I had a secondary Gmail account with a really nice short nickname (from the early invite/alpha days), forwarded to another of my mailboxes. It had a weak password, leaked as part of one of the many database leaks.

Eventually I noticed some dude in Brazil started using my Gmail, and he changed the password — but I still got a copy of everything he did through the forwarding rule. I caught him bragging to a friend on how he cracked hashes and stole and sold email accounts and user details in bulk.

He used my account as his main email account. Over the years I saw more and more personal details getting through. Eventually I received a mail with a plaintext password... which he also used for a PayPal account, coupled to a Mastercard.

I used a local website to send him a giant expensive bouquet of flowers with a box of chocolates, using his own PayPal and the default shipping address.

I included a card:

"Congratulations on acquiring my Gmail account, even if I'm 7 years late. Thanks for letting me be such an integral part of your life, for letting me know who you are, what you buy, how much you earn, who your family and friends are and where you live. I've surprised your mother with a cruise ticket as you mentioned on Facebook how sorry you were that you forgot her birthday and couldn't buy her a nice present. She seems like a lovely woman. I've also made a $1000 donation in your name to the EFF, to celebrate our distant friendship"

Fuck today was weird.

Today I received almost half a million on my bank account. 😯

Someone changed the ancient cryptic billing system. My user account at work has id 32 in the database, and the dev referenced the size of the creditor id instead of the of the value of the ids itself, and they're u32 ints... So ALL the money moving through our platform was accidentally transferred to my associated bank account.

For all the unit tests we have, this bug tumbled right through.

And no one at finances thought a transfer that big, to a backend dev they know by name, was suspicious — with almost no money going to other creditors...

That worries me a bit. The fact that this shit can happen, even at high test coverage, just because someone mindlessly did a wrong autocomplete or something.

Of course I will send it back... after two weeks and a few hundred € of interest.

Long rant ahead, but it's worth it.

I used to work with a professor (let's call him Dr. X) and developed a backend + acted as sysadmin for our team's research project. Two semesters ago, they wanted to revamp the front end + do some data visualization, so a girl (let's call her W) joined the team and did all that. We wanted to merge the two sites and host on azure, but due to issues and impeding conferences that require our data to be online, we kept postponing. I graduate this semester and haven't worked with the team for a while, so they have a new guy in charge of the azure server (let's call him H), and yesterday my professor sends me (let's call me M), H and W an email telling us to coordinate to have the merge up on azure in 2-3 days, max. The following convo was what I had with H:

M: Hi, if you just give me access to azure I'll be able to set everything up myself, also I'll need a db set up, and just send me the connection string.
H: Hi, we won't have dbs because that is extra costs involved since we don't have dynamic content. Also I can't give you access, instead push everything on git and set up the site on a test azure server and I will take it from there.
M: There is proprietary data on the site...
H: Oh really? I don't know what's on it.
<and yet he knows we have no dynamic data>
M: Fine, I'll load the data some other way, but I have access to all the data anyway, just talk to Dr. X and you'll see you can give me access. Delete my access after if you want.
H: No, just do what I said: git then upload to test azure account.

Fine, he's a complete tool, but I like Dr. X, so I message W and tell her we have to merge, she tells me that it's not that easy to set it up on github as she's using wordpress. She sends me instructions on what to do, and, lo and behold, there's a db in her solution. Ok, I go back to talking to H:

M: W is using a db. Talk to her so we can figure out whether we need a database or not.
H: We can't use a database because we want to decrease costs.
M: Yes I know that, so talk to her because that probably means she has to re-do some stuff, which might take some time. Also there might be dynamic content in what she's doing.
H: This is your project, you talk to her.
<I'm starting to get mad right now>
M: I don't know what they had her do apart from how it interfaces with what I've done.
H: We still can't have databases.
M: Listen, I don't do wordpress, and I'm not gonna mess with it, you talk to her
H: I won't do any development
<So you won't do any dev, but you won't give me access to do it either?>
M: Man, the bottleneck isn't the merging right now, it's the fact that W needs a db
H: I know, so talk to her
M: THE RESTRICTION TO NOT HAVE DATABASES IS NOT MINE, IT'S YOURS, YOU TALK TO HER. I can't evaluate whether it's a reasonable enough reason or not since I don't know the requirements or what they're willing to spend.
H: It's your project.
M: Then give me fucking access to azure and I'll handle it, you know you'll have to set up wordpress again regardless whether we set it up the first time.
H: Man just do your job.

At this point I lost it. WHAT A FUCKING TOOL. He doesn't wanna do dev work, wants me to go through the trouble of setting up on a test subscription first, and doesn't want to give me access to azure. What's more, he did shit all and doesn't want to anything else. Well fuck you. I googled him, to see if he's anyone important, if he's done anything notable which is why he's being so God damn condescending. MY INTERNSHIP ALONE ECLIPSES HIS ENTIRE CV. Then what the fuck?

There's also this that happened sometime during our talk:

M: You'll have to take to Dr. Y so he'll change the DNS to point to the azure subscription instead of my server.
H: Yea don't worry, too early for that.
M: DNS propagation takes 24 hours...
H: Yea don't worry.

DNS propagation allows the entire web to know that your website is hosted on a different server so it can change where it's pointing to. We have to do this in 2-3 days. Why do work in parallel? Nah let's wait.

I went over his head and talked to the professor directly, and despite wanting to tell him that he was both drunk and high the day he hired that guy, I kept it professional. He hasn't replied yet, but this fucker's pompous attitude is just too much for me alone, so I had to share.

PS: I named his contact as Annoying Prick 4 minutes into our chat. Gonna rename him cz that seems tooooooo soft a name right now.

Oh, man, I just realized I haven't ranted one of my best stories on here!

So, here goes!

A few years back the company I work for was contacted by an older client regarding a new project.

The guy was now pitching to build the website for the Parliament of another country (not gonna name it, NDAs and stuff), and was planning on outsourcing the development, as he had no team and he was only aiming on taking care of the client service/project management side of the project.

Out of principle (and also to preserve our mental integrity), we have purposely avoided working with government bodies of any kind, in any country, but he was a friend of our CEO and pleaded until we singed on board.

Now, the project itself was way bigger than we expected, as the wanted more of an internal CRM, centralized document archive, event management, internal planning, multiple interfaced, role based access restricted monster of an administration interface, complete with regular user website, also packed with all kind of features, dashboards and so on.

Long story short, a lot bigger than what we were expecting based on the initial brief.

The development period was hell. New features were coming in on a weekly basis. Already implemented functionality was constantly being changed or redefined. No requests we ever made about clarifications and/or materials or information were ever answered on time.

They also somehow bullied the guy that brought us the project into also including the data migration from the old website into the new one we were building and we somehow ended up having to extract meaningful, formatted, sanitized content parsing static HTML files and connecting them to download-able files (almost every page in the old website had files available to download) we needed to also include in a sane way.

Now, don't think the files were simple URL paths we can trace to a folder/file path, oh no!!! The links were some form of hash combination that had to be exploded and tested against some king of database relationship tables that only had hashed indexes relating to other tables, that also only had hashed indexes relating to some other tables that kept a database of the website pages HTML file naming. So what we had to do is identify the files based on a combination of hashed indexes and re-hashed HTML file names that in the end would give us a filename for a real file that we had to then search for inside a list of over 20 folders not related to one another.

So we did this. Created a script that processed the hell out of over 10000 HTML files, database entries and files and re-indexed and re-named all this shit into a meaningful database of sane data and well organized files.

So, with this we were nearing the finish line for the project, which by now exceeded the estimated time by over to times.

We test everything, retest it all again for good measure, pack everything up for deployment, simulate on a staging environment, give the final client access to the staging version, get them to accept that all requirements are met, finish writing the documentation for the codebase, write detailed deployment procedure, include some automation and testing tools also for good measure, recommend production setup, hardware specs, software versions, server side optimization like caching, load balancing and all that we could think would ever be useful, all with more documentation and instructions.

As the project was built on PHP/MySQL (as requested), we recommended a Linux environment for production. Oh, I forgot to tell you that over the development period they kept asking us to also include steps for Windows procedures along with our regular documentation. Was a bit strange, but we added it in there just so we can finish and close the damn project.

So, we send them all the above and go get drunk as fuck in celebration of getting rid of them once and for all...

Next day: hung over, I get to the office, open my laptop and see on new email. I only had the one new mail, so I open it to see what it's about.

Lo and behold! The fuckers over in the other country that called themselves "IT guys", and were the ones making all the changes and additions to our requirements, were not capable enough to follow step by step instructions in order to deploy the project on their servers!!!

[Continues in the comments]

I just had a client complaining on the phone that she read my database design documents and that they are all wrong and need to be done again. Because things like varchar and int are confusing. And nobody understands what they mean. She asked around and nobody understood it.

Ooh, and I should place the customer name in more then one table because it would be handy to have in several places.

Spend a hour on the phone trying to explain that these documents are not intended for her. They are not for her to understand.

I make these documents to build a stable product and in case something bad happens to me its easier to pick up for another developer.

Long story short.. I'm currently making a document that explains the database design... Getting paid for it..... But fucking hell. Somebody save me.

I absolutely HATE "web developers" who call you in to fix their FooBar'd mess, yet can't stop themselves from dictating what you should and shouldn't do, especially when they have no idea what they're doing.

So I get called in to a job improving the performance of a Magento site (and let's just say I have no love for Magento for a number of reasons) because this "developer" enabled Redis and expected everything to be lightning fast. Maybe he thought "Redis" was the name of a magical sorcerer living in the server. A master conjurer capable of weaving mystical time-altering spells to inexplicably improve the performance. Who knows?

This guy claims he spent "months" trying to figure out why the website couldn't load faster than 7 seconds at best, and his employer is demanding a resolution so he stops losing conversions. I usually try to avoid Magento because of all the headaches that come with it, but I figured "sure, why not?" I mean, he built the website less than a year ago, so how bad can it really be? Well...let's see how fast you all can facepalm:

1.) The website was built brand new on Magento 1.9.2.4...what? I mean, if this were built a few years back, that would be a different story, but building a fresh Magento website in 2017 in 1.x? I asked him why he did that...his answer absolutely floored me: "because PHP 5.5 was the best choice at the time for speed and performance..." What?!

2.) The ONLY optimization done on the website was Redis cache being enabled. No merged CSS/JS, no use of a CDN, no image optimization, no gzip, no expires rules. Just Redis...

3.) Now to say the website was poorly coded was an understatement. This wasn't the worst coding I've seen, but it was far from acceptable. There was no organization whatsoever. Templates and skin assets are being called from across 12 different locations on the server, making tracking down and finding a snippet to fix downright annoying.

But not only that, the home page itself had 83 custom database queries to load the products on the page. He said this was so he could load products from several different categories and custom tables to show on the page. I asked him why he didn't just call a few join queries, and he had no idea what I was talking about.

4.) Almost every image on the website was a .PNG file, 2000x2000 px and lossless. The home page alone was 22MB just from images.

There were several other issues, but those 4 should be enough to paint a good picture. The client wanted this all done in a week for less than $500. We laughed. But we agreed on the price only because of a long relationship and because they have some referrals they got us in the door with. But we told them it would get done on our time, not theirs. So I copied the website to our server as a test bed and got to work.

After numerous hours of bug fixes, recoding queries, disabling Redis and opting for higher innodb cache (more on that later), image optimization, js/css/html combining, render-unblocking and minification, lazyloading images tweaking Magento to work with PHP7, installing OpCache and setting up basic htaccess optimizations, we smash the loading time down to 1.2 seconds total, and most of that time was for external JavaScript plugins deemed "necessary". Time to First Byte went from a staggering 2.2 seconds to about 45ms. Needless to say, we kicked its ass.

So I show their developer the changes and he's stunned. He says he'll tell the hosting provider create a new server set up to migrate the optimized site over and cut over to, because taking the live website down for maintenance for even an hour or two in the middle of the night is "unacceptable".

So trying to be cool about it, I tell him I'd be happy to configure the server to the exact specifications needed. He says "we can't do that". I look at him confused. "What do you mean we 'can't'?" He tells me that even though this is a dedicated server, the provider doesn't allow any access other than a jailed shell account and cPanel access. What?! This is a company averaging 3 million+ per year in revenue. Why don't they have an IT manager overseeing everything? Apparently for them, they're too cheap for that, so they went with a "managed dedicated server", "managed" apparently meaning "you only get to use it like a shared host".

So after countless phone calls arguing with the hosting provider, they agree to make our changes. Then the client's developer starts getting nasty out of nowhere. He says my optimizations are not acceptable because I'm not using Redis cache, and now the client is threatening to walk away without paying us.

So I guess the overall message from this rant is not so much about the situation, but the developer and countless others like him that are clueless, but try to speak from a position of authority.

If we as developers don't stop challenging each other in a measuring contest and learn to let go when we need help, we can get a lot more done and prevent losing clients. </rant>

Had this recently with a client, mysql server of one of our shared hosting servers went down:

Senior engineer 1: heads up guys, mysql of {server name} is down, working on it! *calls second engineer in*
Support people: thanks for letting know! (in case clients call about it)

*triiiingggg*
Me: good afternoon, how can I help you?
Client: this site which we manage for a shared customer says it can't connect to the database...
M: is it hosted on {server name of mysql problems}
C: yes.
M: there's a mysql disruption there right now, we're working on it!
C: *starts guilt tripping me about thy they chose us for stability reasons and now this happens*
M: sir, I can't change this situation so you can go on and on about that but it's not going to help anyone.
C: okay, so what can I tell my client?
M: you can tell that we have a mysql server disruption right now and are working to fix it as soon as possible!
C: and what am I going to tell my client if they don't accept that answer?
M: you can tell that we are fixing this disruption as soon as possible.
C: yes you said that but what if they don't accept that answer, what am I going to tell them THEN?!
M: Listen, sir. We have a disruption right now. It's not fun but whether I tell this by writing it to you in a fairy tail or shout it at you, it's not going to make a difference.
We have a disruption and we are working on i....

*click*

Well, fuck you too.

In a user-interface design meeting over a regulatory compliance implementation:
User: “We’ll need to input a city.”
Dev: “Should we validate that city against the state, zip code, and country?”
User: “You are going to make me enter all that data? Ugh…then make it a drop-down. I select the city and the state, zip code auto-fill. I don’t want to make a mistake typing any of that data in.”
Me: “I don’t think a drop-down of every city in the US is feasible.”
Manage: “Why? There cannot be that many. Drop-down is fine. What about the button? We have a few icons to choose from…”
Me: “Uh..yea…there are thousands of cities in the US. Way too much data to for anyone to realistically scroll through”
Dev: “They won’t have to scroll, I’ll filter the list when they start typing.”
Me: “That’s not really the issue and if they are typing the city anyway, just let them type it in.”
User: “What if I mistype Ch1cago? We could inadvertently be out of compliance. The system should never open the company up for federal lawsuits”
Me: “If we’re hiring individuals responsible for legal compliance who can’t spell Chicago, we should be sued by the federal government. We should validate the data the best we can, but it is ultimately your department’s responsibility for data accuracy.”
Manager: “Now now…it’s all our responsibility. What is wrong with a few thousand item drop-down?”
Me: “Um, memory, network bandwidth, database storage, who maintains this list of cities? A lot of time and resources could be saved by simply paying attention.”
Manager: “Memory? Well, memory is cheap. If the workstation needs more memory, we’ll add more”
Dev: “Creating a drop-down is easy and selecting thousands of rows from the database should be fast enough. If the selection is slow, I’ll put it in a thread.”
DBA: “Table won’t be that big and won’t take up much disk space. We’ll need to setup stored procedures, and data import jobs from somewhere to maintain the data. New cities, name changes, ect. ”
Manager: “And if the network starts becoming too slow, we’ll have the Networking dept. open up the valves.”
Me: “Am I the only one seeing all the moving parts we’re introducing just to keep someone from misspelling ‘Chicago’? I’ll admit I’m wrong or maybe I’m not looking at the problem correctly. The point of redesigning the compliance system is to make it simpler, not more complex.”
Manager: “I’m missing the point to why we’re still talking about this. Decision has been made. Drop-down of all cities in the US. Moving on to the button’s icon ..”
Me: “Where is the list of cities going to come from?”
<few seconds of silence>
Dev: “Post office I guess.”
Me: “You guess?…OK…Who is going to manage this list of cities? The manager responsible for regulations?”
User: “Thousands of cities? Oh no …no one is our area has time for that. The system should do it”
Me: “OK, the system. That falls on the DBA. Are you going to be responsible for keeping the data accurate? What is going to audit the cities to make sure the names are properly named and associated with the correct state?”
DBA: “Uh..I don’t know…um…I can set up a job to run every night”
Me: “A job to do what? Validate the data against what?”
Manager: “Do you have a point? No one said it would be easy and all of those details can be answered later.”
Me: “Almost done, and this should be easy. How many cities do we currently have to maintain compliance?”
User: “Maybe 4 or 5. Not many. Regulations are mostly on a state level.”
Me: “When was the last time we created a new city compliance?”
User: “Maybe, 8 years ago. It was before I started.”
Me: “So we’re creating all this complexity for data that, realistically, probably won’t ever change?”
User: “Oh crap, you’re right. What the hell was I thinking…Scratch the drop-down idea. I doubt we’re have a new city regulation anytime soon and how hard is it to type in a city?”
Manager: “OK, are we done wasting everyone’s time on this? No drop-down of cities...next …Let’s get back to the button’s icon …”

Simplicity 1, complexity 0.

