So this was a couple years ago now. Aside from doing software development, I also do nearly all the other IT related stuff for the company, as well as specialize in the installation and implementation of electrical data acquisition systems - primarily amperage and voltage meters. I also wrote the software that communicates with this equipment and monitors the incoming and outgoing voltage and current and alerts various people if there's a problem.

Anyway, all of this equipment is installed into a trailer that goes onto a semi-truck as it's a portable power distribution system.

One time, the computer in one of these systems (we'll call it system 5) had gotten fried and needed replaced. It was a very busy week for me, so I had pulled the fried computer out without immediately replacing it with a working system. A few days later, system 5 leaves to go work on one of our biggest shows of the year - the Academy Awards. We make well over a million dollars from just this one show.

Come the morning of show day, the CEO of the company is in system 5 (it was on a Sunday, my day off) and went to set up the data acquisition software to get the system ready to go, and finds there is no computer. I promptly get a phone call with lots of swearing and threats to my job. Let me tell you, I was sweating bullets.

After the phone call, I decided I needed to try and save my job. The CEO hadn't told me to do anything, but I went to work, grabbed an old Windows XP laptop that was gathering dust and installed my software on it. I then had to build the configuration file that is specific to system 5 from memory. Each meter speaks the ModBus over TCP/IP protocol, and thus each meter as a different bus id. Fortunately, I'm pretty anal about this and tend to follow a specific method of id numbering.

Once I got the configuration file done and tested the software to see if it would even run properly on Windows XP (it did!), I called the CEO back and told him I had a laptop ready to go for system 5. I drove out to Hollywood and the CFO (who was there with the CEO) had to walk about a mile out of the security zone to meet me and pick up the laptop.

I told her I put a fresh install of the data acquisition software on the laptop and it's already configured for system 5 - it *should* just work once you plug it in.

I didn't get any phone calls after dropping off the laptop, so I called the CFO once I got home and asked her if everything was working okay. She told me it worked flawlessly - it was Plug 'n Play so to speak. She even said she was impressed, she thought she'd have to call me to iron out one or two configuration issues to get it talking to the meters.

All in all, crisis averted! At work on Monday, my supervisor told me that my name was Mud that day (by the CEO), but I still work here!

Here's a picture of the inside of system 8 (similar to system 5 - same hardware)

Welcome back to practiseSafeHex's new life as a manager.

Episode 2: Why automate when you can spend all day doing it by hand

This is a particularly special episode for me, as these problems are taking up so much of my time with non-sensical bullshit, that i'm delayed with everything else. Some badly require tooling or new products. Some are just unnecessary processes or annoyances that should not need to be handled by another human. So lets jump right in, in no particular order:

- Jira ... nuff said? not quite because somehow some blue moon, planets aligning, act of god style set of circumstances lined up to allow this team to somehow make Jira worse. On one hand we have a gigantic Jira project containing 7 separate sub teams, a million different labels / epics and 4.2 million possible assignees, all making sure the loading page takes as long as possible to open. But the new country we've added support for in the app gets a separate project. So we have product, backend, mobile, design, management etc on one, and mobile-country2 on another. This delightfully means a lot of duplication and copy pasting from one to the other, for literally no reason what so ever.

- Everything on Jira is found through a label. Every time something happens, a new one is created. So I need to check for "iOS", "Android", "iOS-country2", "Android-country2", "mobile-<feature>", "mobile-<feature>-issues", "mobile-<feature>-prod-issues", "mobile-<feature>-existing-issues" and "<project>-July31" ... why July31? Because some fucking moron decided to do a round of testing, and tag all the issues with the current date (despite the fact Jira does that anyway), which somehow still gets used from time to time because nobody pays attention to what they are doing. This means creating and modifying filters on a daily basis ... after spending time trying to figure out what its not in the first one.

- One of my favourite morning rituals I like to call "Jira dumpster diving". This involves me removing all the filters and reading all the tickets. Why would I do such a thing? oh remember the 9000 labels I mentioned earlier? right well its very likely that they actually won't use any of them ... or the wrong ones ... or assign to the wrong person, so I have to go find them and fix them. If I don't, i'll get yelled at, because clearly it's my fault.

- Moving on from Jira. As some of you might have seen in your companies, if you use things like TestFlight, HockeyApp, AppCenter, BuddyBuild etc. that when you release a new app version for testing, each version comes with an automated change-log, listing ticket numbers addressed ...... yeah we don't do that. No we use this shitty service, which is effectively an FTP server and a webpage, that only allows you to host the new versions. Sending out those emails is all manual ... distribution groups?? ... whats that?

- Moving back to Jira. Can't even automate the changelog with a script, because I can't even make sense of the tickets, in order to translate that to a script.

- Moving on from Jira. Me and one of the remote testers play this great game I like to call "tag team ticketing". It's so much fun. Right heres how to play, you'll need a QA and a PM.

*QA creates a ticket, and puts nothing of any use inside it, and assigns to the PM.
*PM fires it back asking for clarification.
*QA adds in what he feels is clarification (hes wrong) and assigns it back to the PM.
*PM sends detailed instructions, with examples as to what is needed and assigns it back.
*QA adds 1 of the 3 things required and assigns it back.
*PM assigns it back saying the one thing added is from the wrong day, and reminds him about the other 2 items.
*QA adds some random piece of unrelated info to the ticket instead, forgetting about the 3 things and assigns it back.

and you just continue doing this for the whole dev / release cycle hahaha. Oh you guys have no idea how much fun it is, seriously give it a go, you'll thank me later ... or kill yourselves, each to their own.

- Moving back to Jira. I decided to take an action of creating a new project for my team (the mobile team) and set it up the way we want and just ignore everything going on around us. Use proper automation, and a kanban board. Maybe only give product a slack bot interface that won't allow them to create a ticket without what we need etc. Spent 25 minutes looking for the "create new project" button before finding the link which says I need to open a ticket with support and wait ... 5 ... fucking ... long ... painful ... unnecessary ... business days.

... Heres hoping my head continues to not have a bullet hole in it by then.

Id love to talk more, but those filters ain't gonna fix themselves. So we'll have to leave it here for today. Tune in again for another episode soon.

And remember to always practiseSafeHex

So, some time ago, I was working for a complete puckered anus of a cosmetics company on their ecommerce product. Won't name names, but they're shitty and known for MLM. If you're clever, go you ;)

Anyways, over the course of years they brought in a competent firm to implement their service layer. I'd even worked with them in the past and it was designed to handle a frankly ridiculous-scale load. After they got the 1.0 released, the manager was replaced with some absolutely talentless, chauvinist cuntrag from a phone company that is well known for having 99% indian devs and not being able to heard now. He of course brought in his number two, worked on making life miserable and running everyone on the team off; inside of a year the entire team was ex-said-phone-company.

Watching the decay of this product was a sheer joy. They cratered the database numerous times during peak-load periods, caused $20M in redis-cluster cost overrun, ended up submitting hundreds of erroneous and duplicate orders, and mailed almost $40K worth of product to a random guy in outer mongolia who is , we can only hope, now enjoying his new life as an instagram influencer. They even terminally broke the automatic metadata, and hired THIRTY PEOPLE to sit there and do nothing but edit swagger. And it was still both wrong and unusable.

Over the course of two years, I ended up rewriting large portions of their infra surrounding the centralized service cancer to do things like, "implement security," as well as cut memory usage and runtimes down by quite literally 100x in the worst cases.

It was during this time I discovered a rather critical flaw. This is the story of what, how and how can you fucking even be that stupid. The issue relates to users and their reports and their ability to order.

I first found this issue looking at some erroneous data for a low value order and went, "There's no fucking way, they're fucking stupid, but this is borderline criminal." It was easy to miss, but someone in a top down reporting chain had submitted an order for someone else in a different org. Shouldn't be possible, but here was that order staring me in the face.

So I set to work seeing if we'd pwned ourselves as an org. I spend a few hours poring over logs from the log service and dynatrace trying to recreate what happened. I first tested to see if I could get a user, not something that was usually done because auth identity was pervasive. I discover the users are INCREMENTAL int values they used for ids in the database when requesting from the API, so naturally I have a full list of users and their title and relative position, as well as reports and descendants in about 10 minutes.

