[This makes me sound really bad at first, please read the whole thing]

Back when I first started freelancing I worked for a client who ran a game server hosting company. My job was to improve their system for updating game servers. This was one of my first clients and I didn't dare to question the fact that he was getting me to work on the production environment as they didn't have a development one setup. I came to regret that decision when out of no where during the first test, files just start deleting. I panicked as one would and tried to stop the webserver it was running on but oh no, he hasn't given me access to any of that. I thought well shit, I might as well see where I fucked up since it was midnight for him and I wasn't able to get a hold of him. I looked at every single line hundreds of times trying to see why it would have started deleting files. I found no cause. Exhausted, (This was 6am by this point) I pretty much passed out. I woke up around 5 hours later with my face on my keyboard (I know you've all done that) only to see a good 30 messages from the client screaming at me. It turns out that during that time every single client's game server had been deleted. Before responding and begging for forgiveness, I decided to take another crack at finding the root of the problem. It wasn't my fault. I had found the cause! It turns out a previous programmer had a script that would run "rm -rf" + (insert file name here) on the old server files, only he had fucked up the line and it would run "rm -rf /". I have never felt more relieved in my life. This script had been disabled by the original programmer but the client had set it to run again so that I could remake the system. Now, I was never told about this specific script as it was for a game they didn't host anymore.
I realise this is getting very long so I'll speed it up a bit.
He didn't want to take the blame and said I added the code and it was all my fault. He told me I could be on live chat support for 3 months at his company or pay $10,000. Out of all of this I had at least made sure to document what I was doing and backup every single file before I touched them which managed to save my ass when it came to him threatening legal action. I showed him my proof which resulted in him trying to guilt trip me to work for him for free as he had lost about 80% of his clients. By this point I had been abused constantly for 4 weeks by this son of a bitch. As I was underage he had said that if we went to court he'd take my parents house and make them live on the street. So how does one respond? A simple "Fuck off you cunt" and a block.

That was over 8 years ago and I haven't heard from him since.

If you've made it this far, congrats, you deserve a cookie!

If you thought your legacy code was bad, this is what I'm dealing with. The below SQL is stored in a cookie on login and executed to on every further request to determine the user / privileges.

I'm working on a project with a teacher to overview the project at my school to be responsible for the confidential student data...

Teacher: How are we going to authenticate the kiosk machines so people don't need a login?

Me: Well we can use a unique URL for the app and that will put an authorized cookie on the machine as well as local IP whitelisting.

Teacher: ok but can't we just put a secret key in a text file on the C drive and access it with JavaScript?

Me: well JavaScript can't access your drive it's a part of the security protocol built into chrome...

Teacher: well that seems silly! There must be a way.

Me: Nope definately not. Let's just make a fancy shortcut?

Teacher: Alright you do that for now until I find a way to access that file.

I want to quit this project so bad

If you want to learn about bad UX design, look at every GDPR-compliant cookie alert on websites. The dialogues generally follow this pattern:
* Highlighting "Accept all" instead of "Reject" to bait you into habit-clicking.
* After clicking "Reject", you'll be redirected to an infinite list of usages. There is never a "deselect all" option. You need to opt-out everything manually.
* Sliders use some ambiguous coloring scheme without labels, which means you never know if you turned it on or off.
* Instead of "Reject", there is an "Other options" button. Clicking it redirects to a EULA document, with at the end... no other options.

Everything looks compliant, but they are still boobietrapping everything so you just wouldn't be able to opt out. Fucking data-vendoring assholes.

Story time! This happened several years ago, back when I didn't have a computer and I was just using the computers at the university. They had 8 iMacs all in a row, and I would sign into one and do my work.

Now these computers have Deep Freeze on them, which is a fancy hard disk driver that treats the entire drive as copy-on-write, so when anything writes to the drive it makes a copy of the block and writes to that instead. That way all your changes are gone when you reboot. It's a real nifty idea, but it's annoying that you have to reset all your settings the way you like them.

So as part of my setup routine I signed into iCloud. This automatically synced my browser history and my email, and various other things I didn't really care about.

One of those things I didn't care about was Find My Mac. I found this out next time I signed into iCloud and saw the university computer on the list. I had never seen these computers on the list before since normally the computer reboots and forgets everything when you log out. What I think happened is the sysadmin forgot to check the "reboot on logout" option in Deep Freeze. So I was like "I wonder what would happen if I passcode locked the computer?" I clicked the passcode lock option and entered 5555, and it seemed to work.

