Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
ARGH. I wrote a long rant containing a bunch of gems from the codebase at @work, and lost it.
I'll summarize the few I remember.
First, the cliche:
if (x == true) { return true; } else { return false; };
Seriously written (more than once) by the "legendary" devs themselves.
Then, lots of typos in constants (and methods, and comments, and ...) like:
SMD_AGENT_SHCEDULE_XYZ = '5-year-old-typo'
and gems like:
def hot_garbage
magic = [nil, '']
magic = [0, nil] if something_something
success = other_method_that_returns_nothing(magic)
if success == true
return true # signal success
end
end
^ That one is from our glorious self-proclaimed leader / "engineering director" / the junior dev thundercunt on a power trip. Good stuff.
Next up are a few of my personal favorites:
Report.run_every 4.hours # Every 6 hours
Daemon.run_at_hour 6 # Daily at 8am
LANG_ENGLISH = :en
LANG_SPANISH = :sp # because fuck standards, right?
And for design decisions...
The code was supposed to support multiple currencies, but just disregards them and sets a hardcoded 'usd' instead -- and the system stores that string on literally hundreds of millions of records, often multiple times too (e.g. for payment, display fees, etc). and! AND! IT'S ALWAYS A FUCKING VARCHAR(255)! So a single payment record uses 768 bytes to store 'usd' 'usd' 'usd'
I'd mention the design decisions that led to the 35 second minimum pay API response time (often 55 sec), but i don't remember the details well enough.
Also:
The senior devs can get pretty much anything through code review. So can the dev accountants. and ... well, pretty much everyone else. Seriously, i have absolutely no idea how all of this shit managed to get published.
But speaking of code reviews: Some security holes are allowed through because (and i quote) "they already exist elsewhere in the codebase." You can't make this up.
Oh, and another!
In a feature that merges two user objects and all their data, there's a method to generate a unique ID. It concatenates 12 random numbers (one at a time, ofc) then checks the database to see if that id already exists. It tries this 20 times, and uses the first unique one... or falls through and uses its last attempt. This ofc leads to collisions, and those collisions are messy and require a db rollback to fix. gg. This was written by the "legendary" dev himself, replete with his signature single-letter variable names. I brought it up and he laughed it off, saying the collisions have been rare enough it doesn't really matter so he won't fix it.
Yep, it's garbage all the way down.16 -
I'm fixing a security exploit, and it's a goddamn mountain of fuckups.
First, some idiot (read: the legendary dev himself) decided to use a gem to do some basic fucking searching instead of writing a simple fucking query.
Second, security ... didn't just drop the ball, they shit on it and flushed it down the toilet. The gem in question allows users to search by FUCKING EVERYTHING on EVERY FUCKING TABLE IN THE DB using really nice tools, actually, that let you do fancy things like traverse all the internal associations to find the users table, then list all users whose password reset hashes begin with "a" then "ab" then "abc" ... Want to steal an account? Hell, want to automate stealing all accounts? Only takes a few hundred requests apiece! Oooh, there's CC data, too, and its encryption keys!
Third, the gem does actually allow whitelisting associations, methods, etc. but ... well, the documentation actually recommends against it for whatever fucking reason, and that whitelisting is about as fine-grained as a club. You wanna restrict it to accessing the "name" column, but it needs to access both the "site" and "user" tables? Cool, users can now access site.name AND user.name... which is PII and totally leads to hefty fines. Thanks!
Fourth. If the gem can't access something thanks to the whitelist, it doesn't catch the exception and give you a useful error message or anything, no way. It just throws NoMethodErrors because fuck you. Good luck figuring out what they mean, especially if you have no idea you're even using the fucking thing.
Fifth. Thanks to the follower mentality prevalent in this hellhole, this shit is now used in a lot of places (and all indirectly!) so there's no searching for uses. Once I banhammer everything... well, loads of shit is going to break, and I won't have a fucking clue where because very few of these brainless sheep write decent test coverage (or even fucking write view tests), so I'll be doing tons of manual fucking testing. Oh, and I only have a week to finish everything, because fucking of course.
