As a long-time iPhone user, I am really sorry to say it but I think Apple has completed their transition to being a company that is incompetent when it comes to software development and software development processes.

I’ve grown tired of hearing some developers tell me about Apple’s scale and how software development is hard and how bugs should be expected. All of those are true, but like most rules of law, incompetence and gross negligence trumps all of that.

I’m writing this because of the telugu “bug”/massive, massive security issue in iOS 11.2.5. I personally think it’s one of the worst security issues in the history of modern devices/software in terms of its ease of exploitation, vast reach, and devastating impact if used strategically. But, as a software developer, I would have been able to see past all of that, but Apple has shown their true incompetence on this issue and this isn’t about a bug.

It’s about a company that has a catastrophic bug in their desktop and mobile platforms and haven’t been able to, or cared to, patch it in the 3 or so days it’s been known about. It’s about a company, who as of a view days ago, hasn’t followed the basic software development process of removing an update (11.2.5) that was found to be flawed and broken. Bugs happen, but that kind of incompetence is cultural and isn’t a mistake and it certainly isn’t something that people should try to justify.

This has also shown Apple’s gross incompetence in terms of software QA. This isn’t the first time a non-standard character has crashed iOS. Why would a competent software company implement a step in their QA, after the previous incident(s), to specifically test for issues like this? While Android has its issues too and I know some here don’t like Google, no one can deny that Google at least has a solid and far superior QA process compared to Apple.

Why am I writing this? Because I’m fed up. Apple has completely lost its way. devRant was inaccessible to iOS users a couple of times because of this bug and I know many, many other apps and websites that feature user-generated content experienced the same thing. It’s catastrophic. Many times we get sidetracked and really into security issues, like meltdown/spectre that are exponentially harder to take advantage of than this one. This issue can be exploited by a 3 year old. I bet no one can produce a case where a security issue was this exploitable yet this ignored on a whole.

Alas, here we are, days later, and the incompetent leadership at Apple has still not patched one of the worst security bugs the world has ever seen.

Well, it happened. The stupidest request, no demand, I have ever, and most likely will ever receive...

Me: So what is it you're looking to do with your website.

Client: We're not showing up Facebook's home page. We need you to fix that. We have a budget of $10,000 to make this happen right now.

Me: As much as I'd love to take your money, that isn't something I can control. Every "home page" is profile-based, which technically isn't a homepage, but a "feed" that changes constantly. So say you create a profile on Facebook, only those you follow, and paid posts show up on your feed. What I can do however is use your budget to create and promote posts from your company page to show on users' feeds. If you're serious about marketing, we can start slow at $250/week, then work our way up or down based on results until your budget is exhausted, then re-evaluate the budget at that time. I can tailor a retainer for you based on the number of ads per week that you'd like to make.

Client: No, this is not what we're asking for at all.

Me: Okay...what is it you're looking for exactly? Run through this in as much detail as possible so I can get on the same page.

Client: We want to be on the main home page of facebook.com. We want our logo on that page when people sign up to make an account, linking to our website.

Me: That's simply not possible. That's Facebook's own home page. Nobody has a right to edit that other than Facebook itself.

Client: Bullshit. There's a Facebook developers section with APIs to edit and view Facebook's entire website. We would do it ourselves, but we signed up and don't understand how to change it in Chrome. That's why we need you and [referring client] said you were the best guy for our needs.

Me: That API has no control over Facebook's corporate data, including their own home page. That API designed ONLY for sections in which you are authorized to access or modify, such as your personal profile or created page for your business.

Client: We know that it can be done. If you don't do it, we'll find someone else who can.

Me: Well good luck with that, because the only way it would be remotely possible to do that WILL involve prison time, since that would be illegal. The only legal way to do it would be to buy Facebook, and they'll laugh you out of the building with that offer. But I'm done with this conversation because I have work to complete from clients that aren't delusional. Have a nice day! [hang up]

----

What. The. Fuck.

EDIT: since this announcement, collabs have been made free to post for all devRant members!

Introducing two big new devRant features!

First, the one @trogus and I are most excited about - Collabs!

Collabs are an easy way to start projects or work on existing projects with the awesome members of the devRant community. You can post a collab listing for the awesome open source project you started that could use some more contributors, that fun idea you have for a brand new project, or really anything you want to gather some fellow devs for. We think it will be a lot of fun.

Collabs also is a devRant first - it's our first paid feature. For each 2 week collab posting, we're charging $14.99. But we wanted to make sure to thank devRant users who have been with us for a while and anyone who contributes often, so anyone with 2,000 points or higher (now or in the future) gets one free collab listing!

The main reason we see collabs as a great first paid feature is because requiring payment or 2,000 points serves to be a slight barrier in posting a collab. We think for collaborations to be successful it's important to have some way to keep out listings where the poster has no intent of following through and we hope this is a good start to doing that.

NOTE: if the collab you are looking to create is devRant-centric (ex. a devRant Chrome extension), we will give you a free credit especially for that so you don't have to pay or use your earned free one. Just contact us (info@devrant.io) if your project falls into that category.

In addition, after tons of demand from the community, you can now change your username and email address! One important note is that you only get to change your username one time every 6 months, so use it cautiously :) You can access this feature in the "more" tab, then settings, then "Edit username or email."

If you have any questions or feedback about any of this, just let us know! We hope everyone enjoys :)

So... A random morning moment:
(c - Cient, m - me)

C: Help!!! Our users are complaining that our website is not working as intended!!! This is crucial!!!!
M: What's the problem? What is not working?
C: EVERYTHING!!!! FIX IT!!!!
M: Could you be more specific...?
C: Look at the bugsnag - it has all the errrors!!!
M: *looks there - no errors* - But... It has no errors...
C: Okay, so client told me he's using Galaxy SII - does that ring a bell?
M: *thinks that I'm fucked* - Asks, which browser?
C: Why do you need it? It's a browser after all...
M: Yeah but not all browsers are the same and I need type and version to investigate...
C: It's Samsung default browser... Last updated 2012 January.
M: Well, tell that user to update the browser, the site is working fine on newer versions...
C: No, you update it.
M: Browser?!
C: Yes, what else?!
M: Of course, I'll fly 3000 kilometres to press UPDATE button on clients phone...
C: Well, he's not doing it himself - he's afraid!
M: Well, that is his problem. Site is working fine for other users with newer browsers.
C: But... He's a client
M: I get it but he's a client that uses 6 years old browser and tries to visit our website. Don't you remember that we ditched IE support on your behalf for the same reason?!
C: Oh... I see... Can you make something that it works with 2005 browsers?
M: Of course... *evil laugh starts* I'll make the website work on EVERY single device EVER - make it plain text.
C: Are you joking?
M: Are you?

----

And since then, we ditched the actual need for supporting users with old browsers that don't update to modern standards... Feels great!

My views on the github/MS thingy.

I've had to explain in at least 20+ rants that some people might have legitimate reasons/opinions for disagreeing with this deal. I find it quite bad that I even have to say this but that aside for this rant.

Microsoft is a commercial company which does a lot for open source, that's a fact.

In my case, I mostly look at the part of Microsoft in regard to how they treat users and user privacy as this, in my opinion, shows for a great deal how trustworthy a company is.

It's publicly known that Microsoft joined the prism surveillance program in 2007 which in my opinion also meant selling out all users.
Next to that, through at least windows 10 it has done quite intrusive user tracking which I also see as a betrayal to its users.

I could go on and on about cases but I've made my point on at least microsoft.

As for github selling itself to Microsoft, this most likely means that it'll also be integrated within the prism network. That's my main point of concern as to why I disagree of this deal and have lost my trust in github for selling to a company which, imo, has absolutely no respect for its users' privacy and has ethics I entirely disagree with.

I still haven't formed an opinion on the rest of arguments out there as, due to a medical thing, I'm hardly able to focus right now.

You might agree or disagree, that's your very right and that's perfectly fine. Just don't say that I haven't come with an actual argument/opinion as for why I disagree with this deal.

Is this the code life
Another scrum meeting
Caught in the the Node life
No escape from reality
Open your eyes
Look up to the screens and see..
I'm just a dev boy
Doing some debugging
Because there's warnings here
Errors there
Segment faults
Everywhere
Anytime you distract
Takes another hour from me
From me

*piano starts

Mama. Just committed a bug
Merge the branch to production
Did it fast for milestones
Mama. The repo has just begun
But now they going to throw the stack away.
Mama. U u u uu
Didn't mean to code in LAMP
But it's the only stack i know how to setup
In Ubuntu. Without docker
I really don't get vagrant

*piano

It's too late
My team is done
Some dev is working in Nepal
A UX dev. Now what is that?
Goodbye everybody
I've got to go
Gotta leave this lame meeting
And face the truth
Oh nooooo. I i interns
(they have questions)
I want to debug
I don't want to stay till 3 in the morning

*epic guitar

I see a litlle dev over there
Let's code review, let's code review
Did he do the last commit?
Coding in the white board
Very very frightening me
That's bug(that's a bug)
That's a bug (that's a bug)
What the f*ck did you do that?
Magnificcooooooo

I was just coding and nobody liked it
He was coding and nobody liked it, spare his some time to do his debugging

Easy man. Here go. Will you let me code?
A meeting. No,we will not let you code. ( let me code)
A meeting. we will not let you code. ( let me code)
A meeting. we will not let you code. ( let me code)
We will not let you code
Never never let you go
Never let you code, oh
No no no no no no no
Oh mama mia, mama mia ( dude, you've gotta let me code)
Screw you guys, I'm gonna code and commit. Commit. Comiiiiitt!

*epic guitar

So you think you can review me and spit in my eye?
So you think you can dump me and erase my branch?
Oh baby, cant do this to me baby
I've just have to log out.
I've just have to log outta here

*epic guitar solo

Nothing really matters
The users will not care
Nothing really matters
To them

Any way this code blows

Started talking with someone about general IT stuff. At some point we came to the subject of SSL certificates and he mentioned that 'that stuff is expensive' and so on.

Kindly told him about Let's Encrypt and also that it's free and he reacted: "Then I'd rather have no SSL, free certificates make you look like you're a cheap ass".

So I told him the principle of login/registration thingies and said that they really need SSL, whether it's free or not.

"Nahhh, then I'd still rather don't use SSL, it just looks so cheap when you're using a free certificate".

Hey you know what, what about you write that sentence on a whole fucking pack of paper, dip it into some sambal, maybe add some firecrackers and shove it up your ass? Hopefully that will bring some sense into your very empty head.

Not putting a secure connection on a website, (at all) especially when it has a FUCKING LOGIN/REGISTRATION FUNCTION (!?!?!?!!?!) is simply not fucking done in the year of TWO THOUSAND FUCKING SEVENTEEN.

'Ohh but the NSA etc won't do anything with that data'.

Has it, for one tiny motherfucking second, come to mind that there's also a thing called hackers? Malicious hackers? If your users are on hacked networks, it's easy as fuck to steal their credentials, inject shit and even deliver fucking EXPLOIT KITS.
Oh and you bet your ass the NSA will save that data, they have a whole motherfucking database of passwords they can search through with XKeyScore (snowden leaks).

Motherfucker.

Every day.

I am a PHP developer.

Yeah, "another PHP is awful" rant... no, not really.

It's just unsuitable for some ambitious projects, just like Ruby and Python are.

First of all, DO NOT EVER use Laravel for large enterprise applications. The same goes for RoR, Django, and other ActiveRecord MVCs.

They are all neat frameworks for writing a todo app, as a better-than-wordpress flexible blogging solution, even as a custom webshop.

Beyond 50k daily users, Active Record becomes hell due to it's lazy fat querying habits. At more than a million users... *depressed sigh*.

