Buzzword dictionary to deal with annoying clients:

AI—regression
Big data—data
Blockchain—database
Algorithm—automated decision-making
Cloud—Internet
Crypto—cryptocurrency
Dark web—Onion service
Data science—statistics done by nonstatisticians
Disruption—competition
Viral—popular
IoT—malware-ready device

So a few days ago I felt pretty h*ckin professional.

I'm an intern and my job was to get the last 2003 server off the racks (It's a government job, so it's a wonder we only have one 2003 server left). The problem being that the service running on that server cannot just be placed on a new OS. It's some custom engineering document server that was built in 2003 on a 1995 tech stack and it had been abandoned for so long that it was apparently lost to time with no hope of recovery.

"Please redesign the system. Use a modern tech stack. Have at it, she's your project, do as you wish."

Music to my ears.

First challenge is getting the data off the old server. It's a 1995 .mdb file, so the most recent version of Access that would be able to open it is 2010.

Option two: There's an "export" button that literally just vomits all 16,644 records into a tab-delimited text file. Since this option didn't require scavenging up an old version of Access, I wrote a Python script to just read the export file.

And something like 30% of the records were invalid. Why? Well, one of the fields allowed for newline characters. This was an issue because records were separated by newline. So any record with a field containing newline became invalid.

Although, this did not stop me. Not even close. I figured it out and fixed it in about 10 minutes. All records read into the program without issue.

Next for designing the database. My stack is MySQL and NodeJS, which my supervisors approved of. There was a lot of data that looked like it would fit into an integer, but one or two odd records would have something like "1050b" which mean that just a few items prevented me from having as slick of a database design as I wanted. I designed the tables, about 18 columns per record, mostly varchar(64).

Next challenge was putting the exported data into the database. At first I thought of doing it record by record from my python script. Connect to the MySQL server and just iterate over all the data I had. But what I ended up actually doing was generating a .sql file and running that on the server. This took a few tries thanks to a lot of inconsistencies in the data, but eventually, I got all 16k records in the new database and I had never been so happy.

The next two hours were very productive, designing a front end which was very clean. I had just enough time to design a rough prototype that works totally off ajax requests. I want to keep it that way so that other services can contact this data, as it may be useful to have an engineering data API.

Anyways, that was my win story of the week. I was handed a challenge; an old, decaying server full of important data, and despite the hitches one might expect from archaic data, I was able to rescue every byte. I will probably be presenting my prototype to the higher ups in Engineering sometime this week.

Happy Algo!

Worst dev team failure I've experienced?

One of several.

Around 2012, a team of devs were tasked to convert a ASPX service to WCF that had one responsibility, returning product data (description, price, availability, etc...simple stuff)
No complex searching, just pass the ID, you get the response.

I was the original developer of the ASPX service, which API was an XML request and returned an XML response. The 'powers-that-be' decided anything XML was evil and had to be purged from the planet. If this thought bubble popped up over your head "Wait a sec...doesn't WCF transmit everything via SOAP, which is XML?", yes, but in their minds SOAP wasn't XML. That's not the worst WTF of this story.

The team, 3 developers, 2 DBAs, network administrators, several web developers, worked on the conversion for about 9 months using the Waterfall method (3~5 months was mostly in meetings and very basic prototyping) and using a test-first approach (their own flavor of TDD). The 'go live' day was to occur at 3:00AM and mandatory that nearly the entire department be on-sight (including the department VP) and available to help troubleshoot any system issues.

3:00AM - Teams start their deployments
3:05AM - Thousands and thousands of errors from all kinds of sources (web exceptions, database exceptions, server exceptions, etc), site goes down, teams roll everything back.

3:30AM - The primary developer remembered he made a last minute change to a stored procedure parameter that hadn't been pushed to production, which caused a side-affect across several layers of their stack.

4:00AM - The developer found his bug, but the manager decided it would be better if everyone went home and get a fresh look at the problem at 8:00AM (yes, he expected everyone to be back in the office at 8:00AM).

About a month later, the team scheduled another 3:00AM deployment (VP was present again), confident that introducing mocking into their testing pipeline would fix any database related errors.

3:00AM - Team starts their deployments.
3:30AM - No major errors, things seem to be going well. High fives, cheers..manager tells everyone to head home.
3:35AM - Site crashes, like white page, no response from the servers kind of crash. Resetting IIS on the servers works, but only for around 10 minutes or so.
4:00AM - Team rolls back, manager is clearly pissed at this point, "Nobody is going fucking home until we figure this out!!"
6:00AM - Diagnostics found the WCF client was causing the server to run out of resources, with a mix of clogging up server bandwidth, and a sprinkle of N+1 scaling problem. Manager lets everyone go home, but be back in the office at 8:00AM to develop a plan so this *never* happens again.

About 2 months later, a 'real' development+integration environment (previously, any+all integration tests were on the developer's machine) and the team scheduled a 6:00AM deployment, but at a much, much smaller scale with just the 3 development team members.

Why? Because the manager 'froze' changes to the ASPX service, the web team still needed various enhancements, so they bypassed the service (not using the ASPX service at all) and wrote their own SQL scripts that hit the database directly and utilized AppFabric/Velocity caching to allow the site to scale. There were only a couple client application using the ASPX service that needed to be converted, so deploying at 6:00AM gave everyone a couple of hours before users got into the office. Service deployed, worked like a champ.

A week later the VP schedules a celebration for the successful migration to WCF. Pizza, cake, the works. The 3 team members received awards (and a envelope, which probably equaled some $$$) and the entire team received a custom Benchmade pocket knife to remember this project's success. Myself and several others just stared at each other, not knowing what to say.

Later, my manager pulls several of us into a conference room
Me: "What the hell? This is one of the biggest failures I've been apart of. We got rewarded for thousands and thousands of dollars of wasted time."
<others expressed the same and expletive sediments>
Mgr: "I know..I know...but that's the story we have to stick with. If the company realizes what a fucking mess this is, we could all be fired."
Me: "What?!! All of us?!"
Mgr: "Well, shit rolls downhill. Dept-Mgr-John is ready to fire anyone he felt could make him look bad, which is why I pulled you guys in here. The other sheep out there will go along with anything he says and more than happy to throw you under the bus. Keep your head down until this blows over. Say nothing."

It's maddening how few people working with the internet don't know anything about the protocols that make it work. Web work, especially, I spend far too much time explaining how status codes, methods, content-types etc work, how they're used and basic fundamental shit about how to do the job of someone building internet applications and consumable services.

The following has played out at more than one company:

App: "Hey api, I need some data"
API: "200 (plain text response message, content-type application/json, 'internal server error')"
App: *blows the fuck up

*msg service team*

Me: "Getting a 200 with a plaintext response containing an internal server exception"
Team: "Yeah, what's the problem?"
Me: "...200 means success, the message suggests 500. Either way, it should be one of the error codes. We use the status code to determine how the application processes the request. What do the logs say?"
Team: "Log says that the user wasn't signed in. Can you not read the response message and make a decision?"
Me: "That status for that is 401. And no, that would require us to know every message you have verbatim, in this case, it doesn't even deserialize and causes an exception because it's not actually json."
Team: "Why 401?"
Me: "It's the code for unauthorized. It tells us to redirect the user to the sign in experience"
Team: "We can't authorize until the user signs in"
Me: *angermatopoeia* "Just, trust me. If a user isn't logged in, return 401, if they don't have permissions you send 403"
Team: *googles SO* "Internet says we can use 500"
Me: "That's server error, it says something blew up with an unhandled exception on your end. You've already established it was an auth issue in the logs."
Team: "But there's an error, why doesn't that work?"
Me: "It's generic. It's like me messaging you and saying, "your service is broken". It doesn't give us any insight into what went wrong or *how* we should attempt to troubleshoot the error or where it occurred. You already know what's wrong, so just tell me with the status code."
Team: "But it's ok, right, 500? It's an error?"
Me: "It puts all the troubleshooting responsibility on your consumer to investigate the error at every level. A precise error code could potentially prevent us from bothering you at all."
Team: "How so?"
Me: "Send 401, we know that it's a login issue, 403, something is wrong with the request, 404 we're hitting an endpoint that doesn't exist, 503 we know that the service can't be reached for some reason, 504 means the service exists, but timed out at the gateway or service. In the worst case we're able to triage who needs to be involved to solve the issue, make sense?"
Team: "Oh, sounds cool, so how do we do that?"
Me: "That's down to your technology, your team will need to implement it. Most frameworks handle it out of the box for many cases."
Team: "Ah, ok. We'll send a 500, that sound easiest"
Me: *..l.. -__- ..l..* "Ok, let's get into the other 5 problems with this situation..."

Moral of the story: If this is you: learn the protocol you're utilizing, provide metadata, and stop treating your customers like shit.

My mobile phone provider called me and offered me a new contract containing more data volume.
Customer service: 'Your current contract has only 1.5GB data volume. That's not much. With this you can only send 1 or 2 pictures and that's it.'
Me: 'What kind of pictures do you use / send? 😨'

Although this is gonna sound like bullshit, this happened to me for real. Since that moment I use even more backup services AND I regularly check EVERYTHING.

Had a backup of my important data (still used mainstream services back then) on:

- Hotmail email attachments
- Google Drive
(Both link to another email account).
- A few data backup services
- DVD
- USB
- External HDD.

I wanted to copy some backup data over again:

1. Walk to my staple of HDD's, tried to grab it, somehow missed and knocked the whole fucking pile over. HDD broken.

2. Well fuck, let's go put some of my clothes in the washing machine for clean clothes at study/monday. After this shit being in the washing machine for just a few minutes, I realized my backup USB stick was in one of my pockets, in the washing machine. FUCK. Couldn't stop it so I waited till the end, tried it and well, it wasn't working at all anymore.
Fuck my fucking life slightly right now.

3. *remembers about the backup disc*. I forgot to keep it in its case, very deep scratches and so on, unreadable. FUCKING FUCK.

4. Right, I still have those online services! *tries to login to all of them (including hotmail/gdrive) but forgot the password. Well, let's login to my backup account then (hadn't used that one in years). Account was suspended for some reason.
Started to get really anxious because every online backup service was linked to that email address.
Contacted customer support. They really couldn't restore it because of some issues they weren't allow to tell me. Sorry but I couldn't retain access.

5. Well this is fucked up. Couldn't get into any of the backup/hotmail/gdrive accounts anymore.
I tried contacting their support but never got any replies.

This was the moment I realized I fucked up big fucking time because damn, this stuff at this level hardly happens to anyone.

FUCK.

Boss: Our customer's data is not syncing with XYZ service anynmore!

Me: Ok let me check. Did the tokens not refresh? Hmm the tokens are refreshing fine but the API still says that we do not have permissions. The scopes are fine too. I'll use our test account... its... cancelled? Hey boss, why is our XYZ account cancelled?

Boss: Oh, "I haven’t paid since I didn’t think we needed it" (ad verbatim)

😐

!(short rant)

Look I understand online privacy is a concern and we should really be very much aware about what data we are giving to whom. But when does it turn from being aware to just being paranoid and a maniac about it.? I mean okay, I know facebook has access to your data including your whatsapp chat (presumably), google listens to your conversations and snoops on your mail and shit, amazon advertises that you must have their spy system (read alexa) install in your homes and numerous other cases. But in the end it really boils down to "everyone wants your data but who do you trust your data with?"

For me, facebook and the so-called social media sites are a strict no-no but I use whatsapp as my primary chating application. I like to use google for my searches because yaa it gives me more accurate search results as compared to ddg because it has my search history. I use gmail as my primary as well as work email because it is convinient and an adv here and there doesnt bother me. Their spam filters, the easy accessibility options, the storage they offer everything is much more convinient for me. I use linux for my work related stuff (obviously) but I play my games on windows. Alexa and such type of products are again a big no-no for me but I regularly shop from amazon and unless I am searching for some weird ass shit (which if you want to, do it in some incognito mode) I am fine with coming across some advs about things I searched for. Sometimes it reminds me of things I need to buy which I might have put off and later on forgot. I have an amazon prime account because prime video has some good shows in there. My primary web browser is chrome because I simply love its developer tools and I now have gotten used to it. So unless chrome is very much hogging on my ram, in which case I switch over to firefox for some of my tabs, I am okay with using chrome. I have a motorola phone with stock android which means all google apps pre-installed. I use hangouts, google keep, google map(cannot live without it now), heck even google photos, but I also deny certain accesses to apps which I find fishy like if you are a game, you should not have access to my gps. I live in India where we have aadhar cards(like the social securtiy number in the USA) where the government has our fingerprints and all our data because every damn thing now needs to be linked with your aadhar otherwise your service will be terminated. Like your mobile number, your investment policies, your income tax, heck even your marraige certificates need to be linked with your aadhar card. Here, I dont have any option but to give in because somehow "its in the interest of the nation". Not surprisingly, this thing recently came to light where you can get your hands on anyone's aadhar details including their fingerprints for just ₹50($1). Fuck that shit.

tl;dr
There are and should be always exceptions when it comes to privacy because when you give the other person your data, it sometimes makes your life much easier. On the other hand, people/services asking for your data with the sole purpose of infilterating into your private life and not providing any usefulness should just be boycotted. It all boils down to till what extent you wish to share your data(ranging from literally installing a spying device in your house to them knowing that I want to understand how spring security works) and how much do you trust the service with your data. Example being, I just shared most of my private data in this rant with a group of unknown people and I am okay with it, because I know I can trust dev rant with my posts(unlike facebook).

Dear Android:

I know I'm not on wifi. I get it. Sometimes data coverage isn't amazing or the network is congested. It's cool. You can just flash "no service" and I just won't try. or even "3G" and I'll have some patience. I rember how slow 3G was. It's okay, I'll wait.

But fucking stop showing 4G LTE if you can't make a fucking GET request for a 2kb text file in less than 5 minutes! Fucking really? Don't fucking lie to me with your false hope bullshit, just tell me the truth and I'll probably sigh and say shit and put my phone away.

But fuck you and your progress bar externally stuck in the middle. As if to say you're making progress! Wasting my time!

If you can't download a kilobyte in a 5min period, why even say I have data at all? What good does that do me?

My first testing job in the industry. Quite the rollercoaster.

I had found this neat little online service with a community. I signed up an account and participated. I sent in a lot of bug reports. One of the community supervisors sent me a message that most things in FogBugz had my username all over it.

After a year, I got cocky and decided to try SQL injection. In a production environment. What can I say. I was young, not bright, and overly curious. Never malicious, never damaged data or exposed sensitive data or bork services.

I reported it.

Not long after, I got phone calls. I was pretty sure I was getting charged with something.

I was offered a job.

Three months into the job, they asked if I wanted to do Python and work with the automators. I said I don't know what that is but sure.

They hired me a private instructor for a week to learn the basics, then flew me to the other side of the world for two weeks to work directly with the automation team to learn how they do it.

It was a pretty exciting era in my life and my dream job.

So we hired a junior engineer. 1 year of experience, this is his second job.

First task: Send some data to a web service using its REST API. Let me know when you've finished.

Two hours later I go to check on him.
- "I'm trying to decode this weird format the server uses"
He was writing a JSON parser in Python from scratch.

:/

Q: Your data migration service from old site to new site cost money.
A: Yes, I have to copy data from old database and import to the new one.

Q: Can I just provide you content separately so you don’t need to do that?
A: Yes, but I will have to charge you for copying and pasting your 100 pages of content manually.

Q: Can it come with part of the web development service and not as an additional service?
A: Yes, but the price for web development service will have to be increased to combine the two. If you don’t want to pay for it, I can just set up a few sample pages with the layout and you can handle your own content entry. Does that work for you?

Q: Well, but then I will have to spend extra time to work on it.
A: Yes you will. (At this point I think she starts to understand the concept of Time = Money...)

Every step of this project has added another six hurdles. I thought it would be easy, and estimated it at two days to give myself a day off. But instead it's ridiculous. I'm also feeling burned out, depressed (work stress, etc.), and exhausted since I'm taking care of a 3 week old. It has not been fun. :<

I've been trying to get the Google Sheets API working (in Ruby). It's for a shared sales/tracking spreadsheet between two companies.

The documentation for it is almost entirely for Python and Java. The Ruby "quickstart" sample code works, but it's only for 3-legged auth (meaning user auth), but I need it for 2-legged auth (server auth with non-expiring credentials). Took awhile to figure out that variant even existed.