You know what's the difference between
- static page written purely in HTML with inline styling
and
- dynamic page generated in PHP, that actually loads data from MySQL database and is correctly styled in separate CSS document
on national level exam necessary to earn a title of technician?
ONE HACKING PERCENT!

Ok, backstory. So, few days ago I got results from that exam. To be honest, it was very, very easy so I wasn't worried at all, unlike some of my classmates who just don't understand programming at all (you need at least 75% to pass). Our task was to create database, write website in PHP that shows contents of that database and use CSS to give it a look that of example web page and run it on XAMPP. I've got result of 96% and while I was wandering what I've done wrong i hear my colleague almost screaming with joy "I passed! And I haven't even touched PHP. I was soooo sure I'll fail." So I asked him what's his result and he says 95%. And then another colleague said he got 95% without PHP. So, in other words what I thought to be the main task was worth 1%. Apparently, what was more important was for the page to look identical to the example, so I guess some examiners didn't even look into the source. And don't get me wrong, I don't wish my classmates had failed. That's not why I'm ranting. But why in the name of Ada Lovelace the task said to use PHP and all that if it weren't supposed to check our knowledge of programming in PHP? Sometimes I think the people who design these tests don't even know what they're doing.

I work in a company where I'm the only developer, with everyone being designers or marketing or sales. Typically like the scene from Silicon Valley.

Moto was to create a ticket selling website for their products, and make sure they worked as well. It was all fine, until deadlines were discussed. They wanted it done within 2 weeks, the entire backend dashboard, API and front end.

I told them it's almost impossible to do it, but they insisted on it. So, I made a minimal dashboard and told them, I haven't completed a few things, such as if you edit data in one place, it won't reflect in other tables. So, be careful while editing the data.

They nodded their head for everything, yesterday was site launch and 2 hours before that one bastard decided to changed the product names to something "catchy" but failed to change the same in other places.

I had used the name as foreign key, so querying other DBs became a fuck all issue, and eventually API stopped giving any response to front end calls.

I got extremely pissed, and shouted at that dude, for fucking everything up. He said, you're the tech guy and you should've taken all this into account.

I sat and hardcoded all the data into database again, made sure site is live. Once it was live, these guys call a company meeting and fire me saying I was incompetent in handling the stressful situation.

At that moment, I lost my shit and blasted each of those people. The designer started crying since her absurd designs(though great) couldn't be realised in CSS that too within 2 weeks time.

One of the worst experience for working for a company. I could've taken the website down, and told them to buzz off if they'd called, I couldn't get myself to do it, hence ranting here.

I seriously feel, all these tech noob HRs need to get a primer course on how to deal with problems of a programmer before they get to hire one, most of these guys don't know what we're trying to tell in itself.

I find devRant to be the only place where I can get someone to understand the issues that I face, hence ranted.

TL;DR: Coded ticket selling site in 2 weeks. 3 hours to launch, data entry dude fucks up. I clean all the mess, get the site online. Get fired as soon as that happens.

Live long and prosper. Peace.

I just almost fucked up our database. Thank fuck I misspelled a table name. Noone will ever know.

I turned a 20 hour per month task into a 150ms database query.

I feel like a fucking super hero.

FYI my super hero name is ThreadPool (see past rant)

Ex-coworker of mine fixed this bug a week after the site was launched and has gathered several thousand users in database.

Yep its exactly what you think it is, each time one user would update its infos, it would update his infos to all the users in the database.

Luckily I was not in charge of the project in that time, so it was really fun to watch how everyone's name was changing every couple of minutes for a whole week :D

Our website once had it’s config file (“old” .cgi app) open and available if you knew the file name. It was ‘obfuscated’ with the file name “Name of the cgi executable”.txt. So browsing, browsing.cgi, config file was browsing.txt.
After discovering the sql server admin password in plain text and reporting it to the VP, he called a meeting.
VP: “I have a report that you are storing the server admin password in plain text.”
WebMgr: “No, that is not correct.”
Me: “Um, yes it is, or we wouldn’t be here.”
WebMgr: “It’s not a network server administrator, it’s SQL Server’s SA account. Completely secure since that login has no access to the network.”
<VP looks over at me>
VP: “Oh..I was not told *that* detail.”
Me: “Um, that doesn’t matter, we shouldn’t have any login password in plain text, anywhere. Besides, the SA account has full access to the entire database. Someone could drop tables, get customer data, even access credit card data.”
WebMgr: “You are blowing all this out of proportion. There is no way anyone could do that.”
Me: “Uh, two weeks ago I discovered the catalog page was sending raw SQL from javascript. All anyone had to do was inject a semicolon and add whatever they wanted.”
WebMgr: “Who would do that? They would have to know a lot about our systems in order to do any real damage.”
VP: “Yes, it would have to be someone in our department looking to do some damage.”
<both the VP and WebMgr look at me>
Me: “Open your browser and search on SQL Injection.”
<VP searches on SQL Injection..few seconds pass>
VP: “Oh my, this is disturbing. I did not know SQL injection was such a problem. I want all SQL removed from javascript and passwords removed from the text files.”
WebMgr: “Our team is already removing the SQL, but our apps need to read the SQL server login and password from a config file. I don’t know why this is such a big deal. The file is read-only and protected by IIS. You can’t even read it from a browser.”
VP: “Well, if it’s secured, I suppose it is OK.”
Me: “Open your browser and navigate to … browse.txt”
VP: “Oh my, there it is.”
WebMgr: “You can only see it because your laptop had administrative privileges. Anyone outside our network cannot access the file.”
VP: “OK, that makes sense. As long as IIS is securing the file …”
Me: “No..no..no.. I can’t believe this. The screen shot I sent yesterday was from my home laptop showing the file is publicly available.”
WebMgr: “But you are probably an admin on the laptop.”
<couple of awkward seconds of silence…then the light comes on>
VP: “OK, I’m stopping this meeting. I want all admin users and passwords removed from the site by the end of the day.”

Took a little longer than a day, but after reviewing what the web team changed:
- They did remove the SQL Server SA account, but replaced it with another account with full admin privileges.
- Replaced the “App Name”.txt with centrally located config file at C:\Inetpub\wwwroot\config.txt (hard-coded in the app)
When I brought this up again with my manager..
Mgr: “Yea, I know, it sucks. WebMgr showed the VP the config file was not accessible by the web site and it wasn’t using the SA password. He was satisfied by that. Web site is looking to beat projections again by 15%, so WebMgr told the other VPs that another disruption from a developer could jeopardize the quarterly numbers. I’d keep my head down for a while.”

Best "error" I've ever seen today.

We have a very large database with millions of people, some of those records are duplicates. So I had a long project to write something that would automatically merge duplicate records while allowing employees to review them. Today we had a duplicate show up in the list which should not have.

Same name (apart from one letter), address, employee ID (off by 1 number), same manager, title, phone number, birthdate. But we figured out it wasn't the same person and therefore wasn't a good match.

Turns out they are twin sisters who live together and we're hired by the same manager for the same position at the same time. What are the odds...

Buckle up kids, this one gets saucy.

At work, we have a stress test machine that trests tensile, puncture and breaking strength for different materials used (wood construction). It had a controller software update that was supposed to be installed. I was called into the office because the folks there were unable to install it, they told me the executable just crashed, and wanted me to take a look as I am the most tech-savvy person there.

I go to the computer and open up the firmware download folder. I see a couple folders, some random VBScript file, and Installation.txt. I open the TXT, and find the first round of bullshit.

"Do not run the installer executable directly as it will not work. Run install.vbs instead."

Now, excuse me for a moment, but what kind of dick-cheese-sniffing cockmonger has end users run VBScript files to install something in 2018?! Shame I didn't think of opening it up and examining it for myself to find out what that piece of boiled dogshit did.

I suspend my cringe and run it, and lo and behold, it installs. I open the program and am faced with entering a license key. I'm given the key by the folks at the office, but quickly conclude no ways of entering it work. I reboot the program and there is an autofilled key I didn't notice previously. Whatever, I think, and hit OK.

The program starts fine, and I try with the login they had previously used. Now it doesn't work for some reason. I try it several times to no avail. Then I check the network inspector and notice that when I hit login, no network activity happens in the program, so I conclude the check must be local against some database.

I browse to the program installation directory for clues. Then I see a folder called "Databases".

"This can't be this easy", I think to myself, expecting to find some kind of JSON or something inside that I can crawl for clues. I open the folder and find something much worse. Oh, so much worse.

I find <SOFTWARE NAME>.accdb in the folder. At this point cold sweat is already running down my back at the sheer thought of using Microsoft Access for any program, but curiosity takes over and I open it anyway.

I find the database for the entire program inside. I also notice at this point that I have read/write access to the database, another thing that sent my alarm bells ringing like St. Pauls cathedral. Then I notice a table called "tUser" in the left panel.

Fearing the worst, I click over and find... And you knew it was coming...

Usernames and passwords in plain text.

Not only that, they're all in the format "admin - admin", "user - user", "tester - tester".

I suspend my will to die, login to the program and re-add the account they used previously. I leave the office and inform the peeps that the program works as intended again.

I wish I was making this shit up, but I really am not. What is the fucking point of having a login system at all when your users can just open the database with a program that nowadays comes bundled with every Windows install and easily read the logins? It's not even like the data structure is confusing like minified JSON or something, it's literally a spreadsheet in a program that a trained monkey could read.

God bless them and Satan condemn the developers of this fuckawful program.

!security

(Less a rant; more just annoyance)

The codebase at work has a public-facing admin login page. It isn't linked anywhere, so you must know the url to log in. It doesn't rate-limit you, or prevent attempts after `n` failures.

The passwords aren't stored in cleartext, thankfully. But reality isn't too much better: they're salted with an arbitrary string and MD5'd. The salt is pretty easy to guess. It's literally the company name + "Admin" 🙄

Admin passwords are also stored (hashed) in the seeds.rb file; fortunately on a private repo. (Depressingly, the database creds are stored in plain text in their own config file, but that's another project for another day.)

I'm going to rip out all of the authentication cruft and replace it with a proper bcrypt approach, temporary lockouts, rate limiting, and maybe with some clientside hashing, too, for added transport security.

But it's friday, so I must unfortunately wait. :<

So, some time ago, I was working for a complete puckered anus of a cosmetics company on their ecommerce product. Won't name names, but they're shitty and known for MLM. If you're clever, go you ;)

Anyways, over the course of years they brought in a competent firm to implement their service layer. I'd even worked with them in the past and it was designed to handle a frankly ridiculous-scale load. After they got the 1.0 released, the manager was replaced with some absolutely talentless, chauvinist cuntrag from a phone company that is well known for having 99% indian devs and not being able to heard now. He of course brought in his number two, worked on making life miserable and running everyone on the team off; inside of a year the entire team was ex-said-phone-company.

Watching the decay of this product was a sheer joy. They cratered the database numerous times during peak-load periods, caused $20M in redis-cluster cost overrun, ended up submitting hundreds of erroneous and duplicate orders, and mailed almost $40K worth of product to a random guy in outer mongolia who is , we can only hope, now enjoying his new life as an instagram influencer. They even terminally broke the automatic metadata, and hired THIRTY PEOPLE to sit there and do nothing but edit swagger. And it was still both wrong and unusable.

Over the course of two years, I ended up rewriting large portions of their infra surrounding the centralized service cancer to do things like, "implement security," as well as cut memory usage and runtimes down by quite literally 100x in the worst cases.

It was during this time I discovered a rather critical flaw. This is the story of what, how and how can you fucking even be that stupid. The issue relates to users and their reports and their ability to order.

I first found this issue looking at some erroneous data for a low value order and went, "There's no fucking way, they're fucking stupid, but this is borderline criminal." It was easy to miss, but someone in a top down reporting chain had submitted an order for someone else in a different org. Shouldn't be possible, but here was that order staring me in the face.

So I set to work seeing if we'd pwned ourselves as an org. I spend a few hours poring over logs from the log service and dynatrace trying to recreate what happened. I first tested to see if I could get a user, not something that was usually done because auth identity was pervasive. I discover the users are INCREMENTAL int values they used for ids in the database when requesting from the API, so naturally I have a full list of users and their title and relative position, as well as reports and descendants in about 10 minutes.

I try the happy path of setting values for random, known payment methods and org structures similar to the impossible order, and submitting as a normal user, no dice. Several more tries and I'm confident this isn't the vector.

Exhausting that option, I look at the protocol for a type of order in the system that allowed higher level people to impersonate people below them and use their own payment info for descendant report orders. I see that all of the data for this transaction is stored in a cookie. Few tests later, I discover the UI has no forgery checks, hashing, etc, and just fucking trusts whatever is present in that cookie.

An hour of tweaking later, I'm impersonating a director as a bottom rung employee. Score. So I fill a cart with a bunch of test items and proceed to checkout. There, in all its glory are the director's payment options. I select one and am presented with:

"please reenter card number to validate."

Bupkiss. Dead end.

OR SO YOU WOULD THINK.

One unimportant detail I noticed during my log investigations that the shit slinging GUI monkeys who butchered the system didn't was, on a failed attempt to submit payment in the DB, the logs were filled with messages like:

"Failed to submit order for [userid] with credit card id [id], number [FULL CREDIT CARD NUMBER]"

One submit click later and the user's credit card number drops into lnav like a gatcha prize. I dutifully rerun the checkout and got an email send notification in the logs for successful transfer to fulfillment. Order placed. Some continued experimentation later and the truth is evident:

With an authenticated user or any privilege, you could place any order, as anyone, using anyon's payment methods and have it sent anywhere.

So naturally, I pack the crucifixion-worthy body of evidence up and walk it into the IT director's office. I show him the defect, and he turns sheet fucking white. He knows there's no recovering from it, and there's no way his shitstick service team can handle fixing it. Somewhere in his tiny little grinchly manager's heart he knew they'd caused it, and he was to blame for being a shit captain to the SS Failboat. He replies quietly, "You will never speak of this to anyone, fix this discretely." Straight up hitler's bunker meme rage.

🍿🍿 pull up a chair and get comfy. This was a few years ago and anger has filled some details, so bear with me...

One day, during one of rare afternoons off of work, I was in the library to work on a group project for school. This was maybe a month before it was due, so we were tracking for decent progress and one less stressor over finals. It was about 80° F out, with the perfect breeze for the beach, but school comes first.

I'm team lead (which is terrifying, but less important) and my bro C shows up early to be ready to go on time because he's professional. I'M SO BAD I FORGOT DOUCHEBAGS NAME, so he's A (for asshole), shows up AN HOUR AND 15 MINUTES LATE. But it's not the end of the world, C and I worked around our database schema (which A sent us and we approved), so we could iron out kinks as we went.

A gets there... Fucking finally.

Fucker didn't have the database built (had 2 months to do it, we all agreed on schema a month prior. We're trying to be the adults our ages claim is to be).

*breathe in, count to 10* not a problem, A, just go ahead and start it now so we can at least check what we have.

Ok, my queen, I'll have it done in 10 minutes...

🤔🤔

We needed an id (sku... Which, in 99.9999% of companies is numeric), a short name (xBox one, Macbook, don't smart tv), a description and a price (with 2 decimals). All approved by all 3 of us.

His sku ranges from 3 to 9 ALPHA NUMERIC CHARACTERS, the names were even more generic than expected (item1, item 2, Item_3), no description, and he somehow thought US currency had 5 decimal places!!! (it's more accurate...)

There was an epic, royal, and expensive fight scene in the library (may have been during the Lenten season I decided to give up caffeine AND fast for 40 days to prove a point to an ass wipe of a history teacher, don't recall). I made him cry, he failed the class because C and I wound up fixing everything he touched (graded by commits, because it was also an intro to git, but also, a classmate saw it all), and I had to buy multiple people coffee for yelling in the library.

A tried making out buttons work (I was fed up and done thinking for the day, so moved to documentation), but he fucked those up. I then made those worse by having nested buttons, but I deleted all his shit and started over and fixed it.

I then cried, but C and I survived and have each others backs still.

Pro tip: As great as your product is, it's 1000x harder to pitch to my boss when it has a goofy-ass name.

Me: Hey boss, I came across some new software that'll help manage our mission critical database system.
Boss: Oh yeah, what's it called?
Me: WoolySocksDB Enterprise Edition
Boss: 😐... No.

I'm editing the sidebar on one of our websites, and shuffling some entries. It involves moving some entries in/out of a dropdown and contextual sidebars, in/out of submenus, etc. It sounds a little tedious but overall pretty trivial, right?

This is day three.
I learned React+Redux from scratch (and rebuilt the latter for fun) in twice that long.

In my defense, I've been working on other tasks (see: Alerts), but mostly because I'd rather gouge my freaking eyes out than continue on this one.

Everything that could be wrong about this is. Everything that could be over-engineered is. Everything that could be written worse... can't, actually; it's awful.