PHP is also completely unsuitable for projects beyond 5M lines of code in my opinion. At more than 25M lines... *another depressed sigh*.

You can let your devs read Clean Code and books about architecture patterns, you can teach them about SOLID & DRY, you can write thousands of tests... it doesn't matter.

PHP is scaffolding, it's made of bamboo and rope. It's not brick or concrete. You can build quickly, but it only scales up to a certain point before it breaks in multiple places.

Eventually you run into patterns where even 100% test coverage still doesn't guarantee shit, because the real-life edge cases are just too complex and numerous.

When you're working on a multi-party invoicing system with adapters for various tax codes, or an availability/planning system working across timezones, or systems which implement geographical routefinding coupled to traffic, event & weather prediction...

PHP, Python, Ruby, etc are just missing types.

Every day I run into bugs which could have been prevented if you could use ADTs in a generic way in PHP. PHP7 has pretty good typehints, and they prevent a lot of messy behavior, but they aren't composable. There is no way to tell PHP "this method accepts a Collection of Users", or "this methods returns maybe either an Apple or a Pear, and I want to force the caller to handle both Apple/Pear and null".

Well, you could do that, but it requires a lot of custom classes and trickery, and you have to rewrite the same logic if you want to typehint a "Collection of Departments" instead of "Collection of Users" -- i.e., it's not composable.

Probably the biggest issue is that languages with a (mostly) structural type system (Haskell, Rust, even C#/JVM languages to some degree, etc) are much slower to develop in for the "startup" era of a project, so you grab a weak, quick prototyping language to get started.

Then, when you reach a more grown up phase, you wish you had a better type system at your disposal...

One week, and it turned out to be worse than that.

I was put on a project for a COVID-19 program in America (The CARES Act). The financial team came to us on Monday morning and said they need to give away a couple thousand dollars.

No big deal. All they wanted was a single form that people could submit with some critical info. Didn't need a login/ registration flow or anything. You could have basically used Google Forms for this project.

The project landed in my lap just before lunch on Monday morning. I was a junior in a team with a senior and another junior on standby. It was going to go live the next Monday.

The scope of the project made it seem like the one week deadline wasn't too awful. We just had to send some high priority emails to get some prod servers and app keys and we were fine.

Now is the time where I pause the rant to express to you just how fine we were decidedly **not**: we were not fine.

Tuesday rolls around and what a bad Tuesday it was. It was the first of many requirement changes. There was going to need to be a review process. Instead of the team just reading submissions from the site, they needed accept and reject buttons. They needed a way to deny people for specific reasons. Meaning the employee dashboard just got a little more complicated.

Wednesday came around and yeah, we need a registration and login flow. Yikes.

Thursday came and the couple-thousand dollars turned into a tens of millions. The amount of users we expected just blew up.

Friday, and they needed a way for users to edit their submissions and re-submit if they were rejected. And we needed to send out emails for the status of their applications.

Every day, a new meeting. Every meeting, new requirements that were devastating given our timeframe.

We put in overtime. Came in on the weekend. And by Monday, we had a form that users could submit and a registration/ login flow. No reviewer dashboard. We figured we could take in user input on time and then finish the dashboard later.

Well, financial team has some qualms. They wanted a more complicated review process. They wanted roles; managers assign to assistants. Assistants review assigned items.

The deadline that we worked so hard on whizzed by without so much as a thought, much less the funeral it deserved.

Then, they wanted multiple people to review an application before it was final. Then, they needed different landing pages for a few more departments to be able to review different steps of the applications.

Ended up going live on Friday, close to a month after that faithful Monday which disrupted everything else I was working on, effective immediately.

I don't know why, but we always go live on a Friday for some reason. It must be some sort of conspiracy to force overtime out of our managers. I'm baffled.

But I worked support after the launch.

And there's a funny story about support too: we were asked to create a "submit an issue" form. Me and the other junior worked on it on a wednesday three weeks into the project. Finished it. And the next day it was scrapped and moved to another service we already had running. Poor management like that plagued the project and worked in tandem with the dynamic and ridiculous requirements to make this project hell.

Back to support.

Phone calls give me bad anxiety. But Friday, just before lunch, I was put on the support team. Sure, we have a department that makes calls and deal with users. But they can't be trained on this program: it didn't exist just a month ago, and three days ago it worked differently (the slippery requirements never stopped).

So all of Friday and then all of Saturday and all of Monday (...) I had extended panic attacks calling hundreds of people. And the team that was calling people was only two people. We had over 400 tickets in the first two days.

And fuck me, stupid me, for doing a good job. Because I was put on the call team for **another** COVID project afterwards. I knew nothing about this project. I have hated my job recently. But I'm a junior. What am I gonna say, no?

Just found out the backend developer I’m always complaining about. The one who:

- Can’t implement OAuth, and we have to have app users login every 24 hours because we have no way to generate new refresh tokens.

- Who used the phrase “your time zone is not my concern” to avoid building something that would let us inject test data.

- Who’s been debugging a critical bug affecting many users since December.

- Who can’t conduct API tests from external internet (you know, like the way the app will be in the wild) because it takes too much time.

- Who replies to Jira tickets only on a blue moon.

- Who has been 90% of the reason for my blood pressure situation

... is a fucking principal engineer in this company. In pecking order, his opinion should be considered more valuable than mine and everyone on my team.

I’ve just lost the will to live. How are big organizations THIS bad. Seriously, what promotion discussion did he go into

“So, you are a complete and utter bastard, nobody can stand to speak to you and you’ve yet to deliver anything of worth that actually works, over the course of several years ... ... ... interested in having your pay doubled??”

I am bloody sick of being on my own.

I was the sole dev at the last few jobs I've held, with the exception of API Guy -- who didn't really help much, and who got fired / quit six months after I started. Every other job I've either been the only dev, or the only web dev. (Exception:My boss at my previous job was a Rails dev, but he has zero time to code, and was significantly less experiened so he could only rarely help anyway.)

But now I'm in a company with a bunch of other devs, and they're all ostensibly senior devs, so you'd think I should be able to ask questions, right? And get answers? that actually help? like "Hey, you built this; how does it work?" No bloody way.

So far every time I've asked someone for help, they've been incompetent. I asked about what a few flags did, and got an answer that basically said "you just gotta know. oh, and the labels aren't up to date, so don't trust what they say." I asked the head of the "product team" about a ticket that he wrote, and he changed what it meant four times within two days. I asked about another, and he said "oh, that isn't reproduceable." Thanks. I asked about mailers, and got two very different, very incompete walkthroughs from the more senior devs (9+ years on this codebase) that didn't help. I asked two people about how users and roles work, and still have no idea what kind of user (there are like twelve?) is what, what roles even exist, or how to check for permissions. `@current_user` is a thing, but idfk what it holds since that can change considerably, and there's an impersonation feature that changes how it works, too. I ask the product guy again about where to link something, and he has no idea. I ask said product guy about what this feature needs to do, and he doesn't know. I ask what the legal team needs, and i get nothing. I ask the designer where the goddamn CSS lives, and he doesn't know; he apparently just puts it wherever he feels like, even if it's a completely unrelated stylesheet. As long as it works, right?

I ask very simple and straighforward questions, and it takes them forever to get back to me saying what amounts to "idk, ask someone else."

This feels like the same crap all over again, except now there are a bunch of devs I can ask that give me basically the same answers as the sales people always did. Always "idk" or a confusing mess of an 'answer' that skips most/all of the important bits. At least these people don't [usually] contradict themselves.

So, @Root is all alone, again.
And currounded by incompetence.
Again.

For fuck's sake.
Can't I catch a break?

I recently joined the dark side - an agile consulting company (why and how is a long story). The first client I was assigned to was an international bank. The client wanted a web portal, that was at its core, just a massive web form for their users to perform data entry.

My company pitched and won the project even though they didn't have a single developer on their bench. The entire project team (including myself) was fast tracked through interviews and hired very rapidly so that they could staff the project (a fact I found out months later).

Although I had ~8 years of systems programming experience, my entire web development experience amounted to 12 weeks (a part time web dev course) just before I got hired.

I introduce to you, my team ...

Scrum Master. 12 years experience on paper.
Rote memorised the agile manifesto and scrum textbooks. He constantly went “We should do X instead of (practical thing) Y, because X is the agile way.” Easily pressured by the client to include ridiculous (real time chat in a form filling webpage), and sometimes near impossible features (undo at the keystroke level). He would just nag at the devs until someone mumbled ‘yes' just so that he would stfu and go away.

UX Designer. 3 years experience on paper ... as business analyst.
Zero professional experience in UX. Can’t use design tools like AI / photoshop. All he has is 10 weeks of UX bootcamp and a massive chip on his shoulder. The client wanted a web form, he designed a monstrosity that included several custom components that just HAD to be put in, because UX. When we asked for clarification the reply was a usually condescending “you guys don’t understand UX, just do <insert unhandled edge case>, this is intended."

Developer - PHD in his first job.
Invents programming puzzles to solve where there are none. The user story asked for a upload file button. He implemented a queue system that made use of custom metadata to detect file extensions, file size, and other attributes, so that he could determine which file to synchronously upload first.

Developer - Bootlicker. 5 years experience on paper.
He tried to ingratiate himself with the management from day 1. He also writes code I would fire interns and fail students for. His very first PR corrupted the database. The most recent one didn’t even compile.

Developer - Millennial fratboy with a business degree. 8 years experience on paper.
His entire knowledge of programming amounted to a single data structures class he took on Coursera. Claims that’s all he needs. His PRs was a single 4000+ line files, of which 3500+ failed the linter, had numerous bugs / console warnings / compile warnings, and implemented 60% of functionality requested in the user story. Also forget about getting his attention whenever one of the pretty secretaries walked by. He would leap out of his seat and waltz off to flirt.

Developer - Brooding loner. 6 years experience on paper.
His code works. It runs, in exponential time. Simply ignores you when you attempt to ask.

Developer - Agile fullstack developer extraordinaire. 8 years experience on paper.
Insists on doing the absolute minimum required in the user story, because more would be a waste. Does not believe in thinking ahead for edge conditions because it isn’t in the story. Every single PR is a hack around existing code. Sometimes he hacks a hack that was initially hacked by him. No one understands the components he maintains.

Developer - Team lead. 10 years of programming experience on paper.
Writes spaghetti code with if/else blocks nested 6 levels deep. When asked "how does this work ?”, the answer “I don’t know the details, but hey it works!”. Assigned as the team lead as he had the most experience on paper. Tries organise technical discussions during which he speaks absolute gibberish that either make no sense, or are complete misunderstandings of how our system actually works.

The last 2 guys are actually highly regarded by my company and are several pay grades above me. The rest were hired because my company was desperate to staff the project.

There are a 3 more guys I didn’t mention. The 4 of us literally carried the project. The codebase is ugly as hell because the others merge in each others crap. We have no unit tests, and It’s near impossible to start because of the quality of the code. But this junk works, and was deployed to production. Today is it actually hailed as a success story.

All these 3 guys have quit. 2 of them quit without a job. 1 found a new and better gig.

I’m still here because I need the money. There’s a tsunami of trash code waiting to fail in production, and I’m the only one left holding the fort.

Why am I surrounded by morons?
Why are these retards paid more than me?
Why are they so proud when all they produce is trash?
How on earth are they still hired?

And yeah, FML.

Client: Please remove the address inputs from the inquiry form. Our marketing strategist said that more people will fill out the form if there are less input fields.

Me: But you are required by law to include the address in the generated inquiry PDFs!

Client: Can you remove the fields and still include the address in the PDF somehow?