After a bit of digging, I discovered I needed to create a service account. This isn't the most straightforward thing, and setting it up honestly reminds me of setting up AWS, just with less risk of suddenly and surprisingly becoming a broke hobo by selecting confusing option #27 instead of #88.

I set up a new google project, tied it to my company's account (I think?), and then set up a service account for it, with probably the right permissions.

After downloading its creds, figuring out how to actually use them took another few hours. Did I mention there's no Ruby documentation for this? There's plenty of Python and Java example code, but since they use very different implementations, it's almost pointless to read them. At best they give me a vague idea of what my next step might be.

I ended up reading through the code of google's auth gem instead because I couldn't find anything useful online. Maybe it's actually there and the past several days have been one of those weeks where nothing ever works? idk :/

But anyway. I read through their code, and while it's actually not awful, it has some odd organization and a few very peculiar param names. Figuring out what data to pass, and how said data gets used requires some file-hopping. e.g. `json_data_io` wants a file handle, not the data itself. This is going to cause me headaches later since the data will be in the database, not the filesystem. I guess I can write a monkeypatch? or fork their gem? :/

But I digress. I finally manged to set everything up, fix the bugs with my code, and I'm ready to see what `service.create_spreadsheet()` returns. (now that it has positively valid and correctly-implemented authentication! Finally! Woo!)

I open the console... set up the auth... and give it a try.

... six seconds pass ...

... another two seconds pass ...

... annnd I get a lovely "unauthorized" response.

asjdlkagjdsk.

> Pic related.

Paypal Rant #2

Paypal might just be the only company with 98% of their employees being support staff because not a soul on this planet knows how to work with that fucking piece of shit of a company's service.

No really, if there was a shittiness-rating from 1-10 (10 = worst) you would have to store paypal's rating as a string or invent a new data type because no CPU could fucking work with such a big ass fucking number.

If I had to choose between Paypal and going back to manually trading physical goods/animals for stuff I would gladly choose the latter, because Paypal, go suck a bag of dicks you useless fucking shitpile of a "company".

So, some time ago, I was working for a complete puckered anus of a cosmetics company on their ecommerce product. Won't name names, but they're shitty and known for MLM. If you're clever, go you ;)

Anyways, over the course of years they brought in a competent firm to implement their service layer. I'd even worked with them in the past and it was designed to handle a frankly ridiculous-scale load. After they got the 1.0 released, the manager was replaced with some absolutely talentless, chauvinist cuntrag from a phone company that is well known for having 99% indian devs and not being able to heard now. He of course brought in his number two, worked on making life miserable and running everyone on the team off; inside of a year the entire team was ex-said-phone-company.

Watching the decay of this product was a sheer joy. They cratered the database numerous times during peak-load periods, caused $20M in redis-cluster cost overrun, ended up submitting hundreds of erroneous and duplicate orders, and mailed almost $40K worth of product to a random guy in outer mongolia who is , we can only hope, now enjoying his new life as an instagram influencer. They even terminally broke the automatic metadata, and hired THIRTY PEOPLE to sit there and do nothing but edit swagger. And it was still both wrong and unusable.

Over the course of two years, I ended up rewriting large portions of their infra surrounding the centralized service cancer to do things like, "implement security," as well as cut memory usage and runtimes down by quite literally 100x in the worst cases.

It was during this time I discovered a rather critical flaw. This is the story of what, how and how can you fucking even be that stupid. The issue relates to users and their reports and their ability to order.

I first found this issue looking at some erroneous data for a low value order and went, "There's no fucking way, they're fucking stupid, but this is borderline criminal." It was easy to miss, but someone in a top down reporting chain had submitted an order for someone else in a different org. Shouldn't be possible, but here was that order staring me in the face.

So I set to work seeing if we'd pwned ourselves as an org. I spend a few hours poring over logs from the log service and dynatrace trying to recreate what happened. I first tested to see if I could get a user, not something that was usually done because auth identity was pervasive. I discover the users are INCREMENTAL int values they used for ids in the database when requesting from the API, so naturally I have a full list of users and their title and relative position, as well as reports and descendants in about 10 minutes.

I try the happy path of setting values for random, known payment methods and org structures similar to the impossible order, and submitting as a normal user, no dice. Several more tries and I'm confident this isn't the vector.

Exhausting that option, I look at the protocol for a type of order in the system that allowed higher level people to impersonate people below them and use their own payment info for descendant report orders. I see that all of the data for this transaction is stored in a cookie. Few tests later, I discover the UI has no forgery checks, hashing, etc, and just fucking trusts whatever is present in that cookie.

An hour of tweaking later, I'm impersonating a director as a bottom rung employee. Score. So I fill a cart with a bunch of test items and proceed to checkout. There, in all its glory are the director's payment options. I select one and am presented with:

"please reenter card number to validate."

Bupkiss. Dead end.

OR SO YOU WOULD THINK.

One unimportant detail I noticed during my log investigations that the shit slinging GUI monkeys who butchered the system didn't was, on a failed attempt to submit payment in the DB, the logs were filled with messages like:

"Failed to submit order for [userid] with credit card id [id], number [FULL CREDIT CARD NUMBER]"

One submit click later and the user's credit card number drops into lnav like a gatcha prize. I dutifully rerun the checkout and got an email send notification in the logs for successful transfer to fulfillment. Order placed. Some continued experimentation later and the truth is evident:

With an authenticated user or any privilege, you could place any order, as anyone, using anyon's payment methods and have it sent anywhere.

So naturally, I pack the crucifixion-worthy body of evidence up and walk it into the IT director's office. I show him the defect, and he turns sheet fucking white. He knows there's no recovering from it, and there's no way his shitstick service team can handle fixing it. Somewhere in his tiny little grinchly manager's heart he knew they'd caused it, and he was to blame for being a shit captain to the SS Failboat. He replies quietly, "You will never speak of this to anyone, fix this discretely." Straight up hitler's bunker meme rage.

Do you really expect that I can debug in a few minutes, a part of the software that I didn't build and have never seen before and have no knowledge of the external, third-party web service that code is reaching out to?

Dude, flippin' chill, take a walk, grab a drink, pop some popcorn and give me some time to figure out what the hell this code is doing so I can properly debug it!

You know what it turned out to be? Wrong test data used for the 3rd party service. So in essence... Nothing was wrong! Frickity frack!

Start a development job.
Boss: "let's start you off with something very easy. There's this third party we need data from. They have an api, just get the data and place it on our messaging bus."
Me: "sure, sounds easy enough"

Third party api turns out to have the most retarded conversation protocol. With us needing a service to receive data on while also having a client to register for the service. With a lot of timed actions like, 'send this message every five minutes' and 'check whether our last message was sent more than 11 minutes ago'.
Due to us needing a service, we also need special permissions through the company firewall. So I have to go around the company to get these permissions, FOR EVERY DATA STREAM WE NEED!

But the worst of it all is... This whole api is SOAP based!!

Also, Hey DevRant!

For a week+ I've been listening to a senior dev ("Bob") continually make fun of another not-quite-a-senior dev ("Tom") over a performance bug in his code. "If he did it right the first time...", "Tom refuses to write tests...that's his problem", "I would have wrote the code correctly ..." all kinds of passive-aggressive put downs. Bob then brags how without him helping Tom, the application would have been a failure (really building himself up).
Bob is out of town and Tom asked me a question about logging performance data in his code. I look and see Bob has done nothing..nothing at all to help Tom. Tom wrote his own JSON and XML parser (data is coming from two different sources) and all kinds of IO stream plumbing code.
I use Visual Studio's feature create classes from JSON/XML, used the XML Serialzier and Newtonsoft.Json to handling the conversion plumbing.
With several hundred of lines gone (down to one line each for the XML/JSON-> object), I wrote unit tests around the business transaction, integration test for the service and database access. Maybe couple of hours worth of work.
I'm 100% sure Bob knew Tom was going in a bad direction (maybe even pushing him that direction), just to swoop in and "save the day" in front of Tom's manager at some future point in time.

This morning's standup ..
Boss: "You're helping Tom since Bob is on vacation? What are you helping with?"
Me: "I refactored the JSON and XML data access, wrote initial unit and integration tests. Tom will have to verify, but I believe any performance problem will now be isolated to the database integration. The problem Bob was talking about on Monday is gone. I thought spending time helping Tom was better than making fun of him."
<couple seconds of silence>
Boss:"Yea...want to let you know, I really, really appreciate that."

Bob, put people first, everyone wins.

Uploaded an app to Appstore and it was rejected because the Gender dropdown at registration only has "Male" and "Female" as required selectable options. The reviewer thought it was right to force an inclusion of "Other" option inside a Medical Service app that is targeting a single country which also only recognizes only Male/Female as gender.

Annoyingly, I wrote back a dispute on the review:

Hello,
I have read your inclusion request and you really shouldn't be doing this. Our app is a Medical Service app and the Gender option can only be either Male or Female based on platform design, app functionality and data accuracy. We are also targeting *country_name* that recognizes only Male/Female gender. Please reconsider this review.

{{No reply after a week}}

-- Proceeds to include the option for "Other"
-- App got approved.
-- Behind the scene if you select the "other" option you are automatically tagged female.
Fuck yeah!

National Health Service (nhs) in the UK got hacked today... Workers at the hospitals could not access patient and appointment related data... How big a cheapskate you gotta be to hack a free public health service that is almost dying for fund shortages anyway...

Yesterday the web site started logging an exception “A task was canceled” when making a http call using the .Net HTTPClient class (site calling a REST service).

Emails back n’ forth ..blaming the database…blaming the network..then a senior web developer blamed the logging (the system I’m responsible for).

Under the hood, the logger is sending the exception data to another REST service (which sends emails, generates reports etc.) which I had to quickly re-direct the discussion because if we’re seeing the exception email, the logging didn’t cause the exception, it’s just reporting it. Felt a little sad having to explain it to other IT professionals, but everyone seemed to agree and focused on the server resources.

Last night I get a call about the exceptions occurring again in much larger numbers (from 100 to over 5,000 within a few minutes). I log in, add myself to the large skype group chat going on just to catch the same senior web developer say …
“Here is the APM data that shows logging is causing the http tasks to get canceled.”

FRACK!

Me: “No, that data just shows the logging http traffic of the exception. The exception is occurring before any logging is executed. The task is either being canceled due to a network time out or IIS is running out of threads. The web site is failing to execute the http call to the REST service.”

Several other devs, DBAs, and network admins agree.

The errors only lasted a couple of minutes (exactly 2 minutes, which seemed odd), so everyone agrees to dig into the data further in the morning.

This morning I login to my computer to discover the error(s) occurred again at 6:20AM and an email from the senior web developer saying we (my mgr, her mgr, network admins, DBAs, etc) need to discuss changes to the logging system to prevent this problem from negatively affecting the customer experience...blah blah blah.

FRACKing female dog!

Good news is we never had the meeting. When the senior web dev manager came in, he cancelled the meeting.

Turned out to be a hiccup in a domain controller causing the servers to lose their connection to each other for 2 minutes (1-minute timeout, 1 minute to fully re-sync). The exact two-minute burst of errors explained (and proven via wireshark).

People and their petty office politics piss me off.

Most ignorant ask from a PM or client?

So, so many. How do I chose?

- Wanting to 'speed up' a web site that we did not own, in Sweden (they used a service I wrote). His 'benchmark' was counting "one Mississippi, two Mississippi" while the home page rendered on his home PC and < 1MB DSL connection (he lives in a rural area).
- Wanted to change the sort order of a column of report so it 'sometimes' sorted on 'ABC' (alpha) or '123' (numeric) and sometimes, a mix of both. His justification was if he could put the data in the order he wanted in Excel, the computer should be smart enough to do the same thing.
- Wanted a Windows desktop application to run on an android.
- Wanted to write the interface to a new phone system that wasn't going to be installed for months. Even though we had access to the SDK, he didn't understand the SDK required access to the hardware. For several weeks he would send emails containing tutorials on interfacing with COM libraries (as if that was my problem).
- Wanted to write a new customer support application in XML. I told him I would have the application written tomorrow if he could tell me what XML stands for.

"Thank you for choosing Microsoft!"

No Microsoft, I really didn't choose you. This crappy hardware made you the inevitable, not a choice.

And like hell do I want to run your crappy shit OS. I tried to reset my PC, got all my programs removed (because that's obviously where the errors are, not the OS, right? Certified motherfuckers). Yet the shit still didn't get resolved even after a reset. Installing Windows freshly again, because "I chose this".

Give me a break, Microshaft. If it wasn't for your crappy OS, I would've gone to sleep hours ago. Yet me disabling your shitty telemetry brought this shit upon me, by disabling me to get Insider updates just because I added a registry key and disabled a service. Just how much are you going to force data collection out of your "nothing to hide, nothing to fear" users, Microsoft?

Honestly, at this point I think that Microsoft under Ballmer might've been better. Because while Linux was apparently cancer back then, at least this shitty data collection for "a free OS" wasn't yet a thing back then.

My mother still runs Vista, an OS that has since a few months ago reached EOL. Last time she visited me I recommended her to switch to Windows 7, because it looks the same but is better in terms of performance and is still supported. She refused, because it might damage her configurations. Granted, that's probably full of malware but at this point I'm glad she did.

Even Windows 7 has telemetry forcibly enabled at this point. Vista may be unsupported, but at least it didn't fall victim to the current status quo - data mining on every Microshaft OS that's still supported.

Microsoft may have been shady ever since they pursued manufacturers into defaulting to their OS, and GPU manufacturers will probably also have been lobbied into supporting Windows exclusively. But this data mining shit? Not even the Ballmer era was as horrible as this. My mother may not realize it, but she unknowingly avoided it.

I fucking love my local phone service provider. They have a game (70mb) like Temple run where we get free mobile data for playing it. The 70 mb for downloading it gets reimbursed too !!

Sorry for being late, stuffs came inbetween!

I have done a few privacy rants/posts before but why not another one. @tahnik did one a few days ago so I thought I'd do a new one myself based on his rant.

So, online privacy. Some people say it's entirely dead, that's bullshit. It's up to an individual, though, how far they want to go as for protecting it.

I personally want to retain as much control over my data as possible (this seems to be a weird thing these days for unknown reasons...). That's why I spend quite some time/effort to take precautions, read myself into how to protect my data more and so on.

'Everyone should have the choice of what services they use' - fully agreed, no doubt about that.

I just find one thing problematic. Some services/companies handle data in a way or have certain business models which takes the control which some people want/have over their data away when you communicate with someone using that service.

Some people (like me) don't want anything to do with google but even when I want to email my best fucking friend, I lose the control over that email data since he uses gmail.

So, when someone chooses to use gmail and I *HAVE* to email them, my choice is gone.

TO BE VERY CLEAR: I'm not blaming that on the users, I'm blaming that on the company/service.

Then for example, google analytics. It's a very good/powerful when you're solely looking at its functions.
I just don't want to be part of their data collection as I don't want to get any data into the google engine.

There's a solution for that: installing an addon in order to opt out.

I'm sorry, WHAT?! --> I <-- have to install an addon in order to opt out of something that is happening on my own motherfucking computer?! What the actual fuck, I don't call that a fucking solution. I'll use Privacy Badger + hosts files to block that instead.

Google vs 'privacy' friendly search engines - I don't trust DDG completely because their backend is closed/not available to the public but I'd rather use them then a search engine which is known to be integrated into PRISM/other surveillance engines by default.

I don't mind the existence of certain services, as long as they don't integrated you with data hungry companies/mass surveillance without you even using their services.

Now lets see how fast the comment section explodes!

Well that was a good little time off :)

Decided to go offline for a little and that was a good one, hello again.

Wrote a geoip service because I hate rate limits and such so fuck it, why not write one myself (data is not that accurate as it's free but quite alright if you ask me) (front end still fucking sucks).

So yes, that's I guess :P

In our morning stand up, dev was bragging about how much code he was refactoring (like over-the-top bragging) and how much the changes will improve readability (WTF does that mean?), performance, blah blah blah. Boss was very impressed, I wasn't. This morning I looked at the change history and yes, he spent nearly two solid days changing code. What code? A service that is over 10 years old, hasn't been used in over 5, mostly auto-generated code (various data contracts from third party systems). He "re-wrote" the auto-generated code, "fixed" various IDisposable implementations and other complete wastes of time. How –bleep-ing needy are people for praise and how –bleep-ing stupid are people for believing such bull-bleep? I think I should get a t-shirt made with a picture of a BS-Meter and when he starts talking, “Wait a sec, I gotta change my shirt. OK…you were saying?”

