Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "issue tracking"
I'm happy the announce the official devRant bug/feature suggestion tracker, now on GitHub!
It just went live, and you can find it here: https://github.com/devRant/devRant
Going forward, please use that issue tracker for all bug reports and feature suggestions. We decided to move bugs/features reports to GitHub because we've had a lot of people tell us they'd prefer that method since it makes tracking issues easier, and we also think it will improve searchability and maintainability of current bugs and feature suggestions.
Since we're starting from scratch with it, if there's a bug/feature that you're interested in submitting, and it's not already there, then please go ahead and add it! Even if it's been suggested before in a rant, we want to get them in the GitHub issue tracker, so please add it there too.
Feel free to let me know if you have any questions, and we hope this new method makes it easier to see what bugs we're working on fixing and makes it easier to see and discuss possible new features!47
Okay so my co-workers explains why they give me the title "GitHub Maid":
Basically most of the time the engineering didn't have the time to scroll through issues, and that includes me, so a lot of this stuff does not get triaged properly when reported. When I stumbled on the tracker, I knew I had to do something, so I sorted and sorted and managed the tickets by my own.
So being a "GitHub Maid" is not something to be embarrassed about after all, in fact, I think the dev team owed me a lot because the issue tracker is more organized, and the issues are getting triaged and assigned properly now compared before.
So if they call you like something similar, be proud of it because some developers wouldn't even bother to tidy up issue tracking.12
Privacy & security violations piss me off. Not to the point that I'll write on devRant about it, but to the point that coworkers get afraid from the bloodthirsty look in my eyes.
I know all startups proclaim this, but the one I work at is kind of industry-disrupting. Think Uber vs taxi drivers... so we have real, malicious enemies.
Yet there's still this mindset of "it won't happen to us" when it comes to data leaks or corporate spying.
Me: "I noticed we are tracking our end users without their consent, and store not just the color of their balls, but also their favorite soup flavor and how often they've cheated on their partner, as plain text in the system for every employee to read"
Various C-randomletter-Os: "Oh wow indubitably most serious indeed! Let's put 2 scrumbag masters on the issue, we will tackle this in a most agile manner! We shall use AI blockchains in the elastic cloud to encrypt those ball-colors!"
NO WHAT I MEANT WAS WHY THE FUCK DO WE EVEN STORE THAT INFORMATION. IT DOES IN NO WAY RELATE TO OUR BUSINESS!
"No reason, just future requirements for our data scientists"
I'M GRABBING A HARDDRIVE SHREDDER, THE DB SERVER GOES FIRST AND YOUR PENIS RIGHT AFTER THAT!
(if it's unclear, ball color was an optimistic euphemism for what boiled down to an analytics value which might as well have been "nigger: yes/no")13
I have been gone a while. Sorry. Workplace no longer allows phones on the lab and I work exclusively in the lab. Anyway here is a thing that pissed me off:
Systems Engineer (SE) 1 : 😐 So we have this file from the customer.
Me: 😑 Neat.
SE1: 😐 It passes on our system.
Me: 😑 *see prior*
Inner Me (IM): 🙄 is it taught in systems engineer school to talk one sentence at a time? It sounds exhausting.
SE1: but when we test it on your system, it fails. And we share the same algorithms.
Me: 😮 neat.
IM: 😮neat, 😥 wait what the fuck?
Me: 😎 I will totally look into that . . .
IM: 😨 . . . Thing that is absolutely not supposed to happen.
*Le me tracking down the thing and fixing it. Total work time 30 hours*
Me: 😃 So I found the problem and fixed it. All that needs to happen is for review board to approve the issue ticket.
SE1: 😀 cool. What was the problem?
Me: 😌 simple. See, if the user kicked off a rerun of the algorithm, we took your inputs, processed them, and put them in the algorithm. However, we erroneously subtracted 1 twice, where you only subtract 1 once.
SE1: 🙂 makes sense to me, since an erroneous minus 1 only effects 0.0001% of cases.
*le into review board*
Me: 😐 . . . so in conclusion this only happens in 0.0001% of cases. It has never affected a field test and if this user had followed the user training this would never have been revealed.
SE2: 🤨 So you're saying this has been in the software for how long?
