Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "idea validation"
-
Root gets ignored.
I've been working on this monster ticket for a week and a half now (five days plus other tickets). It involves removing all foreign keys from mass assignment (create, update, save, ...), which breaks 1780 specs.
For those of you who don't know, this is part of how rails works. If you create a Page object, you specify the book_id of its parent Book so they're linked. (If you don't, they're orphans.) Example: `Page.create(text: params[:text], book_id: params[:book_id], ...)` or more simply: `Page.create(params)`
Obviously removing the ability to do this is problematic. The "solution" is to create the object without the book_id, save it, then set the book_id and save it again. Two roundtrips. bad.
I came up with a solution early last week that, while it doesn't resolve the security warnings, it does fix the actual security issue: whitelisting what params users are allowed to send, and validating them. (StrongParams + validation). I had a 1:1 with my boss today about this ticket, and I told him about that solution. He sort of hand-waved it away and said it wouldn't work because <lots of unrelated things>. huh.
He worked through a failed spec to see what the ticket was about, and eventually (20 minutes later) ran into the same issues Idid, and said "there's no way around this" (meaning what security wants won't actually help).
I remembered that Ruby has a `taint` state tracking, and realized I could use that to write a super elegant drop-in solution: some Rack middleware or a StrongParams monkeypatch to mark all foreign keys from user-input as tainted (so devs can validate and un-taint them), and also monkeypatch ACtiveRecord's create/save/update/etc. to raise an exception when seeing tainted data. I brought this up, and he searched for it. we discovered someone had already build this (not surprising), but also that Ruby2.7 deprecates the `taint` mechanism literally "because nobody uses it." joy. Boss also somehow thought I came up with it because I saw the other person's implementation, despite us searching for it because I brought it up? 🤨
Foregoing that, we looked up more possibilities, and he saw the whitelist+validation pattern quite a few more times, which he quickly dimissed as bad, and eventually decided that we "need to noodle on it for awhile" and come up with something else.
Shortly (seriously 3-5 minutes) after the call, he said that the StrongParams (whitelist) plus validation makes the most sense and is the approach we should use.
ffs.
I came up with that last week and he said no.
I brought it up multiple times during our call and he said it was bad or simply talked over me. He saw lots of examples in the wild and said it was bad. I came up with a better, more elegant solution, and he credited someone else. then he decided after the call that the StrongParams idea he came up with (?!) was better.
jfc i'm getting pissy again.9 -
You know what really grinds my gears? As a junior webdeveloper (mostly backend) I try my hardest to deliver quality content and other people's ignorance is killing me in my current job.
Let's rant about a recent project I had under my hood, for this project (a webshop) I had to restructure the database and had to include validation on basicly every field (what the heck, no validation I hear you say??), apperently they let an incompetent INTERN make this f***king webshop. The list of mistakes in this project can bring you close to the moon I'd say, seriously.
Database design 101 is basicly auto incremented ID's, and using IDs in general instead of using name (among a list of other stuff obv.). Well, this intern decided it was a good idea to filter a custom address-book module based on a NAME, so it wasn't setup as: /addressbook/{id} (unique ID, never a problem) but as /addressbook/{name}, which results in only showing one address if the first names on the addresses are the same. Lots of bugs that go by this type of incompetence and ignorance. Want to hear another joke? Look no further, this guy also decided it was a great idea to generate the next ID of an order. So the ordernumber wasn't made up by the auto incremented id on the order model, but by a count of all the orders and that was the next order number. This broke so many times, unbelievable.
To close the list of mistakes off, the intern decided it was a great idea to couple the address of a user directly to an order. Because the user is able to ship stuff to addresses within his addressbook, this bug could delete whole orders out of the system by simply deleting the address in your addressbook.
Enough about my intern rant, after working my ass of and going above and beyond the expectations of the customer, the guy from sales who was responsible for it showed what an a**hole he was. Lets call this guy Tom.
Little backstory: our department is a very small part of the company but we are responsible for so much if you think about it. The company thinks we've transitioned to company wide SCRUM, but in reality we are so far from it. I think the story below is a great example of what causes this.
