I know a guy who writes everything in Haskell.

He started learning it because his parents got him into a math school (and math schools in Russia use either Python or Haskell), he liked it, but later he dropped out. Today, apart from Haskell, he only really knows HTML and CSS, and maybe some JavaScript.

He writes backend AND frontend in Haskell and uses some kind of JRPC stuff to manage all that. He told me that his life is a pure heaven. He IS RELEVANT (!!!!!!), his apps always run without bugs (because in Haskell you can mathematically prove that there are no bugs), they are performant, faster than C (because you can't write a complex enough app in C that will be as efficient as compiled Haskell, because it's you vs compiler). He doesn't have any problems in life whatsoever. He never got burned out, he never got anxiety or depression. He doesn't act pretentiously and stuff, he's just a normal person who rarely even mentions that he can program.

Science says it can't be done! You can't only know Haskell and be a relevant software engineer! You know what, he didn't _know_ it was impossible. He's like that grandpa from a meme, he got Alzheimers, but because of it he forgot that he had Alzheimers, and now remembers everything.

The fun thing is that he looks like a typical gopnik, with adidas suits and stuff.

What a gem of a person.

While writing up this quarter's performance review, I re-read last quarter's goals, and found one my boss edited and added a minimum to: "Release more features that customers want and enjoy using, prioritized by product; minimum 4 product feature/bug tickets this quarter."

... they then proceeded to give me, not four+ product tickets, but: three security tickets (two of which are big projects), a frontend ticket that should have been assigned to the designer, and a slow query performance ticket -- on top of my existing security tickets from Q3.

How the fuck was I supposed to meet this requirement if I wasn't given any product tickets? What, finish the monster tickets in a week instead of a month or more each and beg for new product tickets from the product manager who refuses to even talk to me?

Fuck these people, seriously.

Here I am trying to get some tickets for a theater, and I noticed an interesting thing. It seems that the website holds no session persistence. In other words it doesn't check to see if the user has stopped trying to order tickets, instead it holds the seats for about 30 minutes. This is kind of stupid because when you back out, your treated as a completely new session, you have no way of trying to get back the seats you had chosen.

Sooo, what does this mean? It means that I can start selecting a bunch of seats and continue selecting a bunch of seats. There appears to be no server-side checks to prevent someone from just booking the entire theater.

Soooooo, what does this mean? I could potentially spam the entire country's theaters (any that use this website as a booking system) and make it impossible for people to book seats through this website.

What do you guys think? Is this a bug or feature?

You've got to be kidding?

I'm reading a book about anti-gravity... It's impossible to put down

I love to develop for the web, i find JavaScript a nice language and I love the unmatched flexibility of the web platform but i hate when I have to work with the unstable or badly documented APIs which seems to be the norm in the enterprise world: wasting hours in forced breaks because suddenly the API returns nothing but 503 or the VPN suddenly dies, wasting lot of time to find the documentation you need in the slow and cumbersome enterprise API manager, making lots of tests with cURL/Paw/Postman/wethever trying to find out why a request which should work just doesn't... in these moments I envy desktop and mobile devs. The worst part of it is which microservices made everything worse since nowadays there are way more "moving parts" which can break making the API you need unavailable and unlike with monoliths often it's hard to just clone a back-end, populate a database and then work fully locals since now everything depends on a lots of things which are hard/almost impossible to replicate on your laptop.

I don't know how any company can keep on top of crazy npm package changes. I work in a REALLY SMALL team. We are still using bunch of deprecated packages and we keep building on top of those packages. Updating packages is always a nightmare. It's impossible to Google solution when no one is using the particular combination of deprecated packages. Fuck me

So, I have been a dev for a bit, around 8 years. Primarily focusing on PHP,, with a couple of years under my belt doing C#.

I had a look at golang recently and want to delve deeper in to it, as the little I looked at, was pretty fun.

Is golang worth picking up? Do you have any specific resources for me to checkout? & would it be impossible for me to make a career switch if i got that invested?

Fuck ticketing systems man.. jumped from a good job that i previously thought was going to be a deadend and jobhopped to a new one with a significant salary increase. Problem is that The stress levels increased 5x, and there’s significant rush to complete tasks that have sub optimal descriptions to put it nicely. The problem with that is that the lead doesn’t have enough time to properly write them and catching him during work hours for him to explain them is sometimes impossible. Sitting in limbo with 4-5 tickets open, all of them with high priority and stresing the fuck out.

