- Hello! Gordon's pizza?
- No sir it's Google's pizza.
- So it's a wrong number?
- No sir, Google bought it.
- OK. Take my order please ..
- Well sir, you want the usual?
- The usual? You know me?
- According to our caller ID, in the last 12 times, you ordered pizza with cheeses, sausage, thick crust
- OK! This is it
- May I suggest to you this time ricotta, arugula with dry tomato?
- No, I hate vegetables
- But your cholesterol is not good
- How do you know?
- Through the subscribers guide. We have the result of your blood tests for the last 7 years
- Okay, but I do not want this pizza, I already take medicine
- You have not taken the medicine regularly, 4 months ago, you only purchased a box with 30 tablets at Drugsale Network
- I bought more from another drugstore
- It's not showing on your credit card
- I paid in cash
- But you did not withdraw that much cash according to your bank statement
- I have other source of cash
- This is not showing as per you last Tax form unless you got it from undeclared income source
-WHAT THE HELL? Enough! I'm sick of Google, Facebook, twitter, WhatsApp. I'm going to an Island without internet,where there is no cell phone line and no one to spy on me
- I understand sir, but you need to renew your passport as it has expired 5 weeks ago..

I’m a senior dev at a small company that does some consulting. This past October, some really heavy personal situation came up and my job suffered for it. I raised the flag and was very open with my boss about it and both him and my team of 3 understood and were pretty cool with me taking on a smaller load of work while I moved on with some stuff in my life. For a week.

    Right after that, I got sent to a client. “One month only, we just want some presence there since it’s such a big client” alright, I guess I can do that. “You’ll be in charge of a team of a few people and help them technically.” Sounds good, I like leading!

    So I get here. Let’s talk technical first: from being in a small but interesting project using Xamarin, I’m now looking at Visual Basic code, using Visual Studio 2010. Windows fucking Forms.

    The project was made by a single dev for this huge company. She did what she could but as the requirements grew this thing became a behemoth of spaghetti code and User Controls. The other two guys working on the project have been here for a few months and they have very basic experience at the job anyways. The woman that worked on the project for 5 years is now leaving because she can’t take it anymore.

    And that’s not the worse of it. It took from October to December for me to get a machine. I literally spent two months reading on my cellphone and just going over my shitty personal situation for 8 hours a day. I complained to everyone I could and nothing really worked.

    Then I got a PC! But wait… no domain user. Queue an extra month in which I could see the Windows 7 (yep) log in screen and nothing else. Then, finally! A domain user! I can log in! Just wait 2 extra weeks for us to give your user access to the subversion rep and you’re good to go!

    While all of this went on, I didn’t get an access card until a week ago. Every day I had to walk to the reception desk, show my ID and request they call my boss so he could grant me access. 5 months of this, both at the start of the day and after lunch. There was one day in particular, between two holidays, in which no one that could grant me access was at the office. I literally stood there until 11am in which I called my company and told them I was going home.

    Now I’ve been actually working for a while, mostly fixing stuff that works like crap and trying to implement functions that should have been finished but aren’t even started. Did I mention this App is in production and being used by the people here? Because it is. Imagine if you will the amount of problems that an application that’s connecting to the production DB can create when it doesn’t even validate if the field should receive numeric values only. Did I mention the DB itself is also a complete mess? Because it is. There’s an “INDEXES” tables in which, I shit you not, the IDs of every other table is stored. There are no Identity fields anywhere, and instead every insert has to go to this INDEXES table, check the last ID of the table we’re working on, then create a new registry in order to give you your new ID. It’s insane.

   

    And, to boot, the new order from above is: We want to split this app in two. You guys will stick with the maintenance of half of it, some other dudes with the other. Still both targeting the same DB and using the same starting point, but each only working on the module that we want them to work in. PostmodernJerk, it’s your job now to prepare the app so that this can work. How? We dunno. Why? Fuck if we care. Kill you? You don’t deserve the swift release of death.

    Also I’m starting to get a bit tired of comments that go  ‘THIS DOESN’T WORK and ‘I DON’T KNOW WHY WE DO THIS BUT IT HELPS and my personal favorite  ‘??????????????????????

Hello! Is this Gordon’s Pizza?

No sir, it’s Google’s Pizza.

Did I dial the wrong number?

No sir, Google bought the pizza store.

Oh, alright - then I’d like to place an order please.

Okay sir, do you want the usual?

The usual? You know what my usual is?

According to the caller ID, the last 15 times you’ve ordered a 12-slice with double-cheese, sausage, and thick crust.

Okay - that’s what I want this time too.

May I suggest that this time you order an 8-slice with ricotta, arugula, and tomato instead?

No, I hate vegetables.

But your cholesterol is not good.

How do you know?

Through the subscribers guide. We have the results of your blood tests for the last 7 years.

Maybe so, but I don’t want the pizza you suggest – I already take medicine for high cholesterol.

But you haven’t taken the medicine regularly. 4 months ago you purchased from Drugsale Network a box of only 30 tablets.

I bought more from another drugstore.

It’s not showing on your credit card sir.

I paid in cash.

But according to your bank statement you did not withdraw that much cash.

I have another source of cash.

This is not showing on your last tax form, unless you got it from an undeclared income source.

WHAT THE HELL? ENOUGH! I’m sick of Google, Facebook, Twitter, and WhatsApp. I’m going to an island without internet, where there’s no cellphone line, and no one to spy on me …

I understand sir, but you’ll need to renew your passport … it expired 5 weeks ago.

How I went from loving my job to wishing i dont wake up tomorrow just to avoid it.

Ive been a backend dev in the company im at for 2 years now.

First year was a blast, i loved my work so much, I used to get so many random features to do, bug fixes, campaigns, analytics, etc..

Second year i started getting familiar with the part of the code that has to do with Search in our music streaming app. Nobody wanted to work on it, so i wanted to take initiative and start doing a few tasks.

A few tasks turned into sprints, and sprints turned into months worth of sprints. And because the code was the definition of tech debt, and because it was so messed up that changing one thing can blow up everything else, working on Search was not too fun.

However, people seemed to be happy search tasks are no longer piling up and someone is handling them so that used to make me feel good about it. They also gave me so much freedom and i felt like my own manager because no one told me what to do (not even my actual manager) they just let me be and were happy i was handling the part they want nothing to do with. I was also given an intern to mentor and have her work on Search tasks with me which turned out amazing.

During the last few months, I completely rewrote search, made it 10 times more performant in such a neat way, made an inhouse dashboard to automate certain tasks so we wont need to waste developers on them (all of which were extra effort on my own time without being asked), all meanwhile still tending to the fixes of the old implementation.

I felt so accomplished, and in a way, i felt like a lead (even tho im not managing any employees, i had so much freedom and I was literally responsible for everything about Search and if i decide to play with the sprint task order i can even do that).

Then 6 or so weeks ago my manager left the company, and while i thought id be a standalone team / person (single person teams are not uncommon in the company) i was instead put under someone else. Someone who likes to micro manage the fuck out of me. I have been happy working on shit code because it was my baby, my project, no one interferes and no one tells me what to do and everyone would call me the search lead (unofficially). now if i dont report to that guy every two hours he calls to see if im working. preplans sprints i no longer have a say in, and im the only dev who knows the code so all tasks go to me. I feel i got demoted so fucking much. I felt like a lead on a project and now im back to being a normal code minion. From deciding everything about a project to blindly following a some irrelevant manager's opinion. (who btw is making Search worse) And after all the extra effort i put in, after actually caring, after actually embracing Search as my responsibility i get rewarded with losing everything i liked about my job...My Independence. From feeling like a lead to feeling demoted. I am so demotivated.

I love the company, but this is hell for me and this made me hate a job i always loved. I am thinking of talking to the CTO asking to work on other stuff because i no longer want this. If i am to be a code minion at least let it be on code i like, let me go back to dealing with PMs, fuck my new manager I dont wanna work with that guy he can take the project along with all its poopoo.

So, here's how online payment works in my country:

1. The selling website creates a hidden <form> and populates it with product ID, price and etc.

2. Some Javascript posts the mentioned form to the bank from the browser.

3. User enters credit info, and submits. If all is right, the bank creates another hidden <form>, and populates is with status code and an invoice ID.

4. Said form is then posted back to the selling website.

I don't know how the programmers behind this scenario call themselves programmers if they don't know basic things about server-side only verifications, but thanks to them I've been buying a lot of products for free these past years. 😂😂

How? 1. Just install Requestly, Tampermonkey and enable Chrome's dev tools.
2. Change price to zero, and the bank's response code to success.
3. Profit!

P. S. I have notified the people behind this, but they don't listen and go fix their codes. Oh well, serves them right.

Welcome back to practiseSafeHex's new life as a manager.

Episode 2: Why automate when you can spend all day doing it by hand

This is a particularly special episode for me, as these problems are taking up so much of my time with non-sensical bullshit, that i'm delayed with everything else. Some badly require tooling or new products. Some are just unnecessary processes or annoyances that should not need to be handled by another human. So lets jump right in, in no particular order:

- Jira ... nuff said? not quite because somehow some blue moon, planets aligning, act of god style set of circumstances lined up to allow this team to somehow make Jira worse. On one hand we have a gigantic Jira project containing 7 separate sub teams, a million different labels / epics and 4.2 million possible assignees, all making sure the loading page takes as long as possible to open. But the new country we've added support for in the app gets a separate project. So we have product, backend, mobile, design, management etc on one, and mobile-country2 on another. This delightfully means a lot of duplication and copy pasting from one to the other, for literally no reason what so ever.

- Everything on Jira is found through a label. Every time something happens, a new one is created. So I need to check for "iOS", "Android", "iOS-country2", "Android-country2", "mobile-<feature>", "mobile-<feature>-issues", "mobile-<feature>-prod-issues", "mobile-<feature>-existing-issues" and "<project>-July31" ... why July31? Because some fucking moron decided to do a round of testing, and tag all the issues with the current date (despite the fact Jira does that anyway), which somehow still gets used from time to time because nobody pays attention to what they are doing. This means creating and modifying filters on a daily basis ... after spending time trying to figure out what its not in the first one.

- One of my favourite morning rituals I like to call "Jira dumpster diving". This involves me removing all the filters and reading all the tickets. Why would I do such a thing? oh remember the 9000 labels I mentioned earlier? right well its very likely that they actually won't use any of them ... or the wrong ones ... or assign to the wrong person, so I have to go find them and fix them. If I don't, i'll get yelled at, because clearly it's my fault.

- Moving on from Jira. As some of you might have seen in your companies, if you use things like TestFlight, HockeyApp, AppCenter, BuddyBuild etc. that when you release a new app version for testing, each version comes with an automated change-log, listing ticket numbers addressed ...... yeah we don't do that. No we use this shitty service, which is effectively an FTP server and a webpage, that only allows you to host the new versions. Sending out those emails is all manual ... distribution groups?? ... whats that?

- Moving back to Jira. Can't even automate the changelog with a script, because I can't even make sense of the tickets, in order to translate that to a script.

- Moving on from Jira. Me and one of the remote testers play this great game I like to call "tag team ticketing". It's so much fun. Right heres how to play, you'll need a QA and a PM.

*QA creates a ticket, and puts nothing of any use inside it, and assigns to the PM.
*PM fires it back asking for clarification.
*QA adds in what he feels is clarification (hes wrong) and assigns it back to the PM.
*PM sends detailed instructions, with examples as to what is needed and assigns it back.
*QA adds 1 of the 3 things required and assigns it back.
*PM assigns it back saying the one thing added is from the wrong day, and reminds him about the other 2 items.
*QA adds some random piece of unrelated info to the ticket instead, forgetting about the 3 things and assigns it back.

and you just continue doing this for the whole dev / release cycle hahaha. Oh you guys have no idea how much fun it is, seriously give it a go, you'll thank me later ... or kill yourselves, each to their own.

- Moving back to Jira. I decided to take an action of creating a new project for my team (the mobile team) and set it up the way we want and just ignore everything going on around us. Use proper automation, and a kanban board. Maybe only give product a slack bot interface that won't allow them to create a ticket without what we need etc. Spent 25 minutes looking for the "create new project" button before finding the link which says I need to open a ticket with support and wait ... 5 ... fucking ... long ... painful ... unnecessary ... business days.

... Heres hoping my head continues to not have a bullet hole in it by then.

Id love to talk more, but those filters ain't gonna fix themselves. So we'll have to leave it here for today. Tune in again for another episode soon.

And remember to always practiseSafeHex

Worst dev team failure I've experienced?

One of several.

Around 2012, a team of devs were tasked to convert a ASPX service to WCF that had one responsibility, returning product data (description, price, availability, etc...simple stuff)
No complex searching, just pass the ID, you get the response.

I was the original developer of the ASPX service, which API was an XML request and returned an XML response. The 'powers-that-be' decided anything XML was evil and had to be purged from the planet. If this thought bubble popped up over your head "Wait a sec...doesn't WCF transmit everything via SOAP, which is XML?", yes, but in their minds SOAP wasn't XML. That's not the worst WTF of this story.

The team, 3 developers, 2 DBAs, network administrators, several web developers, worked on the conversion for about 9 months using the Waterfall method (3~5 months was mostly in meetings and very basic prototyping) and using a test-first approach (their own flavor of TDD). The 'go live' day was to occur at 3:00AM and mandatory that nearly the entire department be on-sight (including the department VP) and available to help troubleshoot any system issues.

3:00AM - Teams start their deployments
3:05AM - Thousands and thousands of errors from all kinds of sources (web exceptions, database exceptions, server exceptions, etc), site goes down, teams roll everything back.

3:30AM - The primary developer remembered he made a last minute change to a stored procedure parameter that hadn't been pushed to production, which caused a side-affect across several layers of their stack.

4:00AM - The developer found his bug, but the manager decided it would be better if everyone went home and get a fresh look at the problem at 8:00AM (yes, he expected everyone to be back in the office at 8:00AM).

About a month later, the team scheduled another 3:00AM deployment (VP was present again), confident that introducing mocking into their testing pipeline would fix any database related errors.

3:00AM - Team starts their deployments.
3:30AM - No major errors, things seem to be going well. High fives, cheers..manager tells everyone to head home.
3:35AM - Site crashes, like white page, no response from the servers kind of crash. Resetting IIS on the servers works, but only for around 10 minutes or so.
4:00AM - Team rolls back, manager is clearly pissed at this point, "Nobody is going fucking home until we figure this out!!"
6:00AM - Diagnostics found the WCF client was causing the server to run out of resources, with a mix of clogging up server bandwidth, and a sprinkle of N+1 scaling problem. Manager lets everyone go home, but be back in the office at 8:00AM to develop a plan so this *never* happens again.

About 2 months later, a 'real' development+integration environment (previously, any+all integration tests were on the developer's machine) and the team scheduled a 6:00AM deployment, but at a much, much smaller scale with just the 3 development team members.

Why? Because the manager 'froze' changes to the ASPX service, the web team still needed various enhancements, so they bypassed the service (not using the ASPX service at all) and wrote their own SQL scripts that hit the database directly and utilized AppFabric/Velocity caching to allow the site to scale. There were only a couple client application using the ASPX service that needed to be converted, so deploying at 6:00AM gave everyone a couple of hours before users got into the office. Service deployed, worked like a champ.

A week later the VP schedules a celebration for the successful migration to WCF. Pizza, cake, the works. The 3 team members received awards (and a envelope, which probably equaled some $$$) and the entire team received a custom Benchmade pocket knife to remember this project's success. Myself and several others just stared at each other, not knowing what to say.

Later, my manager pulls several of us into a conference room
Me: "What the hell? This is one of the biggest failures I've been apart of. We got rewarded for thousands and thousands of dollars of wasted time."
<others expressed the same and expletive sediments>
Mgr: "I know..I know...but that's the story we have to stick with. If the company realizes what a fucking mess this is, we could all be fired."
Me: "What?!! All of us?!"
Mgr: "Well, shit rolls downhill. Dept-Mgr-John is ready to fire anyone he felt could make him look bad, which is why I pulled you guys in here. The other sheep out there will go along with anything he says and more than happy to throw you under the bus. Keep your head down until this blows over. Say nothing."

Example #1 of ??? Explaining why I dislike my coworkers.

[Legend]
VP: VP of Engineering; my boss’s boss. Founded the company, picked the CEO, etc.
LD: Lead dev; literally wrote the first line of code at the company, and has been here ever since.
CISO: Chief Information Security Officer — my boss when I’m doing security work.

Three weeks ago (private zoom call):
> VP to me: I want you to know that anything you say, while wearing your security hat, goes. You can even override me. If you need to hold a release for whatever reason, you have that power. If I happen to disagree with a security issue you bring up, that’s okay. You are in charge of release security. I won’t be mad or hold it against you. I just want you to do your job well.

Last week (engineering-wide meeting):
> CISO: From now on we should only use external IDs in urls to prevent a malicious actor from scraping data or automating attacks.
> LD: That’s great, and we should only use normal IDs in logging so they differ. Sounds more secure, right?
> CISO: Absolutely. That way they’re orthogonal.
> VP: Good idea, I think we should do this going forward.

Last weekend (in the security channel):
> LD: We should ONLY use external IDs in urls, and ONLY normal IDs in logging — in other words, orthogonal.
> VP: I agree. It’s better in every way.

Today (in the same security channel):
> Me: I found an instance of using a plain ID in a url that cancels a payment. A malicious user with or who gained access to <user_role> could very easily abuse this to cause substantial damage. Please change this instance and others to using external IDs.
> LD: Whoa, that goes way beyond <user_role>
> VP: You can’t make that decision, that’s engineering-wide!

Not only is this sane security practice, you literally. just. agreed. with this on three separate occasions in the past week, and your own head of security also posed this before I brought it up! And need I remind you that it is still standard security practice!?

But nooo, I’m overstepping my boundaries by doing my job.

Fucking hell I hate dealing with these people.

I'm 20, and I consider myself to be as junior as they come. I only started programming seriously in June 2016,and since then, I've been doing mainly Android Work, and making my own servers and backends(using AWS/Firebase nd stuff).
For the first time in life, I was approached by a recruiter for a company on linkedIn. They "stumbled upon" my Github profile and wanted to see if I was interested in an internship opportunity. This company is an early stage start up, by that I mean a dude with an idea calling himself the CEO and a guy who "runs a tech blog" and only knows college level C programming (explaination follows).