Anyway, we as the web department work within Gitlab. All of our issues and sprints are organized and updated within this place. The rest of the company works with FileMaker, such a pile of shit software but I've managed to work around its buggyness. Anyway, When I was done with the project described above I notified all the stakeholders, this includes Tom. I made a write-up of all the changes I had made to the project, including screenshots and examples, within Gitlab. I asked for feedback and made sure to tag Tom so he was notified of my changes to the project.
After hearing nothing for 2 weeks, guess who came to my desk yesterday? F**king tom asking what had changed during my time on the project. I told him politely to check Gitlab and said on a friendly tone that I had notified him over 2 weeks ago. He, I shit you not, blantly told me that he never looks on there "because of all the notifications" and that I should 'tell him what to do' within FileMaker (which I already had updated referencing Gitlab with the write-up of my changes). That dick move of him made me lose all respect for this guy, what an ignorant piece of shit he is afterall.
The thing that triggers me the most in the last story is that I spent so much free time to perfect the project I was working on (the webshop). I even completed some features which weren't scheduled during the sprint I was working on, and all I was asking for was a little appreciation and feedback. Instead, he showed me how ignorant and what a dick he was.
I absolutely have no reason to keep on working for this company if co-workers keep treating me like this. The code base of the webshop is now in a way better condition, but there are a dozen other projects like this one. And guess what? All writen by the same intern.
/rant :P10 -
dear api author at my company pt. 2:
If you're gonna create an api method that takes some arguments.
And one of those arguments is an array.
THEN MAKE THE FUCKING ARGUMENT'S NAME PLURAL YOU FUCKING PIECE OF SHIT.
REPEAT WITH ME, MOTHERFUCKER.
ARRAY, PLURAL, NON-ARRAY, SINGULAR.
I need to pass a shitload of filters for the data for this table, and for every suckin fuckin filter I need to singularize this shit. Thank god for es6.
I know this sounds like nitpick, but I swear to fucking alpha omega this guy is inconsistent as fuck.
Every time it feels like he makes up a new rule.
Sometimes I need to send arrays of ids, other times arrays of objects with an id property on each.
He uses synonyms too, sometimes it's remove, other times erase.
PICK ONE MOTHERFUCKER.
If you can't do the basic things well, then what is to expect of more advanced stuff?
Naming conventions you fucking idiot, follow them. It's programming 101.
You're already sending them as plural in the fucking response. Why change them for the request?
And that's just style, conventions.
This idiot asshole also RARELY DOES ANY FUCKING CHECK ON THE ARGUMENTS.
"Oh, you sent a required argument as null? 500"
We get exceptions on sentry UP THE ASS thanks to this useless bone container.
YOU'RE SEEING THE EXCEPTIONS TOO!!!!! 500'S ARE BUGS YOU NEED TO FIX, YOU CUMCHUGGER
And sometimes he does send 400, you know what the messages usually are?
"Validation failed".
WHYYYYYY YOU GODDAMN APATHETIC TASTELESS FUCK???
WHAT EXACTLY CAUSED THE FUCKING VALIDATION TO FAIL????
EXCEPTIONS HAPPEN AND THANKS TO YOU I HAVE NO IDEA WHY.
The worst of all... the worst of fucking all is that everytime I make a suggestion to change shit, every time, you act like you care.
You act like the api is the way it is because you designed it in a calculated manner.
MOTHERFUCKER. IF A USER HAS ONLY PRODUCT A, THEN HE SHOULDN'T BE ABLE TO ACCESS DATA FOR PRODUCT B. IT IS NOT ENOUGH TO JUST RESTRICT SHIT WITH ADMIN ROLES. IDIOT!!!!!
This is the work of someone who has no passion for programming.10 -
Dogecoin hit USD $0.40 recently, which means it's time for the Crypto Rant.
TL;DR: Dogecoin is shit and is logically guaranteed to eventually fall unless it is fundamentally changed.
===========================
If you know how Crypto works under the hood, you can skip to the next section. If you don't, here's the general xyz-coin formula:
Money is sent via transactions, which are validated by *anybody*.
Since transactions are validated by anybody, the system needs to make sure you're not fucking it up on purpose.