Developer came to our area to rant a bit about a problem he was having with Xamarin. A particular android device was receiving a java runtime error trying to de-serialize data from a WCF contract. What he found was not to use WCF and use WebAPI (or a simple REST service that sent back/forth JSON).

When he proposed changing the service (since the data transport didn’t really matter, he could plug the assembly into a WebAPI project in less than an hour), the dev manager shot down the idea pointing him to our service standard that explicitly stated no WebAPI (it’s in bold letters).

I showed him the date on the “standard”, which was 5 years ago. We have versioning on our sharepoint server, so I also him my proposal notes on the change request document (almost two years before that) stating we should stop using WCF in favor of REST based web standards. Dev manager at the time had wrote in his comment “Will never use REST. Enterprise developers prefer RPC.”
He just about fell over laughing when I showed him this gif.

Unaware that this had been occurring for while, DBA manager walks into our cube area:

DBAMgr-Scott: "DBA-Kelly told me you still having problems connecting to the new staging servers?"
Dev-Carl: "Yea, still getting access denied. Same problem we've been having for a couple of weeks"
DBAMgr-Scott: "Damn it, I hate you. I got to have Kelly working with data warehouse project. I guess I've got to start working on fixing this problem."
Dev-Carl: "Ha ha..sorry. I've checked everything. Its definitely something on the sql server side."
DBAMgr-Scott: "I guess my day is shot. I've got to talk to the network admin, when I get back, lets put our heads together and figure this out."
<Scott leaves>
Me: "A permissions issue on staging? All my stuff is working fine and been working fine for a long while."
Dev-Carl: "Yea, there is nothing different about any of the other environments."
Me: "That doesn't sound right. What's the error?"
Dev-Carl: "Permissions"
Me: "No, the actual exception, never mind, I'll look it up in Splunk."
<in about 30 seconds, I find the actual exception, Win32Exception: Access is denied in OpenSqlFileStream, a little google-fu and .. >
Me: "Is the service using Windows authentication or SQL authentication?"
Dev-Carl: "SQL authentication."
Me: "Switch it to windows authentication"
<Dev-Carl changes authentication...service works like a charm>
Dev-Carl: "OMG, it worked! We've been working on this problem for almost two weeks and it only took you 30 seconds."
Me: "Now that it works, and the service had been working, what changed?"
Dev-Carl: "Oh..look at that, Dev-Jake changed the connection string two weeks ago. Weird. Thanks for your help."
<My brain is screaming "YOU NEVER THOUGHT TO LOOK FOR WHAT CHANGED!!!"
Me: "I'm happy I could help."

So today was the worst day of my whole (just started) career.

We have a huge client like 700k users. Two weeks ago we migrated all their services to our aws infrastructure. I basically did most of the work because I'm the most skilled in it (not sure anymore).

Today I discovered:
- Mail cron was configured the wrong way so 3000 emails where waiting to be sent.
- The elastic search service wasn't yet whitelisted so didn't work for two weeks.
- The cron which syncs data between production db en testing db only partly worked.

Just fucking end me. Makes me wonder what other things are broken. I still have a lot to learn... And I might have fucked their trust in me for a bit.

Our Service Oriented Architecture team is writing very next-level things, such as JSON services that pass data like this:

<JSON>
<Data>
...
</Data>
</JSON>

So my friend was in a hurry when she was setting up the passocde for her phone and later she forgot the code.
So she takes it to the service center.

SC guy: Ma'am we have to do bla bla bla. And you will lose your data. It will cost you around $10.

She just came back and later gave me the phone.
*unlocks bootloader *
*flashes a custom recovery*
*delete passcode file*
Phone is now unlocked with all the data intact.

PS: I got a small treat at McDonald's. 😋

A lot of engineering fads go in circle.

Architecture in the 80s: Mainframe and clients.

Architecture in the 90s: Software systems connected by an ESB.

Architecture in the 2000s: Big central service and everyone connects to it for everything

Architecture in the 2010s: Decentralized microservices that communicate with queues.

Current: RabbitMQ and Kafka.

... Can't we just go back to the 90s?

I hate fads.
I hate when I have to get some data, and it's scattered on 20 different servers, and to load a fucking account page, a convoluted network of 40 apps have to be activated, some in PHP, others in JS, others on Java, that are developed by different teams, connected to different tiny ass DBs, all on huge clusters of tiny ass virtual machines that get 30% load at peak hours, 90% of which comes from serializing and parsing messages. 40 people maintaining this nightmare, that could've been just 7 people making a small monolithic system that easily handles this workload on a 4-core server with 32GB of RAM.
Tripple it, put it behind a load balancer, proper DB replication (use fucking CockroachDB if you really want survivability), and you've got zero downtime at a fraction of the cost.

Just because something's cool now, doesn't mean that everybody has to blindly follow it for fucks sake!

Same rant goes for functional vs OOP and all that crap. Going blindly with any of these is just a stupid fad, and the main reason why companies need refactoring of legacy code.

[Dark Rant]

I'm sick of this stupid tech world.

Don't get me wrong, I love tech. I just can't stand anymore the global brainwashing that we're part of.

Think about all the huge companies making profit on our data. For a better service, yeah sure, but do we really understand what the cost is?

Ok sure, you don't care about your data because you trust these companies and the advantages are all worth it. What about the fact that we are all forced to buy the next new smartphone after 2 years?

Like if removable batteries were a problem for us, users. Or like the audio jack. Because now someone decided that the pricey wireless headphones are Just What You Need™.

Do you think you own your smartphone?
No, you don't. You are paying a bunch of money for something that soon will be just a useless brick of glass and metal which you can't repair. But you'll be happy anyway.

Someone is so happy to the point that they will defend their favorite company, doesn't matter how they decided to stick it into their ass.

Open your eyes, you've been brainwashed.

Setup my port honeypot today finally, including port 22, then wrote a custom dashboard for some data tracking, feels great to have it open on my screen seeing the bans just roll in every 2 seconds of refresh, the highest hits are as expected from china, russia and india, also filed ~700 reports and already got 300 banned from their service. (mainly Microsoft Azure for whatever reason)

I wanted to first automate that (or atleast blacklist report to various IP lists via API), but then I was afraid that I'll be one day stupid enough to somehow get banned - don't want myself to get reported lol

For fuck sake, stop complaining about the lack of privacy everywhere.
I'm not saying that worrying about your privacy is bad, I also really want to be protected and I know the risks we run when put our information on the net, I care about my data, but please stop acting like whoever uses Google, Facebook or Windows is a fool and you're the only genius around.

Because guess, I use their services and when I use them I'm explicitly authorizing them to process my data, to track me and to create a profile about me. It's an exchange, I know what they're doing and I've control on the data I'm serving them.

If, for some reason, I want to be more protected then I fucking use some open source iper-safe alternative, and that's it.

Seriously, I'm happy if you use those fancy alternative services for everything (for your reasons, I don't care) and I'm glad if you decided to don't use any closed source service anymore, but please, stop screaming against who uses them

Fuck Optimizely.

Not because the software/service itself is inherently bad, or because I don't see any value in A/B testing.

It's because every company which starts using quantitative user research, stops using qualitative user research.

Suddenly it's all about being data driven.

Which means you end up with a website with bright red blinking BUY buttons, labels which tell you that you must convert to the brand cult within 30 seconds or someone else will steal away the limited supply, and email campaigns which promise free heroin with every order.

For long term brand loyalty you need a holistic, polished experience, which requires a vision based on aesthetics and gut feelings -- not hard data.

A/B testing, when used as some kind of holy grail, causes product fragmentation. There's a strong bias towards immediate conversions while long term churn is underrepresented.

The result of an A/B test is never "well, our sales increased since we started offering free heroin with every sale, but all of our clients die after 6 months so our yearly revenue is down -- so maybe we should offer free LSD instead"

I've optimised so many things in my time I can't remember most of them.

Most recently, something had to be the equivalent off `"literal" LIKE column` with a million rows to compare. It would take around a second average each literal to lookup for a service that needs to be high load and low latency. This isn't an easy case to optimise, many people would consider it impossible.

It took my a couple of hours to reverse engineer the data and implement a few hundred line implementation that would look it up in 1ms average with the worst possible case being very rare and not too distant from this.

In another case there was a lookup of arbitrary time spans that most people would not bother to cache because the input parameters are too short lived and variable to make a difference. I replaced the 50000+ line application acting as a middle man between the application and database with 500 lines of code that did the look up faster and was able to implement a reasonable caching strategy. This dropped resource consumption by a minimum of factor of ten at least. Misses were cheaper and it was able to cache most cases. It also involved modifying the client library in C to stop it unnecessarily wrapping primitives in objects to the high level language which was causing it to consume excessive amounts of memory when processing huge data streams.

Another system would download a huge data set for every point of sale constantly, then parse and apply it. It had to reflect changes quickly but would download the whole dataset each time containing hundreds of thousands of rows. I whipped up a system so that a single server (barring redundancy) would download it in a loop, parse it using C which was much faster than the traditional interpreted language, then use a custom data differential format, TCP data streaming protocol, binary serialisation and LZMA compression to pipe it down to points of sale. This protocol also used versioning for catchup and differential combination for additional reduction in size. It went from being 30 seconds to a few minutes behind to using able to keep up to with in a second of changes. It was also using so much bandwidth that it would reach the limit on ADSL connections then get throttled. I looked at the traffic stats after and it dropped from dozens of terabytes a month to around a gigabyte or so a month for several hundred machines. The drop in the graphs you'd think all the machines had been turned off as that's what it looked like. It could now happily run over GPRS or 56K.

I was working on a project with a lot of data and noticed these huge tables and horrible queries. The tables were all the results of queries. Someone wrote terrible SQL then to optimise it ran it in the background with all possible variable values then store the results of joins and aggregates into new tables. On top of those tables they wrote more SQL. I wrote some new queries and query generation that wiped out thousands of lines of code immediately and operated on the original tables taking things down from 30GB and rapidly climbing to a couple GB.

Another time a piece of mathematics had to generate all possible permutations and the existing solution was factorial. I worked out how to optimise it to run n*n which believe it or not made the world of difference. Went from hardly handling anything to handling anything thrown at it. It was nice trying to get people to "freeze the system now".

I build my own frontend systems (admittedly rushed) that do what angular/react/vue aim for but with higher (maximum) performance including an in memory data base to back the UI that had layered event driven indexes and could handle referential integrity (overlay on the database only revealing items with valid integrity) or reordering and reposition events very rapidly using a custom AVL tree. You could layer indexes over it (data inheritance) that could be partial and dynamic.

So many times have I optimised things on automatic just cleaning up code normally. Hundreds, thousands of optimisations. It's what makes my clock tick.

@netikras since when does proprietary mean bad?

Lemme tell you 3 stories.

CISCO AnyConnect:
- come in to the office
- use internal resources (company newsletter, jira, etc.)
- connect to client's VPN using Cisco AnyConnect
- lose access to my company resources, because AnyConnect overwrites routing table (rather normal for VPN clients)
- issue a route command updating routing table so you could reach confluence page in the intranet
- route command executes successfully, `route -n` shows nothing has changed
- google this whole WTF case
- Cisco AnyConnect constantly overwrites OS routing table to ENFORCE you to use VPN settings and nothing else.

Sooo basically if you want to check your company's email, you have to disconnect from client's VPN, check email and reconnect again. Neat!

Can be easily resolved by using opensource VPN client -- openconnect

CISCO AnyConnect:
- get a server in your company
- connect it to client's VPN and keep the VPN running for data sync. VPN has to be UP at all times
- network glitch [uh-oh]
- VPN is no longer working, AnyConnect still believes everything is peachy. No reconnect attempts.
- service is unable to sync data w/ client's systems. Data gets outdated and eventually corrupted

OpenConnect (OSS alternative to AnyConnect) detects all network glitches, reports them to the log and attempts reconnect immediatelly. Subsequent reconnect attempts getting triggered with longer delays to not to spam network.

SYMANTEC VIP (alleged 2FA?):
- client's portal requires Sym VIP otp code to log in
- open up a browser in your laptop
- navigate to the portal
- enter your credentials
- click on a Sym VIP icon in the systray
- write down the shown otp number
- log in

umm... in what fucking way is that a secure 2FA? Everything is IN the same fucking device, a single click away.

Can be easily solved by opensource alternatives to Sym VIP app: they make HTTP calls to Symantec to register a new token and return you the whole totp url. You can convert that url to a qr code and scan it w/ your phone (e.g. Google's Authenticator). Now you have a true 2FA.

Proprietary is not always bad. There are good propr sw too. But the ones that are core to your BAU and are doing shit -- well these ARE bad. and w/o an oppurtunity to workaround/fix it yourself.

Worked with a European consulting company to integrate some shared business data (aka. calling a service).
VP of IT called an emergency meeting (IT managers, network admins) deeply concerned about the performance of the international web site since adding our services.
VP: “The partner’s site is much slower than ours. Only common piece that could cause that is your service.”
Me: “Um, their site is vastly different than ours. I don’t think we can compare their performance to ours.”
VP: “Performance is #1! I need your service fixed ASAP!”
Me: “OK, but what exactly is slow? How did you measure their site? The servers are in Germany”
VP: “I measured performance from my house last night.”
Me: “Did you use an application?”
VP: “<laughs> oh no, I was at home. When I opened the page, I counted one Mississippi, two Mississippi, three Mississippi, then the page displayed.”
Me: “Wow…um…OK…uh…how long does our page take to load?”
VP: “Two Mississippi’s”
Me: “Um…wow…OK…wow…uh, no, we don’t measure performance like that, but I’ll work with our partners and develop a performance benchmark to determine if the shared service is behaving differently.”
VP: “Whatever it is, the service is slow. Bill, what do you think is slowing down the service?”
NetworkAdmin-Bill: “The Atlantic Ocean?”
VP got up and left the meeting.

"We use WSDL and SOAP to provide data APIs"
- Old-fashioned but ok, gimme the service def file
(The WSDL services definition file describes like 20 services)
- Cool, I see several services. In need those X data entities.
"Those will all be available through the Data service endpoint"
- What you mean "all entities in the same endpoint"? It is a WSDL, the whole point is having self-documented APIs for each entity format!
"No, you have a parameter to set the name of the data entity you want, and each entity will have its own format when the service return it"
- WTF you need the WSDL for if you will have a single service for everything?!?
"It is the way we have always done things"

Certain companies are some outdated-ass backwater tech wannabees.
Usually those that have dominated the market of an entire country since the fucking Perestroika.

The moment I turn on the data pipeline, those fuckers are gonna be overloaded into oblivion. I brought popcorn.

So I've decided to go about converting a Java project that I've been working on to Kotlin a little bit at a time. I started out with basic entity classes converting them to simple `data class`es in Kotlin.

Eventually, I got to my first beast of a class to refactor. This class had over 40 service classes depending on it, so even a little hiccup would throw everything into chaos.

I finish all of the changes on all of the dependent classes, update the tests, and the configurations (as necessary), and I was finally ready to spin up the app to test for any breaking changes I may have introduced...

Well - I broke everything! But I was sure I couldn't have! So what the hell happened?

Turns out that as I was building my project with a Gradle watch, at one point something failed to compile, which threw an unhandled exception in the gradle daemon that was never reported.

So when I tried to run my app, gradle would continually re-throw the error in the app I asked it to run...

After turning the daemon off and on again, the app worked like a charm.

I just tried to sign up to Instagram. I made a big mistake.

First up with Facebook related stuff is data. Data, data and more data. Initially when you sign up (with a new account, not login with Facebook) you're asked your real name, email address and phone number. And finally the username you'd like to have on the service. I gave them a phone number that I actually own, that is in my iPhone, my daily driver right now (and yes I have 3 Androids which all run custom ROMs, hold your keyboards). The email address is a usual for me, instagram at my domain. I am a postmaster after all, and my mail server is a catch-all one. For a setup like that, this is perfectly reasonable. And here it's no different, devrant at my domain. On Facebook even, I use fb at my domain. I'm sure you're starting to see a pattern here. And on Facebook the username, real name and email domain are actually the same.

So I signed up, with - as far as I'm aware - perfectly valid data. I submitted the data and was told that someone at Instagram will review the data within 24 hours. That's already pretty dystopian to me. It is now how you block bots. It is not how Facebook does it either, at least since last time I checked. But whatever. You'd imagine that regardless of the result, they'd let you know. Cool, you're in, or sorry, you're rejected and here's why. Nope.