Major grievances:
1) The sidebars (yes, there are several) are spread across a ridiculous number of folders. I stopped counting at 20.
2) Instead of icon fonts, this uses multiple images for entry states.
3) The image filenames don't match the menu entry names. at all. ("sb_gifts.png" -> orders); active filenames are e.g. "sb_giftsactive.png"
4) The actions don't match the menu entry names.
5) Menu state is handled within the root application controller, and doesn't use bools, but strings. (and these state flags never seem to get reset anywhere...)
6) These strings are used to construct the image filenames within the sidebar views/partials.
7) Sometimes access restrictions (employee, manager, etc.) are around the individual menu entries, sometimes they're around a partial include, meaning it's extremely difficult to determine which menu entries/sections/subsections are permission-locked without digging through everything.
8) Within different conditionals there are duplicate blocks markup, with duplicate includes, that end up render different partials/markup due to different state.
9) There are parent tags outside of includes, such as `<ul>#{render 'horrific-eye-stabbing'}</ul>`
10) The markup differs per location: sometimes it's a huge blob of non-semantic filthiness, sometimes it's a simple div+span. Example filth: section->p->a->(img,span) ... per menu entry.
11) In some places, the markup is broken, e.g. `<li><u>...</li></u>`
12) In other places, markup is used for layout adjustments, such as an single &nbsp; nested within several divs adorned with lots of styles/classes.
13) Per-device layouts are handled, not within separate views, but by conditionally enabling/disabling swaths of markup, e.g. (if is_cordova_session?).
14) `is_cordova_session` in particular is stored within a cookie that does not expire, and within your user session. disabling it is annoying and very non-obvious. It can get set whether or not you're using cordova.
15) There are virtually no stylesheets; almost everything is inline (but of course not actually everything), which makes for fun layout debugging.
16) Some of the markup (with inline styling, no less) is generated within a goddamn controller.
17) The markup does use css classes, but it's predominately not for actual styling: they're used to pick out elements within unit tests. An example class name: "hide-for-medium-down"; and no, I can't figure out what it means, even when looking at the tests that use it. There are no styles attached to that particular class.
18) The tests have not been updated for three years, and that last update was an rspec version bump.
19) Mixed tabs and spaces, with mixed indentation level (given spaces, it's sometimes 2, 4, 4, 5, or 6, and sometimes one of those levels consistently, plus an extra space thereafter.)
20) Intentional assignment within conditionals (`if var=possibly_nil_return_value()`)
21) hardcoded (and occasionally incorrect) values/urls.

... and last but not least:
22) Adding a new "menu sections unit" (I still haven't determined what the crap that means) requires changing two constants and writing a goddamn database migration.

I'm not even including minor annoyances like non-enclosed ternaries, poor naming conventions, commented out code, highly inefficient code, a 512-character regex (at least it's even, right?), etc.

just.

what the _fuck_

Who knew a sidebar could be so utterly convoluted?

When you're working on an uni project with a fucking idiot who tests stuff with this kind of messages and then forget to remove them a few days before the deadline… fml.

I work at the frontend, he at the backend, so I shouldn't even have to check his code, but after seeing this I fucking have to.

Useless to say that he loaded these kind of placeholders also in the database.
So the admin name is "PieroGay", which is the name of the professor who will evaluate the project...

The worst thing is this bastard will graduate in 1 month, while I probably next year.

Dead 💀 developer.

My first interview,
Back then was technical graduated local CompSchool. Call for a job newspaper, by phone ☎️ the Supervisor assign a date for interview.

In the office the developer guy was amaze because he will hire any from CompSchool he also was student and all stuff made was on the premised of he learned and worked on the company.

About half and hour talks, he write my name on a post-it and put on HR desk.
“Come back tomorrow morning .. tell me you got the job !”

Do so, entering the office next day, was a sad people talking.. the Developer is 💀 dead (drugged on a party).

So this guy “my name in the post-it” is our salvation for all the database, passwords, accounting, etc. and spell my name.

What tha... got the job, the money 💴, was 18 years old, with excessive income (dead guy salarie).

Worked 3 1/2 years for the company.

Thank you 💀 for the opportunity.

"please use a secure password*"

* But don't make it too secure, 20 Charakters is enough.

Why would you fucking do this? The only reason I can think about is a scenario like this:
"How do we store the passwords in the database?"
"Just like anything else?"
"So I create a VARCHAR(20)?"
"Yeah why not? It's good enough for a name, and you shouldn't use your or anyone else's name as a password, so it should be perfect"

When I was in school I had some guys walk up to me and asked:

G: Are you Feeno?
Me: Yes, what's up?
G: We need our FY project on school management system done.
Me: Okay?
G: How much will that cost us?
Me: *confused because I was still a freshman. At that point the only programming language I knew was elementary qbasic. I couldn't even write a hello world program without the help of Google*
So played along because yes we're talking about money here.

Me: It will cost you guys N amount of money (*improvised deep voice*).
G: Okay. Fair price.
* Right there they transferred half the requested amount to me. *
Holy moly! This guys aren't joking around. I don't know shit! They clearly mistook me for a senior student whose first name is Feeno, to me that was a nick referred to me by my friends.

I'm in this one for sure and it's a do or die transaction cus I'm returning no fucking money. I told my friends what had happened and they insisted I return back the money to the students and admit I can't deliver the project they were requesting.
Fuck all of yah! I'm keeping this money. Same afternoon I visited the school library with the intension of writing the code using the help of YouTube tutorials. I didn't find anything useful for qbasic as I thought I could write a full fledged school management system using qbasic.

I was lucky enough to find an existing source code on Codeproject, God bless that Indian guy. The source was in PHP and the tutor gave a step by step guide to setup XAMP and MySQL. I really don't know PHP but I guess source code modification is a natural skill to all programmers as I was able to modify the code to meet the requirements of the students (i.e school name, logo and other minor changes).

Most of what I learnt in programming came from modifying the source of that project. I learnt how to connect a PHP source to a MySQL database, I learnt about functions and their usage, I learnt the basics of HTML, I really learnt a lot and I would say that the speed at which I learnt was proportional to the amount of pressure I received to deliver.

That was how my journey as a full stack developer started. By chance maybe.

Story Time:

When I first started working where I currently am, the manager at the time decided to send us off to a conference about one of the products our institution was purchasing at the time. She also thought that it would be a good way for me, the new guy, to bond with the rest of the staff.

During the presentations we found out that the people surrounding us were not exactly developers because of a couple of things:

1. Some examples were done with php and javascript for adding functionality to said product. The product gave you the opportunity to script on top of it (think of some sort of CMS, but it does not use PHP as its backend language) EVERYONE from the "class" in this particular workshop said they were developers. But at the sight of php in a group of 80 people or so, only about 7 recognized it, including myself and my team.

2. When they showed an example with Javascript, in particular jquery, one of the dudes in the workshop said (with extreme senior level confidence might I add) "yeah I never liked Javascript because you really can't connect it to any database in a website" <--- my face went 0.o and one of the actual developers doing the presentation did a Jim from the Office and looked at some out of screen camera.

3. During a conf talk, one PHD dude showed an example in the template language the CMS used (an obscure Java based template language)in which he was proudly calling out a technique he used to include one snippet of code into another one.....at that time, one of my coworkers squinted his eyes in disbelief, got close to me and said "is this man telling everyone in here that he discovered how to include a file? like, as a new thing?" me: "lol yes", him: "this is a waste of time, do the docs for this thing show how to do it or is he doing some sort of strange maneuver for something the platform does not support?" me: "let me check....nope, it is included, for some reason he made a function that takes the...name of the file he wants to include and passes it over to that call inside of the body....which as per the docs it is the include function...." him: ".....fuck, what a waste of time and money, fuck it lets spend a couple of more minutes here and then go get a drink or something"

That last part was my favorite really, the man speaking was not just any phd holder, but a comp sci phd holder. To this day my dude would walk into my office and say shit like "I DISCOVERED HOW TO INCLUDE A FILE WITH PHP!"

"Oracle database" should be the name of the greatest horror movie of all times

!rant
Our lead dev in the company seems to be a smart guy who's sensitive about code quality and best practices. The current project I'm working on (I'm an intern) has really bad code quality but it's too big an application with a very important client so there's no scope of completely changing it. Today, he asked me to optimize some parts of the code and I happily sat down to do it. After a few hours of searching, profiling and debugging, I asked him about a particular recurring database query that seemed to be uneccesarilly strewn across the code.
Me: "I think it's copy pasted code from somewhere else. It's not very well done".
Lead Dev: "Yeah, the code may not the be really beautiful. It was done hurriedly by this certain inexperienced intern we had a few years back".
Me: "Oh, haha. That's bad".
Lead Dev: "Yeah, you know him. Have you heard of this guy called *mentions his own name with a grin*?"
Me: ...
Lead Dev: "Yeah, I didn't know much then. The code's bad. Optimize it however you like. Just test it properly"
Me: respect++;

I was on vacation when my employer’s new fiscal year started. My manager let me take vacation because it’s not like anything critical was going to happen. Well, joke was on us because we didn’t foresee the stupidity of others…

I had to update a few product codes in the website’s web config and deploy those changes. I was only going to be logged in for 30 minutes to complete that.

I get messaged by one of our database admins. He was doing testing and was unable to complete a payment on the website. That was strange. There was a change pushed by our offsite dev agency, but that was all frontend changes (just updating text) and wouldn’t affect payments.

We don’t want to enlist the dev agency for debugging work, especially when it’s not likely that it’s a code issue. But I was on vacation and I couldn’t stay online past the time I had budgeted for. So my employer enlists the dev agency for help. It’s going to be costly because the agency is in Lithuania, it was past their business hours, and it was emergency support.

Dev agency looks at error logs. There are Apple Pay errors, but that doesn’t explain why non Apple Pay transactions aren’t going through. They roll back my deployment and theirs, but no change. They tell my employer to contact our payment processor.

My manager and the Product Manager contact Payroll, who is the stakeholder for our payment gateways. Payroll contacts our payment gateway and finds out a service called Decision Manager was recently configured for our account. Decision Manager was declining all payments. Payroll was not the person who had Decision Manager installed and our account using this service was news to her.

Payroll works with our payment processor to get payments working again. The damage is pretty severe. Online payments were down for at least 12 hours. Our call center had logged reports from customers the night before.

At our post mortem, we had to find out who ok’d Decision Manager without telling anyone. Luckily, it was quick work. The first stakeholder up was for the Fundraising Dept. She said it wasn’t her or anyone on her team. Our VP of Analytics broke it to her that our payment processor gave us the name of the person who ok’d Decision Manager and it was someone on the Fundraising team. Fundraising then starts backtracking and says that oh yes she knew about it but transactions were still working after the Decision Manager had been configured. WTAF.

Everyone is dumbfounded by this. How could you make a big change to our payment processor and not tell anyone? How did our payment processor allow you to make this change when you’re not the account admin (you’re just a user)?

Our company head had to give an awkward speech about communication and how it’s important. The web team can’t figure out issues if you don’t tell us what you did. The company head was pissed because it was a shitty way to start off the new fiscal year. Our bill for the dev agency must have been over $1000 for debugging work that wasn’t helpful.

Amazingly, no one was fired.

I sometimes remember the time when I wrote a Email-inbox-exporter-PHP-script-type of application that collects all the emails from an inbox, "copied" it to a database with the attachements and stuff and moves it to a folder..

I just started at the company for like a couple of months, had no privileges to create mailboxes and such and I didn't want to interrupt our programmer to do this for me, so... I decided.. to save time and resources.. to test run it on our global, live 'support' mailbox.. :D Well.. You might guess what happened.. Apparently I mistyped the name of the move-destination folder (because imap-weird-things) that resulted in a completly empty mailbox and an empty database because the inserts failed due to bad encoding and mime-type issues..

The moment I refreshed my Outlook and noticed that all our mails where gone.. I swear, I can't describe that feeling of fear, cold sweat, intense heartbeat... I just stood up, asked if anyone wanted coffee, and just walked out of the office.. When in the hallway, I heard my collegues ask to one another "do you have any issues with outlook, all my mails are gone?". Everyone was stressing out, the chief was stressing out "what happened?!", nobody knew what happened.. :D

They could partially resolve it via one collegue who hadn't refreshed the mailbox and he could forward all the mails back to our support mailbox..

I dropped the project idea and learned to work with dev environments :D A couple of months later, I accidentially forgot a where condition in my SQL UPDATE statement, but that was the last time I seriously f*cked up.. :D Got to learn the hard way I guess.. Now everything I do runs in dev environments, I test everything before publishing,.. When I look back.. I don't even recognize the (inexperienced) guy I was back then ! :D

Ps. No one still knows what happened that day and they blamed it on server issues :D

Hey, guys!

I'm new here and I want to introduce myself and meet you too.

My name is Mariana, I'm 21 years old and I live in Brasilia, capital of Brazil.

I'm a beginer in the world of development and I joined on this community to know more about this world. I am currently studying js, react and react native, but I am passionate about database, in the future I want to work with data science.

And you? Feel free to introduce yourself too! :)

Have you guys heard about blind coding?

I had been to competition, first round was quiz.
That was quite easy, though most of the questions were incomplete and didn't make any sense.

They have provided an app. We use that to check the result.

So first round is over, 1 hour later my friend called me asked whether I'm qualified for the next round . I checked the results and my name wasn't there. I was very disappointed.

I left that place after I saw my result. I got a bus which goes to my place.

After 10 minutes, I got a call from the event head asking why I didn't attend second round 😑. I asked why name wasn't there on the result, for which he replied with "database updatation error".

I got down in the next stop and took a bus again to that place.

I reached there, second round was started, First part was debugging. It was easy, I debugged the given program and got the desired output.
Second part was coding. A guy showed a problem to solve and told me to read it quickly . I did as he told.
He opened Dev C++ and gave me a paper to write the program .

When I was about to start typing, he turned off the monitor and told I should write it on paper first and type the program having monitor turned off. 😨

I wrote and typed the program without seeing.
After 30 minutes a college lecturer came to give marks. He told me to compile the program.

TBH, there were many typing mistakes. As header file spelling was wrong it showed only one error.

Him: Huh, cool only one error, well done. *noted that and walked to a guy next to me*

A dev team has been spending the past couple of weeks working on a 'generic rule engine' to validate a marketing process. The “Buy 5, get 10% off” kind of promotions.

The UI has all the great bits, drop-downs, various data lookups, etc etc..

What the dev is storing the database is the actual string representation FieldA=“Buy 5, get 10% off” that is “built” from the UI.

Might be OK, but now they want to apply that string to an actual order. Extract ‘5’, the word ‘Buy’ to apply to the purchase quantity rule, ‘10%’ and the word ‘off’ to subtract from the total.

Dev asked me:

Dev: “How can I use reflection to parse the string and determine what are integers, decimals, and percents?”
Me: “That sounds complicated. Why would you do that?”
Dev: “It’s only a string. Parsing it was easy. First we need to know how to extract numbers and be able to compare them.”
Me: “I’ve seen the data structures, wouldn’t it be easier to serialize the objects to JSON and store the string in the database? When you deserialize, you won’t have to parse or do any kind of reflection. You should try to keep the rule behavior as simple as possible. Developing your own tokenizer that relies on reflection and hoping the UI doesn’t change isn’t going to be reliable.”
Dev: “Tokens!...yea…tokens…that’s what we want. I’ll come up with a tokenizing algorithm that can utilize recursion and reflection to extract all the comparable data structures.”
Me: “Wow…uh…no, don’t do that. The UI already has to map the data, just make it easy on yourself and serialize that object. It’s like one line of code to serialize and deserialize.”
Dev: “I don’t know…sounds like magic. Using tokens seems like the more straightforward O-O approach. Thanks anyway.”

I probably getting too old to keep up with these kids, I have no idea what the frack he was talking about. Not sure if they are too smart or I’m too stupid/lazy. Either way, I keeping my name as far away from that project as possible.

Biggest challenge I overcame as dev? One of many.

Avoiding a life sentence when the 'powers that be' targeted one of my libraries for the root cause of system performance issues and I didn't correct that accusation with a flame thrower.

What the accusation? What I named the library. Yep. The *name* was causing every single problem in the system.

Panorama (very, very expensive APM system at the time) identified my library in it's analysis, the calls to/from SQLServer was the bottleneck

We had one of Panorama's engineers on-site and he asked what (not the actual name) MyLibrary was and (I'll preface I did not know or involved in any of the so-called 'research') a crack team of developers+managers researched the system thoroughly and found MyLibrary was used in just about every project. I wrote the .Net 1.1 MyLibrary as a mini-ORM to simplify the execution of database code (stored procs, etc) and gracefully handle+log database exceptions (auto-logged details such as the target db, stored procedure name, parameter values, etc, everything you'd need to troubleshoot database errors). This was before Dapper and the other fancy tools used by kids these days.

By the time the news got to me, there was a team cobbled together who's only focus was to remove any/every trace of MyLibrary from the code base. Using Waterfall, they calculated it would take at least a year to remove+replace MyLibrary with the equivalent ADO.Net plumbing.

In a department wide meeting:

DeptMgr: "This day forward, no one is to use MyLibrary to access the database! It's slow, unprofessionally named, and the root cause of all the database issues."
Me: "What about MyLibrary is slow? It's excecuting standard the ADO.Net code. Only extra bit of code is the exception handling to capture the details when the exception is logged."
DeptMgr: "We've spent the last 6 weeks with the Panorama engineer and he's identified MyLibrary as the cause. Company has spent over $100,000 on this software and we have to make fact based decisions. Look at this slide ... "
<DeptMgr shows a histogram of the stacktrace, showing MyLibrary as the slowest>
Me: "You do realize that the execution time is the database call itself, not the code. In that example, the invoice call, it's the stored procedure that taking 5 seconds, not MyLibrary."
<at this point, DeptMgr is getting red-face mad>
AreaMgr: "Yes...yes...but if we stopped using MyLibrary, removing the unnecessary layers, will make the code run faster."
<typical headknodd-ers knod their heads in agreement>
Dev01: "The loading of MyLibrary takes CPU cycles away from code that supports our customers. Every CPU cycle counts."
<headknod-ding continues>
Me: "I'm really confused. Maybe I'm looking at the data wrong. On the slide where you highlighted all the bottlenecks, the histogram shows the latency is the database, I mean...it's right there, in red. Am I looking at it wrong?"
<this was meeting with 20+ other devs, mgrs, a VP, the Panorama engineer>
DeptMgr: "Yes you are! I know MyLibrary is your baby. You need to check your ego at the door and face the facts. Your MyLibrary is a failed experiment and needs to be exterminated from this system!"

