Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "database access"
-
Yesterday: Senior dev messages out a screenshot of someone using an extension method I wrote (he didn’t know I wrote it)..
SeniorDev: “OMG…that has to be the stupidest thing I ever saw.”
Me: “Stupid? Why?”
SeniorDev: “Why are they having to check the value from the database to see if it’s DBNull and if it is, return null. The database value is already null. So stupid.”
Me: “DBNull is not null, it has a value. When you call the .ToString, it returns an empty string.”
SeniorDev: ”No it doesn’t, it returns null.”
<oh no he didn’t….the smack down begins>
Me: “Really? Are you sure?”
SeniorDev: “Yes! And if the developer bothered to write any unit tests, he would have known.”
Me: “Unit tests? Why do you assume there aren’t any unit tests? Did you look?”
<at this moment, couple other devs take off their head phones and turn around>
SeniorDev:”Well…uh…I just assumed there aren’t because this is an obvious use case. If there was a test, it would have failed.”
Me: “Well, let’s take a look..”
<open up the test project…navigate to the specific use case>
Me: “Yep, there it is. DBNull.Value.ToString does not return a Null value.”
SeniorDev: “Huh? Must be a new feature of C#. Anyway, if the developers wrote their code correctly, they wouldn’t have to use those extension methods. It’s a mess.”
<trying really hard not drop the F-Bomb or two>
Me: “Couple of years ago the DBAs changed the data access standard so any nullable values would always default to null. So no empty strings, zeros, negative values to indicate a non-value. Downside was now the developers couldn’t assume the value returned the expected data type. What they ended up writing was a lot of code to check the value if it was DBNull. Lots of variations of ‘if …’ , ternary operators, some creative lamda expressions, which led to unexpected behavior in the user interface. Developers blamed the DBAs, DBAs blamed the developers. Remember, Tom and DBA-Sam almost got into a fist fight over it.”
SeniorDev: “Oh…yea…but that’s a management problem, not a programming problem.”
Me: “Probably, but since the developers starting using the extension methods, bug tickets related to mis-matched data has nearly disappeared. When was the last time you saw DBA-Sam complain about the developers?”
SeniorDev: “I guess not for a while, but it’s still no excuse.”
Me: “Excuse? Excuse for what?”
<couple of awkward seconds of silence>
SeniorDev: “Hey, did you guys see the video of the guy punching the kangaroo? It’s hilarious…here, check this out.. ”
Pin shoulders the mat…1 2 3….I win.6 -
Developer (master's degree, -bleeping- smart guy, no kidding) was bragging on how he made a piece of code 3x faster (with the usual pinch that the original dev was incompetent) and spent nearly 6 weeks working on it (wrote his own parallel-foreach library because Microsoft's parallel library was "too slow").
I was the original dev and he didn't know I had my own performance counters where I broke down each stack (database access, network I/O, and the code logic).
Average time was around 5ms (yes milliseconds) and worst case was around 10 seconds. His '3x improvement' was based on the worst test case, which improved by about a second. Showed our boss my graph (laughed out loud, said 'WTF', other curse words) and the dev hasn't spoken to me in weeks (I say 'hi' in the hall and he keeps walking)
Take that master's degree and high IQ and shove it.17 -
Long rant ahead, but it's worth it.
I used to work with a professor (let's call him Dr. X) and developed a backend + acted as sysadmin for our team's research project. Two semesters ago, they wanted to revamp the front end + do some data visualization, so a girl (let's call her W) joined the team and did all that. We wanted to merge the two sites and host on azure, but due to issues and impeding conferences that require our data to be online, we kept postponing. I graduate this semester and haven't worked with the team for a while, so they have a new guy in charge of the azure server (let's call him H), and yesterday my professor sends me (let's call me M), H and W an email telling us to coordinate to have the merge up on azure in 2-3 days, max. The following convo was what I had with H:
M: Hi, if you just give me access to azure I'll be able to set everything up myself, also I'll need a db set up, and just send me the connection string.
H: Hi, we won't have dbs because that is extra costs involved since we don't have dynamic content. Also I can't give you access, instead push everything on git and set up the site on a test azure server and I will take it from there.
M: There is proprietary data on the site...
H: Oh really? I don't know what's on it.
<and yet he knows we have no dynamic data>
M: Fine, I'll load the data some other way, but I have access to all the data anyway, just talk to Dr. X and you'll see you can give me access. Delete my access after if you want.
H: No, just do what I said: git then upload to test azure account.
Fine, he's a complete tool, but I like Dr. X, so I message W and tell her we have to merge, she tells me that it's not that easy to set it up on github as she's using wordpress. She sends me instructions on what to do, and, lo and behold, there's a db in her solution. Ok, I go back to talking to H:
M: W is using a db. Talk to her so we can figure out whether we need a database or not.
H: We can't use a database because we want to decrease costs.
M: Yes I know that, so talk to her because that probably means she has to re-do some stuff, which might take some time. Also there might be dynamic content in what she's doing.
H: This is your project, you talk to her.
<I'm starting to get mad right now>
M: I don't know what they had her do apart from how it interfaces with what I've done.
H: We still can't have databases.
M: Listen, I don't do wordpress, and I'm not gonna mess with it, you talk to her
H: I won't do any development
<So you won't do any dev, but you won't give me access to do it either?>
M: Man, the bottleneck isn't the merging right now, it's the fact that W needs a db
H: I know, so talk to her
M: THE RESTRICTION TO NOT HAVE DATABASES IS NOT MINE, IT'S YOURS, YOU TALK TO HER. I can't evaluate whether it's a reasonable enough reason or not since I don't know the requirements or what they're willing to spend.
H: It's your project.
M: Then give me fucking access to azure and I'll handle it, you know you'll have to set up wordpress again regardless whether we set it up the first time.
H: Man just do your job.
At this point I lost it. WHAT A FUCKING TOOL. He doesn't wanna do dev work, wants me to go through the trouble of setting up on a test subscription first, and doesn't want to give me access to azure. What's more, he did shit all and doesn't want to anything else. Well fuck you. I googled him, to see if he's anyone important, if he's done anything notable which is why he's being so God damn condescending. MY INTERNSHIP ALONE ECLIPSES HIS ENTIRE CV. Then what the fuck?
There's also this that happened sometime during our talk:
M: You'll have to take to Dr. Y so he'll change the DNS to point to the azure subscription instead of my server.
H: Yea don't worry, too early for that.
M: DNS propagation takes 24 hours...
H: Yea don't worry.
DNS propagation allows the entire web to know that your website is hosted on a different server so it can change where it's pointing to. We have to do this in 2-3 days. Why do work in parallel? Nah let's wait.
I went over his head and talked to the professor directly, and despite wanting to tell him that he was both drunk and high the day he hired that guy, I kept it professional. He hasn't replied yet, but this fucker's pompous attitude is just too much for me alone, so I had to share.
PS: I named his contact as Annoying Prick 4 minutes into our chat. Gonna rename him cz that seems tooooooo soft a name right now.undefined tools i have access and you don't haha retards why the fuck would you hire that guy? i don't do development46 -
Oh, man, I just realized I haven't ranted one of my best stories on here!
So, here goes!
A few years back the company I work for was contacted by an older client regarding a new project.
The guy was now pitching to build the website for the Parliament of another country (not gonna name it, NDAs and stuff), and was planning on outsourcing the development, as he had no team and he was only aiming on taking care of the client service/project management side of the project.
Out of principle (and also to preserve our mental integrity), we have purposely avoided working with government bodies of any kind, in any country, but he was a friend of our CEO and pleaded until we singed on board.
Now, the project itself was way bigger than we expected, as the wanted more of an internal CRM, centralized document archive, event management, internal planning, multiple interfaced, role based access restricted monster of an administration interface, complete with regular user website, also packed with all kind of features, dashboards and so on.
Long story short, a lot bigger than what we were expecting based on the initial brief.
The development period was hell. New features were coming in on a weekly basis. Already implemented functionality was constantly being changed or redefined. No requests we ever made about clarifications and/or materials or information were ever answered on time.
They also somehow bullied the guy that brought us the project into also including the data migration from the old website into the new one we were building and we somehow ended up having to extract meaningful, formatted, sanitized content parsing static HTML files and connecting them to download-able files (almost every page in the old website had files available to download) we needed to also include in a sane way.
Now, don't think the files were simple URL paths we can trace to a folder/file path, oh no!!! The links were some form of hash combination that had to be exploded and tested against some king of database relationship tables that only had hashed indexes relating to other tables, that also only had hashed indexes relating to some other tables that kept a database of the website pages HTML file naming. So what we had to do is identify the files based on a combination of hashed indexes and re-hashed HTML file names that in the end would give us a filename for a real file that we had to then search for inside a list of over 20 folders not related to one another.
So we did this. Created a script that processed the hell out of over 10000 HTML files, database entries and files and re-indexed and re-named all this shit into a meaningful database of sane data and well organized files.
So, with this we were nearing the finish line for the project, which by now exceeded the estimated time by over to times.
We test everything, retest it all again for good measure, pack everything up for deployment, simulate on a staging environment, give the final client access to the staging version, get them to accept that all requirements are met, finish writing the documentation for the codebase, write detailed deployment procedure, include some automation and testing tools also for good measure, recommend production setup, hardware specs, software versions, server side optimization like caching, load balancing and all that we could think would ever be useful, all with more documentation and instructions.
As the project was built on PHP/MySQL (as requested), we recommended a Linux environment for production. Oh, I forgot to tell you that over the development period they kept asking us to also include steps for Windows procedures along with our regular documentation. Was a bit strange, but we added it in there just so we can finish and close the damn project.
So, we send them all the above and go get drunk as fuck in celebration of getting rid of them once and for all...
Next day: hung over, I get to the office, open my laptop and see on new email. I only had the one new mail, so I open it to see what it's about.
Lo and behold! The fuckers over in the other country that called themselves "IT guys", and were the ones making all the changes and additions to our requirements, were not capable enough to follow step by step instructions in order to deploy the project on their servers!!!
[Continues in the comments]26 -
So a few days ago I felt pretty h*ckin professional.
I'm an intern and my job was to get the last 2003 server off the racks (It's a government job, so it's a wonder we only have one 2003 server left). The problem being that the service running on that server cannot just be placed on a new OS. It's some custom engineering document server that was built in 2003 on a 1995 tech stack and it had been abandoned for so long that it was apparently lost to time with no hope of recovery.
"Please redesign the system. Use a modern tech stack. Have at it, she's your project, do as you wish."
Music to my ears.
First challenge is getting the data off the old server. It's a 1995 .mdb file, so the most recent version of Access that would be able to open it is 2010.
Option two: There's an "export" button that literally just vomits all 16,644 records into a tab-delimited text file. Since this option didn't require scavenging up an old version of Access, I wrote a Python script to just read the export file.
And something like 30% of the records were invalid. Why? Well, one of the fields allowed for newline characters. This was an issue because records were separated by newline. So any record with a field containing newline became invalid.
Although, this did not stop me. Not even close. I figured it out and fixed it in about 10 minutes. All records read into the program without issue.
Next for designing the database. My stack is MySQL and NodeJS, which my supervisors approved of. There was a lot of data that looked like it would fit into an integer, but one or two odd records would have something like "1050b" which mean that just a few items prevented me from having as slick of a database design as I wanted. I designed the tables, about 18 columns per record, mostly varchar(64).
Next challenge was putting the exported data into the database. At first I thought of doing it record by record from my python script. Connect to the MySQL server and just iterate over all the data I had. But what I ended up actually doing was generating a .sql file and running that on the server. This took a few tries thanks to a lot of inconsistencies in the data, but eventually, I got all 16k records in the new database and I had never been so happy.
The next two hours were very productive, designing a front end which was very clean. I had just enough time to design a rough prototype that works totally off ajax requests. I want to keep it that way so that other services can contact this data, as it may be useful to have an engineering data API.
Anyways, that was my win story of the week. I was handed a challenge; an old, decaying server full of important data, and despite the hitches one might expect from archaic data, I was able to rescue every byte. I will probably be presenting my prototype to the higher ups in Engineering sometime this week.
Happy Algo!8 -
Hey everyone,
We have a few pieces of news we're very excited to share with everyone today. Apologies for the long post, but there's a lot to cover!
First, as some of you might have already seen, we just launched the "subscribed" tab in the devRant app on iOS and Android. This feature shows you a feed of the most recent rant posts, likes, and comments from all of the people you subscribe to. This activity feed is updated in real-time (although you have to manually refresh it right now), so you can quickly see the latest activity. Additionally, the feed also shows recommended users (based on your tastes) that you might want to subscribe to. We think both of these aspects of the feed will greatly improve the devRant content discovery experience.
This new feature leads directly into this next announcement. Tim (@trogus) and I just launched a public SaaS API service that powers the features above (and can power many more use-cases across recommendations and activity feeds, with more to come). The service is called Pipeless (https://pipeless.io) and it is currently live (beta), and we encourage everyone to check it out. All feedback is greatly appreciated. It is called Pipeless because it removes the need to create complicated pipelines to power features/algorithms, by instead utilizing the flexibility of graph databases.
Pipeless was born out of the years of experience Tim and I have had working on devRant and from the desire we've seen from the community to have more insight into our technology. One of my favorite (and earliest) devRant memories is from around when we launched, and we instantly had many questions from the community about what tech stack we were using. That interest is what encouraged us to create the "about" page in the app that gives an overview of what technologies we use for devRant.
Since launch, the biggest technology powering devRant has always been our graph database. It's been fun discussing that technology with many of you. Now, we're excited to bring this technology to everyone in the form of a very simple REST API that you can use to quickly build projects that include real-time recommendations and activity feeds. Tim and I are really looking forward to hopefully seeing members of the community make really cool and unique things with the API.
Pipeless has a free plan where you get 75,000 API calls/month and 75,000 items stored. We think this is a solid amount of calls/storage to test out and even build cool projects/features with the API. Additionally, as a thanks for continued support, for devRant++ subscribers who were subscribed before this announcement was posted, we will give some bonus calls/data storage. If you'd like that special bonus, you can just let me know in the comments (as long as your devRant email is the same as Pipeless account email) or feel free to email me (david@hexicallabs.com).
Lastly, and also related, we think Pipeless is going to help us fulfill one of the biggest pieces of feedback we’ve heard from the community. Now, it is going to be our goal to open source the various components of devRant. Although there’s been a few reasons stated in the past for why we haven’t done that, one of the biggest reasons was always the highly proprietary and complicated nature of our backend storage systems. But now, with Pipeless, it will allow us to start moving data there, and then everyone has access to the same system/technology that is powering the devRant backend. The first step for this transition was building the new “subscribed” feed completely on top of Pipeless. We will be following up with more details about this open sourcing effort soon, and we’re very excited for it and we think the community will be too.
Anyway, thank you for reading this and we are really looking forward to everyone’s feedback and seeing what members of the community create with the service. If you’re looking for a very simple way to get started, we have a full sample dataset (1 click to import!) with a tutorial that Tim put together (https://docs.pipeless.io/docs/...) and a full dev portal/documentation (https://docs.pipeless.io).
Let us know if you have any questions and thanks everyone!
- David & Tim (@dfox & @trogus)53 -
Rant
Why do shithead clients think they can walk away without paying us once we deliver the project !!!
So, here goes nothing..
Got an online gig to create a dashboard.
Since i had to deal with a lot of shitheads in the past, I told them my rules were simple, 20% advance, 40% on 50% completion and 40% after i complete and send them proof of completion. Once i receive the payment in full, only then i will hand over the code.
They said it was fine and paid 20%.
I got the next 40% also without any effort but they said they also needed me to deploy the code on their AWS account, and they were ready to pay extra for it, so i agreed.
I complete the whole project and sent them the screenshots, asking for the remaining 40% payment. They rejected the request saying my work was not complete as i had not deployed on AWS yet. After a couple of more such exchanges, i agreed to setup their account before the payment. But i could sense something fishy, so i did everything on their AWS account, except registered the domain from my account and set up everything. Once i inform them that its done and ask for the remaining payment.
The reply i got was LOL.
I tried to login to the AWS account, only to find password had been changed.
Database access revoked.
Even my admin account on the app had been removed. Thinking that they have been successful, they even published ads about thier NEW dashboard to their customers.
I sent them a final mail with warning ending with a middle finger emoji. 24 hours later,
I created a github page with the text " This website has been siezed by the government as the owner is found accused in fraud" and redirected the domain to it. Got an apology mail from them 2 hours later begging me to restore the website. i asked for an extra 10% penalty apart from the remaining payment. After i got paid, set an auto-reply of LOL to thier emails and chilled for a week before restoring the domain back to normal.
Dev : 1
Shithead Client: 024 -
I absolutely HATE "web developers" who call you in to fix their FooBar'd mess, yet can't stop themselves from dictating what you should and shouldn't do, especially when they have no idea what they're doing.
So I get called in to a job improving the performance of a Magento site (and let's just say I have no love for Magento for a number of reasons) because this "developer" enabled Redis and expected everything to be lightning fast. Maybe he thought "Redis" was the name of a magical sorcerer living in the server. A master conjurer capable of weaving mystical time-altering spells to inexplicably improve the performance. Who knows?
This guy claims he spent "months" trying to figure out why the website couldn't load faster than 7 seconds at best, and his employer is demanding a resolution so he stops losing conversions. I usually try to avoid Magento because of all the headaches that come with it, but I figured "sure, why not?" I mean, he built the website less than a year ago, so how bad can it really be? Well...let's see how fast you all can facepalm:
1.) The website was built brand new on Magento 1.9.2.4...what? I mean, if this were built a few years back, that would be a different story, but building a fresh Magento website in 2017 in 1.x? I asked him why he did that...his answer absolutely floored me: "because PHP 5.5 was the best choice at the time for speed and performance..." What?!
2.) The ONLY optimization done on the website was Redis cache being enabled. No merged CSS/JS, no use of a CDN, no image optimization, no gzip, no expires rules. Just Redis...
3.) Now to say the website was poorly coded was an understatement. This wasn't the worst coding I've seen, but it was far from acceptable. There was no organization whatsoever. Templates and skin assets are being called from across 12 different locations on the server, making tracking down and finding a snippet to fix downright annoying.
But not only that, the home page itself had 83 custom database queries to load the products on the page. He said this was so he could load products from several different categories and custom tables to show on the page. I asked him why he didn't just call a few join queries, and he had no idea what I was talking about.
4.) Almost every image on the website was a .PNG file, 2000x2000 px and lossless. The home page alone was 22MB just from images.
There were several other issues, but those 4 should be enough to paint a good picture. The client wanted this all done in a week for less than $500. We laughed. But we agreed on the price only because of a long relationship and because they have some referrals they got us in the door with. But we told them it would get done on our time, not theirs. So I copied the website to our server as a test bed and got to work.
After numerous hours of bug fixes, recoding queries, disabling Redis and opting for higher innodb cache (more on that later), image optimization, js/css/html combining, render-unblocking and minification, lazyloading images tweaking Magento to work with PHP7, installing OpCache and setting up basic htaccess optimizations, we smash the loading time down to 1.2 seconds total, and most of that time was for external JavaScript plugins deemed "necessary". Time to First Byte went from a staggering 2.2 seconds to about 45ms. Needless to say, we kicked its ass.
So I show their developer the changes and he's stunned. He says he'll tell the hosting provider create a new server set up to migrate the optimized site over and cut over to, because taking the live website down for maintenance for even an hour or two in the middle of the night is "unacceptable".
So trying to be cool about it, I tell him I'd be happy to configure the server to the exact specifications needed. He says "we can't do that". I look at him confused. "What do you mean we 'can't'?" He tells me that even though this is a dedicated server, the provider doesn't allow any access other than a jailed shell account and cPanel access. What?! This is a company averaging 3 million+ per year in revenue. Why don't they have an IT manager overseeing everything? Apparently for them, they're too cheap for that, so they went with a "managed dedicated server", "managed" apparently meaning "you only get to use it like a shared host".
So after countless phone calls arguing with the hosting provider, they agree to make our changes. Then the client's developer starts getting nasty out of nowhere. He says my optimizations are not acceptable because I'm not using Redis cache, and now the client is threatening to walk away without paying us.
So I guess the overall message from this rant is not so much about the situation, but the developer and countless others like him that are clueless, but try to speak from a position of authority.
If we as developers don't stop challenging each other in a measuring contest and learn to let go when we need help, we can get a lot more done and prevent losing clients. </rant>14 -
I had just started my new job and deleted 3 years of data that the client had spent over £450,000 collecting 😱
another developer used my PC to quickly access the clients database while I was out the room as I had sql management studio open. I went back to my PC thinking I was connected to my local database, did a few truncate tables to test my software and :0 minutes later I get a call asking why there was no data on the server!
Thank god for backups 😓7 -
When I was in the army I wasn't officially a dev. But one commander needed someone to develop a bunch of stuff and couldn't get a dev officially, so I ended up as his "assistant", which was an awesome job with about 60% time spent on software development.
Except I wasn't an official developer, so I wasn't afforded many of the privileges developers get, like a slightly more powerful machine, a copy of Visual Studio, or an internet connection. In this environment you couldn't even download files and transfer the to your computer without a long process, and I couldn't get development tools past that process anyway.
So I was stuck with whatever dev tools I had pre-installed with Windows. Thankfully, I had the brand new Windows XP, so I had the .Net framework installed, which comes with the command line compiler csc. I got to work with notepad and csc; my first order of business: write an editor that could open multiple files, and press F5 to compile and run my project.
Being a noob at the time, with almost no actual experience, and nobody supervising my work, I had a few brilliant ideas. For example, I one day realized I could map properties of an object to a field in a database table, and thus wrote a rudimentary OR/M. My database, I didn't mention, was Access, because that didn't need installation. I connected to it properly via ADO.NET, at least.
The most surprising thing though, in retrospect, is the stuff I wrote actually worked.15 -
"full stack" means "you'll be doing everything from gathering client requirements through data architecture up to the UI design and of course implementing all of it"
"backend" means "you'll be coding everything from database through server-side code and client-side code including html and css"
"we need you on-site all day every day" means "we have no idea how and why we should use repositories with remote access despite being a company developing an internet app, and we don't trust that you would be working anyway"
"interesting challenging projects" means "the same boring crap as every other company, running on an incredibly botched and dezorganized codebase".
"competitive pay" means "actual pay is around 1.5 times the minimum allowed pay, and everything else is being siphoned off into (stupid and useless) 'benefits' like massage and fitness discount coupons"
"friendly collective having fun at numerous company events each years" means "it is mandatory for you to participate on our weekend drinking retreats but you'll only find out when we fire you because you're 'not a team player' after you refused to participate on those"9 -
A US senator or judge or whatever his title is said today that he wants companies/governments to build a 'responsible encryption' system.
Preferably that would exist out of a big ass database which stores the private keys of citizens so in case a person loses their private key or the government needs access to encrypted content, that is possible.
NOO, WHAT COULD FUCKING POSSIBLY GO WRONG!?!?!
Seriously those kind of people should not be allowed to have the kind of positions they have.
This shit makes me so angry.45 -
Hey, Root? How do you test your slow query ticket, again? I didn't bother reading the giant green "Testing notes:" box on the ticket. Yeah, could you explain it while I don't bother to listen and talk over you? Thanks.
And later:
Hey Root. I'm the DBA. Could you explain exactly what you're doing in this ticket, because i can't understand it. What are these new columns? Where is the new query? What are you doing? And why? Oh, the ticket? Yeah, I didn't bother to read it. There was too much text filled with things like implementation details, query optimization findings, overall benchmarking results, the purpose of the new columns, and i just couldn't care enough to read any of that. Yeah, I also don't know how to find the query it's running now. Yep, have complete access to the console and DB and query log. Still can't figure it out.
And later:
Hey Root. We pulled your urgent fix ticket from the release. You know, the one that SysOps and Data and even execs have been demanding? The one you finished three months ago? Yep, the problem is still taking down production every week or so, but we just can't verify that your fix is good enough. Even though the changes are pretty minimal, you've said it's 8x faster, and provided benchmark findings, we just ... don't know how to get the query it's running out of the code. or how check the query logs to find it. So. we just don't know if it's good enough.
Also, we goofed up when deploying and the testing database is gone, so now we can't test it since there are no records. Nevermind that you provided snippets to remedy exactly scenario in the ticket description you wrote three months ago.
And later:
Hey Root: Why did you take so long on this ticket? It has sat for so long now that someone else filed a ticket for it, with investigation findings. You know it's bringing down production, and it's kind of urgent. Maybe you should have prioritized it more, or written up better notes. You really need to communicate better. This is why we can't trust you to get things out.
*twitchy smile*rant useless people you suck because we are incompetent what's a query log? it's all your fault this is super urgent let's defer it ticket notes too long; didn't read21 -
The first time I decided to hack around a bit:D
One of my teachers made a quiz software, which is only used by him(his lectures are about databases), and it is highly unsecure. When I heard that it is written in C# I decided to look in it's source code. The biggest problem I ran into: this program is only available on the computers in his classroom, and he monitors the computers display. However, I successfully put it into my pendrive without getting caught.