The current idea (that most coins use today) is called proof-of-work. In short, you're given an extremely difficult task, and the general idea is you wouldn't be willing to do that work if you were just going to fuck up the system.
For validating these transactions, you are rewarded twofold:
1) You are given a fixed-size prize of the currency from the system itself. This is how new currency is introduced, or "minted" if you prefer.
2) You are given variable-size and user-determined prize called "transaction fees", but it could be more accurately called a "bribe" since it's sole purpose is to entice miners to add YOUR transaction to their block.
This system of validation and reward is called mining.
===========================
This smaller section compares the design o f BTC to Dogecoin - which will lead to my final argument
In BTC, the time between blocks (chunks of data which record transactions and are added to the chain, hence blockchain) is ten minutes. Every ten minutes, BTC transactions are validated and new Bitcoins are born.
In Dogecoin, the time between blocks is only one minute. In Theory, this means that mining Dogecoin is about ten times easier, because the system expects you to be able to solve the proof of work in an average of one minute.
The huge difference between BTC and Doge is the block reward (Fixed amount; new coins minted). The block reward for BTC is somewhat complicated compared to Doge: It started as 50 BTC per block and every 4 years it is halved ("the great halving"). Right now it's 6.25 BTC per block. Soon, the block reward will be almost nothing until BTC hits it's max of 21 million bitcoins "minted".
Dogecoin reward is 10,000 coins per block. And it will be that way for the end of time - no maximum, no great halving. And remember, for every 1 BTC block mined, 10 Doge blocks are mined.
===========================
Bitcoin and Dogecoin are now the two most popular coins in pop culture. What makes me angry is the widespread misunderstanding of the differences between the two. It is likely that most investors buy Dogecoin thinking they're getting in "early" because it's so cheap. They think it's cheap because it isn't as popular as Bitcoin yet. They're wrong. It's cheap because of what's outlined in section two of this rant.
Dogecoin is actually not very far off Bitcoin. Do the math: there's a bit over 100 billion Dogecoin in circulation (130b). There's about 20 million BTC. Calculate their total CURRENT values:
130b * $0.40 = 52b
20m * $60k = 1.2t
...and Doge is rising much, much faster than BTC because of the aforementioned lack of understanding.
The most common thing I hear about Doge is that "nobody expects it to reach Bitcoin levels" (referring to being worth 60k a fucking coin). They don't realize that if Doge gets to be worth just $10 a coin, it will not just reach Bitcoin levels but overtake Bitcoin in value ($1.3T).
===========================
It's worth highlighting that Dogecoin is literally designed to fail. Since it lacks a cap on new coins being introduced, it's just simple math that no matter how much Doge rises, it will eventually be worthless. And it won't take centuries, remember that 100k new Doge are mined EVERY TEN MINUTES. 1,440 minutes in a day * 10K per minute is 14.4 million new coins per day. That's damn near every Bitcoin to ever exist mined every day in Dogecoin10 -
At work, my closest relation is with the DBA. Dude is a genius when it comes to proper database management as well as having a very high level of understanding concerning server administration, how he got that good at that I have no clue, he just says that he likes to fuck around with servers, Linux in particular although he also knows a lot about Windows servers.
Thing is, the dude used to work as a dev way back when VB pre VB.NET was all the rage and has been generating different small tools for his team of analysts(I used to be a part of his team) to use with only him maintaining them. He mentioned how he did not like how Microsoft just said fk u to VB6 developers, but that he was happy as long as he could use VB. He relearned how to do most of the GUI stuff he was used to do with VB6 into VB.NEt and all was good with the world. I have seen his code, proper OOP practices and architectural decisions, etc etc. Nothing to complain about his code, seems easy enough to extend, properly documented as well.
Then he got with me in order to figure out how to breach the gap between building GUI applications into web form, so that we could just host those apps in one of our servers and his users go from there, boy was he not prepared to see the amount of fuckery that we do in the web development world. Last time my dude touched web development there was still Classic ASP with JScript and VBScript(we actually had the same employer at one point in the past in which I had to deal with said technology, not bad, but definitely not something I recommend for the current state of web development) and decided that the closest thing to what he was used was either PHP(which he did not enjoy, no problem with that really, he just didn't click with the language) and WebForms using VB.NET, which he also did not like on account of them basically being on support mode since Microsoft is really pushing for people to adopt dotnet core.