Fast forward 9 months, maybe 50% of the projects updated, come across the documentation left from the Panorama. Even after the removal of MyLibrary, there was zero increases in performance. The engineer recommended DBAs start optimizing their indexes and other N+1 problems discovered. I decide to ask the developer who lead the re-write.

Me: "I see that removing MyLibrary did nothing to improve performance."
Dev: "Yes, DeptMgr was pissed. He was ready to throw the Panorama engineer out a window when he said the problems were in the database all along. Didn't you say that?"
Me: "Um, so is this re-write project dead?"
Dev: "No. Removing MyLibrary introduced all kinds of bugs. All the boilerplate ADO.Net code caused a lot of unhandled exceptions, then we had to go back and write exception handling code."
Me: "What a failure. What dipshit would think writing more code leads to less bugs?"
Dev: "I know, I know. We're so far behind schedule. We had to come up with something. I ended up writing a library to make replacing MyLibrary easier. I called it KnightRider. Like the TV show. Everyone is excited to speed up their code with KnightRider. Same method names, same exception handling. All we have to do is replace MyLibrary with KnightRider and we're done."
Me: "Won't the bottlenecks then point to KnightRider?"
Dev: "Meh, not my problem. Panorama meets primarily with the DBAs and the networking team now. I doubt we ever use Panorama to look at our C# code."

Needless to say, I was (still) pissed that they had used MyLibrary as dirty word and a scapegoat for months when they *knew* where the problems were. Pissed enough for a flamethrower? Maybe.

So we ordered a piece of software from external software house becouse I was low on time and we needed it asap.

So. Long story short, their software was bugged as hell, they deny all the bugs and they have their BDD that they done and anything we say about it like "feature XYZ is broken on firefox" they will deny it "becouse it wasn't on BDD" or "let's get on call" (in which +- 6-7 people participate from their side and we of course have to pay them for this...)

So they fixed like 20% of bugs (mostly trivials/minors) Application is fairly small scope. You have integration with like 3 endpoints on arbitary API, user registration/login, few things to do in database (mainly math running from cron).

They done it in ASP so I don't know the language and enviroment so can't just fix it myself.

2 days ago (monday) they annoyed me to point where I just started to break things. For starters I found that every numeric input is vunrable to integer overflow (which is blocker). I figured most of fields are purefect opportunity to XSS (but I didn't bother to do JS... anything but not JS...). I figured I can embed into my name/surname/phone (none validated) anything in HTML...

So for now we have around 25 bugs, around 15 of them are blockers.

They figured it's somehow our fault that it's bugged and decided to do demo with us to show off how perfectly it works. I'm happy to break their demos. I figured I will register bunch users that have name - image with fixed/absolute position top:0;left:0 width/height 100% - this will effectively brick admin panel

Also I figured I can do some addotional sounds in background becouse why not. And I just dont know what to put in. It links to my server for now so I can freely change content of bricked admin panel.

I have curl's ready to execute in case they reset database.

I can put in GIFs or heck, even videos, dosen't really matter. Framework escapes some things for them so at least that. But audio/image/video works.

Now I have 2 questions:
- what image + audio combo will work the best (of course we need to keep it civil). Im thinking finding some meme with bugs or maybe nuclear logo image with some siren sound
- am I evil person?

Edit:

I havent stated this clearly:

"There is no BDD that describes that if user inserts malicious input server should deny it" - that's almost literally what we get from them....

If nobody hates you, you're doing something wrong ~ House MD

Tl;Dr : I'm pissing the right people off and my God I like it

That's what I've known and have confirmed doing my current side project with my gf, we are working on a ratemyprofessors clone with extra spicy features, one in particular is so spicy some teachers will be put in a position in which they would rather grind hot peppers with their butt cheeks.

Don't get me wrong, there are good teachers (some of which actually showed support) but some are not good teachers and some aren't good people either; I've decided it's time to stop complaining and take action.

We recently released an alpha and I presented it to a teacher I had this semester (one of the "not so great" kind) as a DB proyect cuz fuck it I'm not doing 2 projects.

This teacher is your run of the mill "I'm lazy and I don't care" teacher and she ran the classroom like a shitty kindergarten, so much so, one of the teams was presenting a buggy admin site as their project and she started talking on the phone! Right up on their faces!!

My turn, I go up and handle her a 30 page printed thesis of my project and said that unlike my mates, I was going to start presenting the idea and then the actual software...why is it printed?, She said; Because I won't be projecting the PDF ma'am, I actually made a professional presentation and that way you can read more technical details while I give a broad overview...

I started talking about the huge issues students face and my research about it, undisciplined teachers, no class structure ~ abrupt interruption ~ "yeah I know like, you are giving so much statistics and numbahs but where is the database?"

I got pissed off because the whole purpose of printing and giving her the docs was for her to ask specific questions AT THE END! So I told her I was getting there and to ask questions at the end...I start showing off the system's sweetest features... everyone got quiet...a girl on the front row kept looking at the teacher and then back to the board with her eyes wide open, the teacher was visibly upset.

I asked someone to please help me by using the site being projected for everyone to see, he searched the teacher's name and it obviously popped up cuz I scrapped the whole teacher index site... some people gasp and others start murmuring.

She freaked and started arguing saying that frontend can't be just HTML and CSS, where did you mentioned x and y feature? admit it's just teacher evaluations! where did you get the teacher names? I want the scripts!....it went on even 10 minutes after class and the next class with a police like interrogation.

So yeah, something tells me I'm not getting an A, but I'm happy after all because that's the kind of reaction I want from those types of professors.

Worth it 😎

This might actually be my first real rant.

Whatever fucking cockgoblin decided that making dynamics GP so fucking confusing needs to suck a big bag of dicks. I'm so fucking tired of having to google every damned table name and column name because nothing makes any motherfucking sense.

Am I supposed to instinctively know what PM20201 does? What data it holds? I don't mind reading documentation. But it's hard to even know where to start when the shitbird API and database are more complicated than calculating orbital fucking decay.

I am done. Fuck you gp. Fuck you and your nonsense. I guess our sales people don't get to know when an invoice was paid.

You know what really grinds my gears? As a junior webdeveloper (mostly backend) I try my hardest to deliver quality content and other people's ignorance is killing me in my current job.

Let's rant about a recent project I had under my hood, for this project (a webshop) I had to restructure the database and had to include validation on basicly every field (what the heck, no validation I hear you say??), apperently they let an incompetent INTERN make this f***king webshop. The list of mistakes in this project can bring you close to the moon I'd say, seriously.

Database design 101 is basicly auto incremented ID's, and using IDs in general instead of using name (among a list of other stuff obv.). Well, this intern decided it was a good idea to filter a custom address-book module based on a NAME, so it wasn't setup as: /addressbook/{id} (unique ID, never a problem) but as /addressbook/{name}, which results in only showing one address if the first names on the addresses are the same. Lots of bugs that go by this type of incompetence and ignorance. Want to hear another joke? Look no further, this guy also decided it was a great idea to generate the next ID of an order. So the ordernumber wasn't made up by the auto incremented id on the order model, but by a count of all the orders and that was the next order number. This broke so many times, unbelievable.

To close the list of mistakes off, the intern decided it was a great idea to couple the address of a user directly to an order. Because the user is able to ship stuff to addresses within his addressbook, this bug could delete whole orders out of the system by simply deleting the address in your addressbook.

Enough about my intern rant, after working my ass of and going above and beyond the expectations of the customer, the guy from sales who was responsible for it showed what an a**hole he was. Lets call this guy Tom.

Little backstory: our department is a very small part of the company but we are responsible for so much if you think about it. The company thinks we've transitioned to company wide SCRUM, but in reality we are so far from it. I think the story below is a great example of what causes this.

Anyway, we as the web department work within Gitlab. All of our issues and sprints are organized and updated within this place. The rest of the company works with FileMaker, such a pile of shit software but I've managed to work around its buggyness. Anyway, When I was done with the project described above I notified all the stakeholders, this includes Tom. I made a write-up of all the changes I had made to the project, including screenshots and examples, within Gitlab. I asked for feedback and made sure to tag Tom so he was notified of my changes to the project.

After hearing nothing for 2 weeks, guess who came to my desk yesterday? F**king tom asking what had changed during my time on the project. I told him politely to check Gitlab and said on a friendly tone that I had notified him over 2 weeks ago. He, I shit you not, blantly told me that he never looks on there "because of all the notifications" and that I should 'tell him what to do' within FileMaker (which I already had updated referencing Gitlab with the write-up of my changes). That dick move of him made me lose all respect for this guy, what an ignorant piece of shit he is afterall.

The thing that triggers me the most in the last story is that I spent so much free time to perfect the project I was working on (the webshop). I even completed some features which weren't scheduled during the sprint I was working on, and all I was asking for was a little appreciation and feedback. Instead, he showed me how ignorant and what a dick he was.

I absolutely have no reason to keep on working for this company if co-workers keep treating me like this. The code base of the webshop is now in a way better condition, but there are a dozen other projects like this one. And guess what? All writen by the same intern.

/rant :P

How are these EU-Upload Filters even practical for anyone except google? This seems like the most unrealistic specification by non-tech bosses in history to me 😭 What do these people expect the upload filters should compare the uploads to? How the fuck should, say a blog website, ensure that none of the uploads are copyright inflicting? Are quotes copyright inflicting? Or only when I copy paste an entire book and write my name under that? How will that get detected? Do we have a database with all the copyrighted works somewhere, that every company has access to? This shit can basically only work for companies like google which have enough data to implement such filters and thats why they already had an upload filter on youtube anyways. This entire amendment is so fucking ridiculous that it basically has to fail, no doubt. In a few months still nobody is going to have upload filters, watch...

Client: can you filter boats by location?
Me: Let me see... As you know, there are three remote systems that feed data into your database. I'd have to make a connection between the location records. But I can't rely on coordinates, name, ID or anything else. You'd have to manually create those links for me by remote systems records IDs. Telling me that record XY from system A is identical to record YX from system B, etc...
Client: How many records are we talking about?
Me: 504.

Three days later...

Client: Got it, is that enough for you in excel?
Me: Let me see... Very nice work, I can work with that.
Client: I almost died on it!

An hour later...

Me: Got it, test it and let's run it on the production version.
Client: It works beautifully.

A minute later...

Can we filter the ships by ports?
Me: Let me see... Yes, it's theoretically possible, but it's the same situation as with places...
Client: How many records are we talking about?
Me: 12,647.

Skype relayed to me the sound of something heavy falling, something grunting. Something dying.

MySQL databases beginning with "test" in the name gives even people without login full access to its tables.

Somebody deleted all tables so we had to get a backup from out hoster.

Thanks MySQL.

Perhaps more of a wishlist than what I think will actually happen, but:

- Everyone realises that blockchain is nothing more than a tiny niche, and therefore everyone but a tiny niche shuts up about it.
- Starting a new JS framework every 2 seconds becomes a crime. Existing JS frameworks have a big war, until only one is left standing.
- Developing for "FaaS" (serverless, if I must use that name) type computing becomes a big thing.
- Relational database engines get to the point where special handling of "big data" isn't required anymore. Joins across billions of rows doesn't present an issue.
- Everyone wakes up one day and realises that Wordpress is a steaming pile of insecure cow dung. It's never used again, and burns in a fire.

Today was a manic-depressive kind of day. Spent the morning helping some developers with getting their code to run a stored procedure to drop old partitions, but it wasn't working on their end. It was a fairly simple proc. But working with partitions is a little like working with an array. I figured out that they were passing the wrong timestamp, and needed to add +1 to delete the right partition. Got that sorted out, and things were good. Lunch time.

After lunch I did some busy work, and then the PO comes up at about 2PM and says he's assigned some requests to me. The first was just attaching some scripts. Easy. The second, the user wants a couple of schemas exported ... at 6PM. I've been in the office since 6:45AM.

While I'm setting up some commands to run for the data export, a BA walks up and asks if I'm filling in for another DBA who is out for a few weeks. Yep. There's a change request that hasn't been assigned, and he normally does the work. I ask when it's due. Well, the pre-implementation was supposed to be done in the morning, but it wasn't, and we're in the implementation window ... half way through. I bring up the change task, and look at. Create new schema and users. That's all it says. The BA laughs. I tell I need more to go on. 10 minutes later he sends an email with the information. There's only two hours left in the window, and I can only use half of it, because the production guys have to their stuff, and we're in their window. Now I'm irritated, because I'm new to Oracle, and it's an unforgiving mistress. Fortunately, another DBA says he'll do it, so that we can get it done in time. But can't work it either, because Dev DBAs don't have access to QA, and the process required access for this task. Gets shelved until the access issue is resolved. It's now after 4:15PM. I'm going to in traffic with that 6PM deadline.

I manage to get home and to the computer by 5:45PM. Log in. Start VPN. Box pops on screen. Java needs to update. I chose skip update. Box pops up again. It won't let me log in until Java is current. Passed.

I finally get logged in, and it's 6:10PM. I'm late getting the job started. I pull up Putty and log into the first box, and paste my pre-prepared command in the command line and hit error. Command not found. I'm tired, so it's a moment to sink in. I don't have time for this.

I log into DBArtisan and pull up the first data base, use the wizard to set the job, and off it goes. Yay. Bring up the second database, and have enter the connect info. Host not found. Wut? Examine host name. Yep, it's correct. Try a different method. Host not found. Go back to Putty. Log in. Past string. Launch. Command not found. Now my brain is quitting on me. Why now? It's after 6:30PM. Fiddle with some settings, reset $Oracle home. Try again. Yay. It works. I'm done. It's after 7PM.

There is nothing like technology to snatch the euphoria of a success away from you. It's a love-hate thing, but I wouldn't trade it for anything else. I'm done. Good night.

So I setup a nice csv file for the customer to fill in the shop items for their webshop, you know? with a nice layout like
name - language - description etc.

(just temporary, because the legacy website is going under a ((sadly frontend only)) rework, so it now also has to display different 'kind' of products... and because the new cms isn't done yet they
have to provide the data with other means)

my thoughts were to create a little import script to write the file into the database.... keep in mind of the relations... etc...

guess what? TWO MONTHS later, I get a file with a custom layout, empty cells, sometimes with actual data, sometimes (in red / green text color) notes for me

I mean WHY.... WHY DO YOU MAKE MY LIVE HARDER???

So now I have to put data in 6 columns and 411 rows in the database BY HAND...

oh and did I mention they also have relations? yeah... I also have to do that by hand now...

Still dealing with the web department and their finger pointing after several thousand errors logged.

SeniorWebDev: “Looks like there were 250 database timeout errors at 11:02AM. DBAs might want to take a look.”

I look at the actual exceptions being logged (bulk of the over 1,600 logged errors)..

“Object reference not set to an instance of an object.”

Then I looked the email timestamp…11:00AM. We received the email notification *before* the database timeout errors occurred.

I gather some facts…when the exceptions started, when they ended, and used the stack trace to find the code not checking for null (maybe 10 minutes of junior dev detective work). Send the data to the ‘powers that be’ and carried on with my daily tasks.
I attached what I found (not the actual code, it was changed to protect the innocent)
Couple of hours later another WebDev replied…

WebDev: “These errors look like a database connectivity issue between the web site and the saleitem data service. Appears the logging framework doesn’t allow us to log any information about the database connection.”

FRACK!!...that Fracking lying piece of frack! Our team is responsible for the logging framework. I was typing up my response (having to calm down) then about a minute later the head DBA replies …

DBA: “Do you have any evidence of this? Our logs show no connectivity issues. The logging framework does have the ability to log an extensive amount of data regarding the database transaction. Database name, server, login, command text, and parameter values. Everything we need to troubleshoot. This is the link to the documentation …. If you implement the one line of code to gather the data, it will go a long way in helping us debug performance and connectivity issue. Thank you.”

DBA sends me a skype message “You’re welcome :)”

Ahh..nice to see someone else fed up with their lying bull...stuff.

Worst documentation I've seen?

Our "Coding Standards" 20+ page document. The team who put it together got so detailed, there wasn't much 'wiggle room' for natural deviations in a developer's coding style. For example, a section devoted to no abbreviations. So if you had a variable 'invoiceId', they complained you violated 'standards', even though 'invoiceId' matched a field name in a database table. Using Dapper or another ORM that relied on the 1:1 name match? Nope, you were still forced to inject your own mappers so the code didn't violate standards.

As you can probably guess, such a long, detailed document would have contradictions. I pointed out one of the contradictions. Example:

Page 5: Section B, sub-section B-5, paragraph 3 : "To minimize network traffic, when querying the database, request all the data necessary for the application."
Page 8: Section K, sub-section K-2, paragraph 4 : "For maximum performance, when querying the database, request only the most minimum amount of data necessary for the application ."