So when I got home, I just had to use a .NET decompiler(in this case: dotPeek) to get the fully functional source code. The basic function of the program was to download a quiz from his database server, and when it was finished, grade it client-side. Than, I realized how bad it was: It contains the number of questions, the number of correct and incorrect answers.
I've just made a modified .exe, which contained really little modification(like correctAnswers=maxQuestions, incorrectAnswers=0). Everything looks the same, you just have to click over it, and everytime it will return with 100%.
And the bonus: The program connects to the database as a user with root access, and without password. I was able to log in, download(dropping was available too, but didn't try) databases(with all the answers) and so on.
Never had to use it though, it was just a sort-of experience gaining.:)5 -
FML. An overreaching supergenius "architect" and a database team:
A: "We have decided that apps should use mysql. Install a MySQL so we match cloud"
DBA: "we don't have an image or experience with MySQL. We have mssql and Oracle "
A: "ok, use mssql in data center and mysql in production cloud"
DBA: "that's... not going to work well"
A: "just do it!"
...
Me, reading this shit, sends email: "ignoring the fact that we have more than 500 queries in this application which will need to be checked and most likely rewritten, how are we supposed to test the mysql queries without production access?"
A: "just use mssql local and MySQL in cloud"
M: "... Just to make sure I understand, you want us to write queries for mssql, test them locally, and then write separate queries, with a separate SQL connection abstraction that deploys to production? Again, how are we going to test this?"
A: "no, use same queries, should be fine"
M: "they really won't, they're different dialects"
A: "do the needful, make work!"
If karma were a thing, this person would have long since exploded into a cloud of atomized blood.18 -
Our most senior and most competent backend developer got fired, he got told he "wasn't committed enough". This dude did the most complex tasks really quickly (and competently), could configure the most boring stuff off the top of his mind, and brought great culture to the company from his previous 20+ years of experience. He was about to implement some cool automation stuff, and improved our processes a great deal.
Now he's being let go. I was fearing *I* would get fired because I'm much slower and less knowledgeable than this guy.
When I talked to him, he figured the so-called "lack of commitment" was because he had missed a few standups the last few days, and got late to today's standup.
Now the boss (who is a less experienced than this dev who was let go, but co-founder of the company) was changing the database credentials (which we somehow have access to) and had the product down for like half an hour because of it.
I don't think firing this developer was a wise decision at all, and that's putting it generously. What a shame. Now I'm also a bit scared because the responsibilities of this developer might likely fall upon me. But generally I think we're worse off without this guy, and getting someone as good as him will take time.19 -
My team handles infrastructure deployment and automation in the cloud for our company, so we don't exactly develop applications ourselves, but we're responsible for building deployment pipelines, provisioning cloud resources, automating their deployments, etc.
I've ranted about this before, but it fits the weekly rant so I'll do it again.
Someone deployed an autoscaling application into our production AWS account, but they set the maximum instance count to 300. The account limit was less than that. So, of course, their application gets stuck and starts scaling out infinitely. Two hundred new servers spun up in an hour before hitting the limit and then throwing errors all over the place. They send me a ticket and I login to AWS to investigate. Not only have they broken their own application, but they've also made it impossible to deploy anything else into prod. Every other autoscaling group is now unable to scale out at all. We had to submit an emergency limit increase request to AWS, spent thousands of dollars on those stupidly-large instances, and yelled at the dev team responsible. Two weeks later, THEY INCREASED THE MAX COUNT TO 500 AND IT HAPPENED AGAIN!
And the whole thing happened because a database filled up the hard drive, so it would spin up a new server, whose hard drive would be full already and thus spin up a new server, and so on into infinity.
Thats probably the only WTF moment that resulted in me actually saying "WTF?!" out loud to the person responsible, but I've had others. One dev team had their code logging to a location they couldn't access, so we got daily requests for two weeks to download and email log files to them. Another dev team refused to believe their server was crashing due to their bad code even after we showed them the logs that demonstrated their application had a massive memory leak. Another team arbitrarily decided that they were going to deploy their code at 4 AM on a Saturday and they wanted a member of my team to be available in case something went wrong. We aren't 24/7 support. We aren't even weekend support. Or any support, technically. Another team told us we had one day to do three weeks' worth of work to deploy their application because they had set a hard deadline and then didn't tell us about it until the day before. We gave them a flat "No" for that request.
I could probably keep going, but you get the gist of it.4 -
Our website once had it’s config file (“old” .cgi app) open and available if you knew the file name. It was ‘obfuscated’ with the file name “Name of the cgi executable”.txt. So browsing, browsing.cgi, config file was browsing.txt.
After discovering the sql server admin password in plain text and reporting it to the VP, he called a meeting.
VP: “I have a report that you are storing the server admin password in plain text.”
WebMgr: “No, that is not correct.”
Me: “Um, yes it is, or we wouldn’t be here.”
WebMgr: “It’s not a network server administrator, it’s SQL Server’s SA account. Completely secure since that login has no access to the network.”
<VP looks over at me>
VP: “Oh..I was not told *that* detail.”
Me: “Um, that doesn’t matter, we shouldn’t have any login password in plain text, anywhere. Besides, the SA account has full access to the entire database. Someone could drop tables, get customer data, even access credit card data.”
WebMgr: “You are blowing all this out of proportion. There is no way anyone could do that.”
Me: “Uh, two weeks ago I discovered the catalog page was sending raw SQL from javascript. All anyone had to do was inject a semicolon and add whatever they wanted.”
WebMgr: “Who would do that? They would have to know a lot about our systems in order to do any real damage.”
VP: “Yes, it would have to be someone in our department looking to do some damage.”
<both the VP and WebMgr look at me>
Me: “Open your browser and search on SQL Injection.”
<VP searches on SQL Injection..few seconds pass>
VP: “Oh my, this is disturbing. I did not know SQL injection was such a problem. I want all SQL removed from javascript and passwords removed from the text files.”
WebMgr: “Our team is already removing the SQL, but our apps need to read the SQL server login and password from a config file. I don’t know why this is such a big deal. The file is read-only and protected by IIS. You can’t even read it from a browser.”
VP: “Well, if it’s secured, I suppose it is OK.”
Me: “Open your browser and navigate to … browse.txt”
VP: “Oh my, there it is.”
WebMgr: “You can only see it because your laptop had administrative privileges. Anyone outside our network cannot access the file.”
VP: “OK, that makes sense. As long as IIS is securing the file …”
Me: “No..no..no.. I can’t believe this. The screen shot I sent yesterday was from my home laptop showing the file is publicly available.”
WebMgr: “But you are probably an admin on the laptop.”
<couple of awkward seconds of silence…then the light comes on>
VP: “OK, I’m stopping this meeting. I want all admin users and passwords removed from the site by the end of the day.”
Took a little longer than a day, but after reviewing what the web team changed:
- They did remove the SQL Server SA account, but replaced it with another account with full admin privileges.
- Replaced the “App Name”.txt with centrally located config file at C:\Inetpub\wwwroot\config.txt (hard-coded in the app)
When I brought this up again with my manager..
Mgr: “Yea, I know, it sucks. WebMgr showed the VP the config file was not accessible by the web site and it wasn’t using the SA password. He was satisfied by that. Web site is looking to beat projections again by 15%, so WebMgr told the other VPs that another disruption from a developer could jeopardize the quarterly numbers. I’d keep my head down for a while.”8 -
Once upon a time in Devland, there were two best friends @Alice and @Michelle and they worked together at The DevCo company as developers.
After a tough day handling an @-ANGRY-CLIENT-, they thought that they had to go and @RantSomewhere and so they went to a café. At the café, they ranted about some stupid clients, and @theItalianGuy at the third floor of their office building who never picked up calls, and @thatJavaGuy from the second floor who, they thought, was @notarealDev, and the usual stuff about their work. Somewhere in between, @Alice thought it would be @funvengeance to @hack @theNSA; “@karma is coming to get them”, said @Michelle.
To do this, they knew they’d have to take help from none other than @Gandalf who lived in a nearby @cave. So, the next day, taking a leave from work, @Alice and @Michelle embarked on journey to meet @Gandalf. After about an hour’s drive, they reached @Gandalf’s @cave. @Michelle went ahead to knock on @Gandalf’s rusty cave door. Being a lazy @necromancer, he magically opened his door 2 minutes later. “Who is't dares to disturb me in mine own catch but a wink?” shouted a voice from the back; “We’re two developers from DevCo and we need your help in our mission to @hack @theNSA”, shouted @Michelle. After a few seconds, he replied, ”Hmm… N'rmally I wouldst sendeth thee to mine own cousin @Hagrid, but in thy case, I sayeth thee shouldst visiteth the detective who is't goeth by the nameth @S-Holmes”. @Alice replied back, “Thank you, Sir @Gandalf, we’ll get help from this @S-Holmes, I’ve heard that he’s an @exceptionalGuy”; “Mine own pleasure, Farewell!” said @Gandalf, and the door closed shut.
So, @Alice and @Michelle went back to their car, and that time @Alice raised a question, “How are we gonna find this @S-Holmes? We don’t have a phone number or anything so we could contact this guy.”
“We should call @thatJavaGuy from work, I’ve heard he is a man of resources, he must know how to contact @S-Holmes”, said @Michelle.
And it was true, after a call with @thatJavaGuy, they were able to obtain @S-Holmes’s phone number.
“Howdy, this is @S-Holmes, what can I diddily ding dong do you for?”
“Hi, I’m @Alice, I’m from DevCo and I was hoping that I could get your help in our mission.”
“What kind of mission?”, asked @S-Holmes.
“We want to @hack @theNSA.”, replied @Alice.
“Okay… I think I might be able to hel-diddly-elp you! There’s an old and abandoned laberino noodly-near @stacked Street. It was made in @1989 and since then, it houses a magical computeroo that can hel-diddly-elp you in your mission. So, you just have to connect the computeroo to the Internet and you can diddily ding dong do your programmeroo thing and then you'll have access to the the noodly-nsa diddily ding dong database!”, answered @S-Holmes.
S-Holmes continued, “But I shall warn you, there's a riddly-rumorino that the laberino was abandoned because of an @electric-ghost that lurks there, but I bel-diddly-elieve it is just a computeroo program that was diddily ding dong designed to try to @stop hackers from accessing the top secret stuff!".
“Okay, thanks for your help! I bet we can handle whatever this @electric-ghost thing is, so… Goodbye!”, replied @Alice.
“Goodbye!”, said @S-Holmes and that ended their conversation.
Luckily, the @stacked Street was just a couple of miles away from them, so they reached the lab quickly.
As they got close to the lab they saw something that really surprised them…
--------
To be continued in part two...
(Do you want a part two? :/)
My first ever story is a little special because it is kind of dev related at it has "cameos" by various devranters, as you might have noticed.
How many did you count?
More in Part Two.
Thank you for reading and please, any feedback is welcome. Did you like it?
I haven't really revised it once, it is straight out of the keyboard.
Should I drop the "@" ?
But then it would impossible to spot some of the devRanters .
Let me know.
PS
What should be the title?
1)Alice in DevLand?
2)Adventures of Alice and Friends: Hacking the NSA?
You decide..(or maybe I'll pick the second one :D)22 -
Worst legacy experience...
Called in by a client who had had a pen test on their website and it showed up many, many security holes. I was tasked with coming in and implementing the required fixes.
Site turned out to be Classic ASP built on an MS Access database. Due to the nature of the client, everything had to be done on their premises (kind of ironic but there you go). So I'm on-site trying to get access to code and server. My contact was *never* at her desk to approve anything. IT staff "worked" 11am to 3pm on a long day. The code itself was shite beyond belief.
The site was full of forms with no input validation, origin validation and no SQL injection checks. Sensitive data stored in plain text in cookies. Technical errors displayed on certain pages revealing site structure and even DB table names. Server configured to allow directory listing in file stores so that the public could see/access whatever they liked without any permission or authentication checks. I swear this was written by the child of some staff member. No company would have had the balls to charge for this.
Took me about 8 weeks to make and deploy the changes to client's satisfaction. Could have done it in 2 with some support from the actual people I was suppose to be helping!! But it was their money (well, my money as they were government funded!).1 -
I’m so mad I’m fighting back anger tears. This is a long rant and I apologize but I’m so freaking mad.
So a few weeks ago I was asked by my lead staff person to do a data analysis project for the director of our dept. It was a pretty big project, spanning thousands of users. I was excited because I love this sort of thing and I really don’t have anything else to do. Well I don’t have access to the dataset, so I had to get it from my lead and he said he’d do it when he had a chance. Three days later he hadn’t given it to me yet. I approach him and he follows me to my desk, gives me his login and password to login to the secure freaking database, then has me clone it and put it on my computer.
So, I start working on it. It took me about six hours to clean the database, 2 to set up the parameters and plan of attack, and two or three to visualize the data. I realized about halfway through that my lead wasn’t sure about the parameters of the analysis, and I mentioned to him that the director had asked for more information than what he was having me do. He tells me he will speak with director.
So, our director is never there, so I give my lead about a week to speak with her, in the mean time I finish the project to the specifications that the director gave. I even included notes about information that I would need to make more accurate predictions, to draw conclusions, etc. It was really well documented.
Finally, exasperated, and with the project finished but just sitting on my computer for a week, I approached my director on a Saturday when I was working overtime. She confirmed that I needed to what she said in the project specs (duh), and also mentioned she needed a bigger data set than what I was working with if we had one. She told me to speak to my lead on Monday about this, but said that my work looked great.
Monday came and my lead wasn’t there so I spoke with my supervisor and she said that what I was using was the entire dataset, and that my work looked great and I could just send it off. So, at this point 2/3 of my bosses have seen the project, reviewed it, told me it was great, and confirmed that I was doing the right thing.
I sent it off to the director to disseminate to the appropriate people. Again, she looked at it and said it was great.
A week later (today) one of the people that the project was sent to approaches me and tells me that i did a great job and thank you so much for blah blah blah. She then asks me if the dataset I used included blahblah, and I said no, that I used what was given to me but that I’d be happy to go in and fix it if given the necessary data.
She tells me, “yeah the director was under the impression that these numbers were all about blahblah, so I think there was some kind of misunderstanding.” And then implied that I would not be the one fixing the mistake.
I’m being taken off of the project for two reasons: 1. it took to long to get the project out in the first place,
2. It didn’t even answer the questions that they needed answered.
I fucking told them in the notes and ALL THROUGH THE VISUALIZATIONS that I needed additional data to compare these things I’m so fucking mad. I’m so mad.15 -
Buckle up kids, this one gets saucy.
At work, we have a stress test machine that trests tensile, puncture and breaking strength for different materials used (wood construction). It had a controller software update that was supposed to be installed. I was called into the office because the folks there were unable to install it, they told me the executable just crashed, and wanted me to take a look as I am the most tech-savvy person there.
I go to the computer and open up the firmware download folder. I see a couple folders, some random VBScript file, and Installation.txt. I open the TXT, and find the first round of bullshit.
"Do not run the installer executable directly as it will not work. Run install.vbs instead."
Now, excuse me for a moment, but what kind of dick-cheese-sniffing cockmonger has end users run VBScript files to install something in 2018?! Shame I didn't think of opening it up and examining it for myself to find out what that piece of boiled dogshit did.
I suspend my cringe and run it, and lo and behold, it installs. I open the program and am faced with entering a license key. I'm given the key by the folks at the office, but quickly conclude no ways of entering it work. I reboot the program and there is an autofilled key I didn't notice previously. Whatever, I think, and hit OK.
The program starts fine, and I try with the login they had previously used. Now it doesn't work for some reason. I try it several times to no avail. Then I check the network inspector and notice that when I hit login, no network activity happens in the program, so I conclude the check must be local against some database.
I browse to the program installation directory for clues. Then I see a folder called "Databases".
"This can't be this easy", I think to myself, expecting to find some kind of JSON or something inside that I can crawl for clues. I open the folder and find something much worse. Oh, so much worse.
I find <SOFTWARE NAME>.accdb in the folder. At this point cold sweat is already running down my back at the sheer thought of using Microsoft Access for any program, but curiosity takes over and I open it anyway.
I find the database for the entire program inside. I also notice at this point that I have read/write access to the database, another thing that sent my alarm bells ringing like St. Pauls cathedral. Then I notice a table called "tUser" in the left panel.
Fearing the worst, I click over and find... And you knew it was coming...
Usernames and passwords in plain text.
Not only that, they're all in the format "admin - admin", "user - user", "tester - tester".
I suspend my will to die, login to the program and re-add the account they used previously. I leave the office and inform the peeps that the program works as intended again.
I wish I was making this shit up, but I really am not. What is the fucking point of having a login system at all when your users can just open the database with a program that nowadays comes bundled with every Windows install and easily read the logins? It's not even like the data structure is confusing like minified JSON or something, it's literally a spreadsheet in a program that a trained monkey could read.
God bless them and Satan condemn the developers of this fuckawful program.8 -
Not exactly a security bug, but there was a company that made a Django app for some internal work and later open sourced it. I was browsing through the code and I saw that the config file had an IP address and a hashed password for the database credentials
When I tried to use them, I was able to login directly to their read replica RDBMS, I had access to all their customer data (including phones & home addresses)
Being the saint I am, I informed them of the ignorance made by their developer and was presented with some cool swag.5 -
Boss hands over to me an old security audit report and tells me "Go through this and check if all the problems mentioned have been resolved". Quick glance through the report shows all expected issues - SQLi, plaintext transmission and storage etc. I tell him that I need access to the application both from admin and a user with restricted privileges.
He hands me the admin credentials and tells me, "After you login in, just go the "Users" tab. You'll find the profiles of all the users there. You can get the emails and passwords of any user you want from there."
I had to hold back a chuckle. There's nothing to verify. If they haven't resolved storing plain text passwords in the database (AND displaying it IN PLAIN TEXT in the website itself (which to my surprise wasn't mentioned in the audit)), they probably haven't even looked at the report.2 -
I HATE working with MS Office products. Yes, Access, I'm looking at you, you backwards, whanabe database reject! You're invalid as a serious SQL database and retarded as an data application suite.
VBA, make up your MIND with your damn function calls! Either require me to use parenthesis or don't! I'm sick of this conditional parenthesis sh*t!
While we're talking about not making up your mind... screw 'sub', you half wit language! Either use functions like a real language or go the f&$k home and make room for a language that knows what it's doing!
Oh!!! WHY... WHY! do you have null AND... NOTHING?! Who... Who... WHO invented "nothing"?! And what sick joke are you playing at with isnull() and empty()??? How many damn ways so you need to test for "no value"?!?!
Access... That's right, I'm not done with you yet... How is it you've survived this damn long in the business world with all of the databases you corrupt? Sure, you suck as a real database, but at least have some freaking pride that people even USE you! How DARE your corrupt yourself with the regularity you seem to have! I wish my bowel movements were as regular as your database corruptions, for the love of humanity.
F$@k you, VBA! F@&k you, Access! F$#k you, MS Office! And Fuuuuuu$k YOU Microsoft for shoving these half assed reject tools down my throat!
I hope your cloud uses Access as a back end and gets some injection virus.
*Takes deep breath* need to say that.10 -
We've built a web app and now a client wants a VPN acces to the database of web app. When asked why, they said they want to occasionally pull some data out. 😱
We said no, and this is what they wrote:
"We’ve got live VPN access to every other web database we work with – why is this different?"
Well because maybe we know that we can build you an export of whatever you want, prepare you API calls for getting data to your CRM, but hell I'm not giving you access to the production DB.5 -
For a week+ I've been listening to a senior dev ("Bob") continually make fun of another not-quite-a-senior dev ("Tom") over a performance bug in his code. "If he did it right the first time...", "Tom refuses to write tests...that's his problem", "I would have wrote the code correctly ..." all kinds of passive-aggressive put downs. Bob then brags how without him helping Tom, the application would have been a failure (really building himself up).
Bob is out of town and Tom asked me a question about logging performance data in his code. I look and see Bob has done nothing..nothing at all to help Tom. Tom wrote his own JSON and XML parser (data is coming from two different sources) and all kinds of IO stream plumbing code.
I use Visual Studio's feature create classes from JSON/XML, used the XML Serialzier and Newtonsoft.Json to handling the conversion plumbing.
With several hundred of lines gone (down to one line each for the XML/JSON-> object), I wrote unit tests around the business transaction, integration test for the service and database access. Maybe couple of hours worth of work.
I'm 100% sure Bob knew Tom was going in a bad direction (maybe even pushing him that direction), just to swoop in and "save the day" in front of Tom's manager at some future point in time.
This morning's standup ..
Boss: "You're helping Tom since Bob is on vacation? What are you helping with?"
Me: "I refactored the JSON and XML data access, wrote initial unit and integration tests. Tom will have to verify, but I believe any performance problem will now be isolated to the database integration. The problem Bob was talking about on Monday is gone. I thought spending time helping Tom was better than making fun of him."
<couple seconds of silence>
Boss:"Yea...want to let you know, I really, really appreciate that."
Bob, put people first, everyone wins.11 -
The gift that keeps on giving... the Custom CMS Of Doom™
I've finally seen enough evidence why PHP has such a bad reputation to the point where even recruiters recommended me to remove my years of PHP experience from the CV.
The completely custom CMS written by company <redacted>'s CEO and his slaves features the following:
- Open for SQL injection attacks
- Remote shell command execution through URL query params
- Page-specific strings in most core PHP files
- Constructors containing hundreds of lines of code (mostly used to initialize the hundreds of properties
- Class methods containing more than 1000 lines of code
- Completely free of namespaces or package managers (uber elite programmers use only the root namespace)
- Random includes in any place imaginable
- Methods containing 1 line: the include of the file which contains the method body
- SQL queries in literally every source file
- The entrypoint script is in the webroot folder where all the code resides
- Access to sensitive folders is "restricted" by robots.txt 🤣🤣🤣🤣
- The CMS has its own crawler which runs by CRONjob and requests ALL HTML links (yes, full content, including videos!) to fill a database of keywords (I found out because the server traffic was >500 GB/month for this small website)
- Hundreds of config settings are literally defined by "define(...)"
- LESS is transpiled into CSS by PHP on requests
- .......
I could go on, but yes, I've seen it all now.12 -
I'm editing the sidebar on one of our websites, and shuffling some entries. It involves moving some entries in/out of a dropdown and contextual sidebars, in/out of submenus, etc. It sounds a little tedious but overall pretty trivial, right?
This is day three.
I learned React+Redux from scratch (and rebuilt the latter for fun) in twice that long.
In my defense, I've been working on other tasks (see: Alerts), but mostly because I'd rather gouge my freaking eyes out than continue on this one.
Everything that could be wrong about this is. Everything that could be over-engineered is. Everything that could be written worse... can't, actually; it's awful.
Major grievances:
1) The sidebars (yes, there are several) are spread across a ridiculous number of folders. I stopped counting at 20.
2) Instead of icon fonts, this uses multiple images for entry states.
3) The image filenames don't match the menu entry names. at all. ("sb_gifts.png" -> orders); active filenames are e.g. "sb_giftsactive.png"
4) The actions don't match the menu entry names.
5) Menu state is handled within the root application controller, and doesn't use bools, but strings. (and these state flags never seem to get reset anywhere...)
6) These strings are used to construct the image filenames within the sidebar views/partials.
7) Sometimes access restrictions (employee, manager, etc.) are around the individual menu entries, sometimes they're around a partial include, meaning it's extremely difficult to determine which menu entries/sections/subsections are permission-locked without digging through everything.
8) Within different conditionals there are duplicate blocks markup, with duplicate includes, that end up render different partials/markup due to different state.
9) There are parent tags outside of includes, such as `<ul>#{render 'horrific-eye-stabbing'}</ul>`
10) The markup differs per location: sometimes it's a huge blob of non-semantic filthiness, sometimes it's a simple div+span. Example filth: section->p->a->(img,span) ... per menu entry.
11) In some places, the markup is broken, e.g. `<li><u>...</li></u>`
12) In other places, markup is used for layout adjustments, such as an single nested within several divs adorned with lots of styles/classes.
13) Per-device layouts are handled, not within separate views, but by conditionally enabling/disabling swaths of markup, e.g. (if is_cordova_session?).
14) `is_cordova_session` in particular is stored within a cookie that does not expire, and within your user session. disabling it is annoying and very non-obvious. It can get set whether or not you're using cordova.
15) There are virtually no stylesheets; almost everything is inline (but of course not actually everything), which makes for fun layout debugging.
16) Some of the markup (with inline styling, no less) is generated within a goddamn controller.
17) The markup does use css classes, but it's predominately not for actual styling: they're used to pick out elements within unit tests. An example class name: "hide-for-medium-down"; and no, I can't figure out what it means, even when looking at the tests that use it. There are no styles attached to that particular class.
18) The tests have not been updated for three years, and that last update was an rspec version bump.