Me: No. How would the website know the users address without asking for it.

Client: Okay. Wait! Can we change the form to just one large input where the user has to enter everything at once? That is even less inputs so more users would do it, right?

Me:...

I have been a mobile developer working with Android for about 6 years now. In that time, I have endured countless annoyances in the Android development space. I will endure them no more.
My complaints are:

1. Ridiculous build times. In what universe is it acceptable for us to wait 30 seconds for a build to complete. Yes, I've done all the optimisations mentioned on this page and then some. Don't even mention hot reload as it doesn't work fast enough or just does not work at all. Also, buying better hardware should not be a requirement to build a simple Android app, Xcode builds in 2 seconds with a 8GB Macbook Air. A Macbook Air!

2. IDE. Android Studio is a memory hog even if you throw 32GB of RAM at it. The visual editors are janky as hell. If you use Eclipse, you may as well just chop off your fingers right now because you will have no use for them after you try and build an app from afresh. I mean, just look at some of the posts in this subreddit where the common response is to invalidate caches and restart. That should only be used as a last resort, but it's thrown about like as if it solves everything. Truth be told, it's Gradle's fault. Gradle is so annoying I've dedicated the next point to it.

3. Gradle. I am convinced that Gradle causes 50% of an Android developer's pain. From the build times to the integration into various IDEs to its insane package management system. Why do I need to manually exclude dependencies from other dependencies, the build tool should just handle it for me. C'mon it's 2019. Gradle is so bad that it requires approx 54GB of RAM to work out that I have removed a dependency from the list of dependencies. Also I cannot work out what properties I need to put in what block.
4. API. Android API is over-bloated and hellish. How do I schedule a recurring notification? Oh use an AlarmManager. Yes you heard right, an AlarmManager... Not a NotificationManager because that would be too easy. Also has anyone ever tried running a long running task? Or done an asynchronous task? Or dealt with closing/opening a keyboard? Or handling clicks from a RecyclerView? Yes, I know Android Jetpack aims to solve these issues but over the years I have become so jaded by things that have meant to solve other broken things, that there isn't much hope for Jetpack in my mind 😤

5. API 2. A non-insignificant number of Android users are still on Jelly Bean or KitKat! That means we, as developers, have to support some of your shitty API decisions (Fragments, Activities, ListView) from all the way back then!

6. Not reactive enough. Android has support for Databinding recently but this kind of stuff should have been introduced from the very start. Look at React or Flutter as to how easy it is to make shit happen without any effort.

7. Layouts. What the actual hell is going on here. MDPI, XHDPI, XXHDPI, mipmap, drawable. Fuck it, just chuck it all in the drawable folder. Seriously, Android should handle this for me. If I am designing for a larger screen then it should be responsive. I don't want to deal with 50 different layouts spread over 6 different folders.

8. Permission system. Why was this not included from the very start? Rogue apps have abused this and abused your user's privacy and security. Yet you ban us and not them from the Play Store. What's going on? We need answers.

9. In Android, building an app took me 3 months and I had a lot of work left to do but I got so sick of Android dev I dropped it in favour of Flutter. I built the same app in Flutter and it took me around a month and I completed it all.
10. XML.

If you're a new dev, for the love of all that is good in this world, do NOT get into Android development. Start with Flutter or even iOS. On Flutter and build times are insanely fast and the hot reload is under 500ms constantly. It's a breath of fresh air and will save you a lot of headaches AND it builds for iOS flawlessly.

To the people who build Android, advocate it and work on it, sorry to swear, but fuck you! You have created a mess that we have to work with on a day-to-day basis only for us to get banned from the app store! You have sold us a lie that Android development is amazing with all the sweet treat names and conferences that look bubbly and fun. You have allowed to get it so bad that we can't target an API higher than 18 because some Android users are still using devices that support that!

End this misery. End our pain. End our suffering. Throw this abomination away like you do with some of your other projects and migrate your efforts over to Flutter. Please!

#NoToGoogleIO #AndroidSummitBoycott #FlutterDev #ReactNative

I’m surrounded by idiots.

I’m continually reminded of that fact, but today I found something that really drives that point home.

Gather ‘round, everybody, it’s story time!

While working on a slow query ticket, I perused the code, finding several causes, and decided to run git blame on the files to see what dummy authored the mental diarrhea currently befouling my screen. As it turns out, the entire feature was written by mister legendary Apple golden boy “Finder’s Keeper” dev himself.

To give you the full scope of this mess, let me start at the frontend and work my way backward.

He wrote a javascript method that tracks whatever row was/is under the mouse in a table and dynamically removes/adds a “.row_selected” class on it. At least the js uses events (jQuery…) instead of a `setTimeout()` so it could be worse. But still, has he never heard of :hover? The function literally does nothing else, and the `selectedRow` var he stores the element reference in isn’t used elsewhere.

This function allows the user to better see the rows in the API Calls table, for which there is a also search feature — the very thing I’m tasked with fixing.

It’s worth noting that above the search feature are two inputs for a date range, with some helpful links like “last week” and “last month” … and “All”. It’s also worth noting that this table is for displaying search results of all the API requests and their responses for a given merchant… this table is enormous.

This search field for this table queries the backend on every character the user types. There’s no debouncing, no submit event, etc., so it triggers on every keystroke. The actual request runs through a layer of abstraction to parse out and log the user-entered date range, figure out where the request came from, and to map out some column names or add additional ones. It also does some hard to follow (and amazingly not injectable) orm condition building. It’s a mess of functional ugly.

The important columns in the table this query ultimately searches are not indexed, despite it only looking for “create_order” records — the largest of twenty-some types in the table. It also uses partial text matching (again: on. every. single. keystroke.) across two varchar(255)s that only ever hold <16 chars — and of which users only ever care about one at a time. After all of this, it filters the results based on some uncommented regexes, and worst of all: instead of fetching only one page’s worth of results like you’d expect, it fetches all of them at once and then discards what isn’t included by the paginator. So not only is this a guaranteed full table scan with partial text matching for every query (over millions to hundreds of millions of records), it’s that same full table scan for every single keystroke while the user types, and all but 25 records (user-selectable) get discarded — and then requeried when the user looks at the next page of results.

What the bloody fucking hell? I’d swear this idiot is an intern, but his code does (amazingly) actually work.

No wonder this search field nearly crashed one of the servers when someone actually tried using it.

Asdfajsdfk.

Well, here's the OS rant I promised. Also apologies for no blog posts the past few weeks, working on one but I want to have all the information correct and time isn't my best friend right now :/

Anyways, let's talk about operating systems. They serve a purpose which is the goal which the user has.
So, as everyone says (or, loads of people), every system is good for a purpose and you can't call the mainstream systems shit because they all have their use.

Last part is true (that they all have their use) but defining a good system is up to an individual. So, a system which I'd be able to call good, had at least the following 'features':
- it gives the user freedom. If someone just wants to use it for emailing and webbrowsing, fair enough. If someone wants to produce music on it, fair enough. If someone wants to rebuild the entire system to suit their needs, fair enough. If someone wants to check the source code to see what's actually running on their hardware, fair enough. It should be up to the user to decide what they want to/can do and not up to the maker of that system.
- it tries it's best to keep the security/privacy of its users protected. Meaning, by default, no calling home, no integrating users within mass surveillance programs and no unnecessary data collection.
- Open. Especially in an age of mass surveillance, it's very important that one has the option to check the underlying code for vulnerabilities/backdoors. Can everyone do that, nope. But that doesn't mean that the option shouldn't be there because it's also about transparency so you don't HAVE to trust a software vendor on their blue eyes.
- stability. A system should be stable enough for home users to use. For people who like to tweak around? Also, but tweaking *can* lead to instability and crashes, that's not the systems' responsibility.

Especially the security and privacy AND open parts are why I wouldn't ever voluntarily (if my job would depend on it, sure, I kinda need money to stay alive so I'll take that) use windows or macos. Sure, apple seems to care about user privacy way more than other vendors but as long as nobody can verify that through source code, no offense, I won't believe a thing they say about that because no one can technically verify it anyways.

Some people have told me that Linux is hard to use for new/(highly) a-technical people but looking at my own family and friends who adapted fast as hell and don't want to go back to windows now (and mac, for that matter), I highly doubt that. Sure, they'll have to learn something new. But that was also the case when they started to use any other system for the first time. Possibly try a different distro if one doesn't fit?

Problems - sometimes hard to solve on Linux, no doubt about that. But, at least its open. Meaning that someone can dive in as deep as possible/necessary to solve the problem. That's something which is very difficult with closed systems.

The best example in this case for me (don't remember how I did it by the way) was when I mounted a network drive at boot on windows and Linux (two systems using the same webDav drive). I changed the authentication and both systems weren't in for booting anymore. Hours of searching how to unfuck this on windows - I ended up reinstalling it because I just couldn't find a solution.
On linux, i found some article quite quickly telling to remove the entry for the webdav thingy from fstab. Booted into a root recovery shell, chrooted to the harddrive, removed the entry in fstab and rebooted. BAM. Everything worked again.

So yeah, that's my view on this, I guess ;P

So i was working with a small company which were developing software for insurance sector. It was decided then that there should be an app for windows phone community and i was hired to that job.

It took me almost a month to finish the job. Please keep in mind that project was huge and already developed for android counterpart and was a hit in market. This was a chance given to me to prove myself and i proved it.

First month was fantastic for the company as software the company made was not available for windows phone. Price has been set for the software was higher in those time. Almost $15.

Excited by the success i added some more features which were not available on android counter part.

But price was very high. Even i asked management to drop the price because there were less windows phone user but no body listened.

Result : in a year app has made roughly 5000 download in which only 200 paid the actual price. Company asked me to take down the app from store. I was blamed for my over confidence in adding features that this made app less usable. They did not say a word to business managment team. I was fired.

Rough, cruel world.

6 month ago i published my app for same purpose with same feature set and different UI. And made it free. Completely free. Added a link to pay developer $0.5 or Rs 30.

Result: i have now 10 thousands plus download in last 4 month in which almost 3000 users have donated already.

Now i have my resource and my confidence and making an android app for same purpose.

This is my story and is not fake, i am 28 years old. If you think you can, you can.

Amen.

More sysadmin focused but y’all get this stuff and I need a rant.

TLDR: Got the wrong internship.

Start working as a sysadmin/dev intern/man-of-many-hats at a small finance company (I’m still in school). Day 1: “Oh new IT guy? Just grab a PC from an empty cubicle and here’s a flash drive with Fedora, go ahead and manually install your operating system. Oh shit also your desktop has 2g of ram, a core2 duo, and we scavenged your hard drive for another dev so just go find one in the server room. And also your monitor is broken so just take one from another cubicle.”

Am shown our server room and see that someone is storing random personal shit in there (golf clubs propped against the server racks with heads mixed into the cabling, etc.). Ask why the golf clubs etc. are mixed in with the cabling and server racks and am given the silent treatment. Learn later that my boss is the owners son, and he is storing his personal stuff in our server room.

Do desktop support for end users. Another manager asks for her employees to receive copies of office 2010 (they’re running 2003 an 2007). Ask boss about licensing plans in place and upgrade schedules, he says he’ll get back to me. I explain to other manager we are working on a licensing scheme and I will keep her informed.

Next day other manager tells me (*the intern*) that she spoke with a rich business friend whose company uses fake/cracked license keys and we should do the same to keep costs down. I nod and smile. IT manager tells me we have no upgrade schedule or licensing agreement. I suggest purchasing an Office 365 subscription. Boss says $150 a year per employee is too expensive (Company pulls good money, has ~25 employees, owner is just cheap) I suggest freeware alternatives. Other manager refuses to use anything other than office 2010 as that is what she is familiar with. Boss refuses to spend any money on license keys. Learn other manager is owners wife and mother of my boss. Stalemate. No upgrades happen.