Me: 😐 6 years. Literally the lifespan of this product.
SE2: 🤨 How do you know it's not fielded?
Me: 😐 It is fielded.
SE2: 🤨 how do you know that this problem hasn't been seen in the field?
Me: 😐 it hasn't been seen in 6 years?
IM: 😡 see literally all of the goddamn words I have said this entire fucking meeting!!!
SE2: 😐 I would like to see an analysis of this to see if it is getting sent to the final files.
Me: 🙄 it is if they rerun the algorithm from our product. It's a total rerun, output included. It's just never been a problem til this one super edge case that should have been thrown out anyway.
SE2: 🤨 I would still like to have SE3 run an analysis.
Me: 🙄 k.
IM: 😡 FUUUUUUUUUCK YOOOOOU
*SE3 run analysis*
SE3: 😐 getting the same results that Me is seeing.
Me: 😒 see? I do my due diligence.
SE2: 😐 Can you run that analysis on this file again that is somehow different, plus these 5 unrelated files?
SE3: 😎 sure. What's your program's account so I can bill it?
IM: 😍 did you ever knooooow that your my heeeerooooooo.
*SE3 runs analysis*
SE3: 😐 only the case that was broken is breaking.
SE2: 😐 Good.
IM: 🤬🤬🤬🤐 . . . 🤯WHY!?!?
Me: 😠 Why?
SE2: 😑 Because it confirms my thoughts. Me, I am inviting you to this algorithm meeting we have.
Me/IM: 😑/😡 what . . . the fuck?
*in algorithm meeting*
Me: 😑 *recaps all of the above* we subtract 1 one too many times from a number that spans from 10000 to -10000.
Software people/my boss/SE1/SE3: 🤔 makes sense.
SE2:🤨 I have slides that have an analysis of what Me just said. They will only take an hour to get through.
Me: 😑 that's cool but you need to give me your program's account number, because this has been fixed in our baseline for a week and at this point you're the only program that still cares. Actually I need the account to charge for the last couple times you interrupted me for some bullshit.
*we are let go.*
And this is how I spent 40+ useless hours against a program that is currently overrunning for no reason 🤣🤣🤣
Moral: never involve math guys in arithmetic situations. And if you ever feel like you're wasting your time, at least waste someone else's money.10
Root gets ignored.
I've been working on this monster ticket for a week and a half now (five days plus other tickets). It involves removing all foreign keys from mass assignment (create, update, save, ...), which breaks 1780 specs.
For those of you who don't know, this is part of how rails works. If you create a Page object, you specify the book_id of its parent Book so they're linked. (If you don't, they're orphans.) Example: `Page.create(text: params[:text], book_id: params[:book_id], ...)` or more simply: `Page.create(params)`
Obviously removing the ability to do this is problematic. The "solution" is to create the object without the book_id, save it, then set the book_id and save it again. Two roundtrips. bad.
I came up with a solution early last week that, while it doesn't resolve the security warnings, it does fix the actual security issue: whitelisting what params users are allowed to send, and validating them. (StrongParams + validation). I had a 1:1 with my boss today about this ticket, and I told him about that solution. He sort of hand-waved it away and said it wouldn't work because <lots of unrelated things>. huh.
He worked through a failed spec to see what the ticket was about, and eventually (20 minutes later) ran into the same issues Idid, and said "there's no way around this" (meaning what security wants won't actually help).
I remembered that Ruby has a `taint` state tracking, and realized I could use that to write a super elegant drop-in solution: some Rack middleware or a StrongParams monkeypatch to mark all foreign keys from user-input as tainted (so devs can validate and un-taint them), and also monkeypatch ACtiveRecord's create/save/update/etc. to raise an exception when seeing tainted data. I brought this up, and he searched for it. we discovered someone had already build this (not surprising), but also that Ruby2.7 deprecates the `taint` mechanism literally "because nobody uses it." joy. Boss also somehow thought I came up with it because I saw the other person's implementation, despite us searching for it because I brought it up? 🤨
Foregoing that, we looked up more possibilities, and he saw the whitelist+validation pattern quite a few more times, which he quickly dimissed as bad, and eventually decided that we "need to noodle on it for awhile" and come up with something else.