19) Mixed tabs and spaces, with mixed indentation level (given spaces, it's sometimes 2, 4, 4, 5, or 6, and sometimes one of those levels consistently, plus an extra space thereafter.)
20) Intentional assignment within conditionals (`if var=possibly_nil_return_value()`)
21) hardcoded (and occasionally incorrect) values/urls.
... and last but not least:
22) Adding a new "menu sections unit" (I still haven't determined what the crap that means) requires changing two constants and writing a goddamn database migration.
I'm not even including minor annoyances like non-enclosed ternaries, poor naming conventions, commented out code, highly inefficient code, a 512-character regex (at least it's even, right?), etc.
just.
what the _fuck_
Who knew a sidebar could be so utterly convoluted?6 -
Lead: "We write SOLID code"
Me: *opens a controller file*
Controller: "I'm 8000 lines long and hell yeah I'll access the database and file system directly!"5 -
I started using Keepass and changed all my passwords to auto generated passwords. Somehow, my PC crashed before I saved the database. That was the day, where I lost access to my primary email address.5
-
The bossman asked if our signup service sends an automated email after we successfully process someone's payment or when we promote them to full customer.
That sounds like a simple query, yeah?
Well.
Here's some background:
We have four applications; one in React, three in Rails. I'll replace their names to retain some anonymity.
1) "IceSkate" is the React app, and it's a glorified signup form. (I wrote this one.)
2) "Bogan" is the main application, and is API-only; its frontend has been long since deprecated by the following two:
3) "Bum" is a fork of "Bogan" that has long since diverged. It now contains admin-only tools.
4) "Kulkuri" is also a fork of "Bogan" that has long since diverged. It now contains tools specifically for customers, which they can access.
All but IceSkate (obv) share a database.
Here's how signups happen:
Signups come in from IceSkate, which hits a backend API on Bogan. Bogan writes the data to the database, charges the card immediately, and leaves the signup for moderation.
And here's how promotion from signup to customer happens:
Bum has a view allowing admins to validate, modify, and "promote" a signup to a full customer. Upon successful promotion, Bum calls "ServerWrap", a module which calls actions on the other applications; in this case: Bogan.
Bogan routes execution through three separate models before calling "ServerWrap" again, this time calling KulKuri.
Finally, KulKuri actually creates the customer!
After KulKuri finishes creating the customer, execution resumes on Bogan, which then returns, causing execution to resume on Bum. Bum then runs through several other models, references the newly-created customer object (as all three share a database), and ... updates the customer with its current data, and then updates the signup object. After all of this, it finally shows the admin the "new customer" view.
It took me 25 minutes to follow the chain of calls, and I still don't know quite what's going on. I have no idea if any of it sends an email or not -- I didn't see any signs of this, but I very easily could have overlooked something.
So, to answer bossman's question... I asked the accounting people if they send the email manually. If they don't, it's automatic, which means I missed something and get to burrow through that mess all over again!
I really hope I missed something; otherwise I need to figure out how and where (and when!) to send the email...
just...
errrrgghh9 -
I spent an hour arguing with the CTO, pushing for having all our new products' data in the database (wow) with an API I could hit to fetch said data (wow) prior to displaying it on our order page.
He never actually agreed with me, but he finally acquiesced and wrote the migrations, API, and entered my (rather contrived) placeholder data. (I've been waiting on the boss for details and copy for three days.)
Anyway, it's now live on QA. but. I don't know where QA is for this app, and it's been long enough that i'm kind of afraid to ask.
Does that sound strange?
well.
We have seven (nine?) live applications (three of which share a database), and none of their repos match their URLs, nor even their Heroku app names. (In some of these Heroku names, "db" is short for the app's namesake, while in the rest it's short for "database").
So, I honestly have no idea where "dbappdev" points to, and I don't have access to the DNS records to check. -.-
What's more: I opened "dbappdev" on Heroku and tested out his new API -- lo and behold! it returns nada. Not a single byte. (Given his history I expected a 500, so this is an improvement, I think. Still totally useless, however.)
And furthermore: he didn't push the code to github, so I cannot test (or fix) it locally.
just. UGH.
every day with this guy, i swear.16 -
This happend to me around 2 weeks ago. For some reason, I decied to post this now.
I won the lottery, yey! I mean, bot really, but I am <19yo student, "less than junior dev" in my office, but sonce I am the only one who is capable of working with hardware, I was working month back as a sysadmin for a few days. Our last sysadmin was really good working but really, really toxic guy, so he got fired on a spot after argument with some manager or whatever, no big deal, we could have another guy hired in a week. But, our backup server literally was on fire, all data probably dead because bad capacitor or whatever. This was our only backup of everything at the time. Everyone in full fucking panic mode, we had literally no other working HW we could use for backup, but then comes me, intern employed on his first dev job for 3 months. That day I bought some HW for my own personal server at home (Intel NUC with some Celeron, 4GB DDR4 RAM and two 240GB SSDs for RAID 1. My manager asked everyone in the office for sollution how to survive next 4 days before new server arrives. People there had no idea what tk do and no knowedgle about HW, I just came from a break and offered my components for a week, since there was noone else who can work with HW, servers and stuff like this, manager offered me $500+HW cost if I, random intern, can make it work. I installed Debian on that little PC, created RAID1 from both SSDs, installed MySQL server and mirrored GIT server from our last standing server (we had two before one of them went lit 🔥), made simple Python script to copy all data on that RAID, with some help of our database guy copied whole DB from production to this little computer and edited some PHP so every SQL request made on our server will run on that NUC too. Everything after ±2 hours worked perfectly. Untill a fucking PSU burned in our server and took RAID controller with him in sillicon heaven next night, so we could not access any data unltill we got a new one. Thanks to every god out there, I was able to create software RAID from survived HDDs on our production server and copy all data from that NUC on the servers software RAID and make it working at 3 AM in the night before an exam 😂. Without this, we would be next ±40 hours without aerver running and we might loose soke of our data and customers. So my little skill with Linux, Python, MySQL and most importantly my NUC hardware I got that day running as a backup server saved maybe whole company 😂.
Btw, guess who is now employee of the year with $2500 bonus? 😀
Sorry for bragging and log post, but I was so lucky an so happy when everything worked out, good luck to all sysadmins out there! 👍
TL:DR: Random intern saved company and made some money 😂7 -
Teacher: From today on, we will start working with ms access 😊.
Me: Please die and let my life in peace ☹️ and learn with something useful (MySQL) instead.7 -
There was a time I made an update on one of our client's e-commerce website sign-up page. The update caused a bug that allowed new users to create an account without actually creating an account.
The code block meant to save user credentials (i.e email address and password) to the database was commented out for some reasons I still can't remember to this day. After registration new users had their session created just as normal but in reality they have no recorded account on the platform. This shit went on like this for a whole week affecting over 350 new customers before the devil sent me a DM.
I got a call from my boss on that weekend that some users who had made purchases recently can't access their account from a different device and cannot also update their password. Nobody likes duty calls on a weekend, I grudgingly and sluggishly opened up my PC to create a quick fix but when I saw what the problem was I shut down my PC immediately, I ran into the shower like I was being chased by a ghost, I kept screaming "what tha fuck! what tha fuck!!" cus I knew hell was about to break loose.
At that moment everything seemed off as if I could feel everything, I felt the water dripping down my spine, I could hear the tiniest of sound. I thought about the 350 new customers the client just lost, I imagined the raving anger on the face of my boss, I thought about how dumb my colleagues would think I was for such a stupid long running bug.
I wondered through all possible solutions that could save me from this embarrassment.
-- "If this shitty client would have just allowed us verify users email before usage things wouldn't have gotten to this extent"
-- "Should I call the customers to get their email address using their provided telephone?... No they'd think I'm a scammer"
-- "Should I tell my boss the database was hacked? Pffft hack my a**",
-- "Should I create a page for the affected users to re-verify their email address and password? No, some sessions may have expired"
-- "Or maybe this the best time to quit this f*ckn job!"
... Different thoughts from all four corners of the bathroom made it a really long bath. Finally, I decided it was best I told my boss what had happened. So I fixed the code, called my boss the next day and explained the situation on ground to him and yes he was furious. "What a silly mistake..!" he raged and raged. See me in my office by Monday.
That night felt longer than usual, I couldn't sleep properly. I felt pity for the client and I blamed it all on myself... yeah the "silly mistake", I could have been more careful.
Monday came boss wasn't at the office, Tuesday, Wednesday, Thursday, Friday not available. Next week he was around and when we both met the discussion was about a different project. I tried briefing him about last week incident, he seems not to recall and demands we focus on the current project.
However, over three hundred and fifty customers swept under the carpet courtesy of me. I still felt the guilt of that f*ck up till this day.1 -
The solution for this one isn't nearly as amusing as the journey.
I was working for one of the largest retailers in NA as an architect. Said retailer had over a thousand big box stores, IT maintenance budget of $200M/year. The kind of place that just reeks of waste and mismanagement at every level.
They had installed a system to distribute training and instructional videos to every store, as well as recorded daily broadcasts to all store employees as a way of reducing management time spend with employees in the morning. This system had cost a cool 400M USD, not including labor and upgrades for round 1. Round 2 was another 100M to add a storage buffer to each store because they'd failed to account for the fact that their internet connections at the store and the outbound pipe from the DC wasn't capable of running the public facing e-commerce and streaming all the video data to every store in realtime. Typical massive enterprise clusterfuck.
Then security gets involved. Each device at stores had a different address on a private megawan. The stores didn't generally phone home, home phoned them as an access control measure; stores calling the DC was verboten. This presented an obvious problem for the video system because it needed to pull updates.
The brilliant Infosys resources had a bright idea to solve this problem:
- Treat each device IP as an access key for that device (avg 15 per store per store).
- Verify the request ip, then issue a redirect with ANOTHER ip unique to that device that the firewall would ingress only to the video subnet
- Do it all with the F5
A few months later, the networking team comes back and announces that after months of work and 10s of people years they can't implement the solution because iRules have a size limit and they would need more than 60,000 lines or 15,000 rules to implement it. Sad trombones all around.
Then, a wild DBA appears, steps up to the plate and says he can solve the problem with the power of ORACLE! Few months later he comes back with some absolutely batshit solution that stored the individual octets of an IPV4, multiple nested queries to the same table to emulate subnet masking through some temp table spanning voodoo. Time to complete: 2-4 minutes per request. He too eventually gives up the fight, sort of, in that backhanded way DBAs tend to do everything. I wish I would have paid more attention to that abortion because the rationale and its mechanics were just staggeringly rube goldberg and should have been documented for posterity.
So I catch wind of this sitting in a CAB meeting. I hear them talking about how there's "no way to solve this problem, it's too complex, we're going to need a lot more databases to handle this." I tune in and gather all it really needs to do, since the ingress firewall is handling the origin IP checks, is convert the request IP to video ingress IP, 302 and call it a day.
While they're all grandstanding and pontificating, I fire up visual studio and:
- write a method that encodes the incoming request IP into a single uint32
- write an http module that keeps an in-memory dictionary of uint32,string for the request, response, converts the request ip and 302s the call with blackhole support
- convert all the mappings in the spreadsheet attached to the meetings into a csv, dump to disk
- write a wpf application to allow for easily managing the IP database in the short term
- deploy the solution one of our stage boxes
- add a TODO to eventually move this to a database
All this took about 5 minutes. I interrupt their conversation to ask them to retarget their test to the port I exposed on the stage box. Then watch them stare in stunned silence as the crow grows cold.
According to a friend who still works there, that code is still running in production on a single node to this day. And still running on the same static file database.
#TheValueOfEngineers2 -
I work for a Fortune 500 company where the proposed "solution" that I almost always hear is, "Let's use an Access Database for that" As a FullStack Dev my response is always the same:6
-
Recently had a meeting with the company that acquired my startup, where I was required to relinquish root/admin access across AWS, SSH, and database. It was decided that I held too much power, and will now only have read-only access to develop. I'm not entirely sure what I do for work now.5
-
It was a normal school day. I was at the computer and I needed to print some stuff out. Now this computer is special, it's hooked up onto a different network for students that signed up to use them. How you get to use these computers is by signing up using their forms online.
Unfortunately, for me on that day I needed to print something out and the computer I was working on was not letting me sign in. I called IT real quick and they said I needed to renew my membership. They send me the form, and I quickly fill it out. I hit the submit button and I'm greeted by a single line error written in php.
Someone had forgotten to turn off the debug mode to the server.
Upon examination of the error message, it was a syntax error at line 29 in directory such and such. This directory, i thought to myself, I know where this is. I quickly started my ftp client and was able to find the actual file in the directory that the error mentioned. What I didn't know, was that I'd find a mountain of passwords inside their php files, because they were automating all of the authentications.
Curious as I was, I followed the link database that was in the php file. UfFortunately, someone in IT hadn't thought far enough to make the actual link unseeable. I was greeted by the full database. There was nothing of real value from what I could see. Mostly forms that had been filled out by students.
Not only this, but I was displeased with the bad passwords. These passwords were maybe of 5 characters long, super simple words and a couple number tacked onto the end.
That day, I sent in a ticket to IT and told them about the issue. They quickly remedied it by turning off debug mode on the servers. However, they never did shut down access to the database and the php files...2 -
At a previous company, a new IT director decided we should outsource the development of a webapi to another company, but this outside company would not be allowed access to the database, so we had to develop a webapi to provide data to the outside company's system, so we could call their webapi and get the same data back.6
-
My worst interview ever was my first interview fresh out of college. After the initial phone screen, they asked me to drive 2 hours to their office to give me a "code challenge."
The challenge was to spend 4 hours writing a simple rest API for a blog type thing, but the catch was to not use any existing libraries for data access and instead write an entirely database agnostic DAL. Then after I finished they sat me in a conference room with 3 of their engineers and the CEO to just tear apart my code.
For a JUNIOR position to someone fresh out of college.
I guess I defended it well, because they asked to continue the process l, but after that I found a different position.4 -
A conversation that me and my boss had this week:
Boss: "Hey, why is this not progressing"
Arcsector: - "We're waiting on system users to move their destinations"
"We need the system in the database in order to move it"
- "Okay awesome - let's move it, oh wait, I can't do it because I don't have access, here's the stuff that needs to be done: a, b, and c"
"Oh I'm actually not able to help with that"
- "So then how are we supposed to get it done?"
"idk but also this other issue is something missions are complaining about"
- "oh I already am talking to them about it and it should be remedied by the team creating the problem because it's a false positive"
"Well we need to solve it still"
- "We would've solved it already but it has dependencies with other projects that we're still working on because we don't have enough people"
"We cant get you more people because we don't have the budget"
- "Then this stuff will have to wait"
"Get it done"
ACTUALLY SCREAMING! Why cant people understand that there are conesequences for their actions??!!1 -
Biggest challenge I overcame as dev? One of many.
Avoiding a life sentence when the 'powers that be' targeted one of my libraries for the root cause of system performance issues and I didn't correct that accusation with a flame thrower.
What the accusation? What I named the library. Yep. The *name* was causing every single problem in the system.
Panorama (very, very expensive APM system at the time) identified my library in it's analysis, the calls to/from SQLServer was the bottleneck
We had one of Panorama's engineers on-site and he asked what (not the actual name) MyLibrary was and (I'll preface I did not know or involved in any of the so-called 'research') a crack team of developers+managers researched the system thoroughly and found MyLibrary was used in just about every project. I wrote the .Net 1.1 MyLibrary as a mini-ORM to simplify the execution of database code (stored procs, etc) and gracefully handle+log database exceptions (auto-logged details such as the target db, stored procedure name, parameter values, etc, everything you'd need to troubleshoot database errors). This was before Dapper and the other fancy tools used by kids these days.
By the time the news got to me, there was a team cobbled together who's only focus was to remove any/every trace of MyLibrary from the code base. Using Waterfall, they calculated it would take at least a year to remove+replace MyLibrary with the equivalent ADO.Net plumbing.
In a department wide meeting:
DeptMgr: "This day forward, no one is to use MyLibrary to access the database! It's slow, unprofessionally named, and the root cause of all the database issues."
Me: "What about MyLibrary is slow? It's excecuting standard the ADO.Net code. Only extra bit of code is the exception handling to capture the details when the exception is logged."
DeptMgr: "We've spent the last 6 weeks with the Panorama engineer and he's identified MyLibrary as the cause. Company has spent over $100,000 on this software and we have to make fact based decisions. Look at this slide ... "
<DeptMgr shows a histogram of the stacktrace, showing MyLibrary as the slowest>
Me: "You do realize that the execution time is the database call itself, not the code. In that example, the invoice call, it's the stored procedure that taking 5 seconds, not MyLibrary."
<at this point, DeptMgr is getting red-face mad>
AreaMgr: "Yes...yes...but if we stopped using MyLibrary, removing the unnecessary layers, will make the code run faster."
<typical headknodd-ers knod their heads in agreement>
Dev01: "The loading of MyLibrary takes CPU cycles away from code that supports our customers. Every CPU cycle counts."
<headknod-ding continues>
Me: "I'm really confused. Maybe I'm looking at the data wrong. On the slide where you highlighted all the bottlenecks, the histogram shows the latency is the database, I mean...it's right there, in red. Am I looking at it wrong?"
<this was meeting with 20+ other devs, mgrs, a VP, the Panorama engineer>
DeptMgr: "Yes you are! I know MyLibrary is your baby. You need to check your ego at the door and face the facts. Your MyLibrary is a failed experiment and needs to be exterminated from this system!"
Fast forward 9 months, maybe 50% of the projects updated, come across the documentation left from the Panorama. Even after the removal of MyLibrary, there was zero increases in performance. The engineer recommended DBAs start optimizing their indexes and other N+1 problems discovered. I decide to ask the developer who lead the re-write.
Me: "I see that removing MyLibrary did nothing to improve performance."
Dev: "Yes, DeptMgr was pissed. He was ready to throw the Panorama engineer out a window when he said the problems were in the database all along. Didn't you say that?"
Me: "Um, so is this re-write project dead?"
Dev: "No. Removing MyLibrary introduced all kinds of bugs. All the boilerplate ADO.Net code caused a lot of unhandled exceptions, then we had to go back and write exception handling code."
Me: "What a failure. What dipshit would think writing more code leads to less bugs?"
Dev: "I know, I know. We're so far behind schedule. We had to come up with something. I ended up writing a library to make replacing MyLibrary easier. I called it KnightRider. Like the TV show. Everyone is excited to speed up their code with KnightRider. Same method names, same exception handling. All we have to do is replace MyLibrary with KnightRider and we're done."
Me: "Won't the bottlenecks then point to KnightRider?"
Dev: "Meh, not my problem. Panorama meets primarily with the DBAs and the networking team now. I doubt we ever use Panorama to look at our C# code."
Needless to say, I was (still) pissed that they had used MyLibrary as dirty word and a scapegoat for months when they *knew* where the problems were. Pissed enough for a flamethrower? Maybe.6 -
My code review nightmare?
All of the reviews that consisted of a group of devs+managers in a conference room and a big screen micro-analyzing every line of code.
"Why did you call the variable that? Wouldn't be be more efficient to use XYZ components? You should switch everything to use ServiceBus."
and/or using the 18+ page coding standard document as a weapon.
PHB:"On page 5, paragraph 9, sub-section A-123, the standards dictate to select all the necessary data from the database. Your query is only selecting 5 fields from the 15 field field table. You might need to access more data in the future and this approach reduces the amount of code change."
Me: "Um, if the data requirements change, wouldn't we have change code anyway?"
PHB: "Application requirements are determined by our users, not you. That's why we have standards."
Me: "Um, that's not what I ..."
PHB: "Next file, oh boy, this one is a mess. On page 9, paragraph 2, sub-section Z-987, the standards dictate to only select the absolute minimum amount of the data from the database. Your query is selecting 3 fields, but the application is only using 2."
Me: "Yes, the application not using the field right now, but the user stated they might need the data for additional review."
PHB: "Did they fill out the proper change request form?"
Me: "No, they ...wait...Aren't the standards on page 9 contradictory to the standards on page 5?"
PHB: "NO! You'll never break your cowboy-coding mindset if you continue to violate standards. You see, standards are our promise to customers to ensure quality. You don't want to break our promises...do you?"7 -
My name is Jimkelly Nzioka, a Flutter Developer from Kenya. A few months ago, a person named Daniel Kibet, the CEO of a company 'Aberison Investments Limited' got in touch with me, telling me that he needed a Flutter Developer. He took me through a couple of tests, as he out them, to gauge my proficiency in Dart and Flutter, since that's what we would use to develop updates fora lthis app on the Google Play Store named 'BOBO' (https://play.google.com/store/apps/...) I passed the test, and he proceeded on to tell me that the app was on Play Store already and he invited me to the office in Miraj Towers, Westlands, Nairobi, Kenya to see it. He presented me with a contract to sign which would go on for a period of 3 years, during which I was to develop the aforementioned app, provide updates maintain the database, etcetera. I live somewhat far from the office and as such, I would work remotely from home, making commits to a Github repository we created for the project. I did a bunch of work for them, including working in the UI (which really needed a lot of work), writing loads of Cloud Functions, as well as Cloud Tasks for functionality they needed. They would also consult with me concerning how to achive some functionality in code and I would offer my honest advice and suggestions. Things seemed to be going on well, until the start of this month. As per the contract, I was to bill the company a sum of Ksh 50, 000 every month that's roughly equivalent to $500. That was enough for me, seeing as I am still a student in University, and I would be working on it as a part time job. However, as of today, September 8, 2020, he has refused to pay me for my work and is ignoring, sometimes canceling any phone calls I make to him. In addition, I noticed he has restricted my access to the Firebase project
I know you probably don't know this person, but you are developers and engineers, and know what it would feel like if you realized someone has been using you, when all along you have been doing your level best to just do your work
Employers have to stop taking advantage of their employees for their own selfish gains24 -
So one rant reminded me of a situation I whent through like 10 years ago...
I'm not a dev but I do small programs from time to time...
One time I was hired to pass a phone book list from paper to a ms Access 97 database...
On my old laptop I could only add 3 to 5 records cause MS access doesn't clean after itself and would crash...
So I made an app (in vb6) , to easily make records, was fast, light and well tabbed.
But now I needed a form to edit the last record when I made a mistake...
Then I wanted a form to check all the records I made.
Well that gave me an idea and presented the software to the client... A cheesy price was agreed for my first freelance sell...
After a month making it perfect and knowing the problems the client would had I made a admin form to merge all the databases and check for each record if it would exist.... I knew the client would have problems to merge hundreds of databases....
When it was done... The client told me he didn't need the software anymore.... So I gave it to a friend to use as an client dabatase software... It was perfect for him.
One month later the client called me because he couldn't merge the databases...
I told him I was already working in a company. That my software was ready to solve his problem, but I got mad and deleted everything...
He had to pay almost 20 times more for a software company to make the same software but worst... Mine would merge and check all the databases in a folder... Their's had to pick one by one and didn't check for duplicates... So he had to pay even more for another program to delete duplicates...
That's why I didn't follow programming as a freelance... Lots of regrets today...
Could be working at home, instead had a burn out this week cause of overwork...
Sorry for the long rant.2 -
40 minutes to realize that the "Access denied" error was not about the database on the server but about a local file.
And a sudo solved everything2 -
How are these EU-Upload Filters even practical for anyone except google? This seems like the most unrealistic specification by non-tech bosses in history to me 😭 What do these people expect the upload filters should compare the uploads to? How the fuck should, say a blog website, ensure that none of the uploads are copyright inflicting? Are quotes copyright inflicting? Or only when I copy paste an entire book and write my name under that? How will that get detected? Do we have a database with all the copyrighted works somewhere, that every company has access to? This shit can basically only work for companies like google which have enough data to implement such filters and thats why they already had an upload filter on youtube anyways. This entire amendment is so fucking ridiculous that it basically has to fail, no doubt. In a few months still nobody is going to have upload filters, watch...9
-
the team gave access to the database to another team, and one of their guys did a delete cascade by mistake thinking it was theirs... everyone was scrambling for days trying to get a backup, thankfully there was one3
-
Worst collaboration experience story?
I was not directly involved, it was a Delphi -> C# conversion of our customer returns application.
The dev manager was out to prove waterfall was the only development methodology that could make convert the monolith app to a lean, multi-tier, enterprise-worthy application.
Starting out with a team of 7 (3 devs, 2 dbas, team mgr, and the dev department mgr), they spent around 3 months designing, meetings, and more meetings. Armed with 50+ page specification Word document (not counting the countless Visio workflow diagrams and Microsoft Project timeline/ghantt charts), the team was ready to start coding.
The database design, workflow, and UI design (using Visio), was well done/thought out, but problems started on day one.
- Team mgr and Dev mgr split up the 3 devs, 1 dev wrote the database access library tier, 1 wrote the service tier, the other dev wrote the UI (I'll add this was the dev's first experience with WPF).