Company is running an active directory Windows Server 2003 instance that needs upgrading. I suggest 2012R2. Boss says “sure”. I ask how he will purchase the license key and he tells me he won’t.

I suggest running an Ubuntu server with LDAP functionality instead with the understanding that this will add IT employee hours for maintenance. Bosses eyes glaze over at the mention of Linux. The upgrade is put off.

Start cleaning out server room of the personal junk, labeling server racks and cables, and creating a network map. Boss asks what I’m doing. I show him the organized side of the server room and he says “okay but don’t do any more”.

... *sigh* ...

Worst of 2020:

Seeing company get stuck in an organizational swamp. Devs tend to be reasonably good at working from home...

Management isn't. Meeting quality has gone down the drain, half of management thinks "if the boss can't see me why work at all?", the other half has constant calls with tiny working groups where nothing is final and everyone is left confused.

I'm convinced: Everything management is afraid of about allowing devs to work from home is based on projection of their own weaknesses.

They're not passionate enough to work without oversight. They might not be introverts, but extroverts are perfectly able to communicate poorly, especially when a few digital hurdles get in the way.

The average developer might actually be more attuned to the intricacies of emotionless text chats, and preventing disruptive elements in video calls.

Also, unless someone physically helps a manager to remove their head from their own ass once in a while, their "gut feelings" about the market and products are actually just amplified bias caused by their endless self-absorbed yelling into the echo chamber that is their stretched out rectum.

Holy motherfucking hell, have I seen some weird projects float by in 2020, pooped out by isolated product managers whose brain clearly has melted when they had to survive without office fruitbaskets and organizational post-it walls.

Yeah let's promote our international character, by giving away travels and hotel bookings, using pictures of happy hugging people in foreign countries... Great promo during a pandemic.

Or let's get "woke" and promote the "colored users" on our platforms, by training ML to categorize people by skin pigment (Apart from how illegal and ethically insane that is on multiple levels, about 85% of our users pick shit like anime characters and memes for their avatar).

Or how about we make a Microsoft Store app, even though the vast majority of our end users are students using cheap Android phones, older iPhones, Macbooks and Chromebooks.

😡

Anyway, now that I have dressed up my Christmas tree with some manager intestines...

Best of 2020:

I got to play through my Steam backlog, work on hobby projects, and watch a lot of YouTube.

All this pandemic insanity has convinced me all the more that I want to work way more in Rust, and publish way more on open source projects.

I became maintainer/collaborator on a bunch of semi-prominent libraries & frameworks, and while no community is perfect, I enjoy my laid-back coffee-fueled debugging on those packages much more than listening to another crack addicted cocksucker in a suit explain their half-assed A/B test idea to me at 9AM.

So, 2021 will be me half-assing through the spaghetti at my official fuckfest of a job so I can keep filling my bank account — and investing way more time and effort into stuff I find truly engaging, into projects with a heart and a soul.

Our website once had it’s config file (“old” .cgi app) open and available if you knew the file name. It was ‘obfuscated’ with the file name “Name of the cgi executable”.txt. So browsing, browsing.cgi, config file was browsing.txt.
After discovering the sql server admin password in plain text and reporting it to the VP, he called a meeting.
VP: “I have a report that you are storing the server admin password in plain text.”
WebMgr: “No, that is not correct.”
Me: “Um, yes it is, or we wouldn’t be here.”
WebMgr: “It’s not a network server administrator, it’s SQL Server’s SA account. Completely secure since that login has no access to the network.”
<VP looks over at me>
VP: “Oh..I was not told *that* detail.”
Me: “Um, that doesn’t matter, we shouldn’t have any login password in plain text, anywhere. Besides, the SA account has full access to the entire database. Someone could drop tables, get customer data, even access credit card data.”
WebMgr: “You are blowing all this out of proportion. There is no way anyone could do that.”
Me: “Uh, two weeks ago I discovered the catalog page was sending raw SQL from javascript. All anyone had to do was inject a semicolon and add whatever they wanted.”
WebMgr: “Who would do that? They would have to know a lot about our systems in order to do any real damage.”
VP: “Yes, it would have to be someone in our department looking to do some damage.”
<both the VP and WebMgr look at me>
Me: “Open your browser and search on SQL Injection.”
<VP searches on SQL Injection..few seconds pass>
VP: “Oh my, this is disturbing. I did not know SQL injection was such a problem. I want all SQL removed from javascript and passwords removed from the text files.”
WebMgr: “Our team is already removing the SQL, but our apps need to read the SQL server login and password from a config file. I don’t know why this is such a big deal. The file is read-only and protected by IIS. You can’t even read it from a browser.”
VP: “Well, if it’s secured, I suppose it is OK.”
Me: “Open your browser and navigate to … browse.txt”
VP: “Oh my, there it is.”
WebMgr: “You can only see it because your laptop had administrative privileges. Anyone outside our network cannot access the file.”
VP: “OK, that makes sense. As long as IIS is securing the file …”
Me: “No..no..no.. I can’t believe this. The screen shot I sent yesterday was from my home laptop showing the file is publicly available.”
WebMgr: “But you are probably an admin on the laptop.”
<couple of awkward seconds of silence…then the light comes on>
VP: “OK, I’m stopping this meeting. I want all admin users and passwords removed from the site by the end of the day.”

Took a little longer than a day, but after reviewing what the web team changed:
- They did remove the SQL Server SA account, but replaced it with another account with full admin privileges.
- Replaced the “App Name”.txt with centrally located config file at C:\Inetpub\wwwroot\config.txt (hard-coded in the app)
When I brought this up again with my manager..
Mgr: “Yea, I know, it sucks. WebMgr showed the VP the config file was not accessible by the web site and it wasn’t using the SA password. He was satisfied by that. Web site is looking to beat projections again by 15%, so WebMgr told the other VPs that another disruption from a developer could jeopardize the quarterly numbers. I’d keep my head down for a while.”

It's funny to see how a coworker of mine and me are very similar minded on some privacy stuff. He's a very cool/open guy and just a regular consumer (used the default services etc) but he shares quite some of my views. This is a convo we had today:

*got to the WhatsApp subject somehow*
Him: oh right, you didn't use that haha
Me: yeah 😅
Him: why was that again, privacy reasons or something, right? xD
Me: uhm yes *help*
Him: Well fair enough.
Me: so you'd think I'm right? I mean it uses end to end crypto... (I'm entirely with him in the next few lines but I always approach it carefully)
Him: they veeeery probably have some kinda fucking masterkey.
Me: why'd you think that?
Him: it has over a billion users, the owner is facebook, fb is directly integrated with several mass surveillance programs, they are known to work closely with one particular one, the intelligence interests are way too high for letting such an opportunity pass and after all, THE FUCKER IS CLOSED SOURCE AKA NO ONE CAN FUCKING VERIFY THE CRYPTO NOR THE APP ITSELF.
Me: I agree haha 😅
Him: it's not rocket science, it's modern day mass tracking/surveillance logic :)

I like that guy.

I’m so mad I’m fighting back anger tears. This is a long rant and I apologize but I’m so freaking mad.

So a few weeks ago I was asked by my lead staff person to do a data analysis project for the director of our dept. It was a pretty big project, spanning thousands of users. I was excited because I love this sort of thing and I really don’t have anything else to do. Well I don’t have access to the dataset, so I had to get it from my lead and he said he’d do it when he had a chance. Three days later he hadn’t given it to me yet. I approach him and he follows me to my desk, gives me his login and password to login to the secure freaking database, then has me clone it and put it on my computer.

So, I start working on it. It took me about six hours to clean the database, 2 to set up the parameters and plan of attack, and two or three to visualize the data. I realized about halfway through that my lead wasn’t sure about the parameters of the analysis, and I mentioned to him that the director had asked for more information than what he was having me do. He tells me he will speak with director.

So, our director is never there, so I give my lead about a week to speak with her, in the mean time I finish the project to the specifications that the director gave. I even included notes about information that I would need to make more accurate predictions, to draw conclusions, etc. It was really well documented.

Finally, exasperated, and with the project finished but just sitting on my computer for a week, I approached my director on a Saturday when I was working overtime. She confirmed that I needed to what she said in the project specs (duh), and also mentioned she needed a bigger data set than what I was working with if we had one. She told me to speak to my lead on Monday about this, but said that my work looked great.

Monday came and my lead wasn’t there so I spoke with my supervisor and she said that what I was using was the entire dataset, and that my work looked great and I could just send it off. So, at this point 2/3 of my bosses have seen the project, reviewed it, told me it was great, and confirmed that I was doing the right thing.

I sent it off to the director to disseminate to the appropriate people. Again, she looked at it and said it was great.

A week later (today) one of the people that the project was sent to approaches me and tells me that i did a great job and thank you so much for blah blah blah. She then asks me if the dataset I used included blahblah, and I said no, that I used what was given to me but that I’d be happy to go in and fix it if given the necessary data.

She tells me, “yeah the director was under the impression that these numbers were all about blahblah, so I think there was some kind of misunderstanding.” And then implied that I would not be the one fixing the mistake.

I’m being taken off of the project for two reasons: 1. it took to long to get the project out in the first place,
2. It didn’t even answer the questions that they needed answered.

I fucking told them in the notes and ALL THROUGH THE VISUALIZATIONS that I needed additional data to compare these things I’m so fucking mad. I’m so mad.

Buckle up kids, this one gets saucy.

At work, we have a stress test machine that trests tensile, puncture and breaking strength for different materials used (wood construction). It had a controller software update that was supposed to be installed. I was called into the office because the folks there were unable to install it, they told me the executable just crashed, and wanted me to take a look as I am the most tech-savvy person there.

I go to the computer and open up the firmware download folder. I see a couple folders, some random VBScript file, and Installation.txt. I open the TXT, and find the first round of bullshit.

"Do not run the installer executable directly as it will not work. Run install.vbs instead."

Now, excuse me for a moment, but what kind of dick-cheese-sniffing cockmonger has end users run VBScript files to install something in 2018?! Shame I didn't think of opening it up and examining it for myself to find out what that piece of boiled dogshit did.

I suspend my cringe and run it, and lo and behold, it installs. I open the program and am faced with entering a license key. I'm given the key by the folks at the office, but quickly conclude no ways of entering it work. I reboot the program and there is an autofilled key I didn't notice previously. Whatever, I think, and hit OK.

The program starts fine, and I try with the login they had previously used. Now it doesn't work for some reason. I try it several times to no avail. Then I check the network inspector and notice that when I hit login, no network activity happens in the program, so I conclude the check must be local against some database.

I browse to the program installation directory for clues. Then I see a folder called "Databases".

"This can't be this easy", I think to myself, expecting to find some kind of JSON or something inside that I can crawl for clues. I open the folder and find something much worse. Oh, so much worse.

I find <SOFTWARE NAME>.accdb in the folder. At this point cold sweat is already running down my back at the sheer thought of using Microsoft Access for any program, but curiosity takes over and I open it anyway.

I find the database for the entire program inside. I also notice at this point that I have read/write access to the database, another thing that sent my alarm bells ringing like St. Pauls cathedral. Then I notice a table called "tUser" in the left panel.

Fearing the worst, I click over and find... And you knew it was coming...

Usernames and passwords in plain text.

Not only that, they're all in the format "admin - admin", "user - user", "tester - tester".

I suspend my will to die, login to the program and re-add the account they used previously. I leave the office and inform the peeps that the program works as intended again.