In a review I pointed out this contradiction (there were several more)
Me: "If we satisfy A, one could say the code is in violation of B. Which is it?"
<Pointy-Hair-Boss throws his pencil on the table>
PHB: "WHAT IS YOUR PROBLEM WITH STANDARDS! It couldn't be more clear! We are a company of standards because without standards <blah blah..straw man argument..blah blah>"
<deciding not to die on that hill, I move on>
Me: "On page 12, paragraph 9 code is in violation if a method has more than 3 parameters. That seems a little restrictive given our interaction with 3rd party products."
PHB: "There you go again. As stated in the document, ALL code used by the company will comply to our standards. What part of 'ALL' do you not understand?"

Was he bluffing about requiring 3rd party vendors complying with our standards? Heck no. That's a story for another day.

Ok, so I basically spent my weekend trying to work out why the fuck my python docker container would not connect to my mariadb docker container. Tried fucking everything, bridged network, host network, links (even though theyre deprecated), you name it. It would NOT WORK!

In my despair I finally turned to StackOverflow. There I was told 5min after posting the question that the reason was probably that mysql is a quite heavy service, which takes a bit to start up.

I thought to myself "Oh, get the fuck outta here, that can't be it, shit's way too easy to work!"
I tried it nevertheless by adding a 10sec delay before querying the database AND THE MOTHERFUCKING PIECE OF SHIT ACTUALLY WORKS!! So, I essentially just lost a weekend because I was too impatient... I think I'm gonna punch some trees now.

So I just started a part time job in a hospital research center - because the processing is long I got a temporary user name and password (that belong to the main HR secretary) so I can start work straight away (mainly data analytics)
The kick?
Administrator privileges.
I can access edit create or delete everything in the entire fucking database. On my first God damn day.
In the 2nd largest hospital in the fucking country.
Agh. How do systems survive with so many dumb security breaches?

I promised a friend to have a look over his dads website to add a small blog. No big deal, I've got it on my drive, can reuse it just need to adapt it to the environment.

I take a look at what I'm working with and I see the most terrifying piece of "Please, take my data" code I could possibly imagine (And I've seen passwords, in plain text in a script tag). I quote "function queryDB(mode, val) {
var query=" ";
if(mode==="findProd")
query="Select * from Products where ProdNam=" +val;
... (same shit for different cases)
sendQuery(query) ;
}

He literally built the query on the client side sent it to a php script (without validation) and inserted it into the database.
You could literally call window.sendQuery with any sql query and get the result printed into the console.
And other than the plain text passwords guy that wasn't some kid someone knew, this was a "Webdesign" Agency.
Now I took the entire thing offline, called my friends dad, explained it to him and try to sort this out. I would not charge a good friends father but that hack will get a quite hefty bill since my hourly rate just tripled.

And the worst thing : If I publicly name that asshole or warn the people in his portfolio I can, according to Google, be sued. (But, and I assume thats vague enough not to count as bad mouthing, if anyone of you has a customer from Rheinland-Pfalz, Germany with a preexisting page, please have a look at the database interface)
I will call that agency tomorrow, ask for a detailed explanation for why they apparently let trained monkeys write their code and anonymously warn everyone in their portfolio about those flaws...

I don't know if I'm cursed or if there are just that many bad devs but it seems that once a year I have to stumble over some "mistakes" that make me question my sanity.

In my school, eleventh grade (so nearly "Abitur", A levels), we got the task to create a program which will be running on every computer here which should replace the Classbook (like a book where homework and lessons and stuff is written down).
Now, the class before mine already did a part of that, a program to share who is ill/not at school, with a mark whether it is excused or not.
So far so good. They all seemed not that bad when they were presenting it to us. Then, the first thing: they didn't know what git is. Well, okay I thought.
Next, there was this password field to access the program. One of them entered the password and clicked enter. That seemed suspiciously fast for an actual secure login. So fast, the password could have been in the Code...
Yesterday I copied that program and put it into a decompiler.
And... I was right.
There were the login credentials in plain text. Also, haven't thought of it but, IP address + username + password + database name were there in plain text, too.
Guess I am going to rewrite this program down to the core

Working on a database where every column name are acronyms. No, the 2-5 seconds you just saved yourself from typing are not worth it, it’s so easy to make a self-documenting database but you had to fuck that up.

Pulled into an 'emergency' meeting with a group of web designers deeply concerned a particular service wasn't going to meet all their requirements.
DevA: "For each page, Its going to be A LOT of work to retrieve all the data and store it's state. Every page load will require a round trip to the service."
DevB: "Yes, we aren't sure how the service should be changed to do what we need."
Mgr: "What is it not doing now? Doesn't the service already returns all the necessary data?"
DevA: "Well...um...its all the boolean fields. Some may be defaulted from the database or false because the user unchecked the box. We have to know which is which"
Me: "Why? Are you doing anything different in the UI? Checkbox will be true or false. What or who set that value is irrelevant"
DevC: "Well, it matters if the user didn't fill out all other other values."
Me: "How so?"
DevA: "Its matters because the values in the other fields. Its going to be A TON of work to figure out."
<mgr goes to the white board>
Mgr: "Lets map this out...what fields are you needing to trigger the state on?"
DevA: "Um...uh...the 'Approved' field...and um...'OK to Contact' field"
Mgr: "Just those two?"
DevA: "Yea..um...there are other fields, but whether or not to show the edit box depends on those two."
Me: "The service already returns data, you only have two fields to check? I don't see a need to change the service at all."
DevA: "Returning all that data, we are going have a serious scaling problem. We'll be hitting the service A LOT. All that javascript could cause performance problems too"
Me: "How much data are we talking about? Name, address, couple of booleans?"
DevA: "I have to serialize the data. All that logic is going to be reeeaaallly complicated. It might be better if the service returned only the data I need."
Me: "$64,000 question, how often is this feature going to be used on the web site? Maybe once? Few hundred a week?"
Mgr: "We have no idea. A lot of the data will be pre-populated and we're only sending out a few thousand invitations. More around the holidays...but honestly, not very many."
Me: "Changing that service only for this particular area of the web site isn't going to happen. Changing the UI is the only course of action."
DevA: "Oh frack I can't wait until this project is over."

DevA...how the funck do still have a job here? You wasted about half-hour of my time with your cry-baby crap. Where is my hammer...no...no..don't go there...ahhh...thanks devrant. Prison sentence diverted.

A couple of years ago, we decide to migrate our customer's data from one data center to another, this is the story of how it goes well.

The product was a Facebook canvas and mobile game with 200M users, that represent approximately 500Gibi of data to move stored in MySQL and Redis. The source was stored in Dallas, and the target was New York.

Because downtime is responsible for preventing users to spend their money on our "free" game, we decide to avoid it as much as possible.

In our MySQL main table (manually sharded 100 tables) , we had a modification TIMESTAMP column. We decide to use it to check if a user needs to be copied on the new database. The rest of the data consist of a savegame stored as gzipped JSON in a LONGBLOB column.

A program in Go has been developed to continuously track if a user's data needs to be copied again everytime progress has been made on its savegame. The process goes like this: First the JSON was unzipped to detect bot users with no progress that we simply drop, then data was exported in a custom binary file with fast compressed data to reduce the size of the file. Next, the exported file was copied using rsync to the new servers, and a second Go program do the import on the new MySQL instances.

The 1st loop takes 1 week to copy; the 2nd takes 1 day; a couple of hours for the 3rd, and so on. At the end, copying the latest versions of all the savegame takes roughly a couple of minutes.

On the Redis side, some data were cache that we knew can be dropped without impacting the user's experience. Others were big bunch of data and we simply SCAN each Redis instances and produces the same kind of custom binary files. The process was fast enough to launch it once during migration. It takes 15 minutes because we were able to parallelise across the 22 instances.

It takes 6 months of meticulous preparation. The D day, the process goes smoothly, but we shutdowns our service for one long hour because of a typo on a domain name.

This isn't a funny rant or story. It's one of becoming increasingly unsure of the career choices I've made the path they've led me down. And it's written with terrible punctuation and grammar, because it's a cathartic post. I swear I'm a better writer than this.

The highlights:
- I left a low-paying incredibly stable job with room to grow (think specialized office worker at a uni) to become a QA tester at a AAA game studio, after growing bored with the job and letting my productivity and sometimes even attendance slip
- I left AAA studio after having been promoted through the ranks to leading an embedded test tools development team where we automated testing the game (we got to create bots, basically!) and the database, and building some of the most requested tools internally to the company; but we were paid as if we were QA testers, not engineers, and were told that wouldn't change; rather than move over or up, I moved out to a better paying, less fabulous web and tools development job for a no-name company
- No-name company offered one or two days remote, was salaried, and close to home. CTO was a fan of long lunches and Quake 3 Arena 1-2 hours at the end of every day. CTO position was removed, I got a lot of his responsibilities, none of his pay, and started freelancing to learn new skills rather than deal with the CFO being my boss.
- Went to work as a freelancer for an email marketing SaaS provider my previous job had used. Made loads of money, dealt with an old, crappy code base, an old, cranky senior dev, and an owner who ran around like the world was on fire 24/7; but I worked without pants, bought a car, a house, had a kid, etc;

Now during ALL of this, I was teaching game dev as an adjunct at my former uni. This past fall, I went full time as a professor in game dev. I took a huge pay cut, but got a steady schedule (semester to semester anyway) and great benefits. I for once chose what I thought was the job I wanted over more money and something that was just "different". And honestly, I've regretted it so much. My peer / diagonally above me coworker feels untrustworthy half the time and teaches the majority of the programming courses when he's a designer and I've been the game programming professor for 8 years (I also teach non-game programming courses, but those just got folded into the games program...); I hate full-time uni politics; I'm struggling with money for my family; and I am in the car all the time it feels like. I could probably go back to my last job, which had some benefits, but nowhere near as good; my wife doesn't want me back to working in the house all the time because that was a struggle unto itself once we had a kid (for all of us, in different ways); and I have now less than 24 hours to tell my university I want to not pursue longer term contracts for full-time and go back to adjunct next Fall (or walk away entirely), or risk burning a bridge (we are reviewing applicants for next year tomorrow, including my own) by bailing out mid-application process.

I'm not sure I'm asking for advice. I'm really just ranting, I guess. Some people I know would kill to have the opportunities I have. I just feel like each job choice led me further away from a job I liked, towards more money, which was a tradeoff that worked out mostly, but now I feel like I don't have either, and I'm trapped due to healthcare and 401k and such. Sure, I like working more with my students and have been able to really support them in their endeavors this semester, but... that's their lives. Not mine. The wife thinks I should stay at the university and we'll figure out money eventually (we are literally sinking into debt, it's not going well at all), while most people think I should leave, make money, and figure out the happiness factor once my finances are back on track and the kid is old enough to be in school.

And I have less than 24 hours it feels like to make a momentous decision.

Yay. Thanks for reading :)

I had a wonderful run-in with corporate security at a credit card processing company last year (I won't name them this time).
I was asked design an application that allowed users in a secure room to receive instructions for putting gift cards into envelopes, print labels and send the envelopes to the post. There were all sorts of rules about what combinations of cards could go in which envelopes etc etc, but that wasn't the hard part.
These folks had a dedicated label printer for printing the address labels, in their secure room.
The address data was in a database in the server room.
On separate networks.
And there was absolutely no way that the corporate security folks would let an application that had access to a printer that was on a different network also have access to the address data.
So I took a look at the legacy application to see what they did, to hopefully use as a precedent.
They had an unsecured web page (no, not an API, a web page) that listed the addresses to be printed. And a Windows application running on the users' PC that was quietly scraping that page to print the labels.
Luckily, it ceased to be an issue for me, as the whole IT department suddenly got outsourced to India, so it became some Indian's problem to solve.

Beware: Here lies a cautionary tale about shared hosting, backups, and -goes without saying- WordPress.

1. Got a call from a client saying their site presented an issue with a third-party add-on. The vendor asked us to grant him access to our staging copy.

2. Their staging copy, apparently, never got duplicated correctly because, for security reasons, their in-house dev changed the name of the wp-content folder. That broke their staging algo. So no staging site.

3. In order to recreate the staging site, we had to reset everything back to WP defaults. Including, for some reason, absolute paths inside the database. A huge fucking database. Because WordPress.

4. Made the changes directly in a downloaded sql file. Shared hosting, obviously, had an upload limit smaller to the actual database.

5. Spent half an hour trying to upload table by table to no avail.

6. In-house uploads a new, fixed database with the help of the shared hosting provider.

7. Database has the wrong path. Again.

8. In-house performs massive Find and Replace through phpMyAdmin on the production server.

9. Obviously, MySQL crashes instantly and the site gets blocked for over 3 hours for exceeding shared hosting limits.

10. Hosting provider refuses to accept this was caused by such a stupid act and says site needs to be checked because queries are too slow.

11. We are gouging our eyeballs as we see an in-house vs. hosting fight unfold. So we decide to watch a whole Netflix documentary in between.

12. Finally, the hosting folds and enables access to the site, which is obvi not working because, you know, wrong paths.

13. Documentary finishes. We log in again, click restore from backup. Go to bed. Client phones to bless us. Client’s in-house dev probably looking for a cardboard box to pack his stuff first thing in the morning. \_(ツ)_/¯

I DIDN'T SIGN UP FOR THIS !!!

After seeing bunch of posts about Enki, decided to give it a try,

enters my info on the sign up page
*email address is already taken* : WHAT !!

changes email address
*your username is already taken* : WHAT !!

goes back and search if there's any mails from Enki
*no results found* : Dafuq !!

Requests password reset
*Receives first mail from enki ever, with a reset link*

Did they change their name from something else to Enki or they have bunch of emails in their database to showoff user base ?

Can anyone shed some light on this, cause I'm 100% sure i didn't sign up for this before.

after resetting the password I'm able to login, but in the Notification section it says
*your email is not confirmed*

well i would confirm it, WHEN I GET IT !!

I don't know why is that everytime you guys find a security bug or a data leak or that someone is saving plain passwords on their database, you try to cover and censor the company name. Listen people, fuck the company and their name and their brand if someone's data might be in danger. Everybody should be aware of what is happening with their personal information.

Also, maybe would be great if devRant would let users to post anonymous rants for this kind of issues or a special thread with latest news about our online security.

Since my first post was a success, here's another shameless hack-- in this case, ripping a "closed" database I don't usually have access to and making a copy in MySQL for productivity purposes. That was at a former job as an IT guy at a hardware store, think Lowes/Rona.

We had an old SCO Unix server hosting Informix SQL (curious, anyone here touched iSQL?), which has terminal only forms for the users to handle data, and has keybindings that are strangely vi based (ESC does commit changes. Mindfsck for the users!). To add new price changes to our products, this results to a lengthy procedure inside a terminal form (with ascii borders!) with a few required fields, which makes this rather long. Sadly, only I and a colleague had access to price changes.

Introducing a manager who asks a price change for a brand- not a single product, but the whole product line of a brand we sell. Oh and, those price changes ends later after the weekend (twice the work, back at regular price!)

The usual process is that they send me a price change request Excel document with all the item codes along with the new prices. However, being non technical, those managers write EVERYTHING at hand, cell by cell (code, product name, cost, new price, etc), sometimes just copy pasted from a terminal window

So when the manager asked me to change all those prices, I thought "That's the last time I manually enter all of this sh!t- and so does he". Since I already have a MySQL copy of the items & actual (live) price tables, I wrote a PHP backend to provide a basic API to be consumed to a now VBA enhanced Excel sheet.

This VBA Excel sheet had additional options like calculating a new price based on user provided choices ("Lower price by x $ or x %, but stay above cost by x $ or x %"), so the user could simply write back to back every item codes and the VBA Excel sheet will fetch & display automatically all relevant infos, and calculate a new price if it's a 20% price cut for example.

So when the managers started using that VBA sheet, I had also hidden a button which simply generate all SQL inserts for the prices written in the form, including a "back to regular price" if the user specified an end date, etc.

No more manual form entry for me, no more keyboard pecking for the managers with new prices calculated for them. It was a win/win :)

Student Account Password at the university. No changes the default. It's their DOB and first two letters of the name.

Injection steps:
Open Database ( I am the Placement Representative )
Copy DOB
Paste
Add the first two alphabet
Unlocked

So about two months ago in my consulting firm I was asked to replace a colleague on a project (node and Angular). The project is only a few months old but it’s already a total clusterfuck. DB is very poorly designed. It’s supposed to be a relational database but there’s not a trace of a foreign key or any key for that matter and I’ve seen joins like tableA.name = tableB.description (seriously, that’s your relation??). The code is a mess with entire blocks of code copied from another project and many parts of the code aren’t even used. He didn’t even bother renaming variables so they would make sense in the context they were shamelessly thrown into. The code is at best poorly typed if not typed at all.

During our dailies I sometimes express my frustration with my other colleagues as I very politely allude to my predecessor’s code as being hard to work with. (They are all “good friends" with him). I always get the same response from my colleagues: "yeah but you’ve gotta understand Billybob was under a lot of pressure. The user stories were not well defined. He didn’t have time to do a proper job". That type of response just makes me boil inside.

Because you think I have time to deal with this shit? You don’t think I’m working with the same client and his user stories that are barely intelligible? How long does it take to write type definitions for parameters going into a function? That’s right, 30 seconds at most? Maybe a minute if it’s a more elaborate object? How much time do you think you’ll save yourself with a properly typed function or better yet an interface? Hard to tell but certainly A LOT MORE than those 30 seconds you lost (no, the 30 seconds you INVESTED) in writing that interface!!!