Shortly (seriously 3-5 minutes) after the call, he said that the StrongParams (whitelist) plus validation makes the most sense and is the approach we should use.
I came up with that last week and he said no.
I brought it up multiple times during our call and he said it was bad or simply talked over me. He saw lots of examples in the wild and said it was bad. I came up with a better, more elegant solution, and he credited someone else. then he decided after the call that the StrongParams idea he came up with (?!) was better.
jfc i'm getting pissy again.9
Another real-world argument for why I always say git is worth learning properly.
Had to track a really weird bug down today. Had no idea where it came from, how long it'd been in the code and hadn't the foggiest what was causing it. Realistically it could have been introduced any time in the last year or two, and that's tens of thousands of commits in this repo.
Git to the rescue. Knocked up a quick script to test the case in question, fed it into "git bisect run", and 30 seconds later git found the exact (small) commit that caused the issue.
It's a brilliant part of git, yet it seems like almost no-one I know uses it. Some use "git bisect", but using "git bisect run" and passing a script to it seems to be alien to most - yet it's probably my most used tool when it comes to tracking down bugs like these.8
(Warning: kinda long && somewhat of a political rant)
Every time I tell someone I work with AI, the first thing to come out of their mouth is "oh but AI is going to take over the world!"
It was only somewhat recently that it started being able to recognize what was in a picture from over 3 million images, and that too it's not that great at. Honestly people always say "AI is just if-else" ironically, but it isn't really that far from the truth, we just multiply an input by weights and check the output.
It isn't some magical sauce, it's not being born and then exploring a problem, it's just glorified-probability prediction. Even in "unsupervised" learning, the domain set is provided; in "reinforcement learning" which has gotten super popular lately we just have the computer decide which policy is optimal and apply that to an environment. It's a glorified decision tree (and technically tree models like XGBoost outperform neural networks and deep learning on a large number of problems) and it isn't going to "decide" to take over the planet.
Honestly all of this is just born out of Elon Musk fans who take his word as truth and have been led to believe that AI is going to take over the world. There are a billion reasons why it can't! And to top it off this takes away a lot of public attention from VERY concerning ethical issues with AI.
Am I the only one who saw Google Duplex being unveiled and immediately thought "fraud"? Forget phone scammers, if you trained duplex on the mannerisms of, for example, a famous politician's voice, you could impersonate them in an audio clip (or even video clip with deepfakes). Or for example the widespread use of object detection and facial recognition in surveillance systems deployed by DoD. Or the use of AI combined with location tracking and browsing analytics for targeted marketing.
The list of ethics breaches are endless, and I find it super suspicious that those profiting the most off of unethical AI are all too eager to shift public concern to some science fiction Terminator style takeover that, if ever possible, would be a long way out and is not any sort of a priority issue right now.11
I am beginning to hate the relationship between email and my clients. I never thought it would come to the point where email is the worst communication platform I've ever used because some of my clients simply don't know how to use it properly.
I have one client who never uses the subject header in his emails. This makes conversational threads very difficult to follow, and I can't just scan the inbox I have for him. I have to actually do searches on my emails just to find recent conversations.
For some reason nobody knows how to start a new email thread. I have multiple clients that will just take the last email that I sent them, regardless of what it's about, and start a new conversation completely unrelated to the other email by hitting"reply". I end up with email threads that are 60 to 100 emails long and contain many different subjects, which again makes it hard to find anything. Never mind that they've usually put two or three important attachments, or username password combinations, or other valuable information in there amongst all the noise.
Worst of all, I have a few clients and co-workers who insist on starting a new email thread whenever anything about a particular issue comes up. This means that just today I have five separate email threads about the same goddamn issue from the same damn person. Am I supposed to respond to each thread with the same damned information? One of these people is supposed to be both a media consultant and an SEO expert and really should know better. Also, if you do actually send me an email with a subject like "the robot.txt error", please don't give me one sentence about that and five paragraphs about what color you'd like the background to be. That's ridiculous. How the hell am I supposed to find that later? Especially since we already discussed this in the other email that sitting in my inbox.
I swear I am setting up a bug tracking system simply so that my clients can log in and leave me bug reports, and feature requests, and will stop filling up my poor email boxes with what amounts to piles and piles threads that I have to sort through.