I wish I was making this shit up, but I really am not. What is the fucking point of having a login system at all when your users can just open the database with a program that nowadays comes bundled with every Windows install and easily read the logins? It's not even like the data structure is confusing like minified JSON or something, it's literally a spreadsheet in a program that a trained monkey could read.

God bless them and Satan condemn the developers of this fuckawful program.

Every single one of them, and every one that will come after them.

Google, it started out as 2 people in their garage, wanting to make a search engine that was better than the others. Nothing else, nothing evil. Just make the world a little bit better. And look what it's become now. A megacorporation with little to no regards for their user base. Because who cares about users anyway?

Microsoft, it started out with Bill Gates - young high school computer nerd - who wanted to make an operating system for the world to use. Something that's better than the competition. And boy did he do so. Well "better than the competition" aside, he did make it for the world to use. And the world adopted it. And look what it's become now. A megacorporation with little to no regards for their user base. Because who cares about users anyway?

See where I'm going here?

Apple, it started out with Steve Jobs and Steve Wozniak in their garage, just like Google did, wanting to make hardware that was better than the others. Nothing else, nothing evil. Just to make the world a little bit better. And look what it's become now. Planned obsolescence has been baked into it, just like it is in every other piece of technology. Quality control and thinking through the design has become a thing of the past. User choice, yeah who cares about that.

Samsung, it started out centuries ago actually, and I don't really remember the details of it.. ColdFusion has a video on it if memory serves me right. Do watch it if you're interested. Anyway, just like all the others they started out as a company which wanted to make the world a little bit better. And damn right did they do so.. initially. Look what they've become now. Forcing their stupid TouchWiz UI upon their customers (or products?), a Bixby button that can't even be reprogrammed.. and the latest thing.. Knox, advertised as a security feature, but as everyone who likes rooting their devices and mucking with it knows, it is an anti-feature that only serves for lockdown. Why shouldn't you be able to turn in a phone for RMA when a hardware error occurs, when all you've personally modified is the software? Why should changing the software blow that eFuse, so that you can be sure that you can't replace it without specialized equipment and a very steady hand?

I could go on and on forever about more of the tech giants out there, but I feel like this suffices for now. Otherwise I won't have anything else left for future rants! But one thing I know for sure. Every tech company started, starts, and will start out with a desire to make the world a better place, and once they gain a significant customer base, they will without exception turn into the same kind of Evil Megacorp., just like the ones before them. Some may say that capitalism itself is to blame for this, the greed for more when you already have a lot. Who knows? I'd rather say that the very human nature itself is to blame for it. We're by design greedy beings, and I hate it. I hate being human for that. I don't want humans to be evil towards one another, and be greedy for ever more. But I guess that that's just the way it is, and some things do actually never change...

!!privacy
!!political

I had a discussion with a coworker earlier.

I owed him for lunch the other day, and he suggested I pay him back either with cash (which I didn't have), Venmo, or just by him lunch the next time (which I ended up doing).

I asked about Venmo, and he said it was like paypal, but always free. that sounded a bit off -- because how are they in business if it's always free? -- so I looked it up, and paid special attention to their privacy policy.

The short of it: they make money by selling your information. That's worth far more than charging users a small fee when sending $5 every few weeks. Sort of what I expected when I heard "always free," but what surprised me is just how much they collect. (In retrospect, I really shouldn't have been surprised at all...)

Here's an incomplete list:
* full name, physical address, email, DoB, SSN (or other government IDs, depending on country)
* Complete contact list (phone numbers, names, photos)
* Browser/device fingerprint
* (optional) Your entire Facebook feed and history
* (optional) all of your Facebook friends' contact info
* Your Twitter feed
* Your FourSquare activity
(The above four ostensibly for "fraud prevention")
* GPS data
* Usage info about the actual service
* Other users' usage info (e.g. mentioning you)
* Financial info (the only thing not shared with third parties)

Like, scary?

And, of course, they share all of this with their parent company, PayPal. (The privacy policy does not specify what PayPal does with it, nor does it provide any links that might describe it, e.g. PayPal's "info-shared-by-third-parties" privacy policy)

So I won't be using Venmo. ever.

I mentioned all of this to my coworker, and he just doesn't understand. at all. He even asks "So what are they going do with that, send me ads? like they already do?"

I told him why I think it's scary. Everything from them freely selling all of your info, to someone being able to look through your entire online life's history, to being able to masquerade around as you, to even reproducing your voice (e.g. voice clips collected by google assistant), to grouping people by political affiliations.

He didn't have much to say about any of them, and actually thought the voice thing was really cool. (All I could think of was would happen if the "news" had that ability....) All of his other responses were "that doesn't bother me at all" and/or "using all of these services is so convenient."

but what really got me was his reaction to the last one.

I said, "If you're part of the NRA, for example, you'd be grouped with Republicans. If they sell all of this information, which they do, and they don't really care who buys it or what they do with it... someone could look through the data and very very easily target those political groups."

His response? "I don't have to worry about that. I'm a Democrat, and have always voted Democrat. I'll tell anyone that."

Like.
That's basically saying every non-democrat is someone you should be wary of and keep an eye on. That's saying Democrats are the norm and everyone else is deviant and/or wrong.

and I couldn't say anything after this because... no matter what I said, it would start a political conflict, and would likely end with me being fired (since the owner is also a democrat, and they're very buddy-buddy). "What if they target democrats?" -> "They already do!" or "What if democrats use it against others?" -> "They deserve it for being violent and racist, but we never would" (except, you know, that IRS/tea-party incident for example...)

But like, this is coming from someone who firmly believes conservatives are responsible for all of the violence and looting and rioting and mass shootings in the country. ... even when every single instance has been by committed by democrats. every. single. one.

Just...
jfl;askjfasflkj.

He doesn't understand the need for privacy, and his world view is just... he actually thinks everyone with different beliefs is wrong and dangerous.

I don't even know how to deal with people like this. and with how prevalent this mindset is... coupled with the aforementioned privacy concerns... it's honestly *terrifying.*

I’m a .NET desktop fullstack dev these days… Never worked web unless for my own small needs/personal projects.
I started using tech one way or the other by the time windows was version 3.1 and been through quite a bit ground-breaking changes in the industry of software development and the internet but if there’s one thing I cannot understand of it all, no matter how much thought I put into it is: How the fuck did we manage to make it so fucking complicated to develop anything these days?
I remember like it was yesterday that you could stand a website with HTML, CSS and JS, three fucking files and you’ve made yourself a single page site. Then came the word “Responsive”, “Responsive” written everywhere. Fair enough, grid system popped up. All of the sudden jQuery was summoned… and everything that happened after this point has been a fucking circus of high-pitched teens talking on conferences about fucking libraries and frameworks to make integration with real time, highly scalable, eco-friendly, serverless, data driven, genome aware, genderless, quantum technologies to interact with bio dynamically generated organisms, namely fucking users.
Every fucking bit of the process of building a mobile/web application seems to be stopped by yet another incredibly dumb attempt to suicide a developer. Can you go from starting an app and publishing an app without jumping through a thousand VERY specific hoops? No, fuck no.
I fucking hate it… It’s a bit hard to get Desktop dev jobs these days but for as long as I work on IT I will continue to stick to that area, until someone for the love of life comes up with a fucking solution to all this decadent circus of bureaucratic technocracy.
Fuck big industry, fuck tech giants, fuck javascript and webassembly, fuck kids putting ASCII art on console applications that I DON’T FUCKING NEED to install dependencies THAT I DON’T FUCKING NEED to extend functionality on frameworks that I DON’T FUCKING NEED… oh wait, I do need all this because YOU FUCKING MADE IT MANDATORY NOW! FUUUUUUUUUUUUUUUUUUUUUUUCK YOU!!!

So, some time ago, I was working for a complete puckered anus of a cosmetics company on their ecommerce product. Won't name names, but they're shitty and known for MLM. If you're clever, go you ;)

Anyways, over the course of years they brought in a competent firm to implement their service layer. I'd even worked with them in the past and it was designed to handle a frankly ridiculous-scale load. After they got the 1.0 released, the manager was replaced with some absolutely talentless, chauvinist cuntrag from a phone company that is well known for having 99% indian devs and not being able to heard now. He of course brought in his number two, worked on making life miserable and running everyone on the team off; inside of a year the entire team was ex-said-phone-company.

Watching the decay of this product was a sheer joy. They cratered the database numerous times during peak-load periods, caused $20M in redis-cluster cost overrun, ended up submitting hundreds of erroneous and duplicate orders, and mailed almost $40K worth of product to a random guy in outer mongolia who is , we can only hope, now enjoying his new life as an instagram influencer. They even terminally broke the automatic metadata, and hired THIRTY PEOPLE to sit there and do nothing but edit swagger. And it was still both wrong and unusable.

Over the course of two years, I ended up rewriting large portions of their infra surrounding the centralized service cancer to do things like, "implement security," as well as cut memory usage and runtimes down by quite literally 100x in the worst cases.

It was during this time I discovered a rather critical flaw. This is the story of what, how and how can you fucking even be that stupid. The issue relates to users and their reports and their ability to order.

I first found this issue looking at some erroneous data for a low value order and went, "There's no fucking way, they're fucking stupid, but this is borderline criminal." It was easy to miss, but someone in a top down reporting chain had submitted an order for someone else in a different org. Shouldn't be possible, but here was that order staring me in the face.

So I set to work seeing if we'd pwned ourselves as an org. I spend a few hours poring over logs from the log service and dynatrace trying to recreate what happened. I first tested to see if I could get a user, not something that was usually done because auth identity was pervasive. I discover the users are INCREMENTAL int values they used for ids in the database when requesting from the API, so naturally I have a full list of users and their title and relative position, as well as reports and descendants in about 10 minutes.

I try the happy path of setting values for random, known payment methods and org structures similar to the impossible order, and submitting as a normal user, no dice. Several more tries and I'm confident this isn't the vector.

Exhausting that option, I look at the protocol for a type of order in the system that allowed higher level people to impersonate people below them and use their own payment info for descendant report orders. I see that all of the data for this transaction is stored in a cookie. Few tests later, I discover the UI has no forgery checks, hashing, etc, and just fucking trusts whatever is present in that cookie.

An hour of tweaking later, I'm impersonating a director as a bottom rung employee. Score. So I fill a cart with a bunch of test items and proceed to checkout. There, in all its glory are the director's payment options. I select one and am presented with:

"please reenter card number to validate."

Bupkiss. Dead end.

OR SO YOU WOULD THINK.

One unimportant detail I noticed during my log investigations that the shit slinging GUI monkeys who butchered the system didn't was, on a failed attempt to submit payment in the DB, the logs were filled with messages like:

"Failed to submit order for [userid] with credit card id [id], number [FULL CREDIT CARD NUMBER]"

One submit click later and the user's credit card number drops into lnav like a gatcha prize. I dutifully rerun the checkout and got an email send notification in the logs for successful transfer to fulfillment. Order placed. Some continued experimentation later and the truth is evident:

With an authenticated user or any privilege, you could place any order, as anyone, using anyon's payment methods and have it sent anywhere.

So naturally, I pack the crucifixion-worthy body of evidence up and walk it into the IT director's office. I show him the defect, and he turns sheet fucking white. He knows there's no recovering from it, and there's no way his shitstick service team can handle fixing it. Somewhere in his tiny little grinchly manager's heart he knew they'd caused it, and he was to blame for being a shit captain to the SS Failboat. He replies quietly, "You will never speak of this to anyone, fix this discretely." Straight up hitler's bunker meme rage.

Less a rant, more just a sad story.