FUCK people with their excuses! Never tell me you don’t have time to do a proper job! You’ve wasted HOURS of my time just because you were too fucking lazy to type your functions, too lazy to put just a little more thought into designing your tables, too lazy to rename a variable so that it’s name actually makes sense where it’s being used. It’s not because you were short on time. You’re just lazy!
FUCK!!!!!!

So.. name one fucken case where your database is not a computer backed thing.

Just asking because.. why the fuck? I don't think your database server supports input of fucking math symbols? JUST USE HUMAN LANGUAGE, AS YOU HAVE TO DO ANYWAY!

It's stupid how everything needs to be expressed mathematically ffs. Not that it's hard to understand - it's just more complex than of a very simple wording.

I have multiple contenders ;)

Contender one:

A program used to sort emails.

We was in the process of moving from lotus notes to exchange and needed a way route emails to the right server internally.

Solution, a qmail to receive all emails, a script running by cron every minute to read the emails, check the recipient name to a list and resending to the right server. The script was written in php :P since that was the only way we at the time had to read an email into an object, it was run just like any other shell script :D

Contender two:

A multi threaded mail sender that fetch email addresses and content from a database and posted them through qmail using background execution and pipes to get the result back and then update the database, written in bash script.

Contender three:

A c program used in a similar way as in one but this time using dial up and uucp to fetch email and then drop these either into lotus notes or into a bbs for our customers to give them an email address. This was around 1993, so not to many isp’s offered email and not to many had internet anyway, dial up bbs was much more common.

A friend of mine asked me yesterday for help for his bachelor thesis.

He wants to write about MySQL internals in regards to BLOB storage / usage.

We had a veeeerrrry long discussion....

And found a loooot of scary internet pages.

It's so .... Insane....

What some people with doctor titles or higher education generate...

Isn't content. More poo...

Most "blogs" / "articles" or whatever the author named it were missing all kinds of relevant data (version, configuration, anything relevant) but full of opinionated / biased bullshit.

Highlights were:
- we store lot of BLOB data, Backups take long and require more space
(you store additional data in an database, whaddya expect???!!!!)

- interesting guesswork about locking without any reference (interesting since it was sometimes so far away from reality that it looked more like quantum physics)

- storing blobs means that _each_ blob entry will be stored in a separate file (without any reference, but if an RDBMs did that... It would end in an amazing fireball I guess)

- BLOB's bad since it can represent only the file content, the database cannot distinguish wether it's an MP3 / MPG or anything like that...

(Ehm. Yeah. And an database cannot distinguish if you store under "Name" an Name or gibberish?!)

I somehow think that some people made an doctor and post this gibberish nonsense so people stay dumb to give them a job...

Like the TV repair men who steals the batteries from the remote.

Even conspiracy theories were more convincing

Hello all,

I am an apprentice, 19. I joined this software developer apprenticeship to leave college as it was not particularly great for my mental health, and programming is the only thing I can do reasonably well.

The company that I find myself in is a strange one. It has about twenty or so employees, but we all instructed to operate as if we are a giant company—our sales person, for example, will tell our clients that we have hundreds.

The development team is a collection of software developers. There is no database administrator, network administrator, software engineer (not in name only), test engineer, requirements engineer, etc. There are just several software developers. Of these developers, one has left by now. When he joined, he was promised to be working on a new system: he left after spending seven years on an old system. A new developer has just arrived to replace him: he was told he would be working with Raspberry Pis; it was interesting to see his face after we informed him that we do not use Raspberry Pis.

The codebase is fourty-years-old and written in Delphi, which is some kind of cousin of pascal, from what I understand. Code is not peer-reviewed. Instead, it is self-reviewed, and you just push whatever changes you make. The code is very much spaghetti, and there is a whole array of bugs that, at least to me, look impossible to track down and fix. I have a bug assigned to me at the moment were someone appears somewhere when they are not supposed to. After asking seniors about this, I learn of this huge checking mechanism and all of its flaws: a huge, flawed checking mechanism... for toggling a single boolean value. This isn't a complicated boolean value, by the way, this is just a value to say whether someone has clocked in or clocked out of a building, via a button.

In terms of versioning, we have several releases, and we often do development work in older releases (or new releases and then write them into older releases) because our clients are larger than us and often refuse to upgrade, and the boss does not want to lose any contracts. We also essentially have multiple master branches.

With the lack of testers, bizarre version control, what appears to be unfiffled promises to staff, etc. I must ask that, since this is my first gig as a software developer, is any of this normal?

I really hate PHP frameworks.

I also often write my own frameworks but propriety. I have two decades experience doing without frameworks, writing frameworks and using frameworks.

Virtually every PHP framework I've ever used has causes more headaches than if I had simply written the code.

Let me give you an example. I want a tinyint in my database.

> Unknown column type "tinyint" requested.

Oh, doctrine doesn't support it and wont fix. Doctrine is a library that takes a perfectly good feature rich powerful enough database system and nerfs it to the capabilities of mysql 1.0.0 for portability and because the devs don't actually have the time to create a full ORM library. Sadly it's also the defacto for certain filthy disgusting frameworks whose name I shan't speak.

So I add my own type class. Annoying but what can you do.

I have to try to use it and to do so I have to register it in two places like this (pseudo)...

Types::add(Tinyint::class);
Doctrine::add(Tinyint::class);

Seems simply enough so I run it and see...

> Type tinyint already exists.

So I assume it's doing some magic loading it based on the directory and commend out the Type::add line to see.

> Type to be overwritten tinyint does not exist.

Are you fucking kidding me?

At this point I figure out it must be running twice. It's booting twice. Do I get a stack trace by default from a CLI command? Of course not because who would ever need that?

I take a quick look at parent::boot(). HttpKernel is the standard for Cli Commands?

I notice it has state, uses a protected booted property but I'm curious why it tries to boot so many times. I assume it's user error.

After some fiddling around I get a stack trace but only one boot. How is it possible?

It's not user error, the program flow of the framework is just sub par and it just calls boot all over the place.

I use the state variable and I have to do it in a weird way...

> $booted = $this->booted;parent::boot();if (!$booted) {doStuffOnceThatDependsOnParentBootage();}

A bit awkward but not life and death. I could probably just return but believe or not the parent is doing some crap if already booted. A common ugly practice but one that works is to usually call doSomething and have something only work around the state.

The thing is, doctrine does use TINYINT for bool and it gets all super confused now running commands like updates. It keeps trying to push changes when nothing changed. I'm building my own schema differential system for another project and it doesn't have these problems out of the box. It's not clever enough to handle ambiguous reverse mappings when single types are defined and it should be possible to match the right one or heck both are fine in this case. I'd expect ambiguity to be a problem with reverse engineer, not compare schema to an exact schema.

This is numpty country. Changing TINYINT UNSIGNED to TINYINT UNSIGNED. IT can't even compare two before and after strings.

There's a few other boots I could use but who cares. The internet seems to want to use that boot function. There's also init stages missing. Believe it or not there's a shutdown and reboot for the kernel. It might not be obvious but the Type::add line wants to go not in the boot method but in the top level scope along with the class definition. The top level scope is run only once.

I think people using OOP frameworks forget that there's a scope outside of the object in PHP. It's not ideal but does the trick given the functionality is confined to static only. The register command appears to have it's own check and noop or simply overwrite if the command is issued twice making things more confusing as it was working with register type before to merely alias a type to an existing type so that it could detect it from SQL when reverse engineering.

I start to wonder if I should just use columnDefinition.

It's this. Constantly on a daily basis using these pretentious stuck up frameworks and libraries.

It's not just the palava which in this case is relatively mild compared to some of the headaches that arise. It's that if you use a framework you expect basic things out of the box like oh I don't know support for the byte/char/tinyint/int8 type and a differential command that's able to compare two strings to see if they're different.

Some people might say you're using it wrong. There is such a thing as a learning curve and this one goes down, learning all the things it can't do. It's cripplesauce.

Been working on a new project for the last couple of weeks. New client with a big name, probably lots of money for the company I work for, plus a nice bonus for myself.

But our technical referent....... Goddammit. PhD in computer science, and he probably. approved our project outline. 3 days in development, the basic features of the applications are there for him to see (yay. Agile.), and guess what? We need to change the user roles hierarchy we had agreed on. Oh, and that shouldn't be treated as extra development, it's obviously a bug! Also, these features he never talked about and never have been in the project? That's also a bug! That thing I couldn't start working on before yesterday because I was still waiting the specs from him? It should've been ready a week ago, it's a bug that it's not there! Also, he notes how he could've developes it within 40 minutes and offered to sens us the code to implement directly in our application, or he may even do so himself.... Ah, I forgot to say, he has no idea on what language we are developing the app. He said he didn't care many times so far.

But the best part? Yesterday he signales an outstanding bug: some data has been changed without anyone interacting. It was a bug! And it was costing them moneeeeey (on a dev server)! Ok, let's dig in, it may really be a bug this time, I did update the code and... Wait, what? Someone actually did update a new file? ...Oh my Anubis. HE did replace the file a few minutes before and tried to make it look like a bug! ..May as well double check. So, 15 minutes later I answer to his e-mail, saying that 4 files have been compromised by a user account with admin privileges (not mentioning I knee it was him)... And 3 minutes later he answered me. It was a message full of anger, saying (oh Lord) it was a bug! If a user can upload a new file, it's the application's fault for not blocking him (except, users ARE supposed to upload files, and admins have been requestes to be able to circumvent any kind of restriction)! Then he added how lucky I was, becausw "the issue resolved itself and the data was back, and we shouldn't waste any more yime.on thos". Let's check the logs again.... It'a true! HE UPLOADED THE ORIGINAL FILES BACK! He... He has no idea that logs do exist? A fucking PhD in computer science? He still believes no one knows it was him....... But... Why did he do that? It couldn't have been a mistake. Was he trying to troll me? Or... Or is he really that dense?

I was laughing my ass of there. But there's more! He actually phones my boss (who knew what had happened) to insult me! And to threaten not dwell on that issue anymore because "it's making them lose money". We were both speechless....

There's no way he's a PhD. Yet it's a legit piece of paper the one he has. Funny thing is, he actually manages to launch a couple of sort-of-nationally-popular webservices, and takes every opportunity to remember us how he built them from scratch and so he know what he's saying... But digging through google, you can easily find how he actually outsurced the development to Chinese companies while he "watched over their work" until he bought the code

Wait... Big ego, a decent amount of money... I'm starting to guess how he got his PhD. I also get why he's a "freelance consultant" and none of the place he worked for ever hired him again (couldn't even cover his own tracks)....

But I can't get his definition of "bug".
If it doesn't work as intended, it's a bug (ok)
If something he never communicated is not implemented, it's a bug (what.)
If development has been slowed because he failed to provide specs, it's a bug (uh?)
If he changes his own mind and wants to change a process, it's a bug it doesn't already work that way (ffs.)
If he doesn't understand or like something, it's a bug (i hopw he dies by sonic diarrhoea)

I'm just glad my boss isn't falling for him... If anything, we have enough info to accuse him of sabotage and delaying my work....

Ah, right. He also didn't get how to publish our application we needes access to the server he wantes us to deploy it on. Also, he doesn't understand why we have acces to the app's database and admin users created on the webapp don't. These are bugs (seriously his own words). Outstanding ones.

Just..... Ffs.

Also, sorry for the typos.

Quotes are paraphrased (unless *) to protect the incompetent and stupid (or more the case: client and I'm reducing risk of exposure)

Situation: We have a program that opens sqlite database files. Occasionally new versions of the program needs to upgrade these files.

Program UI: To proceed you need to upgrade your database. It is recommended you backup your database before proceeding. Hit Yes to continue or No to abort.

Client: How do you back up a model once it has upgraded? If I hit No the program closes leaving me no option to backup the model.

Support: *The easiest way of backing up a model before upgrading is creating a copy of the file and keeping it in a separate folder*

Client: *Haha forgot about being able to do that outside of* <program name>

TL;DR: engineer in technical role who is probably getting paid $150k+ forgets it is possible to make a copy of a file.

So I got a job and on the first day I was giving a task to fix a bug which they said it was urgent that the software is been used by the financial department, so if I don't get it fixed soonest they would be loosing money.

I completely don't know how the software works, so I thought they would give me some time to get familiar with the code base but fu*k I gat to fix this if not they would See me as a person who does not know his stuff.

Some minute later, the CTO messaged me asking me how I introduced the bug in the first place, I was like I have not even cloned the repo, I have not pushed any code lol. At that point I know I'm gonna be so f**ked in this job .

So after sometime I fixed it but I had to get permission from the lady that manages the database because I was not given access and I need to update a field name in a table for everything to work well. I asked the lady to help update the field since she is the only one that has access to it and its urgent and every body is waiting for me. She told me to wait for 1hr and remind her that she's busy right now, after some hrs I reminded her but she kept telling me she will update it later.

Nobody wants to hear that I was not the one delaying the fix, so since I can push some code to the report and it's get deployed, I wrote a script to update the field and I removed the code later. With that done the fix was live and everybody was happy!

The next day, the lady came to me and was like I tried to update the field when I went home but it has already been update but I don't know why. I told her I don't know too :p😃

So I work for an IT consulting firm (web development) and was hired by a customer 7 months ago for coaching Git, implementation of VueJS on the front-end and fostering teamwork with devs who'd been in their solo comfort zone for the last 15 years.
I asked for confirmation multiple times on whether they were sure they wanted to go through with a bigger investment in front-end. Confirm they did, multiple times.

After half the team's initial enthusiasm faded (after 1 month), the 'senior' of them who's worked there for 18 years on a single -in the end, failed- project got a burn-out after half a week of showing up (without doing actual work) from the stress, and started whining about it with management that has no technical clue whatsoever. This and other petty office politics lead to the dumbest organizational and technical decisions I've seen in my short 5-year career (splitting a Laravel app that uses the same database in two, replacing docker container deployment with manual ssh'ing and symlinking, duplicating all the models, controllers, splitting a team in two, decreasing productivity, replacing project management dashboards with ad-hoc mail instructions and direct requests).

Out of curiosity I did a git log --author --no-merges with the senior's name on the 2 projects he was supposed to help on, and that turned up... ZERO commits. Now the dept. hired 3 new developers with no prior experience, and it's sad to see the seniors teach them "copy paste" as the developer's main reflex.

Through these 7 months I had to endure increasingly vicious sneers from the IT architect -in name only- who gets offended and hysterical at every person who dares offer suggestions. Her not-so-implicit insinuation is that it's all my fault because I implemented Vue front-end (as they requested), she has been doing this for months, every meeting at least once (and she makes sure other attendees notice). Extra background: She's already had 2 official complaints for verbal abuse in the past, and she just stressed another good developer into smoking again.

Now I present her my timesheet for January, she abuses her power by refusing to sign it unless I remove a day of work.
Earlier this week I asked her politely to please stop her unjust guilt-tripping to which she shouted "You'll just have to cope with that!", and I walked out of the room calmly (in order to avoid losing my nerves). She does this purely as a statement, and I know she does it out of bad faith (she doesn't actually care, as she doesn't manage the budgets). She knows she wields more power over me than the internal devs (I am consultant, so negative reviews for me could delay further salary raises).

I just don't know how to handle this person: I can't get a word in with her, or she starts shouting, and it's impossible to change her (completely inaccurate technological) perception.

So here I am trying to understand the database schema in order to write a REST interface. Then I find that one of the tables contains an id and a name columns but the name is Integer not a string!
I contacted the developer who gladly explained that it was easier for them to store the ids in the database but the actual names strings were hard coded in the source files so they can handle translations!

The customer wanted me to create a password for their database. I made it the name of the software and appended b4lls.

Whenever I tell him what the password is I spell out the software with the b at the end, say "the number four", then lls. He has never repeated "oh, softwareballs", I am not sure he has noticed.

Has anyone else worked in business environments and found... em.. "wannabe-tech decisions?"

For example, naming stuff with shortened words and underscores instead of spaces.... for no real reason? Or maybe using the word "database" a little too often, just to use the word? (similar to the way you might call someone by name, only to confirm to them that you have learned their name?)

It doesn't actually bother me, rather, I think it's a bit cute that these people are interested in our culture and want to be a part of it, even if it's in sort of silly ways like this.

Recently my company has bought a patented product from the IIT, Kharagpur, India (those who are not from India just Google this name. It's one of the most esteemed engineering colleges in India). I can not provide the details of the product, but let's talk about the technology stack they used.

The software module of this product was built using VB 6 (yes, you read that right) and MATLAB 6.0 (released in 2000), and used MS Access for database. Remember, the product was built in 2015 and patented in 2016 or 17. The people who built the software were mostly final year B.Tech CS (equivalent to B.S.) students and one IIT professor.

This shows what we need to change in the CS education. Do I need to say more?

I want to cry... Fuck it.. shiit. .. :( :( ;(

Wasted half of the Weekend to Setup MySQL on my vServer which uses ssl encryption, have specific User and so on.
Thought: well, the User mysql is not so good as a Name. Drop it, you don't need it.
What did I? Instead of Drop User mysql , I typed Drop Database mysql.

Fuck that fucking Shit. I'm so sad right now. Broked the complete MySQL Database. Nothing is working anymore. And the server is new, I've Just made One Backup. Deleted this a few hours ago.. also accidently.

Help me :( Shit :( so sad :( Now, I don't have Motivation anymore to work with the vServer :(

I can't convince my team that a good database model promotes a good API design and a good UI/UX experience.

Instead, I have to work with a ridiculous table setup.

Imagine, if you will, a table (table B) that references another table (table A) via a foreign key. The FK is a string in both tables. And table A only has one column, which is labeled as "name".