I try the happy path of setting values for random, known payment methods and org structures similar to the impossible order, and submitting as a normal user, no dice. Several more tries and I'm confident this isn't the vector.

Exhausting that option, I look at the protocol for a type of order in the system that allowed higher level people to impersonate people below them and use their own payment info for descendant report orders. I see that all of the data for this transaction is stored in a cookie. Few tests later, I discover the UI has no forgery checks, hashing, etc, and just fucking trusts whatever is present in that cookie.

An hour of tweaking later, I'm impersonating a director as a bottom rung employee. Score. So I fill a cart with a bunch of test items and proceed to checkout. There, in all its glory are the director's payment options. I select one and am presented with:

"please reenter card number to validate."

Bupkiss. Dead end.

OR SO YOU WOULD THINK.

One unimportant detail I noticed during my log investigations that the shit slinging GUI monkeys who butchered the system didn't was, on a failed attempt to submit payment in the DB, the logs were filled with messages like:

"Failed to submit order for [userid] with credit card id [id], number [FULL CREDIT CARD NUMBER]"

One submit click later and the user's credit card number drops into lnav like a gatcha prize. I dutifully rerun the checkout and got an email send notification in the logs for successful transfer to fulfillment. Order placed. Some continued experimentation later and the truth is evident:

With an authenticated user or any privilege, you could place any order, as anyone, using anyon's payment methods and have it sent anywhere.

So naturally, I pack the crucifixion-worthy body of evidence up and walk it into the IT director's office. I show him the defect, and he turns sheet fucking white. He knows there's no recovering from it, and there's no way his shitstick service team can handle fixing it. Somewhere in his tiny little grinchly manager's heart he knew they'd caused it, and he was to blame for being a shit captain to the SS Failboat. He replies quietly, "You will never speak of this to anyone, fix this discretely." Straight up hitler's bunker meme rage.

Discovered one of the worst db designs ever:

- A cust is inserted in a table.
- The insert trigger is fired, calling a stored proc
- The stored proc being called creates a dynamic sql that builds a create table statement for 8 different tables. These tables will be postfixed with the newly-created cust id and is executed.

When querying info for a cust, a stored proc is used that accepts an id value would be appended to another dynamic sql that creates a select statement across all 8 tables for one customer.

Shoot me now.

I love Linux, but its community can be so full of incompetent assholes..

Just now I asked in Freenode ##linux how to get the process ID of my current running process in bash. I got my answer - it's a shell built-in called "$$".

Then people start to nitpick some more - why do you need it? How is that different from an exit? - to which my response was.. well I know the whole idea behind exit codes, and I'd use it whenever possible, in all defined behavior that allows my program to terminate itself whenever it can. This pidfile however would be used to exit itself and provide diagnostic information whenever the program enters undefined behavior - a segfault in C language. Scenarios in which I don't have full control over the script's behavior anymore, such as the system entering an unworkable state where the system stalled, still got some binaries in RAM but the rootfs got unwritable, such as now - very helpfully, thanks HP! - when my laptop likely overheated and shat itself. I issued sudo reboot into it, but even that wouldn't issue properly anymore due to the /sbin/poweroff binary becoming inaccessible too. I had to issue a hard power cycle.. one of the few times in which I'm thankful to HP for actually causing shit like this, lol.

Point is, that undefined behavior is what I'm trying to mitigate against. I certainly can't let any files other than diagnostics remain in nonvolatile storage like that, especially when their state should be predictable in order to ensure good operation (like files expressing whether the script is already running or not, i.e. lock files).

Back to that IRC chat. Aside from the answer, I got ridicule from people who probably don't even know how to properly compile a kernel. Ubuntu users, overconfident scum. Sometimes I feel like I should ask questions in channels like #archlinux only, where such incompetency is ridiculed on its own.

I've found and fixed any kind of "bad bug" I can think of over my career from allowing negative financial transfers to weird platform specific behaviour, here are a few of the more interesting ones that come to mind...

#1 - Most expensive lesson learned

Almost 10 years ago (while learning to code) I wrote a loyalty card system that ended up going national. Fast forward 2 years and by some miracle the system still worked and had services running on 500+ POS servers in large retail stores uploading thousands of transactions each second - due to this increased traffic to stay ahead of any trouble we decided to add a loadbalancer to our backend.

This was simply a matter of re-assigning the IP and would cause 10-15 minutes of downtime (for the first time ever), we made the switch and everything seemed perfect. Too perfect...

After 10 minutes every phone in the office started going beserk - calls where coming in about store servers irreparably crashing all over the country taking all the tills offline and forcing them to close doors midday. It was bad and we couldn't conceive how it could possibly be us or our software to blame.

Turns out we made the local service write any web service errors to a log file upon failure for debugging purposes before retrying - a perfectly sensible thing to do if I hadn't forgotten to check the size of or clear the log file. In about 15 minutes of downtime each stores error log proceeded to grow and consume every available byte of HD space before crashing windows.

#2 - Hardest to find

This was a true "Nessie" bug.. We had a single codebase powering a few hundred sites. Every now and then at some point the web server would spontaneously die and vommit a bunch of sql statements and sensitive data back to the user causing huge concern but I could never remotely replicate the behaviour - until 4 years later it happened to one of our support staff and I could pull out their network & session info.

Turns out years back when the server was first setup each domain was added as an individual "Site" on IIS but shared the same root directory and hence the same session path. It would have remained unnoticed if we had not grown but as our traffic increased ever so often 2 users of different sites would end up sharing a session id causing the server to promptly implode on itself.

#3 - Most elegant fix

Same bastard IIS server as #2. Codebase was the most unsecure unstable travesty I've ever worked with - sql injection vuns in EVERY URL, sql statements stored in COOKIES... this thing was irreparably fucked up but had to stay online until it could be replaced. Basically every other day it got hit by bots ended up sending bluepill spam or mining shitcoin and I would simply delete the instance and recreate it in a semi un-compromised state which was an acceptable solution for the business for uptime... until we we're DDOS'ed for 5 days straight.

My hands were tied and there was no way to mitigate it except for stopping individual sites as they came under attack and starting them after it subsided... (for some reason they seemed to be targeting by domain instead of ip). After 3 days of doing this manually I was given the go ahead to use any resources necessary to make it stop and especially since it was IIS6 I had no fucking clue where to start.

So I stuck to what I knew and deployed a $5 vm running an Nginx reverse proxy with heavy caching and rate limiting linked to a custom fail2ban plugin in in front of the insecure server. The attacks died instantly, the server sped up 10x and was never compromised by bots again (presumably since they got back a linux user agent). To this day I marvel at this miracle $5 fix.

SICK AND TIRED OF READABILITY VS. EFFICIENCY!!!!!!!

I HAD TO SEPARATE A 4 LOC JSON STRING, WHICH HAD AN ARRAY OF A SINGLE KEY-VALUE PAIRS (TOTAL OF 10 OBJECTS IN THE ARRAY).

ITS READABLE IF YOU KNOW JSON. HOW HARD IS TO READ JSON FORMAT IF YOU GET YOUR STYLE AND INDENTATION PROPERLY?!?

SO I HAD TO
BREAK THE POOR FREAKING JSON APART TO A FUCKING DIFFERENT YAML FILE FORMAT ONLY SO I CAN CALL IT FROM THERE TO THE MAIN CONTROLLER, ITERATE AND MANIPULATE ALL THE ID AND VALUES FROM YAML BACK TO MATCH THE EXPECTED JSON RESPONSE IN THE FRONT END.

THE WHOLE PROCESS TOOK ME ABOUT 15 MINUTES BUT STILL, THE FUCKING PRINCIPLE DRIVES ME INSANE.

WHY THE FUCK SHOULD I WASTE TIME AT AN ALREADY WORKING PIECE OF CODE, TO MAKE IT LESS EFFICIENT AND A SLIGHTLY BIT MORE READABLE?!? FML.

OMFG I don't even know where to start..
Probably should start with last week (as this is the first time I had to deal with this problem directly)..

Also please note that all packages, procedure/function names, tables etc have fictional names, so every similarity between this story and reality is just a coincidence!!