So they want me to make the app for their startup. and for that, I ws first asked to solve a couple problems to prove my competence and a "technical interview" followed.
They gave me 3 questions, all textbook, GCD of 2 numbers, binary search and Adding an element to the linked List, code to be written on a piece of paper. As the position was that of an Android Developer, I assumed that Java should be the language of choice. Assumed because when I asked, the 'tech blogger' said, yeah whatever.
But wait, that ain't all, as soon as I was done, Mr. Blogger threw a fit, saying I shouldn't assume and that I must write it in C. I kept my cool (I'm not the most patient person), and wrote the whole thing in C.
He read it, and asked me what I've written and then told me how wrong I was to write 2 extra lines instead of recursion for GCD. I explained that with numbers large enough, we run the risk of getting a stackoverflow and it's best to apply non recursive solution if possible. He just heard stackoverflow and accused me of cheating. I should have left right then, but I don't know why, I apologized and again, in detail explained what was happening to this fucktard. Once this was done, He asked me how, if I had to, I'd use this exact code in my Android App. I told him that Id rather write this in Java/Kotlin since those are the languages native to Android apps. I also said that I'd export these as a Library and use JNI for the task. (I don't actually know how, I figured I can study if I have to).
Here's his reply, "WTF! We don't want to make the app in Java, we will use C (Yeh, not C++, C). and Don't use these fancy TOOLS like JNI or Kotlin in front of me, make a proper application."
By this I was clear that this guy is not fit to be technical lead and that I should leave. I said, "Sir, I don't know how, if even possible, can we make an Android App purely in C. I am sorry, but this job is not for me".
I got up and was about to leave the room, when we said, "Yeah okay, I was just testing you".
Yeah right, the guy's face looked like a howling monkey when I said Library for C, and It has been easier for me to explain code to my 10 year old cousin that this dumbfuck.
He then proceeded to ask me about my availability, and I said that I can at max to 15-20 hours a week since my college schedule is pretty tight. I asked me to get him a prototype in 2 months and also offered me a full time job after I graduate. (That'd be 2 years from now). I said thank you for the offer, but I am still not sure of I am the right person for this job.
He then said, "Oh you will be when I tell you your monthly stipend."
I stopped for a second, because, money.
And then he proceeded to say 2 words which made me walk out without saying a single word.
"One Thousand".

I live in India, 1000 INR translates to roughly $15. I made 25 times that by doing nothing more than add a web view to an activity and render a company's responsive website in it so it looks like an app.

If this wasn't enough, the recruiter later had the audacity to blame me for it and tell me how lucky I am to even get an offer "so good".
Fuck inexperienced assholes trying shit they don't understand and thinking that the other guy is shitsworth.

Day 1 10:00 am
Login to email account (Zimbra)
Your password is incorrect (I entered it correctly, this was a permanent issue ,used to happen in the company with many employees)
Reset your password by logging into internal company portal.

11:00 am
Logged into company portal, somehow. 2 Mbps internet shared among 104 people, you can imagine the speed.
Reset email password
* your password has been sent to your email id*
Are you fucking kidding me? U have emailed me the password to the same email I can't log in to?
Where did the architecture designer get this top notch weed from?

Day 2
Asked HR to reset my password (using a colleague's email)

Day 3
No reply from HR yet

Day 4
I went to meet HR, she's on vacation. So they have 1 person managing the password reset, for 5000 people with no backup person. Cool.

Day 5
Your internal company password has expired. Check your email for link to create new password. This is some next level shit going on.

Day 6
I called up Internal IT team to generate a new email for me.
They asked me to raise a ticket.
I can't raise a ticket because the only way to do so, is through the portal.

Day 7
Nothing. Btw, personal email and all social networks were banned. You can't even open stackoverflow.
And this was a research lab, amazing huh?

Day 8
Loss of pay for 4 days since I can't login to company portal to fill timesheet.

Day 9
HR comes back. Resets my password.
I try to generate my new password for portal.
The password policy:
Password can't be same as last 10 passwords
Passwords expire every week
8 characters minimum, 2 upper case, 2 lower case, NO SPECIAL SYMBOL. WTF. How long do u think its gonna take to crack that?

Fuckers had a company wise policy to automatically lock PC every 1 min if not used. Who the fuck can keep on using it continuously! I'm reading an article, and bam ! Locked. 2 wrong entries and that's it, repeat all steps again. Fuckers really didn't want to let me do my job, just keep on logging in all day.

Root encounters HR at her new job.

So, I left my job a few weeks ago. I was pretty sad about it, so I didn't want to write anything about it. It was a great place to work, with great managers, decent coworkers, and interesting work. I also had free reign over how I built things, what to improve, etc. Within about four months, I authored over half of the total commits on their backend repo, added a testing suite with 90% coverage, significantly improved the security (more accurately: added security), etc. but I got a job offer that allowed me to work remotely, and make well over six figures (usd). I couldn't turn it down, even though I wanted to. So, I left. I'm still genuinely sad about that. I had emotions and everything. 🙁 I stayed on long enough to finish the last of the features for their new product launch, and make sure everything was stable. I'm welcome back whenever, though they don't want to have remote employees, and I want to move, so. that's probably not going to happen. sigh.

Anyway, I started my new job this week. Rented an office (read: professional closet) and everything! It's been veritable mountains of HR paperwork so far. That's all I've done besides some accounts setup. I've seriously only worked on and completed one ticket so far in two and a half days, and I still have six documents/contracts to sign! (and benefits; that'll probably take my weekend.)

But getting an I9 thing notarized? Apparently I only have three days before I'm legally unemployable by them or something, idk. HR made it sound ridiculously dire and important, and reminded me like five or more times. I figured it was just some notary service; that takes like 10 minutes, right? So I put it off until my second day so I didn't have to disappear in the middle of my first day. Anyway, I called a bunch of notary services on day 2, and apparently only like 5% of them both do notary services this time of year and aren't booked full. And of those, probably another 5% will notarize I9 documents.. No idea why it's rare, but whatever, I'm not a notary.

The HR lady assured me that I didn't need any special documents; I should just go there, present my IDs, and the notary will provide or draft documents for everything else. Totally doesn't sound right, but fine; I'm not a notary nor will I ever work in HR, so I'm not very knowledgeable about this. So, against my better judgement I decided to just go anyway. I called around and finally found a place that wasn't closed, busy, or refusing, and drove over there. Waited. Waited. Waited. Notary lady was super slow in every single action. (I should mention that it's now 10am, and I have a meeting with the Senior VP of Engineering [a stern, stubborn old goat who enjoys making people feel inadequate] at 12:30pm.) The notary lady looks like she's an npc updating in slow motion (maybe at 0.25x speed?) and can't seem to understand what I need. Eventually, she tells me exactly what I had assumed: if there's no document, she can't notarize said document, and she doesn't have an I9 for the company I'm trying to work for. (like, duh.) So I thank her for proving the flow of time is variable, which she ignores in slow motion, and drive back home. It's now about 11.

I message the same HR lady, and the useless wench gawks in surprise and says she's never heard of that ridiculous request before. It took prodding to get her to respond every time, but after some (very slow) back and forth, she says she wants to call the notary personally and ask what they need. I waited around for another response that never came, and eventually just drove to the notary place again to have them notarize the required ID documents. That plus my chat history with HR should be enough to show that I bloody well tried, and HR just shit the bed instead. I finally got them notarized at like 12:10, and totally broke the speed limit the entire way to the office, found the last remaining parking spot, and made it to my office just in time for the meeting. seriously, less than two minutes to spare. Meeting was interesting (mostly about security), but totally made me facepalm, shout "Seriously!? What the hell are you thinking!?" and make slapping motions at some of the people talking. I will probably rant about that next.

But anyway, I'm willing to bet that the useless wench won't get back to me before the notary closes, if at all, and will somehow try to blame it completely on me if I bring it up again. Passive aggressive bitch. She's probably thinking: "If I don't help her with these mandatory legal processes, it'll be her fault she didn't get them done in time. I mean, they're so easy! She's just doing it wrong." I fucking hate HR.

So this shit happened today...

We were asked to implement a functionality on the device that allows it to go to standby mode to save battery power. Once the device enters that state, it can only be woken up by actual bus-network activity, and usually that means connecting a shit-ton of wiring harness and network emulation devices... Before implementing and releasing the device software that does this, we told that fucktard customer how difficult it would be for him to connect to the device without such a setup. He seemed to be fine with it and said rather arrogantly that we should implement the requirement as asked...

Well okay you cock-sucking motherfucker, you'll get exactly what you asked for... We implement the functionality and deliver the software...

Now this pile of shit comes back running his mouth on how the device tears down all its interfaces (to reduce power consumption) and he can't connect to the device anymore.... Well what else were you expecting you dickhead.
To make things worse for me apparently he runs to the manager describing his apparent problem. Both of them come to my desk.. With that fucking Bastard hiding his smugly mug behind the manager's back... He thought he was going to have the upper hand... Well guess what fucked piece of shit, I came prepared... I showed the manager how this was a part of the requirements by throwing that JIRA ID in their faces... The manager seems to understand but this relentless fuck wanted me to implement a "workaround" that would allow him to connect to the device easily... The manager almost had me implement that workaround, when I expose a huge security flaw in doing so. Guess what, now the entire team comes to my desk and start supporting my statement... To make it better they also tell how doing so will violate other requirements...

I've never felt so happy in my entire fucking career, when the entire team stood by me and watched that asshole drag his sorry ass back to his place

So, some time ago, I was working for a complete puckered anus of a cosmetics company on their ecommerce product. Won't name names, but they're shitty and known for MLM. If you're clever, go you ;)

Anyways, over the course of years they brought in a competent firm to implement their service layer. I'd even worked with them in the past and it was designed to handle a frankly ridiculous-scale load. After they got the 1.0 released, the manager was replaced with some absolutely talentless, chauvinist cuntrag from a phone company that is well known for having 99% indian devs and not being able to heard now. He of course brought in his number two, worked on making life miserable and running everyone on the team off; inside of a year the entire team was ex-said-phone-company.

Watching the decay of this product was a sheer joy. They cratered the database numerous times during peak-load periods, caused $20M in redis-cluster cost overrun, ended up submitting hundreds of erroneous and duplicate orders, and mailed almost $40K worth of product to a random guy in outer mongolia who is , we can only hope, now enjoying his new life as an instagram influencer. They even terminally broke the automatic metadata, and hired THIRTY PEOPLE to sit there and do nothing but edit swagger. And it was still both wrong and unusable.

Over the course of two years, I ended up rewriting large portions of their infra surrounding the centralized service cancer to do things like, "implement security," as well as cut memory usage and runtimes down by quite literally 100x in the worst cases.

It was during this time I discovered a rather critical flaw. This is the story of what, how and how can you fucking even be that stupid. The issue relates to users and their reports and their ability to order.

I first found this issue looking at some erroneous data for a low value order and went, "There's no fucking way, they're fucking stupid, but this is borderline criminal." It was easy to miss, but someone in a top down reporting chain had submitted an order for someone else in a different org. Shouldn't be possible, but here was that order staring me in the face.

So I set to work seeing if we'd pwned ourselves as an org. I spend a few hours poring over logs from the log service and dynatrace trying to recreate what happened. I first tested to see if I could get a user, not something that was usually done because auth identity was pervasive. I discover the users are INCREMENTAL int values they used for ids in the database when requesting from the API, so naturally I have a full list of users and their title and relative position, as well as reports and descendants in about 10 minutes.

I try the happy path of setting values for random, known payment methods and org structures similar to the impossible order, and submitting as a normal user, no dice. Several more tries and I'm confident this isn't the vector.

Exhausting that option, I look at the protocol for a type of order in the system that allowed higher level people to impersonate people below them and use their own payment info for descendant report orders. I see that all of the data for this transaction is stored in a cookie. Few tests later, I discover the UI has no forgery checks, hashing, etc, and just fucking trusts whatever is present in that cookie.

An hour of tweaking later, I'm impersonating a director as a bottom rung employee. Score. So I fill a cart with a bunch of test items and proceed to checkout. There, in all its glory are the director's payment options. I select one and am presented with:

"please reenter card number to validate."

Bupkiss. Dead end.

OR SO YOU WOULD THINK.

One unimportant detail I noticed during my log investigations that the shit slinging GUI monkeys who butchered the system didn't was, on a failed attempt to submit payment in the DB, the logs were filled with messages like:

"Failed to submit order for [userid] with credit card id [id], number [FULL CREDIT CARD NUMBER]"

One submit click later and the user's credit card number drops into lnav like a gatcha prize. I dutifully rerun the checkout and got an email send notification in the logs for successful transfer to fulfillment. Order placed. Some continued experimentation later and the truth is evident:

With an authenticated user or any privilege, you could place any order, as anyone, using anyon's payment methods and have it sent anywhere.

So naturally, I pack the crucifixion-worthy body of evidence up and walk it into the IT director's office. I show him the defect, and he turns sheet fucking white. He knows there's no recovering from it, and there's no way his shitstick service team can handle fixing it. Somewhere in his tiny little grinchly manager's heart he knew they'd caused it, and he was to blame for being a shit captain to the SS Failboat. He replies quietly, "You will never speak of this to anyone, fix this discretely." Straight up hitler's bunker meme rage.

Long story short, I'm unofficially the hacker at our office... Story time!

So I was hired three months ago to work for my current company, and after the three weeks of training I got assigned a project with an architect (who only works on the project very occasionally). I was tasked with revamping and implementing new features for an existing API, some of the code dated back to 2013. (important, keep this in mind)

So at one point I was testing the existing endpoints, because part of the project was automating tests using postman, and I saw something sketchy. So very sketchy. The method I was looking at took a POJO as an argument, extracted the ID of the user from it, looked the user up, and then updated the info of the looked up user with the POJO. So I tried sending a JSON with the info of my user, but the ID of another user. And voila, I overwrote his data.

Once I reported this (which took a while to be taken seriously because I was so new) I found out that this might be useful for sysadmins to have, so it wasn't completely horrible. However, the endpoint required no Auth to use. An anonymous curl request could overwrite any users data.

As this mess unfolded and we notified the higher ups, another architect jumped in to fix the mess and we found that you could also fetch the data of any user by knowing his ID, and overwrite his credit/debit cards. And well, the ID of the users were alphanumerical strings, which I thought would make it harder to abuse, but then realized all the IDs were sequentially generated... Again, these endpoints required no authentication.

So anyways. Panic ensued, systems people at HQ had to work that weekend, two hot fixes had to be delivered, and now they think I'm a hacker... I did go on to discover some other vulnerabilities, but nothing major.

It still amsues me they think I'm a hacker 😂😂 when I know about as much about hacking as the next guy at the office, but anyways, makes for a good story and I laugh every time I hear them call me a hacker. The whole thing was pretty amusing, they supposedly have security audits and QA, but for five years, these massive security holes went undetected... And our client is a massive company in my country... So, let's hope no one found it before I did.

"So you need access to the test server?"
Me:"Yes"
"Please fill these 800000000 forms,sign here,get your blood sample,your ID ,your right kidney,letter of approval from your boss,...."

Fuuuuuuuck!!!! I just want to change only 3 lines of code!!!!!!

- Hello! Gordon's pizza?
- No sir it's Google's pizza.
- So it's a wrong number?
- No sir, Google bought it.
- OK. Take my order please ..
- Well sir, you want the usual?
- The usual? You know me?
- According to our caller ID, in the last 12 times, you ordered pizza with cheeses, sausage, thick crust
- OK! This is it
- May I suggest to you this time ricotta, arugula with dry tomato?
- No, I hate vegetables
- But your cholesterol is not good
- How do you know?
- Through the subscribers guide. We have the result of your blood tests for the last 7 years
- Okay, but I do not want this pizza, I already take medicine
- You have not taken the medicine regularly, 4 months ago, you only purchased a box with 30 tablets at Drugsale Network
- I bought more from another drugstore
- It's not showing on your credit card
- I paid in cash
- But you did not withdraw that much cash according to your bank statement
- I have other source of cash
- This is not showing as per you last Tax form unless you got it from undeclared income source
-WHAT THE HELL? Enough! I'm sick of Google, Facebook, twitter, WhatsApp. I'm going to an Island without internet,where there is no cell phone line and no one to spy on me
- I understand sir, but you need to renew your passport as it has expired 5 weeks ago..

Fuck you idiots at medium.com for your sheer impudence. Not only that you track me, which I havn't agreed to, you think it's a good idea to nag around and gather even more data!
You stinking farts label your stalking as "let's make things official"! Who shit in your head?
I've seen other places way more often, and guess what, no coffee bar has ever had the idea to ask for my ID card just because I bought my second or third coffee there.
But just because it's the internet you think it's OK to be intrusive wankers, yeah?! Fuck off.

I love Linux, but its community can be so full of incompetent assholes..

Just now I asked in Freenode ##linux how to get the process ID of my current running process in bash. I got my answer - it's a shell built-in called "$$".

Then people start to nitpick some more - why do you need it? How is that different from an exit? - to which my response was.. well I know the whole idea behind exit codes, and I'd use it whenever possible, in all defined behavior that allows my program to terminate itself whenever it can. This pidfile however would be used to exit itself and provide diagnostic information whenever the program enters undefined behavior - a segfault in C language. Scenarios in which I don't have full control over the script's behavior anymore, such as the system entering an unworkable state where the system stalled, still got some binaries in RAM but the rootfs got unwritable, such as now - very helpfully, thanks HP! - when my laptop likely overheated and shat itself. I issued sudo reboot into it, but even that wouldn't issue properly anymore due to the /sbin/poweroff binary becoming inaccessible too. I had to issue a hard power cycle.. one of the few times in which I'm thankful to HP for actually causing shit like this, lol.

Point is, that undefined behavior is what I'm trying to mitigate against. I certainly can't let any files other than diagnostics remain in nonvolatile storage like that, especially when their state should be predictable in order to ensure good operation (like files expressing whether the script is already running or not, i.e. lock files).

Back to that IRC chat. Aside from the answer, I got ridicule from people who probably don't even know how to properly compile a kernel. Ubuntu users, overconfident scum. Sometimes I feel like I should ask questions in channels like #archlinux only, where such incompetency is ridiculed on its own.

WordPress related, get ready for some disgust.

So today early in the morning my boss forwarded me an email from a client, it was about a bug, and asked me if I can have a look at it and fix it.
"Yaay, WordPress!" I thought and opened the page containing the mentioned bug. She wrote that in the italian version of the page, users can select dates in the calendar, which should be disabled, like in the german version.

So yeah, I opened the code. Everything in the function looked perfect. Really. And the Data was also correctly set in the backend of WP.

The function was only 3 lines of code:

- Get the german post ID of the current post (german or italian) by its ID (using a Polylang function)

- Get an Advanced Custom Fields field by name and from a post with the ID from before

- json_encode its content and echo it to a JS var for initialization and later use in some AngularJS.

No fucking missing semicolon, it was fucking perfect like a sunset with your soulmate.

So I tried to find the bug with my personal way of debugging:

"Shitstream Debugging"
When a creek suddenly is full of water mixed with shit, walk upstream through the turds until you reach clear water. This is where the bug is.