The schema i have to look at it kind of like this:

Table parent
Name varchar(10) primary key

Table child
Name varchar (10),
parent_name varchar(10),
Foreign key (parent_name) references parent (name)

Sorry if the syntax is wrong, a little frustrated having to look at it...

Am I crazy to want to change this table design? Am I missing something? I feel like I'm taking crazy pills, because this is just scratching the surface of the problems I have to deal with.

Lessions I learned so far from my first big node/npm project with tons of users:
1) If you didn't build something for a while, expect 3 hours of resolving version conflicts for every two weeks since the last build.
2) Even if the tests pass, run the containers on your own machine and make sure that the app doesn't randomly crash before deploying
3) Even if the app seemed to work on your own machine, run the tests again in an environment mimicking prod at most 15 minutes before replacing the running containers.
4) Even if all else indicates that the app will work, only ever deploy if you expect to be available within the 4 hours following a deployment.
5) Don't use shrinkwrap for anything other than locking every version down completely. A partial shrinkwrap will produce bugs that are dependent on the exact hour you built the app _and_ the shrinkwrap file, and therefore no one will ever have seen them other than you.
6) Avoid gyp, and generally try not to interface too much with anything that doesn't run on node. If parts of your solution use very different toolchains, your problems will be approximately proportional to the amount of code. And you'd be surprised just how much code you're running. (otherwise it's more logarithmic because the more code the less likely a new assumption is unique)
7) Do not update webpack or its plugins or anything they might call unless you absolutely need to
8) Containers are cool but the alpine ones are pretty much useless if you have even just one gyp module.
9) There's always another cache. To save yourself a lot of pain, include the build time in every file or its name that the browser can download, and compare these to a fresh build while debugging to assert that the bug is still present in the code you're reading
+1) Although it may look like it, SQLite is far from a simple solution because the code and the bindings aren't maintained. In fact, it'll probably be more time consuming than using a proper database.

On the MSc I was participating in, there is a teacher that has a lesson about Databases.

The MSc was not only for experience computer science students. We were informed that the first semester would be as an introduction to all.

So, Databases. No introduction at all. Just read the powerpoint and the pdf he had just translated (or not, because some were just from the internet), just refers to how they are structured briefly. He showed everything about Databases without the students that didn't know much to be involved (we didn't get to our lab for some reason) and then there was his assignment.

His assignment was written as it would be from a customer that knows shit about Databases (sorry but I had to rant). We sat down student's that knew already Databases and some of us worked as database engineers. We agreed on some steps that after read the next chapter of the assignment we reconfigured them. And so on, until we had nothing and we were back at the beginning.

Needless to say, I did not lose my Christmas holidays for him. It took me 2 days after to build a database that was not a full solution but a part (I wad noy sure, the assignment was ambiguous). I passed the lesson with the minimum passable grade.

So, I wrote a nice email to the MSc teacher that had to organize it (or something like that). I did not swear at all. I was professional and wrote what I encountered and what it should have been. The Databases teacher had always that smirk and face that he was THE boss and had no respect for his own lesson. But I didn't mention it. The organizing teacher shared the email with the databases teacher.

And the time came that we had another lesson (web development, it was awful under him) with the databases teacher. And he had the wonderful idea to read the email out loud in front if everyone. He did noy mention my name. I raised my hand and told my colleagues it was me. Then I asked him in front of them, if he was contented with the results (only a few passed the databases lesson and max grade was the smallest passable), first he avoided the question. I asked again. And he said yes. We all looked at each other and somehow knew. No one spoke and I didn't push because I didn't want to take the web lesson's hours for this. It was just hopeless.

From there on, the teachers said we were their best class ever but the most complaining one. They didn't even bother to analyze the "complaints".

So, there you go. One of the lot of those teachers.

Oh this defect is great!

Inherited an app that allows people to type in the name of their beneficiary in a form.

The database column is varchar(50) and the form has no size limit...beautiful

Well I can't forgot this.

In college I met a guy with whom I passed the same subjects, we had friends in common but we never spoke until after a time (8 months later) he said: "hey can you help me with my problem? I'm doing a website and I want you to verify this database... now".
I just said "ok let's see"... When I gave him my observations he said: "thank you .. I don't remember your name right now but... don't you wanna do this website with me?".
And that's how I met one of my bestfriend and coworker.

The year was 2006. During the first half of my career, I use to work in the NOC. This was before I made my transition to software engineer. I worked on the third shift for a bank services company. The company was on a down turn. Just years earlier they just went public, and secured a deal with a huge well known bank. Eventually they entered a really bad contract with the bank and was put into a deal they couldn't deliver on. The partnership collapse and their stock plummeted. The CEO was dismissed, and a new CEO came in who wanted to "clean things up".

Anyway I entered the company about a year after this whole thing went down. The NOC was a good stepping stone for my career. They let me work as many hours as I liked. And I took advantage of it, clocking in 80 hours a week on average. They gave me the nick name "Iron Man".

Things started to turn around for the company when we were able to secure a support contract with a huge bank in the Alabama area. As the NOC we were told to handle the migration and facilitate the onboarding.

The onboarding was a mess with terrible instructions that didn't work. A bunch of software packages that crashed. And the network engineers were tips off, as they tunnel between our network and the banks was too narrow, creating an unstable connection between us and them. Oh, and there were all sorts of database corruption issues.

There was also another bank that was using an old version of our software. The sells team had been trying to get them off our old software for over a year. They refuse to move. This bank was the last one using this version, and our organization wanted to completely cut support.

One of the issue we would have is that they had an overnight batch job that had an ETA to be done by 7 AM. The job would often get stuck because this version of the software didn't know how to fail when it was caught in an undesired state. So the job hung, and since the job didn't have logging, no one could tell if it failed unless the logs stopped moving for an hour. It was a heavily manually process that was annoying to deal with. So we would kill the JVM to "speed" the job up. One day I killed the JVM but the job was still late. They told me that they appreciated the effort, but that my job was only to report the problem and not fix it.

This got me caught up in a major scandal. Basically they wanted the job to always have issues everyday. Since this was critical for them, all we needed to do was keep reporting it, and then eventually this would cause the client to have to upgrade to our new software. It was our sales team trying to play dirty. It immediately made me a menace in the company.

For the next 6 months I was constantly harassed and bullied by management. My work was nitpicked. They asked me to come into work nearly everyday, and there was a point I worked 7 days with no off days. They were trying to run me so dry that I would quit. But I never did.

On my last day at the company, I was on a critical call with a customer, and my supervisor was also on the line. My supervisor made a request that made no sense, and was impossible. I told her it wasn't possible. She then scalded me on the call in front of customers. She said "I'm your supervisor, you're just a NOC technician, you do what I say and don't talk back". It was embarrassing to be reprimanded on a call with customers. I never quite recovered from that. I could fill myself steaming with anger. It was one of the first times in my adult life that I felt I really wanted to be violent towards someone. It was such a negative feeling I quit that day at the end of my shift with no job lined up.

I walked away from the job feeling very uncertain about my future, but VERY relieved. I paid the price, basically unable to find a job until a year and a half later. And even was forced to move back in with my mother. After I left, the company still gave my a severance. Probably because of the supervisor's unprofessional conduct in front of customers, and the company probably needed to save face. The 2008 crash kept me out of work until 2009. It did give me time to work on myself, and I swore to never let a job stress me out to that degree. That job was also my last NOC job and the last job where did shift work. My next few jobs was Application Support and I eventually moved into development full time, which is what I always wanted to do.

Anyway sorry if it's a bit long, but that's my burnout story.

This rant can basically be boiled down to the name of the software in use/question:
FileMaker Pro 8.5

Please chime in if you have ever had the privelege of working with this gem of a database program, especially the scripting capabilities...

Trying to make it print/save/export an individual PDF file into a folder specified/created by one field with the filename set from another field. Will probably get it to work but the drag and drop scripting style reminds me of setting up an autoclicker for runescape; so fricken painful. Love to hear your comments.

Also happens to be running on an ancient PPC G5 iMac with 1 Gig of RAM running 10.4.11 hidden in the back room of an old warehouse with extra creepy flickering lights...

EFFF EMMM ELLL

So yeah thats my rainy Friday rant, hope you all are having this much fun.

Client be like:
Pls, could you give the new Postgres user the same perms as this one other user?

Me:
Uh... Sure.

Then I find out that, for whatever reason, all of their user accounts have disabled inheritance... So, wtf.

Postgres doesn't really allow you to *copy* perms of a role A to role B. You can only grant role A to role B, but for the perms of A to carry over, B has to have inheritance allowed... Which... It doesn't.

So... After a bit of manual GRANT bla ON DATABASE foo TO user, I ping back that it is done and breath a sigh of relief.

Oooooonly... They ping back like -- Could you also copy the perms of A on all the existing objects in the schema to B???

Ugh. More work. Lets see... List all permissions in a schema and... Holy shit! That's thousands of tables and sequences, how tf am I ever gonna copy over all that???

Maybe I could... Disable the pager of psql, and pipe the list into a file, parse it by the magic of regex... And somehow generate a fuckload of GRANT statements? Uuuugh, but that'd kill so much time. Not to mention I'd need to find out what the individual permission letters in the output mean... And... Ugh, ye, no, too much work. Lets see if SO knows a solution!

And, surprise surprise, it did! The easiest, simplest to understand way, was to make a schema-only dump of the database, grep it for user A, substitute their name with B, and then input it back.

What I didn't expect is for the resulting filtered and altered grant list to be over 6800 LINES LONG. WHAT THE FUCK.

...And, shortly after I apply the insane number of grants... I get another ping. Turns out the customer's already figured out a way to grant all the necessary perms themselves, and I... No longer have to do anything :|

Joy. Utter, indescribable joy.

Is there any actual security reason for disabling inheritance in Postgres? (14.x) I'd think that if an account got compromised, it doesn't matter if it has the perms inherited or not, cuz you can just SET ROLE yourself to the granted role with the actual perms and go ham...

When your IT VP starts speaking blasphemy:

"Team,
We all know what’s going on with the API. Next week we may see 6x order volumes.

We need to do everything possible to minimize the load on our prod database server.

Here are some guidelines we’re implementing immediately:

· I’m revoking most direct production SQL access. (even read only). You should be running analysis queries and data pulls out of the replication server anyway.
· No User Management activities are allowed between 9AM and 9PM EST. If you’re going to run a large amount of updates, please coordinate with a DBA to have someone monitoring.
· No checklist setup/maintenance activities are allowed at all. If this causes business impact please let me know.
· If you see are doing anything in [App Name] that’s running long, kill it and get a DBA involved.

Please keep the communication level high and stay vigilant in protecting our prod environment!"

RIP most of what I do at work.

When I first started down the path to becoming a developer, I was a "business analyst" where I managed our departments reports and ended up migrating all the reports from daily query run in MS Access with Task manager and emailed out to all the managers including the VP of the entire business unit, I created
Views in the database and sent out the same spreadsheet with the view in excel daily since management didn't want "change". Granted this was at a large health care company in the US and didn't want to invest in a real dashboard for their reports. The only thing that was changed in the email and file was the file name with the current date. I left the company a while ago and recently applied for a similar position for the shits and gigs. Interviewed with the It manager and they're still using the same excel macro I wrote 3 years later.

Interesting...

On Friday, I was playing with the ChatGPT integration in DBeaver. I was using the DBeaver sample SQLite database. This database has a couple of tables, among them Album and Artist, where Album has a foreign key into Artist.

So, I asked it:

"give me a query that lists all albums from artists who's name starts with s"

The query I got back was:

SELECT * FROM Album

Uhh, okay.

But then, I noticed that I wrote "who's" instead of 'whose', which would be proper grammatically. So, I changed that, and then I got this query:

SELECT * FROM Album WHERE ArtistId IN (SELECT ArtistId FROM Artist WHERE Name LIKE 'S%');

Hooray, that works! I'm not sure it's the best way to write the query... I might have written:

SELECT * FROM album a, artist r WHERE a.artistid=r.artistid AND r.name LIKE 'S%'

...I'd have to check to see if one performs better than the other, and consider which syntax I find clearer, but that's a separate issue, it's just nice to see a working, reasonable query generated because that's the point, after all.

But I found it interesting that such a minor error would cause it to not work, that's my main point.

Interestingly, it seems to have learned: I just tried the same thing, and I got the right query either way. So that's pretty cool.

It's a pretty neat feature and I can see some legitimate value in it. I'm pretty good writing SQL myself... I've managed to write some truly hideously complex queries over the years... but there are definitely instances I can recall where the query didn't seem obvious at the start, and having an AI that can MAYBE produce something that is AT LEAST a starting point is definitely something I can get onboard with.

I wasn't happy with one of our UI views for editing a database query that consisted of about 50 fields ("editing" being the operative term here, not just viewing. It had to be two-way). Everything was hardcoded and defined manually, with each block of ~10 lines being repeated and mostly identical apart from the occasional double inline field and name of the variable. It had "just ended up that way" over time due to the variable names in the UI being different than the names of the variables that came from the API.

I decided to overhaul it all where I defined the different input components and which fields should be included, then made a function which would generate the page based on these definitions. It was about 500 lines of modularized functions and classes where the class for the actual view was about 50 lines- compared to the 1400+ lines of the previous version.

But, it didn't work. It should, but it "just didn't". There was no error. All I got was a blank, solid white page. I could make a drastic change or try something completely different and I would get the same error, same blank page. API fetch succeeded, value assignments succeeded, the object exists, but if you iterated it it was... empty.

I started getting really discouraged that I had made it too abstract. Maybe I actually made it more complex and unreadable than before. Maybe just hardcoding it all was the better solution after all. Maybe I had gone against KISS and overdesigned it.

I was up pretty late and everyone had gone home. When the last guy left there was that mood where "yeah if I can't make this work we'll just use the current version...".

Turns out I had tried iterating over a property of the set of fields to render, rather than the entire collection. In the old method the variables were a member of an object, but now they were its own object, a change I had made to isolate the set of values which were to be viewed/edited and make them easier to pass back and forth. This member existed since I hadn't cleaned it out yet, but it was empty.

I had been banging my head against this for a whole day and I was ready to admit I had made a mistake and wasted my time before discarding it all, but then I backspaced this one property and the interface went from empty to rendering perfectly and with all functionality intact. I swear god rays were coming out of my screen.

When your project manager promised to give you a script generator for the big database migration and came back with an Excel sheet where you have to copy-paste every table name and fields to get the table specific part of the script.
Damn copy-pasting programmation ...

Android devs, what are your thoughts about the naming conventions google tries to enforce on us, especially with the xmls?

I opened a new project after months of leaving android dev, and thought of trying the basic activity template with name 'myActivity'

On clicking it, a ton of files got created : myActivity, myActivityFragment ,... And in xml the reverse naming notation : activity_my, fragment_my, content_my,...

This naming is uncomfortable .in a large project, activities usually acts as complete modules in which different tasks are handled : logins getting checked, data being cached, database being accessed and much more...
So if my activity 'abc' has a content fragment and a toolbar whose design is in another xml, shouldnt the 3 of them be named like:
abc_activity.xml
abc_activity_fragment.xml
abc_activity_toolbar.xml

And not
activity_abc.xml
fragment_abc.xml
toolbar_abc.xml

??
At the very least , it would look nice since the components that are displayed together will have their files together. And i don't know much about testing, but i believe it would be helpful there too

It's too early to be asking these questions today:

Are your DB schema changes checked into source control?

What branch are they checked into?

Why are the schema changes checked into one branch, but deployed to a completely different database?

Is my CI pipeline deploying incorrectly? Oh, you manually deployed changes.

Are your DB changes in source control an accurate reflection of what you actually put in the staging database?

Why not?

Can I just cherry-pick update my schema with your changes from the staging database?

Why is there a typo in your field name?

Oh. Why is there a typo in the customer data set? Don't they know how to spell that word?

Why is the fucking staging database schema missing three critical tables?

Is the coffee ready? I need coffee.

Why is the coffee not ready yet?

What's going on in DevRant this morning?

What project am I working on now anyway?

Did my schema update finish yet?

Yup, it finished. Crap. Where the hell do I keep those backup files?

What's the command line to restore the file again?

Why doesn't our CLI tool support automated database restores?

I can fix that. What branch name should I check the CLI tool into?

What project was I working on this morning again?

We had a test in class where one of the questions was "What is SQL injection?" and I wrote what it was and even gave a bang on simple example where I showed how you could end up with a truncate statement on your customer db. The last part of it was:

"This will be the SQL that gets executed:
INSERT INTO Customers (Name) VALUES (' ';TRUNCATE Customers;--);

When I got it back after we had a session of "grade each others work" I got the comment: "What makes this an attack against a database?"

I mean, I'm not sure what I could have written. That it truncates the database? And, correct me if I'm wrong, but if a user truncates your DB, is that not an attack?

Three hours of debugging the program.
I also wrote a thread in a forum to ask for help explaining all the test I made.
My database is working in Sql Management Studio but not in the code. It done well only using the trusted connection.
The issue? I was using the windows note (Win+v) to paste the connstring since the beginning and in the string there is a / instead of \ in the instance name. I'm writing here to not smash everything...

