? The inventor literally created the language in a week, so that should be the base line assumption on how "capable" that language will come out to be.

The problem: callback hell. Code would be indented by three hundred fucking spaces just to do some async work. Your code would end with thirty lines of closing curly brackets

Solution: async and await.

The problem, reborn: NoSQL. Code is indented by three hundred fucking spaces just to run a query. Your query ends with thirty lines of closing curly brackets.

Manager: We need to make the new system multi-threaded.
Previous Dev: Yes, so let's use Tasks everywhere! And by everywhere, I mean EVERYWHERE!!!

This is what I've found by delving into the code base which I have inherited!

It was a shit idea to try and get async to work in my first ever real programm meant to be used in production.
Unit tests are a bitch to make.
And now everything just kinda falls down on its own.

At least i learned a ton and got a lot of firsts out of the way.

It's a shame that people don't want to use F# but prise C# for how cool it became and continue becoming. At the same time, little do they know that many of the features were simply drawn from F#.

It's just rediculous how far this OO and C-Style syntax crap has progressed. They keep copying things from functional langugages, making the initial language to be a monstrocity like C++ is now, insted of just using languages like C#. I mean, it was right there before C#: async/task, immutablility, records, indexes, lambdas, non-null by default, who the hell knows what else.
Besides, many people (in my company at least) are just blindly overengineering with patterns and shit, where a simple function would be just enogh.

Watch some some NDC talks about F#, in particular those of Scott Wlaschin. It's just better in so many ways: less noice (I'm looking at you, brackets, commas and semicolons), the whole LOT of type inference and less duplication (just look at the C# signatures of linq methods - it's difficult to read them), immutability by default, non-nullable by default, ADTs and pattern matching, some neat features like type providers (how many times have used "paste special" or an online tool to create C# classes from a JSON/XML file, and how many times have your regenrated it because of schema changes?) and units of measure.

Of course, in some cases it's not optimal, in some cases mutable datastructures of C# are better for performance. But dude, how many performance critical systems have you wrote in C#? I mean, if it comes to performance you should use Rust or C++ or C after all.

*sighs*

I expect somebody else has chosen this as well, but anyway:

Async.<any-function>, cause they brought me out of callback hell and taught me the undefined ways async...arghhhh fuck

There's a special place in hell for JS people using `.then()` and `.catch()` instead of simply `await func()`.
Why have 5 lines of code with an await, when instead you can have 5 nested `.then` callbacks.

And yes I know there are some cases where async/await isn't applicable, but that's rather rare

Bloody fucking Android! Updates, updates and more updates! My development Nexus 5X won't allow me to sideload apps since it updated... Hello, printf debugging! Goodbye, profiler and debugger!

My hate for Android grows with each version after 4.0.$something... 2 was shit, I missed 3, 4 was OK, and since then it's going steeply down.

And don't get me started on Material Design...! Good luck figuring out what's a button and what's a label...

And what's up with the "let's keep all apps running all the time to save a few ms on start" philosophy!? Who thought that is a good idea!? Yeah, System.exit(0) works, but... Is it so hard to determine when it's not needed anymore (has no services running etc.)? Why should a web browser (for example) stay in memory after I quit? Minimize is a thing (Home button), why make it so confusing?

Another thing - feedback-less async tasks - why? I like to know when it is working in the background... How the hell am I supposed to find out if it is supposed to do this or if it is frozen?

And Android deciding to kill your process whenever it pleases without any callback... Happened to me once with an Activity in the foreground (no exceptions anywhere in my app, it just quit). How do you do IO properly? It seems you can't guarantee some file or socket or something that must be closed doesn't stay open (requiring to restart Bluetooth 'cause the socket wasn't closed, for example)...

Originally I'm coming from Java , about 2 years ago, I switched Node with TypeScript and had a hard time getting accustomed to Promises. It was a big relief when I learned about async/await. Much cleaner code, no brainfuck anymore when thinking about how to handle stuff that requires multiple async values and so on.

Now I'm working on a clients project as a Java dev again. SOA, Spring Framework, Kafka and MongoDB, nothing too complicated... if they wouldn't use reactor to bring reactive functionalities to Java.

It feels like I'm back in Promise Hell...

Architecture for Java REST API going to build/port from existing NodeJS one.
So Spring Boot + *

Lots of concurrent requests and large MongoDB calls. Current APIs use like 4GB memory for each instance because they don't use stream/pipe the response. Hold all data in memory and then return it all at once to user.

And well we expect more load in the future, so want to do this the right way.

So my understanding since this morning, is there's the blocking? MongoClient, (find* returns List) and now a Reactive MongoClient which is very async and like JS promises. Based on Pub, Sub model.

But the downside of JS promises was callback hell.

So actually 2 questions.
1. For each request, the db call done using the same MongoClient/db connection such that if there are 2 requests one would block the other?
2. Reactive Mongo would be non-blocking by design so would be better to support streamed responses?

Rant/question:
httpDoSmth1().subscribe(x =>
...then(y =>
httpDoSmth2(x).subscribe(z =>
//do smth with z
return z
)
)
)
Isn't this (not my code) callback hell all over again? The 2. http call expects results from the 1. http call. I feel like this could be solved cleaner using async await/switchMap/etc. ... but not like this.

Started today by solving it, seemingly with no problems at all!

Last week i had extreme problems regarding some async ajax-calls.

Sort of felt like i dreamt about a solution.

I love and hate javascript. I set out to do a fully ajax/state driven form interface that operates with multiple interdependent data objects which all extend a base class.

React/Angular may have been a better call but I just didn't have time so I needed to rapid prototype in jquery /vanilla JS.

I'm in the midst of learning and refactoring all the ajax calls to promises and then to async/await, so it's a huge learning experience...

Meanwhile I've got to build objects to represent the data on the backend which is all legacy OScommerce/PHP

Hell of a ride.

Ugh trying to refactor a Node.js MUD codebase to use mongodb. It currently accesses/stores it's data in json files via synchronous FS operations. Callback and/or .then hell, here I come!