=> So I first looked at the HTML source: Turds.
=> Then the ACF field content: Still turds.
=> Then the ID of the german post: Shit stain and turds (var_dump: null)
=> Please god at least $post->ID? Nope, fart smell and turds.
=> Nothing more to check: Clear fucking water and the flowery smell of 99 devVirgins

So it replaced $post->IT with get_the_ID() and it worked like a charm.

Afterwards I feel stupid, but $post->IT worked all the times before...

Conclusion:
FUCK YOU WORDPRESS YOU UGLY PIECE OF HUMAN-CENTIPEDE-PROCESSED-DOGFART.

Thanks for your patience.
Only one beer was sucked dry during the writing of this fucking rant.

Ok, so when I inherit a Wordpress site I've really stopped expecting anything sane. Examples: evidence that the Wordpress "developer" (that term is used in the loosest sense possible) has thought about his/her code or even evidence that they're not complete idiots who wish to make my life hell going forwards.

Have a look at the screen shot below - this is from the theme footer, so loaded on every page. The screenshot only shows a small part of the file. IT LITERALLY HAS 3696 lines.

Firstly, lets excuse the frankly eye watering if statement to check for the post ID. That made me face palm myself immediately.

The insanity comes for the thousands of lines of JQuery code, duplicated to hell and back that changes the color of various dividers - that are scattered throughout the site.

To make things thousands of times worse, they are ALL HANDED CODED.

Even if JavaScript was the only way I could format these particular elements I certainly wouldn't duplicate the same code for every element. After copy and pasting that JQuery a couple of times and normal developer would think one word, pretty quickly - repetition.

When a good developer notes repetition ways to abstract crap away is the first thought that comes to mind.

Hell, when I was first learning to code god knows how long ago I always used functions to avoid repetition.

In this case, with a few seconds though this "developer" could have created a single JQuery handler and use data attributes within the HTML. Hell, as bad as that is, it's better than the monstrosity I'm looking at now.

I'm aware Wordpress is associated with bad developers due to it's low barrier to entry, but this site is something else.

The scary thing is that I know the agency that produced this. They are very large, use Wordpress exclusively and have some stupidly huge clients that would be know nationally.

Wordpress truly does attract some of the most awful "developers" and deserves it's reputation.

If you're a good developer and use Wordpress I feel sorry for you, as you're in small numbers from my experience.

Rant over, have vented a bit and feel better. Thanks Devrant.

So woke up this morning and Paypal had just banned my account with no reason whatsoever. I only receive funds from 3 clients who I have been working with for a few years now. My account is already verified with my ID and utilities bill. Am a freelance so I depend on it. So it's a case of ' hey, we think you did something wrong, we are not going to tell you what but are banning you permanently and keeping your money for 6 months'. F piss of shit of a company.

SICK AND TIRED OF READABILITY VS. EFFICIENCY!!!!!!!

I HAD TO SEPARATE A 4 LOC JSON STRING, WHICH HAD AN ARRAY OF A SINGLE KEY-VALUE PAIRS (TOTAL OF 10 OBJECTS IN THE ARRAY).

ITS READABLE IF YOU KNOW JSON. HOW HARD IS TO READ JSON FORMAT IF YOU GET YOUR STYLE AND INDENTATION PROPERLY?!?

SO I HAD TO
BREAK THE POOR FREAKING JSON APART TO A FUCKING DIFFERENT YAML FILE FORMAT ONLY SO I CAN CALL IT FROM THERE TO THE MAIN CONTROLLER, ITERATE AND MANIPULATE ALL THE ID AND VALUES FROM YAML BACK TO MATCH THE EXPECTED JSON RESPONSE IN THE FRONT END.

THE WHOLE PROCESS TOOK ME ABOUT 15 MINUTES BUT STILL, THE FUCKING PRINCIPLE DRIVES ME INSANE.

WHY THE FUCK SHOULD I WASTE TIME AT AN ALREADY WORKING PIECE OF CODE, TO MAKE IT LESS EFFICIENT AND A SLIGHTLY BIT MORE READABLE?!? FML.

Linux is only free id your time has no value

If you discount all the usual sql injections the most blatant was not our but a system one customer switched to after complaining over cost.

The new system was a bit more bare bones featurewize but the real gem was the profile page for their customers.

The only security was an id param pointing to the users primary key, which was an auto incrementing integer :)

And not only could you access all customer data but you could change it to.

But since the new system was built by their it chief’s son we realized it was not much we could do.

dear api author at my company pt. 2:

If you're gonna create an api method that takes some arguments.

And one of those arguments is an array.

THEN MAKE THE FUCKING ARGUMENT'S NAME PLURAL YOU FUCKING PIECE OF SHIT.

REPEAT WITH ME, MOTHERFUCKER.
ARRAY, PLURAL, NON-ARRAY, SINGULAR.

I need to pass a shitload of filters for the data for this table, and for every suckin fuckin filter I need to singularize this shit. Thank god for es6.

I know this sounds like nitpick, but I swear to fucking alpha omega this guy is inconsistent as fuck.

Every time it feels like he makes up a new rule.

Sometimes I need to send arrays of ids, other times arrays of objects with an id property on each.

He uses synonyms too, sometimes it's remove, other times erase.

PICK ONE MOTHERFUCKER.

If you can't do the basic things well, then what is to expect of more advanced stuff?

Naming conventions you fucking idiot, follow them. It's programming 101.

You're already sending them as plural in the fucking response. Why change them for the request?

And that's just style, conventions.

This idiot asshole also RARELY DOES ANY FUCKING CHECK ON THE ARGUMENTS.

"Oh, you sent a required argument as null? 500"

We get exceptions on sentry UP THE ASS thanks to this useless bone container.

YOU'RE SEEING THE EXCEPTIONS TOO!!!!! 500'S ARE BUGS YOU NEED TO FIX, YOU CUMCHUGGER

And sometimes he does send 400, you know what the messages usually are?
"Validation failed".

WHYYYYYY YOU GODDAMN APATHETIC TASTELESS FUCK???
WHAT EXACTLY CAUSED THE FUCKING VALIDATION TO FAIL????

EXCEPTIONS HAPPEN AND THANKS TO YOU I HAVE NO IDEA WHY.

The worst of all... the worst of fucking all is that everytime I make a suggestion to change shit, every time, you act like you care.
You act like the api is the way it is because you designed it in a calculated manner.

MOTHERFUCKER. IF A USER HAS ONLY PRODUCT A, THEN HE SHOULDN'T BE ABLE TO ACCESS DATA FOR PRODUCT B. IT IS NOT ENOUGH TO JUST RESTRICT SHIT WITH ADMIN ROLES. IDIOT!!!!!

This is the work of someone who has no passion for programming.

You know what really grinds my gears? As a junior webdeveloper (mostly backend) I try my hardest to deliver quality content and other people's ignorance is killing me in my current job.

Let's rant about a recent project I had under my hood, for this project (a webshop) I had to restructure the database and had to include validation on basicly every field (what the heck, no validation I hear you say??), apperently they let an incompetent INTERN make this f***king webshop. The list of mistakes in this project can bring you close to the moon I'd say, seriously.

Database design 101 is basicly auto incremented ID's, and using IDs in general instead of using name (among a list of other stuff obv.). Well, this intern decided it was a good idea to filter a custom address-book module based on a NAME, so it wasn't setup as: /addressbook/{id} (unique ID, never a problem) but as /addressbook/{name}, which results in only showing one address if the first names on the addresses are the same. Lots of bugs that go by this type of incompetence and ignorance. Want to hear another joke? Look no further, this guy also decided it was a great idea to generate the next ID of an order. So the ordernumber wasn't made up by the auto incremented id on the order model, but by a count of all the orders and that was the next order number. This broke so many times, unbelievable.

To close the list of mistakes off, the intern decided it was a great idea to couple the address of a user directly to an order. Because the user is able to ship stuff to addresses within his addressbook, this bug could delete whole orders out of the system by simply deleting the address in your addressbook.

Enough about my intern rant, after working my ass of and going above and beyond the expectations of the customer, the guy from sales who was responsible for it showed what an a**hole he was. Lets call this guy Tom.

Little backstory: our department is a very small part of the company but we are responsible for so much if you think about it. The company thinks we've transitioned to company wide SCRUM, but in reality we are so far from it. I think the story below is a great example of what causes this.

Anyway, we as the web department work within Gitlab. All of our issues and sprints are organized and updated within this place. The rest of the company works with FileMaker, such a pile of shit software but I've managed to work around its buggyness. Anyway, When I was done with the project described above I notified all the stakeholders, this includes Tom. I made a write-up of all the changes I had made to the project, including screenshots and examples, within Gitlab. I asked for feedback and made sure to tag Tom so he was notified of my changes to the project.

After hearing nothing for 2 weeks, guess who came to my desk yesterday? F**king tom asking what had changed during my time on the project. I told him politely to check Gitlab and said on a friendly tone that I had notified him over 2 weeks ago. He, I shit you not, blantly told me that he never looks on there "because of all the notifications" and that I should 'tell him what to do' within FileMaker (which I already had updated referencing Gitlab with the write-up of my changes). That dick move of him made me lose all respect for this guy, what an ignorant piece of shit he is afterall.

The thing that triggers me the most in the last story is that I spent so much free time to perfect the project I was working on (the webshop). I even completed some features which weren't scheduled during the sprint I was working on, and all I was asking for was a little appreciation and feedback. Instead, he showed me how ignorant and what a dick he was.

I absolutely have no reason to keep on working for this company if co-workers keep treating me like this. The code base of the webshop is now in a way better condition, but there are a dozen other projects like this one. And guess what? All writen by the same intern.

/rant :P

Started a new job today... but I couldn't actually do anything because I had to wait for 4 hours to get an ID card (necessary for computer access because security) only to get told to come back tomorrow to try again. Off to a great start!!

At least my manager realized that this is fucked and filed a complaint against their department.

Same days you just need a duck.

Me: map.get(record.Id)

Code: null

Me: no, map.get(record.id)

Code: null

Me: let's grab this record from the map

Code: null

Me: what the flying fuck, take this fucking ID from this fucking RECORD and find it in THIS god forsaken map.

Code: null

Me:.......

Code: 😉

Duck: did it occur to you the ID exists only AFTER the map is created.

Me: you fucking wha..... oh I'm a dick head.

OMFG I don't even know where to start..
Probably should start with last week (as this is the first time I had to deal with this problem directly)..

Also please note that all packages, procedure/function names, tables etc have fictional names, so every similarity between this story and reality is just a coincidence!!

Here it goes..

Lat week we implemented a new feature for the customer on production, everything was working fine.. After a day or two, the customer notices the audit logs are not complete aka missing user_id or have the wrong user_id inserted.
Hm.. ok.. I check logs (disk + database).. WTF, parameters are being sent in as they should, meaning they are there, so no idea what is with the missing ids.

OK, logs look fine, but I notice user_id have some weird values (I already memorized most frequent users and their ids). So I go check what is happening in the code, as the procedures/functions are called ok.

Wow, boy was I surprised.. many many times..
In the code, we actually check for user in this apps db or in case of using SSO (which we were) in the main db schema..
The user gets returned & logged ok, but that is it. Used only for authentication. When sending stuff to the db to log, old user Id is used, meaning that ofc userid was missing or wrong.

Anyhow, I fix that crap, take care of some other audit logs, so that proper user id was sent in. Test locally, cool. Works. Update customer's test servers. Works. Cool..

I still notice something off.. even though I fixed the audit_dbtable_2, audit_dbtable_1 still doesn't show proper user ids.. This was last week. I left it as is, as I had more urgent tasks waiting for me..

Anyhow, now it came the time for this fuckup to be fixed. Ok, I think to myself I can do this with a bit more hacking, but it leaves the original database and all other apps as is, so they won't break.
I crate another pck for api alone copy the calls, add user_id as param and from that on, I call other standard functions like usual, just leave out the user_id I am now explicitly sending with every call.
Ok this might work.

I prepare package, add user_id param to the calls.. great, time to test this code and my knowledge..

I made changes for api to incude the current user id (+ log it in the disk logs + audit_dbtable_1), test it, and check db..
Disk logs fine, debugging fine (user_id has proper value) but audit_dbtable_1 still userid = 0.

WTF?! I go check the code, where I forgot to include user id.. noup, it's all there. OK, I go check the logging, maybe I fucked up some parameters on db level. Nope, user is there in the friggin description ON THE SAME FUCKING TABLE!!
Just not in the column user_id...

WTF..Ok, cig break to let me think..

I come back and check the original auditing procedure on the db.. It is usually used/called with null as the user id. OK, I have replaced those with actual user ids I sent in the procedures/functions. Recheck every call!! TWICE!! Great.. no fuckups. Let's test it again!
OFC nothing changes, value in the db is still 0. WTF?! HOW!?

So I open the auditing pck, to look the insides of that bloody procedure.. WHAT THE ACTUAL FUCK?!
Instead of logging the p_user_sth_sth that is sent to that procedure, it just inserts the variable declared in the main package..
WHAT THE ACTUAL FUCK?! Did the 'new guy' made changes to this because he couldn't figure out what is wrong?! Nope, not him. I asked the CEO if he knows anything.. Noup.. I checked all customers dbs (different customers).. ALL HAD THIS HARDOCED IN!!! FORM THE FREAKING YEAR 2016!!! O.o

Unfuckin believable.. How did this ever work?!

Looks like at the begining, someone tried to implement this, but gave up mid implementation.. Decided it is enough to log current user id into BLABLA variable on some pck..
Which might have been ok 10+ years ago, but not today, not when you use connection pooling.. FFS!!

So yeah, I found easter eggs from years ago.. Almost went crazy when trying to figure out where I fucked this up. It was such a plan, simple, straight-forward solution to auditing..

If only the original procedure was working as it should.. bloddy hell!!

Tl;DR; version:
French designer, Mexican PSD -> HTML converter, Indian VueJS developer, Spanish project manager and a Taiwanese back-end developer. Application was made like an tower of pizza from bullcrap held by boogers and constantly licked by an orangutang to keep it standing.

Longer version:
We had to take a "half-finished" project from one of our clients, received the code for full-stack project. The css/design was so unbearable that it mostly broke on anything that had higher than 720px wide screen, structure was full of tables/divs and no fucking flexbox/grid... Then the fun part - we saw it's conversion to vueJS - a single fucken App.vue file that had shitton of conditions for pages.... yea, not even multi-component/routed app, just conditions!!!! And then... A back-end (in which I mainly specify myself) - it was made by a developer that had to mainly use Java/C# as their daily driver while all being build on php and Laravel. 0 Fucken laravel functions used, 0 of models, logic and so on.... Most of the page was running on RAW sql queries. Names... Oh my god the function names....
`getTheUsersThatHasAtLeastOneSpaceAssignedToThemByGivenCompanyId(int $id)`
And it held an RAW sql that was coming from a model....

All of this was managed by a random spanish manager who couldn't really understand what our client needed and what he actually wanted so from 100% of the site, only 20% was correct in logic....

And yet, according to the whole "package" (team) - they did everything correctly, saw no issues and our client was ungrateful fucker that refused to pay 10x the amount that we asked in order to completely re-do the application....

Morale: Remote teams are great... As long as all of them can work remote in TEAM.

Samsung Pay > Apple Pay

There I said it. After testing Apple Pay, Google Wallet, and now Samsung Pay I am convinced that Samsung Pay is the best. It works great and the rewards points that you get for using it are just awesome.

Side note: wtf Apple!? The iPhone 8 is the iPhone 7 plus wireless charging and the iPhone X is just a $1000 piece of flashy ass shit that's only real "innovations" are Face ID and animojis.

Did some updates to an older Web Forms website built by a previous SENIOR developer who is a notoriously horrible developer.

Now before I start, you have to understand this guy studied at a University and had been working for at least two years before I even started working. He is supposed to know the basic shit mentioned below.

This also happened a couple of days ago, so I have calmed down since then so I apologise for the relaxed tone. My next rant will contain a lot more swearing.

This fucking guy did the stupidest shit imaginable.

On the details view of a post|page|article|product|anything that would require a details view this jackass would load the data from the DB.

Using an OleDbConnection, OleDbDataAdapter, DataTable and the poorest writter fucking sql statements you have ever seen. All of these declared in the Page_Load method.

There was literally no reason for him to use OleDb instead of Sql, but he simply did not know any better.

He especially liked: "select * from tbl where id = " & Request("T") & ""

ZERO fucking checks to see if the value is even passed or valid, nothing. He did not even check whether the DataTable had any rows.

He then proceeded to use only the Heading column of the returned row to change the page's title.

Stupidly I assumed the aspx page will be in a better state. Fuck NO!

This fucktard went, added server tags to the opening of the asp:Content tag, copied that shit he used to fetch the data and pasted it between the server tags.

He did not know how to access the DataTable mentioned above from the aspx page!

He did this on every fucking project he worked on. Any place that required <%= %> to display data instead of using asp server controls, this cunt copied whatever was written in the code behind and pasted everything between server tags.

Fuck I could go on forever, but I think this is enough for my first rant.

Coming back here after years to rant about... myself.
TLDR: I fucked up and now have to call a thousand people as a dev, I'm not even getting paid for it and they all get crazy about a random ID that got assigned to them, so now I want to throw away all my electronics and become a skilift operator.

Stupid me deployed a project shortly before we have the largest amount of orders in the year. (Like 90% of yearly orders in a couple minutes cause they are sold out fast and people wait to order first)

I got this horrible legacy "plain self written framework php" project which I tried to upgrade state of the art.
There was one piece missing to upgrade everything and nicely deploy it to some fresh new servers which can handle the high load which peaks at the time orders open.

So I did it the day before orders open and... everything worked well! Nothing crashed.
I wrote my client to wait a little before he confirms the orders, since after confirmation each of the people who ordered will receive an email where they can choose a unique number which they'll receive as a sticker with the order.

Since it's an event my client is promoting, people will meet each other wearing those unique stickers and being able to identify each other online and in person with this number.

Suddenly my clients call me that "customers are complaining about that there is something wrong"
Turned out he confirmed all orders straight away and that part of the application which makes the number unique was broken on the update.
So everyone could chose any number (also taken ones) as his "unique" number.

In my panic, I told my client "It's my mistake, I'll deal with it of course and call the affected people in my free time, since it's my mistake you don't have to pay for it". (it's my largest client by far, am a freelancer)
Realizing when people can chose any number it'll not be a few ones who have the same, it's like almost everyone did chose "69", "1", "420", "88 (a scary amount of people)",... (with 69 being the number being chosen by most people btw, even more then "1")

So now I have to call about a thousand people telling them a new random ID will be assigned to them. I thought of course about mailing them, wrote a script that deals with the issue automatically, and FUCKED IT UP TOO so everyone is confused and the only way to deal with it is by a call basically.
And while I'm sitting here now for 2 days straight calling people in my free time about their random ID will have to change, I realized that some people are quite crazy about random ID's.
I'm talking about yelling and threatening because "is it too much to ask for a working website when ordering this expensive product".