Here it goes..

Lat week we implemented a new feature for the customer on production, everything was working fine.. After a day or two, the customer notices the audit logs are not complete aka missing user_id or have the wrong user_id inserted.
Hm.. ok.. I check logs (disk + database).. WTF, parameters are being sent in as they should, meaning they are there, so no idea what is with the missing ids.

OK, logs look fine, but I notice user_id have some weird values (I already memorized most frequent users and their ids). So I go check what is happening in the code, as the procedures/functions are called ok.

Wow, boy was I surprised.. many many times..
In the code, we actually check for user in this apps db or in case of using SSO (which we were) in the main db schema..
The user gets returned & logged ok, but that is it. Used only for authentication. When sending stuff to the db to log, old user Id is used, meaning that ofc userid was missing or wrong.

Anyhow, I fix that crap, take care of some other audit logs, so that proper user id was sent in. Test locally, cool. Works. Update customer's test servers. Works. Cool..

I still notice something off.. even though I fixed the audit_dbtable_2, audit_dbtable_1 still doesn't show proper user ids.. This was last week. I left it as is, as I had more urgent tasks waiting for me..

Anyhow, now it came the time for this fuckup to be fixed. Ok, I think to myself I can do this with a bit more hacking, but it leaves the original database and all other apps as is, so they won't break.
I crate another pck for api alone copy the calls, add user_id as param and from that on, I call other standard functions like usual, just leave out the user_id I am now explicitly sending with every call.
Ok this might work.

I prepare package, add user_id param to the calls.. great, time to test this code and my knowledge..

I made changes for api to incude the current user id (+ log it in the disk logs + audit_dbtable_1), test it, and check db..
Disk logs fine, debugging fine (user_id has proper value) but audit_dbtable_1 still userid = 0.

WTF?! I go check the code, where I forgot to include user id.. noup, it's all there. OK, I go check the logging, maybe I fucked up some parameters on db level. Nope, user is there in the friggin description ON THE SAME FUCKING TABLE!!
Just not in the column user_id...

WTF..Ok, cig break to let me think..

I come back and check the original auditing procedure on the db.. It is usually used/called with null as the user id. OK, I have replaced those with actual user ids I sent in the procedures/functions. Recheck every call!! TWICE!! Great.. no fuckups. Let's test it again!
OFC nothing changes, value in the db is still 0. WTF?! HOW!?

So I open the auditing pck, to look the insides of that bloody procedure.. WHAT THE ACTUAL FUCK?!
Instead of logging the p_user_sth_sth that is sent to that procedure, it just inserts the variable declared in the main package..
WHAT THE ACTUAL FUCK?! Did the 'new guy' made changes to this because he couldn't figure out what is wrong?! Nope, not him. I asked the CEO if he knows anything.. Noup.. I checked all customers dbs (different customers).. ALL HAD THIS HARDOCED IN!!! FORM THE FREAKING YEAR 2016!!! O.o

Unfuckin believable.. How did this ever work?!

Looks like at the begining, someone tried to implement this, but gave up mid implementation.. Decided it is enough to log current user id into BLABLA variable on some pck..
Which might have been ok 10+ years ago, but not today, not when you use connection pooling.. FFS!!

So yeah, I found easter eggs from years ago.. Almost went crazy when trying to figure out where I fucked this up. It was such a plan, simple, straight-forward solution to auditing..

If only the original procedure was working as it should.. bloddy hell!!

Just spent about a day and a half debugging my code a million different ways, only to discover that the third party call that kept failing needed the id in UPPERCASE.

So I'm on vacation right now to visit family. I received an email from the head of department that, due to our department getting 7 new hires in one day, the seating arrangement has been changed.

My new seat is next to this one developer who's old enough to be my dad. He's a very nice guy and all, but the problem is he burps ALL. THE. TIME. I've never met anybody more gassy. His burps don't stink, thank God, but they're loud enough that it's seriously jarring.

You know how us devs can be completely in the zone until some marketing dickbag taps you on the shoulder and asks you to check your email or help with something that is absolutely not your job and you completely lose all focus and have to start over? Its exactly like that, except it happens every 10 minutes.

Another thing is, my back is now facing away from the wall, towards the rest of the office. The nearest section to mine is management. That means that anybody, including the CEO, can walk up right behind me and see what I'm doing at all times.

I really hate that. Id much rather be next to the wall to have some sort of privacy. Somehow sitting next to burpy guy is still the thing I'm most annoyed about though.

I tried to ask for a different seat, but my manager effectively said that I have no choice but to sit there because that guy is part of my team, and teammates should sit together. He forgot about the fact that, while the work him and I do is indeed related, I've been working on a solo project for the past few months and I don't need to be next to anybody in particular because I'm the only one working on this thing. Theoretically, I could sit in the toilet with my laptop and get my work done just fine. Maybe when I talk to him face to face in the office I can convince him to have some mercy on me.

The bright side is I'm very excited about meeting those 7 new hires I mentioned. They seem to be smart, capable people so I look forward to working with them and learning from them. Every cloud has a silver lining. 😊

A few days ago Aruba Cloud terminated my VPS's without notice (shortly after my previous rant about email spam). The reason behind it is rather mundane - while slightly tipsy I wanted to send some traffic back to those Chinese smtp-shop assholes.

Around half an hour later I found that e1.nixmagic.com had lost its network link. I logged into the admin panel at Aruba and connected to the recovery console. In the kernel log there was a mention of the main network link being unresponsive. Apparently Aruba Cloud's automated systems had cut it off.

Shortly afterwards I got an email about the suspension, requested that I get back to them within 72 hours.. despite the email being from a noreply address. Big brain right there.

Now one server wasn't yet a reason to consider this a major outage. I did have 3 edge nodes, all of which had equal duties and importance in the network. However an hour later I found that Aruba had also shut down the other 2 instances, despite those doing nothing wrong. Another hour later I found my account limited, unable to login to the admin panel. Oh and did I mention that for anything in that admin panel, you have to login to the customer area first? And that the account ID used to login there is more secure than the password? Yeah their password security is that good. Normally my passwords would be 64 random characters.. not there.

So with all my servers now gone, I immediately considered it an emergency. Aruba's employees had already left the office, and wouldn't get back to me until the next day (on-call be damned I guess?). So I had to immediately pull an all-nighter and deploy new servers elsewhere and move my DNS records to those ASAP. For that I chose Hetzner.

Now at Hetzner I was actually very pleasantly surprised at just how clean the interface was, how it puts the project front and center in everything, and just tells you "this is what this is and what it does", nothing else. Despite being a sysadmin myself, I find the hosting part of it insignificant. The project - the application that is to be hosted - that's what's important. Administration of a datacenter on the other hand is background stuff. Aruba's interface is very cluttered, on Hetzner it's super clean. Night and day difference.

Oh and the specs are better for the same price, the password security is actually decent, and the servers are already up despite me not having paid for anything yet. That's incredible if you ask me.. they actually trust a new customer to pay the bills afterwards. How about you Aruba Cloud? Oh yeah.. too much to ask for right. Even the network isn't something you can trust a long-time customer of yours with.

So everything has been set up again now, and there are some things I would like to stress about hosting providers.

You don't own the hardware. While you do have root access, you don't have hardware access at all. Remember that therefore you can't store anything on it that you can't afford to lose, have stolen, or otherwise compromised. This is something I kept in mind when I made my servers. The edge nodes do nothing but reverse proxying the services from my LXC containers at home. Therefore the edge nodes could go down, while the worker nodes still kept running. All that was necessary was a new set of reverse proxies. On the other hand, if e.g. my Gitea server were to be hosted directly on those VPS's, losing that would've been devastating. All my configs, projects, mirrors and shit are hosted there.

Also remember that your hosting provider can terminate you at any time, for any reason. Server redundancy is not enough. If you can afford multiple redundant servers, get them at different hosting providers. I've looked at Aruba Cloud's Terms of Use and this is indeed something they were legally allowed to do. Any reason, any time, no notice. They covered all their bases. Make sure you do too, and hope that you'll never need it.

Oh, right - this is a rant - Aruba Cloud you are a bunch of assholes. Kindly take a 1Gbps DDoS attack up your ass in exchange for that termination without notice, will you?