- Per the specification, all the layers wouldn't be integrated until all of them met the standards (unit tested, free from errors from VS's code analyzer, etc)
- By the time the devs where ready to code, the DBAs were already tasked with other projects, so the Returns app was prioritized to "when we get around to it"
Fast forward 6 months later, all the devs were 'done' coding, having very little/no communication with one another, then the integration. The service and database layers assumed different design patterns and different database relationships and the UI layer required functionality neither layers anticipated (ex. multi-users and the service maintaining some sort of state between them).
Those issues took about a month to work out, then the app began beta testing with real end users. App didn't make it 10 minutes before users gave up. Numerous UI logic errors, runtime errors, and overall app stability. Because the UI was so bad, the dev mgr brought in one of the web developers (she was pretty good at UI design). You might guess how useful someone is being dropped in on complex project , months after-the-fact and being told "Fix it!".
Couple of months of UI re-design and many other changes, the app was ready for beta testing.
In the mean time, the company hired a new customer service manager. When he saw the application, he rejected the app because he re-designed the entire returns process to be more efficient. The application UI was written to the exact step-by-step old returns process with little/no deviation.
With a tremendous amount of push-back (TL;DR), the dev mgr promised to change the app, but only after it was deployed into production (using "we can fix it later" excuse).
Still plagued with numerous bugs, the app was finally deployed. In attempts to save face, there was a company-wide party to celebrate the 'death' of the "old Delphi returns app" and the birth of the new. Cake, drinks, certificates of achievements for the devs, etc.
By the end of the project, the devs hated each other. Finger pointing, petty squabbles, out-right "FU!"s across the cube walls, etc. All the team members were re-assigned to other teams to separate them, leaving a single new hire to fix all the issues.5 -
My manager is instructing my team to add a feature that can only be enabled for users by running an update script in the database.
When I argued that it's not really "complete" if it can't be turned on without someone going into the production database, I was told that not only is it complete, but they plan to have our non-technical customer service enable it for customers if the customer requests it...
Apparently giving everyone and their brother write access to prod is a good idea, but implementing a checkbox is a "waste of time and would cost too much money".
Probably going to float my resume... :-p2 -
I was working on a very database heavy PHP app about six months ago. All database access was done directly, with hardcoded SQL strings.
I'd suggested switching over to an ORM during the upcoming major verson's rewrite, and FINALLY got approval to start integrating one.
The next week I'm told that I need to trash all the code I'd just written, since the decision to use an orm has been reversed.
The rationale? According to management, ORMs aren't "scalable enough for our application" and would "reduce developer productivity". I pointed out that we would be processing ~10 concurrent operations, maximum; I was told that the technically details didn't matter and the person I was working under had the final say because they'd worked at IBM, briefly, as an intern.
I stopped working on that project about two weeks later, thankfully.15 -
I bought hosting and domain last year, I uploaded my site and left it for months. Last month I logged onto my webhost's user panel and the "login to cpanel" option of my hosting directed me to someone else's premium hosting, I realised it late and I had already deleted whole of the WP site as I presumed it was mine. I left the database intact, reached out to the domain owner getting the info via whois, surprisingly he is was all fine losing his merchant navy academy website.
However, I WAS NOT FINE because I am not fucking expecting my webhost to give someone access to my hosting, just like I got access to his.
Been two weeks and they are unable to fix it and I am pissed off. I had no urgent need but I WANT ACCESS WHEN I WANT.
They are not as big as GoDaddy but they are a reputed hosting provider in my country with nice and fancy WP domain etc management portal and everything. I never expected this from then. How the fuck would they let this happen.5 -
You know you're in the wronk place, when the prod sql table have 473 columns, 0 index, 0 keys and the frontend is made in ms access. And the only possible way to connect to the (virtualized server) database is through citrix...5
-
So I fucked up.. I assigned a small wordpress/woocommerce project to myself to avoid my team members from wasting their time on it. I had a two month deadline, which was insane, so I kept postponing it until I forgot about it. Today my client contacted me by email to ask if she could preview the site before our meeting in two weeks..
QUE BULLSHIT EXCUSE:
- “I had to migrate to another server because of some access/permission issues with my current host. They gave me their word that they would be done with the migration thursday or friday, then I have to correct some permissions and database settings, and the DNS update may take up to 24 hours to finish. I will personally make sure that you know as soon as the migration has finished.”
- “Thank you so much! I feel so safe having assigned your company the job! I am really looking forward to our meeting and seeing the site!”
Oh and did I mention that deadline was around 65 days ago? And that I haven’t even started yet? I know what I’ll be doing for the next 6 days..3 -
I've seen many devs doing crazy things in my entire career till now. But this one dude stands out.
He used to:
- Push binaries to git repo
- Use some old libraries which were used during Indus Valley civilization
- Had no sense of database and used to delete random data from it and call it as TESTING (Thank God! I never gave him prod access)
- And on top of this, he had an ass full of attitude!2 -
I was asked to look into a site I haven't actively developed since about 3-4 years. It should be a simple side-gig.
I was told this site has been actively developed by the person who came after me, and this person had a few other people help out as well.
The most daunting task in my head was to go through their changes and see why stuff is broken (I was told functionality had been removed, things were changed for the worse, etc etc).
I ssh into the machine and it works. For SOME reason I still have access, which is a good thing since there's literally nobody to ask for access at the moment.
I cd into the project, do a git remote get-url origin to see if they've changed the repo location. Doesn't work. There is no origin. It's "upstream" now. Ok, no biggie. git remote get-url upstream. Repo is still there. Good.
Just to check, see if there's anything untracked with git status. Nothing. Good.
What was the last thing that was worked on? git log --all --decorate --oneline --graph. Wait... Something about the commit message seems familiar. git log. .... This is *my* last commit message. The hell?
I open the repo in the browser, login with some credentials my browser had saved (again, good because I have no clue about the password). Repo hasn't gotten a commit since mine. That can't be right.
Check branches. Oh....Like a dozen new branches. Lots of commits with text that is really not helpful at all. Looks like they were trying to set up a pipeline and testing it out over and over again.
A lot of other changes including the deletion of a database config and schema changes. 0 tests. Doesn't seem like these changes were ever in production.
...
At least I don't have to rack my head trying to understand someone else's code but.... I might just have to throw everything that was done into the garbage. I'm not gonna be the one to push all these changes I don't know about to prod and see what breaks and what doesn't break
.
I feel bad for whoever worked on the codebase after me, because all their changes are now just a waste of time and space that will never be used.3 -
Had to talk to another team to change 1 value in a database I didn't have access to. It should have taken 2 minutes but instead took them two hours. This was before they went on a public rant in front of the CTO and CEO telling my team how we need to re-architect everything we've done in the past 8 months because it didn't meet their personal standards.
I have never even met these people prior and all I needed was 1 fucking value changed. Somehow my company thinks this is culturally acceptable.6 -
Me: I’m gonna make it so the users can access the locations for 30days.
Boss: wtf? U dumb? Do you know how valuable that data is, dont fucking put a limit
Me: *listening 10minutes of him ranting how that’s the stupidest idea he’s heard all day*
Boss:why would you want to do that anyways like wtf?
Me: storage optimization
Boss: 😂😂😂😂😂😂😂😂😂 wtf r u like a idiot or smthng.
My head: nah I’m done, I’m about to roast this guy with my numbers*
Me: every single minute 40k rows of data come in from just ONE☝️ CLIENT.....AND THATS HOW, EVEN IF WE ADD THAT FUCKING 2 YEAR LIMIT WE WOULD BE HOSTING 5 FUCKING PETABYTES OF DATA FOR JUST ONE CLIENT, not including other shits, this is only for heatmaps. And imagine changing all of that database system in the future, that would require going threw so much databases and pages, this ain’t just like changing one number and bam less storage space.
Boss: Ok, add that 2 year limit, later we will sort this out.
My brain: *omg, now that I know these numbers how will I ever fall asleep😦*9 -
"Let's quickly make sure that the docker container can access a host database"
I guess I can put that quickly up my ass.
How motherfucking difficult can this be?!18 -
I was working in a manufacturing facility where I had hundreds of industrial computers and printers that were between 0 and 20 years old. They were running on their own clean network so that someone has to be in the manufacturing network to access them. The boss announced that the executives will be pushing a “zero trust” security model because they need IoT devices. I told him “A computer running Windows 98 can’t be on the same VLAN as office computers. We can’t harden most of the systems or patch the vulnerabilities. We also can’t reprogram all of the devices to communicate using TLS or encrypt communications.“ Executives got offended that I would even question the decision and be so vocal about it. They hired a team to remove the network hardware and told me that I was overreacting. All of our system support was contracted to India so I was going to be the on-site support person.
They moved all the manufacturing devices to the office network. Then the attacks started. Printers dumped thousands of pages of memes. Ransomware shut down manufacturing computers. Our central database had someone change a serial number for a product to “hello world” and that device got shipped to a customer. SharePoint was attacked in many many ways. VNC servers were running on most computers and occasionally I would see someone remotely poking around and I knew it wasn’t from our team because we were all there.
I bought a case of cheap consumer routers and used them in manufacturing cells to block port traffic. I used Kali on an old computer to scan and patch network vulnerabilities daily.
The worst part was executives didn’t “believe” that there were security incidents. You don’t believe in what you don’t understand right?
After 8 months of responding to security incident after security incident I quit to avoid burning out. This is a company that manufactures and sells devices to big companies like apple and google to install in their network. This isn’t an insignificant company. Security negligence on a level I get angry thinking about.8 -
We just got into a malicious bots database with root access.
So guard duty gave us some warnings for our tableau server, after investigating we found an ip that was spamming us trying all sorts. After trying some stuff we managed to access their MySQL database, root root logged us in. Anyway the database we just broke into seems to have schemas for not only the bot but also a few Chinese gambling websites. There are lots of payment details on here.
Big question, who do we report this to, and what's the best way to do so anonymously? I'm assuming the malicious bot has just hyjacked the server for these gambling sites so we won't touch those but dropping the schema the bot is using is also viable. However it has a list of other ips, trying those we found more compromised servers which we could also log in to with root root.
This is kinda ongoing, writing this as my coworker is digging through this more.11 -
After three hours of emailing with a customer I can confirm that programmers are the worst customers.
Customer: We've found a bug in the system... <details>
Me: Thank you for letting us know, a ticket has been created and the issue is most likely to be fixed in the next release.
Customer: Please grant me UPDATE privileges in the live(!) database so I can fix it myself
Me: I cannot allow that. You have to use the client software for maintaining your data.
Customer: No, I don't want to spend my day clicking. I want to write queries.
We didn't reply to the last one yet...
If we give him access, then I would charge them at least 3x for fixing issues caused by him.1 -
Have a couple I want to air today.
First was at my first gig as a dev, 4-5 months out of school. I was the only dev at a startup where the owner was a computer illiterate psycopath with serious temper tantrums. We're talking slamming doors, shouting at you while you are on the phone with customers, the works...
Anyways, what happened was that we needed to do an update in our database to correct some data on a few order lines regarding a specific product. Guess who forgot the fucking where-clause... Did I mention this boss was a cheap ass, dollar stupid, penny wise asshole that refused to have anything but the cheapest hosting? No backups, no test/dev/staging environment, no local copies... Yeah, live devving in prod, fucking all customers with a missing semi-colon (or where clause).
Amazingly, his sheer incompetance saved my ass, because even if I explained it, he didn't get it, and just wanted it fixed as best we could.
The second time was at a different company where we were delivering managed network services for a few municipalities. I was working netops at that time, mostly Cisco branded stuff, from Voice-over-IP and wifi to switches and some routing.
One day I was rolling out a new wireless network, and had to add the VLAN to the core switch on the correct port. VLAN's, for those who don't know, are virtual networks you can use to run several separated networks on the same cable.
To add a VLAN on a Cisco switch one uses the command:
switchport access vlan add XYZ
My mistake was omitting the 'add', which Cisco switches happily accept without warning. That command however can be quite disruptive as it replaces all of the excisting VLAN's with the new one.
Not a big deal on a distribution switch supplying an office floor or something, but on a fucking core switch in the datacenter this meant 20K user had no internet, no access to the applications in the DS, no access to Active Directory etc. Oh and my remote access to that switch also went down the drain...
Luckily a colleague of mine was on site with a console cable and access to config backups. Shit was over within 15 minutes. My boss at that time was thankfully a pragmatic guy who just responded "Well, at least you won't make that mistake again" when we debriefed him after the dust settled. -
I sent an email to a client asking for values in the database only they can access so I can finish an application and test it.... they reply asking for a new feature on the application and completely ignore my request for said values. then another person CCed on the email replies and agrees with the feature request and we should do xyz. still no values from him either. wtfff?7
-
Got a job as a database manager, they wanted me to update their sql server and some of their .net apps. Turns out their sql server had no databases and all their data was stored in an ms access 2003 applications that was using windows for workgroups security!!! It also had no interface, hundreds of tables and queries and there were multiple access db it was connected to. To make things worse the person who built all this stuff used acronyms for everything he did, table names, variables, queries and even bloody window folders!!! It was hard as hell to figure out what anything ment. Oh and the .net apps were asp sites that heavily used dll for storing his code and no one knows where the original source code for them are. Did I also mention there were no comments for any of the code, no database dictionary, no notes or anything.
So apparently I'll be rebuilding everything from scratch and transferring over the data to sql server. AND NO MORE F**KING ACRONYMS!!!!!!!2 -
So I joined this financial institution back in Nov. Selling themselves as looking for a developer to code micro-services for a Spring based project and deploying on Cloud. I packed my stuff, drove and moved to the big city 3500 km away. New start in life I thought!
Turns out that micro-services code is an old outdated 20 year old JBoss code, that was ported over to Spring 10 years ago, then let to rot and fester into a giant undocumented Spaghetti code. Microservices? Forget about that. And whats worse? This code is responsible for processing thousands of transactions every month and is currently deployed in PROD. Now its your responsibility and now you have to get new features complied on the damn thing. Whats even worse? They made 4 replicas of that project with different functionalities and now you're responsible for all. Ma'am, this project needs serious refactoring, if not a total redesign/build. Nope! Not doing this! Now go work at it.
It took me 2-3 months just to wrap my mind around this thing and implement some form of working unit tests. I have to work on all that code base by myself and deliver all by myself! naturally, I was delayed in my delivery but I finally managed to deliver.
Time for relief I thought! I wont be looking at this for a while. So they assign me the next project: Automate environment sync between PROD and QA server that is manually done so far. Easy beans right? And surely enough, the automation process is simple and straightforward...except it isnt! Why? Because I am not allowed access to the user Ids and 3rd party software used in the sync process. Database and Data WareHouse data manipulation part is same story too. I ask for access and I get denied over and over again. I try to think of workarounds and I managed to do two using jenkins pipeline and local scripts. But those processes that need 3rd party software access? I cannot do anything! How am I supposed to automate job schedule import on autosys when I DONT HAVE ACCESS!! But noo! I must think of plan B! There is no plan B! Rather than thinking of workarounds, how about getting your access privileges right and get it right the first time!!
They pay relatively well but damn, you will lose your sanity as a programmer.
God, oh god, please bless me with a better job soon so I can escape this programming hell hole.
I will never work in finance again. I don't recommend it, unless you're on the tail end of your career and you want something stable & don't give a damn about proper software engineering principles anymore.3 -
Fuck non-IT departments that use Microsoft Access and think database tables are like Excel spreadsheets.11
-
I'm migrating data from an old software to a new one I wrote.
Old database it's in Access (yeah, fuck). When I opened one table, the VM hung up and I opened the task manager on MADE
What.The.Fuck.Are.You.Doing?8 -
Today was a manic-depressive kind of day. Spent the morning helping some developers with getting their code to run a stored procedure to drop old partitions, but it wasn't working on their end. It was a fairly simple proc. But working with partitions is a little like working with an array. I figured out that they were passing the wrong timestamp, and needed to add +1 to delete the right partition. Got that sorted out, and things were good. Lunch time.
After lunch I did some busy work, and then the PO comes up at about 2PM and says he's assigned some requests to me. The first was just attaching some scripts. Easy. The second, the user wants a couple of schemas exported ... at 6PM. I've been in the office since 6:45AM.
While I'm setting up some commands to run for the data export, a BA walks up and asks if I'm filling in for another DBA who is out for a few weeks. Yep. There's a change request that hasn't been assigned, and he normally does the work. I ask when it's due. Well, the pre-implementation was supposed to be done in the morning, but it wasn't, and we're in the implementation window ... half way through. I bring up the change task, and look at. Create new schema and users. That's all it says. The BA laughs. I tell I need more to go on. 10 minutes later he sends an email with the information. There's only two hours left in the window, and I can only use half of it, because the production guys have to their stuff, and we're in their window. Now I'm irritated, because I'm new to Oracle, and it's an unforgiving mistress. Fortunately, another DBA says he'll do it, so that we can get it done in time. But can't work it either, because Dev DBAs don't have access to QA, and the process required access for this task. Gets shelved until the access issue is resolved. It's now after 4:15PM. I'm going to in traffic with that 6PM deadline.
I manage to get home and to the computer by 5:45PM. Log in. Start VPN. Box pops on screen. Java needs to update. I chose skip update. Box pops up again. It won't let me log in until Java is current. Passed.
I finally get logged in, and it's 6:10PM. I'm late getting the job started. I pull up Putty and log into the first box, and paste my pre-prepared command in the command line and hit error. Command not found. I'm tired, so it's a moment to sink in. I don't have time for this.
I log into DBArtisan and pull up the first data base, use the wizard to set the job, and off it goes. Yay. Bring up the second database, and have enter the connect info. Host not found. Wut? Examine host name. Yep, it's correct. Try a different method. Host not found. Go back to Putty. Log in. Past string. Launch. Command not found. Now my brain is quitting on me. Why now? It's after 6:30PM. Fiddle with some settings, reset $Oracle home. Try again. Yay. It works. I'm done. It's after 7PM.
There is nothing like technology to snatch the euphoria of a success away from you. It's a love-hate thing, but I wouldn't trade it for anything else. I'm done. Good night.3 -
So I started a 80hour intership today at our Department of Education and this is how it went...
Boss : Design a database to show all applicants that applied for jobs at schools.
*I start thinking which tables and columns I'm going to use and start designing the database, writes out all the tables on paper*
Me : Is there a pc I should work on or should I use my laptop? And which database engine do you use?
B : No you can use your laptop. And btw we use MS Access
*Thinking wtf kind of business even governmental uses Access for their databases. But anyway, start creating the databases and relationships when my boss walks in*
B : No, what are you doing?
M : Im creating the database you asked for.
B : No, you design it on paper. Draw all the tables, draw the report and the form then you come show it to me, if I decide its good enough you can come in tomorrow and start creating it.
*Wtf kind of place is this, are you mentally retarded? You have a IT staff of 3 people, in which only the actual fulltime intern is a qualified IT professional, but when me or him tries to do some actual work, you give us shit about doing what was asked from us*5 -
Our Professor gave us a predefined Datebase with access methods. The whole database is full of
value == 0 ? false : true
How can this guy teach programming languages when he can't apply a simple != operand6 -
Worst hack/attack?
Probably developing a complex food ordering website and client just stole the website and didn’t pay as it turns out our PM didn’t let the client sign a contract. Can’t sue as we have no legal binding documents.
We did managed to get access to the database and decided to change our passwords manually, but like I don’t get paid much for this2 -
Helping this lady with her Microsoft Access work. Wrote some complex Visual Basic script to make the database look pretty. This is what she is asking:
"Hey, where did you get all this code from? YouTube? Can you please send me the link?"
ffs I'm a dev, why the fuck do you think I need YouTube for this simple VBA script.3 -
Last Monday I bought an iPhone as a little music player, and just to see how iOS works or doesn't work.. which arguments against Apple are valid, which aren't etc. And at a price point of €60 for a secondhand SE I figured, why not. And needless to say I've jailbroken it shortly after.
Initially setting up the iPhone when coming from fairly unrestricted Android ended up being quite a chore. I just wanted to use this thing as a music player, so how would you do it..?
Well you first have to set up the phone, iCloud account and whatnot, yada yada... Asks for an email address and flat out rejects your email address if it's got "apple" in it, catch-all email servers be damned I guess. So I chose ishit at my domain instead, much better. Address information for billing.. just bullshit that, give it some nulls. Phone number.. well I guess I could just give it a secondary SIM card's number.
So now the phone has been set up, more or less. To get music on it was quite a maze solving experience in its own right. There's some stuff about it on the Debian and Arch Wikis but it's fairly outdated. From the iPhone itself you can install VLC and use its app directory, which I'll get back to later. Then from e.g. Safari, download any music file.. which it downloads to iCloud.. Think Different I guess. Go to your iCloud and pull it into the iPhone for real this time. Now you can share the file to your VLC app, at which point it initializes a database for that particular app.
The databases / app storage can be considered equivalent to the /data directories for applications in Android, minus /sdcard. There is little to no shared storage between apps, most stuff works through sharing from one app to another.
Now you can connect the iPhone to your computer and see a mount point for your pictures, and one for your documents. In that documents mount point, there are directories for each app, which you can just drag files into. For some reason the AFC protocol just hangs up when you try to delete files from your computer however... Think Different?
Anyway, the music has been put on it. Such features, what a nugget! It's less bad than I thought, but still pretty fucked up.
At that point I was fairly dejected and that didn't get better with an update from iOS 14.1 to iOS 14.3. Turns out that Apple in its nannying galore now turns down the volume to 50% every half an hour or so, "for hearing safety" and "EU regulations" that don't exist. Saying that I was fuming and wanting to smack this piece of shit into the wall would be an understatement. And even among the iSheep, I found very few people that thought this is fine. Though despite all that, there were still some. I have no idea what it would take to make those people finally reconsider.. maybe Tim Cook himself shoving an iPhone up their ass, or maybe they'd be honored that Tim Cook noticed them even then... But I digress.
And then, then it really started to take off because I finally ended up jailbreaking the thing. Many people think that it's only third-party apps, but that is far from true. It is equivalent to rooting, and you do get access to a Unix root account by doing it. The way you do it is usually a bootkit, which in a desktop's ring model would be a negative ring. The access level is extremely high.
So you can root it, great. What use is that in a locked down system where there's nothing available..? Aha, that's where the next thing comes in, 2 actually. Cydia has an OpenSSH server in it, and it just binds to port 22 and supports all of OpenSSH's known goodness. All of it, I'm using ed25519 keys and a CA to log into my phone! Fuck yea boi, what a nugget! This is better than Android even! And it doesn't end there.. there's a second thing it has up its sleeve. This thing has an apt package manager in it, which is easily equivalent to what Termux offers, at the system level! You can install not just common CLI applications, but even graphical apps from Cydia over the network!
Without a jailbreak, I would say that iOS is pretty fucking terrible and if you care about modding, you shouldn't use it. But jailbroken, fufu.. this thing trades many blows with Android in the modding scene. I've said it before, but what a nugget!8 -
Fucking hate my job 😡
I joined as nodejs dev at a mnc 3months ago involved in banking software in which i dont have any domain knowledge.. first 10 days I was told to go through fucking udemy nodejs and graphql tutorial (wtf) which i already have experience with before joining.. after that my reporting manager gives me task to resolve fields and gave me shitty jira story link to read.. that shit story link had no explanation about the fields and what the database it is, then she says to use some shitty sdk which is built internally by shiity devloper which had no documentation and have to follow other module which was again written by that sr. Dev... They hav fucked up the graphql and nodejs and entire stack and also till date no one has ever given any explanation about the domain and the fields and database schema.. this manager refuses to share knowledge about the domain now how the fuck i resolve the graphql schema which was again written by non technical b.a.. all they have used is latest technology in a shitty way with no standards to to follow .. no dataloading no caching no batching.. use shitty sdk which does not give access to dbconn and fucking tightly coupling expressjs which when i start consumes crazy 400Mb of memory .. these fucking seniors devs + the fucking b.a having 12+. Yrs exp each have fucked the entire codebase... Each day killing my passion for app development.. fuckkk ... Dunno what to do now5 -
So I just started a part time job in a hospital research center - because the processing is long I got a temporary user name and password (that belong to the main HR secretary) so I can start work straight away (mainly data analytics)
The kick?
Administrator privileges.
I can access edit create or delete everything in the entire fucking database. On my first God damn day.
In the 2nd largest hospital in the fucking country.
Agh. How do systems survive with so many dumb security breaches?4 -
I work on a warehouse dev team. One day this past year, I was trying to deploy a new build to a QA server. Earlier that day I had been looking at the logs on the production server and had left the ssh session open. I had been working for less than a year out of college at this point and shouldn't have had access to deploy to the production server.
Long story short I deployed my QA build to the production server and saw there were problems connection to our production database. Then my heart dropped in my chest as I realized I had just brought down our production server.
I managed to get the server back up by rolling back in about 5 minutes and no one ever knew except some people on my team.
I felt horrible for the longest time. Later in the year another guy that joined my team that has about 20 years of experience under his belt did the exact same thing, but needed help rolling it back. Needless to say, that made me feel a lot better. 😂
Definitely the worst moment of my year.3 -
Worst and only experience is the reason I moved away from programming...