So we have this local competition and i was tasked to pitch in some help. 2 weeks before, we get a problem with the database so we pull someone from another team to fix it since our hands our full. But his PRICK OF A TEAM LEAD is forcing him not to do it because "It's not priority". So day of the competition - EVERYTHING WAS A MESS. The competition was forfit. We tarnished our company name. BuT his PRICK OF A TEAM LEAD suddenly comes in POINTING FINGERS AT US SAYING "they dont communicate and dont seem competent enough" OHHHH SNAP YOU UNCULTURED GOOSE PRICK FOR TWO WEEKS YOU IGNORED US BUT WHEN WE WENT DOWN YOU SHOWED YOURSELF TO THE BOSS LIKE "it's because they didnt rely on me" WELL KISS MY ASS PRINCE NOT-CHARMING. I really like my company but some people are just TOXIC.

Let's see:

No archival of data on a database server with over 5000 high profile customers using no encryption whatsoever with telnet open on LAN, every user on the same account in the office using the companies name as the password... But hey there are security cameras!

Common Docker for Windows! Are you serious? What in heavens name could you do wrong to loose access to your own ducking database?! And as if that's not enough there comes the internet in the form of Google telling me that I'm the only idiot with this problem. Sure sure. Gnarf.

is there a way to change your username? some say they have changed theirs. how?

Be vary of entering commands from history (Arrow Up), especially if you did a destructive command not long ago.

Did this in a database for a game. I cleaned the clan tables not long before release. Then a short while after the release I searched for a clan related query and ended up clearing one of the tables again (ofc on autocommit). :|

So had to delete the related tables and notified people they had to claim their clan name yet again really quick.

---

Never had the issue on linux yet, but I'm usually vary when doing a generic destructive command (like "rm -r *"). The problem rarely happens with zsh (you can arrow up based on what you already typed) but I'm often still vary and prefix the command with a space to prevent it showing up in my history.

Quick and dirty job to get some data into a DB wasted my entire evening.

Created table with few columns, tried writing to it from NodeJS app and it kept complaining I wasn't providing values for columns that didn't even exist. After ages pissing about decided that the DB gods had cursed this particular table so created a second one with same DDL. Now it worked first fucking time. Then it finally dawned on me, I'd managed to pick a reserved table name and the RDBMS didn't think to give me a warning when I created it. Not only did it not warn me but it kept going as it nothing was the matter and didn't report the extra columns on a SELECT *.

Compromise.

I think that sums up development pretty much.

Take for example coding patterns: Most of them *could* be applied on a global scale (all products)… But that doesn't mean you *should* apply them. :-)

Find a matching **compromise** that makes specific sense for the product you develop.

Small example: SOLID / DRY are good practices. But breaking these principles by for example introducing redundant code could be a very wise design decision - an example would be if you know full ahead that the redundancy is needed for further changes ahead. Going full DRY only to add the redundancy later is time spent better elsewhere.

The principle of compromise applies to other things, too.

Take for example architecture design.

Instead of trying to enforce your whole vision of a product, focus on key areas that you really think must be done.

Don't waste your breath on small stuff - cause then you probably lack the strength for focusing on the important things.

Compromise - choose what is *truly* important and make sure that gets integrated vs trying to "get your will done".

Small example: It doesn't really matter if a function is called myDingDong or myDingDongWithBells - one is longer, other shorter. Refactoring tools make renaming a function an easy task. What matters is what this function does and that it does this efficiently and precise. Instead of discussing the *name* of the function, focus on what the function *does*.

If you've read so far and think this example is dumb: Nope... I've seen PR reports where people struggled for hours with lil shit while the elephant in the room like an N+1 problem / database query or other fundamental things completely drowned in the small shit discussion noise.

We had code design, we had architecture... Same goes for people, debugging, and everything else.

Just because you don't like what weird person A does, doesn't mean it's shit.

Compromise. You don't have to like them. Just tolerate them. Listen. Then try to process their feedback unbiased. Simple as that. Don't make discussions personal - and don't isolate yourself by just working with specific persons. Cause living in such a bubble means you miss out a lot of knowledge and insight… or in short: You suck because of your own choices. :-)

Debugging... Again compromise: instead of wasting hours on debugging a problem, ASK for help. A simple: Has anyone done debugging this before or has some input for how to debug this problem efficiently?... Can sometimes work wonders. Don't start debugging without looking into alternative solutions like telemetry, metrics, known problems etc.
It could be a viable, better long term solution to add metrics to a product than to debug for hours ... Compromise. Find a fitting approach to analyze a problem instead of just starting a brute force approach.

....

Et cetera et cetera.

TL;DR I just recently started my apprenticeship, it's horrible so far, I want to quit, but don't know what to do next...

Okay, first of all, hey there! My name is Cave and I haven't been on here for a while, so I hope the majority of you is doing rather okay. I'm programming for 6 years now, have some work experience already, since I used to volunteer for a company for half a year, in which I discovered my love for integrations and stuff. These background information will probably be necessary to understand my agony in full extend.

So, okay, this is about my apprenticeship. Generally speaking, I was expecting to work, and to learn something, gaining experience. So far, it only involved me, reading through horrible code, fixing and replacing stuff for them, I didn't learn a thing yet, and we are already a month in.

When I said the code is horrible, well, it is the worst I have ever seen since I started programming. Little documentation - if any -, everywhere you look there is deprecated code, which may or may not been commented out, often loops or simply methods seem to be foreign for them, as the code is cluttered with copy paste code everywhere and on top of that all, the code is slow as heck, like wtf.

I spent my past month with reading their code, trying to understand what most of this nonsense is for, and then just deleting and rewriting it entirely. My code suddenly is only 5% or their size and about 1000 times faster. Did I mention I am new to this programming language yet? That I have absolutely no experience in that programming language? Because well I am new and don't have any experience, yet, I have little to no struggle doing it better.

Okay, so, imagine, you started programming like 20 years ago, you were able to found your own business, you are getting paid a decent amount of money, sounds alright, right? Here comes the twist: you have been neglecting every advancement made in developing software for the past 20 years, yup, that's what it feels like to work here.

At this point I don't even know, like is this normal? Did git, VSCode and co. spoil me? Am I supposed to use ancient software with ancient programming languages to make my life hell? Is programming supposed to be like this? I have no clue, you tell me, I always thought I was doing stuff right.

Well, this company is not using git, infact, they have every of their project in a single folder and deleting it by accident is not that hard, I almost did once, that was scary. I started out working locally, just copying files, so shit like that won't happen, they told me to work directly in the source. They said it's fine, that's why you can see 20 copies of the folder, in the same folder... Yes, right, whatever.

I work using a remote desktop, the server I work on is Windows server 2008, you want to make icons using gimp? Too bad, Gimp doesn't support windows server 2008, I don't think anything does anymore, at least I haven't found anything, lol.

They asked me to integrate Google Maps into their projects, I thought it is gonna be fun, well, turns out their software uses internet explorer 9.. and Google maps api does not support internet explorer 9... I ended up somehow installing CEF3 on that shit and wrote an API for it in JS. Writing the API was actually kind of fun, but integrating it in their software sucked and they told me I will never integrate stuff ever again, since they usually don't do that. I mean, they don't have a Backend as far as I can tell, it looks like stuff directly connects with their database, so I believe them, but you know... I love integrating stuff..

So at this point you might be thinking, then why don't you just quit? Well I would, definitely. I'm lucky that till December I can quit without prior notice, just need a resignation as far as I can tell, but when I quit, what do I do next? Like, I volunteered for a company for half a year and I'd argue I did a good job, but with this apprenticeship it only adds up to about 7 months of actual work experience. Would anybody hire somebody with this much actual work experience? I also consider doing freelancing, making a living out of just integrating stuff, but would people pay for that? And then again, would they hire somebody with this much experience? I don't want to quit without a plan on what to do next, but I have no clue.

Am I just spoiled, is programming really just like that, using ancient tools and stuff? Let me know. Advice is welcomed as well, because I'm at a loss. Thanks for reading.

!Rant

Really hate someone who localize database, table, and column name! English please!

If I kept track of all the hours wasted on issues due to overloads of functions called ToList() it would probably make up a sizable portion of the project budgets.

If I call ToList on a query object, it looks like I'm trying to serialize the query definition into some kind of array. That's what it *should* do with that name. Bonus if the object implements some generic enumerable interface, ToList makes it call your database, you can just toss the query into some json serializer that blocks while calling ToList for you, and people end up doing exactly this because the code turned out so much neater.

Because that's the thing. It's like people implement it because it's "neat" and the user shouldn't care about its internals. How many tears would be shed by just calling it ExecuteAsync?

I have to build a database migration that generates user handles. The user handles are unique within an organization. The user can change them. The auto generated handles are either the first name + last name, or the business name depending on which user type it is. Unless it would be a duplicate. Duplicates auto increment if the handle is taken. The character limit for a user handle is the same length as first name plus last name so I have to check for possible overflow if I add digits. I also have to see if the generated name is in the DB already because a user could have custom entered the result of the auto generation.

This has to be programmed async. The DB driver is using a transaction but multiple calls have to be made to check if the generated handle exists for that organization. Also I have to check the migration script itself for possible duplicates. 3/4 of the users have a handle and with the scale there will definitely be duplicate names.

My idea is if there is a collision, use a UUID and let the users pick something nicer next time they log in. Business says “Reeeeeee!!!! The users shouldn’t see a UUID!!! You can do this!!!” Absurd uniqueness requirements. Absurd backfill procedure. Absurd business rules.

had to restore my local Dev database after UI automation was creating loadsa rubbish entities,

Laughing at my old self,
Sql backup name
"FuckingWorking".bak

haha love a bit of rage Names

Working on a multi-year college project, going through tests from previous team.
Every test is not working quite right. They're almost all intermittent failures.
The reason? Every single test class extends some test class, which usually extends from some primary test class.
That primary test class opens up their whole UI, and outside of their UI test package, the only thing that gets used is a variable named session (a string), which isn't even specific.
WHY THE FUCK WOULDN'T YOU JUST MAKE THE SESSION NAME STRING A VARIABLE IN THE TEST FILES YOU DUMB FUCKS
THE ARGUMENT VALIDATION TESTS DO NOT NEED TO OPEN THE UI, LET ALONE CREATE THE WHOLE FUCKING DATABASE JUST TO VALIDATE ARGUMENTS, WHICH YOU DO APPLICATION SIDE
(Also they made it so every session has their own tables as opposed to having session IDs. E.g., "person_sessionID1" and "person_sessionID2" exist.)

Another gem from my Database Fundamentals class, this time it's from the textbook:

So right now we're learning about data modeling with ERDs and the book is explaining a few things about attributes. I got to a part where the book was explaining when you should split an attribute into many (the book mixes up conceptual modelling and logical modelling). The first example the book gave was an address, splitting it up by street name, address number, city, postal code, etc. So far so good. Now we get to the second example: a phone number. The book split the the number 55 11 9784-8900 into four parts:

Country code: 55
Area code: 11
Number prefix: 9784
Number suffix: 8900

At this point I was like "WHAT?". Separating area and country codes from the rest of the number is ok, that's useful, but splitting the number itself in half? Why the fuck would you want to do that? Correct me if I'm wrong but the dash in the middle of the number is just used for "chunking", to make it easier for our brains to read the number. Why would you want to split the number in half? There's literally no reason to do it, at least not in the example the book was showing.

Every time I open this book I keep wondering why the hell my teacher chose it to be our textbook. He's a great teacher, his lectures are awesome, he explains stuff super well, but he chose this book. A book that's filled with shitty literal translations to domain-specific words and acronyms, shitty examples, and convoluted sentences.

For those who ever tried to find and/or implement a crm: everything seems to be based on that bastardized vtiger core which is based on an old version of sugarcrm I'm so fucking tired of that shit. I gonna make my own. The underlying framework makes me sick to the bone. Everything in there relies heavily on magic. Being arround for years and just recently got a new major release yet unable to transfer offer items to the invoice even though it requires a relation?

This is not blunt talk. My thing is based on Laravel, EAV principle for dynamic fields, module code structure, interface for the list view and many other stuff is already integrated. This is gonna be done and will be done because existing stuff is so fucking ugly and broken I can't fathom myself.

Btw I still need a name

PS: I hate smarty, PearDb and their fucking database layout

I need to check 100k tables in the database so I wrote a script... It runs fine for 5 minutes; then suddenly I get an error out of nowhere: getaddrinfo ENOTFOUND influxdb-dev.cloud.etc.com. What the helly hell? When I restart my script, the host name is found fine again; after 5 more minutes it crashes again with the same error. I cannot think of a good reason why this happens. Why would the host disappear? RIP

The feeling when someone decided that it was a good idea to give all databases the same name across environments. So you have to:

drop database prod

On your MySQL prompt to restore the test environment from the latest mysqldump.

Never thought naming could be so hard...

Need some advise from all you clever devs out there.

When I finished uni I worked for a year at a good company but ultimately I was bored by the topic.

I got a new job at a place that was run by a Hitler wannabee that didn't want to do anything properly including writing tests and any time I improved an area or wrote a test would take me aside to have a go so I quit after 3 months.

Getti g a new job was not that hard but being at companies for short stints was a big issue.

My new job I've been here 3 months again but the code base is a shit hole, no standardisation, no one knows anything about industry standards, no tests again, pull requests that are in name only as clearly broken areas that you comment on get ignored so you might as well not bother, fake agile where all user stories are not user stories and we just lie every sprint about what we finished, no estimates and so forth, and a code base that is such a piece of shit that to add a new feature you have to hack every time. The project only started a few months back.

For instance we were implementing permissions and roles. My team lead does the table design. I spent 4 hours trying to convince him it was not fit for purpose and now we have spent a month on this area and we can't even enforce the permissions on the backend so basically they don't exist. This is the tip of the iceberg as this shit happens constantly and the worst thing is even though I say there is a problem we just ignore it so the app will always be insecure.

None of the team knows angular or wants to learn but all our apps use angular..

These are just examples, there is a lot more problems right from agile being run by people that don't understand agile to sending database entities instead of view models to client apps, but not all as some use view models so we just duplicate all the api controllers.

Our angular apps are a huge mess now because I have to keep hacking them since the backend is wrong.

We have a huge architectural problem that will set us back 1 month as we won't be able to actually access functionality and we need to release in 3 months, their solution even understanding my point fully is to ignore it. Legit.

The worst thing is that although my team is not dumb, if you try to explain this stuff to them they either just don't understand what you are saying or don't care.

With all that said I don't think they are even aware of these issues somehow so I dont think it's on purpose, and I do like the people and company, but I have reached the point that I don't give a shit anymore if something is wrong as its just so much easier to stay silent and makes no difference anyway.

I get paid very well, it's close to home and I actually learn a lot since their skill level is so low I have to pick up the slack and do all kinds of things I've never done much of like release management or database optimisation and I like that.

Would you leave and get a new job?

Okay, I hope a few people can help me with this; what are the benefits/reasons to use MS technologies? I'm talking about .NET, ASP, Windows Server, Powershell...

I've never understood it. I love Nodejs because you don't have any packages unless you ask for them. Alpine Linux is amazing! It runs on 8MB of RAM from fresh and doesn't need much more space to install.

You want .NET core? 140MB download. You're configuring database connection strings? Feel free to type in whatever you like, it'll parse and replace with some magic variables that have come from some other random file.

I was using Powershell recently, needed to set an env variable. Bash is happy with "export name=value". You want to do that in Powershell? I just googled it and found an entire 40-minute read discussing how to set env vars. Why?! It should be one command, and I don't know who thought that "Get-ChildItem" was _obviously_ referring to env variables.

It seems to me that everywhere MS has got their hands on development-wise, it inherits the typical sales bullshit. No no, you can't call them "websockets", they have to be branded "SignalR" and add tons of overhead. You can't say "disable notifications" it has to be "focus assist". I'm really surprised something as simple as a keyboard hasn't become a "varied user input device" or something of the like.

Am I alone in thinking this?

I can't count likes form my database for an specific post. I made a function that will count all the like by "post.id". It shows the like on the web page when I clicked on like button and it disappears when I refresh the browser. but likes are still remaining in the database but it won't appear on the webpage.

Here are the flask code:

def like_count(post_id):
if request.form.get('like') != None:
if (Like.query.filter_by(post_id=post_id).all())==[]:
return 0
else:
return Like.query.filter_by(post_id=post_id).count()
else:
return 0

def dislike_count(post_id):
if request.form.get('dislike') != None:
if (Dislike.query.filter_by(post_id=post_id).all())==[]:
return 0
else:
return Dislike.query.filter_by(post_id=post_id).count()
else:
return 0

Here are the html code:

<!--dislike-->
<form method="POST" action="">
<input name="dislike" value="1" class="input-style" >
<input value="{{post.id}}" name="post_id" class="input-style">
<button class="fas fa-thumbs-down" class="like-button" >
<div class="like-count" >
{{dislike_count(post.id)}}
</div>
</button>
</form>

<!--like-->
<form method="POST" action="" >
<input name="like" value="1" class="input-style" >
<input name="post_id" value="{{post.id}}" class="input-style" >
<button class="fas fa-thumbs-up" class="like-button" >
<div class="like-count" >
{{like_count(post.id)}}
</div>
</button>
</form>

$ python
>>> from package import app, db
Traceback:
ImportError: cannot import name db

WHY THE FUCK NOT YOU FUCKING CRETIN. JUST IMPORT THE MOTHERTRUCKING DATABASE SO I CAN IMPORT THE SHITTING MODELS, CREATE A TEST ACCOUNT THEN TELL THE CLIENT THAT IM ALMOST THERE DESPITE BEING THREE DUCKING WEEKS BEHIND MOTHERCUKING SCHEDULE.

AAAAAAAAAAAAAARGHH.