So, someone is trying to catfish me in some social media.
And I can make a few guesses about who it might be. Or maybe I'm being paranoid and all the accounts contacting me randomly, are just spam bots.

But this isn't the first time. From a hateful ex, to someone I turned down because I had zero feelings for, to even random stalkers who found me online and thought that I was the best choice for obsessing over, I've seen different types of online ghosts.

Like... why is it that it takes so much for some people to be decent? Why can't you just say it to my face (aka directly), get your answer, and then fuck off? And if you're actually obsessing, it is not my problem. See a fucking therapist.

Anywho, aside from the wish to be able to occasionally deliver an online slap, and occasionally wishing that everyone on the internet had an ID to be found IRL, I would like for internet to be a less hateful/harassing/terrorizing/bullying/discriminating place. I like internet. I have so many awesome friends on the internet.

I just needed to rant about it so it doesn't weigh on my mind. Now I'm gonna go back to ignoring them and living my own life peacefully. I hope y'all have a good day. 🙂

I think the reason why git beginners have a hard time with it is because the api is a bit untuitive.

For example: if you want to "unstage" staged changes, you run git reset, and if you want to "delete" those changes from your working copy, you git checkout those files.

But then, you find out that you can do all of that if you git add . and git reset --hard.
So you're like "huh..."

And then you discover that if you end the resethard with a branch name/commit id then you also make current branch point to the commit or that branch/commit (respectively).
So you're like "huh..."

And also if you add a commit id or branch name to git checkout, you change the current branch to specified/enter detached state with HEAD pointing to that commit (respectively).

Oh and you don't use git branch to create branches, you use git checkout -b because it's a lot shorter.

So here's a rundown: git reset mutates things related to files, but also mutates things related to branches.
git checkout also mutates things related to files and mutates things related to branches too (in a diff way). Also, creates new branches.

I don't think this is intuitive. We users use the same commands for different purposes with just a different flag.
Commands shouldn't mutate different types of things. But don't composite commands (as in, "smart" commands that mutate different things) shoudln't be a flag in an existing command, it should be a single new command of its own.

Maybe if I reread the internals of git now, I'll be able to disgest the dozens of technical terms they throw at you (they are many). And in my mind, the api will cognitively fit to the explanations.

Here's another one that feels weird too.
If you want to make your changes start on top of someone else's commit, you do git rebase.
But git rebase -i can be used for that, and also to delete, modify changes or message of, reorder or combine previous commits of the current branch.

Maybe the reason why several things we do overlap with the same commands is because they internally do similar things, and while not separating those commands might make it less intuitive, it makes them more sensible? i dunno...

disclaimer: I'm not setting this opinion in stone though, and am aware that git was created by one of the most infuential programmers.

JSF: Yeah, we make it so can focus on what's important and you never have to write HTML or CSS like those lowly web developers.

Also JSF: You can't nest <h:form> components because nested forms are invalid HTML. Oh, that breaks the composite component you were trying to use? Ha, fuck off.

Primefaces: You know how you can just provide an ID and OverlayPanel will open on its own? Well, for a Dialog, the API is completely different. Here's a glob of JavaScript in an onclick event.

I swear this entire thing was regurgitated by a murder of seagulls.

Working on an Android app for a client who has a dev team that is developing a web app in with ember js / rails. These folks are "in charge" of the endpoints our app needs to function. Now as a native developer, I'm not a hater of a web apps way of doing things but with this particular app their dev teams seems to think that all programming languages can parse json as dynamically as javascript...

Exhibit A:

- Sample Endpoint Documentation
* GetImportantInfo
* Params: $id // id of info to get details of
* Endpoint: get-info/$id
* Method: GET
* Entity Return {SampleInfoModel}

- Example API calls in desktop REST client
* get-info/1
- response
{
"a" : 0,
"b" : false,
"c" : null
}
* get-info/2
- response
{
"a" : [null, "random date stamp"],
"b" : 3.14,
"c" : {
"z" : false,
"y" : 0.5
}
}
* get-info/3
- response
{
"a" : "false" // yes as a string
"b" : "yellow"
"c" : 1.75
}

Look, I get that js and ruby have dynamic types and a string can become a float can become a Boolean can become a cat can become an anvil. But that mess is very difficult to parse and make sense of in a stack that relies on static types.

After writing a million switch statements with cases like "is Float" or "is String" from kotlin's Any type // alias for java.Object, I throw my hands in the air and tell my boss we need to get on the phone with these folks. He agrees and we schedules a day that their main developer can come to our shop to "show us the ropes".

So the day comes and this guy shows up with his mac book pro and skinny jeans. We begin showing him the different data types coming back and explain how its bad for performance and can lead to bugs in the future if the model structure changes between different call params. He matter of factually has an epiphany and exclaims "OHHHHHH! I got you covered dawg!" and begins click clacking on his laptop to make sense of it all. We decide not to disturb him any more so he can keep working.

3 hours goes by...

He burst out of our conference room shouting "I am the greatest coder in the world! There's no problem I can't solve! Test it now!"

Weary, we begin testing the endpoints in our REST clients....

His magic fix, every single response is a quoted string of json:

example:
- old response
{
"foo" : "bar"
}
- new "improved" response
"{ \"foo\" : \"bar\" }"

smh....

We've recently employed a new lead dev that seems to have a problem in that his solution is always the correct solution.

On a typical day, whenever I push code up for review via pull request, every single ticket I work on, he has something that has to change which doubles the amount of time of each ticket.

I'd be fine with this if the other 2 developers also think he's a bit of a headache in terms of his opinion but a lot of the time, there is always.. ALWAYS something that has to change because his method is better than mine.

For example, just now I pushed up some code that literally just adds in the user's email to the view which is already in the store for that action/effect anyway. I added one line of HTML.

He comments saying that I need to change the way it gets the email by doing a different request in the effect, to get the current user id, and from that match it against the email address, and THEN display it in the view.

This ticket took me 5 minutes. He's making me make it 30-60 minutes (to understand his requirement and implement it).

Is this normal? Am I over reacting?

Opinions please!

Having gone to a bank to reset a password again today (Yes, I forgot it for like... 3rd time, don't judge me, its my backup bank account I need to access like... once a year), I was once again made to think - I come in, give them my state ID by which they authorize that I can even make a password reset request.

Then they give me a tablet to... sign a contract addendum?

Its not the contract part that always makes me stop and think though - its the "sign" part.

I'd wager that I am not the only one who only ever uses a computer to write text these days. So... My handwriting got a lot jerkier, less dependable. Soooo... My signature can be wildly different each time.......

And if my signature varies a lot... then... what is the point of having it on a piece of paper?

I know its just a legal measure of some sort... And that, if it came down to someone impersonating me and I'd go to court with the bank, there would be specialists who can tell if a signature was forged or not... But...

Come on, the computer world has so much more reliable, uncrackable, unforgable solutions already... Why... Don't all folks of the modern world already have some sort of... state-assigned private/public keypairs that could be used to sign official documents instead?

It costs money, takes time to develop etc... But... Then, there would not only be no need to sign papers anymore... And it would be incredibly hard to forge.

The key could even be encrypted, so the person wishing to sign something would have to know a PIN code or a password or something...

tl;dr: I hate physical signatures as a method of authentication / authorization. I wish the modern world would use PKI cryptography instead...

API endpoint returns data on thing with id number you specify

request data on certain id numbers

gives response data on different id than what you requested

how fucking horrifying

we depend on this thing, but we don't own it at least

I specified a requirement where certain bits in a certain message shall be evaluated for certain items. The tester came up to me and talked some BS about how to guesstimate these bits by totally different bits. I said, look up the interface definition, the bits are there. Got an email, same BS. Tester was just too lazy to look it up. So I answered that message ID X has bits 60-63 for the four relevant items.
However, I carefully avoided telling him which bit was for which item so that he knew what it was, but I still forced him to look up the inter fucking face definition.

That time when I requested someone from a different department to include the ID row in their database excerpt. Me, having the lowest possible status in the company, did not know the who I wrote to was the boss over at the other department. So I ask straight forward: "Could you please include the ID row?"