The next day I come in and the particular computer I locked was gone. I thought "oh God what have I done". So I inquired with the sysadmin (who I really hope is not reading this) and he said "oh, someone got into the Find my Mac thing and locked it down. We were trying different codes, since if we couldn't unlock it we'd have to send it to Apple and provide proof of purchase and that could take weeks. We had tried all the obvious ones like 1234 and that wasn't working so I was about to give up, but then I tried 5555 and it rebooted! So yeah, it'll be back soon, and I decided to try installing OS X 10.11 on it because we'll all need to upgrade sooner or later eventually and it's best to have tested a bit first."

So in the end I somehow made it out with my skin still on, and also with El Capitan on one of the computers, which was the only one I used after that. Not so bad! Oh and if you've manged to read all the way through you deserve a cookie 🍪😄

Installed Cookie Clicker yesterday. This app literally bombs my PiHole with ad- and tracker domains.
This is pretty bad...

I used to work for a company that had a main website and a lightweight app. LW app was distributed to partners and added to other sites using an iframe.

Someone decided a requirement was to retain the shopping cart for anonymous users. Some dev thought the best way to do that was to issue auth cookies to anonymous users.

The auth cookie issued by the LW app was actually for the main site. A few users for LW app decided to just come to main site to make a purchase. Since they already had an auth cookie (issued from LW app), they were never prompted to log in, create an account, or use guest checkout on the main site. They were still able to complete their order and we had their shipping address, but we didn’t have their email address so we couldn’t contact them about their order.

Customer service had no way to email customers if something went out of stock or if there was a product recall. CS would have to call these customers and ask for email addresses. Good luck getting anyone to answer or return a call nowadays. Customers were asking where their confirmation email was. The admin website was polluted with “users” that had the placeholder email for non-logged in users.

This happened because of a combination of an understaffed and overextended engineering department. Of course when something goes bad it’s going to be bad.

# Retrospective as Backend engineer

Once upon a time, I was rejected by a startup who tries to snag me from another company that I was working with.
They are looking for Senior / Supervisor level backend engineer and my profile looks like a fit for them.
So they contacted me, arranged a technical test, system design test, and interview with their lead backend engineer who also happens to be co-founder of the startup.

## The Interview

As usual, they asked me what are my contribution to previous workplace.
I answered them with achievements that I think are the best for each company that I worked with, and how to technologically achieve them.

One of it includes designing and implementing a `CQRS+ES` system in the backend.
With complete capability of what I `brag` as `Time Machine` through replaying event.

## The Rejection

And of course I was rejected by the startup, maybe specifically by the co-founder. As I asked around on the reason of rejection from an insider.

They insisted I am a guy who overengineer thing that are not needed, by doing `CQRS+ES`, and only suitable for RND, non-production stuffs.

Nobody needs that kind of `Time Machine`.

## Ironically

After switching jobs (to another company), becoming fullstack developer, learning about react and redux.
I can reflect back on this past experience and say this:

The same company that says `CQRS+ES` is an over engineering, also uses `React+Redux`.
Never did they realize the concept behind `React+Redux` is very similar to `CQRS+ES`.

- Separation of concern
- CQRS: `Command` is separated from `Query`
- Redux: Side effect / `Action` in `Thunk` separated from the presentation
- Managing State of Application
- ES: Through sequence of `Event` produced by `Command`
- Redux: Through action data produced / dispatched by `Action`
- Replayability
- ES: Through replaying `Event` into the `Applier`
- Redux: Through replay `Action` which trigger dispatch to `Reducer`

---

The same company that says `CQRS` is an over engineering also uses `ElasticSearch+MySQL`.
Never did they realize they are separating `WRITE` database into `MySQL` as their `Single Source Of Truth`, and `READ` database into `ElasticSearch` is also inline with `CQRS` principle.

## Value as Backend Engineer

It's a sad days as Backend Engineer these days. At least in the country I live in.
Seems like being a backend engineer is often under-appreciated.
Company (or people) seems to think of backend engineer is the guy who ONLY makes `CRUD` API endpoint to database.