25 years ago I was hired to copy a phone book list to a access database.
Access back then would create lots of garbage, so I would add 3 to 5 entries before access crashed (shitty p133 laptop with 32mb ram running windows 98.
So I made a visual basic program to add data and work around the problem.
I offered said program to the guy really cheap and would still make it better.
Did also a admin module since he had hired dozens of people and I knew he would have problems peasing the databases together.
And... Dude cancels the deal.
I get a job, 2 weeks later he calls me... Ohhh I don't know how to get all the databases together...
Me: I'm working now, the program I did solved said problem. I trew the code away. Deal with it. -
Follow up to: https://devrant.com/rants/5047721/....
1- The attacker just copy pasted its JWT session token and jammed requests on the buy gift cards route
2- The endpoint returns the gift card to continue the payment process, but the gift card is already valid
3- Clients wants only to force passwords to have strong combinations
4- Talk about a FIREWALL? Only next month
5- Reduce the token expiration from 3 HOURS to 10 minutes? Implement strong passwords first
6- And then start using refresh tokens
BONUS: Clearly someone from inside that worked for them, the API and database password are the same for years. And the route isn't used directly by the application, although it exists and has rules that the attacker kows. And multiple accounts from legit users are being used, so the person clearly has access to some internal shit7 -
The worst thing I have seen a dev do?
- Have all the APIs work without an access token for our main product which handles ~10k requests a day.
- Calling our architecture secure in the crucial investor meeting and being 'confident' that our database can not be compromised. No wonder we did not get funded.3 -
In my school, eleventh grade (so nearly "Abitur", A levels), we got the task to create a program which will be running on every computer here which should replace the Classbook (like a book where homework and lessons and stuff is written down).
Now, the class before mine already did a part of that, a program to share who is ill/not at school, with a mark whether it is excused or not.
So far so good. They all seemed not that bad when they were presenting it to us. Then, the first thing: they didn't know what git is. Well, okay I thought.
Next, there was this password field to access the program. One of them entered the password and clicked enter. That seemed suspiciously fast for an actual secure login. So fast, the password could have been in the Code...
Yesterday I copied that program and put it into a decompiler.
And... I was right.
There were the login credentials in plain text. Also, haven't thought of it but, IP address + username + password + database name were there in plain text, too.
Guess I am going to rewrite this program down to the core2 -
Data Disinformation: the Next Big Problem
Automatic code generation LLMs like ChatGPT are capable of producing SQL snippets. Regardless of quality, those are capable of retrieving data (from prepared datasets) based on user prompts.
That data may, however, be garbage. This will lead to garbage decisions by lowly literate stakeholders.
Like with network neutrality and pii/psi ownership, we must act now to avoid yet another calamity.
Imagine a scenario where a middle-manager level illiterate barks some prompts to the corporate AI and it writes and runs an SQL query in company databases.
The AI outputs some interactive charts that show that the average worker spends 92.4 minutes on lunch daily.
The middle manager gets furious and enacts an Orwellian policy of facial recognition punch clock in the office.
Two months and millions of dollars in contractors later, and the middle manager checks the same prompt again... and the average lunch time is now 107.2 minutes!
Finally the middle manager gets a literate person to check the data... and the piece of shit SQL behind the number is sourcing from the "off-site scheduled meetings" database.
Why? because the dataset that does have the data for lunch breaks is labeled "labour board compliance 3", and the LLM thought that the metadata for the wrong dataset better matched the user's prompt.
This, given the very real world scenario of mislabeled data and LLMs' inability to understand what they are saying or accessing, and the average manager's complete data illiteracy, we might have to wrangle some actions to prepare for this type of tomfoolery.
I don't think that access restriction will save our souls here, decision-flumberers usually have the authority to overrule RACI/ACL restrictions anyway.
Making "data analysis" an AI-GMO-Free zone is laughable, that is simply not how the tech market works. Auto tools are coming to make our jobs harder and less productive, tech people!
I thought about detecting new automation-enhanced data access and visualization, and enacting awareness policies. But it would be of poor help, after a shithead middle manager gets hooked on a surreal indicator value it is nigh impossible to yank them out of it.
Gotta get this snowball rolling, we must have some idea of future AI housetraining best practices if we are to avoid a complete social-media style meltdown of data-driven processes.
Someone cares to pitch in?14 -
I have started using the input lockout when supporting colleagues.
The phrase "don't touch anything" must be code for "close all my windows"
Last one actually rebooted her machine in the middle of a (manager requested) intervention...
I got some very strange looks in the office to my "good afternoon, I'm calling to inform you that you will need to speak to HR to reinstate your credentials as I have accidentally marked you as a leaver while doing some database maintenance, I'll transfer you now, please hold" phone call, especially as we don't actually have access to do that lol
I put her on hold to myself while I finished then advised that "I'm sorry HR are busy, but I've managed to undo the mistake anyway, my apologies"
Kept her away from the machine so it was lawful evil right?1 -
The Sys Admin limited everyone's access on an application through the admin panel. He forgot I have access to the database and I now have full access 😂1
-
Spent the last month creating a really scalable chat application, with fast front end, all kinds of neat functions such as polls, and a really efficient database structure in Apache Cassandra.. Everything is built to use NoSQL, and even the front-end is using all kinds of features to speed up itself... Now, guess what... The company I'm doing an internship decided that everything needs to be done in MariaDB, and I can basically remove 1/3 of my program, event the front end will get a huge purge of code, and as much as I explained that MariaDB IS NOT FUCKING USABLE FOR A CHAT APPLICATION, and when there are many messages, the access times will get realllllyyy sloow, and that the whole structure there currently is based on NoSQL... Now I can remove all the clustering, custom data types, and bucketing of messages... And store FUCKING JSON IN 'TEXT' FIELDS IN A STUPID SQL DATABASE. FUCK ME6
-
Yesterday one of our clients gave us the OK to launch their annual financial reports, 4 minutes before stock market closed and most of us was heading home.
Problem was we didn't have the proper access to their servers, so I and a senior consultant just spent a few hours calling our client and their IT infrastructure provider.
6 hours later, a large bill from the IT provider for after hours work, the job was done. A job that would take 5 minutes of uploading and 5 minutes of database transfer. -
When your co-worker uses needless terminology. It’s your day off and you’re texting from bed.
cw: Do you have access to the email client?
me: You mean the work email? Yes.
cw: Did you set up access to the database or an FTP protocol for userX?
me: You mean an admin account? Yes.
cw: Were we planning on adding more calls to action on projectX?
me: You mean site links? Yes.2 -
Anyone reading these emails we are sending?
I work at a small place. A few users are using an application at our place that I develop and maintain. We all work remotely.
I announce by email to these few users a new version release of said application because of low level changes in the database, send the timeline for the upgrade, I include the new executable, with an easy illustrated 2 minutes *howto* to update painlessly.
Yet, past the date of the upgrade, 100% of the application users emailed me because they were not able to use the software anymore.
----------------
Or I have this issue where we identified a vulnerability in our systems - and I send out an email asking (as soon as possible) for which client version users are using to access the database, so that I patch everything swiftly right. Else everything may crash. Like a clean summary, 2 lines. Easy. A 30 second thing.
A week pass, no answer, I send again.
Then a second week pass, one user answers, saying:
> well I am busy, I will have time to check this out in February.
----------------
Then I am asking myself:
* Why sending email at all in the first place?
* Who wrote these 'best practices textbooks about warning users on schedule/expected downtime?'
*How about I just patch and release first and then expect the emails from the users *after* because 'something is broken', right? Whatever I do, they don't read it.
Oh and before anyone suggest that I should talk to my boss about this behavior from the users, my boss is included in the aforementioned 'users'.
Catch-22 much ? Haha thanks for reading
/rant7 -
Beware: Here lies a cautionary tale about shared hosting, backups, and -goes without saying- WordPress.
1. Got a call from a client saying their site presented an issue with a third-party add-on. The vendor asked us to grant him access to our staging copy.
2. Their staging copy, apparently, never got duplicated correctly because, for security reasons, their in-house dev changed the name of the wp-content folder. That broke their staging algo. So no staging site.
3. In order to recreate the staging site, we had to reset everything back to WP defaults. Including, for some reason, absolute paths inside the database. A huge fucking database. Because WordPress.
4. Made the changes directly in a downloaded sql file. Shared hosting, obviously, had an upload limit smaller to the actual database.
5. Spent half an hour trying to upload table by table to no avail.
6. In-house uploads a new, fixed database with the help of the shared hosting provider.
7. Database has the wrong path. Again.
8. In-house performs massive Find and Replace through phpMyAdmin on the production server.
9. Obviously, MySQL crashes instantly and the site gets blocked for over 3 hours for exceeding shared hosting limits.
10. Hosting provider refuses to accept this was caused by such a stupid act and says site needs to be checked because queries are too slow.
11. We are gouging our eyeballs as we see an in-house vs. hosting fight unfold. So we decide to watch a whole Netflix documentary in between.
12. Finally, the hosting folds and enables access to the site, which is obvi not working because, you know, wrong paths.
13. Documentary finishes. We log in again, click restore from backup. Go to bed. Client phones to bless us. Client’s in-house dev probably looking for a cardboard box to pack his stuff first thing in the morning. \_(ツ)_/¯ -
I just found a vulnerability in my companies software.
Anyone who can edit a specific config file could implant some SQL there, which would later be executed by another (unknowing) user from within the software.
The software in question is B2B and has a server-client model, but with the client directly connecting to the database for most operations - but what you can do should be regulated by the software. With this cute little exploit I managed to drop a table from my test environment - or worse: I could manipulate data, so when you realize it it's too late to simply restore a DB backup because there might have been small changes for who knows how long. If someone was to use this maliciously the damages could be easily several million Euros for some of our customers (think about a few hundred thousand orders per day being deleted/changed).
It could also potentially be used for data exfiltration by changing protection flags, though if we're talking industry espionage they would probably find other ways and exploit the OS or DB directly, given that this attack requires specific knowledge of the software. Also we don't promise to safely store your crabby patty recipe (or other super secret secrets).
The good thing is that an attack would only possible for someone with both write access to that file and insider knowledge (though that can be gained by user of the software fairly easily with some knowledge of SQL).
Well, so much for logging off early on Friday.5 -
I had a wonderful run-in with corporate security at a credit card processing company last year (I won't name them this time).
I was asked design an application that allowed users in a secure room to receive instructions for putting gift cards into envelopes, print labels and send the envelopes to the post. There were all sorts of rules about what combinations of cards could go in which envelopes etc etc, but that wasn't the hard part.
These folks had a dedicated label printer for printing the address labels, in their secure room.
The address data was in a database in the server room.
On separate networks.
And there was absolutely no way that the corporate security folks would let an application that had access to a printer that was on a different network also have access to the address data.
So I took a look at the legacy application to see what they did, to hopefully use as a precedent.
They had an unsecured web page (no, not an API, a web page) that listed the addresses to be printed. And a Windows application running on the users' PC that was quietly scraping that page to print the labels.
Luckily, it ceased to be an issue for me, as the whole IT department suddenly got outsourced to India, so it became some Indian's problem to solve.2 -
I just wasted 2 hours trying to figure out why the properties of a destructured object returned undefined, even though everything was fine in JSON format. Tried to request data on the frontend from my server with a database attached. Tried accessing each object of my array separately, it worked. In a loop: dataArray[index].propertyX ... undefined??
Turns out I used the wrong property names to access the info inside each object.
🤦1 -
MS Access and VBA.
This combo is the worst dev tech I had to use it by now. Why? Because even if you try it, you can't make a single line of clean code. The syntax is horrible, it still use GOTO...
Maybe the reason why I hated working with it is linked to the context too: I was (and still) developing a system using NoSQL database and this system should be mostly fully configurable through metadata within JSON documents and it was. But we were still writing every JSON by hands so we decided we needed to develop a web based utility for us and clients who would need to configure the system but one of the head decision making people said that we don't need to use fancy technologies (because NoSQL is already "fancy") and that the configuration tool will be develop with Access because he used it a lot when he was younger and when he was coding during its free time. He said that using Access would be much easier and much time saving than our "fancy web based solution" and that he could help if we had questions...
Developing a MS Access software is already a pain in the ass but when you need to output JSON with it...1 -
I am building a website inspired by devrant but have never built a server network before, and as im still a student I have no industry experience to base a design on, so was hoping for any advice on what is important/ what I have fucked up in my plan.
The attached image is my currently planned design. Blue is for the main site, and is a cluster of app servers to handle any incoming requests.
Green is a subdomain to handle images, as I figured it would help with performance to have image uploads/downloads separated from the main webpage content. It also means I can keep cache servers and app servers separated.
Pink is internal stuff for logging and backups and probably some monitoring stuff too.
Purple is databases. One is dedicated for images, that way I can easily back them up or load them to a cache server, and the other is for normal user data and posts etc.
The brown proxy in the middle is sorta an internal proxy which the servers need to authenticate with to connect to, that way I can just open the database to the internal proxy, and deny all other requests, and then I can have as many app servers as I want and as long as they authenticate with the proxy, they can access the database without me changing any firewall rules. The other 2 proxies just distribute requests between the available servers in the pool.
Any advice would be greatly appreciated! Thanks in advanced :D13 -
-Im a frontend
-We don't have any back-end in our team
-Im now a front-end & backend
We need to migrate our server to AWS but we have nobody
-im now a front-end & back-end & DevOps
During de migration we need to use AWS database and create new view and manage access
-im now a front-end & back-end & DevOps & DB engineer
-We have new employee (Yess)
-im now a front-end & back-end & DevOps & DB engineer & Trainer and repository manager (PR, Manager)
Public institution... No salairy growing... Fluck this shit4 -
Welp, this made my night and sorta ruined my night at the same time.
He decided to work on a new gaming community but has limited programming knowledge, but has enough to patch and repair minor issues. He's waiting for an old friend of his to come back to start helping him again, so this leads to me. He needed a custom backend made for his server, which required pulling data from an SQL/API and syncing with the server, and he was falling behind pace and asked for my help. He's a good friend that I've known for a while, and I knew it wouldn't take to long to create this, so I decided to help him. Which lead to an interesting find, and sorta made my night.
It wasn't really difficult, got it done within an hour, took some time to test and fix any bugs with his SQL database. But this is where it get's interesting, at least for me. He had roughly a few hundred people that did beta testing of the server, anyways, once the new backend was hooked in and working, I realized that the other developer he works with had created a 'custom' script to make sure there are no leaks of the database. Well, that 'custom' script actually begins wiping rows/tables (Depends on the sub-table, some get wiped row by row, some just get completely dropped), I just couldn't comprehend what had happened, as rows/tables just slowly started disappearing. It took me a while of checking, before checking his SQL query logs (At least the custom script did that properly and logged every query), to realize it just basically wiped the database.
Welp, after that, it began to restrict the API I was using, and due to this it identified the server as foreign access (Since it wasn't using the same key as his plugin, even though I had an API key created just so it could only access ranks and such, to prevent abuse) and begin responding not with denied, but with a lovely "Fuck you hacker!" This really made my night, I don't know why, but I was genuinely laughing pretty hard at this response.
God, I love his developer. Luckily, I had created a backup earlier, so I patched it and just worked around the plugin/API to get it working. (Hopefully, it's not a clusterfuck to read, writing this at 2 am with less than an hour of sleep, bedtime! Goodnight everyone.)7 -
Other team lead: Hi DevOps Team, We need you to deploy this app to production. It's maintainers gave up on it in 2019, but we looked at it and it feels right.
Me: Uhm. That's not going to work. It'll fail the security scan before you can even finish the build in CI.
Other team lead: Yeah, this app is the right thing to do, and we needed it last week, but since that won't work, we'll just use this other very very infant technology that was just born yesterday. It's not stable in production, or on MySQL, or in AWS at all, but it's the other direction we can to go.
Me: What problem are you trying to solve in the first place?
Other team lead: Oh, we need access to the read from the production database.2 -
Dev Diary Entry #56
Dear diary, the part of the website that allows users to post their own articles - based on an robust rights system - through a rich text editor, is done! It has a revision system and everything. Now to work on a secure way for them to upload images and use these in their articles, as I don't allow links to external images on the site.
Dev Diary Entry #57
Dear diary, today I finally finished the image uploading feature for my website, and I have secured it as well as I can.
First, I check filesize and filetype client-side (for user convenience), then I check the same things serverside, and only allow images in certain formats to be uploaded.
Next, I completely disregard the original filename (and extension) of the image and generate UUIDs for them instead, and use fileinfo/mimetype to determine extension. I then recreate the image serverside, either in original dimensions or downsized if too large, and store the new image (and its thumbnail) in a non-shared, private folder outside the webpage root, inaccessible to other users, and add an image entry in my database that contains the file path, user who uploaded it, all that jazz.
I then serve the image to the users through a server-side script instead of allowing them direct access to the image. Great success. What could possibly go horribly wrong?
Dev Diary Entry #58
Dear diary, I am contemplating scrapping the idea of allowing users to upload images, text, comments or any other contents to the website, since I do not have the capacity to implement the copyright-filter that will probably soon become a requirement in the EU... :(
Wat to do, wat to do...1 -
I got a median-pay front-end job through a contractor (after a contract from hell...but yeah I didn't learn...) and I'm getting zero assignments after a month and nobody seems to know what my role is.
I'm one month in, and every week I have to email my boss to remind her to sign my paycheck, which is stressful because I'm charging for my time because my assignments are like "Research this" or "look at this Wordpress theme or brand guide". The team never communicates but once a week, and I'm beginning to believe that I'm not a good fit for the team because they are impossible to get a hold of and the sysadmin won't give me access to anything even when I CC my boss. (I don't want to grief this guy...) Despite this, I've been told privately by higher-ups on a few occasions that they plan to hire me full time by November...
My SO thinks that the reason people are so dodgy toward me is because they literally do nothing and I'm breaking the flow of that by asking for things. I'm used to agency output, which can be toxic and where everything is 'due yesterday', and I'm watching this team work on assignments ten times slower than normal. ("You want to change a phone number on a website footer? You'll get it next week...maybe." I can't step on toes because I don't have access...) I'm perfectly fine with having to wear several hats at a low-stress job, but I can't even get my first assignment and I'm still being asked who I am in weekly meetings, or asked things like, "Would you even be willing to relocate here?" (I actually live DOWN THE STREET FROM THE OFFICE!! WHY DO I HAVE TO BE REMOTE? Why am I being asked this question?) It feels like my boss impulse hired me, with zero input from the team, and had no real reason to hire me in the first place...
It could also be another issue: Yeah, my experience is in PHP/JS/React, "but here have a seven year old .NET project and a company laptop with zero documentation and make this form import data to a database we know nothing about." Lead dev won't even talk to me.
I feel like a joke.2 -
Since my first post was a success, here's another shameless hack-- in this case, ripping a "closed" database I don't usually have access to and making a copy in MySQL for productivity purposes. That was at a former job as an IT guy at a hardware store, think Lowes/Rona.
We had an old SCO Unix server hosting Informix SQL (curious, anyone here touched iSQL?), which has terminal only forms for the users to handle data, and has keybindings that are strangely vi based (ESC does commit changes. Mindfsck for the users!). To add new price changes to our products, this results to a lengthy procedure inside a terminal form (with ascii borders!) with a few required fields, which makes this rather long. Sadly, only I and a colleague had access to price changes.
Introducing a manager who asks a price change for a brand- not a single product, but the whole product line of a brand we sell. Oh and, those price changes ends later after the weekend (twice the work, back at regular price!)
The usual process is that they send me a price change request Excel document with all the item codes along with the new prices. However, being non technical, those managers write EVERYTHING at hand, cell by cell (code, product name, cost, new price, etc), sometimes just copy pasted from a terminal window
So when the manager asked me to change all those prices, I thought "That's the last time I manually enter all of this sh!t- and so does he". Since I already have a MySQL copy of the items & actual (live) price tables, I wrote a PHP backend to provide a basic API to be consumed to a now VBA enhanced Excel sheet.
This VBA Excel sheet had additional options like calculating a new price based on user provided choices ("Lower price by x $ or x %, but stay above cost by x $ or x %"), so the user could simply write back to back every item codes and the VBA Excel sheet will fetch & display automatically all relevant infos, and calculate a new price if it's a 20% price cut for example.
So when the managers started using that VBA sheet, I had also hidden a button which simply generate all SQL inserts for the prices written in the form, including a "back to regular price" if the user specified an end date, etc.
No more manual form entry for me, no more keyboard pecking for the managers with new prices calculated for them. It was a win/win :)1 -
Started a job as a full stack developer. My first task was shocking! Do these small edits on this backend script that collects stuff from one database and edits the entries in another... piece of cake so far!
Here is the project on the TFS...
HOLD ON! IS THIS VISUAL BASIC?!!
I came here to do .Net framework development and .Net Standard... I wasn’t told that there will be VB, I have never used vb.net before.
Now... that I’m going to maintain this script in the future, I decided to rewrite it in C#, few things I learned on my journey of doing this:
1- There is an access modifier in VB called Friend
2- There is a data structure/type called Collection, it’s a value,key pair! Not key value pair... Value first, then key!!
3- Do you know how null is null everywhere?!! In VB they call it Nothing! Yes, as in...
if(myVar == nothing)
{
//stuff
}
Asking the guy responsible for that choice... he thinks VB is easier to read than C#
I DONT WANT YOU TO READ IT, I WANT IT TO MAKE SENSE AND WORK WITH THE REST OF THE C# CODE WE HAVE!!9 -
A time I (almost) screamed at co-worker?
Too many times to keep up with.
Majority of time its code like ..
try
{
using (var connection = new SqlConnection(connectionString))
{
// data access code that does stuff
}
catch (Exception e)
{
// Various ways of dealing with the error such as ..
Console.WriteLine("Here");
ShowMessage("An error occured.");
return false;
// or do nothing.
}
}
Range of excuses
- Users can't do anything about the error, so why do or show them anything?
- I'll fix the errors later
- Handling the errors were not in the end-user specification. If you want it, you'll have to perform a cost/benefit analysis, get the changes approved by the board in writing, placed in the project priority queue ...etc..etc
- I don't know.
- Users were tired of seeing database timeout errors, deadlocks, primary key violations, etc, so I fixed the problem.
On my tip of my tongue are rages of ..
"I'm going to trade you for a donkey, and shoot the donkey!"
or
"You are about as useful as a sack full of possum heads."
I haven't cast those stones (yet). I'll eventually run across my code that looks exactly like that.1 -
Alright sit down boys this is gonna be a good tale (also a long one).
I'm currently developing a wordpress site for a Client. Everythings works well enough, I had a few "wtf is this shit" moments. Now we decided to give him access to the wp site so that he can see and change (I know, I know don't judge me pls), so I set up tunneling with ngrok, but that PIECE OF SHIT WP DIDN'T WORK ANYMORE. You asking why? Oh I'm telling you why, wp uses ONLY absolute paths. Well fuck, I ain't gonna touch that piece of shit php code, so I installed a plugin and shit was working.
In short, after a few fucking HOURS that shit finally worked. Well that would be a great fucking end for our little tale right? Yeeeeaaah no, I shit you not, it gets even better!
After a few days my client gets back at me that he can't enter fucking wp-admin to work on the text an stuff (again pls don't judge me for granting him access to the backend of wp during development). So I checked it out and that piece of shit didn't work. If anyone would happen to know why, I would be grateful bc for the love of spagetti monster I HAVE NO FUCKING CLUE!
So I said to myself well fuck this shit and put it on a webhoster. Uploaded all the files, and migrated the db. Sounds like it finally worked right? Well guess again buddy. So I needed to go to the database, updated values manually for wp to have the correct url and then still needed to force it to refresh every fucking link.
As it finally works now, this tale is also finished then and I really hope that part 2 is never ever comming!
Sorry for the (somewhat) long rant but this is some next generation bullshit. -
Worst architecture I've seen?
The worst (working here) follow the academic pattern of trying to be perfect when the only measure of 'perfect' should be the user saying "Thank you" or one that no one knows about (the 'it just works' architectural pattern).
A senior developer with a masters degree in software engineering developed a class/object architecture for representing an Invoice in our system. Took almost 3 months to come up with ..
- Contained over 50 interfaces (IInvoice, IOrder, IProduct, etc. mostly just data bags)
- Abstract classes that implemented the interfaces
- Concrete classes that injected behavior via the abstract classes (constructors, Copy methods, converter functions, etc)
- Various data access (SQL server/WCF services) factories
During code reviews I kept saying this design was too complex and too brittle for the changes everyone knew were coming. The web team that would ultimately be using the framework had, at best, vague requirements. Because he had a masters degree, he knew best.
He was proud of nearly perfect academic design (almost 100% test code coverage, very nice class diagrams, lines and boxes, auto-generated documentation, etc), until the DBAs changed table relationships (1:1 turned into 1:M and M:M), field names, etc, and users changed business requirements (ex. concept of an invoice fee changed the total amount due calculation, which broke nearly everything).
That change caused a ripple affect that resulted in a major delay in the web site feature release.