Then a damn long email comes back stating that there was absolutely no time for stupid shit as mine. There existed no ID row and I would only waste his time. All further requests should be route via my boss.

So, fuck, he's pissed. So what he deserve? A shit load of honey right into his mouth, like he wants to.
That company had a huge ass hierarchy in job positions and I was at the bottom. So I write my oh-im-so-sorry-mail.

~I never knew what position he had and that I would of course fuck off with my stupid request.~

What was his response?

Oh, yeah, thanks. Have a look into the attachment, is that the ID row you requested?

Yeah, as one can guess, it was.
Stupid honeyfucker. Of course an ID row exists, duh.

God I fucking hate macs.
I got a mac at work. I tried to install ubuntu, with rather questionable results (unfortunately, I expected that) - so I tried to get mac work for me the way I like a system to work. I needed to download slack, simple enough, right? Ha, you wish. It's gotta be done through Apple store, so I went to create an Apple ID inside the Apple Store form. And, well, it just errored out on the submission. Great start. I went then to the settings and created an account there, great success, went back to Apple Store. Unfortunately being logged in at the system level doesn't mean you are logged in to the store. So, I went to log in to the store, simple enough, right? No, nothing's simple with Apple. After logging in I got a message that the Apple ID has not yet been used with Apple Store and that I need to review the account's setting. So, I click the "review" button and... I'm presented with a log in form. Yep, a perfect log in loop. I can't log in because I can't review the account but I can't review the account because I can't log in. Fun :)

You can't just go to the web admin panel for your account to review it for Apple Store, that would too be too easy. After a bit of searching I've found an answer on StackOverflow. You need to log in to iTunes. Through a fucking MUSIC APP. To install a free application from the store you need to log in to a music app. Yes, we're all mad here.

Then, after finding out that to be able to use side buttons on my mouse I need an app that I need to manually restart every time I restart the machine and that I need to have an app to fucking transfer files from an android I need another fucking app, because reading a storage of a linux-based system would be too standards compliant - something in me broke. I found out that installing windows on a mac is officially supported.

Supported doesn't mean that it's easy. I tried to install it trying different solutions from SO, but each time I would get an error that Windows couldn't modify the boot partition. Turns out that even wiping the drive and reinstalling OSX doesn't remove residual files on a boot partition and Windows installer is not allowed to modify them. It took me hunting into some shady looking site to actually find this answer. I have no fucking idea how long it all took me, but, finally, great success, Windows, WSL, side buttons working, I can even install slack from an installer. I just wish I could have those hours of my life back.

DO NOT EXPORT GPG KEYS _TEMPORARILY_ AND ASSUME THAT THEY'LL BE IN THE ORIGINAL LOCATION AFTER EXPORT!

I learnt this lesson the hard way.

I had to use a GPG key from my personal keyring on a different machine ( that I control ). This was a temporary one-time operation so I thought I might be a smart-ass and do the decryption on the fly.

So, the idiotic me directly piped the output : `gpg --export-secret-key | scp ...`. Very cool ( at the time ). Everything worked as expected. I was happy. I went to bed.

In the morning, I had to use the same key on the original machine for the normal purpose I'd use it for and guess what greeted me? - *No secret key*

*me exclaims* : What the actual f**k?!

More than half a day of researching on the internet and various trials-and-errors ( I didn't even do any work for my employer ), I finally gave up trying to retrieve / recover the lost secret key that was never written to a file.

Well, to be fair, it was imported into a temporary keyring on the second machine, but that was deleted immediately after use. Because I *thought* that the original secret key was still in my original keyring.

More idiotic was the fact that I'd been completely ignorant of the option called `--list-secret-keys` even after using GPG for many years now. My test to confirm whether the key was still in place was `--list-keys` which even now lists the user ID. Alas, now without a secret key to do anything meaningful really.

Here I am, with my face in my hands, shaking my head and almost crying.

Allright, so now I have to extend a brand new application, released to LIVE just weeks ago by devs at out client's company. This application is advertised as very well structured, easy to work on, µservices-based masterpiece.

Well either I lack a loooot of xp to understand the "µservices", "easy to work on" and "well structured" parts in this app or I'm really underpaid to deal with all of this...

- part of business logic is implemented in controllers. Good luck reusing it w/o bringing up all the mappings...
- magic numbers every-fucking-where... I tried adding some constants to make it at least a tiny bit more configurable... I was yelled at by the lead dev of the app for this later.
- crud-only subservices (wrapped by facade-like services, but still.. CRUD (sub)services? Then what's a repository for...?). As a result devs didn't have a place where they could write business logic. So business logic is now in: controllers (also responsible for mapping), helpers (also application layer; used by controllers; using services).
- no transactions wrapping several actions, like removing item from CURRENT table first and then recreating it in HISTORY table. No rollback/recovery mechanism in service layers if things go South.
- no clean-code. One can easily find lines (streams) 400+ cols long.
- no encapsulation. Object fields are accessed directly
- Controllers, once get result from Services (i.e. Facade), must have a tree of: if (result instanceof SomeService.SomeSubservice1.Item1) {...} else if (result instanceof SomeService.SomeSubservice2.Item4) {...} etc. to build a proper DTO. IMO this is not a way to make abstraction - application should NOT know services' internals.
- µservices use different tables (hats off for this one!) but their records must have the same IDs. E.g. if I order a burger and coke - there are 2 order items in my order #442. When I make a payment I create an invoice which must have an id #442. And I'm talking about data layer, not service or application (dto)! Shouldn't µservices be loosely coupled and be able to serve independently...? What happens if I reuse InvoiceµService in some other app?

What are your thoughts?

Help me think. Apparently, I have generated my little tile world. So it's basically the world map assembled from little tiles, which have their own color (pic1).
When I click on one of the plots, I want to open a 5x5 isometric tileset that represents the selected plot. (pic 2). I would like to define the amount of the mountains/water/sand/farmland by the initial RGB value of the plot. Every plot has its own id, location, position, and RGB. (pic 3). Is this possible at all or shall I look for some different approach?

One month ago, two tickets were opened by two different people for the same bug.

I picked the one with the most informations and rejected the other by giving the ID of the other ticket, and then assigned it to the person who opened the ticket.

Today, I see that ticket coming back to me, with the status back to Open, and the comments "The ID given is this ticket's ID!"
I mean, yes, I did a typo and typed a 5 instead of a 6.
They could, like, test to see if it was patched (been one month), or contact me by mail or Skype to ask me if I didn't make a typo in the comments, but no, they decided to reopen the ticket for this.

Thanks.

One intern showed me an issue he was facing. "Delete" button was not working in a HTML page he had developed, but edit button is working properly. I checked the code both buttons had same id "edit72-btn". I said to him you need to use unique id in a page.

The thing he said next made a speechless. I was just looking at his face.

He said "edit72-btn and del72-btn are almost same, couple of characters are different. Are they going to work?"

I just joined a team of a product where a user can have multiple roles. While getting familiar with the flow, I noticed that the previous developer, instead of creating a many-to-many relation of users and roles, adds the 6 records of the same user with the same email each with the different role id.

This, thankfully, I didn't create myself. A shop I recently ordered something from had the worst username / password default combo.
After registration they gave you a default Password, your zip code. And your unchangeable username is your customer id, a five digit number which just increments for each new user. And because it is a shop which is only used by people of the same region there are maybe 10 different zip codes.

For a new microservice we were designing, I recently had a design discussion with a team member on creating REST endpoints for a new entity. This discussion went on for almost 3 hours, most of the time was spent on why to have two endpoints for getting this resource, one is a POST using a graphQL-like query and another one is a GET using unique ID. I said, the client-side use case is different, one is a dashboard where search results need to be shown based on multiple fields and the unique ID won't be available there because it is a system generated value, second one will be used when the unique ID is present in the client as a result of previous search result. Their responses will be similar, first returns a list of entities, second returns a single entity of the same structure.

Then came the next argument: if both APIs are returning same response, why do we need two different requests ?

It was like saying, because 5+6=11, any sum of two numbers resulting in 11 should always use 5 & 6.

Are people so frustrated of working remotely all the time that they come with such weird arguments ?

When every related field has a god damn different way of working with the data on hand..