After came ASP.NET with MVC, now, he did like it, but still had that lil bug in his head that told him that sticking to core was probably a better idea since he was just starting, why not start with the newest and greatest? Then in hit(both of us actually) that to this day Microsoft still not has command line templates for building web applications in .net core using VB.NET. I thought it was weird, so I decided to look into. Turns out, that without using Razor, you can actually build Web APIs with VB.NET just fine if you just convert a C# template into VB.NET, the process was...err....tricky, and not something we would want to do for other projects, with that in we decided to look into Microsoft's reasons to not have VB.NET. We discovered how Microsoft is not keeping the same language features between both languages, having crown C# as the language of choice for everything Microsoft, to this point, it seems that Microsoft was much more focused in developing features for the excellent F# way more than it ever had for VB.NET at this point and that it was not a major strategy for them to adapt most of the .net core functionality inside of VB, we found articles when the very same Microsoft team stated of how they will be slowly adding the required support for VB and that on version 5 we would definitely have proper support for VB.NET ALTHOUGH they will not be adding any new development into the language.
Past experience with Microsoft seems to point at them getting more and more ready to completely drop the language, it does not matter how many people use it, they would still kill it :P I personally would rather keep it, or open source the language's features so that people can keep adding support to it(if they can of course) because of its historical significance rather than them just completely dropping the language. I prefer using C#, and most of my .net core applications use C#, its very similar to Java on a lot of things(although very much different in others) and I am fine with it being the main language. I just think that it sucks to leave such a large developer pool in the shadows with their preferred tool of choice and force them to use something else just like that.
My boy is currently looking at how I developed a sample api with validation, user management, mediatR and a custom project structure as well as a client side application using React and typescript swappable with another one built using Angular(i wanted to test the differences to see which one I prefer, React with Typescript is beautiful, would not want to use it without it) and he is hating every minute of it on account of how complex frontend development has become :V
Just wanted to vent a little about a non bothersome situation.8 -
API Request validation is stupid.
Until you remember
* Your target audience is highschool students
* Your front end dev loves to fuck your stuff up
* His mom works in QA and she equally likes to fuck shit up
* It's just a good idea
* People just fucking suck8 -
I’m developing a fairly sophisticated desktop app in Python with PyQt5 as the widget set. Because my partner insists that all the kids these days love Python.
Piss on Python. And that goes double for PyQt5.
I’m on the absolute hardest section of the app. It’s a fairly complex import of data from PDF reports. There are so many different parts that I decided to go with a wizard.
So, I built a QWizard in Qt Designer. It generates a C++ .ui file, but you just truck it over to the command line and run this pyuic5 command, and it converts to a handy dandy Python class. Woo. You can subclass it and consume it from your Python script.
Sounded SO MUCH EASIER than writing the wizard from scratch. But OH NO. I need to do custom validation on my custom text control at every stage to control when the Next and Finish buttons are enabled, which means I gotta overwrite some damn event.
But I can’t. Because I can’t subclass the individual pages. Because they’re part of the same damn file and the wizard offers no access to them.
I’m almost certain that I’m going to have to completely redesign the wizard so that it’s pages are in separate files, which means I have to recode the bitch as well.
The cherry on top is that there’s zero documentation for this specific thing. None. No QWizard documentation exists for PyQt5 (if there is, they’re doing a damn good job of hiding it), so I have to read the documentation for PyQt4. Not the same animal. Close, but different. Even with the differences aside, this documentation is minimal and useless. “We’re going to tell you in very general terms what you should do, but we’ll give you zero idea how to do it. And we know the very common code method you’ll want to try first won’t work.”
And getting at this stuff when you do it in Qt Designer is WAY different. And all that documentation is in C++. Because apparently you HAVE to speak C++ if you want any real info about PyQt. Because that’s perfectly reasonable, right?
So, now I’ve lowered myself and posted a question on Stack. Because, hey, once you get past the power-tripping, mouth-breathing, basement-dwelling, neck-bearded high school punching bags picking apart your question rather than, I dunno..., BEING HELPFUL, sometimes you can get good info there. Sometimes. They seriously saved my ass at least one time.