For a person who suffers with a form of ADD this is extremely frustrating. Why is it so difficult for my colleagues and clients to write good emails with good subject lines, and reply to the right damn emails?
Am I just being too anal, or does this bother others as well?16
My very first rant here was about the mess of ticket submission and ticket tracking applications we use, and about how we were moving to a single unified system some day.
Well, that day is today. And, predictably, it went horribly wrong.
So the way it's supposed to work is people login to the portal, search for what they want to request, then fill in details and submit. It creates a request ticket assigned to the appropriate team. (The old way involved a bunch of nonsense that you can see in my first rant).
The thing is, I found out about this today, when I got a company-wide email saying the new system was live as of this morning. None of us knew it would happen today. Not that I could've foreseen any issues just by getting the announcement early, but still, usually people find out about these things beforehand.
So, ecstatic to finally be rid of the old ticket tracking system, I log into the new system and look for our request form, which is, of course, not there. I check the old system and see that they combined every single "general request" into a single request where you pick which team the request goes to.
So I finally find the right request, pick the right department from the drop-down, and see that the request looks much better than it did on the old system. Out of curiosity, I look at the list of people who are part of that department.
I am not on the list.
My ENTIRE TEAM is not on the list.
Because they migrated the team data to the new system a year ago, when the issue tracking/reporting portion of it went live. My current team was hired approximately six months after that and apparently updating the team data in the new system isn't part of our Onboarding process yet.
So... Bright side is I guess I will have a lot of free time soon since nobody can submit new project work to my team?
tl;dr: they took a great software product and implemented it so poorly that our team can't use it.3
Writing coroutines for io_uring. Submissions aren't working (they go through but the operation never seems to complete). Just fixed a few segfaults because of error cases not destroying coroutine handles correctly. Been on this for two days, finding more and more things I need to do that unrelated to the task at hand. Don't have issue tracking set up yet because haven't had time. Mountain of things that need to get working just for a demo is only growing. Layered maps of data structures and code flow are in my head as I'm trying to mentally debug some of this. I'm focused, completely dead to the outside world.
Then I feel a small scratch on my cheek. Three hours of mental mapping and a deep stack of thought, vanishes into thin air in a single moment.
The trade-off is worth it though.10
me vs marketing guy, again
me: yeah, the database server is not responding, so you cannot log in to post your blog, wait for it to get online.
MG: But, the website is online.
me: web host and database server are two distinct things, they are not the same, *share a screenshot of the error*
MG: Oh okay.
Literally 3 hours later this fucking idiot sends an email and I quote.
@CTO FYI, Someone has removed this code So there is some tracking issue on it.
Please add below google analytics code on the website.
Note: Copy and paste this code as the first item into the <HEAD> of every web page that you want to track. If you already have a Global Site Tag on your page, simply add the config line from the snippet below to your existing Global Site Tag.
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://googletagmanager.com/gtag/..."></script>
window.dataLayer = window.dataLayer || ;
gtag('js', new Date());
The fucking issue was of him not being able to post his shitty blog, and he shares an email like this, FOR FUCK'S SAKE!2
My prederred method of communication is over email.
A guy I've built an ecommerce platform and affiliate tracking for was sending me a lot of IMs. So I disabled Google chat. Then he started sending me texts to let me know he sent WhatsApp messages.
Last week he sent me a text to let me know to check WhatsApp. The message there was extremely vague and a minute later an actual email came in explaining the actual issue.
He's fucking with me right?
Then yesterday he messaged me a random series of questions, some that could have easily been googled, that on a holiday while I'm out with my family, should have definitely been over email, because they weren't immediate issues. I actually pictured him drinking at a bbq when he was writing them.
I was about to quit this dude but I get some nice monthly bonuses.
Oh boy I got a few. I could tell you stories about very stupid xss vectors like tracking IDs that get properly sanitized when they come through the url but as soon as you go to the next page and the backend returns them they are trusted and put into the Dom unsanitized or an error page for a wrong token / transaction id combo that accidentally set the same auth cookie as the valid combination but I guess the title "dumbest" would go to another one, if only for the management response to it.
