Client: "Hey we want you to integrate your product with our system."
Me: "Oh, OK. Where's your API?"
Client: "Here! We even have an outdated .Net SDK, we use XML."
Me: "Ok.. how do we authenticate? What's your OAuth 2.0 endpoint?"
Client: "O auth what?"
Me: " You know, the current standard for REST API authentication and authorisation"
Client: " What's REST?"
*Hungs up*

If the time comes when the traditional signing in with email dies out, I don't know how long I'm gonna last to the Internet anymore. I never liked the idea of having my accounts associated with these giants especially with Facebook.

I fucking want to skin alive my engineering senior director and VP.

Fucking piece of shit people. Looking at their faces from behind the screen, I can sense them stink doneky balls.

They have made my life hell.

The entire tech architecture is absolute shit in nature and engineers cannot even build a single blue colour button without creating a major fuss about it.

Every single aspect of product is built kept in my only the engineer persona. Everyone else can go and suck a racoon's dick.

And they have no concept of tech debt. They just keep building and building stuff. And then build some more.

Entire engineering org is in rush to ship shit at the end of sprint and if they don't then VP and Director are pissed. So to keep those two half witted donkeys happy, these people ship garbage. And all they comment is "cool, very cool".

And hence, entire fucking product is built because it's cool irrespective of whether it solves a problem or not.

A single user role authorisation or authentication is so fucking complex that it would take an eternity for even a developer to figure what's happening.

Fucking toxic human wastes.

There's a company wide mandate to use a certain tech stack, design guidelines, and a vision that all teams have to align. But these faggots are going in opposite direction to do what they feel like and forcing everyone else to ignore all other engagements or alignments with other teams.

These two people should be skinned alive in town square during noon and then left there until they dehydrate entirely. Fucking baboons.

I am so fucking pissed with such mindset.

Ticket: “feature [x] doesn’t work”

Me: “I’ll need more details: how do I reach feature [x]? In which of the three projects you assigned me is that?”

Manager: “the design is in the ticket”

Me, in my head: “can you effin listen to what I told you before giving air to your mouth?”
Me, in person: “yeah I just need to know which project this refers to and how to reach it”

Manager: “but you have to open the ticket as a separate page!”

Me: “sure!” *waits 15 min, opens a ticket for more details, assigns it to manager, flags as blocking, flags the other one as blocked*

5 mins later: details are given and I can proudly fox it by remembering the manager they have to login in order to see feature [x]

Later in the workweek:

Manager at 8:00 URGENT FEATURE! MUST BE DELIVERED BY EOD

Me, 10:00 “can jump on it, need authorisation for [a procedure]

Me, 11,12,13,15,16,17:30: pings for an answer

Manager, 17:58 “ah sorry didn’t see, we can do it tomorrow”

Is this the matrix? Am I being stopped from developing cause I am randomly accessing matrix’s code without knowing it? Is this the Truman show? And most importantly: can I please take part to a manager hiring session? I am curious to see how tf you hire such peculiar people.

OMG! !rant!!!!
I already ranted about the elevator at home being stoooopid for opening doors on way up when you wanna go down..

But our work elevator is awesome!
I figured today that I can play with the authorisation light with the chip for the home elevator.. so from orange to green (work card) to red (home chip) to green to red... OMG!!! Awesome!!

Also the look of horror on coworker's face was priceless (work elevators have a tendency to malfunction as it is, without me playing with them)!!! xD xD xD

authentication and authorisation can go fuck itself
why are there so little decent documentation on how to build an IDP
or implement OAuth2.0
dammit
maybe it’s just ASP.NET core and blazor
but fuck this

Legacy code that has a really long and convoluted way of integrating Dropbox authorisation to save files etc.

This happened in a meeting discussing where I’m at with the upgrade.

Me: This upgrade is going to take a while because of how outdated the app is. Also for assets uploaded by the user why don’t we just use active storage for this now as we have rails 6 now. Plus it will reduce a lot of code.