Fast-forward to today when I recalled that I wanted to sign up to Instagram to see my girlfriend's pictures. So I opened Chromium again that I already use only for the rancid Facebook shit.. and it was rejected. Apparently the mere act of signing up is a Terms of Service violation. I have read them. I do not know which section I have violated with the heinous act of signing up. But I do have a hunch.

Many times now have I been told by ignorant organizations that I would be "stealing" their intellectual property, or business assets or whatever, just because I sent them an email from their name on my domain. It is fucking retarded. That is MY domain, not yours. Learn how email works before you go educate a postmaster. Always funny to tell them how that works. But I think that in this case, that is what happened.

So I appealed it, using a random link to something on Instagram's help section from a third-party blog. You know it's good when the third-party random blog is better. But I found the form and filled it in. Same shit all over again for info, prefilling be damned I guess. Minor convenience though, whatever.

I get sent an email in German, because apparently browsing through a VPS in Germany acting as a VPN means you're German. Whatever... After translating it, I found that it asks me to upload a picture of myself, holding a paper in my hands, on which I would have a confirmation code, my username, and my email address.. all hand-written. It must not be too dark, it must be clear, it must be in JPEG.. look, I just wanted to fucking sign up.

I sent them an email back asking them to fix all of this. While I was writing it and this rant, I thought to myself that they can shove that piece of paper up their ass. In fact I would gladly do it for them.

Long story short, do not use Instagram. And one final thing I have gripes with every time. You are not being told all the data you'll have to present from the get-go. You're not being told the process. Initially I thought it'd just be email, phone, username, and real name. Once signed up (instantly, not within 24 hours!) I would start setting up my account and adding a profile picture. The right way to ask for a picture of me! And just do it at my own pace, as I please.

And for God's sake, tackle abuse when it actually happens. You'll find out who's a bot and who isn't by their usage patterns soon enough. Do not do any of this at sign-up. Or hell, use a CAPTCHA or whatever, I don't fucking care. There's so many millions of ways to skin this cat.

Facebook and especially Instagram. Both of them are fucking retarded.

[Begin Rant] When you show your senior manager your REST Web Service and he says "Oh no nooo... I don't wanna see no code"... Me: Code?? That ain't code you fat silly fucker it's the command line output data which I spent a week parsing, batch processing, and storing into the database! [End Rant] :[

Me - Yeah great so you say it's big data we are gonna be analyzing and having to store, are you currently utilizing a service and aggregating any of it into smaller manageable segments?

Client - well yeah it's lots and lots of data, we can share it with you if you sign a nda.

Me - ok... sure, how are you gonna share it with me.

Client - oh I can email you the spreadsheet.

Me - .... Spreadsheet ... Um... Ok... 'Stands up and walks away to tell this as the most interesting meeting of the month, to some one that will get it'

--

Buzz word for the win!

I once found a MongoDB cluster open to the internet with no authentication with nearly a terabyte of data that backed a CRM service whose customers included Microsoft and Adobe to name a few.

<just got out of this meeting>
Mgr: “Can we log the messages coming from the services?”
Me: “Absolutely, but it could be a lot of network traffic and create a lot of noise. I’m not sure if our current logging infrastructure is the right fit for this.”
Senior Dev: “We could use Log4Net. That will take care of the logging.”
Mgr: “Log4Net?…Yea…I’ve heard of it…Great, make it happen.”
Me: “Um…Log4Net is just the client library, I’m talking about the back-end, where the data is logged. For this issue, we want to make sure the data we’re logging is as concise as possible. We don’t want to cause a bottleneck inside the service logging informational messages.”
Mgr: “Oh, no, absolutely not, but I don’t know the right answer, which is why I’ll let you two figure it out.”
Senior Dev: “Log4Net will take care of any threading issues we have with logging. It’ll work.”
Me: “Um..I’m sure…but we need to figure out what we need to log before we decide how we’re logging it.”
Senior Dev: “Yea, but if we log to SQL database, it will scale just fine.”
Mgr: “A SQL database? For logging? That seems excessive.”
Senior Dev: “No, not really. Log4Net takes care of all the details.”
Me: “That’s not going to happen. We’re not going to set up an entire sql database infrastructure to log data.”
Senior Dev: “Yea…probably right. We could use ElasticSearch or even Redis. Those are lightweight.”
Mgr: “Oh..yea…I’ve heard good things about Redis.”
Senior Dev: “Yea, and it runs on Linux and Linux is free.”
Mgr: “I like free, but I’m late for another meeting…you guys figure it out and let me know.”
<mgr leaves>
Me: “So..Linux…um…know anything about administrating Redis on Linux?”
Senior Dev: ”Oh no…not a clue.”

It was all I could do from doing physical harm to another human being.
I really hate people playing buzzword bingo with projects I’m responsible for.

Only good piece is he’s not changing any of the code.

While trying to integrate a third-party service:

Their Android SDK accepts almost anything as a UID, even floats and doubles. Which is odd, who uses those as UIDs? I pass an Integer instead. No errors. Seems like it's working. User shows up on their dashboard.

Next let's move onto using their data import API. Plug in everything just like I did on mobile. Whoa, got an error. "UIDs must be a string". What. Uh, but the SDK accepts everything with no error. Ok fine. Change both the SDK and API to return the UID as a string. No errors returned after changing the UIDs.

Check dashboard for user via UID. Uh, properties haven't been updating. Check search properties. Find out that UIDs can only be looked up as Integers. What? Why do you ask me to send it as a string via the API then? Contact support. Find out it created two distinct records with the UID, one as a string and the other as an Integer.

GFG.

So I know most of you got some kind of hate for Facebook and Zuckerberg (aka Z U C C) now, but ffs, watching some of the highlights of this congress-thing that went on makes me more or less feel sympathy for him and his idea, even tho I know he wants to achieve exactly this.

Some of the questions asked can suck a big fucken data-dick. "How many Facebook Like-Buttons are there on Non-Facebook pages?", "How many data-categories do you gather?", "How do you sustain a business model and stay free?" - DUDE WHAT IN HEAVENS NAME?? And they ask that shit so serious and so "now-i'm-going-to-bust-you"-esk, but actually the question is just plain stupid and shows how the questioning side has no clue about the shit.

My point of view is that people decided to have an online life and have to take what it does. Having a smartphone with a Facebook service installed (owning an account or not) is enough to track your location, stored under your IMEI or some shit like that. They may not even go that far but that's just my opinion.
If you are online everything can see you and use you that way. Borders are a fictious thing. A dude in Czechia can easily shoot you when you're on the German side of the border between those two countries. And still we gave up on walls...:p

Welcome to a world which is ruled by dumbass people where nerds who just want to have some fun need to defend themselves because the people up there don't know a single shit.

Inmates are trying to take over the asylum again.

Got a message from the web team manager deeply concerned because since switching to the new logging framework, the site is significantly slower.

She provided no proof or any data to what 'significantly slower' means.

#1 The 'new logging' has been in place and logging for 5 years. We only recently depreciated the ILogger interface ('new' ILogger interface only has 1 method instead of 5)
#2 The 'old logging' was modified 5 years ago, so even if you were using the 'old' interface, the underlying implementation is still the same.

She tried to push the 'it wasn't this slow before' argument, so I decided to do some fact based analysis.
Knowing they deployed their logging changes couple of weeks ago, I opened up AppDynamics, looked at the average call time to Splunk (along with a few other http calls they are doing)
- caching services - 5ms
- splunk - 30ms
- Order Service - 350ms
- Product Data Service -525ms

Then I look at the data they are logging, for the month of June, over 5 million messages. At 30ms each, that's almost 42 hours spent logging errors...yes errors. Null reference exceptions, Argument exceptions, easily fixable stuff.

So far for the month of July (using the 'new' logging), almost 2.5 million errors. Pretty close so far with June's numbers.

My only suggestion was to fix the bugs in their code so they don't log so many errors.

Her response.."Can we have one of our developers review your logging code? We believe we can find ways to optimize the http requests"

Oh good Lord. I'm not a drinking man..but ...I might start.

*Working on a project with boss, I am working on a mobile app, he is working on web service app.

Me: this service takes user id as parameter to get all account details (all other web services are like that)

Boss: yes, I use the id to filter the data.

Me: but by this, everyone has the id can do anything ! why we do not use session token?

Boss: this is a detail, it is not important !

Me:...

*7 years of experience my ass

Best code performance incr. I made?

Many, many years ago our scaling strategy was to throw hardware at performance problems. Hardware consisted of dedicated web server and backing SQL server box, so each site instance had two servers (and data replication processes in place)

Two servers turned into 4, 4 to 8, 8 to around 16 (don't remember exactly what we ended up with). With Window's server and SQL Server licenses getting into the hundreds of thousands of dollars, the 'powers-that-be' were becoming very concerned with our IT budget. With our IT-VP and other web mgrs being hardware-centric, they simply shrugged and told the company that's just the way it is.

Taking it upon myself, started looking into utilizing web services, caching data (Microsoft's Velocity at the time), and a service that returned product data, the bottleneck for most of the performance issues. Description, price, simple stuff. Testing the scaling with our dev environment, single web server and single backing sql server, the service was able to handle 10x the traffic with much better performance.

Since the majority of the IT mgmt were hardware centric, they blew off the results saying my tests were contrived and my solution wouldn't work in 'the real world'. Not 100% wrong, I had no idea what would happen when real traffic would hit the site.

With our other hardware guys concerned the web hardware budget was tearing into everything else, they helped convince the 'powers-that-be' to give my idea a shot.

Fast forward a couple of months (lots of web code changes), early one morning we started slowly turning on the new framework (3 load balanced web service servers, 3 web servers, one sql server). 5 minutes...no issues, 10 minutes...no issues,an hour...everything is looking great. Then (A is a network admin)...
A: "Umm...guys...hardly any of the other web servers are being hit. The new servers are handling almost 100% of the traffic."
VP: "That can't be right. Something must be wrong with the load balancers. Rollback!"
A:"No, everything is fine. Load balancer is working and the performance spikes are coming from the old servers, not the new ones. Wow!, this is awesome!"
<Web manager 'Stacey'>
Stacey: "We probably still need to rollback. We'll need to do a full analysis to why the performance improved and apply it the current hardware setup."
A: "Page load times are now under 100 milliseconds from almost 3 seconds. Lets not rollback and see what happens."
Stacey:"I don't know, customers aren't used to such fast load times. They'll think something is wrong and go to a competitor. Rollback."
VP: "Agreed. We don't why this so fast. We'll need to replicate what is going on to the current architecture. Good try guys."
<later that day>
VP: "We've received hundreds of emails complementing us on the web site performance this morning and upset that the site suddenly slowed down again. CEO got wind of these emails and instructed us to move forward with the new framework."

After full implementation, we were able to scale back to only a few web servers and a single sql server, saving an initial $300,000 and a potential future savings of over $500,000. Budget analysis considering other factors, over the next 7 years, this would save the company over a million dollars.

At the semi-annual company wide meeting, our VP made a speech.

VP: "I'd like to thank everyone for this hard fought journey to get our web site up to industry standards for the benefit of our customers and stakeholders. Most of all, I'd like to thank Stacey for all her effort in designing and implementation of the scaling solution. Great job Stacy!"
<hands her a blank white envelope, hmmm...wonder what was in it?>

A few devs who sat in front of me turn around, network guys to the right, all look at me with puzzled looks with one mouth-ing "WTF?"

So my client is (was) paying 3500$~ a month to that service that has also an API and we have been now fighting atleast 2 months for them to raise the rate limit higher. (because the new features pull in a lot more records, to basically make their shitty old dashboard obsolete at some point)

He's even willing to pay more, but the ticket and calls just get thrown around from one level to another, when he threatened to quit, all they changed was to send him to another level that was suggesting 3 months 10% off and when he declined it just got thrown into the pool again lol

So what we end up doing is register his wife on same service (there's not really any alternatives that actually have all that weird shit he needs and his wife was co-owner anyway, so it was just a name change basically), but just tick the higher API rate limit and it worked, he's now quitting the old one.

What's funny though, the new contracts for the same thing he was paying cost just ~2450$ (would have been even less, but hes too clingy on that one page I can't recreate without having the data) so they just lost that revenue, just because they didn't want to raise the API rate limit and the client also decided to give me the difference of one month on top of my contract, once the new contract kicks in and the old one expires in 6ish days (at best) or 12ish days at worst

well done support and assigned engineers, not only did you just lose a client with an old contract paying you 12000$/year more, but you also gave me a great free bost in money lol

btw: I hope I put everything in again, I this time decided to be brave (read as "stupid") and wrote it in the devrant webapp, then accidentally clicked twice outside the borders, making everything disappear..

Found this gem of a comment in a code base written 4 years back.

/*
Invoke <Service Base URL>/asset/v2/details/<SN> to get asset details
Feeling very bad to include this call, but we really need to use this !!!
This call is gonna take ~20s to respond. I've even increased the overall timeout of this module, just for this call !!!
So, if you are looking to debug any performance issue, I wish you jump directly here,
remove this call and just use master data management (MDM)
P.S: It is not that simple, as MDM and this asset DB (both asset masters) has differences in how the asset is defined :(
*/

Still trying to understand how to remove this costly time-consuming call and replace with an efficient one !!

And, of-course, the original author left 2 years back :(

Long but hilarious:
I was deeply concerned about how we have a single, non-paginated call to a backend service, returning hundreds of entries, which has to be enriched with constant data fetched from our db for each entry. FOR EACH ENTRY. AND FOR EACH REQUEST.
I voiced my concerns to my PM, who called me a "rage prophet" for it.

As expected, the call took 20-something seconds to complete.
Ten minutes before the CEO comes over to have a look, another dev changes his loosely-related service, and the entire super-heavy, sprawling abyss of enrichment pipeline returns in sub-second timing!!!

CEO: guys, this is too fast. You have to slow it down a bit. It doesn't seem reliable that we're able to get all this data immediately.
PM: you see, rage prophet, it all worked out in the end
Me: #$@%$&!!!!!

I’m LOLing at the audacity of one of our vendors.

We contract with a vendor to build and maintain a website. Our network security team noticed there was a security breach of the vendor’s website. Our team saw that malicious users gained access to our Google Search console by completing a challenge that was issued to the vendor’s site.

At first, the vendor tried to convince us that their site wasn’t comprised and it was the Google search Console that was compromised. Nah dude. Our Search Console got compromised via the website you maintain for us. Luckily our network team was able to remove the malicious users from our search console.

That vendor site accepts credit card payments and displays the user’s contact info like address, email, and phone. The vendor uses keys that are tied to our payment gateway. So now my employer is demanding a full incident report from the vendor because their dropping the ball could have compromised our users’ data and we might be responsible for PCI issues.

And the vendor tried to shit on us even more. The vendor also generates vanity urls for our users. My employer decided to temporarily redirect users to our main site (non vendor) because users already received those links and in order to not lose revenue. The vendor’s solution is to build a service that will redirect their vanity urls to our main site. And they wanted to charge us $5000 usd for this. We already pay them $1000 a month already.

WTAF we are not stupid. Our network service team said we could make the argument that they do this without extra charge because it falls in the scope of our contract with them. Our network team also said that we could terminate the contract because the security breach means they didn’t render the service they were contracted to do. Guess it’s time for us to get our lawyer’s take on this.

So now it looks like my stakeholders want me to rebuild all of this in house. I already have a lot on my plate, but I’m going to be open to their requests because we are still in the debrief phase.

So this guy is asking for help but his ego is too high. What happened was his code raised a ""Trying to get property 'result' of non-object"" error so I told him that the data type is not declared. He still not get it. Like in personal message he asked me wether I know php because he is the founder of some cloud service in php, and I know all about php.

I was like if you know php so well, why cant you realise that $result is not declared?