So, in summary. The stupid and lazy (and legendary!) dev fucked up. The stupid gem's author fucked up, and kept fucking up. The stupid devs followed the first fuckup's lead and repeated his fuck up, and fucked up on their own some more. It's fuckups all the fucking way down.19 -
If nobody hates you, you're doing something wrong ~ House MD
Tl;Dr : I'm pissing the right people off and my God I like it
That's what I've known and have confirmed doing my current side project with my gf, we are working on a ratemyprofessors clone with extra spicy features, one in particular is so spicy some teachers will be put in a position in which they would rather grind hot peppers with their butt cheeks.
Don't get me wrong, there are good teachers (some of which actually showed support) but some are not good teachers and some aren't good people either; I've decided it's time to stop complaining and take action.
We recently released an alpha and I presented it to a teacher I had this semester (one of the "not so great" kind) as a DB proyect cuz fuck it I'm not doing 2 projects.
This teacher is your run of the mill "I'm lazy and I don't care" teacher and she ran the classroom like a shitty kindergarten, so much so, one of the teams was presenting a buggy admin site as their project and she started talking on the phone! Right up on their faces!!
My turn, I go up and handle her a 30 page printed thesis of my project and said that unlike my mates, I was going to start presenting the idea and then the actual software...why is it printed?, She said; Because I won't be projecting the PDF ma'am, I actually made a professional presentation and that way you can read more technical details while I give a broad overview...
I started talking about the huge issues students face and my research about it, undisciplined teachers, no class structure ~ abrupt interruption ~ "yeah I know like, you are giving so much statistics and numbahs but where is the database?"
I got pissed off because the whole purpose of printing and giving her the docs was for her to ask specific questions AT THE END! So I told her I was getting there and to ask questions at the end...I start showing off the system's sweetest features... everyone got quiet...a girl on the front row kept looking at the teacher and then back to the board with her eyes wide open, the teacher was visibly upset.
I asked someone to please help me by using the site being projected for everyone to see, he searched the teacher's name and it obviously popped up cuz I scrapped the whole teacher index site... some people gasp and others start murmuring.
She freaked and started arguing saying that frontend can't be just HTML and CSS, where did you mentioned x and y feature? admit it's just teacher evaluations! where did you get the teacher names? I want the scripts!....it went on even 10 minutes after class and the next class with a police like interrogation.
So yeah, something tells me I'm not getting an A, but I'm happy after all because that's the kind of reaction I want from those types of professors.
Worth it 😎
8 -
Java's shitshow, or why I'll never like java, the language:
The fact that you cannot read the length of an iterable at any point in time without iterating through it. Did I just read this from DB? Yes, I did. Do I know how many items I read? No. Why? Because fuck the designers of this shit language and all its shitty third-party libraries. 😠😠😠19 -
Urgh, fucking excel!
Why the fuck can't you handle a few thousand calculations you dumb ass piece of shit.
I am this close to... fuck, it crashed. 🤦♂️
I fucking give up.
Time to strap this data to a DB instead.7 -
Not the worst, but probably the only one I can sort of explain & not get into trouble for NDA breach..
Umm.. here it goes.. wrong id returned from db procedure, tried to do something on db with that id and got exception that the id doesn't exist. Instead of checking why the procedure returns nonexistent id, he just wrapped everything in try catch without any logs.. & of course, didn't tell anyone about this.. o.0
I know, I know, code review could have prevented this, but holy fuck..
Guy's cv had more experience than I have now, so at the time, I didn't think I'd have to check every line of code he wrote, especially not for shit like this.3 -
EoS1: This is the continuation of my previous rant, "The Ballad of The Six Witchers and The Undocumented Java Tool". Catch the first part here: https://devrant.com/rants/5009817/...
The Undocumented Java Tool, created by Those Who Came Before to fight the great battles of the past, is a swift beast. It reaches systems unknown and impacts many processes, unbeknownst even to said processes' masters. All from within it's lair, a foggy Windows Server swamp of moldy data streams and boggy flows.
One of The Six Witchers, the Wild One, scouted ahead to map the input and output data streams of the Unmapped Data Swamp. Accompanied only by his animal familiars, NetCat and WireShark.