By the time the developer fixed all the issues, the web team wrote their framework and hit the database directly (Dapper+simple DTOs) and his library was never used.1 -
As someone who didn´t work with dependency injection in almost all projects before:
I legitimately sat here for half an hour and asked myself how to fucking access a new database context...
Me:
You can´t just add that to the constructor.
Dependency Inection:
Yes you can!2 -
Someone blocked access to AWS RDS database and for the past few weeks I can't access the database from my machine when connected to our company network.
Created support ticket to internal IT team and someone closed the ticket. I re-opened the ticket and in the comment someone wrote "Their team doesn't handle AWS access".,
Wrote email to the director of infrastructure and that asshole replied to me asking some questions and after that his been ghosting me for past 2 weeks.
I'm tired and I don't have energy to do any more follow ups.3 -
Several years ago, I heard from a friend who was doing assignments for students on the side. Quite a hustle. His story began when he wanted to figure out why can't these students be able to draw their own database tables, relationships, UML, etc. That's what school has to be teaching them and then he was told that they were learning through MS Access. He goes and tell me that even though this is a lame way of teaching database design, its definitely easier to explain through hands-on and less typing mistakes, as according to the lecturer he met. Making the explanation more visually appealing and helpful for understanding.
OK I get it, but somehow that taught them the wrong way of database design from the beginning. I'd prefer getting them to start writing SQL commands from day 1 and play em at some DB VM. Keep em as real as it gets.
Now I have my own students asking for help in their assignment and also asked for tutoring lessons in web development. So I gave them the crash course in HTML, CSS and Javascript. I've asked them if they've used anything of what I taught them in school. They go and tell me that they've been taught web development through Wordpress. Oh WTF!? I havn't talked to their lecturer yet but it better be a really good explanation to teach these youngsters in a flawed and bloated PHP CMS framework for "web development".2 -
A couple of years ago I was working on a fairly large system with a complex (by necessity) access control architecture.
As is usually the case with those projects, it's awkward for developers to repro bugs that have to do with a user's accesses in production when we are not allowed to replicate production data in test, let alone locally.
We had a bug where I ended up making myself a new row in the production database for a thing I could have access to without affecting real data to repro it safely. I identified the bug so I could repro it in dev/test and removed the row and ensured everything worked normally, whew scary.
Have you ever walked into the office one day, and everyone is hunched over in a semicircle around one person's workstation, before one turns around to look at you and says - after a pause - "... ltlian?.."
Turns out I had basically "poisoned the well" with my dummy entity in a way where production now threw 500 for everyone BUT me who had transitive access to this post-non-entity. Due to the scope of the system, it had taken about a day for this to gradually propagate in terms of caching and eventual consistencies; new entities coming in was expected, but not that they disappear.
Luckily I had a decent track record for this to be a one-off. I sometimes think about how I would explain testing in prod and making it faceplant before going home for the day, other than "I assumed it would be fine". I would fire me.3 -
Hello devs, I need help from database devs.
The company where I'm interning is a non IT company, so they planned to migrate to a SQL Database from their older MS Access Database.
Since I'm the only IT intern, I'm up against the major devs and hot shots from where my company outsources IT solutions.
They suggested SQL Express.
I have a meeting tomorrow with them, please help me so that I can get better results for my company.
Basically I have to question them about how their decision works better for our firm and why didn't we go for MySQL Enterprise Edition or anything which is much better and cheaper and such critical questions.
Please help me.
The Database would be used to store information about the products manufactured and their parts' history so that in future if there's a problem with the product, it can be looked up in the database so that there can be further replacement or repair processes.10 -
I work in a large organization that previously didn't have it's own development team. Therefore various business areas have built their own solutions to solve problems which mostly involve Access and Excel.
Many of these applications still exist and we are expected to resolve any issues with them and update them when necessary performing this support role while still expected to meet our (very tight) development timelines.
I can't tell you how much of a pain in the tits it is to be trying to power through a priority development only to be interrupted with an urgent instruction to fix a 17 year old Access database that's running slow.
Of course it's pissing running slow, it's 17 years old, has nearly a million records and you have multiple users accessing it across the country!! I think it's time to peacefully let it die.6 -
I was Just college fresher who completed his Engineering. My first week in the office. And a system was provided to me, since it was support project so I was given direct access to production database.
Fresher + Production Database + Access of Admin credentials = Worst Possible Combination
So it was my night shift, I was told to update new tariff plan for our client (which was one of the largest telecom service in India) .
If someone recharges for more than 200 Rupee, that person will get 10% or 20% extra talk time. Which was only applicable for particular circle (Like Bihar and Rajasthan).
Since I was fresher, I was told to update given query from my senior employee which he shared on the shared folder. Production downtime was in the mid night, so at that time I updated that query on the production database.
Query successfully updated. I completed my night shift, went home and slept.
When I woke up, I saw my mobile it had 200+ missed calls from different locations of India. They were Circle heads of that telecom service provider who contacted me. I realized something unexpected is expecting me.
Then at that moment my team lead called me and he asked me to come office right away.
Reminding you I was a fresher, I was shivering. What have I done there?
When I reached office, I came to know that the query I updated on production bombarded.
Every person who recharged that day (duration from midnight to morning 10 AM) got 10 times or 20 times more talktime.
A part of Query was something like this where error was made:
TalkTime = RechargeAmount + RechargeAmount * 10/100; (Bihar)
or
TalkTime = RechargeAmount + RechargeAmount * 20/100; (Rajasthan)
But instead of this query, I updated below one:
TalkTime = RechargeAmount + RechargeAmount * 10;
or
TalkTime = RechargeAmount + RechargeAmount * 20;
In a span of 10 hours, that telecom service lost revenue of 6.5 crore Rupees. Thanks to recovery team they were able to recover 6 crore but still 50 lakh Rupees were in loss.
One small query, and approx 1 million dollar was on stake.
Aftermath of this incident
My Mistake:
I should have taken those queries on mail. Or, there should have been mail communication regarding this.
Never ever do anything over oral communication. Senior employee who did this denied and said he provided correct query, and I had no proof of communication.
I told them, it was me who executed that query on production. Since I was fresher, and took my responsibility of that incident. My team lead rescued me from that situation.
Lesson Learned:
Always test your query and code multiple times before you execute or Go live it on production.
Always have email communication for every action you take on production.
Power comes with responsibility. If you have admin credentials of production never use it for update/delete/drop until you are sure.
Don’t take your job lightly.
I was not fired from that Job, but I have learnt my lesson very well. -
I work as pharmacist, but code as hobby and recently change job. Have far more options to improve work enviroment, but IT guy sucks balls so much.
Better no password, because you have to remember them.
Some users don't have privilages to do some things, but everyone knows boss password with all privilages.
It guys connects via teamviewet whn I check prescriptions with quite vulnerable data and after my step in he responds that he creates this Pharmacy store and has deal with boss to access database and others.
Due lack of controls there is working against law all the time
Small city so everyone knows everyone and you have to be ultra polite to doctors and after my little unpleasent situation doctor starts to be mad at all employers.
It guy was asked to change disc space on OS drive, but he replies that it will takie at least 2 hours and he doesn't have time, but it takes me 15min top and he was mad at me.
Ffffff.... -
¡rant|rant
Nice to do some refactoring of the whole data access layer of our core logistics software, let me tell an story.
The project is around 80k lines of code, with a lot of integrations with an ERP system and an sql database.
The ERP system is old, shitty api for it also, only static methods through an wrapper to an c++ library
imagine an order table.
To access an order, you would first need to open the database by calling Api.Open(...file paths) (yes, it's an fucking flat file type database)
Now the database is open, now you would open the orders table with method Api.Table(int tableId) and in return you would get an integer value, the pointer.
Now for the actual order. first you need to search for it by setting the search parameter to the column ID of the order number while checking all calls for some BS error code
Api.SetInt(int pointer, int column, int query Value)
Then call the find method.
Api.Find(int pointer)
Then to top this shitcake of an api of: if it doesn't find your shit it will use the "close enough" method of search.
And now to read a singe string 😑
First you will look in the outdated and incorrect documentation given to you from the devil himself and look for the column ID to find the length of the column.
Then you create a string variable with ALL FUCKING SPACES.
Now you call the Api.GetStr(int pointer, int column, ref string emptyString, int length)
Now you have passed your poor string to the api's demon orgy by reference.
Then some more BS error code checking.
Now you have read an string value 😀
Now keep in mind to repeat these steps for all 300+ columns in the order table.
News from the creators: SQL server? yes, sql is good so everything will be better?
Now imagine the poor developers that got tasked to convert this shitcake to use a MS SQL server, that they did.
Now I can honestly say that I found the best SQL server benchmark tool. This sucker creams out just above ~105K sql statements per second on peak and ~15K per second for 1.5 second to read an order. 1.5 second to read less than 4 fucking kilobytes!
Right at that moment I released that our software would grind to an fucking halt before even thinking about starting it. And that me & myself and I would be tasked to fix it.
4 months later and two weeks until functional beta, here I am. We created our own api with the SQL server 😀
And the outcome of all this...
Fixes bugs older than a year, Forces rewriting part of code base. Forces removal of dirty fixes. allows proper unit and integration testing and even database testing with snapshot feature.
The whole ERP system could be replaced with ~10 lines of code (provided same relational structure) on the application while adding it to our own API library.
Best part is probably the performance improvements 😀. Up to 4500 times faster and 60 times less memory usage also with only managed memory.3 -
Been working on a new project for the last couple of weeks. New client with a big name, probably lots of money for the company I work for, plus a nice bonus for myself.
But our technical referent....... Goddammit. PhD in computer science, and he probably. approved our project outline. 3 days in development, the basic features of the applications are there for him to see (yay. Agile.), and guess what? We need to change the user roles hierarchy we had agreed on. Oh, and that shouldn't be treated as extra development, it's obviously a bug! Also, these features he never talked about and never have been in the project? That's also a bug! That thing I couldn't start working on before yesterday because I was still waiting the specs from him? It should've been ready a week ago, it's a bug that it's not there! Also, he notes how he could've developes it within 40 minutes and offered to sens us the code to implement directly in our application, or he may even do so himself.... Ah, I forgot to say, he has no idea on what language we are developing the app. He said he didn't care many times so far.
But the best part? Yesterday he signales an outstanding bug: some data has been changed without anyone interacting. It was a bug! And it was costing them moneeeeey (on a dev server)! Ok, let's dig in, it may really be a bug this time, I did update the code and... Wait, what? Someone actually did update a new file? ...Oh my Anubis. HE did replace the file a few minutes before and tried to make it look like a bug! ..May as well double check. So, 15 minutes later I answer to his e-mail, saying that 4 files have been compromised by a user account with admin privileges (not mentioning I knee it was him)... And 3 minutes later he answered me. It was a message full of anger, saying (oh Lord) it was a bug! If a user can upload a new file, it's the application's fault for not blocking him (except, users ARE supposed to upload files, and admins have been requestes to be able to circumvent any kind of restriction)! Then he added how lucky I was, becausw "the issue resolved itself and the data was back, and we shouldn't waste any more yime.on thos". Let's check the logs again.... It'a true! HE UPLOADED THE ORIGINAL FILES BACK! He... He has no idea that logs do exist? A fucking PhD in computer science? He still believes no one knows it was him....... But... Why did he do that? It couldn't have been a mistake. Was he trying to troll me? Or... Or is he really that dense?
I was laughing my ass of there. But there's more! He actually phones my boss (who knew what had happened) to insult me! And to threaten not dwell on that issue anymore because "it's making them lose money". We were both speechless....
There's no way he's a PhD. Yet it's a legit piece of paper the one he has. Funny thing is, he actually manages to launch a couple of sort-of-nationally-popular webservices, and takes every opportunity to remember us how he built them from scratch and so he know what he's saying... But digging through google, you can easily find how he actually outsurced the development to Chinese companies while he "watched over their work" until he bought the code
Wait... Big ego, a decent amount of money... I'm starting to guess how he got his PhD. I also get why he's a "freelance consultant" and none of the place he worked for ever hired him again (couldn't even cover his own tracks)....
But I can't get his definition of "bug".
If it doesn't work as intended, it's a bug (ok)
If something he never communicated is not implemented, it's a bug (what.)
If development has been slowed because he failed to provide specs, it's a bug (uh?)
If he changes his own mind and wants to change a process, it's a bug it doesn't already work that way (ffs.)
If he doesn't understand or like something, it's a bug (i hopw he dies by sonic diarrhoea)
I'm just glad my boss isn't falling for him... If anything, we have enough info to accuse him of sabotage and delaying my work....
Ah, right. He also didn't get how to publish our application we needes access to the server he wantes us to deploy it on. Also, he doesn't understand why we have acces to the app's database and admin users created on the webapp don't. These are bugs (seriously his own words). Outstanding ones.
Just..... Ffs.
Also, sorry for the typos.5 -
A programme I have to maintain (and not allowed to optimise or change):
1) read input from serial connection
2) store data in MySQL database
3) every day convert to CSV
4) store on Windows file share
5) process CSV in access 2000
6) store in MsSQL database
When it was first developed, I said to te developer to store it straight from serial to MsSQL but out boss wanted it to follow the above spec.
He has now left and I have to maintain it1 -
Haven't ranted for awhile but here it goes...
In a meeting with a front end user yesterday. They don't like the entry screens on our Oracle ERP system. They want us to provide them with a tool so they can create new entry screens to replace those they dont like. They want full autonomy over that tool and no interference from IT. Oh, and they want unfettered database access to the production data, including full ability to execute DML. I so wanted to say 'Are you high?'.1 -
//rant
So i ordered myself a web server and am trying to get access to phpmyadmin.
I got generated username and password for the phpmyadmin login.
So i created mysql databases and database users, outside the interface, but that's fucking it, i need to create tables as well, can't do that without the interface, cuz NO ACCESS!
Fucking piece of shit service provider, they had one thing to do and they can't even fucking do it right. How dare they call themselves web hosts at all...
It's probably a badly configured config file but i can't access the file myself to start sorting this shit out, so i got to wait at least 12 hours till work hours to be able to contact with them and sort this shit out.1 -
That moment you're trying to access your web portal in the QA environment and you realize your colleague is loading huge amounts of data into the QA database...
-
Learning AWS, and it took me 2 hours to figure out that I can't connect to my database because I forgot to press the button to allow public access
I partially blame amazon, because a button that important shouldn't be so small and hidden, but I'm still an idiot6 -
Bruteforce programming about which I've already ranted earlyer and also let's implement everything in our ms access database and regularly open the DB using the Windows task skeduler.2
-
Currently working on a web platform for a building management company for the last 6 months.
Setup web server, database and developed the whole using laravel and vue.
They are in the testing phase now, so I implemented IPSec so that they can only access it from their office.
Thing is, they don’t have a static IP, so when they had to switch over to a backup connection yesterday, I had to add their new IP in my whitelist.
Today I get and email from their manager, saying that after a discussion he had with his assistant, the web app is not in the “cloud”!!! He got that because I had to “do something” to restore access to it yesterday and because “there isn’t an icon you can double-click” on each employees’ desktop!!!
Don’t even know how to respond to that!!!5 -
whose idea was it to give the business major access to the database? we have one thousand tables that do the same thing or absolutely nothing, everything is badly named, and THE GRAMMAR5
-
Soo... Let me get this straight... My boss reeeeeeally wants me to reconfigure our database system to sync data between each of our 15 sites... Let me this about this...
Our database is an MS Access database originally written about 17 years ago. It was written as a standalone database that runs a unique instance for each of our sites.The person responsible for the database (still not the original developer) before I took over 6 years ago bragged about how they were "an 80s developer" (w...t...f!). Even with all of the fixes and additions (additions because... F&$#ing of course there are!) It's still basically held together by duct tape and spit.
Hmmm... Ok, still possible. What's the environment I'm working in... I have absolutely ZERO control of our workplace network... That's a whole other department. Due to the nature of the workplace (and it's sites) there is extreme limitation on network access.
Well... If I'm Reeeeeeally nice to the people in charge of the network, maaaaaybe they can give me access to a little server space.
A very long shot, but, doab.... Oh, the boss would really like this handled in the next couple months...
F$#k you! There is no way on God's (still) green earth that I... Alone... Can rewrite a legacy database... written across 4 or 5 different versions of FU$KING MS Access, and give 15 sites, with extremely limited networking, real time data sync in... Oh, a few months.
Now, I do not work with "computer people". I'm usually lucky when my coworkers remember their passwords (which, even if they don't, WHY tell ME! I don't run the network!)
And when I tell my boss basically what I just said... In a nice, pleasant way... They suggest I'm not giving the problem enough thought...
FU#K YOU IGNORANT ASS! Write me a ToDo list in MS Access (no, I'm not going to tell you where to start) in under an hour then, MAYBE, we can talk about... No... Just NO... Can't be done!
*Takes deep breath* so... Lovely weather we're having, right?3 -
So, when I was like 18 I made an app for a guy who stole a phone book database in paper and was paying people to pass it to access.
He asked me a program to make it easier to add data, he was paying people to do it one by one to an access db.
So I made that and a module to join all the dbs and check for existing ones (there was no way to join access db back then).
When he told me he didn't want it anymore...
So I deleted the sorce code and gave the binary to an uncle to use as a phone book for work.
Two weeks latter the guy called because he didn't know how to join the dbs. Well the source wasn't lost... I just deleted it and told him that if he had paid my software would take care of it... -
My client (not an engineer) has asked me access to production database and keeps asking an intern to directly query data from it instead of using the API.3
-
So I got a job and on the first day I was giving a task to fix a bug which they said it was urgent that the software is been used by the financial department, so if I don't get it fixed soonest they would be loosing money.
I completely don't know how the software works, so I thought they would give me some time to get familiar with the code base but fu*k I gat to fix this if not they would See me as a person who does not know his stuff.
Some minute later, the CTO messaged me asking me how I introduced the bug in the first place, I was like I have not even cloned the repo, I have not pushed any code lol. At that point I know I'm gonna be so f**ked in this job .
So after sometime I fixed it but I had to get permission from the lady that manages the database because I was not given access and I need to update a field name in a table for everything to work well. I asked the lady to help update the field since she is the only one that has access to it and its urgent and every body is waiting for me. She told me to wait for 1hr and remind her that she's busy right now, after some hrs I reminded her but she kept telling me she will update it later.
Nobody wants to hear that I was not the one delaying the fix, so since I can push some code to the report and it's get deployed, I wrote a script to update the field and I removed the code later. With that done the fix was live and everybody was happy!
The next day, the lady came to me and was like I tried to update the field when I went home but it has already been update but I don't know why. I told her I don't know too :p😃2 -
My journey into learning Docker, chapter {chapter++}:
Today I learned that when you use a database image in your docker-compose file, and you want to rebuild the whole thing for reasons (say, a big update), then if you change your credentials ("root" to "a_lambda_user" or change the db's password) for more security, and you rebuild and up the whole thing... It won't work. You'll get "access denied".
Because the database (at least mysql and mariadb) will persist somewhere, so you need to run "docker rm -v" even though you didn't use any volumes.
I love loosing my fucking time.4 -
Worst mistake I have made is accidentally wiping a database table by messing up a SQL script. This was caught after it had been deployed to around 30 customer sites, most of which had no technical staff on site, and we didn't have remote access to. I bought our support team cookies for fixing that one.1
-
It was the last year of high school.
We had to submit our final CS homework, so it gets reviewed by someone from the ministry of education and grade it. (think of it as GPA or whatever that is in your country).
Now being me, I really didn’t do much during the whole year, All I did was learning more about C#, more about SQL, and learn from the OGs like thenewboston, derek banas, and of course kudvenkat. (Plus more)
The homework was a C# webform website of whatever theme you like (mostly a web store) that uses MS Access as DB and a C# web service in SOAP. (Don’t ask.)
Part 1/2:
Months have passed, and only had 2 days left to deadline, with nothing on my hand but website sketches, sample projects for ideas, and table schematics.
I went ahead and started to work on it, for 48 hours STRAIGHT.
No breaks, barely ate, family visited and I barely noticed, I was just disconnected from reality.
48 hours passed and finished the project, I was quite satisfied with my it, I followed the right standards from encrypting passwords to verifying emails to implementing SQL queries without the risk of SQL injection, while everyone else followed foot as the teacher taught with plain text passwords and… do I need to continue? You know what I mean here.
Anyway, I went ahead and was like, Ok, lets do one last test run, And proceeded into deleting an Item from my webstore (it was something similar to shopify).
I refreshed. Nothing. Blank page. Just nothing. Nothing is working, at all.
Went ahead to debug almost everywhere, nothing, I’ve gone mad, like REALLY mad and almost lose it, then an hour later of failed debugging attempts I decided to rewrite the whole project from scratch from rebuilding the db, to rewriting the client/backend code and ui, and whatever works just go with it.
Then I noticed a loop block that was going infinite.
NEVER WAIT FOR A DATABASE TO HAVE MINIMUM NUMBER OF ROWS, ALWAYS ASSUME THAT IT HAS NO VALUES. (and if your CPU is 100%, its an infinite loop, a hard lesson learned)
The issue was that I requested 4 or more items from a table, and if it was less it would just loop.
So I went ahead, fixed that and went to sleep.
Part 2/2:
The day has come, the guy from the ministry came in and started reviewing each one of the students homeworks, and of course, some of the projects crashed last minute and straight up stopped working, it's like watching people burning alive.
My turn was up, he came and sat next to me and was like:
Him: Alright make me an account with an email of asd@123.com with a password 123456
Me: … that won't work, got a real email?
Him: What do you mean?
Me: I implemented an email verification system.
Him: … ok … just show me the website.
Me: Alright as you can see here first of all I used mailgun service on a .tk domain in order to send verification emails you know like every single website does, encrypted passwords etc… As you can see this website allows you to sign up as a customer or as a merc…
Him: Good job.
He stood up and moved on.
YOU MOTHERFUCKER.
I WENT THROUGH HELL IN THE PAST 48 HOURS.
AND YOU JUST SAT THERE FOR A MINUTE AND GAVE UP ON REVIEWING MY ENTIRE MASTERPIECE? GO SWIM IN A POOL FULL OF BURNING OIL YOU COUNTLESS PIECE OF SHIT
I got 100/100 in the end, and I kinda feel like shit for going thought all that trouble for just one minute of project review, but hey at least it helped me practice common standards.2 -
Is it fine that the company I am currently working on as an intern is making us finish the backend for the mobile apps without any documentation? We only have screens for the mobile apps and access to the database. 😢7
-
Recently my company has bought a patented product from the IIT, Kharagpur, India (those who are not from India just Google this name. It's one of the most esteemed engineering colleges in India). I can not provide the details of the product, but let's talk about the technology stack they used.
The software module of this product was built using VB 6 (yes, you read that right) and MATLAB 6.0 (released in 2000), and used MS Access for database. Remember, the product was built in 2015 and patented in 2016 or 17. The people who built the software were mostly final year B.Tech CS (equivalent to B.S.) students and one IIT professor.
This shows what we need to change in the CS education. Do I need to say more?1 -
We use at our company one of the largest Python ORM and dont code ourselfs on it, event tough I can code. Its some special contract which our General Manager made, before we as Devs where in the Project and everything is provided from the external Company as Service. The Servers are in our own Datacenter, but we dont have access.
We have our Consultants (Project Manager) as payd hires and they got their own Devs.
Im in lead of Code Reviews and Interfaces. Also Im in the "Run" Team, which observes, debuggs and keeps the System alive as 3rd-Level (Application Managers).
What Im trying to achieve is going away from legacy .csv/sftp connections to RestAPI and on large Datasets GraphQL. Before I was on the Project, they build really crappy Interfaces.
Before I joined the Project in my Company, I was a Dev for a couple of Finance Applications and Webservices, where I also did coding on Business critical Applications with high demand Scaling.
So forth, I was moved by my Boss over to the Project because it wasn't doing so well and they needed our own Devs on it.
Alot of Issues/Mistakes I identified in the Software:
- Lots of Code Bugs
- Missing Process Logic
- No Lifecycle
- Very fast growing Database
- A lot of Bad Practices
Since my switch I fixed alot of bugs, was the man of the hour for fixing major Incidents and so on so forth. A lot of improvements have been made. Also the Team Spirit of 15+ People inside the Project became better, because they could consult me for solutions/problems.
But damn I hate our Consultants. We pay them and I need to sketch the concepts, they are to dumb for it. They dont understand Rest or APIs in general, I need to teach them alot about Best Practices and how to Code an API. Then they question everything and bring out a crooked flawed prototype back to me.
WE F* PAY THEM FOR BULLCRAP! THEY DONT EVEN WRITE DOCUMENTATION, THEY ARE SO LAZY!
I even had a Meeting with the main Consultant about Performance Problems and how we should approach it from a technical side and Process side. The Software is Core Business relevant and its running over 3 Years. He just argumented around the Problem and didnt provide solutions.
I confronted our General Manager a couple of times with this, but since 3 Years its going on and on.