For example:

`tht_date` ("Y-m-d", Date) - expiration date on the product, hence, there can be multiple of the same products with a different THT

`tht_alert` ("-2 months", varchar, DateTime modify mutation string) - sending an alert when this interval is hit, and being the activator of the tht_date field (unless value is "none")

`tht_minimum` ("28", integer, quantity of days before tht_date) - to lock them from being sent out/collected.

...

How would you expect this ×not× to become a friggin' spaghetti when trying to resolve the best row ID?

These values are in the wrong spot in the first place, then they also act entirely different in relation to eachother..

I hate the person that set this up, for doing this. When is the madness going to stop...

FFS!!

i never knew id reach that point when i need to take a break from programming and everything that has been causing me so much stress for the past few days. and to be honest, it actually feels great to be focused on only one thing instead of stressing out on different projects and debugging them all at once.

in a few days, ill prolly go back to programming some side projects. its not like i can keep myself away from them...

programming is like a magnet for. that magnetic force is growing stronger day by day and im being pulled closer to it. im happy about it except for some occasions when i get too stressed.

So first rant, here goes weirdness, and also lengthy rant

So in my company we have the hr and accounting managed by the same person which also deals with all things employee related and she had a need for a way to extract a birthday from, what is in our country the personal identification number, things go great i get a formula that performs parts of the magic up to the point where the first digit of the number dictates the gender and century to be used when forming the full year, mind you only the last two digits of the year are in plain within the id number so i thy a number of ideas. After bashing around google sheets for a while ( i've got open office installed and formulas don't export well to the excel that person uses but google sheets does so i built it there).

First idea : make a few conditionals to check for the value so we have 1 and 2 for 19th century, 3 and 4 for 18th century , 5 and 6 for 20th so i go ahead and write my conditions and they fail, all evaluates to false, it cascades through the else variants up to the last one so i'm wondering if the "if" itself doesn't support the or operator, seems it does, next i think it's the bloody condition written wrong so i reevaluate my logic in php in a test script, it works as intended, then i think ok not the right function called, let's see the docs, docs confirm i'm doing it right but what was wrong was the way i was getting that first number, using left seems to produce a string although the base thing is a number, now i start searching how i can cast it, like you would normaly do when the data type is fried, value function appears to be the solution but it isn't working....now i'm thinking "ok so i have a value and different things to print out so let's look for a switch, maybe it can understand that" switch function found under the form of choice, i get it sorted but am stuck wondering why the heck was the if and value combination not working.

Simple answer to that : value doesn't work well with function results, a known bug listed by someone in a comment, a comment i have failed to read for about 45 minutes of trying to understand.

All in all it worked well for the person asking for it so it's nice.

holy shit I swear taxes are like the government trying to tell you you're a peasant to them

my medicare card is about to expire and FOR SOME REASON now the process to renew is a fucking interrogation about various documentation the government has given you. before it was just your damned name, date of birth, and a new photo for the card.

evidently they were supposed to send you snail mail 3 months before expiration. evidently also the only way to renew is get this said snail mail.
and evidently I have to go through this "catchall" change your address with everything in the government process
which is a little ironic
because
to use this service you need to give them something called a notice of assessment, which is when the government accepts your taxes they send you back one of those
well I haven't had access to my tax portal for years. I keep filing them and getting excess money back but I can't actually see any of my returns.
so I tried this time
12 pages of verification and more verification... you do one step, it says wrong info because if you have to write in 2,474 well turns out the , fucks it up and your info doesn't match what's on file and if you fail more than 3 times you'll be locked out. repeat. page after page. how many fucking pages are there? what format are they expecting? nobody fucking knows. you'll get to find out if you pass just this one more!
after about 4 hours of this shit
and they have 2 factor authorization now?! wtf.

then this next step is id verification or we snail mail you a code (WHICH AGAIN IS IRONIC)

I chose id. health card doesn't count, it notifies me later. thankfully I have a passport. bad news, passport expires this September so guess who is gonna be having more fun later
the app of course can't use my camera in the browser I have, so I start downloading fucking other browsers and finally hit one that works
also they lied. they also want a selfie. then it tells me I failed to look like myself. if you fail to look like yourself 3 times you are denied.

ok. so I try snail mail. the page says if I revoke consent to id I can go do the snail mailed code. they lied. if you revoke consent it exits the whole wizard. you enter all the verification steps again.

I try to get them to snail mail me the code. they want some basic info they asked me like 16 times now, and a postal code. ironic. well this is the tax people, so by this point I found all my previous sent in tax returns (though I can't access the government's replies). checked. yep. address all the same. put in the postal code. nope. somehow it's wrong. 3 times I put all this random info in in different ways. 5 times and I'm locked out.

now fucking what.

THE FUCKING IRONY OF
I NEED TO CHANGE WHERE I LIVE SO YOU CAN SNAIL MAIL ME SOMETHING
AND TO CHANGE WHERE I LIVE I HAVE TO CONFIRM WHERE I LIVE SO YOU CAN SNAIL MAIL ME SOMETHING FUCKING ELSE

the government just fucking dunks on you

guess we're all not having fucking medical cards anymore. all we do is pay taxes, and can't even see the paperwork to those taxes we pay.

This story happened to everyone, and i am sure that if i search, i will find dozens of similar stories, but the different here is, i tried, i really tried, in a hundred different ways to achieve my goal !

When you are stuck on a problem, let's say, that you have a program, project, website ... and need to achieve something technically weird (or hard) and need some help to save you time on experimentations. The first thing a lot of people do is : Google.com && put search dorks.

But, at a moment, google gets "dirty", you use it so often that he always think to know better then you what you are looking for.

It reminds of "Ted", the movie (for thows who know it) where they asked : "Hey ! Why does google always suggest us to look for black dicks ??"

It is exactly what happened to me, i got results who doesn't have anything to do with what i was looking for !

You can give it a try now : type "semantic web RDF to RDB"

You won't find anything, except results related to : NOSQL DBs, which is totally annoying.

Something else, i once google swift to get some updates, what results did i got ? Taylor Swift ... (musician)

I often get 2 or 3 results from google, which made me thinking that i somewhat reached the end of internet, or that people are so dumb that i will have spend hours trying to figure my solutions, but, before doing that, other solutions had to be tested.

1- TOR : Google tracks his users and uses its algos and bullshits to return results as close as possible to the user's demand (big fail ...) so how about moving to a different country ? DL TOR browser, open, setup, go to US, open google (got us version YAY !) enter my keywords, and, nothing, still nothing, more results for sure, but nothing related to what i was looking for.

2- VM
Pop a VM, launch TOR, use Hidden mode, delet all cookies and stuff (it is a new VM but who knows).
Use keywords (now in UK). Here they are !! my results !!! i finally found some decent results about my keywords !

But, i have the required knowledge to do this kind of stuff, but how about people who rely heavily on google ? they can't change country, clear everything, trick google to think you are a new user, they have almost biased and flawed results. I tried duckduckgo (i love them) but they are not that efficient.

Google says not to anything evil, but they ARE EVIL, miss guiding people, suggesting corrections who have nothing to do with the keywords, or results totally unrelated in any way to the keywords while results exist in other countries ???

Ever since, i don't pay attention to google at all, and started thinking that google's algos are manipulating people, i don't know if it is done on purpose or not, but the result is the same, people have biased results based on their country, on their tag, on their ID, and the recent keywords.

During that period i was cursing google every funcking day, and i am still doing it, too much trackers, too much manipulation, i will end-up enclosing myself in darknet.

Wonderful experience today

I'm scraping data from an old system, saving that data as json and my next step is transforming the data and pushing it to an api (thank god the new system has an api)

Now I stumbled upon an issue, I found it a bit hard to retrieve a file with the scraper library I'm using, it was also quite difficult to set specific headers to download the file I was looking for instead of navigating to the index of the website. Then I tried a built-in language function to retrieve the files that I needed during the scrape, no luck 'cause I had to login to the website first.

I didn't want to use a different library since I worked so hard and got so far.

My quick solution: Perform a get request to the website, borrow the session ID cookie and then use the built-in function's http headers functionality to retrieve the file.