I had a pretty good year! I've gone from being a totally unknown passionate web dev to a respected full stack dev. This will be a bit lengthy rant...
Best:
- Got my first full time employment dev role at a company after being self-taught for 8+ years at the start of the year. Finally got someone to take the risk of hiring someone who's "untested" and only done small and odd jobs professionally. This kickstarted my career, super grateful for that!
- Started my own programming consulting company.
- Gained enough confidence to apply to other jobs, snatched a few consulting jobs, nailed the interviews even though I never practiced any leet code.
- Currently work as a 99% remote dev (only meet up in person during the initialization of some projects.) I never thought working remotely could actually work this well. I am able to stay productive and actually focus on the work instead of living up to the 9-5 standard. If I want to go for a walk to think I can do that, I can be as social and asocial as I want. I like to sleep in and work during the night with a cup of tea in the dark and it's not an issue! I really like the freedom and I feel like I've never been more productive.
- Ended up with very happy customers and now got a steady amount of jobs rolling in and contracts are being extended.
- I learned a lot, specialized in graph databases, no more db modelling hell. Loving it!
- Got a job where I can use my favorite tools and actually create something from scratch which includes a lot of different fields. I am really happy I can use all my skills and learn new things along the way, like data analysis, databricks, hadoop, data ingesting, centralised auth like promerium and centralised logging.
- I also learned how important softskills are, I've learned to understand my clients needs and how to both communicate both as a developer and an entrepeneur.
Worst:
- First job had a manager which just gave me the specifications solo project and didn't check in or meet me for 8 weeks with vague specifications. Turns out the manager was super biased on how to write code and wanted to micromanage every aspect while still being totally absent. They got mad that I had used AJAX for requests as that was a "waste of time".
- I learned the harsh reality of working as a contractor in the US from a foreign country. Worked on an "indefinite" contract, suddenly got a 2 day notification to sum up my work (not related to my performance) after being there for 7+ months.
- I really don't like the current industry standard when it comes to developing websites (I mostly work in node.js), I like working with static websites (with static website generators like what the Svelte.js driver) and use a REST API for dynamic content. When working on the backend there's a library for everything and I've wasted so many hours this year to fix bugs and create workarounds related to dependencies. You need to dive into a rabbit hole for every tool and do something which may work or break something later. I've had so many issues with CICD and deployment to the cloud. There's a library for everything but there's so many that it's impossible to learn about the edge cases of everything. Doesn't help that everything is abstracted away, which works 90% of the time but I use 15 times the time to debug things when a bug appears. I work against a black box which may or may not have an up to date documentation and it's so complex that it will require you to yell incantations from the F#$K
era and sacrifice a goat for it to work properly.
- Learned that a lot of companies call their complex services "microservices". Ah yes, the microservice with 20 endpoints which all do completely unrelated tasks?

A question to all software security specialists of devRant. Please, take it serious.

Is it fundamentally possible to restrict a SQL database like Postgres in a way that unintended SQL queries are impossible to execute? Perhaps in some kind of whitelist fashion. Is it possible to achieve the kind of security that will be just fine exposed to the outside world akin to "SQL queries in onClick handlers" scenario?

Or is this an uphill battle of never being able to moderate an infinite set of possible fraudulent queries?

Alright, so I'm starting to doubt a very fundamental, as in foundational aspect of my projec:

* __everything__ lives in the same repo.

This is... problematic. Because yeah they're my inhouse tools so to speak, so obviously I need them all together and shit.

BUT: what if you only want one particular tiny piece of code, say one of my string utils or whatever? Fucking great then, on cloning the repo you also get the code that enables 3D rendering on my shitty terminal emulator.

I'm not crazy in thinking I should break things up a little, right? I've already made most of the code modular enough (or encapsulated is a better term? idk); the OpenGL blocks don't know what a window is, and the (again, shitty) window manager doesn't know what a mesh is either.

So they are separate things that work well together. But they could also work well with someone else's code, and while I'm not making that impossible it is bit of a pain in the ass.

I don't know, man. I think I should start using multiple repos and have a manager fetch the deps... sounds like a fucking chore, but I can no longer shove the thought to the back of my mind.

Fuck me, why do I do things.

PyQt5 combined with pyinstaller is a f*ckn impossible mission.... if a .ui file is used you an forget it completely

So i wanna try explain the concept of JWT to a 5(+55) year old, and also to myself who is noob at web stuff. please tell me if this is a correct analogy, because i am myself confuse regarding how its secure?

So A wants B, a blind jeweller, to keep his super valuable notebook page with bank passwords safe. B says "give me your sheet and 5 nickels". (Assume that every nickel is always 1gm, made up of pure iron . Assume these statements to be true and world-known )

B takes A's nickels, melts them, adds 20gm more iron, adds 25gm copper, adds 25gm aluminum and then adds 25gm carbon dioxide and makes a mixture that is impossible to revert , but will automatically disintegrate after 24 hours due to CO2 (again, pure true statement, but this formula is only known to B) .

He makes 2 exact copies of keys from the 100 gm mixture, gives one to A and says
("Anyone can either give me 5 nickels of same name, markings, and year and i will give them back this secret sheet. or they give me the same key fo next 24 hours,and i will still give them back the sheets. after 24 hours, this key will also not work. I will even keep this on public display that i make keys using the materials I just showed, and then also no one would be able to create he exact same replica because they don't know how much percentage of each material went into the mixture"

So is this true? I have heard my friend boldly claim that they don't store user passwords as plaintext or even encoded text but rather doing this :
user password + company's private key --->[public domain encryption algorithm] = irreversible public key which is saved against user profile as "password"

public key + other info + time bound expiring logic ---->[public domain JWT encrypted token maker algorithm] = reversible JWTToken which is sent back to user

if user sends back token, then
token --> [JWT decoder] = public key + other info

if public key matches the stored public key , then user is a real user and should be given data

if user sends back the original password, then
user password + company's private key --->[public domain encryption algorithm] = irreversible public key .
again if public key matches the stored public key, then user will again receive access?

So this means all the time we are transmitting a lightly jumbled up version of public key, which is itself a hard, almost irreversible jumbled up version of our passwords that can only be unjumbled via a private key (or jewellers mixture ratios) that companies hold dearly ?