Our company recently acquired its sister company, and everyone has been focused on improving and migrating their projects over to our stack.

There's a ton of material there, but this one little story summarizes the whole very accurately, I think. (Edit: two stories. I couldn't resist.)

There's a 3-reel novelty slot machine game with cards instead of the usual symbols, and winnings based on poker-like rules (straights and/or flushes, 2-3 of a kind, etc.) The machine is over a hundred times slower than the other slot machines because on every spin it runs each payline against a winnings table that exhastively lists every winning possibility, and I really do mean exhaustively. It lists every type of win, for every card, every segment for straights, in every order, of every suit. Absolutely everything.

And this logic has been totally acceptable for just. so. long. When I saw someone complaining in dev chat about how much slower it is, i made the bloody obvious suggestion of parsing the cards and applying some minimal logic to see if it's a winning combination. Nobody cared.

Ten minutes later, someone from the original project was like "Hey, I have an idea, why don't we do it algorithmically to not have a 4k line rewards table?"

He seriously tried stealing a really bloody obvious idea -- that he hadn't had for years prior -- and passing it off as his own. In the same chat. Eight messages below mine. What a derpballoon.

I called him out on it, and he was like "Oh, is that what you meant by parsing?" 🙄

Someone else leaped in to defend the ~128x slower approach, saying: "That's the tech we had." You really didn't have a for loop and a handful of if statements? Oh wait, you did, because that's how you're checking your exhaustive list. gfj. Abysmal decisions like this is exactly why most of you got fired. (Seriously: these same people were making devops decisions. They were hemorrhaging money.)

But regardless, the quality of bloody everything from that sister company is like this. One of the other fiascos involved pulling data from Facebook -- which they didn't ever even use -- and instead of failing on error/unexpected data, it just instantly repeated. So when Facebook changed permissions on friends context... you can see where this is going. Instead of their baseline of like 1400 errors per day, which is amazingly high, it spiked to EIGHTEEN BLOODY MILLION PER DAY. And they didn't even care until they noticed (like four days later) that it was killing their other online features because quite literally no other request could make it out. More reasons they got fired. I'm not even kidding: no single api request ever left the users' devices apart from the facebook checks.

So.
That's absolutely amazing.

Quick recap of my last two weeks: 15 year old production server is basically dead, boss has taken over calls and claims credit for "resolving" outages (even though my coworker and I did the work, but ultimately the traffic died down enough to where it wasn't an issue anymore).

I go to a meeting to plan migration to a better server, boss bitches about not getting invited, I tell him I invited myself, and then he lectures about how that's not our job.

Different boss says we're migrating a schema for an application that should have been decommissioned 5+ years ago to use as a baseline. I explain what's going on, he says he understands, and proceeds to tell higher bosses it's perfect because there will be no user impact. OF COURSE THERE'S NO FRICKING IMPACT, YA DUNCE! there are no users!!!!

I merge two email threads together, since they discuss the same thing, but with different insight, and get yelled at, even though they requested it.

The two bosses I like are OOO for the next week, too, so I'm just sitting here hoping I don't say something that'll get me fired or sent to sensitivity training.

I'm just starting my on call rotation and don't know that I can do this. I cry when my phone rings, now, because I experience physical pain with how hard I cringe.

I got yelled at today by a guy because SOMEONE I DON'T KNOW assigned a ticket to him directly, rather than to the proper team (not his team). So I had to look into that, which at least had the benefit of preventing a catastrophic outage to our customers world wide, but no one will know because I don't brag at work; I'm too busy doing my job as well as most of my division/section/larger team, whatever the hell it's called. I saved us probably 25+ hours of continuous troubleshooting call from noticing something tiny that the people "smarter" than me missed.

**edit: sorry for typos; got my nails done yesterday but they feel like they're a mile long and I have to relearn how to type**

I extracted a tangled action to its own api, and wrote a test for it.

The test failed.

I added debugging, more debugging, all the debugging. It still fails. But I can at least see why it fails!

It turns out the api finds and updates the wrong user. It finds and updates the wrong user EVEN WHEN THERE ARE NO OTHER USERS.

WHAT THE SALAMI.

Also, the user lookup it uses is extremely roundabout and takes several seconds with ~2 million users. Normally I'd fix the lookup, but it has been in production for several years, and I'm terrified it will break something if I fix it.

Blargherhagrid.

So... Just overheard a conversation at an Apple store...

tl;dr;

The customer gets furious for not getting to buy a mac pro for the price he wants and it doesn't even include the monitor there.....

C - customer, S - Sales person.

C: Hey, I've heard that apple released new home computers. May I get one?
S: Hello, they are not out yet.
C: WHAT?! How can they not be out yet? They released it like a week ago.
S: Well, they announced it, not officially released it for sale.
C: Ah, whatever. Can I pre-order it now?
S: Sure, we'll need your details and a deposit.
C: What? A deposit for what? That $1000 machine?
S: Sir, do you know the prices?
C: Of course. They have released a new machine and it will cost like previous ones - from $1000.
S: Then you might be talking about Macbook Air...
C: *Interrupts* No, I'm talking about the desktop computer, the whole box.
S: Ok... It starts at ~$6000.
C: WHAT?! It can't be... Oh well, I'll buy it. I hope it's the fully-specked one. Oh and does it come with a monitor?
S: No sir. It's the base model and it has no monitors.
C: WHAT?! How can this be?
S: You see, these are devices created for professionals. They are not for home users since our iMac line is....
C: *Interrupts again* Are you saying I'm not a professional?
S: I'm sorry but by the questions and lack of information - it seems to be true - you are not a professional.
C: FUCK YOU, I'm going to another store and they will sell it for me for $1000. What a piece of crap is this.
*Customer leaves furiously*
S: *to another S* - What is wrong with that dude? Is he high or what?
S2: *shrugs* and tells that it's the 5th time someone came to order that pc and was scared by the price.

---

So yeah... It's fun to see how idiots think that anything apple releases is for them... Once again I was made sure that apple fans are brainless fucks that will buy anything it produces and if that is not in the right price - they'll get furious.

ps. I own apple product, mac pro 2015. Would never buy a newer one NOR an iphone. I don't think that anyone is dumb just for buying it - people buy whatever fits their needs and that's ok but... More than we would like to admit - people buy it because it's an apple product....

Someone just rang the IT Helpdesk moaning that outlook wasn't syncing his mail and it was because the brand new laptop he's just gotten is crap.

So first, the guy on the helpdesk asked to log into the users laptop to look at outlook.
He apparently isn't at his laptop and doesn't have time for anyone to log in!
Wtf lol
So he rings back 10 mins later when at his laptop but wont let the helpdesk log in as he has 'confidential' documents open.

Wtf, close them, why are you ringing us to look at your laptop if you won't let us log on?? lol

So helpdesk was like ok, just check cat cable is plugged in, check wifi is off, do a send/receive etc. and the user's like yes, they're all okay!

Helpdesk tells him to reboot his pc. He does so.
Doesn't resolve it.
Skip forward another 10 painful minutes while the helpdesk guy is pulling his hair out checking everything in the background, and all looks fine.

User then says "should i also turn off my iPhone?"
Helpdesk: 'No, outlook is just on your laptop'.
User: 'No *assured laugh* its on my phone too. I get emails there too'
Helpdesk: 'No, you use the generic 'Mail' app on your phone. Outlook is a separate app. We don't use it.'
User: 'But you're not listening, regardless of the app name, that's my problem, mail's not working on my phone'.
Helpdesk: '.....so why didn't you say so 20 minutes ago when i asked to log into ur laptop?'

User: 'Didn't think it was relevant. Laptop was fine. Assumed you'd know'.

...........

Why.

Why???

Why.

Shockingly, a phone restart fixed it. The user couldn't remember the last time he'd turned the thing off.

What I'm posting here is my 'manifesto'/the things I stand for. You may like it, you may hate it, you may comment but this is what I stand for.

What are the basic principles of life? one of them is sharing, so why stop at software/computers?
I think we should share our software, make it better together and don't put restrictions onto it. Everyone should be able to contribute their part and we should make it better together. Of course, we have to make money but I think that there is a very good way in making money through OSS.

Next to that, since the Snowden releases from 2013, it has come clear that the NSA (and other intelligence agencies) will try everything to get into anyone's messages, devices, systems and so on. That's simply NOT okay.
Our devices should be OUR devices. No agency should be allowed to warrantless bypass our systems/messages security/encryptions for the sake of whatever 'national security' bullshit. Even a former NSA semi-director traveled to the UK to oppose mass surveillance/mass govt. hacking because he, himself, said that it doesn't work.

We should be able to communicate freely without spying. Without the feeling that we are being watched. Too badly, the intelligence agencies of today do not want us to do this and this is why mass surveillance/gag orders (companies having to reveal their users' information without being allowed to alert their users about this) are in place but I think that this is absolutely wrong. When we use end to end encrypted communications, we simply defend ourselves against this non-ethical form of spying.
I'm a heavy Signal (and since a few days also Riot.IM (matrix protocol) (Riot.IM with end to end crypto enabled)), Tutanota (encrypted email) and Linux user because I believe that only those measures (open source, reliable crypto) will protect against all the mass spying we face today.
The applications/services I strongly oppose are stuff like WhatsApp (yes, encryted messages but the metadata is readily available and it's closed source), skype, gmail, outlook and so on and on and on.

I think that we should OWN our OWN data, communications, browsing stuffs, operating systems, softwares and so on.

This was my rant.

Warning: JPEG artefacts incoming!

Dear Google,
you know exactly which languages I speak. So please explain to me why you still feel the need to push some random video titles and descriptions through Google Translate, making them look unprofessional and confusing me because I know that I watched that video already, but now it has a new title? And why is there no option to turn this off? And why do you explicitly state that the language setting does not affect text submitted by users? Even though it does? What the actual fuck?

Also lol even Google isn't perfect at using ecape characters correctly

Dev checked in code (I suspect purposely not inviting me on the code review invite) saying he "fixed" the authentication bug in the web service.

Um no, like I told you last week, the authentication error is because the load balancer wasn't passing the user's authentication to IIS.

If I didn't overhear him telling a user "Still getting the error? I don't know, we might have to re-write that service", he might have gotten away with it.

Me: "Wait, that doesn't sound right. If I hit the server directly, authentication works. Its an issue with the load balancer, not the service"
Dev: "Admin said the load balancer is fine and it has to be the service."
Me: "I don't buy it. IIS is returning the authentication error, not the service."
Dev: "I added exception handling and nothing is being logged. Must be something in the service configuration."
Me: "No, IIS performs the authentication, not the service. I explained that last week, remember?"
Dev: "Oh yea. What changes do we need to make to the service?"
<my blood pressure starts to spike>
Me: "None. Give me a sec.."
<we have other apps on the same server farm that work just fine, so I re-configure the service pool settings to match theirs>
Me: "See, now going through the load balancer, the service works fine. For some reason, the admin had our service set up differently."
Dev: "OK, I'll let the users know the service is fixed."
Me: "Service was never broke and I'm not leaving it in its current state. In the morning I'll talk to the admin and see what he can do to fix."

Client: We are tired of having to go only to specific users to get things actioned, we need everyone to be given admin access so that we can get work done efficiently

Dev: Highly do not recommend that *outlines the likely consequences*.

Client: We don’t care, we DEMAND you do this. We’ll make sure everyone is careful.

Dev: Ok but I warned you. Please submit this request in writing.

Client: Ok, not sure why you would need that. I told you everything would be fine.