Luckily this is a throwaway script so being dirty for this once is OK, it works now :)

We had made an api which had endpoints for each different domain model, so /user, /company, the usual. Beyond being restful they all had basic filtering and pagination.

We also had an endpoint to return an entity from any set based on guid for when you needed to attach the related entity to notifications and logging and such.

We received a bug report on how you couldn't use filtering or pagination on this endpoint, and after weeks of asking what they need it for we just had to implement it.

You can imagine how non-trivial it is to "just" filter across different datasets, but we eventually got it working so now you can get a user via /user/123 or /entity?type=user&id=123. They only use it for one type and id at the time.

Was trying to act super smart.
Created a *special* email account so that I could store all my passwords (and some email ids too) for different sites in which I logged in (development related sites).
Went on a vacation for a few days.
Came back and realized that I had forgotten the email id of that special account.
Fuck my life.

HOLY FUCK! Why is JS world so fucking confusing? I haven't even started learning it and its already giving me a headache. I feel like there are a billion different things i have to learn that aren't just "vanilla js". All i want to do is learn some web dev, take on freelance work, become a digital nomad. Im a simple C++ and ios/android developer things are so straight forward. JS seems like a clusterfuck of just stuff 😧 Id like to say this isnt a my language is > than yours rant. This is a "like what the fuck" rant. My brain was like Html, Css, JS cool thats all i have to learn... boy was i wrong. Can someone give me a word of wisdom as i go down this apparent rabbit hole?

Control your searches like an ADULT damn it!!!

So we have records that can have any of a bazillion different reference numbers associated with them. No big deal. Everyone does right?

Our customer's love to run reports and so we have this one option for "just look at a hell of a lot of reference numbers". I call it the 'fuck all' search.

Really it is just there to find something that you don't know where a rando string or number might be in the record and just want to do a "fuck all" search across a number of likely fields to find it... and then presumably you'd be an adult and refine your search from there. LOL yeah right...

Customers get lazy and include that stupid option in their reports and we get a lot of.

Customer: "I always run this report (that includes the fuck all search) and now it isn't working. I want records that have ID 2222."

Me: "Yeah well that was only working because you were rando typing '2222' in like several fields and it would find those .... but now you quit doing that so it won't find them. If you want ID 2222, click the drop down and search by 'ID'. That will find it right away."

Customer: "But I want to just search by 'fuck all search' to find it..."

Me: "But then you get all these other records too right?"

Customer: "Yeah but I just delete them out of the spreadsheet ... "

Me: "Look watch this <screen share> there, look all records with an ID of 2222 and no more extra records you need to delete!!! How great is that?"

Customer: "But why do I have to do it this way now, I want to do it the old way..."

ಠ_ಠ

(granted I could add their ID to the fuck all search but we try to avoid adding too much because it gets out of hand / stops being useful the more fuck all it gets)

Am I in developer hell already? A shitty project is about to come to an end (hopefully), or should I rather say: It needs to come to an end. But I am still quite lost in how to deal with it, hence procrastinating on it - making the deadline come closer and with it the realization that I'll probably have to rewrite almost everything. I'm not sure how, but I do know that the current code is a dumpster fire.

Basically what I need to do is dealing with the APIs of different payment providers/gateways (like PayPal, AmazonPay). For most cases I'll get a payment ID from the shop and need to act on it later, e.g. capture the authorized money in the case of a credit card transaction or do refunds (without user interaction, unless there is an error). Now at first I put something together where I try to abstract the payment information into two tables:
orders{1}<->{0..n}payments
payments{1}<->{1..n}paymentDetails

Unfortunately trying to abstract the different payment methods and to squeeze them (and their different possible stati and functions) in these tables was not very successful, it's a total mess with magic numbers, half-broken behavior and without any consideration for partial payments/captures or unfinished requests (i.e. if there is an exception before the response is dealt with, there is no indication that anything has ever been sent). Also the current amount is calculated through the history of the paymentDetails table, which basically works differently for each payment type.

How to fix this mess in a way that I'll still have a job by next week?

I'm trying to improve the db schema first, as I think my biggest problems are lying there. Through some research I've come across a recommendation for making payment type specific subtables (with a magic number/string in the main table to prevent having to look up all subtables). That way I can record what I send and receive without having to abstract it too much, so I'll have an acceptable transaction log. The paymentDetails table can be removed (necessary fields go to the payments table). The payments table gets multiple fields for the amount (differentiating between open, authorized, captured, processing and refunded values) and always reflects the current status.

Tables:
payments
paymentRequestsPaypal
paymentRequestsAmazonpay
paymentRequestsXyz

I think I'm going in the right direction here. hm. Maybe there's some light at the end of this long, dark tunnel. Or a train. I'll have two days to find out.

Hello Apple,
Fuck you, more than a month trying to open a developer account without any chance, lot of fucking emails.

Lesson 1:
If you’re from a country and put a phone number from another country you will never be able to open a developer account? How did I know that? From my experience and many other people, but Apple just says: Error, that’s it you figure it out !

Lesson 2:
If you pay using a card on which the name is different than the name in the developer account, you have to wait longer and provide more documents. How did I know that? After fucking 5 tickets and more emails asking why my account is not ready yet, then they answered they need a document to verify my identity. If you don’t do that you will just rot waiting.

Lesson 3:
If they need an ID document, you have to email them first and ask why you’re account is not available yet, if you don’t you will just rot waiting.

Context: at my current job I work as a product photographer as well as studio admin. On side I go online to different brands websites in search for product images (if we haven't the product in store yet).

Now the banger, I searched for some peacoat colored pants but the brand didn't put it out yet. Pulling out some Super AI hacks I changed some stuff and things in the URL (color ID + small amount of ?doThisAndThatPhP) and... BOOM result! Right color, high Res image. The Color isn't searchable or shown via Google or the brands page, but the image is already on their server 🤔*yoinking the image*

Just wanted to share it with you guys 👌 none at my coworkers speak computer 😔

cheers ☕

Getting a CodinGame puzzle's description without scraping the page.

I spent hours playing with different endpoints and changing values in postman, all to no avail. The most promising endpoint also returned user progress, which requires authentication, which requires a dummy account, which is against their ToS (it is allowed to reverse engineer the API though).

Turns out you just had to submit “null” for your user ID and it would remove the progress field.

Why is this tagged bad design?

["puzzle-id-string", user-id-as-int]

For almost anything, you POST json arrays...

Send help.

We were refining a tech debt issue about aligning the names and types of the same reference id on different response models. This is to not confuse our API users and make it more intuitive.

Discussion was wrapping up as we all agreed it was a no-brainer and pretty straight forward.

Then suddenly, one colleague goes: "But what's the benefit?"

Errrm...

We had an issue where a query to a db replica set was returning duplicates randomly when paging. Aka each HTTP call for next N results was hitting different dbs with same/copy data.

No one could figure out why... I look at the query and ask where's the ORDER BY ID?

These guys were interviewing ppl last week and saying how even they could solve algo questions they were asking candidates.

And so to explain the problem, I'm like "tell me what's the difference between a list and a sorted list?"

#why algo questions suck at predicting job performance

Ok. I GIVE UP! ...for at least a couple hours...

I'm not a big believer in... well anything suitable to the literal definition of believe. But there's only so much 'wtf? How is this even possible?' and any answer u can come up with is nearly statistically impossible...

I am a neuro-atypical (and just extremely atypical even if i somehkw was neurotypical) being, based on logic, finely calculated statistical probability and the most raw data and as unbiased as realistically possible, algorithms and interpretation (usually recursive pattern recognition with several highly detailed historical sources.

...but at some point statistical improbability and a collation of separate, yet relatively closely occuring events/circumstances makes logic, itself a primary suspect of corruption.

What was the breaking point that caused me to (temporarily) give up and tell logic to f off for a bit cuz maybe the illogical and mythical is the real logic, leaving me in a losing battle with 'the' fates?

Trying to get all my sourcing/purchase orders in/paid for/on the literal boats b4 end of the workday/week in china...
1st, had to drop a supplier cuz they have limited reps. When the one ive had 7+ years left, i got the aloof blonde girl societal trope of a rep... who for the 2nd time (despite the several very blunt complaints above her, incl me) she sent out a promotional update to the entire client list (ie, inherently competitors) as CC not BCC... over 200 business email accounts with tailored info of their sourcing.