I hate my life right now and am getting quite serious about throwing all my electronic devices away and become a skilift operator instead. Fuck the higher pay, it's not worth the shit, I wanna have only responsibility about one button to press while watching people fall on their face.

Just spent about a day and a half debugging my code a million different ways, only to discover that the third party call that kept failing needed the id in UPPERCASE.

So I'm on vacation right now to visit family. I received an email from the head of department that, due to our department getting 7 new hires in one day, the seating arrangement has been changed.

My new seat is next to this one developer who's old enough to be my dad. He's a very nice guy and all, but the problem is he burps ALL. THE. TIME. I've never met anybody more gassy. His burps don't stink, thank God, but they're loud enough that it's seriously jarring.

You know how us devs can be completely in the zone until some marketing dickbag taps you on the shoulder and asks you to check your email or help with something that is absolutely not your job and you completely lose all focus and have to start over? Its exactly like that, except it happens every 10 minutes.

Another thing is, my back is now facing away from the wall, towards the rest of the office. The nearest section to mine is management. That means that anybody, including the CEO, can walk up right behind me and see what I'm doing at all times.

I really hate that. Id much rather be next to the wall to have some sort of privacy. Somehow sitting next to burpy guy is still the thing I'm most annoyed about though.

I tried to ask for a different seat, but my manager effectively said that I have no choice but to sit there because that guy is part of my team, and teammates should sit together. He forgot about the fact that, while the work him and I do is indeed related, I've been working on a solo project for the past few months and I don't need to be next to anybody in particular because I'm the only one working on this thing. Theoretically, I could sit in the toilet with my laptop and get my work done just fine. Maybe when I talk to him face to face in the office I can convince him to have some mercy on me.

The bright side is I'm very excited about meeting those 7 new hires I mentioned. They seem to be smart, capable people so I look forward to working with them and learning from them. Every cloud has a silver lining. 😊

I don't know if I'm being pranked or not, but I work with my boss and he has the strangest way of doing things.
- Only use PHP
- Keep error_reporting off (for development), Site cannot function if they are on.
- 20,000 lines of functions in a single file, 50% of which was unused, mostly repeated code that could have been reduced massively.
- Zero Code Comments
- Inconsistent variable names, function names, file names -- I was literally project searching for months to find things.
- There is nothing close to a normalized SQL Database, column ID names can't even stay consistent.
- Every query is done with a mysqli wrapper to use legacy mysql functions.
- Most used function is to escape stirngs
- Type-hinting is too strict for the code.
- Most files packed with Inline CSS, JavaScript and PHP - we don't want to use an external file otherwise we'd have to open two of them.
- Do not use a package manger composer because he doesn't have it installed.. Though I told him it's easy on any platform and I'll explain it.
- He downloads a few composer packages he likes and drag/drop them into random folder.
- Uses $_GET to set values and pass them around like a message contianer.
- One file is 6000 lines which is a giant if statement with somewhere close to 7 levels deep of recursion.
- Never removes his old code that bloats things.
- Has functions from a decade ago he would like to save to use some day. Just regular, plain old, PHP functions.
- Always wants to build things from scratch, and re-using a lot of his code that is honestly a weird way of doing almost everything.
- Using CodeIntel, Mess Detectors, Error Detectors is not good or useful.
- Would not deploy to production through any tool I setup, though I was told to. Instead he wrote bash scripts that still make me nervous.
- Often tells me to make something modern/great (reinventing a wheel) and then ends up saying, "I think I'd do it this way... Referes to his code 5 years ago".
- Using isset() breaks things.
- Tens of thousands of undefined variables exist because arrays are creates like $this[][][] = 5;
- Understanding the naming of functions required me to write several documents.
- I had to use #region tags to find places in the code quicker since a router was about 2000 lines of if else statements.
- I used Todo Bookmark extensions in VSCode to mark and flag everything that's a bug.
- Gets upset if I add anything to .gitignore; I tried to tell him it ignores files we don't want, he is though it deleted them for a while.
- He would rather explain every line of code in a mammoth project that follows no human known patterns, includes files that overwrite global scope variables and wants has me do the documentation.
- Open to ideas but when I bring them up such as - This is what most standards suggest, here's a literal example of exactly what you want but easier - He will passively decide against it and end up working on tedious things not very necessary for project release dates.
- On another project I try to write code but he wants to go over every single nook and cranny and stay on the phone the entire day as I watch his screen and Im trying to code.

I would like us all to do well but I do not consider him a programmer but a script-whippersnapper. I find myself trying to to debate the most basic of things (you shouldnt 777 every file), and I need all kinds of evidence before he will do something about it. We need "security" and all kinds of buzz words but I'm scared to death of this code. After several months its a nice place to work but I am convinced I'm being pranked or my boss has very little idea what he's doing. I've worked in a lot of disasters but nothing like this.

We are building an API, I could use something open source to help with anything from validations, routing, ACL but he ends up reinventing the wheel. I have never worked so slow, hindered and baffled at how I am supposed to build anything - nothing is stable, tested, and rarely logical. I suggested many things but he would rather have small talk and reason his way into using things he made.

I could fhave this project 50% done i a Node API i two weeks, pretty fast in a PHP or Python one, but we for reasons I have no idea would rather go slow and literally "build a framework". Two knuckleheads are going to build a PHP REST framework and compete with tested, tried and true open source tools by tens of millions?

I just wanted to rant because this drives me crazy. I have so much stress my neck and shoulder seems like a nerve is pinched. I don't understand what any of this means. I've never met someone who was wrong about so many things but believed they were right. I just don't know what to say so often on call I just say, 'uhh..'. It's like nothing anyone or any authority says matters, I don't know why he asks anything he's going to do things one way, a hard way, only that he can decipher. He's an owner, he's not worried about job security.

Boss: some consultants worked on this feature extending some legacy code
Boss: it's 90% done
Boss: they used FTP. It uses iframes and we fired them when they couldn't get the frontend modules working in sync with the backend.
Me: git checkout -b herewegoagain
git diff-tree --no-commit-id --name-only -r 666w3wl4d
*copy output list of files to sublime text 3; select all lines; add to each:
gitk --follow [filename] > src/.notes/herewegoagain/[filename].diff
*examines....
Me: It's -10% done. you'll know I'm almost done when I enter the fugue state. You'll find me at this address. Give me this USB stick and a 4 pack of redbull and I'll do the merge.

Not the worst, but probably the only one I can sort of explain & not get into trouble for NDA breach..

Umm.. here it goes.. wrong id returned from db procedure, tried to do something on db with that id and got exception that the id doesn't exist. Instead of checking why the procedure returns nonexistent id, he just wrapped everything in try catch without any logs.. & of course, didn't tell anyone about this.. o.0

I know, I know, code review could have prevented this, but holy fuck..
Guy's cv had more experience than I have now, so at the time, I didn't think I'd have to check every line of code he wrote, especially not for shit like this.

For about 3x years now, we have had 3x generic work email addresses that are used as microsoft accounts for office 2016 licenses.
(The company is dragging its heels on getting office 365 so MS like to make our lives hell.)

Suddenly we can’t get office updates... and when we sign in to see why, it says that because we are apparently only 3 years old we need our parents permission to use the account or we’ll lose access by September.
Never were we forced to enter a DOB when setting the accounts up!!! So it used the account setup date instead.

It turns out that we can’t change our DOB ourselves, as we are a ‘child’ and need a parents permission.
Fine.
I access my personal account and follow the instructions to add the 3x email addresses as my children so i can change the DOB.

‘Ha ha’ i hear microsoft saying, ‘it doesn’t work that way!!’

No, In order for the parent to verify their child’s identity, they are charged 0.50c per child!
Wtf!!
Doesn’t cost a lot but come on Microsoft!!

It’s that, or submit ID, which obviously wont work for a generic support@ email address like we have.
So annoying and we don’t know what to do.
Wonder how much MS are making out of this...

Running a wild UPDATE statement against an inventory database, it was chaotic and didn't have backups.... yea I know 😅 the backup service died god knows when and no one noticed. I was only new at the time so #notMyFault

UPDATE stock_on_hand = 0; WHERE id IN(1,2,3,4,5,88,972,7388);
# rows affected 1,234,567,890

> I think I almost died inside.

Oh the fun that mess was to clean up.
The positive outcome of this was, we had backups working again not long after and the inventory counts where accurate after that stock take.

My arguments about Apple:
- "iPhone 12 camera can be better than anything else because it's more advanced, it has LiDAR and 10-bit codecs"
- "I can copy on my iPhone and paste on my MacBook and vice versa out of the box"
- "My Beats can seamlessly switch from playing from my MacBook to my iPhone to my Apple Watch. I can be exercising with only my Apple Watch and my Beats, no need for iPhone"
- "2K screen with nice colors in a 900g laptop is rare if you consider the price. Apple one is the cheapest one with that characteristics"
- "Apple Pay is convenient"
- "Fingerprint scanners fail with wet fingers no matter if it's ultrasonic or optical, LiDAR Face ID is objectively more secure than any camera-based unlock mechanism"
- "Stainless steel frame feels better than aluminum one"

I'm not saying Apple is the best. I'm not saying that Google Pay doesn't exist or that Apple Pay is better. I'm not saying that Apple has no downsides.

However, these are responses I get:
"But Apple IS crapple, immutably"
"Why are you even looking at apple crap if you want something good"

If you want to bash Apple, bash it for something real like that butterfly keyboard fails, unconventional AirPods shape that makes most people's ears hurt, screen coating fails on MacBooks, App Store commissions.

So recently I completed side gig from random freelancing site where I had to shadow troubleshoot performance problems over teams call with random Indian guy on his client's AWS account. Long story short you can autoscale new instances all you want but it's not gonna help if your FIFO sqs has only one message group ID. This architecture is running an online game, which is basically limited to processing ONE event at the same time for ALL players xD
What's even better, basing on naming convention I realized it's a company that I interviewed for like 4 months ago and they told me "we need someone with more experience". Well good luck, thanks for quick cash

Most painful code error you've made?

More than I probably care to count.

One in particular where I was asked to integrate our code and converted the wrong value..ex

The correct code was supposed to be ...

var serviceBusMessage = new Message() {ID = dto.InvoiceId ...}

but I wrote ..

var serviceBusMessage = new Message() {ID = dto.OrderId ...}

At the time of the message bus event, the dto.OrderId is zero (it's set after a successful credit card transaction in another process)

Because of a 'true up' job that occurs at EOD, the issue went unnoticed for weeks. One day the credit card system went down and thousands of invoices needed to be re-processed, but seemed to be 'stuck', and 'John' was tasked to investigate, found the issue, and traced back to the code changes.

John: "There is a bug in the event bus, looks like you used the wrong key and all the keys are zero."
Me: "Oh crap, I made that change weeks ago. No one noticed?"
John: "Nah, its not a big deal. The true-up job cleans up anything we missed and in the rare event the credit card system goes down, like now. No worries, I can fix the data and the code."
<about an hour later I'm called into a meeting>
Mgr1: "We're following up on the credit card outage earlier. You made the code changes that prevented the cards from reprocessing?"
Me: "Yes, it was my screw up."
Mgr1: "Why wasn't there a code review? It should have caught this mistake."
Mgr2: "All code that is deployed is reviewed. 'Tom' performed the review."
Mgr1: "Tom, why didn't you catch that mistake."
Tom: "I don't know, that code is over 5 years old written by someone else. I assumed it was correct."
Mgr1: "Aren't there unit tests? Integration tests?"
Tom: "Oh yea, and passed them all. In the scenario, the original developers probably never thought the wrong ID would be passed."
Mgr1: "What are you going to do so this never happens again?"
Tom: "Its an easy addition to the tests. Should only take 5 minutes."
Mgr1: "No, what are *you* going to do so this never happens again?"
Me: "It was my mistake, I need to do a better job in paying attention. I knew what value was supposed to passed, but I screwed up."
Mgr2: "No harm no foul. We didn't lose any money and no customer was negativity affected. Credit card system may go down once, or twice a year? Nothing to lose sleep over. Thanks guys."

A week later Mgr1 fires Tom.

I feel/felt like a total d-bag.

Talking to 'John' later about it, turns out Tom's attention to detail and 'passion' was lacking in other areas. Understandable since he has 2 kids + one with special-needs, and in the middle of a divorce, taking most/all of his vacation+sick time (which 'Mgr1' dislikes people taking more than a few days off, that's another story) and 'Mgr1' didn't like Tom's lack of work ethic (felt he needed to leave his problems at home). The outage and the 'lack of due diligence' was the last straw.

this just happened a few seconds ago and I am just laughing at the pathetic site that is Facebook. xD
4 years ago:
So I was quite a noobie gamer/hacker(sort of) back then and i had a habit of having multiple gmail/fb accounts, just for gaming, like accounts through which i can log in all at once in the same poker room, so 4/5 players in the game are me, or just some multiple accounts for clash of clans for donations.
I had 7-8 accounts back then. one had a name that translated to "may the dead remain in peace "@yahoomail.com . it was linked to fb using same initials. after sometime only this and 2 of my main accs were all i cared about.even today when i feel like playing, i sometimes use those accs.

2 years ago.
My dad is a simple man and was quite naive to modern techs and used to hang around with physical button nokia phones.But we had a business change, my father was now in a partnership in a restaurant where his daily work included a lot of sitting job and and casual working. So he bought a smartphone for some time pass.
He now wanted to download apps and me to teach him.I tried a lot to get him his own acc, but he couldn't remember his login credentials.
so at the end i added one of my own fake ID's(maythedead...) so he could install from playstore, watch vids on youtube and whatever.

The Actual Adventure starts now
Today, 1 hour ago:
I had completely forgot about this incident, since my parents are now quite modern in terms of tech.
But today out of nowhere i recieved an email that someone has JUST CHAINGED MY FB PASSWORD FOR ONE OF MY FAKE ACCS!?!??
what the hell, i know it was just a useless acc and i never even check my fb from any acc these days, but if someone could login into that acc, its not very difficult to track my main accs, id's, etc so i immediately opened this fb security portal and that's where the stupidity starts:

1)To recover your account they FUCKIN ASKS FOR A PHYSICAL ID. yeah, no email, no security question you have to scan your driving license or passport to get back to your account.And where would I get a license for some person named "may the dead remain in peace"? i simply went back.
2) tried another hack that i thought that will work.Closed fb help page, opened fb again , tried to login with my old credentials, it says" old password has been changed,please enter new password", i click forget password and they send an otp. i thought yes i won, because the number and recover mail id was mine only so i received it.
when i added the otp, i was first sent to a password change page (woohoo, i really won! :)) but then it sends me again to the same fuckin physical id verification page.FFFFFFFFFuck

3)I was sad and terrified that i got hacked.But 10 mins later a mail comes ,"Your Facebook password was reset using the email address on Tuesday, April 10, 2018 at 8:24pm (UTC+05:30)."
I tried clicking the links attached, hoping that the password i changed(point<2>) has actually done something to account.NADA, the account still needs a physical license to open:/

4) lost, i just login to my main account and lookup for my lost fake account. the fun part:my account has the display pic of my father?!!?!
So apparently, my father wanted to try facebook, he used the fake account i gave him to create one, fb showed him that this id already has an fb account attached to it and he accidently changed my password.MY FATHER WAS THE HACKER THE WHOLE TIME xD.
but response from fb?" well sir, if you want your virtually shitty account back , you first will have to provide us with all details of your bank transactions or your voter id card, maybe trump will like it"

I hate lying customers.

Today a customer opened a support ticket related to his website account. Apparently he is losing his session right after the login success.
I've debugged everything, checked all logs and couldn't reproduce it.
I know every bit of business logic on the website by heart.
The only explanation could be that his browser either doesn't allow cookies or expires them after page change.
So I asked him to check.
"Yes, cookies are allowed in my browser" he wrote.
Well... fuck me... I will change the code to put the session ID in the URL as well. If it works - and I'm 100% sure of that - I will personally mail him a collection of the finest turds.

Everyone and their dog is making a game, so why can't I?
1. open world (check)

2. taking inspiration from metro and fallout (check)

3. on a map roughly the size of the u.s. (check)

So I thought what I'd do is pretend to be one of those deaf mutes. While also pretending to be a programmer. Sometimes you make believe
so hard that it comes true apparently.

For the main map I thought I'd automate laying down the base map before hand tweaking it. It's been a bit of a slog. Roughly 1 pixel per mile. (okay, 1973 by 1067). The u.s. is 3.1 million miles, this would work out to 2.1 million miles instead. Eh.

Wrote the script to filter out all the ocean pixels, based on the elevation map, and output the difference. Still had to edit around the shoreline but it sped things up a lot. Just attached the elevation map, because the actual one is an ugly cluster of death magenta to represent the ocean.

Consequence of filtering is, the shoreline is messy and not entirely representative of the u.s.

The preprocessing step also added a lot of in-land 'lakes' that don't exist in some areas, like death valley. Already expected that.

But the plus side is I now have map layers for both elevation and ecology biomes. Aligning them close enough so that the heightmap wasn't displaced, and didn't cut off the shoreline in the ecology layer (at export), was a royal pain, and as super finicky. But thankfully thats done.

Next step is to go through the ecology map, copy each key color, and write down the biome id, courtesy of the 2017 ecoregions project.

From there, I write down the primary landscape features (water, plants, trees, terrain roughness, etc), anything easy to convey.
Main thing I'm interested in is tree types, because those, as tiles, convey a lot more information about the hex terrain than anything else.

Once the biomes are marked, and the tree types are written, the next step is to assign a tile to each tree type, and each density level of mountains (flat, hills, mountains, snowcapped peaks, etc).
The reference ids, colors, and numbers on the map will simplify the process.

After that, I'll write an exporter with python, and dump to csv or another format.

Next steps are laying out the instances in the level editor, that'll act as the tiles in question.
Theres a few naive approaches:

Spawn all the relevant instances at startup, and load the corresponding tiles.

Or setup chunks of instances, enough to cover the camera, and a buffer surrounding the camera. As the camera moves, reconfigure the instances to match the streamed in tile data.

Instances here make sense, because if theres any simulation going on (and I'd like there to be), they can detect in event code, when they are in the invisible buffer around the camera but not yet visible, and be activated by the camera, or deactive themselves after leaving the camera and buffer's area.

The alternative is to let a global controller stream the data in, as a series of tile IDs, corresponding to the various tile sprites, and code global interaction like tile picking into a single event, which seems unwieldy and not at all manageable. I can see it turning into a giant switch case already.