"Let‘s make a service where the users can enter all of their secrets and sensitive data so that we can warn them if that data has been leaked elsewhere"

What could possibly go wrong?

when I was a newbie I was given a task to upload a site.
I had done that many times before so I thought it wont be a big deal so I thought I never gave a try uploading through ftp.
Okay I began work on it the server was of godaddy and credentials I got were of delegate access.
right I tried connecting through ftp but it wasn't working thought there's some problem with user settings why shouldn't I create my own user to stay away from mess.
Now I creater my own user and could easily login but there were no files in it saw that by creating user my folder is different and I dont have access to server files I wanted to take backup before I do upload.
now I was thinking to give my user access to all files so I changed the access directory to "/" checked ftp again there was still no file.
don't know what happened to me I thought ahh its waste of time for creating ftp user it does nothing and I deleted my ftp account.
now I went through web browser to download data and earth skids beneath my foots. Holy fuck I lost all the data, all were deleted with that account it scared the shit out of me.
There were two sites running which were now gone.
Tried every bit to bring them back but couldn't do so. i contact support of godaddy they said you haven't enabled auto backup so you can't have them for free however they can provide their service in $150. Which is 15k in my country.
I decided to tell my boss about what happened and he got us away :p I wasn't fired gladly

SQL Rule 1. Always assume there are external processes that might affect your data. (for instance, triggers).
SQL Rule 2. In Denormalised data, never execute logic on dependant table values, always copy from the parent.
SQL Rule 3. When Denormalised data schemas are created the DBA knows what they are doing.
SQL Rule 3.1. If DBA knows what they is doing then according to Rule 1 there is no problem with adding in some triggers to maintain data clones as they are created.
SQL Rule 4. If you don't like or agree with triggers, deal with it. They are a first class tool in a first class RDBMS. In a multi-app or service environment there may be many other external processes massaging your data
SQL Rule 5. If all previous rules are not broken and the system has been running efficiently for many years DO NOT complain that there are triggers in the database that are doing and have been doing the same process that you just butchered (by violating Rule 1 and 2) in your makeshift "hello world, look what I can do from my phone" angular BS when the rest of the users are still relying on the existing runtime app.
SQL Rule 6. If you turn my triggers off, you sure as hell better turn them back on!

Inherited a simple marketplace website that matches job seekers and hospitals in healthcare. Typically, all you need for this sort of thing is a web server, a database with search

But the precious devs decided to go micro-services in a container and db per service fashion. They ended up with over 50 docker containers with 50ish databases. It was a nightmare to scale or maintain!

With 50 database for for a simple web application that clearly needs to share data, integration testing was impossible, data loss became common, very hard to pin down, debugging was a nightmare, and also dangerous to change a service’s schema as dependencies were all tangled up.

The obvious thing was to scale down the infrastructure, so we could scale up properly, in a resource driven manner, rather than following the trend.

We made plans, but the CTO seemed worried about yet another architectural changes, so he invested in more infrastructure services, kubernetes, zipkin, prometheus etc without any idea what problems those infra services would solve.

Added new hidden function in my service: If you don't reply with "thanks" after I send you requested data, I will not reply to your requests for 15 minutes.
Clients really need to learn some manners and I'm here to help.

Still dealing with the web department and their finger pointing after several thousand errors logged.

SeniorWebDev: “Looks like there were 250 database timeout errors at 11:02AM. DBAs might want to take a look.”

I look at the actual exceptions being logged (bulk of the over 1,600 logged errors)..

“Object reference not set to an instance of an object.”

Then I looked the email timestamp…11:00AM. We received the email notification *before* the database timeout errors occurred.

I gather some facts…when the exceptions started, when they ended, and used the stack trace to find the code not checking for null (maybe 10 minutes of junior dev detective work). Send the data to the ‘powers that be’ and carried on with my daily tasks.
I attached what I found (not the actual code, it was changed to protect the innocent)
Couple of hours later another WebDev replied…

WebDev: “These errors look like a database connectivity issue between the web site and the saleitem data service. Appears the logging framework doesn’t allow us to log any information about the database connection.”

FRACK!!...that Fracking lying piece of frack! Our team is responsible for the logging framework. I was typing up my response (having to calm down) then about a minute later the head DBA replies …

DBA: “Do you have any evidence of this? Our logs show no connectivity issues. The logging framework does have the ability to log an extensive amount of data regarding the database transaction. Database name, server, login, command text, and parameter values. Everything we need to troubleshoot. This is the link to the documentation …. If you implement the one line of code to gather the data, it will go a long way in helping us debug performance and connectivity issue. Thank you.”

DBA sends me a skype message “You’re welcome :)”

Ahh..nice to see someone else fed up with their lying bull...stuff.

So ok here it is, as asked in the comments.

Setting: customer (huge electronics chain) wants a huge migration from custom software to SAP erp, hybris commere for b2b and ... azure cloud
Timeframe: ~10 months….

My colleague and me had the glorious task to make the evaluation result of the B2B approval process (like you can only buy up till € 1000, then someone has to approve) available in the cart view, not just the end of the checkout. Well I though, easy, we have the results, just put them in the cart … hmm :-\
The whole thing is that the the storefront - called accelerator (although it should rather be called decelerator) is a 10-year old (looking) buggy interface, that promises to the customers, that it solves all their problems and just needs some minor customization. Fact is, it’s an abomination, which makes us spend 2 months in every project to „ripp it apart“ and fix/repair/rebuild major functionality (which changes every 6 months because of „updates“.

After a week of reading the scarce (aka non-existing) docs and decompiling and debugging hybris code, we found out (besides dozends of bugs) that this is not going to be easy. The domain model is fucked up - both CartModel and OrderModel extend AbstractOrderModel. Though we only need functionality that is in the AbstractOrderModel, the hybris guys decided (for an unknown reason) to use OrderModel in every single fucking method (about 30 nested calls ….). So what shall we do, we don’t have an order yet, only a cart. Fuck lets fake an order, push it through use the results and dismiss the order … good idea!? BAD IDEA (don’t ask …). So after a week or two we changed our strategy: create duplicate interface for nearly all (spring) services with changed method signatures that override the hybris beans and allow to use CartModels (which is possible, because within the super methods, they actually „cast" it to AbstractOrderModel *facepalm*).
After about 2 months (2 people full time) we have a working „prototype“. It works with the default-sample-accelerator data. Unfortunately the customer wanted to have it’s own dateset in the system (what a shock). Well you guess it … everything collapsed. The way the customer wanted to "have it working“ was just incompatible with the way hybris wants it (yeah yeah SAP, hybris is sooo customizable …). Well we basically had to rewrite everything again.
Just in case your wondering … the requirements were clear in the beginning (stick to the standard! [configuration/functinonality]). Well, then the customer found out that this is shit … and well …

So some months later, next big thing. I was appointed technical sublead (is that a word)/sub pm for the topics‚delivery service‘ (cart, delivery time calculation, u name it) and customerregistration - a reward for my great work with the b2b approval process???

Customer's office: 20+ people, mostly SAP related, a few c# guys, and drumrole .... the main (external) overall superhero ‚im the greates and ur shit‘ architect.
Aberage age 45+, me - the ‚hybris guy’ (he really just called me that all the time), age 32.
He powerpoints his „ tables" and other weird out of this world stuff on the wall, talks and talks. Everyone is in awe (or fear?). Everything he says is just bullshit and I see it in the eyes of the others. Finally the hybris guy interrups him, as he explains the overall architecture (which is just wrong) and points out how it should be (according to my docs which very more up to date. From now on he didn't just "not like" me anymore. (good first day)
I remember the looks of the other guys - they were releaved that someone pointed that out - saved the weeks of useless work ...

Instead of talking the customer's tongue he just spoke gibberish SAP … arg (common in SAP land as I had to learn the hard way).
Outcome of about (useless) 5 meetings later: we are going to blow out data from informatica to sap to azure to datahub to hybris ... hmpf needless to say its fucking super slow.
But who cares, I‘ll get my own rest endpoint that‘ll do all I need.

First try: error 500, 2. try: 20 seconds later, error message in html, content type json, a few days later the c# guy manages to deliver a kinda working still slow service, only the results are wrong, customer blames the hybris team, hmm we r just using their fucking results ...
The sap guys (customer service) just don't seem to be able to activate/configure the OOTB odata service, so I was told)
Several email rounds, meetings later, about 2 months, still no working hybris integration (all my emails with detailed checklists for every participent and deadlines were unanswered/ignored or answered with unrelated stuff). Customer pissed at us (god knows why, I tried, I really did!). So I decide to fly up there to handle it all by myself

Sorta dev related.
I work at a service desk for an automotive supplier.
We've once hab out entire mobile phone system crash and for whatever reason, it won't let the phones connect, if there are more than 50 phones trying to connect at the same time. Kind of a problem if there are 400+ phones trying to connect.
My colleagues showed me what to do in order to get one phone to connect to our system.
It was basically: enter some invalid data on out webinterface, save, enter the correct data again and safe again.

It was too stupid for me. So i hacked an AutoIt script together in about 15 minutes, and let it run for the next half an hour. Showed it to my colleagues, they were excited and I went and got a coffee.

I don't want to put anyone to shame here, but this has been the most hilarious password reset in my life.

P.S.
It's an early service with no sensitive data, so I'm not concerned so much, but still, a system for automatic password reset, with the ability to change the temporary one, should be one of the first things in place before you go public. lol

Hey, we need a service to resize some images. Oh, it’ll also need a globally diverse cache, with cache purging capabilities, only cache certain images in the United States, support auto scaling, handle half a petabyte of data , but we don’t know when it’ll be needed, so just plan on all of it being needed at once. It has to support a robust security profile using only basic HTTP auth, be written in Java, hosted on-prem, and be fully protected from ddos attacks. It must be backwards compatible with the previous API we use, but that’s poorly documented, you’ll figure it out. Also, it must support being rolled out 20% of the way so we can test it, and forget about it, and leave two copies of our app in production.

You can re-use the code we already have for image thumbnails even though it’s written in Python, caches nothing and is hosted in the cloud. It should be easy. This guy can show you how it all works.

'Hey I found a bug in your code, it's probably a typo, see here.'

Me: Oh right, yeah. How stupid of me. Thanks, I'll push it.

'It's okay. You can push it or I can do it too after you push the changes we just discussed. I actually simplified one of your methods.'

Me: You, what... ?
(You crammed multiple lines in a single line with your stupid as fuck, rigid constructs, removing my error handling, loosely coupled service, in the name of simplification?)

' Yeah it's just four lines in a single function now, no need to call the function again and again.'

Me: (No... Just no. This totally undos whatever little I could do to avoid supporting your idiotic object in the first place.)
Oh... okay, we'll see. I'll let you know.

What life.
Life in a company full of ignorant, inflated egos is no joke.

Details:
I created a service that reads a configuration file and returns the configuration. This person needs five entries for his app logic. He collected them in a object. Quite alright. Except that the class prototype is shitty. I, like a normal person, made my service return a value based on input. I was asked to incorporate this awful object so that I can return the five entries together, which is awful because the service is not supposed to know about how the entries are clubbed. It should most certainly not know about the data members of the object!

So I am helping coworker with debugging a weather forecast feature on a digital display solution we sell to hundreds of companies.

He says he just doesn't know why but the forecast data isn't correct.

I open up file where forecast data is stored and the data hasn't been updated in 6 months.

Thats when he realizes no one has paid the forecast service provider in 6 months...

And this guy is supposed to be senior to me?

//rant

So I'm a BI consultant, been doing this for about 6 years now, and I'm pretty good at the data stuffs. Now I had to complete a project for a client where we call a web service and it had to be done in .NET. I wrote a console app in C# that called the WS, dumped the data then a stored proc processed the staging tables into final tables that our visualization tool can consume.

It works, it's done.

Mind you I'm not a pure .NET developer.

And now that it's completed and working this fucking .NET dude that works for my client is basically giving me an attitude talking about "why wasn't it done as a Windows service? Blah, blah" Like WTF!!??? I get that he's the C# BSD but like chill bruh!!

It's annoying as fuck having to work on projects that are not your area of EXPERTISE and then be ridiculed by other elitist assholes about it.

Doesn't happen much, but fuck it's something I hate about dev. FYI, if it was the opposite I would just be asking questions for understanding, not being a sarcastic prick.

//rant done

As usual a rather clickbait title, because only the chrome extensions (as always) seem to be vulnerable:

"Warning – 3 Popular VPN Services Are Leaking Your IP Address"

"Researchers found critical vulnerabilities in three popular VPN services that could leak users' real IP addresses and other sensitive data."

"VPN Mentor revealed that three popular VPN service providers—HotSpot Shield, PureVPN, and Zenmate"

"PureVPN is the same company who lied to have a 'no log' policy, but a few months ago helped the FBI with logs that lead to the arrest of a Massachusetts man in a cyberstalking case."

"Hijack all traffic (CVE-2018-7879) "
"DNS leak (CVE-2018-7878)"
"Real IP Address leak (CVE-2018-7880)"

How do you deal with massively poorly-performing and unknowledgeable teams?

For background, I've been in my current position for ~7 months now.

A new manager joined recently and he's just floored at the reality of the team.

I mean, a large portion of my interview (and his) was the existing manager explicitly warning about how much of a dumpster fire everything is.

But still, nothing prepares you for it.

We're talking things like:
- Sequential integer user ids that are passable as query string args to anonymous endpoints, thus enabling you to view the data read by that view *for any* user.
- God-like lookup tables that all manner of pieces of data are shoved into as a catch-all
- A continued focus on unnecessary stored procedures despite us being a Linq shop
- Complete lack of awareness of SOLID principles
- Actual FUD around the simplest of things like interfaces, inversion of control, dependency injection (and the list goes on).

I've been elevated into this sort of quasi-senior position (in all but title - and salary), and I find myself having to navigate a daily struggle of trying to not have an absolute shit fit every time I have to dive into the depths of some of the code.

Compounded onto that is the knowledge that most of the team are on comparable salaries (within a couple thousand) of mine, purely owing to length of service.

We're talking salaries for mid-senior level devs, for people that at market rates would command no more (if even close) than a junior rate.

The problem is that I'm aware of how bad things are, but then somehow I'm constantly surprised and confronted with ever more insane levels of shitfuckery, and... I'm getting tired.

It's been 7 months, I love the job, I'm working in the charity sector and I love the fact that the things I'm working on are directly improving people's lives, rather than lining some fintech fatcat's pockets.

I guess this was more a rant than a question, and also long time no see...

So my question is this:

- How do you deal with this?
- How do you go on without just dying inside every single day?

!rant

Goodbye Java I will not miss you at all! I swear ...

I do like it when making web services (especially that I can use Java8) but for Android you have been a torture. Hello sweet Kotlin! I shall embrace you and treat you like my newly born baby!!

Story is:
Working on a new project where I need to talk to a web service (also made by me).
Started writing in Java, all is cool and unit tests pass.
Downloaded Android Studio 3 Beta 1 and converted my Java code to Kotlin, That AsyncTask did not look nice in kotlin, converted it to async & await feature and I must admit lots of code removed, no more need to create a new fucking AsyncTask every time the app sneezes for data!

I feel like I'm working with C# but with difference in syntax.
My life is now complete :)

My own colo server. My own cloud. My own infra.

Fuck all of the CSP's and their fucking broken TOS and their data privacy violations!

Why do you think Amazon is so cheap? Because when they discover a product/service/software on AWS makes money, they WILL Reverse engineer it, make it and price you out of the market. It's their business model!

So last week I really fucked up

I had this new implementation that was supposedly to be integrating smoothly into the rest of the service. It depended on a serialized model made by a data scientist. I test it in local, in QA environment: no problem.

So, Friday, 4pm, I decide to deploy to production. I check once from the app: the service throw an error. Panic attack, my chief is at my desk, we triy to understand what went wrong. I make calls with cUrls: no problem. Everything seems fine. I recheck from the app again: no problem.
We dedice to let it in prod, as the feature work. I go get some beers with the guys, to celebrate the deploy.

Fast-forward the next morning, 11am, my phone ring: it's a colleague of my chief. "Please check Slack, a client is trying to use the feature, it's broken"

FUUUUUUUUUUUUCK!!!

Panic attack again. I go to the computer, check the errors: two types of errors. One I can fix, the other from a missing package on the machine that the data guy used.

Needless to say, I had a fairly good weekend.

Lessons learned:
- make sure Dev, QA and Prod are exactly the same (use Ansible or Container)
- never deploy on a Friday afternoon if you don't have a quick way to revert

Oh boy I got a few. I could tell you stories about very stupid xss vectors like tracking IDs that get properly sanitized when they come through the url but as soon as you go to the next page and the backend returns them they are trusted and put into the Dom unsanitized or an error page for a wrong token / transaction id combo that accidentally set the same auth cookie as the valid combination but I guess the title "dumbest" would go to another one, if only for the management response to it.

Without being to precise let's just say our website contained a service to send a formally correct email or fax to your provider to cancel your mobile contract, nice thing really. You put in all your personal information and then you could hit a button to send your cancelation and get redirected to a page that also allows you to download a pdf with the sent cancelation (including all your personal data). That page was secured by a cancelation id and a (totally save) 16 characters long security token.