But yeah. Fuck Python. Fuck everything Qt.17 -
'17:15' < '09:45' === false
'5:15pm' < '9:45am' === true
I either need a language with a stronger type system, or coworkers who understand that comparing raw time input in validation is a bad idea 😡6 -
I was think of using ajax to pass data from javascript to php because of some validation to my multiple checkbox, then before i go home the idea hit me to just use validation in php with some basic variable manipulation and if else, i just wasted 2 hours of searching just to arrived at a basic solution, i think it's much better to think before you code about what you want to do,but when i open my text editor i get distracted a lot.11
-
It annoys me when restaurants provide an online form for reservations, put in their disclaimer that "no reservation = no table", but when you make the reservation things go wrong.
For starters: their infrastructure not working on weekends (while they are open on weekends), them doing manual instead of automatic validation of a reservation, them not even knowing how to manage their own reservation system (which gives me the idea that they purchased some random reservation software).
I ended end having to call them about my reservation, they had a confused voice at the phone while they were navigating their own reservation software and ended up saying "Yeah ok table is booked, bye". I understand they're stressed out but come on, I don't think this is a modern nor graceful process. If you're boasting about having a reservation form, then at least live up to it. It reminds me of another restaurant where I had made a reservation online and when I got there, they told me "Next time book by phone please, we're not used to our software". For *********** sake.
Bah.1 -
What makes free ssl "Unsuitable for e-commerce websites", Please read to end to see my view point.
From Namecheap:
Free Certificates are domain validation only which means they don't certify the identity of the website owner, they simply ensure a secure connection. Customers can't be sure of the integrity and trustworthiness of the website owner. If you need to secure credit card and personal information on e-commerce websites, free certificates aren't the answer. It's important your customers trust your business is safe enough to hand over these details. To gain this trust, you need a certification of your authenticity, which you can only get with a (paid) Business Validation or Extended Validation SSL Certificates.
https://namecheap.com/security/...
* "To gain this trust, you need a certification of your authenticity"
~ But isn't that just Domain Verification and other Extras, What justifies somebody or business's authenticity? Tax Id, Valid Address, Nobody is going to study the ssl cert to make sure that amazon.com is a valid business and has a tax Id.
* "domain validation only which means they don't certify the identity of the website owner,"
~ Wouldn't this just be the domain validation test that is required when using services like LetsEncrypt using Certbot etc, or are we referencing back to this idea that they look for a Valid Tax Id sort of thing?
* "If you need to secure credit card and personal information on e-commerce websites, free certificates aren't the answer"
~ Why is the paid version going to do double encryption, is the CA going to run a monitoring tool to scan for intrusions like a IDS or IPS? (disregard the use of DNS Validation being in the picture)
Am I missing something, this just seems like well crafted text to get people to buy a cert, I could understand if the encryption was handled differently, Maybe if they checked the site for HSTS or HTTPs Redirect or even, They blocked wildcard SSL before and now with the paid its included, but overall it doesn't sound like anything special. Now I'm not just picking on namecheap because domain.com does the same.14 -
Random opinion question:
I'm working on a thing where the user provides a big CSV and we process it and put it in the database, or update existing records.
This data impacts other things, but the data isn't front and center as a group of n the application for them to notice / see again (well they can query for it).
I'm thinking of taking the CSV and then presenting them with a table showing how we processed that data giving them a chance to review it before they commit it to the database...
I like this idea for two reasons:
1. If something goes sideways there's a chance someone will see it and I'm not sure I can do enough validation on a big ass CSV from god knows where to be sure we're going to process it right... (I'm going to do some validation but just can't cover it all)
2. It takes some of the mystery out of what happened / is happening for the user for.
Anyone try this in the past? Seems reasonable, but lots of things do before they go sideways.7 -
They keep training bigger language models (GPT et al). All the resear4chers appear to be doing this as a first step, and then running self-learning. The way they do this is train a smaller network, using the bigger network as a teacher. Another way of doing this is dropping some parameters and nodes and testing the performance of the network to see if the smaller version performs roughly the same, on the theory that there are some initialization and configurations that start out, just by happenstance, to be efficient (like finding a "winning lottery ticket").