Without being to precise let's just say our website contained a service to send a formally correct email or fax to your provider to cancel your mobile contract, nice thing really. You put in all your personal information and then you could hit a button to send your cancelation and get redirected to a page that also allows you to download a pdf with the sent cancelation (including all your personal data). That page was secured by a cancelation id and a (totally save) 16 characters long security token.
Now, a few months ago I tested a small change on the cancelation service and noticed a rather interesting detail : The same email always results in the same (totally save) security token...
So I tried again and sure, the token seemed to be generated from the email, well so much about "totally save". Of course this was a minor problem since our cancelation ids were strong uuids that would be incredibly hard to brute force, right? Well of course they weren't, they counted up. So at that point you could take an email, send a cancelation, get the token and just count down from your id until you hit a 200 and download the pdf with all that juicy user data, nice.
Well, of course now I raised a critical ticket and the issue was fixed as soon as possible, right?
Of course not. Well I raised the ticket, I made it critical and personally went to the ceo to make sure its prioritized. The next day I get an email from jira that the issue now was minor because "its in the code since 2017 and wasn't exploited".
Well, long story short, I argued a lot and in the end it came to the point where I, as QA, wrote a fix to create a proper token because management just "didn't see the need" to secure such a "hard to find problem". Well, before that I sent them a zip file containing 84 pdfs I scrapped in a night and the message that they can be happy I signed an NDA.2
Jesus fucking stupid backend developers that don't listen when you tell them their shit doesn't work. So you end up wasting time again and again tracking down these fucking obscure issues that are caused by THE SAME FUCKING BACKEND ISSUE3
Ladies and gents, it was a 🍺 day, today.
I spent more hours than I care to say today tracking down an issue in our web workflow, even looping in our only web dev to help me debug it from his side. There ended up being multiple bugs found, but the most annoying of them was that the json data being pulled back was truncated because a certain someone, in their migration script, set their varchar variable to a size of 1000 and then proceeded to store a json string that was 2800+ characters in length.
I got nothing productive done today. Hate, hate, hate days like this!
Anyone else have 100 .txt files on the computer called note(54).txt? Or TODO(32).txt? Yeah... Someday I will compress them into one so I don't miss something important for work. Why don't we have issue tracking?!?!5
When you reply to an issue, and either:
a) no one replies, then you get asked about it days or weeks later
b) they completely ignore it and ask why it's not done
Project Lead: The DevOps department just got a GitLab instance installed on our internal network. We're gradually going to move all our projects onto it and move away from BitBucket and Jenkins really soon.
Project Lead: We're still using JIRA and Confluence for issue tracking and documentation though because the higher ups said so.
I dunno for you guys and I am sorry in advance but what is jira? "a proprietary issue tracking product providing bug tracking, issue tracking and project management functions" right?
so why the fuck do I need to write a fucking "Log Work" when I pee, when I poop, when I go out taking a break, when I drink coffee...2
How do you guys stay on track with personal projects? To do lists, issue tracking, kanban boards, app... ?3
Hey guys! I've just written Part 1 of a post on Privacy and how we're tracked these days. It's intended more for those who don't know about the issue or would like to learn more. Part 1 is mostly a long overview of the kinds of things that happen these days in regards to privacy and tracking.
I'd be honored if you read it. I also welcome any feedback as I'm not really a writer. Currently I want to figure out some formatting on the site to make the long posts like this one a bit more readable.13
What is your preffered way of branching and potential integration of issue tracking?
Just curious to see as this topic causes a lot of discussions in office the last days.5
So, I will try to use devRant as an issue traker for itself!
Sometimes a gif shows on click just a blank black screen and an x for closing on top left corner. And it does not change after some waiting.
The issue stays the same after closing and opening the specific gif again and again. If it is loading for a long time, then a animation indicating that would be nice.
Strangely, other gifs are loaded and shown instantly.
I hope it is not too bold to reference you: @dfox4
Listing my skills:
I have published react-native apps.
I can build an extensive backend/API thing with node.JS/a good framework.(worked on something for my countries national football league during an internship as main/only dev)
I have some experience with c# but havent used it since school.
I have no issue getting into new frameworks/languages, as long as its not PHP.
I have experience working in software teams.
I have experience running my own company(Online store selling airsoft supplies - i quit).