Now, a few months ago I tested a small change on the cancelation service and noticed a rather interesting detail : The same email always results in the same (totally save) security token...
So I tried again and sure, the token seemed to be generated from the email, well so much about "totally save". Of course this was a minor problem since our cancelation ids were strong uuids that would be incredibly hard to brute force, right? Well of course they weren't, they counted up. So at that point you could take an email, send a cancelation, get the token and just count down from your id until you hit a 200 and download the pdf with all that juicy user data, nice.

Well, of course now I raised a critical ticket and the issue was fixed as soon as possible, right?
Of course not. Well I raised the ticket, I made it critical and personally went to the ceo to make sure its prioritized. The next day I get an email from jira that the issue now was minor because "its in the code since 2017 and wasn't exploited".

Well, long story short, I argued a lot and in the end it came to the point where I, as QA, wrote a fix to create a proper token because management just "didn't see the need" to secure such a "hard to find problem". Well, before that I sent them a zip file containing 84 pdfs I scrapped in a night and the message that they can be happy I signed an NDA.

Gdpr thing aside...

Does anybody read the new policy...

I just did for 2 apps (intel driver software and 9ga.. You know it)...

On the things that they collected on the side without you knowing include:
9ga:
Device memory, language, battery level, timezone, unique device identifiers, compass, accelorometer and microphone... Even service provider and signal strength

Intel:
Website you visit, how you use your computer(vague too vague) and computing environment.

Did anybody knew for sure before this that their apps are listening to them? That they just made a profile of you with all the data?

With all this they dont even need your ip they already know who you are and what you do on a daily basis...

There are 20 more but it will be waaay too much to write about. These 2 are way worse since 9ga doesnt use microphone for anything... And why a driver reads what websites i am going to?

My own cloud service. Mainly because of privacy reasons, but also playing around with servers can be fun. Before you know it you've got your own Spotify, Netflix, Google Drive, Last Pass etc... Without sacrificing all of you data :)

Sure, at first it may be a bit expensive because you have to get a server, but you don't need a crazy server to run these things, if you've got an old pc or laptop laying around you can use that too (in that case setting up your own cloud services is practically free).

A service had/has been logging hundreds of errors in the development environment and I reached out to the owning process mgr that the error was occurring and perhaps a good opportunity to log additional data to help troubleshoot the issue if the problem ever made its way to production. He responded saying the error was related to a new feature they weren't going to implement in the backing dev database (TL;DR), and they know it works in production (my spidey sense goes off).
They deployed the changes to production this morning and immediately starting throwing errors (same error I sent)
Mgr messaged me a little while ago "Did you make any changes to the documentation service? We're getting this error .."

50% sure someone misspelled something in a config, but only thing they are logging is 'Unable to parse document'. Nothing that indicates an issue with the service they're using.

A couple of years ago, we decide to migrate our customer's data from one data center to another, this is the story of how it goes well.

The product was a Facebook canvas and mobile game with 200M users, that represent approximately 500Gibi of data to move stored in MySQL and Redis. The source was stored in Dallas, and the target was New York.

Because downtime is responsible for preventing users to spend their money on our "free" game, we decide to avoid it as much as possible.

In our MySQL main table (manually sharded 100 tables) , we had a modification TIMESTAMP column. We decide to use it to check if a user needs to be copied on the new database. The rest of the data consist of a savegame stored as gzipped JSON in a LONGBLOB column.

A program in Go has been developed to continuously track if a user's data needs to be copied again everytime progress has been made on its savegame. The process goes like this: First the JSON was unzipped to detect bot users with no progress that we simply drop, then data was exported in a custom binary file with fast compressed data to reduce the size of the file. Next, the exported file was copied using rsync to the new servers, and a second Go program do the import on the new MySQL instances.

The 1st loop takes 1 week to copy; the 2nd takes 1 day; a couple of hours for the 3rd, and so on. At the end, copying the latest versions of all the savegame takes roughly a couple of minutes.

On the Redis side, some data were cache that we knew can be dropped without impacting the user's experience. Others were big bunch of data and we simply SCAN each Redis instances and produces the same kind of custom binary files. The process was fast enough to launch it once during migration. It takes 15 minutes because we were able to parallelise across the 22 instances.

It takes 6 months of meticulous preparation. The D day, the process goes smoothly, but we shutdowns our service for one long hour because of a typo on a domain name.

For fuck sake!
Fuck locatefamily.com, just searched out on google my name and surname, both foreign and hard to even spell out for many, and it's the first time that I saw my data(where did I live, my current work phone number, name and surname) open wide as the second link of my search, fuck!

But there's a clue, at that address I lived for a not so long period, so I did search my emails in that period and other than my employers and government emails(in which I don't trust either), here's a list of companies that had my info(partial or full):
Only address(with name and surname):

Amazon.it with 14 other companies(for shipping)
eBay with 4 other companies(for shipping)
voxelfarm.com
trenord.it
DUMA (LIGHT) di Adel
decathlon.com
gruppoargenta.it
paypal.it

All info:
gearbest.com
glistockisti.com
oculus.com
Banggood.com

Overall there are 33(including government, employers and national main mail service) potential leaks of that data, with 7 in full exposure.

After this, I'm thinking how it's even avoidable to not leak personal data, because from any of those businesses I got goods or services that otherwise I couldn't without exposing such informations... fuck.

In today's episode of kidding on SystemD, we have a surprise guest star appearance - Apache Foundation HTTPD server, or as we in the Debian ecosystem call it, the Apache webserver!

So, imagine a situation like this - Its friday afternoon, you have just migrated a bunch of web domains under a new, up to date, system. Everything works just fine, until... You try to generate SSL certificates from Lets Encrypt.

Such a mundane task, done more than a thousand times already... Yet... No matter what you do, nothing works. Apache just returns a HTTP status code 403 - Forbidden.

Of course, what many folk would think of first when it came to a 403 error is - Ooooh, a permission issue somewhere in the directory structure!

So you check it... And re-check it to make sure... And even switch over to the user the webserver runs under, yet... You can access the challenge just fine, what the hell!

So you go deeper... And enable the most verbose level of logging apache is capable of - Trace8. That tells you... Not a whole lot more... Apparently, the webserver was unable to find file specified? But... Its right there, you can see it!

So you go another step deeper and start tracing the process' system calls to see exactly where it calls stat/lstat on the file, and you see that it... Calls lstat and... It... Returns -1? What the hell#2!

So, you compile a custom binary that calls lstat on the first argument given and prints out everything it returns... And... It works fine!

Until now, I chose to omit one important detail that might have given away the issue to the more knowledgeable right away. Our webservers have the URL /.well-known/acme-challenge/, used for ACME challenges, aliased somewhere else on the filesystem - To /tmp/challenges.

See the issue already?

Some *bleep* over at the Debian Package Maintainer group decided that Apache could save very sensitive data into /tmp, so, it would be for the best if they changed something that worked for decades, and enabled a SystemD service unit option "PrivateTmp" for the webserver, by default.

What it does is that, anytime a process started with this option enabled writes to /tmp/*, the call gets hijacked or something, and actually makes the write to a private /tmp/something/tmp/ directory, where something... Appeared as a completely random name, with the "apache2.service" glued at the end.

That was also the only reason why I managed fix this issue - On the umpteenth time of checking the directory structure, I noticed a "systemd-private-foobarbas-apache2.service-cookie42" directory there... That contained nothing but a "tmp" directory with 777 as its permission, owned by the process' user and group.

Overriding that unit file option finally fixed the issue completely.

I have just one question - Why? Why change something that worked for decades? I understand that, in case you save something into /tmp, it may be read by 3rd parties or programs, but I am of the opinion that, if you did that, its only and only your fault if you wrote sensitive data into the temporary directory.

And as far as I am aware, by default, Apache does not actually write anything even remotely sensitive into /tmp, so...

Why. WHY!
I wasted 4 hours of my life debugging this! Only to find out its just another SystemD-enabled "feature" now!

And as much as I love kidding on SystemD, this time, I see it more as a fault of the package maintainers, because... I found no default apache2/httpd service file in the apache repo mirror... So...

So yeah XML is still not solved in year 2018. Or so did I realize the last days.
I use jackson to serialize generic data to JSON.

Now I also want to provide serialization to XML. Easy right? Jackson also provides XML serialization facitlity similar to JAXB.

Works out of the box (more or less). Wait what? *rubbing eyes*

<User>
<pk>234235</pk>
<groups typeCode="usergroup">
<pk>6356679041773291286</pk>
</groups>
<groups typeCode="usergroup">
<pk>1095682275514732543</pk>
</groups>
</User>

Why is my groups property (java.util.Set) rendered as two separate elements? Who the fuck every though this is the way to go?

So OK *reading the docs* there is a way to create a collection wrapper. That must be it, I thought ...

<User typeCode="user">
<pk>2540591810712846915</pk>
<groups>
<groups typeCode="usergroup">
<pk>6356679041773291286</pk>
</groups>
<groups typeCode="usergroup">
<pk>1095682275514732543</pk>
</groups>
</groups>
</User>

What the fuck is this now? This is still not right!!!

I know XML offers a lot of flexibility on how to represent your data. But this is just wrong ...

The only logical way to display that data is:
<User typeCode="user">
<pk>2540591810712846915</pk>
<groups>
<groupsEntry typeCode="usergroup">
<pk>6356679041773291286</pk>
</groupsEntry>
<groupsEntry typeCode="usergroup">
<pk>1095682275514732543</pk>
</groupsEntry>
</groups>
</User>

It would be better if the individual entries would be just called "group" but I guess implementing such a logic would be pretty hard (finding a singular of an arbitrary word?).

So yeah theres a way for that * implementing a custom collection serializer* ... wait is that really the way to go? I mean common, am I the only one who just whants this fucking shit just work as expected, with the least amount of suprise?
Why do I have to customize that ...

So ok it renders fine now ... *writes test for it+
FUCK FUCK FUCK. why can't jackson not deserialize it properly anymore? The two groups are just not being picked up anymore ...

SO WHY, WHY WHY are you guys over at jackson, JAXB and the like not able to implement that in the right manner. AND NOT THERE IS ONLY ONE RIGHT WAY TO DO IT!

*looks at an apple PLIST file* *scratches head* OK, gues I'll stick to the jackson defaults, at least it's not as broken as the fucking apple XML:

<plist version="1.0">
<dict>
<key>PayloadOrganization</key>
<string>Example Inc.</string>
<key>PayloadDisplayName</key>
<string>Profile Service</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist

I really wonder who at apple has this briliant idea ...

The company I work for used to be hosted on 3dcart. One day the site went down and their support couldn't tell us why. After over 24 hours of downtime they restored service but left 5 days of all records and customizations across the entire store, from the DB to the damn templates. Their support apologized for the outage blaming the disaster on a combination of hard disk failure and a bad update to their backup script. They were not willing to assist us in any way. We were forced to manually enter 5 days of orders (which gave them new order numbers and caused more problems), products and template changes, with order data coming from an internal email which was luckily CC'd on the order confirmation email. Thank God for whoever setup that CC, it saved our asses. In the end it cost our company thousands of dollars and 3dcart never composited us in any way.

Conversation yesterday (senior dev and the mgr)..

SeniorDev: "Yea, I told Ken when using the service, pass the JSON string and serialize to their object. JSON eliminates the data contract mismatch errors they keep running into."
Mgr: "That sounds really familiar. Didn't we do this before?"
SeniorDev: "Hmmm...no. I doubt anyone has done this before."
Me: "Yea, our business tier processor handled transactions via XML. It allowed the client and server to process business objects regardless of platform. Partners using Perl,
clients using Delphi, website using .aspx, and our SQLServer broker even used it."
Mgr: "Oh yea...why did we stop using it?"
Me: "WCF. Remember, the new dev manager at the time and his team broke up the business processor into individual WCF services."
Mgr: "Boy, that was a crap fest. We're still fighting bugs from the mobile devices. Can't wait until we migrate everything to REST."
SeniorDev: "Yea, that was such a -bleep-ing joke."
Me: "You were on Jake's team at the time. You were the primary developer in the re-write process saying passing strings around wasn't the way true object-oriented developers write code.
So it's OK now because the string is in JSON format or because using a JSON string your idea?"

SeniorDev turns around in his desk and puts his headphones back on.

That's right you lying SOB...I remember exactly the level of personal attacks you spewed on me and other developers behind our backs for using XML as the message format.

Keep your fat ass in your seat and shut the hell up.

Pulled into an 'emergency' meeting with a group of web designers deeply concerned a particular service wasn't going to meet all their requirements.
DevA: "For each page, Its going to be A LOT of work to retrieve all the data and store it's state. Every page load will require a round trip to the service."
DevB: "Yes, we aren't sure how the service should be changed to do what we need."
Mgr: "What is it not doing now? Doesn't the service already returns all the necessary data?"
DevA: "Well...um...its all the boolean fields. Some may be defaulted from the database or false because the user unchecked the box. We have to know which is which"
Me: "Why? Are you doing anything different in the UI? Checkbox will be true or false. What or who set that value is irrelevant"
DevC: "Well, it matters if the user didn't fill out all other other values."
Me: "How so?"
DevA: "Its matters because the values in the other fields. Its going to be A TON of work to figure out."
<mgr goes to the white board>
Mgr: "Lets map this out...what fields are you needing to trigger the state on?"
DevA: "Um...uh...the 'Approved' field...and um...'OK to Contact' field"
Mgr: "Just those two?"
DevA: "Yea..um...there are other fields, but whether or not to show the edit box depends on those two."
Me: "The service already returns data, you only have two fields to check? I don't see a need to change the service at all."
DevA: "Returning all that data, we are going have a serious scaling problem. We'll be hitting the service A LOT. All that javascript could cause performance problems too"
Me: "How much data are we talking about? Name, address, couple of booleans?"
DevA: "I have to serialize the data. All that logic is going to be reeeaaallly complicated. It might be better if the service returned only the data I need."
Me: "$64,000 question, how often is this feature going to be used on the web site? Maybe once? Few hundred a week?"
Mgr: "We have no idea. A lot of the data will be pre-populated and we're only sending out a few thousand invitations. More around the holidays...but honestly, not very many."
Me: "Changing that service only for this particular area of the web site isn't going to happen. Changing the UI is the only course of action."
DevA: "Oh frack I can't wait until this project is over."

DevA...how the funck do still have a job here? You wasted about half-hour of my time with your cry-baby crap. Where is my hammer...no...no..don't go there...ahhh...thanks devrant. Prison sentence diverted.

It's sometimes really anxiety inducing thinking that all data could be gone, if somebody decides to kill/discontinue/crash [see gitlab shitting 6 hours of data due to fucked backup strategy and shitty seperation of servers] your account/service, be it server, git-repos, backups, chrome syncs, games, music, sim card, ..

But there's simply no way of having a backup of absolutely everything (ignore DRM) - especially automated and abstracted away from you, so you don't have to do all that shit yourself

its been there since many years, but:

When did we turned the wrong way and made it acceptable that Windows can blantly say in my face that i cannot deactivate the transmission of data unless i have the "Business" Variant of their Software. Its called Windows 10 PROFESSIONAL. Why are there no international Laws against that? Where was the molotov throwing mob when this became the norm?

Additonally. that cute telemetry service consumes a considerable amount of cpu and disk power from time to time.

and no, Linux is not an alternative. It never was. There is proprietary software and driver sets used for lab equipment and machines that cannot run under linux, noone will ever have the time to tool something for it and the user base is too specific to hope for any community solution.

sidenote: even Level 0 STILL transmits data. I want mode -1

Have you ever had the moment when you were left speechless because a software system was so fucked up and you just sat there and didn't know how to grasp it? I've seen some pretty bad code, products and services but yesterday I got to the next level.

A little background: I live in Europe and we have GDPR so we are required by law to protect our customer data. We need quite a bit to fulfill our services and it is stored in our ERP system which is developed by another company.

My job is to develop services that interact with that system and they provided me with a REST service to achieve that. Since I know how sensitive that data is, I took extra good care of how I processed the data, stored secrets and so on.

Yesterday, when I was developing a new feature, my first WTF moment happened: I was able to see the passwords of every user - in CLEAR TEXT!!

I sat there and was just shocked: We trust you with our most valuable data and you can't even hash our fuckn passwords?

But that was not the end: After I grabbed a coffee and digested what I just saw, I continued to think: OK, I'm logged in with my user and I have pretty massive rights to the system. Since I now knew all the passwords of my colleagues, I could just try it with a different account and see if that works out too.

