Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "injection"
developer: *deploying spaghetti code to production*
hacker: *alters the code with an injection*
Offensive and defensive at both code and infrastructure levels.
So many times I see devs not give a flying pancake about security. Whether it be rolling integers for sql injection or permission guarding to prevent someone executing something they shouldn't.
Why is security in this industry always the last thing to be concerned about when it's the first thing that's going to kill your business.
I quietly refactored an entire NodeJS express in-house framework that was written in Java style (dependency injection, inheritance, inversion of control) and split it into typed, composable, parameterized, testable middlewares in 2 weeks (including some complicated ones like a custom Openid Connect flow)
Now comes the hard part: convincing the Java-devs who wrote it that it is useful3
A sweaty furry sodomizing a dead dog would still be less disgusting than the codebase on which I have to work, some highlights are:
- The same class repeated 40 times with little variations instead of using some decent parametrization
- Inexistent encapsulation and separation of concerns, most changes requires to modify and recompile 2-3 indipendent Maven projects
- Abuse of inheritance which instead of being used to create "is-a" relationship as it should be it's used to reuse some methods of a class in another instead of using Spring dependency injection as we should be
It would be understandable in a 20 years old legacy projects but in something which started 2 months ago it drives me mad, I tried to fight to change it but in the big enterprise to which I'm "body-rented" it's impossible1
Am I the only one to think companies asking questions such as those for technical interviews don’t understand what software engineering/development is about ?
- How many layers does a webservice have?
- What framework do you use for unit testing ?
- How do you do dependency injection ?
Essentially questions that they deem black and white but really aren’t. Besides isn’t the core of the work to just adapt and learn while being smart about what things you implement ? I don’t get these questions for me it’s a sign that a company doesn’t understand the work I’ll be doing.
I think for a technical interview I’d much rather spend my time on a difficult algo question in the language of my choice for 30mins - 1h than 20mins answering close minded questions that don’t have to be.
This rant is mostly due to the fact I’ve done a few interviews with two companies and both behaved like that, I’m 100% certain I had the skills to do the jobs they were offering me (they both contacted me first) but both ended up denying me because my knowledge on their specific questions wasn’t detailed enough. I could have learnt their stack in about a week so I don’t know why that mentality exists.
I might be wrong about the core of the work though… what do you think?3