Im happy with my Team and Boss, they have my back and I love my Job, but dealing with these Nutjobs of Consultants is draining my nerves/energy.
Im really am at my wits end how to deal with this anymore? Been pulling trough since 1 year. I wanna stay at my company because everything else besides the Nutjob Consultants is great.
I told my Boss about it a couple of times and she agrees with me, but the General Manager doesnt let go of these Consultants.
Even when they fuck up hard and crash production, they fucking Bill us... It's their fault :(3 -
PROBLEM:
We need to log out phone calls in and outlet of the company
How we wanted to do it:
Use node.js to read the serial port from the phone system then store the data into the MsSQL database
Eventual solution:
1) Read serial port
2) store in local MySQL database
3) every 3 minutes create a CSV file containing the last 3 minutes of calls and store on a Windows shared directory
4) have a access 2000 programme collect these files every 30 minutes
5) insert into MsSQL database1 -
The dangers of PHP eval()
Yup. "Scary, you better make use of include instead" — I read all the time everywhere. I want to hear good case scenarios and feel safe with it.
I use the eval() method as a good resource to build custom website modules written in PHP which are stored and retrieved back from a database. I ENSURED IS SAFE AND CAN ONLY BE ALTERED THROUGH PRIVILEGED USERS. THERE. I SAID IT. You could as well develop a malicious module and share it to be used on the same application, but this application is just for my use at the moment so I don't wanna worry more or I'll become bald.
I had to take out my fear and confront it in front of you guys. If i had to count every single time somebody mentions on Stack Overflow or the comments over PHP documentation about the dangers of using eval I'd quit already.
Tell me if I'm wrong: in a safe environment and trustworthy piece of code is it OK to execute eval('?>'.$pieceOfCode); ... Right?
The reason I store code on the database is because I create/edit modules on the web editor itself.
I use my own coded layers to authenticate a privileged user: A single way to grant access to admin functions through a unique authentication tunnel granting so privileged user to access the editor or send API requests, custom htaccess rules to protect all filesystem behind the domain root path, a custom URI controller + SSL. All this should do the trick to safely use the damn eval(), is that right?!
Unless malicious code is found on the code stored prior to its evaluation.
But FFS, in such scenario, why not better fuck up the framework filesystem instead? Is one password closer than the database.
I will need therapy after this. I swear.
If 'eval is evil' (as it appears in the suggested tags for this post) how can we ensure that third party code is ever trustworthy without even looking at it? This happens already with chrome extensions, or even phone apps a long time after reaching to millions of devices.11 -
Reporting server connection to database is down, probably due to a user access restriction.
reported the issue to the India sql datacenter and got back: Yes, We see that the connection is down. ( I sent them screenshot of it including the error message ) There is no such database available.
Me: Yes, well I'm in the db working right ( send screenshot) now.
India: ..... disappear offline.1 -
When the CTO/CEO of your "startup" is always AFK and it takes weeks to get anything approved by them (or even secure a meeting with them) and they have almost-exclusive access to production and the admin account for all third party services.
Want to create a new messaging channel? Too bad! What about a new repository for that cool idea you had, or that new microservice you're expected to build. Expect to be blocked for at least a week.
When they also hold themselves solely responsible for security and operations, they've built their own proprietary framework that handles all the authentication, database models and microservice communications.
Speaking of which, there's more than six microservices per developer!
Oh there's a bug or limitation in the framework? Too bad. It's a black box that nobody else in the company can touch. Good luck with the two week lead time on getting anything changed there. Oh and there's no dedicated issue tracker. Have you heard of email?
When the systems and processes in place were designed for "consistency" and "scalability" in mind you can be certain that everything is consistently broken at scale. Each microservice offers:
1. Anemic & non-idempotent CRUD APIs (Can't believe it's not a Database Table™) because the consumer should do all the work.
2. Race Conditions, because transactions are "not portable" (but not to worry, all the code is written as if it were running single threaded on a single machine).
3. Fault Intolerance, just a single failure in a chain of layered microservice calls will leave the requested operation in a partially applied and corrupted state. Ger ready for manual intervention.
4. Completely Redundant Documentation, our web documentation is automatically generated and is always of the form //[FieldName] of the [ObjectName].
5. Happy Path Support, only the intended use cases and fields work, we added a bunch of others because YouAreGoingToNeedIt™ but it won't work when you do need it. The only record of this happy path is the code itself.
Consider this, you're been building a new microservice, you've carefully followed all the unwritten highly specific technical implementation standards enforced by the CTO/CEO (that your aware of). You've decided to write some unit tests, well um.. didn't you know? There's nothing scalable and consistent about running the system locally! That's not built-in to the framework. So just use curl to test your service whilst it is deployed or connected to the development environment. Then you can open a PR and once it has been approved it will be included in the next full deployment (at least a week later).
Most new 'services' feel like the are about one to five days of writing straightforward code followed by weeks to months of integration hell, testing and blocked dependencies.
When confronted/advised about these issues the response from the CTO/CEO
varies:
(A) "yes but it's an edge case, the cloud is highly available and reliable, our software doesn't crash frequently".
(B) "yes, that's why I'm thinking about adding [idempotency] to the framework to address that when I'm not so busy" two weeks go by...
(C) "yes, but we are still doing better than all of our competitors".
(D) "oh, but you can just [highly specific sequence of undocumented steps, that probably won't work when you try it].
(E) "yes, let's setup a meeting to go through this in more detail" *doesn't show up to the meeting*.
(F) "oh, but our customers are really happy with our level of [Documentation]".
Sometimes it can feel like a bit of a cult, as all of the project managers (and some of the developers) see the CTO/CEO as a sort of 'programming god' because they are never blocked on anything they work on, they're able to bypass all the limitations and obstacles they've placed in front of the 'ordinary' developers.
There's been several instances where the CTO/CEO will suddenly make widespread changes to the codebase (to enforce some 'standard') without having to go through the same review process as everybody else, these changes will usually break something like the automatic build process or something in the dev environment and its up to the developers to pick up the pieces. I think developers find it intimidating to identify issues in the CTO/CEO's code because it's implicitly defined due to their status as the "gold standard".
It's certainly frustrating but I hope this story serves as a bit of a foil to those who wish they had a more technical CTO/CEO in their organisation. Does anybody else have a similar experience or is this situation an absolute one of a kind?2 -
Arrg, need to also make a database for an application, because client doesn't want to give access to their own db. fookin Brian3
-
So our project decided to create a newsletter. For some reason, I was tasked with writing it, includig layout, recepient database etc.
It is the first newsletter, it is urgent and it is supposed to be send to all the people who so far participated. Means: there was never a "sign up here for a newsletter" thingy on the website. Hence, there is also no "unsubscribe" button.
One could kind of "hotfix" this by making a field, like "enter your email adress here to unsubscribe" and then I get a notification and remove the people from the list. Fine by me. Not so many ppl atm so we got time to set it up properly then.
My boss decides it is my job now to implement the stupid unsubscribe button... I am not the website admin. I have nothing to do with the goddamn website. We have ppl in another city, being paid to manage the goddamn website and it would take them just a few minutes to set the stupid button up, since they know what they are doing and I am not.
I told them from the start: I don't do websites. I have nothing to do with them, I don't want to have anything to do with them. We have people for this.
Why the F is it my job now to implement that stupid button?!
And even when I tried to look into how the other formulas which do similar things are set up: oh you don't have permissions to access that. Lovely!
FAK this shiet <.< It is not my fking job.5 -
I came across this german platform that provides rest api level access to database without the need of a backend. I’m a frontend developer and the possibilities like a wet dream. Saying bye-bye to Firestore.6
-
DEAR NON TECHNICAL 'IT' PERSON, JUST CONSUME THE FUCKING DATA!!!!
Continuation of this:
https://devrant.com/rants/3319553/...
So essentially my theory was correct that their concern about data not being up to date is almost certianly ... the spreadsheet is old, not the data.... but I'm up against this wall of a god damn "IT PERSON" who has no technical or logic skills, but for some reason this person doesn't think "man I'm confused, I should talk to my other IT people" rather they just eat my time with vague and weird requests that they express with NO PRECISION WHATSOEVER and arbitrary hold ups and etc.
Like it's pretty damn obvious your spreadsheet was likely created before you got the latest update, it's not a mystery how this might happen. But god damn I tell them to tell me or go find out when the spreadsheet was generated and nothing happens.
Meanwhile their other IT people 'cleaned the database' and now a bunch of records are missing and they want me to just rando update a list of records. Like wtf is 'clean the database' all about!?!?!?
I'm all "hey how about I send you all records between these dates and now we're sure you've got all the records you need up to date and I'll send you my usual updates a couple times a day using the usual parameters".
But this customer is all "oh man that's a lot of records", what even is that?
It's like maybe 10k fucking records at most. Are you loading this in MS Access or something (I really don't know MS Access limits, just picking an old weird system) and it's choking??!?! Just fucking take the data and stick it in the damn database, how much trouble can it be?!!?!?
Side theory: I kinda wonder if after they put it in the DB every time someone wants the data they have some API on their end that is just "HERE"S ALL THE FUCKING DATA" and their client application chokes and that's why there's a concern about database size with these guys.
I also wonder if their whole 'it's out of date' shit is actually them not updating records properly and they're sort of grooming the DB size to manage all these bad choices....
Having said all that, it makes a lot more sense to me how we get our customers. Like we do a lot of customer sends us their data and we feed it back to them after doing surprisingly basic stuff ever to it... like guies your own tools do th---- wait never mind....1 -
APIs, APIs, APIs... I feel like building an API for everything which goes over the wire is a must-have today! Yes it makes sense for decoupling purpose, access control etc (all the things we learned from OOP design principle books when we were in school) but come on, REST API for internal database access when there is something like SQL over JDBC/ODBC/WhateverBC ?? So I have to study the REST API documentation for applying simple where-statements but in API manner...4
-
Colleague: I'll write a stored procedure that does fully qualified database table path names to access data from the other databases and then do business logic with all of it in the same proc.
Me: That will be 600 lashings.4 -
> Client: Could you check for me where did they[code authors] put logic for this and that
> Sure!
> okey, api endpoint here, hmm
> oh sure here is the database access
> where tf is some logic....
> fml, am I blind, lets check frontend
> FUCK
> it's there
> it's on frontend
> and backend just puts it into database, no checks
> FU0!@#% )(#*%)H )F+#+!!@!
> *to client* We need to talk about future of this project. -
I know this is utopic, but I've been thinking for a while now about starting an open source platform for figuring out the problems of our society and finding real world, applicable, open source solutions for them.
To give you some more details, the platform should have two interfaces:
- one for people involved in researching, compiling issues into smaller, concrete chunks that can be tackled in the real world, discuss and try to find workable solutions for the issues and so on
- one for the general public to search through the database of issues, become aware of the problems and follow progress on the issues that people started working on
Of course, anyone can join the platform, both as an observer (and have the ability to follow issues they find interesting) and/or contributor (and actually work with the community to make the world a better place in any way they can).
Each area of expertise would have some people that will manage the smaller communities that would build around issues, much like people already do in the open source community, managing teams to focus on the important thins for each issue. (I haven't found a solution for big egos getting in the way yet, but it would be nice if the people involved would focus on fixing stuff in stead of debating about tabs vs spaces, if you know what I mean).
The goal of this project would be to bring together as many people from all kind of fields to actually try to fix this broken society.
It would be even better if it attracted people with money and access to resources (one example off the top of my head being people like Elon Musk) that could help implement the solutions proposed by the community without expecting to gain profit off of it (profit is also acceptable if it is made in a considerate, fair and helpful way, but would not be promoted on the platform).
The whole thing would be voluntary work; no salary, no other commitment than the personal pledge that once someone chooses to tackle something, he/she will also see it trough (or at least do his/her best).
The platform would be something like a mix of real time communication, issue tracker, project management tool and publishing platform.
I don't yet have all the details for how it should all fit together, but if there is something that I would like to start, this is definitely it!
PS: I don't think I can ever do something like this by myself, and I don't really have the time to manage a community of developers to start work on it right now. But if you guys think something like this is something worth your time, I will make time and at least start on defining the architecture and try to turn this into a real project.
If enough people are interested, I will drop any other side projects and do my best to get this into the world!
Thank you for reading :)6 -
Amateurs that think access is a proper enterprise database and everything should be done as a macro.2
-
The conversations that come across my DevOps desk on a monthly basis.... These have come into my care via Slack, Email, Jira Tickets, PagerDuty alerts, text messages, GitHub PR Reviews, and phone calls. I spend most of my day just trying to log the work I'm being asked to do.
From Random People:
* Employee <A> and Contractor <B> are starting today. Please provision all 19 of their required accounts.
* Oh, they actually started yesterday, please hurry on this request.
From Engineers:
* The database is failing. Why?
* The read-only replica isn't accepting writes. Can you fix this?
* We have this new project we're starting and we need you to set up continuous integration, deployment, write our unit tests, define an integration test strategy, tell us how to mock every call to everything. We'll need several thousand dollars in AWS resources that we've barely defined. Can you define what AWS resources we need?
* We didn't like your definition of AWS resources, so we came up with our own. We're also going to need you to rearchitect the networking to support our single typescript API.
* The VPN is down and nobody can do any work because you locked us all out of connecting directly over SSH from home. Please unblock my home IP.
* Oh, looks like my VPN password expired. How do I reset my VPN password?
* My GitHub account doesn't have access to this repo. Please make my PR for me.
* Can you tell me how to run this app's test suite?
* CI system failed a build. Why?
* App doesn't send logs to the logging platform. Please tell me why.
* How do I add logging statements to my app?
* Why would I need a logging library, can't you just understand why my app doesn't need to waste my time with logs?
From Various 3rd party vendors:
* <X> application changed their license terms. How much do you really want to pay us now?
From Management:
* <X> left the company, and he was working on these tasks that seem closely related to your work. Here are the 3 GitHub Repos you now own.
* Why is our AWS bill so high? I need you to lower our bill by tomorrow. Preferably by 10k-20k monthly. Thanks.
* Please send this month's plan for DevOps work.
* Please don't do anything on your plan.
* Here's your actual new plan for the month.
* Please also do these 10 interruptions-which-became-epic-projects
From AWS:
* Dear AWS Admin, 17 instances need to be rebooted. Please do so by tomorrow.
* Dear AWS Admin, 3 user accounts saw suspicious activity. Please confirm these were actually you.
* Dear AWS Admin, you need to relaunch every one of your instances into a new VPC within the next year.
* Dear AWS Admin, Your app was suspiciously accessing XYZ, which is a violation of our terms of service. You have 24 hours to address this before we delete your AWS account.
Finally, From Management:
* Please provide management with updates, nobody knows what you do.
From me:
Please pay me more. Please give me a team to assist so I'm not a team of one. Also, my wife is asking me to look for a new job, and she's not wrong. Just saying.3 -
When I first started down the path to becoming a developer, I was a "business analyst" where I managed our departments reports and ended up migrating all the reports from daily query run in MS Access with Task manager and emailed out to all the managers including the VP of the entire business unit, I created
Views in the database and sent out the same spreadsheet with the view in excel daily since management didn't want "change". Granted this was at a large health care company in the US and didn't want to invest in a real dashboard for their reports. The only thing that was changed in the email and file was the file name with the current date. I left the company a while ago and recently applied for a similar position for the shits and gigs. Interviewed with the It manager and they're still using the same excel macro I wrote 3 years later.2 -
When your IT VP starts speaking blasphemy:
"Team,
We all know what’s going on with the API. Next week we may see 6x order volumes.
We need to do everything possible to minimize the load on our prod database server.
Here are some guidelines we’re implementing immediately:
· I’m revoking most direct production SQL access. (even read only). You should be running analysis queries and data pulls out of the replication server anyway.
· No User Management activities are allowed between 9AM and 9PM EST. If you’re going to run a large amount of updates, please coordinate with a DBA to have someone monitoring.
· No checklist setup/maintenance activities are allowed at all. If this causes business impact please let me know.
· If you see are doing anything in [App Name] that’s running long, kill it and get a DBA involved.
Please keep the communication level high and stay vigilant in protecting our prod environment!"
RIP most of what I do at work.3 -
It’s fascinating how IT and database admins want us to drop tables that we don’t use anymore... with read-only access!1
-
"You need me to fix a report? Ok... Since I don't have access to that server, email me the report."
"Umm, it doesn't have connection info. Can you send me the username/pass for the DB?"
"Ok, so the DB isn't set to work normally on this report and has to be a UDL file... Can you send me that file?"
"All done, here you go!"
"WTF do you mean you're getting a database connection error and you're looking to me to fix it? You seriously don't remember that it's all shit you gave me?" -
i have to edit a few html templates in our database, obviously automatically generated by a visual editor, full of nonsense in it, no line breaks, and i don't have access to a good html editor. fuck me6
-
Sometimes in our personal projects we write crazy commit messages. I'll post mine because its a weekend and I hope someone has a well deserved start. Feel free to post yours, regex out your username, time and hash and paste chronologically. ISSA THREAD MY DUDES AND DUDETTES
--
Initialization of NDM in Kotlin
Small changes, wiping drive
Small changes, wiping drive
Lottie, Backdrop contrast and logging in implementation
Added Lotties, added Link variable to Database Manifest
Fixed menu engine, added Smart adapter, indexing, Extra menus on home and Calendar
b4 work
Added branch and few changes
really before work
Merge remote-tracking branch 'origin/master'
really before work 4 sho
Refined Search response
Added Swipe to menus and nested tabs
Added custom tab library
tabs and shh
MORE TIME WASTED ON just 3 files
api and rx
New models new handlers, new static leaky objects xd, a few icons
minor changes
minor changesqwqaweqweweqwe
db db dbbb
Added Reading display and delete function
tryin to add web socket...fail
tryin to add web socket...success
New robust content handler, linked to a web socket. :) happy data-ring lol
A lot of changes, no time to explain
minor fixes ehehhe
Added args and content builder to content id
Converted some fragments into NDMListFragments
dsa
MAjor BiG ChANgEs added Listable interface added refresh and online cache added many stuff
MAjor mAjOr BiG ChANgEs added multiClick block added in-fragment Menu (and handling) added in-fragment list irem click handling
Unformatted some code, added midi handler, new menus, added manifest
Update and Insert (upsert) extension to Listable ArrayList
Test for hymnbook offline changing
Changed menuId from int to key string :) added refresh ...global... :(
Added Scale Gesture Listener
Changed Font and size of titlebar, text selection arg. NEW NEW Readings layout.
minor fix on duplicate readings
added isUserDatabase attribute to hymn database file added markwon to stanza views
Home changes :)
Modular hymn Editing
Home changes :) part 2
Home changes :) part 3
Unified Stanza view
Perfected stanza sharing
Added Summernote!!
minor changes
Another change but from source tree :)))
Added Span Saving
Added Working Quick Access
Added a caption system, well text captions only
Added Stanza view modes...quite stable though
From work changes
JUST a [ush
Touch horizontal needs fix
Return api heruko
Added bible index
Added new settings file
Added settings and new icons
Minor changes to settings
Restored ping
Toggles and Pickers in settings
Added Section Title
Added Publishing Access Panel
Added Some new color changes on restart. When am I going to be tired of adding files :)
Before the confession
Theme Adaptation to views
Before Realm DB
Theme Activity :)
Changes to theme Activity
Changes to theme Activity part 2 mini
Some laptop changes, so you wont know what changed :)
Images...
Rush ourd
Added palette from images
Added lastModified filter
Problem with cache response
works work
Some Improvements, changed calendar recycle view
Tonic Sol-fa Screen Added
Merge Pull
Yes colors
Before leasing out to testers
Working but unformated table
Added Seperators but we have a glithchchchc
Tonic sol-fa nice, dots left, and some extras :)))
Just a nice commit on a good friday.
Just a quickie
I dont know what im committing...3 -
That moment you setup 17 domains on sparkpost as a email delivery system
make your account secure with 2 factor authentication like a good infoSec enthusiast
Go on with your life
Having a Phone crash but nothing to worry because you made them backupz
Restore backupz
once again go on with your happy life.
Having to setup a different bounce action on sparkpost
logging in to sparkpost to make the adjustments
opening google authenticator
realising the backup you restored was before you added the sparkpost entry
mailing sparkpost asking to deactivate 2factor authentication
Having them tell me that they have no access to Google authenticator so they can't help me and all they can do for me is delete my account if i answer their 7569357 questions that i entered a year ago ..
--
You have access to your database yes ? You can delete my account but you can't adjust a fcking Boolean column from true to false? #@?#&!
Why even offer a feature where you have apparently no control over. Stuff like this happens all the time and almost no one saves that fcking authenticator secret.
Make people use authenticators to keep the hackers out, forces them out instead.4 -
Sigh Im getting depressed from going to work whilst a few weeks ago it gave me a bunch of happines.
I think its due that management is approaching a triple deadline (?!?!?!) project in an agile/scrum way (?!?!??!)..
We can not change our data model completely when we have to be in acceptance in 3 weeks and do a demo in a few days..
Yes we can work around that but fuck database design theory and lets ignore all primary keys and foreign keys, great idea
We have to create and prioritise user stories on our own? We have two product owners and a scrum master.
Scrum master offers to deal with organising and creating tickets to organise Infrastructure without having a laptop of the client, so no Service Now access or any other system..
Guess who has to do it in the end..
Many question marks about this project -
I remember back when I was in pre calculus I decided to take a class online. So my teacher's website was made by him and run on go Daddy, he taught precalculus, calculus, algebra, algebra ii, and computer science. I decided to penetration test his website and use a web crawler. His directory that had the tests, test answers, exams, exam answers, and homework answer's as well as all the books he's written in PDFs, was unprotected, I could access and download them all. He also had a database directory that contained all the students' phone numbers, email addresses, home addresses, and their full names.
I alerted him to this and didn't get anything in turn :P2 -
After my first ever "thing" I wrote (see story here: https://devrant.com/rants/2132057/...) fast forward 7 years to my first project when I /* thought I */ knew what I was doing and didn't write just for myself.
Preset:
I worked in a very small company distributing various materials for medical research, many of them bought from manufacturers and then relabelled as if we had produced it. One part of that was to indicate a production batch / lot number. Before I started there, they would just invent a random number on the spot and use that on the new label and somewhere write it down to document that, I at least used an Excel sheet to have numbers prepared and document it on the same line (still crappy but more than nothing). After some time my boss got the idea to have all of that documented in MS Access (because that was the only database he knew). I had just started with HTML, PHP and MySQL in apprentice school around the same time, so I proposed writing an appropriate solution using those and got permission.
-----
I started coding and learnt so much that I didn't need to pay attention at school anymore as I was years ahead of the curriculum (the others were struggling with If-statements and the likes).
When I was done with Version 1.0 of my web application, it was of course still crude as hell. I used html forms to save input (like editor.php -> submit to save.php, do save -> redirect to editor.php), but it did what had not been done before: keeping it all together and force people to do it properly. 2 years later I wrote a version 2, adding features that showed to be useful and with improved structure, as my last project before leaving, and as far as I know, they are still using it, which is at this point 2 years after I've left.
Looking back I would do it differently, but for what I knew back then it was not bad at all.2 -
Been working on this project for the last 9 months, it's 1000 times bigger than the original spec, but the worst part of the whole experience is the god damn Microsoft Access database and migrating data from it.
Wanky encoding, references that aren't actually linked up, ID's that aren't unique, meaningless columns and table names.
Pushed me to the edge. -
IT teachers here at my school giving us 20 different and completely unsuitable for Access databases businesses, as subjects for indeed Access databases. And then be like "Create documentations for that"
And they actually mean by that is
So I clicked here then there and then I selected and pressed the C symbol key while holding the Control key on the keyboard input device connected on my computer, which happens to be plugged into the wall outlet..
As a full-stack developer this is just so cringy I'm speechless.. -
After 4 1/2 hours of testing I have redeployed my postgresql database from Windows to Debian Server. I can now access my database and deploy webapps from any computer, anywhere, anytime.
It's 2:30 AM in the morning. I am exhausted but fulfilled.1 -
After brute forced access to her hardware I spotted huge memory leak spreading on my key logger I just installed. She couldn’t resist right after my data reached her database so I inserted it once more to duplicate her primary key, she instantly locked my transaction and screamed so loud that all neighborhood was broadcasted with a message that exception is being raised. Right after she grabbed back of my stick just to push my exploit harder to it’s limits and make sure all stack trace is being logged into her security kernel log.
Fortunately my spyware was obfuscated and my metadata was hidden so despite she wanted to copy my code into her newly established kernel and clone it into new deadly weapon all my data went into temporary file I could flush right after my stick was unloaded.
Right after deeply scanning her localhost I removed my stick from her desktop and left the building, she was left alone again, loudly complaining about her security hole being exploited.
My work was done and I was preparing to break into another corporate security system.
- penetration tester diaries2 -
This is more of an essay than a rant. TLDR at the end. I simply can't choose from all the shitty lecturers I've had, so I'm going to have to go through them one by one. But of background. I'm currently in 7th year of college, I did a multimedia degree in 2 years, a intro course to Software Dev and I'm currently in my final year of my Software Dev degree. So let's start.