*Not even two days later*

Client: HELP!!! OUR DATA IS NOW COMPLETELY MESSED UP. WE HAVE NO IDEA WHAT WOULD HAVE CAUSED THIS IT’S AS IF EVERYONE IS RANDOMLY DOING WHATEVER THEY WANT HOWEVER THEY WANT IN ORDER TO SUITE THEIR OWN NEEDS. IT MAKES NO SENSE HOW THIS HAS OCCURRED. I TOLD EVERYONE SPECIFICALLY TO NOT CAUSE ISSUES!!! WE NEED THIS FIXED A.S.A.P!!!!!!

Dev: …

"Thank you for choosing Microsoft!"

No Microsoft, I really didn't choose you. This crappy hardware made you the inevitable, not a choice.

And like hell do I want to run your crappy shit OS. I tried to reset my PC, got all my programs removed (because that's obviously where the errors are, not the OS, right? Certified motherfuckers). Yet the shit still didn't get resolved even after a reset. Installing Windows freshly again, because "I chose this".

Give me a break, Microshaft. If it wasn't for your crappy OS, I would've gone to sleep hours ago. Yet me disabling your shitty telemetry brought this shit upon me, by disabling me to get Insider updates just because I added a registry key and disabled a service. Just how much are you going to force data collection out of your "nothing to hide, nothing to fear" users, Microsoft?

Honestly, at this point I think that Microsoft under Ballmer might've been better. Because while Linux was apparently cancer back then, at least this shitty data collection for "a free OS" wasn't yet a thing back then.

My mother still runs Vista, an OS that has since a few months ago reached EOL. Last time she visited me I recommended her to switch to Windows 7, because it looks the same but is better in terms of performance and is still supported. She refused, because it might damage her configurations. Granted, that's probably full of malware but at this point I'm glad she did.

Even Windows 7 has telemetry forcibly enabled at this point. Vista may be unsupported, but at least it didn't fall victim to the current status quo - data mining on every Microshaft OS that's still supported.

Microsoft may have been shady ever since they pursued manufacturers into defaulting to their OS, and GPU manufacturers will probably also have been lobbied into supporting Windows exclusively. But this data mining shit? Not even the Ballmer era was as horrible as this. My mother may not realize it, but she unknowingly avoided it.

my story so far

Hey guys. i just wantes to share my story becoming something i think is like a dev.
I was always interested in solving problems. my grandfather has a company with a bit over a 100 employees. one day i decided to start working there. he needed someone to build up the erp system (mostly maintenance). about a month after i started he decided to get a new erp system because the one he had would not fill his needs. not knowing how big this got i told him that i want to build it up. from getting the orders over production with machines to billing.
he agreed. after a short time we knew that even this new system does not fullfill our needs. but it was so damn expensive. i told my grandfather: trust me, i am handling this. no further costs. and i started to learn programming. i learned night and day (visual basics.net, sql, c#). since then i wrote about 8 additional modules for the system in coorperation with the users. today, 3 years later we are far ahead our market in terms of transparency and information flow. i worked very hard for this and it is a great feeling to see that the things i do help my colleagues and are used.

i never learned this stuff in school and i know that i cannot tell that i am a professional programmer.

but when someone asks me i tell them i am a programmer because my solutions work and i think i deserve to call me that.

thanks for reading :)

6 months ago:

Boss: We have this idea to improve our onboarding to avoid drop off in the new app. See this section here? Were going to take that out of the onboarding and just let them pass straight through to the app. Then when they get into the app, there will be a banner telling them they should go to settings and set this up. That way they can ignore it for a while and get into the app sooner

Me: Get into the app sooner to do what?

Boss: Explore it

Me: Explore an empty app with no content, as they are a brand new user with nothing setup? While theres a big banner on the screen saying "You have insecure settings" ... basically forcing them to do it straight away anyway?

Boss: Yeah, we can give them some recommendations or something while they click around. It will be good. This is months away anyway, we'll talk again

Yesterday:

Boss: So this weird unexpected thing happened. We showed some beta users our plans to remove this section from onboarding and they felt weird about it. They said they didn't like the idea of the banner telling them they haven't set it up correctly

Me: Thats not weird, I said the same thing 6 months ago

Boss: ......... oh, really?

Me: Yep. Its not an improvement to get them through onboarding quicker, just to tell them they have to now go do it somewhere else

Boss: ... right. Ok maybe we'll build it anyway and see how they feel with it in there hands?

Me: nope

Boss: ... what do you mean?

Me: We are behind, you've asked me 3 times in the last week if we are going to be able to get everything in on time ... and now you want me to build something that everyone, apart from you, says they don't like. So realistically, i'm going to build it, and then remove it next week ... and we'll have a discussion about what has to be dropped because of this

Boss: ........ right .... ok .... hhhmmm

Me: *sits with resting bitch face*

Boss: ... maybe we can hide the banner until later. Not show it to them until they've done something in the app?

Me: ... maybe we can not do any of this?

Boss: right but then the onboarding will ...

Me: *talks louder* ... yes will be the way our users want it to be

Boss: ... hhmm i'm not sure

Me: Ok heres what we'll do, so long as it doesn't delay me getting the designs I need, feel free to have the designer mock up what it would look like using that figma on device preview thing. If users say they like it, i'll build it

Boss: ... right but it won't be real on device app so ...

Me: Its that or we cut feature X

Boss: ... well we need that

Me: ok glad we agree, let me know what feedback the designer gets

Boss: ... ok

!rant & story_time
This happend to the startup I was working for at ~2011. I was a junior Android dev, working on a very popular app.
During experiments for a new feature, I discovered that the system AlarmManager has a serious bug - you can set a repeating alarm with interval=0ms. If your app takes more then 1 ms to handle the Intent, then the AlarmManager will start to fill up the intent Queue, with unexpected results to the OS. causing it to slow down, and reboot when it ran out of Ram. Why? my guess was that because the AlarmManager was part of the OS, then any issues caused by it caused the system process to ran out of ram, crashing it, and the whole system with it. the real kicker was that even after a reboot, the AlarmManager still had Intents queued, causing the device to bootloop for a while, untill the queue was cleared. My boss decided to report the problem to google, as this was an issue in the OS. I built an example app, that caused the crash 10-30 seconds after starting, and submitted to Google. Google responded later that day with "not an issue, no one will ever do this".
Well... At this point I decided to review the autoupdate feature in our app, to make sure this will not happen to us. We just released a new feature where a user can set an update schedule option in the app settings - where you could setup a daily, weekly, or hourly update for the app. after reviewing it, It looked good, and the issue was not triggered in the manual QA I did. So, it was all good. And we released an updated version to the store.
After we did an update-install, we discoverd that, there was a provlem reading the previous version SharedPrefs value for the update schdule settings, and the value defaulted to 0...
the result was, our app caused all our users to go into a bootloop, and because the alarm was reset when the devices booted up, the bootloop could only be solved in a factory reset, or removing our app, before the device rebooted, and then waiting a few reboot cycles.
We lost 50 places in the market, and it took us 6 months to get back to where we were.

It was not my fault, but it sucked big time!

Root gets ignored.

I've been working on this monster ticket for a week and a half now (five days plus other tickets). It involves removing all foreign keys from mass assignment (create, update, save, ...), which breaks 1780 specs.

For those of you who don't know, this is part of how rails works. If you create a Page object, you specify the book_id of its parent Book so they're linked. (If you don't, they're orphans.) Example: `Page.create(text: params[:text], book_id: params[:book_id], ...)` or more simply: `Page.create(params)`

Obviously removing the ability to do this is problematic. The "solution" is to create the object without the book_id, save it, then set the book_id and save it again. Two roundtrips. bad.

I came up with a solution early last week that, while it doesn't resolve the security warnings, it does fix the actual security issue: whitelisting what params users are allowed to send, and validating them. (StrongParams + validation). I had a 1:1 with my boss today about this ticket, and I told him about that solution. He sort of hand-waved it away and said it wouldn't work because <lots of unrelated things>. huh.

He worked through a failed spec to see what the ticket was about, and eventually (20 minutes later) ran into the same issues Idid, and said "there's no way around this" (meaning what security wants won't actually help).

I remembered that Ruby has a `taint` state tracking, and realized I could use that to write a super elegant drop-in solution: some Rack middleware or a StrongParams monkeypatch to mark all foreign keys from user-input as tainted (so devs can validate and un-taint them), and also monkeypatch ACtiveRecord's create/save/update/etc. to raise an exception when seeing tainted data. I brought this up, and he searched for it. we discovered someone had already build this (not surprising), but also that Ruby2.7 deprecates the `taint` mechanism literally "because nobody uses it." joy. Boss also somehow thought I came up with it because I saw the other person's implementation, despite us searching for it because I brought it up? 🤨

Foregoing that, we looked up more possibilities, and he saw the whitelist+validation pattern quite a few more times, which he quickly dimissed as bad, and eventually decided that we "need to noodle on it for awhile" and come up with something else.

Shortly (seriously 3-5 minutes) after the call, he said that the StrongParams (whitelist) plus validation makes the most sense and is the approach we should use.

ffs.
I came up with that last week and he said no.
I brought it up multiple times during our call and he said it was bad or simply talked over me. He saw lots of examples in the wild and said it was bad. I came up with a better, more elegant solution, and he credited someone else. then he decided after the call that the StrongParams idea he came up with (?!) was better.

jfc i'm getting pissy again.

Question regarding implementing two factor authentication.

I want to implement 2FA for at least one service I'm writing but I'm wondering, next to email, what services/implementations could I use?

I know that email isn't the best when it comes to security but I also don't want to force (a-technical) users to install an app specifically for 2FA so keeping email as an option as well.

But except for email, any ideas? Anything related to Google/facebook (prism integrated services) are a no go anyways (this has, as mentioned before, nothing to do with my ego or giving myself 'a pat on the back')

As for costs, I don't mind a little bit of money but the service will be free at first and I'm not rich :)

Looking forward to the comments!

What an absolute fucking disaster of a day. Strap in, folks; it's time for a bumpy ride!

I got a whole hour of work done today. The first hour of my morning because I went to work a bit early. Then people started complaining about Jenkins jobs failing on that one Jenkins server our team has been wanting to decom for two years but management won't let us force people to move to new servers. It's a single server with over four thousand projects, some of which run massive data processing jobs that last DAYS. The server was originally set up by people who have since quit, of course, and left it behind for my team to adopt with zero documentation.

Anyway, the 500GB disk is 100% full. The memory (all 64GB of it) is fully consumed by stuck jobs. We can't track down large old files to delete because du chokes on the workspace folder with thousands of subfolders with no Ram to spare. We decide to basically take a hacksaw to it, deleting the workspace for every job not currently in progress. This of course fucked up some really poorly-designed pipelines that relied on workspaces persisting between jobs, so we had to deal with complaints about that as well.

So we get the Jenkins server up and running again just in time for AWS to have a major incident affecting EC2 instance provisioning in our primary region. People keep bugging me to fix it, I keep telling them that it's Amazon's problem to solve, they wait a few minutes and ask me to fix it again. Emails flying back and forth until that was done.

Lunch time already. But the fun isn't over yet!

I get back to my desk to find out that new hires or people who got new Mac laptops recently can't even install our toolchain, because management has started handing out M1 Macs without telling us and all our tools are compiled solely for x86_64. That took some troubleshooting to even figure out what the problem was because the only error people got from homebrew was that the formula was empty when it clearly wasn't.

After figuring out that problem (but not fully solving it yet), one team starts complaining to us about a Github problem because we manage the github org. Except it's not a github problem and I already knew this because they are a Problem Team that uses some technical authoring software with Git integration but they only have even the barest understanding of what Git actually does. Turns out it's a Git problem. An update for Git was pushed out recently that patches a big bad vulnerability and the way it was patched causes problems because they're using Git wrong (multiple users accessing the same local repo on a samba share). It's a huge vulnerability so my entire conversation with them went sort of like:

"Please don't."
"We have to."
"Fine, here's a workaround, this will allow arbitrary code execution by anyone with physical or virtual access to this computer that you have sitting in an unlocked office somewhere."
"How do I run a Git command I don't use Git."