Im working towards getting familiar with Tensorflow 2.0.
I have a Cambridge English assessment certificate at grade C2.
I am currently working(for 0 pay for 50% of the shares) on developing a social media app that uses location tracking on a 20-200 meter scale.
I have ADHD and have been spoken on/warned due to its effects( i.e. forgetting to report progress, getting distracted, needing stimulation so i browse youtube(even have it playing in the bottom corner sometimes), poor communication.
Am i worth anything at all as a developer... im getting pretty depressed due to not having an income at this point... and I dont think anyone will hire me4
TLDR, need suggestions for a small team, ALM, or at least Requirements, Issue and test case tracking.
Okay my team needs some advice.
Soo the powers at be a year ago or so decided to move our requirement tracking process, test case and issue tracking from word, excel and Visio. To an ALM.. they choice Siemens Polarion for whatever reason assuming because of team center some divisions use it..
Ohhh and by the way we’ve been all engineering shit perfectly fine with the process we had with word, excel and Visio.. it wasn’t any extra work, because we needed to make those documents regardless, and it’s far easier to write the shit in the raw format than fuck around with the Mouse and all the config fields on some web app.
ANYWAY before anyone asks or suggests a process to match the tool, here’s some back ground info. We are a team of about 10-15. Split between mech, elec, and software with more on mech or elec side.
But regardless, for each project there is only 1 engineer of each concentration working on the project. So one mech, one elec and one software per project/product. Which doesn’t seem like a lot but it works out perfectly actually. (Although that might be a surprise for the most of you)..
ANYWAY... it’s kinda self managed, we have a manger that that directs the project and what features when, during development and pre release.
The issue is we hired a guy for requirements/ Polarion secretary (DevOps) claims to be the expert.. Polarion is taking too long too slow and too much config....
We want to switch, but don’t know what to. We don’t wanna create more work for us. We do peer reviews across the entire team. I think we are Sudo agile /scrum but not structured.
I like jira but it’s not great for true requirements... we get PDFs from oems and converting to word for any ALM sucks.. we use helix QAC for Misra compliance so part of me wants to use helix ALM... Polarion does not support us unless we pay thousands for “support package” I just don’t see the value added. Especially when our “DevOps” secretary is sub par.. plus I don’t believe in DevOps.. no value added for someone who can’t engineer only sudo direct. Hell we almost wanna use our interns for requirements tracking/ record keeping. We as the engineers know what todo and have been doing shit the old way for decades without issues...
Need suggestions for small team per project.. 1softwar 1elec 1mech... but large team over all across many projects.
Sorry for the long rant.. at the bar .. kinda drunk ranting tbh but do need opinions...
Has anyone used CA's Rally for issue tracking? Is it as bad for devs as I've been warned?
We are being forced to use it instead of Jira because of the pretty reports it generates for management and I am kind of scared...5
I am currently playing dumb with a potential hire and it's just so much fun I don't know if I should stop.
We gave the dev a little coding challenge to code a small expense tracking app. Nothing fancy, just to see how he well he could do on his own. We told him to take as much time as he requires.
He submitted it and I tried to run it. It worked alright but I could not register or login.
I debugged the issue with him for a while and told him I would look at it later since I am tied up with other tasks..
We are communicating via an IM.
Him: Or how did you run the project. I wish I was there to run it for you. Lol
Me: dotnet run. start without debugging
Him: From the cmd?
At this point I about to get pissed. Where else would I run 'dotnet run' from??
Me: I would hope so
Him: I always run it from the cmd. With administrative privileges
Me: Really?? Where can I find cmd?
Him: Yes. Do you use a Mac?
Me: nope. I am using windows2
I am an Automation QA. I logged in a small issue, which eventually cascaded into a larger one. An issue which started with only the QA and DEV now has the attention of the directors as well.1
It's does not take a huge amount of knowledge and skill to get a program working.Kids in high school do it all the time. young men and women in college start billion-dollar business based on scrabbling together a few lines of PHP or Ruby. Hoards of junior programmers in cube farms around the world slog through massive requirements documents held in huge issue tracking systems to get their systems to "work" by the sheer force of will. The code they produce may not be pretty; but it works. It works because getting something to work-once-just is not that hard.