Two others, bold and adventurous, raised their decompiling blades against the Undocumented Java Tool beast itself, to uncover it's data processing secrets.
Another of the witchers, of dark complexion and smooth speak, followed the data upstream to find where the fuck the limited excel sheets that feeds The Beast comes from, since it's handlers only know that "every other day a new one appears on this shared active directory location". WTF do people often have NPC-levels of unawareness about their own fucking jobs?!?!
The other witchers left to tend to the Burn-Rate Bonfire, for The Sprint is dark and full of terrors, and some bigwigs always manage to shoehorn their whims/unrelated stories into a otherwise lean sprint.
At the dawn of the new year, the witchers reconvened. "The Beast breathes a currency conversion API" - said The Wild One - "And it's claws and fangs strike mostly at two independent JIRA clusters, sometimes upserting issues. It uses a company-deprecated API to send emails. We're in deep shit."
"I've found The Source of Fucking Excel Sheets" - said the smooth witcher - "It is The Temple of Cash-Flow, where the priests weave the Tapestry of Transactions. Our Fucking Excel Sheets are but a snapshot of the latest updates on the balance of some billing accounts. I spoke with one of the priestesses, and she told me that The Oracle (DB) would be able to provide us with The Data directly, if we were to learn the way of the ODBC and the Query"
"We stroke at the beast" - said the bold and adventurous witchers, now deserving of the bragging rights to be called The Butchers of Jarfile - "It is actually fewer than twenty classes and modules. Most are API-drivers. And less than 40% of the code is ever even fucking used! We found fucking JIRA API tokens and URIs hard-coded. And it is all synchronous and monolithic - no wonder it takes almost 20 hours to run a single fucking excel sheet".
Together, the witchers figured out that each new billing account were morphed by The Beast into a new JIRA issue, if none was open yet for it. Transactions were used to update the outstanding balance on the issues regarding the billing accounts. The currency conversion API was used too often, and it's purpose was only to give a rough estimate of the total balance in each Jira issue in USD, since each issue could have transactions in several currencies. The Beast would consume the Excel sheet, do some cryptic transformations on it, and for each resulting line access the currency API and upsert a JIRA issue. The secrets of those transformations were still hidden from the witchers. When and why would The Beast send emails, was still a mistery.
As the Witchers Council approached an end and all were armed with knowledge and information, they decided on the next steps.
The Wild Witcher, known in every tavern in the land and by the sea, would create a connector to The Red Port of Redis, where every currency conversion is already updated by other processes and can be quickly retrieved inside the VPC. The Greenhorn Witcher is to follow him and build an offline process to update balances in JIRA issues.
The Butchers of Jarfile were to build The Juggler, an automation that should be able to receive a parquet file with an insertion plan and asynchronously update the JIRA API with scores of concurrent requests.
The Smooth Witcher, proud of his new lead, was to build The Oracle Watch, an order that would guard the Oracle (DB) at the Temple of Cash-Flow and report every qualifying transaction to parquet files in AWS S3. The Data would then be pushed to cross The Event Bridge into The Cluster of Sparks and Storms.
This Witcher Who Writes is to ride the Elephant of Hadoop into The Cluster of Sparks an Storms, to weave the signs of Map and Reduce and with speed and precision transform The Data into The Insertion Plan.
However, how exactly is The Data to be transformed is not yet known.
Will the Witchers be able to build The Data's New Path? Will they figure out the mysterious transformation? Will they discover the Undocumented Java Tool's secrets on notifying customers and aggregating data?
This story is still afoot. Only the future will tell, and I will keep you posted.6 -
I just told my director that the solution for a particular problem that we have involves Machine Learning. For which I had already applied a VERY small app to make sense of an old database to make a NEW one since the old one broke every notion of how a db is supposed to be set (meaning that I recreated the project from scratch)
And on the same message I told him that I was not willing to do it using M.L since I was not paid enough to bring this level of heat to the institution.
Normalize telling mfkers that your skills are worth more.
I am paid well, but not enough to out of the blue tell mfkers that my ml based algo can save them./
Fuck em, fuck em hard, fuck em good, fuck em without even using spit.