My question is why aren't they running these two procedures *during* training and validation?
If [x] is a good initialization or larger network and [y] is a smaller network, then
after each training and validation, we run it against a potential [y]. If the result is acceptable and [y] is a good substitute, y becomes x, and we repeat the entire procedure.
The idea is not to look to optimize mere training and validation loss, but to bootstrap a sort of meta-loss that exists across the whole span of training, amortizing the loss function.
Anyone seen this in the wild yet?5 -
The next step for improving large language models (if not diffusion) is hot-encoding.
The idea is pretty straightforward:
Generate many prompts, or take many prompts as a training and validation set. Do partial inference, and find the intersection of best overall performance with least computation.
Then save the state of the network during partial inference, and use that for all subsequent inferences. Sort of like LoRa, but for inference, instead of fine-tuning.
Inference, after-all, is what matters. And there has to be some subset of prompt-based initializations of a network, that perform, regardless of the prompt, (generally) as well as a full inference step.
Likewise with diffusion, there likely exists some priors (based on the training data) that speed up reconstruction or lower the network loss, allowing us to substitute a 'snapshot' that has the correct distribution, without necessarily performing a full generation.
Another idea I had was 'semantic centering' instead of regional image labelling. The idea is to find some patch of an object within an image, and ask, for all such patches that belong to an object, what best describes the object? if it were a dog, what patch of the image is "most dog-like" etc. I could see it as being much closer to how the human brain quickly identifies objects by short-cuts. The size of such patches could be adjusted to minimize the cross-entropy of classification relative to the tested size of each patch (pixel-sized patches for example might lead to too high a training loss). Of course it might allow us to do a scattershot 'at a glance' type lookup of potential image contents, even if you get multiple categories for a single pixel, it greatly narrows the total span of categories you need to do subsequent searches for.
In other news I'm starting a new ML blackbook for various ideas. Old one is mostly outdated now, and I think I scanned it (and since buried it somewhere amongst my ten thousand other files like a digital hoarder) and lost it.
I have some other 'low-hanging fruit' type ideas for improving existing and emerging models but I'll save those for another time.6 -
Rant and opinions wanted. Its a long one.
I have been working on a project for a month and a half. For the first week I was requesting designs that I got about 2 of out of 15. For the next week and a half the designer was on holiday so I couldn't do anything but delivered a few more designs once he got back.
This takes us 2 weeks in already. I have other things to do as well so at the same time I work on support tickets and some bespoke development coming in.
I get given 2 or 3 more designs and can't get anything else out of the designer after waiting a week so I have to design everything myself as I go and build it. Something I have never done before.
We are now 3 and a half weeks in. My boss randomly tells my pm it needs to be demo ready the next day. I work furiously to hack something together. It works but key functionality is missing.
I move house and work from home for a week and a half. I do my best but the project is full of bugs and the CSS is horrible because I didn't know what I was making at any stage. It is therefore CSS rules repeated in IDs everywhere.
My colleagues join me on the project because my boss has decided to try and sell it tomorrow.
They run through it and find all the bugs left from me working furiously to get things done quickly. Things like no search pagination and missing validation.
My boss is now pisses at me because the project is not finished, my colleagues are now all working on it. Throughout it all he knew the designer was not delivering me anything and that I was struggling.
Am I in the wrong for writing shit code that came about because I was coding with no idea of what the finished project should look like? Is he in the wrong for dumping this on me and just letting me get on with it even though he knew there were no designs?
Btw I am just finishing a 1 year internship and before this have never done web dev before.
Discuss.7 -
There have been a few :)
If say it's a videos utter project I initially though was good. Apart from loading a view the controllers didn't do anything - my initial thought was some magic was happening behind the scenes.
However, when I opened up the view things changed.
ALL the business logic happened in the view. Everything. Form processing, consuming an app, file uploads, validation, crud ... You name it, it happened in view. The developer created a raw MySQL connection and build his queries by concatenation g strings, the whole system was wide open to sql injection.