So instances it is.

Actually, if I do 16^2 pixel chunks, it only works out to 124x68 chunks in all. A few thousand, mostly inactive chunks is pretty trivial, and simplifies spawning and serializing/deserializing.

All of this doesn't account for
* putting lakes back in that aren't present

* lots of islands and parts of shores that would typically have bays and parts that jut out, need reworked.

* great lakes need refinement and corrections

* elevation key map too blocky. Need a higher resolution one while reducing color count
This can be solved by introducing some noise into the elevations, varying say, within one standard div.

* mountains will still require refinement to individual state geography. Thats for later on

* shoreline is too smooth, and needs to be less straight-line and less blocky. less corners.

* rivers need added, not just large ones but smaller ones too

* available tree assets need to be matched, as best and fully as possible, to types of trees represented in biome data, so that even if I don't have an exact match, I can still place *something* thats native or looks close enough to what you would expect in a given biome.
Ponderosa pines vs white pines for example.

This also doesn't account for 1. major and minor roads, 2. artificial and natural attractions, 3. other major features people in any given state are familiar with. 4. named places, 5. infrastructure, 6. cities and buildings and towns.

Also I'm pretty sure I cut off part of florida.
Woops, sorry everglades.

Guess I'll just make it a death-zone from nuclear fallout.

Take that gators!

TL:DR
Why do so shitty "API"s exist that are even harder to write than proper ones? D:

Trying to hack my venilation at home.
This API is so horrible D:
The API is only based on POST requests no matter if you want to write values or get values and the response only contains XML with cryptic values like:

<?xml version="1.0" encoding="UTF-8"?>
<PARAMETER>
<LANG>de</LANG>
<ID>v01306</ID>
<VA>00011100000000000000000010000001</VA>
<ID>v00024</ID>
<VA>0</VA>
<ID>v00033</ID>
<VA>2</VA>
<ID>v00037</ID>
<VA>0</VA>

Also there are multiple API routes like
POST /data/werte1.xml
POST /data/werte2.xml
POST /data/werte3.xml
POST /data/werte4.xml
And actually the real API route is only given in the request body and not in the path.

Why is this so shitty? D:<

Btw in terms of security this is also top notch. It just globally saves if one computer sends the login password.
I mean why even ask for a password then? D:
That made me end up with a cronjob to send a login request so I don't have to login on any device.

PS:
You see, great piece of German engineering.

So i recently started a new Instagram account with new email ID apart from the personal Instagram account which has my friends from Facebook and even from highschool.

The new account was supposed to be a secret, part of an experiment I'm doing with my life choices. And there i only follow people that i look up to. I'm not expecting anyone from real life to follow me their and i prefer if they don't.

Nobody was supposed to know about this new account other than me. But guess what, it seems this account is being advertised to my friends from other account and some of them are following this new account. I'm 99.9% sure they are following just to get a follow back.

I'm feeling shitty about this, but i ain't gonna follow them back. If i need to see their story and photos, I'd get back on my personal account.

Guess I'll have to suck it up and be okay with fact that those "friends" will be seeing my vulnerable side.

Sign in with Apple...

* Nobody tells you that a app group can consist of a maximum of 6 apps.
* Nobody tells you that suddenly a key id is needed for constructing the signing key for signing the client_secret when other keys are added in the dev portal.
* Apple gives you email and name only (and i mean only) the first time a customer uses Sign In With Apple.
* You have no chance to reset your user during development in a way to try a fresh auth. So either create separate app ids or separate apple ids.

Sounds like fun, right?

Fuck you Twitter for making your widgets createTweet-method only work with the tweet-id as string. Fuck you especially for don't returning nor throwing any error for giving an integer value to it.

This took some time...

i hate linux like a lot , how do you guys use it

like you guys dont want an advertising ID, how the fuck will advertisers know who you are and what you like?

open source , give me a break, you mean your os devs are soo untrustworthy that you just have to see what they wrote in the code, who does that?

free come on, how poor are you linux people, i mean, quality stuff gets paid for, free stuff just means it's trash

and the linux devs , the aint like real coders they are just hobbysts, making your os in their free time

and who wants to install their own software anyway, on other platforms the company curates restricted software that you can use, and i know you'll say its oppressive but its just customer protection.

and i do want my platform to track everything i do, it only helps them build better stuff for me.

and whenever they decide to outdate my hardware and kill support for it, it only means they care and want me to get the latest tech, how considerate.

wait , i hear you say, there are no bugs in linux, my vendor makes sure my os comes with the latest antivirus software, nothing can break my system.

and just because linux runs on servers and most super computers only shows that common users like you and me are ignored, at least my vendor is not a sellout, and still makes stuff for the masses.

you say freedom i say safety i can sleep safe and sound for am protected nutured under one echosystem of software that i can not leave.

Oh boy I got a few. I could tell you stories about very stupid xss vectors like tracking IDs that get properly sanitized when they come through the url but as soon as you go to the next page and the backend returns them they are trusted and put into the Dom unsanitized or an error page for a wrong token / transaction id combo that accidentally set the same auth cookie as the valid combination but I guess the title "dumbest" would go to another one, if only for the management response to it.

Without being to precise let's just say our website contained a service to send a formally correct email or fax to your provider to cancel your mobile contract, nice thing really. You put in all your personal information and then you could hit a button to send your cancelation and get redirected to a page that also allows you to download a pdf with the sent cancelation (including all your personal data). That page was secured by a cancelation id and a (totally save) 16 characters long security token.

Now, a few months ago I tested a small change on the cancelation service and noticed a rather interesting detail : The same email always results in the same (totally save) security token...
So I tried again and sure, the token seemed to be generated from the email, well so much about "totally save". Of course this was a minor problem since our cancelation ids were strong uuids that would be incredibly hard to brute force, right? Well of course they weren't, they counted up. So at that point you could take an email, send a cancelation, get the token and just count down from your id until you hit a 200 and download the pdf with all that juicy user data, nice.

Well, of course now I raised a critical ticket and the issue was fixed as soon as possible, right?
Of course not. Well I raised the ticket, I made it critical and personally went to the ceo to make sure its prioritized. The next day I get an email from jira that the issue now was minor because "its in the code since 2017 and wasn't exploited".

Well, long story short, I argued a lot and in the end it came to the point where I, as QA, wrote a fix to create a proper token because management just "didn't see the need" to secure such a "hard to find problem". Well, before that I sent them a zip file containing 84 pdfs I scrapped in a night and the message that they can be happy I signed an NDA.

To the front end dev that 'finished' his part of a web form with a Hundred pluss fields. You left every id, name, and label-for as 'first-name'.

I know it saves you time to copy paste and only change what's visible on the page, but FUUUUUUCK YOU!

Integer range is 2,147,483,647. Facebook has 2.96B users. Facebook is the only company that graduated from int to unsigned int, which is 4,294,967,295.

And you're using bigint as an id for the “users” table. I just laugh.

Saw this sent into a Discord chat today:

"Warning, look out for a Discord user by the name of "shaian" with the tag #2974. He is going around sending friend requests to random Discord users, and those who accept his friend requests will have their accounts DDoSed and their groups exposed with the members inside it becoming a victim as well. Spread the word and send this to as many discord servers as you can. If you see this user, DO NOT accept his friend request and immediately block him. Discord is currently working on it. SEND THIS TO ALL THE SERVERS YOU ARE IN. This is IMPORTANT: Do not accept a friend request from shaian#2974. He is a hacker.

Tell everyone on your friends list because if somebody on your list adds one of them, they'll be on your list too. They will figure out your personal computer's IP and address, so copy & paste this message where ever you can. He is going around sending friend requests to random discord users, and those who accept his requests will have their accounts and their IP Addresses revealed to him. Spread the word and send this to as many discord servers as you can. If you see this user, DO NOT accept his friend request and immediately block him. Saw this somewhere"

I was so angry I typed up an entire feature-length rant about it (just wanted to share my anger):

"1. Unless they have access to Discord data centres or third-party data centres storing Discord user information I doubt they can obtain the IP just by sending friend requests.

2. Judging by the wording, for example, 'copy & paste this message where ever you can' and 'Spread the word and send this to as many discord servers as you can. If you see this user, DO NOT accept his friend request and immediately block him.' this is most likely BS, prob just someone pissed off at that user and is trying to ruin their reputation etc.. Sentences equivalent to 'spread the word' are literally everywhere in this wall of text.

3. So what if you block the user? You don't even have their user ID, they can change their username and discrim if they want. Also, are you assuming they won't create any alts?

4. Accounts DDoSed? Does the creator of this wall of text even understand what that means? Wouldn't it be more likely that 'shaian' will be DDoSing your computer rather than your Discord account? How would the account even be DDoSed? Does that mean DDoSing Discord's servers themselves?

5. If 'shaian' really had access to Discord's information, they wouldn't need to send friend requests in order to 'DDoS accounts'. Why whould they need to friend you? It doesn't make sense. If they already had access to Discord user IP addresses, they won't even have to interact with the users themselves. Although you could argue that they are trolling and want to get to know the victim first or smth, that would just be inefficient and pointless. If they were DDoSing lots of users it would be a waste of time and resources.

6. The phrase 'Saw this somewhere' at the end just makes it worse. There is absolutely no proof/evidence of any kind provided, let along witnesses.

How do you expect me to believe this copypasta BS scam? This is like that 'Discord will be shutting down' scam a while back.

Why do people even believe this? Do you just blindly follow what others are doing and without thinking, copy and paste random walls of text?

Spreading this false information is pointless and harmful. It only provides benefits to whoever started this whole thing, trying to bring down whoever 'shaian' is.

I don't think people who copy & paste this sort of stuff are ready to use the internet yet.

Would you really believe everything people on the internet tell you?

You would probably say 'no'.

Then why copy & paste this? Do you have a reason?

Or is it 'just because of 'spread the word''?

I'm just sick of seeing people reposting this sort of stuff

People who send this are probably like the people who click 'Yes' to allow an app to make changes in the User Account Control window without reading the information about the publisher's certificate, or the people who click 'Agree' without actually reading the terms and conditions."

In a meeting yesterday working through our WebAPI coding standards, starting from File -> New project..etc..etc.. and ironing out some of the left-or-right decisions so we can have a consistent coding style, working in a meeting room with an overhead projector and sharing keyboard around with one another.

Then we hit the routing 'rules' in the WebApiConfig, "api/{controller}/{id}"…

DevMgr: "Do we need the 'api' prefix? It seems redundant."
Ralph: "Yes it's needed. Prefixing the controllers with 'api' is industry best practice. Otherwise, how is anyone to know it's a web api"
Prancer: "Yea, it's part of the REST standard."
Me: "I don't think so. That is only part of the Asp.Net routing rule. We can put anything we want or take anything out."
DevMgr: "Yea, it looks silly. All the new services are going to be business process specific."
Ralph: "That's how everyone does it. It's kind of the point of why REST services are called WebApi"
Prancer: "What's the point of doing any of this work if we're not going to follow industry standards."
Me: "I understand if the service is part of larger web site, but we're developing standalone services. Prefixing routes with 'api' is redundant. I mean who are these 'everyone' you're talking about?"
<ralph rolls his eyes>
Ralph: "Lets see …uhhh… Netflix?. They're kinda a big deal."
Me: "Like I said, it's an integral part of their site and the services they provide. That's fine. I'm talking about the 12 other 3rd party services we integrate with. None of them have 'api' on any of their routes."
Prancer: "We're talking about serious web services."
Me: "Last time I checked, UPS is a big and serious service."
Ralph: "Their services are a fracking joke" – he didn't say fracking.
Me: "Our payroll system, our billing system, billion dollar companies, didn't have '/api' prefix anywhere. Heck, even that free faxing service we used for a while was a dead-simple routing path."
<I take the keyboard away from Ralph, remove the 'api' from the route.>
Me: "There. Done. Now, lets talk about error handling.."

Rest of the meeting Ralph and Prancer don't say much of anything, arms crossed…I swear Ralph looked like he was going to cry.
This morning I catch my boss…
Me: "What did you think of the meeting? I thought Ralph was going to take a swing at me when I took the keyboard away from him."
DevMgr: "Oh yes…I almost laughed out loud….blows my freaking mind how worked up people get about crap that doesn't matter. Api..or not…who the frack cares. Just make it consistent"
Me: "Exactly…I didn't care either way, but I enjoyed calling out that nonsense."
DevMgr: "Yes..waaay too much."

If I didn't call them on their BS and the 'standard' allowed to continue, I can bet my paycheck when the subject comes up in a few months (another mgr asks 'isn't this api prefix redundant?') Ralph and Prancer will be the first to say "Yea, its stupid. We fought really hard to remove it from the standard...its not our fault...its <insert scapegoat> fault."

Went through changing Apple ID email. I have 💻,📱and⌚️.

Felt like that horror movie moment when protagonist tries to be stealthy but makes a noise and a huge mob of zombies turn heads all at once. For what I love apple, the simplicity, in the email changing process there is none of that.

They forced me to enter my 60 arbitrary obscure characters password on Apple Watch screen.

On the other hand I felt nostalgic. When I was using Linux this all was my day to day experience no matter the distro, and I got a Linux Foundation certificate, I contributed to Elementary. Can’t imagine the experience of a user who just switched to Linux.

Windows? I don’t want to think about that, let alone talking. You only need to know that I successfully configured a SoE setup AND active directory in ad-hoc unstable network of literally rusty old computers. And I still switched to Linux back then.

Let's talk about the cargo cult of N-factor authentication. It's not some magic security dust you can just sprinkle onto your app "for security purposes".

I once had a client who had a client who I did server maintenance for. Every month I was scheduled to go to the site, stick my fingerprint in their scanner, which would then display my recorded face prominently on their screens, have my name and purpose verified by the contact person, and only then would the guards let me in.

HAHA no of course not. On top of all of that, they ask for a company ID and will not let me in without one.

Because after all, I can easily forge my face, fingerprints, on-site client contact, appointment, and approval. But printing out and laminating a company ID is impossible.

---

With apologies to my "first best friend" in High School, I've forgotten which of the dozens of canonicalisations of which of your nicknames I've put in as my answer to your security question. I've also forgotten if I actually listed you as my first best friend, or my dog - which would actually be more accurate - and actually which dog, as there are times in my High School life that there were more tails than humans in the house.

I have not forgotten these out of spite, but simply because I have also forgotten which of the dozen services of this prominent bullshit computer company I actually signed up for way back in college, which itself has been more than a decade ago. That I actually apparently already signed up for the service before actually eludes me, because in fact, I have no love for their myriad products.

What I have NOT forgotten is my "end of the universe"-grade password, or email, or full legal name and the ability to demonstrate a clear line of continuity of my identity from wherever that was to now.

Because of previous security screwups in the past, this prominent bullshit company has forced its users to activate its second, third, and Nth factors. A possibly decade-old security question; a phone number long lost; whatever - before you can use your account.

Note: not "view sensitive data" about the account, like full name, billing address, and contact info. Not "change settings" of the account, such as changing account info, email, etc. Apparently all those are the lowest tier of security meant to be protected by mere "end of the universe"-grade passwords and a second factor such as email, which itself is likely to be sold by a company that also cargo cults N-factor auth. For REAL hard info, let's ask the guy who we just showed the address to "What street he lived in" and a couple others.

Explaining this to the company's support hotline is an exercise in...

"It's for your security."

"It's not. You're just locking me out of my account. I can show you a government ID corroborating all the other account info."

"But we can't, for security."

"It's not security. Get me your boss."

...

"It's for security."

Worked on an Android app that synchronized contacts. Didn't consider the contact id may change, leading to (rare) cases of properties being synchronized to the wrong contacts. Only found out later in production when one of my frequent contacts called - and my phone showed a wrong profile picture for him.

Strange : Am I the only person who never got Weekly Top Rant email? Did I configured something wrong?

CLICK the picture to see it... I am sure something is messed up....

Bug1: hey dfox... Please see this...
Leave a comment in a long rant. (like here)
Delete your comment.
How do i reply to the last person's comment?

Feature request: rant id search ability in search

Is it ok if i create a trello board and create cards quickly without following any type of agile methodology because the project is only for me? I cant spend hours of my time writing exact and precise cards following some standard

Id have cards like Todo Doing and Done

Thats it just so i can keep track quickly and focus most of my time on code

Is this ok

Visual studio intellisense is going to make me commit bridge jump

In HTML, it's changing "id" to "itemid" ???

In JavaScript, it's changing document.getElementById and document.querySelectorAll to documentgetElementById and documentquerySelectorAll ????

What the fuck is this horse shit. It's only getting worse and worse. It's like Mt. Saint Helen blew up 5 minutes ago, they updated the system, and accidentally set off the Yellowstone Giga-volcano. Fuck you, william gates.

One of our projects migrated their file-repository to another one during a major release.

Instead of giving this task to an experienced programmer, they gave it to the head of the respective dev department due to the usual release panic.

Soo.... He wrote the migration tool. It was executed during the release. Everything seemed fine so far.

A few days later. Someone from the above project came to my team due to some "strange behaviour on the production database".
They reported that they couldn't download some of the user's documents due to unknown reasons.

After quickly analyzing the current state of the new file-repository, we concluded that the affected documents did not exist in the new repository.

Then we took a look at the so called migration tool...
Well.. After nearly 30 min. we knew the root cause for that.
They only migrated the first 4 levels of the folder structure. Due to the assumption that "we don't use deeper nesting". (Facepalm)

As the head of their department wrote it, no one seems to questioned it either. Nor did they made a code review and ended up with a tool with hard coded urls to the production db, no version control, no build tool, no ci, nothing. Breaking nearly every possible company standard.

However.. That's not it. When analyzing their migration tool we noticed another even more dangerous thing.
They mixed up the id generation of the migrated documents resulting in a random assignment between customers and documents. Which is quite bad as this contains sensitive information. E.g. passports

They offered us quite a nice amount of money to fix this until EOB. We declinded as it was simply not possible in that time, but agreed to support them with the new tool.

After some time I heard that they migrated production again. And they fucked it up again. They never talked to us after we offered them support...

The third and final migration was written by us. Not only migrated it correctly. It was also way faster. By factor 20.

In the end we haven't gained anything from this rushed project as the penalties were piling up due to this fucked up migration.
After all this time I'm not sure who is to blame. In my opinion, partly all of them.
Head of department who can't and shouldn't code.
Seniors who didn't review the code and didn't ask for help.
Release mgmt who put way too much pressure on the devs.

If you were to teach others a last thing before you die, what would you say?

Id tell my surroundings to use time efficiently. We only have like 800.000h, assuming that we become 100 yo. thats nothing.