Other Dev: why would we do that? It’s a big change and will need testing.

Me: A lot of stuff is broken after the upgrade anyway and if we have a more built in simple way to do it why wouldn’t we? Also simplifying the code base is always good. The PR is already 1000+ files and we’re going to have to retest the app anyways.

Other Dev: *crickets*

I’m trying to make the app more smooth and streamlined and overall a better codebase as currently it’s shocking there and security holes galore, its like they don’t trust me with changing anything big haha honestly I think I’m the only one who wants to actually improve the application.

This rant is tribute to the guy who doesn't allow you to login to site before authorization..

the level of security one can never imagine 😂

Another tale of the legacy app, so I'm redoing the user roles using the cancancan gem.

Hop into a meeting to go over why I'm re-doing the authorisation, currently, the app is using the rails-authorization-plugin, yes from Rails 2.0.

me: *explains why this is the way to do it*
other dev: "Can we just fix the custom code we have added in that plugin?"
me: "Well given that it's a massively out of date plugin and we have a ton of deprecations, probably not"
other dev: "so let's try and fix it"

Christ, why are we still clinging onto 10+-year-old plugins if were going to keep getting errors when we upgrade?

Only found this out after the fact, but an almost total lack of authorisation checks in an exposed API has got to be up there.

Facebook phasing out old instagram API made my life so much more fun. Now, to get a feed OW MY OWN ACCOUNT'S POSTS that I could filter by tags I need to go through two layers of authorisation - and then still go through ridiculous hops to get those goddamn tag lists. JESUS CHRIST. I hate Zuckerberg and I wish him a rusty guillotine when the time will come.

#Suphle Rant 9: a tsunami on authenticators

I was approaching the finish line, slowly but surely. I had a rare ecstatic day after finding a long forgotten netlify app where I'd linked docs deployment to the repository. I didn't realise it was weighing down on me, the thought of how to do that. I just corrected some deprecated settings and saw the 93% finished work online. Everything suddenly made me happier that day

With half an appendix chapter to go, I decided to review an important class I stole from my old company for clues when I need to illustrate something involved using a semblance of a real world example (in the appendix, not abstract foo-bar passable for the docs)

It turns out, I hadn't implemented a functionality for restricting access to resources to only verified accounts. It just hasn't been required in the scheme of things. No matter, should be a piece of cake. I create a new middleware and it's done before I get to 50 lines. Then I try to update the documentation but to my surprise, user verification status turns out to be a subset of authentication locking. Instead of duplicating bindings for both authentication and verification, dev might as well use one middleware that checks for both and throws exceptions where appropriate.

BUT!

These aspects of the framework aren't middleware, at all. Call it poor design but I didn't envisage a situation where the indicators (authentication, path based authorisation and a 3rd one I don't recall), would perform behaviour deviating from the default. They were directly connected to their handlers and executed after within the final middleware. So there's no way to replace that default authentication scheme with one that additionally checks for verification status.

Whew

You aren't going to believe this. It may seem like I'm not serious and will never finish. I shut my system down for that day, even unsure how those indicators now have to refactored to work as middleware, their binding and detachment, considering route collections are composed down a trie

I'm mysteriously stronger the following day, draw up designs, draft a bunch of notes, roll my sleeves, and the tsunami began. Was surprisingly able to get most of previous middleware tests passing again before bed, with the exception of reshuffled classes. So I guess we can be optimistic that those other indicators won't cause more suffering or take us additional days off course

Backend wise

After a year and a half of working with what i love (nodejs microservices and bit of python) I have to update my php skills and refresh my memory with latest Laravel 😕 (I used it as an authentication/authorisation and REST backend for a react native app early 2016 and did not touch it since)

Passive Job hunting sux and yes PHP ain't my thing anymore 😔 i mean i have next to 6-8 years exp in it but given the choice... 😒

I used to love it (so many good memory with cakephp 😌🙄it teached me a lot early in my carrer) before I discover functional programming paradigm and got deep understanding of JS