I don't do this shit because I am paSSiOnate, since there lies the trap: "I mean, I love it so I guess I can do it, I do this on my free time either way" <---- no bitch, shit is expensive on the real world, don't do that wtf is the matter with you? *slaps* companies don't see it as a: "oh shit, employee X can do this! value!" they see it as "greaaaaat, I can save money on this", so fuck em.
Normalize it, y'all are wizards, advisors of kings, no company today survives without I.T. About motherfucking time y'all bitches take this shit by the horns and do with it what you want.
People form third world countries that need work: shit don't apply to you, currently, but we will make it apply to you on the rising, my kings, stay strong.4 -
Today another story in this stupid company:
A freelancer created a feature to pay orders online . It took him 3 months (!)
Problem: sometimes people pay, but orders are not stored. Every morning, it takes 1 hour to check in db if the orders are stored, and if not, create them manualy
Yes, orders are created after payment.
Manager wants to fix it by creating the order before the payment, in 3 days (!)
Turns out that the freelancer has written a lot of obsolete code, I now have to clean up. 3 fucking months vs 3 fucking days!
And on top, the shoppingcart was stored in localstorage! (Already fixed by now)
Fuck this, I'm getting another wodka4 -
Okay so my brother in law has a laptop that is... To put it mildly, chockful of viruses of all sort, as it's an old machine still running w7 while still being online and an av about 7 years out of date.
So my bro in law (let's just call him my bro) asked me to install an adblock.
As I launched chrome and went to install it, how ever, the addon page said something like "Cannot install, chrome is managed by your company" - wtf?
Also, the out of date AV couldn't even be updated as its main service just wouldn't start.
Okay, something fishy going on... Uninstalled the old av, downloaded malware bytes and went to scan the whole pc.
Before I went to bed, it'd already found >150 detections. Though as the computer is so old, the progress was slow.
Thinking it would have enough time over night, I went to bed... Only to find out the next morning... It BSoD'd over night, and so none of the finds were removed.
Uuugh! Okay, so... Scanning out of a live booted linux it is I thought! Little did I know how much it'd infuriate me!
Looking through google, I found several live rescue images from popular AV brands. But:
1 - Kaspersky Sys Rescue -- Doesn't even support non-EFI systems
2 - Eset SysRescue -- Doesn't mount the system drive, terminal emulator is X64 while the CPU of the laptop is X86 meaning I cannot run that. Doesn't provide any info on username and passwords, had to dig around the image from the laptop I used to burn it to the USB drive to find the user was, in fact, called eset and had an empty password. Root had pass set but not in the image shadow file, so no idea really. Couldn't sudo as the eset user, except for the terminal emulator, which crashes thanks to the architecture mismatch.
3 - avast - live usb / cd cannot be downloaded from web, has to be installed through avast, which I really didn't want to install on my laptop just to make a rescue flash drive
4 - comodo - didn't even boot due to architecture mismatch
Fuck it! Sick and tired of this, I'm downloading Debian with XFCE. Switched to a tty1 after kernel loads, killed lightdm and Xserver to minimize usb drive reads, downloaded clamav (which got stuck on man-db update. After 20 minutes... I just killed it from a second tty, and the install finished successfully)
A definitions update, short manual skimover, and finally, got scanning!
Only... It's taking forever and not printing anything. Stracing the clamscan command showed it was... Loading the virus definitions lol... Okay, it's doing its thing, I can finally go have dinner
Man I didn't know x86 support got so weak in the couple years I haven't used Linux on a laptop lol.9 -
So about two months ago in my consulting firm I was asked to replace a colleague on a project (node and Angular). The project is only a few months old but it’s already a total clusterfuck. DB is very poorly designed. It’s supposed to be a relational database but there’s not a trace of a foreign key or any key for that matter and I’ve seen joins like tableA.name = tableB.description (seriously, that’s your relation??). The code is a mess with entire blocks of code copied from another project and many parts of the code aren’t even used. He didn’t even bother renaming variables so they would make sense in the context they were shamelessly thrown into. The code is at best poorly typed if not typed at all.