I found a nice user "test" (guess the password), logged on to the service and tried the same query again. With the same result. You can guess how mad I was - I immediately changed my password to a pretty hard.

And it didn't even end there because obviously user "test" also had full write access to the system and was probably very happy when I made him admin before deleting him on his own credentials.

It never happened to me - I just sat there and didn't know if I should laugh or cry, I even had a small existential crisis because why the fuck do I put any effort in it when the people who are supposed to put a lot of effort in it don't give a shit?

It took them half a day to fix the security issues but now I have 0 trust in the company and the people working for it.
So why - if it only takes you half a day to do the job you are supposed (and requires by law) to do - would you just not do it? Because I was already mildly annoyed of your 2+ months delay at the initial setup (and had to break my own promises to my boss)?

By sharing this story, I want to encourage everyone to have a little thought on the consequences that bad software can have on your company, your customers and your fellow devs who have to use your services.
I'm not a security guy but I guess every developer should have a basic understanding of security, especially in a GDPR area.

Management directed a 2-month project including 5 developers, 3 DBAs, plus Q&A to replace a SOAP service that retrieved data from a single table. End result, project lasted 9+ months, 5 spectacular failed 3:00AM deployments, and a WCF service that retrieved data from a single table. Justification? Management wanted to eliminate SOAP, because SOAP uses XML and XML is slow. Thank goodness no one opened up Fiddler to see how WCF communicates.

I - Lets move your database to mlab. They offer 512mb database for free, every month. That is beyond your lifetime usage

Client - No. They Steal Data ( Like Facebook )

And client don't know a shit about mlab and development. Aware of quite a few names, bigrock, godaddy, bluehost. Even AWS is not in the list

- mlab is mongodb database service

Can't get over how many big companies get away with poor/no documentation for their own APIs. The past week i have been working with a large insurance company that only via email threads explained what endpoint to send files to and what username I could use to get this to work.

I also worked with a major courier service last month that only had a two page document for all their methods and one of the pages was explaining the transportation of data via imagery haha.

Listened for about a half-hour yesterday to DevA ‘beat down’ DevB writing a console app for trying out a proof-of-concept idea he had.

DevB: “What’s the URL of the development server?”
DevA: “Why? What are you doing?”
DevB: “I’m needing to throw some messages to it so I can capture data for something I’m working on.”
DevA: “How are you calling the service?”
DevB: “I wrote a console app”
- you could almost hear the eye roll -
DevA: “A console app? Why in the world would you write a console app?”
DevB: “Oh..um..no reason. I just need log some test data for something I’m playing around with. How should I do it?”
DevA: “If it’s test data, you should have wrote a unit test. You see, unit tests …”
- yammer on and on for about 5 minutes about the virtues of unit tests…never really explaining anything -
DevB: “Yea, I’m not needing to test the result or anything. I just need to log some data.”
DevA: “Then you should use a unit test for that, not a console app. With a unit test, you’ll be able to validate the data. That’s what unit tests are for. Microsoft should have never put in console apps in Visual Studio. It just leads to bad coding practices.”
DevB: “Um…I don’t care. It’s a console app because I just need data…thanks anyway”

Today, DevC was talking to DevA

DevC: “Charlie is testing the order module, but there isn’t any test data. Do you still have the data generating script?”
DevA: “Oh yea, I’ll send him my console app that populates the database.”

It was all I could do from screaming “You stupid –bleep-er!! What the f–bleep-ck was all that yesterday?!”, but none of my business. Better to devrant about it than start a fight.

The absolutely terrible and anti-customer "service" provided by Comcast should be illegal.

My bill went up $25 this month without any warning whatsoever, and all I get is their braindead AI they are training with customer voice data. So I shout jibberish into it until it connects me to a human.

I have actual choices where I live, so I'm going to cancel.

This post is kinda late. For those who haven't read my previous rants, a marketing coworker bragged about a feature that we hadn't yet finished. (I'm thinking that they perhaps did it to put extra pressure on the dev team 🤔.) Of course it backfired pretty bad, because this feature was a plug-in for another service, and even though the dev team was on time with the feature, the other service we were writing a plug-in for took _sooo_ long to approve of our code, and it made this marketing guy look so bad in front of these clients because the feature was a few weeks late.

A part of the new feature was that some of their data would be synced with this service. These customers were so important that we couldn't afford to disappoint them, and the solution was... *drumroll please* ... that this marketing guy would have to manually copy the customer's data from the service into our platform to make the customer think this feature is ready. Row by row. I'm hearing it takes about one hour of their day 🤣

I mean I'm good friends with the guy but... they kinda deserved it

I just officially graduated from a web dev program and it feels...

Very underwhelming.

Learned ES6, React, Webpack, service workers, offline databases, accessibility, (...bla bla bla)

And my knowledge with data structures and algorithms isn't even that great yet.

I look at the stuff I still don't know and wonder if I'll ever be comfortable with my level of expertise.

Forgot to do server side verification.

As the service (an injectable game) was expanding and the old system relied on server side calculation without anything returned from the user, the expansion was done a little too fast.
The result could have been anyone passing wrong data and receiving the grand price like a holiday worth $10k. Quick fix ...

When you were clever and improved the data quality of the address database by using your companies web service in a batch job for 10M records just to find out that each call costs 10 cents...

So I am a Junior Dev in this small company. We have different tasks for the current sprint so I don't care what my teammates are doing. Then came the integration of our works, where a Mid Dev was assigned to create a Carting/Basket service. As we are integrating, I noticed that we are passing data to his service as is. We are passing the price, item name, etc. on his API. I asked him why the fuck are we not passing the IDs of the items instead. He didn't understand what I'm saying and instead defended his work. I showed him how I was able to manipulate the total amount of items I added to cart. He wasted almost 6 days of developing. Ughh.

IT CAN'T BE THAT HARD

1) A CONTROLLER RETURNS HTTP RESPONSES, computed using data received from
2) A SERVICE\MANAGER\YOURMOTHER, which fetches data from a DB\external service\whatever

LITERALLY 2 FUCKING STEPS. I'LL TAKE THAT "SENIOR" IN YOUR TITLE AND CHISEL IT ON YOUR FOREHEAD SO YOU'LL REMEMBER WHAT YOU'RE SUPPOSED TO BE WHEN YOU COMMIT THIS FUCKING GARBAGE

So for those of you keeping track, I've become a bit of a data munger of late, something that is both interesting and somewhat frustrating.

I work with a variety of enterprise data sources. Those of you who have done enterprise work will know what I mean. Forget lovely Web APIs with proper authentication and JSON fed by well-known open source libraries. No, I've got the output from an AS/400 to deal with (For the youngsters amongst you, AS/400 is a 1980s IBM mainframe-ish operating system that oriiganlly ran on 48-bit computers). I've got EDIFACT to deal with (for the youngsters amongst you: EDIFACT is the 1980s precursor to XML. It's all cryptic codes, + delimited fields and ' delimited lines) and I've got legacy databases to massage into newer formats, all for what is laughably called my "data warehouse".

But of course, the one system that actually gives me serious problems is the most modern one. It's web-based, on internal servers. It's got all the late-naughties buzzowrds in web development, such as AJAX and JQuery. And it now has a "Web Service" interface at the request of the bosses, that I have to use.

The programmers of this system have based it on that very well-known database: Intersystems Caché. This is an Object Database, and doesn't have an SQL driver by default, so I'm basically required to use this "Web Service".

Let's put aside the poor security. I basically pass a hard-coded human readable string as password in a password field in the GET parameters. This is a step up from no security, to be fair, though not much.

It's the fact that the thing lies. All the files it spits out start with that fateful string: '<?xml version="1.0" encoding="ISO-8859-1"?>' and it lies.

It's all UTF-8, which has made some of my parsers choke, when they're expecting latin-1.

But no, the real lie is the fact that IT IS NOT WELL-FORMED XML. Let alone Valid.

THERE IS NO ROOT ELEMENT!

So now, I have to waste my time writing a proxy for this "web service" that rewrites the XML encoding string on these files, and adds a root element, just so I can spit it at an XML parser. This means added infrastructure for my data munging, and more potential bugs introduced or points of failure.

Let's just say that the developers of this system don't really cope with people wanting to integrate with them. It's amazing that they manage to integrate with third parties at all...

It took me like 3 hours to install stupid mariadb on my fucking arch. From the service not beeing able to start over not finding the correct base dir to permission problems in the data dir.
Well, after reading the wiki it was actually pretty easy (only minor problems) ...

Today I learned two things:
- I must be fucking dumb
- Reading the manual instead of guessing helps a lot when installing stuff on linux

i had to deliver roughly 250 gb of data. after two days he received it. on a hard drive. by parcel service.
sending it online it would have been done by the next but two weeks. what a brave new world. (still better that uruguay)

Shower thoughts: Someone should infiltrate the NSA and create a backdoor. Then, with all the data NSA has, he could make the most efficient and successful dating service, which doesn't even need any rightleftmitchmatchbullshit, because it instantly knows who the perfect one is.

New twist on an old favorite.

Background:
- TeamA provides a service internal to the company.
- That service is made accessible to a cloud environment, also has a requirement to be made available to machines on the local network so you can develop against it.
- Company is too cheap/stupid to get a s2s vpn to their cloud provider.
- Company also only hosts production in the cloud, so all other dev is done locally, or on production non-similar infra, local dev is podman.
- They accomplish service connectivity by use of an inordinately complicated edge gateway/router/firewall/message translator/ouija board/julienne fry maker, also controlled by said service team.

Scenario:
Me: "Hey, we're cool with signing requests using an x509 cert. That said, doing so requires different code than connecting to an unsecured endpoint. Please make this service accessible to developer machines and lower environments on the internal network so we can, you know, develop."
TeamA: "The service should be accessible to [cloud ip range]"
Me: "Yes, that's a production range. We need to be able to test the signing code without testing in production"
TeamA: "Can you mock the data?"
Me: "The code we are testing is relating to auth, not business logic"
TeamA: "What are you trying to do?"
Me: "We are trying to test the code that uses the x509 you provide to connect to the service"
TeamA: "Can you deploy to the cloud"
Me: "Again, no, the cloud is only production per policy, all lower environments are in the local data center"
TeamA: "can you try connecting to the gateway?"
Me: "Yes, we have, it's not accessible, it only has public DNS, and only allows [cloud ip range]"
TeamA: "it work when we try it"
Me: "Can you please supply repro steps so we can adjust our process"
TeamA: "Yes, log into the gateway and try issuing the call from there"
Me: (╯°□°)╯︵ ┻━┻

tl;dr: Works on my server

I just used booking.com and good fucking god is the whole website a shit infested hell hole. They use scammiest and pushiest techniques to make you book a place asap without giving you space to breathe and read details.

They try to obfuscate what's actually necessary with what they want to take from you. For example just before reserving a room there's a checkbox that's close enough to words "terms and conditions" and "privacy policy" for unsuspecting user to habitually check it to proceed. However, you clicking "reserve" is considered your consent and that checkbox simply adds your email to their spamming list.

There are countless examples of absolute asshole design within every inch of that place and I don't even want to imagine what they do with my data.

Suffice to say this was the first and last time I will use their services and if I were to give any advice, is "don't be the dick responsible for website/app/service similar to booking.com"

What cloud service does DevRant use?

Aws Or Azure?
And how much do you pay a month for maintenance costs?

What tables to store data? MongoDB, dynamoDB, oracle?
Or S3 streams?

Just wondering.

Everytime you tell yourself "This time I'm going to make them stop putting the cart before the horse again!!! No more forced shit implementations!!! NO MORE ! I'm strong!!"

The last hour in the next week:
- Selinux: off
- Firewall: Any-Any
- Application data: Everything installed on OS disc.
- Documentation: At best, someone remembers the server supposed-to-be dns record
- Service Accounts: Your domain admin account and sysadmin for databases.
- Patching: DON'T EVER THINK ABOUT IT..AND NO REBOOTING! I have set very important runtime variables.
- Backup: Maybe someone else will set this up.
- Monitoring: Not needed since clients will create tickets if system fails.
- Production Status: vague at best. Sort of silently transitioned to production.
- Handover status: Probably, but I quit before the project closed.

!

Ever have one of those moments where you're running a service you built to update about a decade worth of police records, realize about halfway through that you fucked the loop and you're copying data from the first record onto every other record, and then just really wish that you had checked things better in test before running this on the prod server?

I'm sure the only reason I'm still here is because the audit log contained the original values and I'm good at pulling data out of it.

So I quit after 10 years of service to start my own company. Never had the resources or tools to put the full documentation effort in unfortunately. Trying my best for a handover. The board have started to treat me like shit, no respect after a decade of propping these assholes up. I have offered my services post employment but they are being difficult.

Just got an email and call from our data centre... they are shutting down the site and can't relocate our boxes physically due to the ip ranges in use. Only option is to migrate the sites and code to new boxes. Which means patching of db and code for newer versions.

Do I leave them with this mess since they are being assholes or try to sort it properly in my last few weeks while I also document..

Last year I was asked to optimize a code in our legacy portal (yet to be replaced with the new portal). The legacy system didn't have a design phase. Straight away went to development by whatever developer available at that time.
It was seriously fucked up.

So I went and had a look at the vanilla PHP code that served data for a datatable.
** I nearly fainted **

A query was done to get data from a table without any joins.
Then for loop to display those data.
Then inside for loop, for every single column that gets data from a related table there's a fucking query.
Eg: select * from users where.... to display username. Then again select * from users where..... to display user's email, then another query for his phone number. Then another query to get service providers name, then another to get their phone number.

I think the guy who did it wrote his first hello world app with a bunch of queries and sent it to production. No one bothered to check until 4 years later when it slowed down like a friggin snail.
I'm surprised it even survived that long.

A follow up about Mozilla IRL spotify radio.

Very interesting talk relates to internet and privacy in gerenal. (Not about programming btw)

Eg: Bose headphone app sends your data to data broker,
which ransomware rated with top customer service,
how to setup a bait for catching Twitter bots

It feels like Mozilla is fighting for justice.
I'm totally sold.

FUCK YOU TO GODDAMN MICROSERVICE ARCHITECTURE!

I just want to be able to extensively test stuff on my machine before shipping it instead of being able to test it only partially because shit depends of tons of stuff unavailable locally, get dozens of messages from teammates when unforseeable circumstances (bad data items on the shared noSQL DB created by other services which makes mine fail, cloud issues...) makes my service return 500 and then struggle in tracing the problem because there they're just too many layers of shit to manually inspect.

I can't wait to move towards iOS or desktop development.

Working for one of our oldest customer, in some serious old, ugly and outdated code(web service).
The dev db doesn't contain any relevant data.
The QA service points to production, so can't use it for any tests.
My contact, at the customer, is going on vacation tomorrow.
Their pm is going on vacation next Friday.
No time for refactoring, db data updates or otherwise do important and much needed updates.
They want it to be done yesterday.

FML.

I think the fact that even Apple can't unlock your phone if you forget your passcode proves that they use very naive encryption method.

Suppose my data is "Hey This is Some Data" and Passcode is 1234, I could just Jumble this data using that passcode and It will be difficult to decrypt without Passcode. And If data is huge, it will be fairly impossible to do so. But that doesn't make it a good encryption method.

Such encryption, though safe is not practical, Imagine if there was no "Forget Password" Option on any account, I usually forgot my password very often when I was a child.

Apple has been doing such things for years, Using Bad things as a selling point. Apple users are dumb anyways because they don't want to control their phone.

Reset Password is a weak point which might be exploited but in such cases, usability is more important than security. Any service which doesn't allow resetting Password is a shitty service and I would never use such a service, They are too naive.

Today a company we work together to provide a service for a government sent us an update about the installation of the successor of the most hideous Data storage I had ever worked with. The successor comes from the same company and provided the previous one. Anyways, went like this:

"Even after a full day of installing/migrating the software, we could not complete the task.

The installation failed multiple times due to errors from the installer, as well as missing, undocumented dependencies.

According to our developers the installation process is miles away from a normal installation process for this day and age. Our developers often have to research errors on their own or ask the provider for assistance.

We cannot estimate when we will be able to complete the installation."

I've felt pain and sadness while reading that...

I'll try to pay back some smaller credit by one large credit...

Hence I need to contact the banks and get one (!) fucking frigging stupid piece of paper which lists the account number and the amount of money I need to pay back.

Sounds simple ...

Well.