Even more annoying was the "source control" he invented. Every file had several copies. I.e. "User(working).php", "user_v3.php" and even "user(working_no_profile_fields_1.php". It wasn't even like there was any consistency in what file was actually used either. A complete mess. The system had around 69 screens too. No idea how the developer got that gig.2 -
Was working in an n-tier website, standard Web forms, BAL, DAL, database architecture. Validation and processing of data done in the BAL. Not the best idea, but whatever. Well apparently some developer thought it was too much work to pass his data through the BAL, so he directly accessed the DAL, performing zero validation on the data being passed in. Luckily, this was in a non-critical part of the site but the PM at the time nearly had a heart attack when I told him.
-
At old e-commerce job, some orders were coming through with most of the shipping info missing. The only info filled out was the State. When we looked at Heap, we could see the user was filling in those fields. There was both frontend and backend validation for required form data, so the user shouldn’t have been able to checkout without an address.
When I looked at the BE logic, I saw addresses were retrieved from our database by using a method called GetOrCreateDefaultAddress. When the website couldn’t find the address in the db, it created a new one where the only address field that was filled in was the state.
Unfortunately, this default address creation was happening after the submit button had been hit. There was no logic to validate the address this late in the checkout because the earlier form validation in the process should have caught this.
The orders did have email addresses, so customer service did have a way to contact the customer. I have no idea what happened to the user’s address. Was it never saved? Did it get caught up in a cron job to delete old users and addresses from the db??2 -
I'm thinking of making a email validation api that can check if an email address is temporary disposable email, tld domain, from a free email provider, mx detals, delivery availability etc.
Is this even a good API idea?6 -
#Suphle Rant 7: transphporm failure
In this issue, I'll be sharing observations about 3 topics.
First and most significant is that the brilliant SSR templating library I've eyed for so many years, even integrated as Suphle's presentation layer adapter, is virtually not functional. It only works for the trivial use case of outputting the value of a property in the dataset. For instance, when validation fails, preventing execution from reaching the controller, parsing fails without signifying what ordinance was being violated. I trim the stylesheet and it only works when outputting one of the values added by the validation handler. Meaning the missing keys it can't find from controller result is the culprit.
Even when I trimmed everything else for it to pass, the closing `</li>` tag seems to have been abducted.
I mail project owner explaining what I need his library for, no response. Chat one of the maintainers on Twitter, nothing. Since they have no forum, I find their Gitter chatroom, tag them and post my questions. Nothing. The only semblance of a documentation they have is the Github wiki. So, support is practically dead. Project last commit: 2020. It's disappointing that this is how my journey with them ends. There isn't even an alternative that shares the same philosophy. It's so sad to see how everybody is comfortable with PHP templating syntax and back end logic entagled within their markup.
Among all other templating libraries, Blade (which influenced my strong distaste for interspersing markup and PHP), seems to be the most popular. First admission: We're headed back to the Blade trenches, sadly.
2nd Topic: While writing tests yesterday, I had this weird feeling about something being off. I guess that's what code smell is. I was uncomfortable with the excessive amount of mocking wrappers I had to layer upon SUT before I can observe whether the HTML adapter receives expected markup file, when I can simply put a `var_dump` there. There's a black-box test for verifying the output but since the Transphporm headaches were causing it to fail, I tried going white-box. The mocking fixture was such a monstrosity, I imagined Sebastian Bergmann's ghost looking down in abhorrence over how much this Degenerate is perverting and butchering his creation.
I ultimately deleted the test travesty but it gave rise to the question of how properly designed system really is. Or, are certain things beyond testing white box? Are there still gaps in the testing knowledge of a supposed testing connoisseur? 2nd admission.
Lastly, randomly wanted to tweet an idea at Tomas Votruba. Visited his profile, only to see this https://twitter.com/PovilasKorop/.... Apparently, Laravel have implemented yet another feature previously only existing in Suphle (or at the libraries Arkitekt and Deptrac). I laughed mirthlessly as I watch them gain feature-parity under my nose, when Suphle is yet to be launched. I refuse to believe they're actually stalking Suphle3 -
I am making a WYSIWYG text editor for my next Product. Is there anything that I should include and is currently lacking in text Editors of Medium, Hackernoon etc.