During our dailies I sometimes express my frustration with my other colleagues as I very politely allude to my predecessor’s code as being hard to work with. (They are all “good friends" with him). I always get the same response from my colleagues: "yeah but you’ve gotta understand Billybob was under a lot of pressure. The user stories were not well defined. He didn’t have time to do a proper job". That type of response just makes me boil inside.
Because you think I have time to deal with this shit? You don’t think I’m working with the same client and his user stories that are barely intelligible? How long does it take to write type definitions for parameters going into a function? That’s right, 30 seconds at most? Maybe a minute if it’s a more elaborate object? How much time do you think you’ll save yourself with a properly typed function or better yet an interface? Hard to tell but certainly A LOT MORE than those 30 seconds you lost (no, the 30 seconds you INVESTED) in writing that interface!!!
FUCK people with their excuses! Never tell me you don’t have time to do a proper job! You’ve wasted HOURS of my time just because you were too fucking lazy to type your functions, too lazy to put just a little more thought into designing your tables, too lazy to rename a variable so that it’s name actually makes sense where it’s being used. It’s not because you were short on time. You’re just lazy!
FUCK!!!!!!4 -
GraphQL fans, please read the whole rant until you jump in the comments.
I get it, when you have multiple data sources (that aren't always proper databases), your stuff is relevant.
But most of the people use GraphQL when they have a single database. In that case, native joins are always faster than GraphQL dataloader N + 1 BS you have. It takes less time and less code to go to the backend and write an endpoint for the frontend with a DB query than write several GraphQL ones on the frontend and then combine the data with imperative JS. It will work faster too.
So why the fuck should I use GraphQL at all?29 -
Fuck sequelize, the bloody query generated by the "ORM" give diferent result on the same DB if you trie it on dBeaver (works fine) vs node (shit results).
order DESC have 0 effect on sequelize, but it appears on the logger as part of the query.
I just want to go to sleep ffs.7 -
Holly fucking crap
i feel like my brains will just start oozing out
my fucking system isn't loading data properly in the table from a db despite following tutorials exactly the same
FUCK THIS SHIT!!!!!!!!10 -
I work in a small team. As the senior dev I tens to focus on important tasks that shape the core of the product but some times I can’t divide my self when there are multiple tasks at hand, so I pass some tasks to the an other mid level dev.
So the task was to create an automation in order to CD (continuously deliver) an order from WHMCS of the (git versioned) product to customers UAT, PROD envs.
To get a background this is an old guy with “constricted” experience in PHP/jQuery/Joomla/Wordpress.
So when we were breaking up the tasks he told me he would like to implement this so i gave him the task as i was busy with core features.
I was like what could go wrong? I know he doesn’t know much about CI/CD but he can read right? He will google right? He will search for CI/CD solutions that do this out of the box right? He will design on paper or what ever and do small POCs right? He will design the flow first before starting the implementation right? RIGHT?
So fast forward to today I had a call with him this morning about some DB staff. And he wanted to show me his progress…
His solution is:
(parentheses is my brain)
1. Customer completes WHMCS order (perfect)
2. Web Hook 🪝 action (YES)
3. cpanel gets source and “automatic!” Init, all using pure PHP code ignoring the usage of the current framework (ok… something is missing)
4. cpanel web hooks(?) WHMCS to send email to customer with the envs initial setup page(?)
5. Customer opens link and adds setup info (ok fuck, fuck, fuck)
(Ok stay cool composed, lets ask some questions maybe he thought it all in a cool way I can’t get my mind around)
Me: So how are you gonna get the correct version from the repo to the env and init the correct schema?
Dev: I haven’t thought about it yet.
Me: Are we gonna save each version to a file system then your code is going to fetch them?
Dev: I haven’t really thought about it we will see. But look on customer init user setup I implemented a password strength validation and it also checks if the password is the same.
So after this Pokémon encounter I politely closed teams. Stood up drank some (a lot) coffee ☕️. Put out the washed laundry while reflecting on life’s good things, while listening to classical music 🎼 .
Then I sat on my office chair drank some more coffee, put some linking park starting with in that order:
“Numb” then “What I’ve Done” and ended with “In the end, it does really fucking matter”
Top Tags
Weekly Rant
View