Please dont make jokes, id really like this to be an informative thread

i love chromebooks, but i wish they built them with more storage. i know that everything by google is based on the cloud and shit so most chromebooks only have like 4gb of storage but if there was a chromebook with 256gb id be in heaven. does anyone else think chromebooks look really nice compared to other laptops?

I fix antique code for a living and regularly come across code like this, and this is actually the good stuff!

Worst usecase for a goto statement? What do you think?

  int sDDIO::recvCount(int bitNumber){

  if (bitNumber < 0 || bitNumber > 15) return 0;   //ValidatebitNumber which has to be 0-15

  //Send count request

  if (!(send(String::Format(L"#{0:X2}{1}\r", id, bitNumber)) && flushTx())){

bad:   //Return 0 if something went wrong

  return 0;

}

  String^ s = recv(L"\r");   //Receive request data

  if (s->Length != 9) goto bad;   //Validate lenght

s = s->Substring(3, 5);   //Take only relevant bits

 

  int value;   //Try to parse value and send to bad if fails

  bool result = Int32::TryParse(s, value);

  if (!result) goto bad;

 

  int count = value - _lastCount[bitNumber];   //Maximumpossible count on Moxa is 65535.

  if (count < 0) count += 65536;   //If the limit reached, the counter resets to 0

_lastCount[bitNumber] = value;   //This avoids loosing count if the 1st request was

  //made at 65530 and the 2nd request was made at 5

  return count;

}

Wow just realized Simpsons had an episode on crypto... all the way back in February.

If only the the MVC would actually mail me my new drivers license that I renewed almost 6 months ago... I could actually buy some... (exchanges require ID verification, so much for anonymity ¯\_(ツ)_/¯)

SAP Ariba.
Imagine you can test newly created catalogs, but on error you only receive an error ID, which you have to send to a support email to get the acual error message, but support only responds after maybe 2 weeks if you're lucky.
How hard can it be to implement a log viewer next to your catalog testing forms.

Privacy nightmare!

So i had bought a second hand iPhone and it seemed the phone was reset as it had only the default apps.

But as soon as I downloaded Google Chrome on to it, things started to get weird. When i opened the newly downloaded Google Chrome app, it showed someone else's Google account already logged in Chrome. I went to the Chrome settings and the account section gave me full control over this person's Google account.

Not wanting any trouble, i didn't go further and removed that account from the browser.

I then logged in to Google Chrome via one of my "project specific" google account i had created months ago and it added fine. But guess what I found when checking out safari browser.

Safari has somehow synced bookmarks from my main & personal Google account!!

I'm just stunned. I didn't even provide gmail id of my personal Google account and safari somehow was able to get bookmarks from it.

I'm kind of scared now. 😵

The global joke of Information Security

So I broke my iPhone because the nuclear adhesive turned my display into a shopping bag.

This started the ride for my character arc in this boring dystopia novel:

Amazon is preventing me from accessing my account because they want my password, email AND mobile phone number in their TWO.STEP Verifivation.
Just because one too many scammers managed to woo one too many 90+y/o's into bailing their long lost WW2 comrades from a nigerian jail with Amazon gift cards and Amazon doesn't know what to do about anymore,

DHL is keeping my new phone in a "highly secure" vault 200m away from my place, waiting for a letter to register some device with a camera because you need to verify your identity with an app,

all the while my former car insurance is making regress claims of about 7k€ against me for a minor car accident (no-one hurt fortunately, but was my fault).

Every rep from each of the above had the same stupid bitchass scapegoat to create high-tech supra chargers to the account deletion request:

- Amazon: We need to verify your password, whether the email was yours and whether the phone number is yours.

They call it 2-step-verification.

Guess what Amazon requests to verify you before contacting customer support since you dont have access to your number? Your passwoooooord. While youre at it, click on that button we sent you will ya? ...

I call this design pattern the "dement Tupi-Guarani"

- DHL: We need an ID to verify your identity for the request for changing the delivery address you just made. Oh you wanted to give us ANOTHER address than the one written on your ID? Too bad bro, we can't help, GDPR

- Car Insurance: We are making regress claims against you, which might throw you back to mom's basement, oh and also we compensated the injured party for something else, it doesn't matter what it is but it's definitely something, so our claims against you just raised by 1.2k. Wait you want proof we compensated something to the injured at all? Nah mate we cant do that , GDPR. But trust me, those numbers are legit, my quant forecasted the cost of childrens' christmas wishes. You have 14 days or we'll see you in court haha

I am also their customer in a pension scheme. Something special to Germany, where you save some taxes but have to pay them back once you get the fund paid out. I have sent them a letter to terminate the contract.

Funniest thing is, the whole rant is my second take. Because when I hit the post button, devrant made me verify my e-mail. The text was gone afterwards. If someone from devRant reads this, you are free to quote this in the ticket description.

Fuck losing your virginity, or filing your first tax return, or by God get your first car, living through this sad Truman dystopia without going batshit insane is what becoming a true adult is.

I am grateful for all this though:

Amazon's safety measures prevented me from spending the money I can use to conclude the insurance odyssey, and DHLs "giving a fuck about customers" prevention policies made me support local businesses. And having ranted all this here does feel healthy too. So there's that.

Oh, cherry on top. I cant check my balance, because I can only verify my login requests to my banking account wiiiiiiith...?

¡rant|rant

Nice to do some refactoring of the whole data access layer of our core logistics software, let me tell an story.

The project is around 80k lines of code, with a lot of integrations with an ERP system and an sql database.

The ERP system is old, shitty api for it also, only static methods through an wrapper to an c++ library

imagine an order table.

To access an order, you would first need to open the database by calling Api.Open(...file paths) (yes, it's an fucking flat file type database)

Now the database is open, now you would open the orders table with method Api.Table(int tableId) and in return you would get an integer value, the pointer.

Now for the actual order. first you need to search for it by setting the search parameter to the column ID of the order number while checking all calls for some BS error code

Api.SetInt(int pointer, int column, int query Value)
Then call the find method.

Api.Find(int pointer)

Then to top this shitcake of an api of: if it doesn't find your shit it will use the "close enough" method of search.

And now to read a singe string 😑

First you will look in the outdated and incorrect documentation given to you from the devil himself and look for the column ID to find the length of the column.

Then you create a string variable with ALL FUCKING SPACES.

Now you call the Api.GetStr(int pointer, int column, ref string emptyString, int length)

Now you have passed your poor string to the api's demon orgy by reference.

Then some more BS error code checking.

Now you have read an string value 😀

Now keep in mind to repeat these steps for all 300+ columns in the order table.

News from the creators: SQL server? yes, sql is good so everything will be better?

Now imagine the poor developers that got tasked to convert this shitcake to use a MS SQL server, that they did.

Now I can honestly say that I found the best SQL server benchmark tool. This sucker creams out just above ~105K sql statements per second on peak and ~15K per second for 1.5 second to read an order. 1.5 second to read less than 4 fucking kilobytes!

Right at that moment I released that our software would grind to an fucking halt before even thinking about starting it. And that me & myself and I would be tasked to fix it.

4 months later and two weeks until functional beta, here I am. We created our own api with the SQL server 😀

And the outcome of all this...

Fixes bugs older than a year, Forces rewriting part of code base. Forces removal of dirty fixes. allows proper unit and integration testing and even database testing with snapshot feature.

The whole ERP system could be replaced with ~10 lines of code (provided same relational structure) on the application while adding it to our own API library.

Best part is probably the performance improvements 😀. Up to 4500 times faster and 60 times less memory usage also with only managed memory.

So this is my first experience of shitty code written by colleague

God, for REST API she used ?id=<int>
Not only that,
if the route was /cms

she used GET method for /cms/get/?id= to get single record and
/cms/getAll again in GET method to get all records

Damn

Debugged my scss for 4 hours only to find out that I use id instead of class in my template

case "addprem" : {

if (isGroup) return reply('This command can only be used in private chat!')
if (args.length < 2) return reply(`Kirim perintah : ${command} number|total`)
if (!q.includes('|')) return reply(`Incorrect usage, use the | . symbol`)
var numb = q.split('|')[0]
var total = q.split('|')[1]
var number = numb.replace(/[+| |(|)|.|-]/gi, "")
if (isNaN(parseInt(number))) return reply('Thats not your number😥')
reply('Success')
let addprems = [];
var object_buy = {
ID: pushname,
number: number,
session: total
}
fs.writeFile(addprems, JSON.stringify(object_buy, null, 3))
break
}

That time when I requested someone from a different department to include the ID row in their database excerpt. Me, having the lowest possible status in the company, did not know the who I wrote to was the boss over at the other department. So I ask straight forward: "Could you please include the ID row?"

Then a damn long email comes back stating that there was absolutely no time for stupid shit as mine. There existed no ID row and I would only waste his time. All further requests should be route via my boss.

So, fuck, he's pissed. So what he deserve? A shit load of honey right into his mouth, like he wants to.
That company had a huge ass hierarchy in job positions and I was at the bottom. So I write my oh-im-so-sorry-mail.

~I never knew what position he had and that I would of course fuck off with my stupid request.~

What was his response?

Oh, yeah, thanks. Have a look into the attachment, is that the ID row you requested?

Yeah, as one can guess, it was.
Stupid honeyfucker. Of course an ID row exists, duh.

We had a issue with a webstore that was only affecting users on Windows: one button didn't do anything.

The colleague that was working on the ticket was running Arch, and for him it was working as expected. He reported that the bug couldn't be replicated on Chromium, Firefox or qutebrowser. But our designer, who was running Windows 10, commented that it wasn't working for her in either Chrome or Firefox.

Some more conflicting reports later a colleague using Windows managed to fix it. It was caused by querying the button elements by id selector instead or a class selector. There was multple buttons, one for each product row.

I guess there just are platform differences that aren't specific to browser but instead the OS, that could have caused it

So when we started this project like 4 years ago... new to the framework, kickstarting lot's of forms with file uploads. Everything seemed to work fine, uploads and downloads worked..
First version of the project got deployed to prod and for weeks or so users have been registering and submitting stuff...

Only problem was: most files were overridden by consecutive uploads as our central upload lib stored files with the same name on disk (normally the ID of the db row was injected but most files were saved before the db row was - resulting in 0 IDs...)
Yeah so... that hurt :(

After waiting weeks and weeks for my account to be deleted (they asked for email to support for that, altough egistration takes 5s) I finally asked last time, this time using magical word "GDPR"

Got my account and data deleted under an hour and now their account settings page have delete account button. Even if it's this fake one which only changes email/id to prefixed one, still it was worth it.

I'm such a fucking idiot

I'm setting up an api and to prevent unwanted fields or circular dependencies from showing up I define what fields should appear in a few serialization yaml files.

These files define what fields should appear in a given context. The default context for every field is to always show the id, and only a call to /posts will give you all the fields of the posts for example. This means that if you retrieve a comment with a linked post, the post will only show up as an id, but the comment will have all its fields.

I've been struggling with a stupid problem for 2 hours, I could verify that the yaml files were loaded in, all entities had such a file and the configuration was exactly according to the docs.

Guess why my api calls still caused circular errors?

Because I forgot to do the $view->setContext$this->defaultContext); call that determines what context should be used for the response.

FUCK ME WHY DID IT TAKE SO FUCKING LONG TO FIGURE THAT OUT OMG

Google you say? Ofcourse I hunted google results! But I was unknowingly part of an XY problem and was looking for what the problem wasn't >:(

At least it works now, ugh

Having gone to a bank to reset a password again today (Yes, I forgot it for like... 3rd time, don't judge me, its my backup bank account I need to access like... once a year), I was once again made to think - I come in, give them my state ID by which they authorize that I can even make a password reset request.

Then they give me a tablet to... sign a contract addendum?

Its not the contract part that always makes me stop and think though - its the "sign" part.

I'd wager that I am not the only one who only ever uses a computer to write text these days. So... My handwriting got a lot jerkier, less dependable. Soooo... My signature can be wildly different each time.......

And if my signature varies a lot... then... what is the point of having it on a piece of paper?

I know its just a legal measure of some sort... And that, if it came down to someone impersonating me and I'd go to court with the bank, there would be specialists who can tell if a signature was forged or not... But...

Come on, the computer world has so much more reliable, uncrackable, unforgable solutions already... Why... Don't all folks of the modern world already have some sort of... state-assigned private/public keypairs that could be used to sign official documents instead?

It costs money, takes time to develop etc... But... Then, there would not only be no need to sign papers anymore... And it would be incredibly hard to forge.

The key could even be encrypted, so the person wishing to sign something would have to know a PIN code or a password or something...

tl;dr: I hate physical signatures as a method of authentication / authorization. I wish the modern world would use PKI cryptography instead...

Final step in application process!! 😆😆

Got a video call with manager and 2 others from department on Friday.

Also hilarious finding yesterday

I got an email from my cousin who's getting married, with the address and all that. Which I immediately looked up and weirdly recognized the area.

Turns out her wedding is a 23 minute walk from the building id be working at if I get this job.

Hilarious coincidence since the wedding has be 'in planning' or whatever it reffered to as for months
And I've been trying to get this position for like only 2 weeks

Just found the most embarrassing security hole. Basically a skelleton key to millions of user data. Names, email addresses, zip codes, orders. If the email indicates a birthdate, even more shit if you chain another vector. Basically an order id / hash pair that should allow users to enter data AND SHOULD ONLY AUTHORIZE THEM TO THE SITE FOR ENTRING DATA. Well, what happend was that a non mathing hash/id pair will not provide an aith token bit it will create a session linked to that order.

Long story short, call url 1 enter the foreign ID, get an error, access order overview site, profit. Obviously a big fucking problem and I still had to run directly to our CEO to get it prioritized because product management thought a style update would be more important.

Oh, and of course the IDs are counted upwards. Making them random would be too unfair towards the poor black hats out there.

Me: You decided some records in system A should be obsolete, but the records are tied to active user accounts on the website. Now, I have users emailing and asking why their profile’s last name field says “shell record - do not use.”

Stakeholder: Oh…can’t you stop those profiles from loading? Or redirect the users to the right record in system A? In system A, we set up a relationship between the shell record and the active one.

Me: 😵 Um, no and no. If I stop a user’s profile from on the website, that’s just going to cause more confusion. And the only way to identify those shell record is to look at the last name field, a text field, for that shell record wording. Also, the website uses an API to query data from system A by user id. Whatever record relationship you established isn’t reflected in the vendor’s API. The website can’t get the right record from system A if it doesn’t have the right user id.

Allright, so now I have to extend a brand new application, released to LIVE just weeks ago by devs at out client's company. This application is advertised as very well structured, easy to work on, µservices-based masterpiece.

Well either I lack a loooot of xp to understand the "µservices", "easy to work on" and "well structured" parts in this app or I'm really underpaid to deal with all of this...

- part of business logic is implemented in controllers. Good luck reusing it w/o bringing up all the mappings...
- magic numbers every-fucking-where... I tried adding some constants to make it at least a tiny bit more configurable... I was yelled at by the lead dev of the app for this later.
- crud-only subservices (wrapped by facade-like services, but still.. CRUD (sub)services? Then what's a repository for...?). As a result devs didn't have a place where they could write business logic. So business logic is now in: controllers (also responsible for mapping), helpers (also application layer; used by controllers; using services).
- no transactions wrapping several actions, like removing item from CURRENT table first and then recreating it in HISTORY table. No rollback/recovery mechanism in service layers if things go South.
- no clean-code. One can easily find lines (streams) 400+ cols long.
- no encapsulation. Object fields are accessed directly
- Controllers, once get result from Services (i.e. Facade), must have a tree of: if (result instanceof SomeService.SomeSubservice1.Item1) {...} else if (result instanceof SomeService.SomeSubservice2.Item4) {...} etc. to build a proper DTO. IMO this is not a way to make abstraction - application should NOT know services' internals.
- µservices use different tables (hats off for this one!) but their records must have the same IDs. E.g. if I order a burger and coke - there are 2 order items in my order #442. When I make a payment I create an invoice which must have an id #442. And I'm talking about data layer, not service or application (dto)! Shouldn't µservices be loosely coupled and be able to serve independently...? What happens if I reuse InvoiceµService in some other app?

What are your thoughts?

So working for a company and the dev team I’m apart of works on a legacy rails app. Technical debt is high, no automated tests, no proper routing and also running unsupported versions of the language.

I joined seven months ago and got the current team doing automated testing so that’s a plus, they bought this app four years ago and there’s been no language updates, testing, cleanup, security updates, nothing, just adding to bad code.

Now we’re looking to actually upgrade language versions, the language and the framework now this will cause a lot of stuff to break naturally due to how outdated it is.

So I started putting proper routes into place how things should of been when things were being built as we have some spare time I decided to go out of my way to clear up some of the technical debt to get ahead of the curb. Re-done an entire section of the app, massive speed improvements, better views, controller, model, comment clean up and everything exactly how it should be.

I push the PR,
*other dev* - “why are we doing all of these other changes”
*me* - “well to implement routes properly, we have to use the new routes I just did some extra cleanup along the way”
*today, me* - “can you lend me a hand with one of the routes the ID isn’t getting passed”
*today, other dev* - “this wouldn’t of happened if you didn’t redo all these files, let’s just scrap the changes”
…

Sooo, I’ve spend three weeks improving one section in the app, because I’m having issues with one route according to this dev I should scrap it? Wait come again, am I the only one in this team who cares about making this app better all round?

Frustrating…

Data wrangling is messy

I'm doing the vegetation maps for the game today, maybe rivers if it all goes smoothly.
I could probably do it by hand, but theres something like 60-70 ecoregions to chart,
each with their own species, both fauna and flora. And each has an elevation range its
found at in real life, so I want to use the heightmap to dictate that. Who has time for that? It's a lot of manual work.

And the night prior I'm thinking "oh this will be easy."

yeah, no.

(Also why does Devrant have to mangle my line breaks? -_-)

Laid out the requirements, how I could go about it, and the more I look the more involved
it gets.

So what I think I'll do is automate it. I already automated some of the map extraction, so
I don't see why I shouldn't just go the distance.
Also it means, later on, when I have access to better, higher resolution geographic data, updating it will be a smoother process. And even though I'm only interested in flora at the moment, theres no reason I can't reuse the same system to extract fauna information.
Of course in-game design there are some things you'll want to fudge. When the players are exploring outside the rockies in a mountainous area, maybe I still want to spawn the occasional mountain lion as a mid-tier enemy, even though our survivor might be outside the cats natural habitat. This could even be the prelude to a task you have to do, go take care of a dangerous
creature outside its normal hunting range. And who knows why it is there? Wild fire? Hunted by something *more* dangerous? Poaching? Maybe a nuke plant exploded and drove all the wildlife from an adjoining region?
who knows.

Having the extraction mostly automated goes a long way to updating those lists down the road.

But for now, flora.