Intro Software Course
- we had a database module, which was thought by, I shit you not, the head of the psychology course in the college, she attempted to teach us Databases using access. And not even using SQL, using access GUI components and it's query builder. Need I say more?
1st year software dev
- We had a networking module, the guy that taught the labs, he literally didn't say more than 12 words the entire 12 week semester, his answer to any question you asked him was a grunt and "research it"
- We had a psychology module, I have no fucking idea why, but instead of learning something useful we were told to read this and get in touch with your feelings...
- database module. Yes we actually did SQL here, 12 weeks of select statements and normal form, talked about by a guy in a monotone voice, who sounded like he was contemplating bringing in an assault riffle some day. Also instead of using MySQL he decided to use Ingres. Why I will never know.
2nd Year Software Dev
- We had a module called Algorithms and Data Structures. The lecturer gave us problems she couldn't solve. Simple problems. She was also crazy. Absolutely nuts.
- Object Orientated Programming. I had this lecturer for 3 semesters up until 3rd year. This guy did COBOLT in college, graduated in the 70s or something and went straight into teaching, he taught us Java for nearly 2 years. He literally copied and pasted texts from PDFs and read through them in class. He told myself and another guy at one stage he really didn't care, and was just counting down the days to his retirement.
- Databases again, different lecturer from 1st year, taught us for 2 semesters (24 weeks) and somehow managed to teach us nothing.
3rd Year Software Dev
- software engineering.. This is where the biggest cunt I've ever met was introduced. He arrives into class 15 minutes late every time without fail, talks shit about stuff that has no relevancy to the topic at all, tries to turn everything into a rugby metaphor and every time you ask a question he somehow dodges it and swiftly changes topic. This cunts past profession? A Project Manager. Fucking typical. This dickhead has also thought me 2 other modules.
4th yr Software Dev
- El cunto mentioned above for 2 more modules. Need I say more.
- real time systems, this module took the piss, the module was written by the lecturer which is what earns his space here. Assignments given to us, which required more time to do than we had in labs so we had to work at home, the problem we that is we were using an obscure RTOS called OS9 which would only work on the college computers. When brought to the lecturers attention he just said "figure it out"
Internet of Things - There was 2 lecturers, each lecturer seemingly working off a different plan, one week you'd have one lecturer, the next would be the other one going on about something completely different and unrelated to anything else we'd done.
Some lecturers didn't even make this list as I couldn't be bothered trying to think back about how shit other ones were. These were the ones that always stood out in my mind.
My main take away point from this is that you go to college for the paper which says you have a degree. Learning things that are going to benefit you in a career is up to yourself.
TLDR; 90% of my college lectures were shit. You need to learn useful stuff yourself.1 -
Was motivated to do a project with ReactNative for Android but already stuck.
I need to read a SQLite DB file from /data/data/some.other.app/database/DB.db
Yes I am rooted.
1. How does I request root from the App (Android Pie)
2. What SQLite npm package can load from an absolute path. I found a few libs but they don't seem to be full access, just for dbs in the app's own data folder.8 -
It's 2016 and Android still doesn't support ODBC (let alone OLEDB). Every time somebody asks how to connect their app to a database directly, the groupthink brigade goes "dur hur, use JSON/SOAP/XML services cuz raisins!1one*." That wasn't the fucking question. I don't want your framework-cobbling make-work dependencies. Even the cretins at Xamarin, trying desperately to hook Windows C# programmers, only have SQL Server support because Microsoft fucking did it for them. WTF have Android developers done over 7 OS versions if basic features like database access are still fucking missing? No wonder the App Stores are full of Mickey Mouse garbage.
*raisins!1one = "I don't know how to secure a database so I'll just yell 'security!1one' so people think I r smrt"5 -
I have a question, let's say I have a website and app both using oAuth facebook login. Should I save the access token provided by facebook in my database and if I should, what will happen to the access token when user logins with facebook on website and then login again with the app? is that mean access token is going to be overwritten by new login? and do you have any other suggestions for 0auth integration?3
-
Ms access, or rather the systems developed using this tech.
Unfortunately I worked with it a lot in the past fixing applications made by non-developers. Usually someone who went on a ms office training course then when they leave the company the database breaks and no one has a clue how to fix it. -
Have you ever worked for an organization that is not specialized in software development because that is not their main line of business, however, their products are software applications?
If you are, then hi you and me are in the same boat. Currently I have a nice manager and I'm acting as dev lead the strange thing I have a peer that is supposed to be lead as well but I cannot define his position....
In theory he should be scrum master / resource manager which fails at both terribly.
I ended up implementing Agile in the team and deciding what goes and not into the sprint based on quality while this guy just try to squeeze stuff into the sprint, the more the better even with all kinds or problems...
Honestly I'm not sure why he is still in the team since it seems like he only drains the budget, doesn't understand a thing about the products he is working on and every single idea he has is horrible.
Every meeting I have with him I always ended up asking myself "How can somebody be that stupid?" The lack of technical knowledge and even common sense is over 9000 in this one...
It might sound bitter from my end but after two years of dealing with this stupidness of getting people in software development that have no idea what software development is and understand the intricacies of it just because they did an access database or are good at excel is nonsense.
I'm at the verge of quitting and the only thing that is keeping me here is my manager and the fact that the products I am working with are pretty interesting.
Sorry for the long rant but I had to get it out of my chest before it explodes and I directly call out this person.
Not looking for suggestions but if anybody want to chime in go ahead.1 -
Developers don’t have access to the test database so I had to put in a request for a dba to add two columns and it took over two hours for them to complete it.5
-
Had to call an API with SOAP, convert an Access Database to MySQL, Coded some classic ASP and used Campaign Monitor for the first time in god knows when. That's a royal flush of retro right there!
-
So I have a question to anyone familiar with the General Transit Feed Specification...
Why is the data provided in text files? Is there not a way to format the data to allow for random access to it?
Like I'm currently writing a transit app for a school project, and as far as I can tell, the only way to get all specific stops for a route, is to first look up all trips in a route, then look up all the stopids that are associated with a trip in stoptimes.txt (while also filtering out duplicates since the goal is to get stop ids, not specifically stop times) and then look up those stop ids in the stops.txt file.
The stoptimes file alone is over 500000 lines long, unless there is a way better way to be parsing the data that I'm not aware of? Currently I'm just loading the entire stoptimes file into a data structure in memory because the extra bit of ram used seems negligible compared to the load times I'm saving...
Would it be faster if I just parsed all the data once and threw it into a database? (And then updated the database once a month when the new data comes in?)3 -
After a massive refactoring of the DAO test aren't running after 6 hours of debugging and traceing I find what some "genius" left behind.He wrote direct database updates from the UI code. WTF? Who gave them git access?
-
Lodging a ticket in system A...
Citing the ticket number from A to access the password in system B...
Using the password from B to log into database C...
Then doing our work in C, in which all our DDL and DML permissions have been revoked. -
Thats so bad. Since about One week our Internet is broken. We don't have access anymore. You feel useless, because you can't do anything. No Phone (because its also with the Router) , No Internet, No real programming. You can't Look something Up, you can't Log into your Server, Database and so on.
And the shittest Thing about that is that the #Telekom is sorry to say that but absolutely Shit. We have made an appointement on friday. They should come to fix the issue. We have waited the whole day. He didn't came.. Now He wants to come again tomorrow...
I hope everything is right then and We have Internet again.. thats uncool.1 -
Sooooo I came in to work yesterday and the first thing I see is that our client can't log on to the cms I set up for her a month ago. I go log in with my admin credentials and check the audit logs.
It says the last person to access it was me, the date and time exactly when we first deployed it to production.
One month ago.
I fired a calm email to our project managers (who've yet to even read the client complaint!) to check with ops if the cms production database had been touched by the ops team responsible for the sql servers. Because it was definitely not a code issue, and the audit logs never lie.
Later in the day, the audit log updated itself with additional entries - apparently someone in ops had the foresight to back up the database - but it was still missing a good couple weeks of content, meaning the backup db was not recent.
Fucking idiots. -
Today I was fighting a bug in php that resulted in a steady increase of the upload time of a picture. I printed it out together with some other like the amount of accesses on the image.
They where separated with <br> tags which were not displayed for some reason (maybe you already gueesed it here).
I ask my teacher to help me out, because the entry in my database was correct, the value I received was correct, but not the displayed value...
We even modified the database structure in order to find the bug, but it turns out the error was how I displayed the values. TIL that strings are not concatenated with a '+', but with a '.', the hard way.
Next problem: why is the access count incremented? Also why 3 times?😅 -
Is granting read access to a client app a good practice? Intefrations should be done through APIs, jms and the like, right? My opinion is it should be a no no to do the integration on the database layer bypassing the app even if both apps are internal service which are completely different products. opinions are much appreciated.9
-
Common Docker for Windows! Are you serious? What in heavens name could you do wrong to loose access to your own ducking database?! And as if that's not enough there comes the internet in the form of Google telling me that I'm the only idiot with this problem. Sure sure. Gnarf.5
-
This one time last year a colleague found out that some data went missing and suggested to recover the data from a backup. When trying to create a new database instance in the Google Cloud Platform (if everything works it's amazing!) it failed.
Not knowing why this happened, I tried to revert that backup to the production database, after creating a backup using the GCP. Needless to say that failed as well, resulting in a corrupted database instance where I couldn't access the created backups anymore.
This all went at around 10pm and the only users of our product are currently in the same timezone and use it from around 7.30AM until 6PM so no one besides our team knew the server was down.
After a long night chatting Google's support team the database was successfully recovered and the only harm done was sleep depravation for me and a colleague.
Apparently there was a bug in the GCP. It was resolved in two hours and the last time a breaking bug was in that piece was more than seventy days earlier.
I did at least learn to create local backups as well, instead of relying on the tools of the same product...
Best: the moment I saw the corrupted database spin up again and not losing my job because of it. -
I don't understand this:
xtrabackup --backup --datadir=/Path/To/Database/ --target-dir=/Path/To/DBBackup/ --host=172.25.0.51 --port=3306 --user=backup --password=...
When I execute it out put says:
Access denied for user 'backup'@'172.25.0.1'
Why is it using user@GATEWAY instead of user@HOST?7 -
So I´m still working on that Sync to get rid of this abomination called Wrike.
Now I have a problem.
To be able to sync mantis with our software I need to be able to create projects in mantis through the API.
No problem.
But then again, I need to link custom fields to that just created project.
The mantis API apparently doesn´t have that.
I now have two options:
1. I expose the custom field functions myself on the REST api.
2. I gain direct access to the mysql database and do it within my sync job in the database.
Well I´m not a web developer. Like, at all.
But I thought: Hey how hard can it be?
So I got an Apache server with php, mysql and XDebug running with VSCode.
Works better than expected.
But now that I have actually seen the mantis code, I´m seriously considering number 2 again...
Fucking php... -
I'm currently starting to develop a simple web app to access a database, just simple read, write, update stuff. Doesn't need to be fancy or anything, just work.
Now I asked a PHP dev I know for help and he told me I should use Symfony and Easy Admin Bundle. I'm not sure rn if it'd be worth it to get to know how to work with frameworks or not. What do you guys think?
Btw, I'm not planning on doing a lot more web development.3 -
I've been working as a web dev intern for my college's IT department for about three weeks now. Knowing that I have the access to the cms, file server and database... Muhahahahahahahahahaha😈 but I guess I will be a good boy and only screw around in my test environment.
-
I did an engineering quiz yesterday as a way of introducing a new database the school recently got access to. You had to sign up for the site.
- Passwords were max 20 characters (which is better than 10, but still, why???)
- You couldn't use special characters, but there was NO INDICATION ANYWHERE THAT THAT WAS THE CASE. It would just silently fail to log in. I had to open the browser console to figure out what wasn't working. FUCK -
I've been freelancing lately with an agency to develop an android app for their client and at the same time another person is developing the website .
The story begins when I first contacted the web dev to give me access to the database (because he started before me ).It turns out that this guy purchased an almost ready cms template with a shitty data structure that has no relations between object .This database has no primary keys , no foreign keys , no indexes ... no nothing . Adding to that the web dev refused that I rewrite a new data structure claiming that he has done a good progress on the website .
Forward couple of weeks , I managed to create the api and develop an alpha for the app and sent it to the agency manager .
This bastard told me that the website and design have changed and the app shouldn't be like that .He told me to contact the other bastard the web dev to seen what the changes are . I'm waiting for the response about the new updates and I'm praying that they'll be just minor colors updates or something not a whole concept update .
My problem here is I'm stuck with this fucking agency cuz they paid half of the payment when I started .
Damn I must learn to say no to people .1 -
Me, trying to access an old mysql database on a Linux server, the root user gets rejected. Out of frustration I delete mysql entirely and try to start again.
I was not using sudo to access the root user...
In the bright side, the deleted mysql version was actually an old one, the database is actually fine.1 -
I am in need of a good web host for my personal website... the one I use now is free and therefore sucks. I can't even get external access to the MySQL database and their SQL client sucks.9
-
I wanted to know what is the worst mistake you make on database.
I have actually implements the logic of token access control on database and not on business logic layer.
The database have a login procedure which accept username and password. That login procedure actually hash the password and try to authenticate user.
If it is a correct user , it generate a token. In other to use other procedure on database , you must provide a token. By using that token , the procedure know who is it and what permission is granted to that user.4 -
A year ago I built my first todo, not from a tutorial, but using basic libraries and nw.js, and doing basic dom manipulations.
It had drag n drop, icons, and basic saving and loading. And I was satisfied.
Since then I've been working odd jobs.
And today I've decided to stretch out a bit, and build a basic airtable clone, because I think I can.
And also because I hate anything without an offline option.
First thing I realized was I wasn't about to duplicate all the features of a spreadsheet from scratch. I'd need a base to work from.
I spent about an hour looking.
Core features needed would be trivial serialization or saving/loading.
Proper event support for when a cell, row, or column changed, or was selected. Necessary for triggering validation and serialization/saving.
Custom column types.
Embedding html in cells.
Reorderable columns
Optional but nice to have:
Changeable column width and row height.
Drag and drop on rows and columns.
Right click menu support out of the box.
After that hour I had a few I wanted to test.
And started looking at frameworks to support the SPA aspects.
Both mithril and riot have minimal router support. But theres also a ton of other leightweight frameworks and libraries worthy of prototyping in, solid, marko, svelte, etc.
I didn't want to futz with lots of overhead, babeling/gulping/grunting/webpacking or any complex configuration-over-convention.
Didn't care for dom vs shadow dom. Its a prototype not a startup.
And I didn't care to do it the "right way". Learning curve here was antithesis to experimenting. I was trying to get away from plugin, configuration-over-convention, astronaut architecture, monolithic frameworks, the works.
Could I import the library without five dozen dependancies and learning four different tools before getting to hello world?
"But if you know IJK then its quick to get started!", except I don't, so it won't. I didn't want that.
Could I get cheap component-oriented designs?
Was I managing complex state embedded in a monolith that took over the entire layout and conventions of my code, like the world balanced on the back of a turtle?
Did it obscure the dom and state, and the standard way of doing things or *compliment* those?
As for validation, theres a number of vanilla libraries, one of which treats validation similar to unit testing, which seems kinda novel.
For presentation and backend I could do NW.JS, which would remove some of the complications, by putting everything in one script. Or if I wanted to make it a web backend, and avoid writing it in something that ran like a potato strapped to a nuclear rocket (visual studio), I could skip TS and go with python and quart, an async variation of flask.
This has the advantage that using something thats *not* JS, namely python, for interacting with a proper database, and would allow self-hosting or putting it online so people can share data and access in real time with others.
And because I'm horrible, and do things the wrong way for convenience, I could use tailwind.
Because it pisses people off.
How easy (or hard) would it be to recreate a basic functional clone of the core of airtable?
I don't know, but I have feeling I'm going to find out!1 -
Me, an apprentice, got to contribute towards a project for the business.
I only have access to the git of that particular project, no access to the other projects, databases or sourcecodes.
Thing is, we basically have to redo an old programm to access and work with the database, so having access to the sourcecode of that or access to the database would be very very helpful.
I have to guess the attributenames of the tables and what the code looked like that assembled all the data together for the overview.
I feel incredibly unprepared for this. -
I wonder if there is any technical issues that prohibit the creation of open source websites.
By "web sites" I do not consider CMS like Drupal or word press, but rather entire end web site sources.
In fact anything (frontend, backend) except database content that contain user data and credentials.
Not for reusability purposes like CMSs, but simply for transparency and community development purposes, like almost any open source end application.
I agree that a web server is much more exposed than a classic desktop app, as it has lots of targetable private data and internet public access. But for some non-critical purpose this seems to be affordable in exchange of better code review, allowing a community to help improve a tool it uses, and better (not perfect though) transparency (which is an increasingly relevant question nowadays, mainly towards personal data usage).6 -
Relatively often the OpenLDAP server (slapd) behaves a bit strange.
While it is little bit slow (I didn't do a benchmark but Active Directory seemed to be a bit faster but has other quirks is Windows only) with a small amount of users it's fine. slapd is the reference implementation of the LDAP protocol and I didn't expect it to be much better.
Some years ago slapd migrated to a different configuration style - instead of a configuration file and a required restart after every change made, it now uses an additional database for "live" configuration which also allows the deployment of multiple servers with the same configuration (I guess this is nice for larger setups). Many documentations online do not reflect the new configuration and so using the new configuration style requires some knowledge of LDAP itself.
It is possible to revert to the old file based method but the possibility might be removed by any future version - and restarts may take a little bit longer. So I guess, don't do that?
To access the configuration over the network (only using the command line on the server to edit the configuration is sometimes a bit... annoying) an additional internal user has to be created in the configuration database (while working on the local machine as root you are authenticated over a unix domain socket). I mean, I had to creat an administration user during the installation of the service but apparently this only for the main database...
The password in the configuration can be hashed as usual - but strangely it does only accept hashes of some passwords (a hashed version of "123456" is accepted but not hashes of different password, I mean what the...?) so I have to use a single plaintext password... (secure password hashing works for normal user and normal admin accounts).
But even worse are the default logging options: By default (atleast on Debian) the log level is set to DEBUG. Additionally if slapd detects optimization opportunities it writes them to the logs - at least once per connection, if not per query. Together with an application that did alot of connections and queries (this was not intendet and got fixed later) THIS RESULTED IN 32 GB LOG FILES IN ≤ 24 HOURS! - enough to fill up the disk and to crash other services (lessons learned: add more monitoring, monitoring, and monitoring and /var/log should be an extra partition). I mean logging optimization hints is certainly nice - it runs faster now (again, I did not do any benchmarks) - but ther verbosity was way too high.
The worst parts are the error messages: When entering a query string with a syntax errors, slapd returns the error code 80 without any additional text - the documentation reveals SO MUCH BETTER meaning: "other error", THIS IS SO HELPFULL... In the end I was able to find the reason why the input was rejected but in my experience the most error messages are little bit more precise.2 -
The whole windows server + ms sql server ordeal is the biggest fucking joke I've ever seen in my time being a dev.
The ms sql dashboard uses a hidden user to access files and stuffs, so I spent 1 hour trying to make the dashboard's explorer to find the database dump file, only to find out that the file need to be owned by the hidden user. So
I spent about 1 hour trying to set the correct owner of the dump file, but to no avail, the explorer still couldn't pick it up. Then I spent another hour to set the correct owner for the containing folder. Finally, a 6 years old answer on SO point out that I should just put the fucking .bak file in their default folder, and voilà, the fucking thing works like a charm.
I can't get why Microsoft has to go out of their way making permission management on their os so fucking convoluted. The fucking usernames are a fucking mess, you have to go through a bunch of form to change just the owner of a file (please don't start me up with that running some command on powershell bullshit, I would rather deal with bad GUI than a badly designed CLI)
If I were to being positive though, Microsoft is actually one of a few tech companies having a good technical decision of moving their shits over Linux. -
Going through some code I was handed to do an emergency project... Think of an aspx site that follows no design rule, like database access directly in the code behind. No models ect. So I'm going through this section that calls a function good start. Open the function find a class that contain code to access the database.. Humm ok this part look better that the rest. Read the code that validates if it exist in the database and gets the type back. So far so good then there is a get details function call.... Open up the fct ... Started crying... There is a 200+ lines switch case that goes over the type previously fetched..... And the type is stringed compare in the biggest switch case I've ever seen.... Fthis... I'm out1
-
Visualize the entire complexity of the content within the project so that you know what data users will need to access, and compartmentalize those in to separate modules that you can build on over time. Think about any limitations with accessing that data (does the user have that role, what if the data is accessed simulateously, how to handle the same user accessing from different devices etc).
Think about the devices being used - is it going to be a website, an app, both? How best then to access the data? Direct access to a database, or an API system?
Then think about the front-end design and how to simplify the view right down as much as you can. Again, break it down in to modules.
Then decide on the technology you want to use, and what libraries would help simplify things.
These days I like to use JSON API's to access DB content because app and web technologies change quite often but the API will be accessible to whatever I use to build it.
For websites I love using Laravel, which simplifies the back-end tasks, and mdbootstrap which simplifies the front-end tasks and looks "appy". -
Ionic2 + pouch DB seem to be a good choice ... No I sit her 8 hours and try to get a database access fml
-
Need some advise from all you clever devs out there.
When I finished uni I worked for a year at a good company but ultimately I was bored by the topic.
I got a new job at a place that was run by a Hitler wannabee that didn't want to do anything properly including writing tests and any time I improved an area or wrote a test would take me aside to have a go so I quit after 3 months.
Getti g a new job was not that hard but being at companies for short stints was a big issue.
My new job I've been here 3 months again but the code base is a shit hole, no standardisation, no one knows anything about industry standards, no tests again, pull requests that are in name only as clearly broken areas that you comment on get ignored so you might as well not bother, fake agile where all user stories are not user stories and we just lie every sprint about what we finished, no estimates and so forth, and a code base that is such a piece of shit that to add a new feature you have to hack every time. The project only started a few months back.
For instance we were implementing permissions and roles. My team lead does the table design. I spent 4 hours trying to convince him it was not fit for purpose and now we have spent a month on this area and we can't even enforce the permissions on the backend so basically they don't exist. This is the tip of the iceberg as this shit happens constantly and the worst thing is even though I say there is a problem we just ignore it so the app will always be insecure.
None of the team knows angular or wants to learn but all our apps use angular..
These are just examples, there is a lot more problems right from agile being run by people that don't understand agile to sending database entities instead of view models to client apps, but not all as some use view models so we just duplicate all the api controllers.
Our angular apps are a huge mess now because I have to keep hacking them since the backend is wrong.
We have a huge architectural problem that will set us back 1 month as we won't be able to actually access functionality and we need to release in 3 months, their solution even understanding my point fully is to ignore it. Legit.
The worst thing is that although my team is not dumb, if you try to explain this stuff to them they either just don't understand what you are saying or don't care.
With all that said I don't think they are even aware of these issues somehow so I dont think it's on purpose, and I do like the people and company, but I have reached the point that I don't give a shit anymore if something is wrong as its just so much easier to stay silent and makes no difference anyway.
I get paid very well, it's close to home and I actually learn a lot since their skill level is so low I have to pick up the slack and do all kinds of things I've never done much of like release management or database optimisation and I like that.
Would you leave and get a new job? -
An old data conversion environment using access and and vb6. I used this in 2013 or so... It's still that company's standard.
For Enterprise database conversion projects, a 2 gb limit on the database size and awkward stupid syntax it didn't work well. -
One of our previous clients is not paying the rest of the payments after receiving the codes. What are the things we can/should do digitally to make them pay the payment?
btw, it was a web app. we worked on the front end and the backend of the app. So, naturally we know all the API endpoints, we have the database access, and so on. So yeah, we can do so many things.
But still I wanna ask you guys, what would you do to make someone pay?3 -
Sometimes I have to connect to production database and alter my dev environment so I can “log in” as a user and see what’s wrong with their account. Once in a while there is a legitimate website issue that is unique to that user’s profile. Other times it’s user error, like the user not understanding that they have to connect their membership to their online account (they think signing up for an account will connect it automatically).
I don’t like circumventing the user’s log in like this, but sometimes it’s necessary since the website is so confusing. I inherited this website, so many of the problems were formed way before I took over.
My stakeholders want a log in as user feature for website admins to use. My manager and PM don’t think that’s a good idea right now since there are over two dozen people with admin access and admin access means access to everything in the admin (there aren’t options to give permissions as needed).1 -
My load balancer with docker and redis database works fine bu5 I can’t access my web service. I get a “connection refused” error message.6
-
Need to make a secure app for iOS to access and store credit card information. What database should I use?1
-
How do I extend ASP Identity on .NET Core to check the database on every page load for an IsAdmin Boolean on the extended IdentityUser class? I need to do this to ensure rights haven’t been revoked and the user is still allowed to access restricted pages.10