One bank just answered my email request by sending me that piece of paper. Except they didn't have any validation of my identity.

Yes. They answered the request of 'I want to pay back the credit in full, can u send me the necessary documents?' (more formal of course) with confidential data without any more credibility than my email address.

YAY.

Another bank requests a telephone call for identity validation and sending back a signed form via postal service...

Another bank just needs a PDF sent via mail with an electric signature (yeah. They were aware of what that means - I was shocked and confused) or a "qualified signature matching previous documents" (translated from German).

The last one offers a WhatsApp number - send a GIF / JPG or video and we answer directly.

I need to reach a higher state than drunk.

It's not funny to know how confidential data gets mistreated by companies who should have the highest security.

Customer: You say you connect to XYZ service, but my data is not getting synced!

*checks their account*
Me: I see you have not integrated your two accounts. Go to Settings > Integrations > Connect to XYZ.

C: Why? But you already connect XYZ! You should already know all of my data!

FUCK SPAM !
If you are like me and register to many services online and get spammed with spam (duh) and want to know which services is selling your data , you can register with an email like this :
let's say your email is johndoe@gmail.com
and want to register to Service you can put johndoe+service@gmail.com and mails will still reach johndoe@gmail.com but appear as To : johndoe+service@gmail.com so then you can rant about how Service is selling your data.
credits to reddit.

"Our Data Service comes PRE-P0WN'D"

Those SHIT-FOR-BRAINS data service providers GLOAT that their data can be natively integrated into most BI platforms, no code required.
How? Because they will EXPOSE THE ENTIRE FUCKING THING ON THE INTERNET.
LITERALLY.
UNAUTHENTICATED URL WITH THE ENTIRE DATASET.
STATIC. WON'T EVER FUCKING CHANGE.
NO VPN REQUIRED. NO AUTHENTICATION HEADERS. NO IN-TRANSIT ENCRYPTION.

"It is safe! No one will know the secret token that is a parameter in the url"
BLOODY BYTE BUTTS, BATMAN! IT IS A FUCKING UNAUTHENTICATED URL THAT DOES NOT REQUIRES RENEWAL NOR A VPN, IT WILL LEAK EVENTUALLY!

That is the single fucking worst SELF-P0WN I have ever seen.
Now I know why there are fucking toddlers "hacking" large scale databases all over the globe.
Because there are plenty of data service providers that are FUCKING N00BS.

Since, I am already using Mullvad's vpn service, I also stumbled on https proxies.
Is it still safe to enter my devRant login data, when I would use a https proxy in FF's settings?
The Proxy is a free elite https proxy.
And devRant also uses SSL.
The traceroute would seem like this I guess.:
VPN(*le me sendin my password -> SSL Proxy -> SSL DevRant)
--------------------
Following that path, I would assume that it would be like this in detail:
HTTPS Request
-PW gets encrypted by VPN service
-" " " again " HTTPS Proxy
-" " " again " devRant itself

Brave Browser.

There’s a reason why brave is generally advised against on privacy subreddits, and even brave wanted it to be removed from privacytools.io to hide negativity.

Brave rewards: There’s many reasons why this is terrible for privacy, a lot dont care since it can be “disabled“ but in reality it isn’t actually disabled:

Despite explicitly opting out of telemetry, every few secs a request to: “variations.brave.com”, “laptop-updates.brave.com” which despite its name isn’t just for updates and fetches affiliates for brave rewards, with pings such as grammarly, softonic, uphold e.g. Despite again explicitly opting out of brave rewards. There’s also “static1.brave.com”

If you’re on Linux curl the static1 link. curl --head
static1.brave.com,
if you want proof of even further telemetry: it lists cloudfare and google, two unnecessary domains, but most importantly telemetry domains.

But say you were to enable it, which most brave users do since it’s the marketing scheme of the browser, it uses uphold:

“To verify your identity, we collect your name, address, phone, email, and other similar information. We may also require you to provide additional Personal Data for verification purposes, including your date of birth, taxpayer or government identification number, or a copy of your government-issued identification
Uphold uses Veriff to verify your identity by determining whether a selfie you take matches the photo in your government-issued identification. Veriff’s facial recognition technology collects information from your photos that may include biometric data, and when you provide your selfie, you will be asked to agree that Veriff may process biometric data and other data (including special categories of data) from the photos you submit and share it with Uphold. Automated processes may be used to make a verification decision.”

Oh sweet telemetry, now I can get rich, by earning a single pound every 2 months, with brave taking a 30 percent cut of all profits, all whilst selling my own data, what a deal.

In addition this request: “brave-core-ext.s3.brave.com” seems to either be some sort of shilling or suspicious behaviour since it fetches 5 extensions and installs them. For all we know this could be a backdoor.

Previously in their privacy policy they shilled for Facebook, they shared data with Facebook, and afterwards they whitelisted Facebook, Twitter, and large company trackers for money in their adblock: Source. Which is quite ironic, since the whole purpose of its adblock is to block.. tracking.

I’d consider the final grain of salt to be its crappy tor implementation imo. Who makes tor but doesn’t change the dns? source It was literally snake oil, all traffic was leaked to your isp, but you were using “tor”. They only realised after backlash as well, which shows how inexperienced some staff were. If they don’t understand something, why implement it as a feature? It causes more harm than good. In fact they still haven’t fixed the extremely unique fingerprint.

There’s many other reasons why a lot of people dislike brave that arent strictly telemetry related. It injecting its own referral links when users purchased cryptocurrency source. Brave promoting what I’d consider a scam on its sponsored backgrounds: etoro where 62% of users lose all their crypto potentially leading to bankruptcy, hence why brave is paid 200 dollars per sign up, because sweet profit. Not only that but it was accused of theft on its bat platform source, but I can’t fully verify this.

In fact there was a fork of brave (without telemetry) a while back, called braver but it was given countless lawsuits by brave, forced to rename, and eventually they gave up out of plain fear. It’s a shame really since open source was designed to encourage the community to participate, not a marketing feature.

Tl;dr: Brave‘s taken the fake privacy approach similar to a lot of other companies (e.g edge), use “privacy“ for marketing but in reality providing a hypocritical service which “blocks tracking” but instead tracks you.

Every single time I present a tool for data visualization:

"Oh that's great! Have you considered integrating it with service XYZ? It would be great to see the data from XYZ alongside this."

The answer I would like to give:

"No, you retard! Nobody gives a fuck about your crappy service! Nobody uses it, not even your own team! This is the 10th service that I've been asked to integrate and I don't have time to dig into the details of yet-another-shit. If you have time to waste, please go ahead but don't bother me."

Ideas:

1. Scrape github

2. Attach feature size estimate (an abstract scale) as examples across many projects.

3. Use this as prompt/finetunning data.

4. Train and prompt on project descriptions relative to feature size and number of contributors/changes in the changelog.

5. Package and release a model that takes descriptions of ideas and generates reasonable estimates of time and manpower.

6. Optional, sell as an estimate service to corporate and make money introducing some sanity to the world for a change.

We are researching enhancing our current alerting system (we use Splunk) to be 'smarter' about who is emailed/texted/whatever when there are problems in our applications.

Currently, if there are over 50 errors logged within a 15 minute period, a email/phone/text blast to nearly 100 individuals ranging from developers, network admins, DBAs, and vice presidents.

Our plan is to group errors by team and let each team manage their own applications. Alert on 1 error, 5, 500...we don't care, let the team work out the particulars.

The trick was interfacing with Splunk's API (that's a long rant by itself)

In about a day or so I was able to use Splunk's WebHook feature to notify a WebAPI service I threw together to send myself an email with details about the underlying data (simulating the kind of alert we would send to the team)

I thought ...cool... it worked. Show it off to the team, most thought it was a good start, except one:

Dev: "The errors are not grouped by team."
Me: "No, I threw the webapi service together to demonstrate how we can extract the splunk bits to get access to the teams"
Dev: "Well...this won't work at all."
Me: "Um..what?"
Dev: "The specification c l e a r l y states the email will be team based. This email was only sent to you and has all the teams and their applications"
Me: "Um...uh...the service can, if we want to go using a service route. Grouping by team name is easy using a LINQ query. I just through this service together yesterday."
Dev: "I don't know. Sounds like I need to schedule a meeting to discuss what you are proposing. I don't think emailing all that to everyone is a good idea."

WTF! Did you not listen to what I said?!!!

Oh well..the dev's proposal is to use splunk's email notification and custom Exchange rules with callbacks into splunk that resend...oh good lord ...a fracking rube goldberg of a config nightmare ...

I suspect we'll go the service route once I finish the service before the meeting.

Just upgraded my internet service from a WISP, that could only get 1mb down and 1 up on a good day with lots of packet loss, (hack job company no improving infrastructure) ... for reference in live out in woods in northern Michigan.. sooo there arnt many options... DSL, don’t cross the river to me, neither does cable or fiber. Cell signal doesn’t work either as you can see.
So I had to try out satellite... went with viasat... got put on viasat-2 and holy shit first time in 4 years since living here have I been able to stream, and download and upload to my servers without having to take a nap. But the experience of dealing with what I did for 4 years definitely caused me to be more creative in what I do, and how I process data, and transmit data. Definitely an experience that taught me lot and gave me a lot of knowledge.
But now I’m in what I will consider “phase 2” there will be faster internet to come... Ariel fiber is being ran by the power company... but they are min 2 years out.. and Elon’s sats will also be next sooo good times to come..
Yeah yeah I know the ping rate sucks.. but guess what... I don’t play games so I don’t care... and as far as voip or web conferencing goes yeah there’s a slight delay/lag.. but I just tell them.. when you call me or conference with me pretend I’m not on earth.. boom the latency is explained then hahah.

<rant>
I'm getting so sick of people bitching about their privacy and apps (looking at you gdpr).
They want full anonymity and share 0 data... well fine but then pay me 2.99 a month to use my service... oh you don't want to spend money well ok then, ill use some of your metrics and share them with advertisers so you can keep using the service at no cost... oh you don't want us to collect the data you are already spewing around on every online platform? well then we cant have you using our service because you are costing us money... what? the gdpr is forcing us to keep providing you with the service... but... who is going to pay for resource costs?!
arrghh!!
</rant>

ps: the gdpr is so full of loopholes, half the arguments you "nerds(be honest you read it on facebook that we have to delete you data...haha..)" use for how great it is are...well... moot

pps: with you nerds I don't mean the readers of this

Oooh I have quite a few,
My favourite: accidently left a log. Debug("bollocks") in a try catch this made it through testing and does (still) occasionally go into production log files.

Worst: wrote an interceptor for jboss with the intent of checking cache for some lookup data. I picked the wrong one of two similarly named methods and instead queried the database, I effectively wrote a denial of service utility into our app

Someone mentioned that client want to use wordpress instead of they current website because it is cheaper! Ok lets see how cheap it is.. each time wp release update after updating you need go through all website and check if nothing is broken.. plugins will need update as well because usually they run on specific wp version. Fixing theme and plugins requires dev time.. despite all those things.. have common sense. Maybe it is good for some type of business to host few pages without any business logic or use as blog without scare to loose everything and do not store users data.. someone mentioned that it is secure to run anything because updates are the best security to avoid security breaches. So why banks are not running on WP? Why health service is not using WP?

I am excited about all of the AI blockchain technology using IoT running in the cloud, as a service. It has all of the bells and whistles -- big data, hyper converged infrastructure, seamless integration, a sleek dashboard with everything in a single pane of glass. On top of all of that, it's future proof!

Today I was orders to check out one of our applications. Accounting said that the Twilio bill was constantly increasing even if we do not get any new clients. In 10 min I found out what is the problem. All calls are recorded and stored in Twilio, which charges handsomely for such service.
Developers instead of downloading those recording to our data lake, use Twilio as storage, because no coding was involved.
Company lost around 30k dollars this year and around 10k-20k in previous ones, because someone was lazy to spend few days to download mp3 from url.

Pricing:

With AWS <Service>, you pay only for what you use. You are charged based on the amount of granular data generated on a monthly basis.

Literally. Every.Fucking.Service.

Microservices

Lets take an example: Products service & orders service.

When I want to save an order for a user, data saved as
1. UserId, ProductId, Quantity, Date

Or
2. UserId, Name, Email, ProductId, ProductName, Quantity, Date

I'm a bit confused here because if I'm going to fetch that purchase, in example 1, it will return IDs requiring another trip to server to get user & product info

In example two it takes only one trip BUT if any changes is made to either user info or product info it means I'm returning wrong info to the user.

What do we do in this scenario? Excuse my questions first time applying Microservices and been using monolith all my life

I hate the current state of internet based service providers. They are collecting so much data, it's scary and borderline stalking.

A simple search on Netflix changes ads shown by Google. I watch a lot of Japanese/Korean drama and now my ads are in Japanese. What the actual fuck.

I run windows 10 on my main rig because of steam and windows only games. One day I was searching for filezilla in windows search. Since it is now handled by the same UI as cortana, it searched it on the web too. So now I have ads related to ftp hosting in Japanese.

Sometimes I feel like just formatting my system and install debian on it. But those games man. May be I can live without them.

Can we bring back the internet from 2008. It was so much better back then.

I know you pals know much more than me about privacy. I have these questions to you all:

- can google still know trends about me if I only use google docs and google drive to store files I share with other people and rarely update it? Let’s say I don’t use google search or any other google service ON REGULAR BASIS
- does chromium actually works as the measure to get rid of google tracking if I don’t want to use Firefox?
- how safe is apple (miss me with that Apple hate)? How bad is the fact that I let apple store my regularly updated health information and I use iPhone?

I’m not talking about triple letters here (FBI, CIA, etc), I’m only talking about collecting and selling data across companies

Many months into the project, we discovered that the client doesn't have a REST API for the data we needed from their side available at all - it's a legacy SOAP service.

I somehow got our Node.JS backend to do SOAP calls and use the XML results.

I'm not sure if I should feel proud or dirty at this point.

I'd like to locally encrypt files before syncing it with the cloud; what's the "best" software available for this?

I'm currently switching to STACK as my cloud service (it's a file hosting service for Dutch people that offers 1TB of free storage).
But I don't feel fully comfortable with them having access to all my personal data.

So I came to the conclusion that it would be best to locally encrypt files before syncing it with STACK. I DuckDuckGo'd but there seems to be a lot of software available for this so I'm not sure which one to use.

Which one could you recommend me? I'd prefer a free software but I'm okay with paying as long as it isn't too expensive.

I'm so sick of devs not caring what happens after they push their code. A new feature was released on the front-end two weeks ago but the backend was never deployed. It's been logging errors for 2 weeks now.

I know I'm equally at fault for not noticing but I feel like the only person that ever notices things like this. I also discovered a data issue today by looking at the error logs.

How can I get my teammates to be more invested in how the service runs live?

Imagine an online, public service, that allows you to communicate with others (for example a simple chat, game, whatever ).
The users connect to each others via p2p. Based on this, you can easily get the ip address of any user directly connected to you. P2p is used to reduce server load, but information is still verified (for example using RACS), so let's assume the data is always safe.

(please remember, this is just a imagined Szenario)

Now the question: AFAIK, the IP address is a sensitive information. Would p2p in this scenario still be 'legal' in the EU given the latest changes in the laws?

I have two questions to WhatsApp

1️⃣ Why does WhatsApp store a copy of ALL images ever sent? LOCALLY? I thought it is a cloud service. Why would I want to keep gigabytes of data on a device with limited internal storage?

2️⃣ Why no proper multi-device capability on Mobile? Why no voice call on Desktop?

Bruh WhatsApp is so limited and awkward it is a shame it somehow got so popular

!rant

I just made my API in my laravel and I understand how it works! It may seem like not a lot, but I got from far.

Just came two years ago in this industry as I worked as a customer service agent for a hostingcompany. I entered a whole new area what I immediatly got into at the time. Mind I already was studying Biomedical labresearch at the same time and was the IT guy in the family. Well, think back then I was just googling and fixing shit most of the time.

I was 21 at the time and began to learn everything I could learn in my position and soon it was not enough and wanted to learn more by working parttime(study already asks a lot of time). I soon applied as Junior System Engineer within the same company without prior education and got the job! And I'm back feeling I entered a new area where you feel you can do so much by just learning how it works. Now I want to learn to develop in PHP so I may make another step further.

Not a rant, but I want to share my experience as labrat starting to someting programming(did some bio-informatics, which was really interesting but with less emphasis on programming but more on data analysis). Still got a gigantic of list I want to learn from languages and frameworks to orchestration systems.