- I've heard from Fullstack engineer who comes from React background complains about Backend engineers have it easy by only doing CRUD without having to worry about application.
- The same guy fails when given task in Backend to make a simple round-robin ticketing system.
- I've seen company who only hires Fullstack engineer with strong Frontend experience, fails to have basic understanding of how SQL Transaction and Connection Pool works.
- I've seen company Fullstack engineer relies on ORM to do super complex query instead of writing proper SQL, and prefer to translate SQL into ORM query language.
- I've seen company Fullstack engineer with strong React background brags about Uncle Bob clean code but fail to know on how to do basic dependency injection.
- I've heard company who made webapp criticize my way of handling `session` through http secure cookie. Saying it's a bad practice and better to use local storage. Despite my argument of `secure` in the cookie and ability to control cookie via backend.

...when you find yourself circumventing your own security measures that you lectured the entire team about...

How must it feel to build pagination for the partner list in a cookie consent popup? Did the dev realize that they and their company are the primary reason for the GDPR? That they are the ultimate bad guys of online privacy, even worse than accumulators like Google who process their data in-house?

I waa pretty sure fortune cookies were getting weirder... but seriously, it's gotten THIS bad? Not a fortune, nor a proverb, just a one-liner on political finance?

Just seems extra messed up that you can now be prompted to discuss national debt via fortune cookie from chinese take-out. We do owe the most to china afterall. Yet fortune cookies are invented by us(and typically one of the few things produced stateside). Just seems extra off...

So a while back I had found a hole in a website's security, one that I has used pretty frequently. I was able to change my cookies and become any user I wanted. The only caveat was that I had to log in as a user in order to get things started. But once I was in I could basically be anyone I wanted to be just by changing a few numbers in the user ID of the cookie. They also did all of their user processing on the client side. Even password checks.

A couple weeks back I decided to go back in to see if anything had changed since then. It did! But not in the way I had thought.

So these guys decided that instead of fixing their security hole, they would have users just contact their people directly in order to get a new account.

Wow that's so much fucking overhead for basically being a lazy shit and not fixing the security holes. I mean how bad is your architecture if you can't go in and fix this?

Not only that I found that they actually stripped all of the users of their original subscriptions. So now if you want to get back on your subscription you'll have to fork over another $399. So that means going to their shitty form filling out your name, your number, email, and just hope that someone contacts you via phone call.

I'm glad I dropped this service. They clearly can't get their shit together.

Hey just brainstorming a business/ startup idea I may try out sometime down the line. I wanted to put it in writing available to my peers for review. If that sounds boring, sorry.

So I've had an idea and I know it's a million dollar idea because it's absolutely boring as fuck.

Recently I have been learning about NoSQL and it has gotten me pretty excited about unstructured data.

Now the first thing you should know about me is I like to make business software. I don't like games or social networks or blah blah blah, I like business stuff. One dream I have always had is to make THE business solution. I've noticed so many specific business solutions for very specific areas of work. Specific software for car washes, which is separate from the software for car maintenance, which is separate from the point-of-sales software, which is separate from the [...]

One of the problems with this is the inconsistency. Modular is good, but only if the modules are compatible. They aren't. Training needs to be provided for each individual system since they are all vastly different. And worst of all, since all of these different applications reach their own niche market, they charge out the butt for things that are usually very simple "POST a form over http(s)" machines.

I mean let's not get too dreamy here. My solution is an over-complicated form-builder. But it would be a game-changer for small and medium-sized businesses. Allowing users to build their own front-end and back-end disguised as a drag-and-drop form builder would be THE alternative, because they could bring all of their solutions into a single solution (one bill!) and since THEY are the ones that build what they need, they can have custom business software for the price of a spreadsheet program.

The price difference we could offer would be IMMENSE. Not only would we be able to offer "cookie-cutter" pricing as opposed to "custom" pricing, but since this generic solution could be used for essentially all of their systems, we aren't just decreasing one bill. We're decreasing one bill, and eliminating the rest entirely. We could devastate competition.

"BUT ALGO", you scream in despair, "USERS AREN'T SMART ENOUGH TO DRAG AND DROP FORM PARTS TO MAKE A FORM"

I mean ya true. But you say that like it's a bad thing. For one, we can just offer a huge library of templates. And for another, which is part of the business plan, we can charge people support dollars to help them drag and drop their stupid fucking forms!! Think of the MONEEYYYY YOU COULD MAKEE BY EXPLAINING HOW TO COLLECT FIRST AND LAST NAMEEE. Fuck.