For deciding plants and other features of the terrain what I can do is:

* rewrite pixeltile to take file names as input,
* along with a series of colors as a key (which are put into a SET to check each pixel against)
* input each region, one at a time, as the key, and the heightmap as the source image
* output only the region in the heightmap that corresponds to the ecoregion in the key.
* write a function to extract the palette from the outputted heightmap. (is this really needed?)
* arrange colors on the bottom or side of the image by hand, along with (in text) the elevation in feet for reference.

For automating this entire process I can go one step further:
* Do this entire process with the key colors I already snagged by hand, outputting region IDs as the file names.
* setup selenium
* selenium opens a link related to each elevation-map of a specific biome, and saves the text links
(so I dont have to hand-open them)
* I'll save the species and text by hand (assuming elevation data isn't listed)
* once I have a list of species and other details, to save them to csv, or json, or another format
* I save the list of species as csv or json or another format.
* then selenium opens this list, opens wikipedia for each, one at a time, and searches the text for elevation
* selenium saves out the species name (or an "unknown") for the species, and elevation, to a text file, along with the biome ID, and maybe the elevation code (from the heightmap) as a number or a color (probably a number, simplifies changing the heightmap later on)

Having done all this, I can start to assign species types, specific world tiles. The outputs for each region act as reference.

The only problem with the existing biome map (you can see it below, its ugly) is that it has a lot of "inbetween" colors. Theres a few things I can do here. I can treat those as a "mixing" between regions, dictating the chance of one biome's plants or the other's spawning. This seems a little complicated and dependent on a scraped together standard rather than actual data. So I'm thinking instead what I'll do is I'll implement biome transitions in code, which makes more sense, and decouples it from relying on the underlaying data. also prevents species and terrain from generating in say, towns on the borders of region, where certain plants or terrain features would be unnatural. Part of what makes an ecoregion unique is that geography has lead to relative isolation and evolutionary development of each region (usually thanks to mountains, rivers, and large impassible expanses like deserts).

Maybe I'll stuff it all into a giant bson file or maybe sqlite. Don't know yet.

As an entry level programmer I may not know what I'm doing, and I may be supposed to be looking for a job, but that won't stop me from procrastinating.

Data wrangling is fun.

So first rant, here goes weirdness, and also lengthy rant

So in my company we have the hr and accounting managed by the same person which also deals with all things employee related and she had a need for a way to extract a birthday from, what is in our country the personal identification number, things go great i get a formula that performs parts of the magic up to the point where the first digit of the number dictates the gender and century to be used when forming the full year, mind you only the last two digits of the year are in plain within the id number so i thy a number of ideas. After bashing around google sheets for a while ( i've got open office installed and formulas don't export well to the excel that person uses but google sheets does so i built it there).

First idea : make a few conditionals to check for the value so we have 1 and 2 for 19th century, 3 and 4 for 18th century , 5 and 6 for 20th so i go ahead and write my conditions and they fail, all evaluates to false, it cascades through the else variants up to the last one so i'm wondering if the "if" itself doesn't support the or operator, seems it does, next i think it's the bloody condition written wrong so i reevaluate my logic in php in a test script, it works as intended, then i think ok not the right function called, let's see the docs, docs confirm i'm doing it right but what was wrong was the way i was getting that first number, using left seems to produce a string although the base thing is a number, now i start searching how i can cast it, like you would normaly do when the data type is fried, value function appears to be the solution but it isn't working....now i'm thinking "ok so i have a value and different things to print out so let's look for a switch, maybe it can understand that" switch function found under the form of choice, i get it sorted but am stuck wondering why the heck was the if and value combination not working.

Simple answer to that : value doesn't work well with function results, a known bug listed by someone in a comment, a comment i have failed to read for about 45 minutes of trying to understand.

All in all it worked well for the person asking for it so it's nice.

So a while back I had found a hole in a website's security, one that I has used pretty frequently. I was able to change my cookies and become any user I wanted. The only caveat was that I had to log in as a user in order to get things started. But once I was in I could basically be anyone I wanted to be just by changing a few numbers in the user ID of the cookie. They also did all of their user processing on the client side. Even password checks.

A couple weeks back I decided to go back in to see if anything had changed since then. It did! But not in the way I had thought.

So these guys decided that instead of fixing their security hole, they would have users just contact their people directly in order to get a new account.

Wow that's so much fucking overhead for basically being a lazy shit and not fixing the security holes. I mean how bad is your architecture if you can't go in and fix this?

Not only that I found that they actually stripped all of the users of their original subscriptions. So now if you want to get back on your subscription you'll have to fork over another $399. So that means going to their shitty form filling out your name, your number, email, and just hope that someone contacts you via phone call.

I'm glad I dropped this service. They clearly can't get their shit together.

Ok... so I have a unique question/opportunity. I can't give all the details but here's the jist:

3yrs ago I was hired to consult a now prominent(still decently well known then) web-based company with many thousands of users, dealing with a lot of money and leveraging a social environment. They had several issues but initially they really needed me to find/train chat mods.

I did not take the offer for monetary reasons, like all consulting I've done, I had additional reason and/or fondness to fix the issues. In this case it was an interesting challenge and I knew several customers and some support staff so it'd be worthwhile.

They (without request) reduced their typical 2mo probationary period to 2wk for me. With less than a day left of that period, I was 'hacked' via a pushed telegram update, on the account they made me create for work purposes (they had control of the phone number not me).

During this 'hack' one of the 2, currently active, culprits sent a message to his tg account from the 'hacked' one and quickly deleted the entire convo. The other pretended (poorly) to be me in the chat with the mods in training (at least a few directly witnessed this and provided commentary).

Suddenly, I was fired without any rationale or even a direct, non-culprit, saying anything to me.

The 'hack' also included some very legit, and very ignorantly used, Ukrainian malware.

This 'hack' was only to a 2nd gen lenovo yoga I got due to being a certified refurbisher... just used for small bs like this chat mod/etc job. I even opened up my network, made honey pots, etc., waiting for something more interesting... nope not even an attempt at the static ip.

I started a screen recording program shortly after this crap started (unfortunately after the message sent be 'me' to the dude who actually sent it happened... so i still dont know the contents).

I figured I'd wait it out until i was bored enough or the lead culprit was at a pinnacle to fall from...

The evidence is overwhelming. This moron had no clue what he was doing (rich af by birth type)... as this malware literally created an unhidden log file, including his info down to the MAC id of his MacBook... on my desktop in real time (no, not joking... that stupid)

Here's my quandary... Due to the somewhat adjacent nature of part of our soon to be public start-up... as i dont want it to turn into some coat tail for our tech to ride on for popularity... it's now or never.

Currently im thinking, aside from any revenge-esq scheme, it'd be somewhat socially irresponsible to not out him to his fellow investors and/or the organisation that is growing with him as one of few at the forefront... ironically all about trust/safety/verification of admins in the industry.

I tried to reach out to him and request a call... he's still just as immature. Spent hours essentially spamming me while claiming it wasnt him but hed help me find whoever it was... and several other failed attempts to know what i had. When i confirmed he wasnt going to attempt a call, i informed him id likey mute him because i don't have time for back and forth bs. True to form he deleted the chat (i recorded it but its of no value).

So... any thoughts?

#justAthought

I was reading about public and private keys yesterday, and i had a thought: don't you think the concept of "username" is being so badly misused?

It can act as a great firewall, but we are just misusing it as an alternative to "login via email", because we are now so dumb to remember our email.
You might think of my rant as being going back in time, but think about this: my profile shows the name titanlannister. if someone got access to my password, he/she can immediately take over my complete identity because devrant allows us to login via username/password combo.

Now think of this: my username shows titanlannister. Anyone of you can write a post and mention me via @titanlannister, and this system will notify me. However even if you get my password, you are unable to hack into my profile, because my profile is only accessible via my email id/password combo, which you still don't know.

This, I would call as Platform Public Key which adds a kind of semi firewall over default public/private key combination .

What do you think?

German public service digitization. Websites celebrating the new "digital functionality" of the federal ID card, but if you need to prolong the actual card, you have to visit a public administration center in person, no way to prove your existing valid ID in a zoom meeting although that's de-facto standard accepted even when opening a bank account, plus they have all of my data so they should know I have a valid ID and they could just send the new one to my postal address.
So I have to appear in person at their offices, so I need an appointment, but in times of covid pandemic, appointments are rare and only offered on a day-to-day basis in my hometown, that's why I have to visit their online appointment web app at 7 a.m. in the morning to grab one of the few appointments when they are released.
Don't tempt me to write a script that squats all the other appointment slots to resell at the highest prices...

Situation reminds of the times when it was even harder to get a vaccination against covid, and the media kept reporting about the minority that refused to get vaxxed, so they didn't have to admit there wasn't enough vaccine anyway.

This rant is not about politics, it's about the failure of bureaucracy, but if it was about politics, I would just quote Rezo that it shows who had governed this state for sixteen years.

When I rant about German internet connectivity, people usually reply that the web is much better in Taipeh, Bangalore or Guadalajara, so I can still have some hope that it's not all of the world that's totally lost.

So give me some hope, folks.

Let's pick a datepicker for the project. Me: jquery-ui ? Supervisor: No something better.
Jquery-ui: any css selector, standard date format masks (dd/mm/yyyy or mm-dd-yyyy....), Opens if the field is access using Tab key
Something better: only Id selector, custom date format mask ( %d/%m/%Y ...), Tab does not work

When everyone on YouTube has interfaces that definitely do NOT appear to you :/
I was supposed to create my pixel, give it a cute lil name and then test events ( Facebook ).
But NOOO ofc I would get a ton of issues in the process, everyone is able to connect their pixels safely but it took Facebook more than what, 4 days now ? To kindly inform me that:
Server external ID not matching to pixel external ID
You're sending the external_ID parameter for your PageView event from your server, but you're not sending the external_ID parameter for this event from your pixel. If you send external_ID for an event from your server, you must send it from your pixel as well in order for that event to be valid.
How am I even supposed to know how to fix that ! I just started learning programming, the only thing I know how to do is use Linux and write a ciao mundo C program. Now my store was supposed to be launched a week ago and I am still looking for solutions to this. Ugh.

This, thankfully, I didn't create myself. A shop I recently ordered something from had the worst username / password default combo.
After registration they gave you a default Password, your zip code. And your unchangeable username is your customer id, a five digit number which just increments for each new user. And because it is a shop which is only used by people of the same region there are maybe 10 different zip codes.

So we develop several apps for Android.
And since the whole company is full of .Net developers we´re using Xamarin.
That piece of software alone is worth more than one rant.

But today someone called and said he updated to the latest version he got from our server.
But now one of the menu points in the settings menu is opening the wrong mask.

I´m like ... what? Who fucked that one up now. Ok...
I look at the code and, I didn´t expect it to be honest, but it looks alright.
The menu point has the correct id. The function "OnOptionsItemSelected" looks for the correct id and opens the correct activity.
Just to be sure I also check the activity.
Everything good.

So I start up an emulator. Deploy the app in debug. Works correctly.
Create a self signed apk and install it on the emulator. Works.
Repeat the same with a tablet and my personal phone. It works.

Then I install the apk from the server and would you look at that.
It opens the wrong mask.

So it seems only if the app is compiled on the release server it shows that strange behaviour.

And for the love of my 1080ti I can´t figure out what causes it...

Thank you Xamarin!

Don't people learn the basics of how things work anymore ?!

I am cleaning this project, where some juniors have implemente a lot of the code.

Apparently, the way of deleting an entity from the database is:

1) SELECT the entire row and cast it to a model class

2) CONVERT that model class to a DTO class

3) READ the Id property from the DTO class

4) SELECT the entire row, again, and this time cast it to a DTO class

5) CONVERT that DTO class to a model class

6) Use you pancy-pants ORM delete method using the entire model class as input argument..

FUCK YOU !

inb4 what about reference checks ?
- Nope. That is done separately using only the Id

inb4 what about checking if someone else has altered it before deleting
- Nope, the entire entity is not used for that either.

So after waiting 3 days for an ID to get into a computer, I'm now told it's going to take 12-14 hours before I can do online security training just so I can actually start working. I'm only at this job for a month and I'm not going to even touch any real work at this rate...

Oh well, at least I'm paid by the hour, not by the amount of work

What does my current job hate descriptive names? Like to the point of active antagonism? We're a subscription based service. Why is SubscriptionExpiration the date you log in? Why does SubscriptionStatus only contain the name and id of product you're subscribed to and nothing to do with an actual status? All I need is the date a user subscribed. Why is this so hard!?!?

i never knew id reach that point when i need to take a break from programming and everything that has been causing me so much stress for the past few days. and to be honest, it actually feels great to be focused on only one thing instead of stressing out on different projects and debugging them all at once.

in a few days, ill prolly go back to programming some side projects. its not like i can keep myself away from them...

programming is like a magnet for. that magnetic force is growing stronger day by day and im being pulled closer to it. im happy about it except for some occasions when i get too stressed.

We had made an api which had endpoints for each different domain model, so /user, /company, the usual. Beyond being restful they all had basic filtering and pagination.

We also had an endpoint to return an entity from any set based on guid for when you needed to attach the related entity to notifications and logging and such.

We received a bug report on how you couldn't use filtering or pagination on this endpoint, and after weeks of asking what they need it for we just had to implement it.

You can imagine how non-trivial it is to "just" filter across different datasets, but we eventually got it working so now you can get a user via /user/123 or /entity?type=user&id=123. They only use it for one type and id at the time.

rant

Damn Google, Damn Google Play, Damn Adsense, Damn Admob...
So finaly uploaded my first app to the Playstore. took 5 minutes to make, 25 to ad an Admob module, and a day to get the ad to show...
Now I have to wait 6 hours for my new id (cause I chose the wrong kind of ad) to show and know If it will show on the App...
Luckly The App only has one download so far... mine lol

Control your searches like an ADULT damn it!!!

So we have records that can have any of a bazillion different reference numbers associated with them. No big deal. Everyone does right?

Our customer's love to run reports and so we have this one option for "just look at a hell of a lot of reference numbers". I call it the 'fuck all' search.

Really it is just there to find something that you don't know where a rando string or number might be in the record and just want to do a "fuck all" search across a number of likely fields to find it... and then presumably you'd be an adult and refine your search from there. LOL yeah right...

Customers get lazy and include that stupid option in their reports and we get a lot of.

Customer: "I always run this report (that includes the fuck all search) and now it isn't working. I want records that have ID 2222."

Me: "Yeah well that was only working because you were rando typing '2222' in like several fields and it would find those .... but now you quit doing that so it won't find them. If you want ID 2222, click the drop down and search by 'ID'. That will find it right away."

Customer: "But I want to just search by 'fuck all search' to find it..."

Me: "But then you get all these other records too right?"

Customer: "Yeah but I just delete them out of the spreadsheet ... "

Me: "Look watch this <screen share> there, look all records with an ID of 2222 and no more extra records you need to delete!!! How great is that?"

Customer: "But why do I have to do it this way now, I want to do it the old way..."

ಠ_ಠ

(granted I could add their ID to the fuck all search but we try to avoid adding too much because it gets out of hand / stops being useful the more fuck all it gets)

Still remember the first time I started writing style sheets, the biggest confusion was why do they use an id where we can always use a class.

Now I know why. Only you are your identity, but there may be many people of the same class. :)

Sometimes in our personal projects we write crazy commit messages. I'll post mine because its a weekend and I hope someone has a well deserved start. Feel free to post yours, regex out your username, time and hash and paste chronologically. ISSA THREAD MY DUDES AND DUDETTES
--
Initialization of NDM in Kotlin
Small changes, wiping drive
Small changes, wiping drive
Lottie, Backdrop contrast and logging in implementation
Added Lotties, added Link variable to Database Manifest
Fixed menu engine, added Smart adapter, indexing, Extra menus on home and Calendar
b4 work
Added branch and few changes
really before work
Merge remote-tracking branch 'origin/master'
really before work 4 sho
Refined Search response
Added Swipe to menus and nested tabs
Added custom tab library
tabs and shh
MORE TIME WASTED ON just 3 files
api and rx
New models new handlers, new static leaky objects xd, a few icons
minor changes
minor changesqwqaweqweweqwe
db db dbbb
Added Reading display and delete function
tryin to add web socket...fail
tryin to add web socket...success
New robust content handler, linked to a web socket. :) happy data-ring lol
A lot of changes, no time to explain
minor fixes ehehhe
Added args and content builder to content id
Converted some fragments into NDMListFragments
dsa
MAjor BiG ChANgEs added Listable interface added refresh and online cache added many stuff
MAjor mAjOr BiG ChANgEs added multiClick block added in-fragment Menu (and handling) added in-fragment list irem click handling
Unformatted some code, added midi handler, new menus, added manifest
Update and Insert (upsert) extension to Listable ArrayList
Test for hymnbook offline changing
Changed menuId from int to key string :) added refresh ...global... :(
Added Scale Gesture Listener
Changed Font and size of titlebar, text selection arg. NEW NEW Readings layout.
minor fix on duplicate readings
added isUserDatabase attribute to hymn database file added markwon to stanza views
Home changes :)
Modular hymn Editing
Home changes :) part 2
Home changes :) part 3
Unified Stanza view
Perfected stanza sharing
Added Summernote!!
minor changes
Another change but from source tree :)))
Added Span Saving
Added Working Quick Access
Added a caption system, well text captions only
Added Stanza view modes...quite stable though
From work changes
JUST a [ush
Touch horizontal needs fix
Return api heruko
Added bible index
Added new settings file
Added settings and new icons
Minor changes to settings
Restored ping
Toggles and Pickers in settings
Added Section Title
Added Publishing Access Panel
Added Some new color changes on restart. When am I going to be tired of adding files :)
Before the confession
Theme Adaptation to views
Before Realm DB
Theme Activity :)
Changes to theme Activity
Changes to theme Activity part 2 mini
Some laptop changes, so you wont know what changed :)
Images...
Rush ourd
Added palette from images
Added lastModified filter
Problem with cache response
works work
Some Improvements, changed calendar recycle view
Tonic Sol-fa Screen Added
Merge Pull
Yes colors
Before leasing out to testers
Working but unformated table
Added Seperators but we have a glithchchchc
Tonic sol-fa nice, dots left, and some extras :)))
Just a nice commit on a good friday.
Just a quickie
I dont know what im committing...

The only way to keep a community pure id to have a coomunity votr kick button!!!

Making a hard switch to ubuntu on my desktop at home. Getting just a teeny tiny, tad, bit: absolutely fucking livid....