2- totally diff company/ industry a former rep i was glad be rid of apparently just sfarted back for "awhile" as i needrf to restock/scale...apparently she forgot everything we discussed at length... lke if you want a chance on my business im not gonna be wasting time looking through your gui "mini store to then inquire about everything individually insead of a simple spreadsheet(which i print and put in a 3-ring binder rotating current catalogues in the same format i require everywhere)

3.dog was an ahole, my packed schedule got delayed and morphed.. a bunch of little bs thatd normally have no extra thought impact, hyperfocused forgetting one of my alarms til i realised my idiopathic fever was back and i didnt take/apply meds (pain/muscle relaxers mainly so despite this odd free time and needing to shower. I gotta sit on my rear, leg elevated/non-productive far 40min b4 i can shower (as functional legs and lack of syncope is almost a req to shower)

4. A new-ish rep of a company/factory i like/respect enough to not mention in relation... he makes invoice 1.. slight error thst was easily resolved...#2 was flawless... he goes to officially generate the contract(alibaba... verrrry simple with lots of extra explanation buttons). Price and all items match, its near workweek end so i was waiting for it so i could quickly pay/have it on the boat b4 it left and few fdav days are behind...

I put in card info, get to the 2 cbeck boxes (imo should be only 1 but whatever) asking if billing address is same ss delivery(its always default yes)... then i see a few lines in chinese (i can read enough for business negotiations... typical words/sentences innately look different than things like individual letters/address and postal indicators.) After a few loops of double checking, mentally trying to dismiss my i Intial judgement cuz it'd be too ridiculous... even resorted to google .... nope... initial wtf was spot on... recipient name/address was indeed the company(multi factory producer)i was purchasing a wholesale, via sea freight, bulk of products from.

Im pretty sure the system would've flagged it as an invalid contract within an hr... but seriously... ive been handling alibaba (and other) international sourcing since before high school(mainly small businesses i made sites/little tools for that found anything with a light up screen intimidating) and a purchase then shipment to the originating company/factory actually entered into a contract(the form is sooo simple)... im faced with ridiculously improbable obstacles actually existing and changing in such nonsensical statistically improbable ways so often that 1. I wouldn't trust a dr (or most humans) that didnt 1st assume i was crazy of some form...unfortunately im not, despite hkw much simpler and probable itd be 2. Id be super suspicious/converned if statistic norms were my norm for over a day.

But seriously wtf???

Someone give me some wisps of a frame of ref here... where's a typical 'fuck this, im out!' Breaking point?

Hey DevRant fam :-) hope everyone is doing very well wherever you may be!, i'm currently on my uni break for roughly 3 or so weeks which is fabulous, now i do not have much experience with finance or crypto-currencies!, but i'd like to do something a bit different.

This is something i'd hope to put onto my portfolio, so my idea is something on the lines of a stock market simulator BUT with Crypto currencies, i've been asking people around uni but no help unfortunately!.

So its very similar to a stock market simulator app if you look at things like "Investopedia Stock market simulator" its very much the same concept. The user has x amount of USD or AUD (as an example) and they can buy BTC or Ripple and it either goes up in price or down :-).

So guys that's something id like to create :D i definitely know its difficult and i'm not so sure on how to start :-). If its possible to get some advice on how to start i'd greatly appreciate it!.

Hope you have a wonderful day/night where-ever you are!

(I apologize for rambling on)
Best
Milo :-)

So I'm new to NestJS, Node, etc. and I just noticed that the guy working on the API made every request call a different service class, instead of using a single service class. For example.

get() {
return await this.getObj.run()
}

post(myDto){
return await this.storeObj.run()
}

update(myDtoUpdate){
return await this.updateObj.run()
}

And I'm not sure why. He's also injecting the request into those classes, instead of passing the DTO to the method call. I mean, it's still injecting the data into it I guess, but it seems so roundabout. Something like this:

public constructor(
@Inject(REQUEST) private request: Request,
){}

I'm scared, but I'm not sure if it's just my own ignorance or a sixth sense telling me that this is gonna be a mess.

Have you seen APIs implemented this way? I can see the benefit of dividing the code into smaller classes, but it just seems overkill to me, specially when there's a big chance that code will be repeated (getting an entity by ID when updating it, for example).

I'm still in time to kill this with fire before a new monster is born though, so that's something.

I recently started working on laravel. As the community says it was easy to get along with the framework and its methodologies. But then i had to do multiple login with framework in same domain.

Oh man, i spent a week to make it work. All those guards and middlewares realted to login was driving me crazy. The concept was clear, but somehow the framework was like "You! I shall make you spend a week for my satisfaction". The project demo was nearing and i was doing all kind of stuff i found. Atlast after continous tries it worked. Never in my 4+ years as a developer i had to face such an issue with login.

So here is how it works,if anyone faces the same issue:
(This case is beneficial if you're using table structures different from default laravel auth table structures)

1. Define the guards for each in auth.php
Eg:
'users' => [
'driver' => 'session',
'provider' => 'users',
],
'client' => [
'driver' => 'session',
'provider' => 'client',
],
'admin' => [
'driver' => 'session',
'provider' => 'admins',
],

2. Define providers for each guards in auth.php
'users' => [
'driver' => 'eloquent',
'model' => <Model Namespace>::class,
'table' => '<table name>', //Optional. You can define it in the model also
],
'admins' => [
'driver' => 'eloquent',
'model' => <Model Namespace>::class,
],
'client' => [
'driver' => 'eloquent',
'model' => <Model Namespace>::class,
],

Similarly you can define passwords for resetting passwords in auth.php

3. Edit login controller in app/Http/Controller/Auth folder accordingly
a. Usually this particular line of code is used for authentication
Auth::guard('<guard name>')->attempt(['email' => $request->email, 'password' => $request->password]);
b. If above mentioned method doesn't work, You can directly login using login method
EG:
$user = <model namespace>::where([
'username' => $request->username,
'password' => md5($request->password),
])->first();
Auth::guard('<guard name>')->login($user);

4. If you're using custom build table to store user details, then you should adjust the model for that particular table accordingly. NOTE: The model extends Authenticatable
EG
class <model name> extends Authenticatable
{
use Notifiable;

protected $table = "<table name>";

protected $guard = '<guard name>';

protected $fillable = [
'name' , 'username' , 'email' , 'password'
];

protected $hidden = [
'password' ,
];

//Below changes are optional, according to your need
public $timestamps = false;
const CREATED_AT = 'created_time';
const UPDATED_AT = 'updated_time';

//To get your custom id field, in this case username
public function getId()
{
return $this->username;
}
}

5. Create login views according to the user types you required

6. Update the RedirectIfAuthenticated middleware for auth redirections after login

7. Make sure to not use the default laravel Auth routes. This may cause some inconsistancy in workflow

The laravel version which i worked on and the solution is for is Laravel 6.x

whats different between fx:id and id in javafx

Okay soo I’m not a database guy.. I’m an embedded engineer but I’m helping one of my interns make a hardware tracking database... so we are tracking assembled products (dev samples).. but also tracking the pcbs within the product.. depending on the product it might have more than one pcb or contain other components to track.

The question is how would I set up the relationship in the tables, so depending on the say “type id” of the product it would link to a table full of feilds specfic to that “type”.. say the product is of type phone and has a pcb of this and a camera of that.. blah blah blah.... but say another product is of type “washing machine”.. which has no screen, it has a different pcb, but also has other things..

There would be a type table .. washing machine, phone, tv, camera, pcb, ecu.. etc.. but those type would need their own tables...

I guess the question is how to relate a field to different tables depending on the value of the field... is this portion all done thru query results and logic rather than pure data base schemas?

What would be the question in terms of database lingo to google search the answer lol

We have a form for order entry, where the colleague have to put the VAT number of the customer, bc the customer might not be encoded in pur db. After a while I checked the inserted record, and saw strange numbers, that resemble customer ID. After pointing out at colleague I receive this answer: "well, few of those have an ID, and I didn't want to look after VAT number. I think it's the same, no?"

... I think I need yoga in my life...