The controls library would be extensible of course. You would be able to download different, more specialized controls if you need them. But the goal would be to satsify those needs with the standard collection of controls (Including interesting ones line barcode scanner and signature input and all that). But if all else fails, maybe someone made an open source control for you to implement and ignore that stupid donation button. We all do.

This could PURGE the world of overpriced and junky specialized business software, and best of all, it's aimed at smaller businesses. With smaller businesses making more profit, they will stay afloat better and may start to compete with their larger foes. Greater for the entire economy.

Anyways, I'm sure it's full of holes. Everything always is. But I still think it's something I'll try before I die.

Random thoughts on more out of the box tools/environments.

Subject: Pharo

Some time ago I had shown one of my coworkers about Pharo and he quickly got the main idea behind it but mentioned how he didn't like the idea of leaving behind his text editor to deal with source code.

Some time last week I showed the dude some cool 3d animations you can do with Pharo while simultaneously manipulating the code to change them in real time. Now that caught his attention particularly and he decided he wanted to know more about the language but in particular the benefits of fucking around with an image based environment rather than a file based.

Both of us reached the conclusion that image based makes file based dev enviroments seem quaint in comparison, but estimated that it was nothing more than a sentiment rather than a fact.

We then considered what could be the advantage/disadvantages of such environments but I couldn't come up with anything other than the system not having something like Vim or VS Code or whatever which people love, but that it makes up for it with some of the craziest IDE tools I had ever seen. Plugins in this case act like source code repos that you can download and activate into your workflow in what feels something similar to VS Code being extended via plugins written in JS, and since the GUI is maleable as it is(because everything is basically just subsets of morp h windows) then extending functionality becomes so intuitive that its funny

Whereas with Emacs(for example) you have to really grind your gears with Elisp or Vimscript in Vim etc etc, with Pharo your plugin system is basicall you just adding classes that will convert your OS looking IDE into something else.

Because of how light the vm machine is, portability is a non issue, and passing pharo programs arround is not like installing Java in which you need the JVM.

Source code versioning, very important, already integrated into every live environment and can be extended to do pushes through simple key bindings with no hassle.

I dunno, I just feel that the tool is too good to be true. I keep trying to push limits into it but thus far I have found: data visualization and image modeling to work fine, web development with Teapot to be a cakewalk and work fine, therr are even packages for Arduino development.

I think its biggest con would be the image based system, but would really need to look into how this is bad by any reason other than "aww man I want vim!" since apparently some psychos already made Emacs and VS code packages for interfacing with Pharo source trees.

Embedded is certainly out of the question for any real project since its garbage collected and not the most performant cookie in the jar.

For Data science I can see some future, seems just as intuitive and interesting as a Jupyter Notebook actually, but the process can't and will not be the same since I still don't know of a way to save playground snippets unless you literally create classes for it, in which case every model you build gets saved inside of an object, sounds possible but, strange since it is not a the most common workflow in jupyter.

Some of the environment is sometimes glitchy, but it does have continuos development and have not found many hassles.

There is a biased factor from my side: I seem to be wired to understand the syntax and simple object model better than in other languages. To me this feels natural as if I was just writing ideas rather than code, mostly because I feel that there really ain't much in terms of syntax, the language gets out of my way and the IDE feels like the most intuitive environment in the world to me. I can see why some people would find it REALLY weird of counterintuitive tho.

Guess I really am a simple dude.

Doing the Full Stack Nanodegree from Udacity
Using Google's oAuth Sign in in my Flask App, I realized that no matter what browser I use, I was unable to logout, Google always threw an error my way. I figured something must be wrong with my code..
Searched on Google, couldn't find anything relevant, gave up on first 4 results(not pages, yeah I'm that lazy!)
Spent 3 hours Debugging at different points, removing all the abstraction I've put in using various libraries (Bad move)
Finally it dawned on to me to check Udacity forum as well. It's a frickin cache/cookie thing. Tried the app in an incognito window, worked like a charm. Reverted code back with all the libraries, worked like a charm again!

FUCK YOU GOOGLE! In your attempts to track users, you're even making our work difficult!

(in hindsight, I should probably be better at asking/looking for help)