Trying to learn ansible, vagrant, and docker more in depth for both work and my personal projects. All that I’ve been doing is just spinning my wheels trying to figure out the stupid fuck-mothering quirks with running this shit on Windows. Yes you absolutely can use all of these tools on a Windows box. There’s plenty of ports, patches, and workarounds. But I have spent all day trying to build a few vagrant boxes and use ansible to set them up. Simple LAMP stack boxes on CentOS7. Nothing major... unfortunately I spent like 90-110 minutes trying to figure out why virtualbox wouldn’t run properly. Dumbass me forgot that I installed Hyper-V ages ago.

O...K.... whelp... hyperv provider it is...

Luckily it only took about 15 minutes to determine that Hyperv’s networking can’t be setup from vagrant because vagrant doesn’t know how to interact with the hyperv - vswitch. So networking config is ignored and all VMs run on default switch (NAT) which is annoying but workable.

Ran into other issues trying to stay SSH’ed into the VM. PowerShell core (6) ssh’es into the box perfectly fine, but every time I opened vi to edit configs my terminal color scheme and fonts got fucked harder than a 2 dollar hooker on nickel night.

I’m a bright-green text on black background kinda guy. However the terminal kept changing to bright-red text on white background! It was like getting skull-fucked by a minotaur.

After a while I said fuck it, let’s try putty. Vagrant was using it’s own ssh keypair for the boxes, at work on my mac. Works like a dream. Putty failed me hard and shit the bed, kept getting all kinds of keypair errors. At this point I was finished spent too long trying to make shit work correctly on this jankbox. With enough time and patience I probably could’ve figured all of these problems out. I’m certain that at least 70% of them were caused by user error. I’m known by many as the walking ID-10t.

But alas, I have no time left in the day to fuck around with shit that doesn’t work immediately for morons like myself. My only hang up for the longest time with a complete switch to Linux was gaming. But with Proton and WINE I’m comfortable with giving it the ol’ college try. (Shhhh, don’t remind me I dropped out of college...

...Thrice.)

The gamble here is that I’ll give more than 2 halves of a fuck about trying to get my games working. A Study environment and materials for certs and general training won’t be getting anywhere near my full attention.

So, at long last, I hope this attempt at a full *nix switch finally sticks!!!

👾

So i got this service i made for fun and learning. Theres many providers in it for money, not me, only a little (lets not lie to ourselves).
Id just like to have a handful of happy clients to make it pay for itself so i dont lose money.
I have no idea how to advertise or gain clients. Those potential clients i cling with are from US and the server is in EU, and i wont convince anyone to buy something i wouldnt buy myself.

I suck at marketing.

Fucking hell. So, I had an interview with market research company and in said interview I got told to bring my passport to my first shift training and it was ok if it was 5 years out of date. Additional info, they were supposed to call us on Thursday to book said shift and send us an email with a information pack. They never did.

Ok, day of shift comes along. After I booked it because no one fucking bothered to call any of us. Email never arrived but whatever. I go to the place and bring my 3 years out of date polish passport... Big fucking mistake. They don't seem to like polish passport seeing as how it's only the British ones that get the out of date is okay thing. So I'm sitting there still calm because sure, company policy, they have to do it. The training guy was nice and all, offered to get me to their office to speak to them about it. I accept and off we go.

At the office, I basically get the information that it's only British passports that get it and I basically can't use anything else as proof of ID, which is funny seeing as I have a polish identity card that I can leave and enter the country on within the EU. I suppose I'm going to try looking for a job that doesn't require passports for now and if I find a good one then they can go get fucked by a bull for all I care.

In conclusion, I get to wait till I'm 18 (thankfully only a month) to apply for a new passport in the local polish consulate. Brilliant. All thanks to some cunt that decided they require fucking passports with such beautiful (note the sarcasm) rules. The fucktards.

Hoping the apocalypse comes early for these cocksuckers,
BadFox

Fantasizing about stabbing SharePoint in the throat, I'm being forced to contact Microsoft tech support, so I need to obtain our software assurance account info.
Our company's rep sends me our SA account numbers (assuming that was all I needed) and the link to create an incident.

Step through Microsoft support ticket 'wizard' which ends with requiring a login with a Microsoft account.

Me: "What login account should I be using?"
Rep: "You shouldn't need one. Just use the SA account number and access ID I sent you."
Me: "There is no entry for those values. I step through a support 'wizard' and the final page redirects me to the Microsoft login page."
Rep: "Use your work email address."
Me: "I can, but I shouldn't have to use my personal outlook email address. Can I just send you the issue and you submit the ticket? After the ticket is created, all the correspondence will be through email anyway."
<30 min. later>
Rep: "I just linked your work email address to your company's account. You should be able to login now."
Me: "Same error. I think you're messing with me."
<30 min. later>
Rep: "Select the option to create an account with your own email."
Me: "Now I know you're messing with me. Already tried that and received the error 'You cant sign up here with a work or school email address'."
Rep: "Weird...I guess Microsoft changed their policy."
Me: "So now what?"
<1 hour later>
Rep: "You might have to send me your SharePoint issue and I'll get a ticket created. After the ticket is created, I'll change the contact email address to you."

WHY DIDN'T YOU DO THAT TWO HOURS AGO!

Whew! Thanks devRant...that's better. I put the knife down and now only want to punch SharePoint in the face.

When asked if i will code for stock options or profit shares, i might remind the prospect that in most countries, i would own the entire codebase if working for no pay. Most work for hire agreements put ownership of the system and code into the paying clients name, as i understand it. so if youre not collecting pay, you would own (possibly the only copy of) the code. If that doesnt scare the client away, maybe i should remind them id be legally allowed to sell the code to their competitors. Then do so if i see a bettrr paying client (i.e. any paying client) If anyone knows if im making legal sense id appreciate it.

When you are trying to write event handlers in JavaScript and nothing is working so you spend hours and hours trying to figure out what the fuck is wrong with your js code only for it to be a duplicate id. Fuck sake. I really wish JavaScript warned you about duplicate ids, but then again that's what you get for using such a weakly typed language.

So i'm a laravel dev and i love it. However one thing that only seems to happen late at night is when working with Eloquent i always end up putting () when working with relationships.

Last night i spent about 2 hours messing with

public function members(){
return $this->hasManyThrough(
'App\Member', 'App\ConversationMember',
'conversation_id', 'id', 'id'
);
}

only to find out i was calling it via
$conversation->members() instead of $conversation->members

This morning when i opened up the IDE i immediately figured out what i was doing wrong.... sometimes burning the late night oil is counter productive i guess you could say

something id like to yell at my company:

if u only cant afford to take a certain team to team lunches because its getting too big, stop recruiting for fucks sake. it was literally the coolest perk🤷‍♂️

Tonight I learned that none of our automatically installed systemd-based servers had the /etc/machine-id created, and that that file used to be pretty central in the systemd world.

So that was the warning at the beginning of the boot log about a missing /etc/machine-id! Though until today, everything still worked fine. Only today, the machinectl utility was unable to find the local machine with the machine id missing.

Oops? At least I'll have stuff to fix tomorrow lol.

Another part of messy network gone.

Caching fucked me hard....

Isn't it just lovely that nowadays you need to nearly wipe a machine to get it from claiming stale data....

And thanks to DNS, HAProxy -/ service names / ... I think I know now why the curse of babel is so powerful.

When you have to think for 2 mins to make sure you've set the zone's right, cause otherwise you need to ProxyJump with SSH through more tunnels than imaginable (VPN/HO) to fix possible caching on several DNS servers.... You'll realize that it's russian roulette with too much bullets. :(

And If a monitoring service asks another monitoring service for status information which asks the first monitoring service which then asks the second monitoring cause you were too late...

You'll get very funky monitoring statistics.

Too slow, had to nuke it (mismatched a DNS name, the second monitoring service should have been a service node).

I think I've had more near death scenarios in the last 2 weeks than I like.

Hopefully I'll never have to do that again.

(Splitting and reordering a few dozen VLANs, assigning proper DNS names, loadbalancer migration....)

Ok so I tried apple
And I hate it. The only Apple product I loved was iPod Shuffle that small little dumb box... That was love

And now, for the iPhone, I will now continue hating it. How do you guys manage to like it? I'm fucking stuck on making an Apple ID since morning. It is fucking showing a hell lot of errors one by one as I go on trying

BTW good news coming up after 2hrs

I just completed this heartfelt and sincere little cry for help on another ste but it wasn't verified because I'm not special enough to format it like a PAD, whatever that means. I cannot seem to simply burn music files anymore. I'm using a Samsung laptop Device name DESKTOP-AII2T2S
Processor Intel(R) Core(TM) i7-2675QM CPU @ 2.20GHz 2.20 GHz
Installed RAM 8.00 GB
Device ID D766A89B-5671-4D9F-B6F9-2D884E9EA309
Product ID 00326-10000-00000-AA880
System type 64-bit operating system, x64-based processor
Pen and touch No pen or touch input is available for this display
Edition Windows 10 Home
Version 20H2
Installed on ‎09/‎08/‎2020
OS build 19042.928
Experience Windows Feature Experience Pack 120.2212.551.0

The music is a combination of commercially relased material as well as bootleg recorded material.

I am not looking for a "This is Why We Can No Longer Burn Our Music Files" Intro. All you need to tell me is the corporations that eat the world are protecting their copywrighted music and I must be up earlier and eat bettter breakkie than those individuals. That I can handle. Although I'm not a dev, I'm sure you can understand the feelling after you have worked for hours on attempting something, only to discover your effort has been in vain (much like my former relationships). Again, if you can give me any direction aside from hanging it up and attempting to find happeniness elsewhere, sock it to me. I deserve it. Thanks.
11 years ago when I used a Macbook putting together a playlist, inserting a blank CDR, and burning the file onto the CDR was very easy. I\'m am now faced with hurdles I sometimes scale, only to fall on my face.
I\'m not stupid, or uneducatated about flac, blah blah. I learnt it all myself. I\'m now using a windows operating system. Afew weeks ago I was able to burn what ever I pleased and it was OK.
Then one day, it just wouldn\'t do it. I was following no altered procedures. Since then it\'s been misery. I remember that ocenaudio once burned music files for me.
I don\'t know how to go about retrieving an instruction manual that will take me step by step as to how to do this.

You help would be appreciated.

Cheers,
Jonno

I've been lurking here since 2017 when my Macbook died. I've always enjoy the level of sanity and have attempted to add my jaded, distant and nihilistic spin on a few threads. It won't destroy me if I can't burn files anymore, I'll just go back on heavy tranques and change my name to Ben Zo. Dia Za P.een

Fuck Kibana and their latest update. Want to change timeframes? 5 fucking clicks to get there. Changed the query and the timerange? 'update' will only have you looking at the new timerange for the old query which is confusing as fuck if you don't realise it. So you need to click 'update' a second time.

So many times i've been staring at the wrong logs after changing correlation ID and time range just pulling out grey hairs trying to understand what the fuck is going on.

Work! Terribile doubt about our project 😭i will leave this company if we do not come up with an adult solution 😔

We are working for another Company, they asked to add a web app to their project.

We made frontend and backend, we make user auth to their api, then call their api (place order, get orders etc), passing their auth token to their services.

Which Means that our endpoints are not really protected (i think) and if we add an endpoint that does not use their api, the only way to secure them Is to take the token, validate It by calling for example get /order of the api and if It fails just discard the request....too slow?

my colleagues do not want to put a serious auth they Just want to use the company api and leave the rest open...

And the customer Just asked to use some other api functionality, but that api has another auth... How do we pur them togheter? The last api want the id of the user to do machine ti machine auth

It Is my 6th month here no one thaught me anything, i think i'll Just leave ..or am i Just experiencing the developer Daily work?😔

So, I just (few hours ago)made a new variable that's either brilliant or innately flawed... not sure yet. It's an oddly unique var...

__bs__

So far I only made it in python and windows env (i script like the methodology of css).

I bet you're wondering how I've defined __bs__ and the practicality of it.
__bs__ is derived from a calculated level of bullshit that annoys me to tolerate, maintain, etc. as well as things that tend to throw nonsensical errors, py crap like changing my strings to ints at seemingly random times/events/cosmic alignments/etc or other things that have a history of pulling some bs, for known or unknown reasons.

How/why did this come about now?

Well I was updating some symlinks and scripts(ps1 and bat) cuz my hdd is so close to death I'm wondering if hdd ghosts exist as it's somehow still working (even ostream could tell it should be dead, by the sound alone).

A nonsense bug with powershell allowing itself to start/run custom ps1scripts with the originating command coming from a specific batch script, which worked fine before and nothing directly connected to it has changed.

I got annoyed so took an ironic break from it to work on python crap. Python has an innately high level of bs so i did need to add some extra calculations when defining if a py script or function is actually __bs__ or just py.

The current flavour of py bs was the datetime* module... making all of my scripts using datetime have matching import statements to avoid more bs.

I've kept a log of general bs per project/use case. It's more like a warning list... like when ive spent hours debugging something by it's traceback, meticulous... to eventually find out it had absolutely nothing to do with the exception listed. Also logged aliases i created, things that break or go boom if used in certain ways, packages that ive edited, etc.

The issue with my previous logging is that it's a log... id need to read it before doing anything, no matter how quick/simple it should be, or im bound to get annoyed with... bs.

So far i have it set to alert if __bs__ is above a certain int when i open something to edit. I can also check __bs__ fot what's causing the bs. I plan to turn it into a warning and recording system for how much bs i deal with and have historical data of personal performance vs bs tolerance. There's a few other applications i think ill want to use it for, assume it's not bs itself.

*in case you prefer sanity and haven't dealt with py and datetime enough, here's the jist:
If you were to search any major forum like StackOverflow for datetime use in py, youd find things like datetime.datetime.now() and datetime.now() both used, to get the same returned value. You'll also find tons of posts for help and trying to report 'bugs', way more than average. This is because the datetime package has a name conflict... with itself. It may have been a bug several years ago, but it beeb explicitly defined as intentional since.

In the modern world, a human is not a human. The human is only human if they have ID, passport, insurance, bank account, credit card, facebook, covid certificate. Otherwise you’re nothing

So I'm sitting here trying to bodge my way through a member system. These fucknuts really made a bad system..

The task: Export a list of users and their info.

Is there an API available? No, who the fuck would need that shit, even tho the system is built upon Odoo, which has an API!
But it has an export function, you just have to log in and press the right sequence of buttons, because you need the running ID...
Here I discovered the first of many security flaws... "What happens if I post the wrong ID?"... Well, I get access to a file that has nothing to do with me or my users.... What?
Well after some fiddling It works, but holy fuck I found a lot of bugs. And this is a system that is launching in 7 days for us.. Some users have been on it for a year....

How can they ship this bad a product? There's absolute no documentation only a 15-page manual. Guess they don't want developers to develop shit that works in junction with theirs.

Ok. I GIVE UP! ...for at least a couple hours...

I'm not a big believer in... well anything suitable to the literal definition of believe. But there's only so much 'wtf? How is this even possible?' and any answer u can come up with is nearly statistically impossible...

I am a neuro-atypical (and just extremely atypical even if i somehkw was neurotypical) being, based on logic, finely calculated statistical probability and the most raw data and as unbiased as realistically possible, algorithms and interpretation (usually recursive pattern recognition with several highly detailed historical sources.

...but at some point statistical improbability and a collation of separate, yet relatively closely occuring events/circumstances makes logic, itself a primary suspect of corruption.

What was the breaking point that caused me to (temporarily) give up and tell logic to f off for a bit cuz maybe the illogical and mythical is the real logic, leaving me in a losing battle with 'the' fates?

Trying to get all my sourcing/purchase orders in/paid for/on the literal boats b4 end of the workday/week in china...
1st, had to drop a supplier cuz they have limited reps. When the one ive had 7+ years left, i got the aloof blonde girl societal trope of a rep... who for the 2nd time (despite the several very blunt complaints above her, incl me) she sent out a promotional update to the entire client list (ie, inherently competitors) as CC not BCC... over 200 business email accounts with tailored info of their sourcing.

2- totally diff company/ industry a former rep i was glad be rid of apparently just sfarted back for "awhile" as i needrf to restock/scale...apparently she forgot everything we discussed at length... lke if you want a chance on my business im not gonna be wasting time looking through your gui "mini store to then inquire about everything individually insead of a simple spreadsheet(which i print and put in a 3-ring binder rotating current catalogues in the same format i require everywhere)

3.dog was an ahole, my packed schedule got delayed and morphed.. a bunch of little bs thatd normally have no extra thought impact, hyperfocused forgetting one of my alarms til i realised my idiopathic fever was back and i didnt take/apply meds (pain/muscle relaxers mainly so despite this odd free time and needing to shower. I gotta sit on my rear, leg elevated/non-productive far 40min b4 i can shower (as functional legs and lack of syncope is almost a req to shower)

4. A new-ish rep of a company/factory i like/respect enough to not mention in relation... he makes invoice 1.. slight error thst was easily resolved...#2 was flawless... he goes to officially generate the contract(alibaba... verrrry simple with lots of extra explanation buttons). Price and all items match, its near workweek end so i was waiting for it so i could quickly pay/have it on the boat b4 it left and few fdav days are behind...

I put in card info, get to the 2 cbeck boxes (imo should be only 1 but whatever) asking if billing address is same ss delivery(its always default yes)... then i see a few lines in chinese (i can read enough for business negotiations... typical words/sentences innately look different than things like individual letters/address and postal indicators.) After a few loops of double checking, mentally trying to dismiss my i Intial judgement cuz it'd be too ridiculous... even resorted to google .... nope... initial wtf was spot on... recipient name/address was indeed the company(multi factory producer)i was purchasing a wholesale, via sea freight, bulk of products from.

Im pretty sure the system would've flagged it as an invalid contract within an hr... but seriously... ive been handling alibaba (and other) international sourcing since before high school(mainly small businesses i made sites/little tools for that found anything with a light up screen intimidating) and a purchase then shipment to the originating company/factory actually entered into a contract(the form is sooo simple)... im faced with ridiculously improbable obstacles actually existing and changing in such nonsensical statistically improbable ways so often that 1. I wouldn't trust a dr (or most humans) that didnt 1st assume i was crazy of some form...unfortunately im not, despite hkw much simpler and probable itd be 2. Id be super suspicious/converned if statistic norms were my norm for over a day.

But seriously wtf???

Someone give me some wisps of a frame of ref here... where's a typical 'fuck this, im out!' Breaking point?

So as part of my news years resolution, I thought id build an app and I thought I would build it in vue.js and native script with a shared codebase, I've started with a fresh project and already I have an error, one that I've not caused, this is in router.js. see if you can spot it.

module.exports = (api, options) => {
require('@vue/cli-plugin-router/generator')(api, {
historyMode: options.routerHistoryMode
};
export default new Router(options);
}

When I've fixed the syntax error, I then get, the error:

/src/router.js: 'import' and 'export' may only appear at the top level (5:0)

This is when I run "npm run serve:ios"

if anyone has encountered this, please let me know how you fixed this.