So that dealt with, I start taking a look at our toolchain, trying to figure out if I can easily just cross-compile it to arm64 for the M1 macbooks or if it will be a more involved fix. And I find all kinds of horrendous shit left behind by the people who wrote the tools that, naturally, they left for us to adopt when they quit over a year ago. I'm talking entire functions in a tool used by hundreds of people that were put in as a joke, poorly documented functions I am still trying to puzzle out, and exactly zero comments in the code and abbreviated function names like "gars", "snh", and "jgajawwawstai".

While I'm looking into that, the person from our team who is responsible for incident communication finally gets the AWS EC2 provisioning issue reported to IT Operations, who sent out an alert to affected users that should have gone out hours earlier.

Meanwhile, according to the health dashboard in AWS, the issue had already been resolved three hours before the communication went out and the ticket remains open at this moment, as far as I know.

writing library code is hard.

there are sooo many details that go into writing good libraries:

designing intuitive and powerful apis
deciding good api option defaults, disallowing or warning for illegal operations

knowing when to throw, knowing when to warn/log
handling edge cases
having good code coverage with tests that doesn't suck shit, while ensuring thry don't take a hundred years to run

making the code easy to read, to maintain, robust
and also not vulnerable, which is probably the most overlooked quality.

"too many classes, too little classes"

the functions do too much it's hard to follow them
or the functions are so well abstracted, that every function has 1 line of code, resulting in code that is even harder to understand or debug (have fun drowning in those immense stack traces)

don't forget to be disciplined about the documentation.

most of these things are
deeply affected by the ecosystem, the tools of the language you're writing this in:

like 5 years ago I hated coding in nodejs, because I didn't know about linters, and now we have tools like eslint or babel, so it's more passable now

but now dealing with webpack/babel configs and plugins can literally obliterate your asshole.

some languages don't even have a stable line by line debugger (hard pass for me)

then there's also the several phases of the project:

you first conceive the idea, the api, and try to implement it, write some md's of usage examples.

as you do that, you iterate on the api, you notice that it could better, so you redesign it. once, twice, thrice.

so at that point you're spending days, weeks on this side project, and your boss is like "what the fuck are you doing right now?"

then, you reach fuckinnnnng 0.1.0, with a "frozen" api, put it on github with a shitton of badges like the badge whore you are.

then you drop it on forums, and slack communities and irc, and what do you get?

half of the community wants to ban you for doing self promotion

the other half thinks either
a) your library api is shitty
b) has no real need for it
c) "why reinvent the wheel bruh"

that's one scenario,

the other scenario is the project starts to get traction.

people start to star it and shit.
but now you have one peoblem you didn't have before: humans.

all sorts of shit:

people treating you like shit as if they were premium users.

people posting majestically written issues with titles like "people help, me no work, here" with bodies like "HAAAAAAAAAALP".

and if you have the blessing to work in the current js ecosystem, issues like "this doesn't work with esm, unpkg, cdnjs, babel, webpack, parcel, buble, A BROWSER".
with some occasional lunatic complaining about IE 4 having a very weird, obscure bug.

not the best prospect either.

The company I interned at last summer decided to adopt a JS framework a little over a year ago. The managers went with the old Angular 1.x because they didn't want a JS build process. Each page has ~100 script tags on it, and these are manually included in various files (no automated way to include dependencies). None of the CSS/JS files are minified, either.

They really should have chose Angular 2+, or an entirely different framework (React, VueJS). They're also just now upgrading the codebase from PHP 5.6 to PHP 7.2 (5.6 support ended a long time ago, and security support ends this month).

I love the company itself but these practices are poor.

I may be working there full time eventually. I hope to eventually help with the inevitable transition to a newer framework once Angular 1.x is dead since I am an avid user of newer JS technologies. Any tips on convincing manager(s) towards newer technology? (Or at least convincing them to combine+minify these files in production to reduce # of requests and bandwidth.)

Also this company's product has millions of active users.

Oh man. Mine are the REASON why people dislike PHP.

Biggest Concern: Intranet application for 3 staff members that allows them to set the admin data for an application that our userbase utilizes. Everything was fucking horrible, 300+ php files of spaghetti that did not escape user input, did not handle proper redirects, bad algo big O shit and then some. My pain point? I was testing some functionality when upon clicking 3 random check boxes you would get an error message that reads something like this "hi <SENSITIVE USERNAME DATA> you are attempting to use <SERVER IP ADDRESS> using <PASSWORD> but something went wrong! Call <OLD DEVELOPER's PHONE NUMBER> to provide him this <ERROR CODE>"

I panicked, closed that shit and rewrote it in an afternoon, that fucking retard had a tendency to use over 400 files of php for the simplest of fucking things.

Another one, that still baffles me and the other dev (an employee that has been there since the dawn of time) we have this massive application that we just can't rewrite due to time constraints. there is one file with (shit you not) a php include function that when you reach the file it is including it is just......a php closing tag. Removing it breaks down the application. This one is over 6000 files (I know) and we cannot understand what in the love of Lerdorf and baby Torvalds is happening.

From a previous job we had this massive in-house Javascript "framework" for ajax shit that for whatever reason unknown to me had a bunch of function and object names prefixed with "hotDog<rest of the function name>", this was used by two applications. One still in classic ASP and the other in php version 4.something

Legacy apps written in Apache Velocity, which in itself is not that bad, but I, even as a PHP developer, do not EVER mix views with logic. I like my shit separated AF thank you very much.

A large mobile application that interfaced with fucking everything via webviews. Shit was absolutley fucking disgusting, and I felt we were cheating our users.

A rails app with 1000 controller methods.

An express app with 1000 router methods with callbacks instead of async await even though async await was already a thing.

ultraFuckingLarge Delphi project with really no consideration for best practices. I, to this day enjoy Object Pascal, but the way in which people do delphi can scare me.

ASP.NET Application in wich there seemed to be a large portion of bolted in self made ioc framework from the lead dev, absolute shitfest, homie refused to use an actual ioc framework for it, they did pay the price after I left.

My own projects when I have to maintain them.

Yesterday I spent some time on the meta site for dba.stackexchange.com and found this one guy with 1 rep raging about how his questions aren't getting answered and how is answers are the best etc...

"I have 17 years of experience as a dba, blah, blah, blah, my answers are correct, blah, blah"

He got pretty destroyed by the mods and other users about how shit his answers were and how they weren't factually correct etc...

This just continues to show that no matter how much experience you have you won't always be right.

Same goes for my senior at work, he has 10 years more experience than me (I have 2) and he still asks for my point of view and help without being a dick about it.

I hope we'll all keep being nice people unlike that Stackexchange guy...

I work for "a" company. This company has completely broken my desire to improve user experiences.

For instance, they have fetishized reducing the amount of clicks users have to go through to improve user productivity. Normally this is good, in their grossly mutated views, not so much.

They want ALL the data on a single page, and want people to use ctrl+f to find whatever they want on these pages instead of, ya know, a site-wide search(which fucking exists).

So this makes page times and UX horrible, some pages will take upwards of 2 minutes to completely load. 2 fucking minutes! My team and I had reduced these down to 15 seconds by reducing the data displayed and paginating it using some awesome JS lazy load functions. Not great by any real metric, but still a huge improvement.

You know who uses it out of 400 employees? Me. You know who still constantly gets complaints that the pages load really fuckin slowly? Still me!

Fuck these dumb asses and their retarded ideologies. They are stuck so far up 1990s ass they can practically TASTE Clintons' taint.

The culture is so toxic for developers it's absolutely abhorrent and depressing.

There is no freedom to do what you need to do because you're too busy doing the things they ask you to do. Follow that up with quarterly performance reports that bring up questions like, "What do you do for us?".

The only positive to working in this shithole is that they wouldn't dare fire you because they would never find anyone that would stay long enough to become an expert on this pile of shit. Over the last year we have gone through an entire 16 dev team, twice. That's 36 developers that just straight up quit in 12 months, and it's not like any of them worked together either. I would say 3-4 out of the first group met the second group, and 1-2 stuck around for the current group.

I don't normally rant like this, but I've been holding this shit in for a very long time and I can't hold it in.

Fuck Apple and its review system

So, this started in december. We wanted to publsih an app, after years of development.

Submit to review, and passes on the first try. Well, what do you know. We are on manual release option, so we can release together with the android counterpart. Well yes, but someone notices that the app name is not what was aggreed (App Name instead of AppName). Okay, should be easy, submit the same app, just the name changed. If it passed once, it will pass again, right? HAH

Rejected, because the description, why we use the device’s camera is too general. Well... its the purpose of the app... but whatever, i read the guidelines, okay, its actually documented with exapmles. BUT THEN WHY THE FUCK COULDNT YOU SAY THAT ON THE FIRST UPLOAD?

Whatever, fix it, new version, accepted, ready to release just in time.

It doesindeed roll out,but of course, we notice that the app has a giant issue, but only on specific phones. None of our test phones had this problem, but those who have, essentially cannot use our program. Nasty as it is, the fix is really easy, done in 5 minutes. Upload it asap, literally nothing changed from user point of view, except now it doesnt crash on said devices. Meanwhile 1 star reviews are arriving from these users - of course with all the right. Apple should allow this patch quickly, right? HAH

THE REAL BULLSHIT COMES NOW

With only config files changed, the same binary uploaded we get rejected? What now? Lets read it. “Metadata rejected, no need to upload new binary”.... oh fine only the store page is wrong? Easy. Read the message, what went wrong. “Referencing third party content is nit permitted on the app store” meaning that no android test device should be shown. Fine, your rules. They even send a picutre of the offending element. BUT ITS NOT EVEN ON THE STORE. THATS A SCREENSHOT OF THE APP. HOW IS THAT METADATA? I ask about this, and i get a reply, from either a bot, or a person who cant speak or read english, and only pasted a sample answer, repeating the previous message. WTF. Fine, i guess you are dumb, but since they stop replying to our queries, do the only sensible thing, re-record the offending tutorial video that actually contained an android device. This is about 2 weeks, after the first try to apply a simple patch to a broken app. And still, how did it pass the review 2 times?

Whatever, reupload again, play the waiting game for a week, when the promised average wait time is 2 days, they hit us with a message, that they want to know what patent we use in our apps core functionality. WTF WHY NOW? It didnt bother you for a month, let it release ti production and now you delay a simple patch for this? We send them what they know. Aaaaand they reply: sorry we need more time to review your app. FUUUUUUCKKK YOUUU. You are reviewing a PATCH with close to zero functional change!!! Then, this shit goes on, every week we ask about an ETA, always asking for patience... at the end it took another 3 weeks... so december 15 to jan 21 in total...

FOR. A. SINGLE. FUCKING. PATCH

Bottom line is what is infurating, apple cares that there is an android device in the tutorial video, but they dont care that a significant percentage of our users simply cannot use the app.

Im done

Hi everyone, long time no see.

Today I want to tell you a story about Linux, and its acceptance on the desktop.

Long ago I found myself a girlfriend, a wonderful woman who is an engineer too but who couldn't be further from CS. For those in the know, she absolutely despises architects. She doesn't know the size units of computers, i.e. the multiples of the byte. Breaks cables on the regular, and so on. For all intents and purposes, she's a user. She has written some code for a college project before, but she is by no means a developer.

She has seen me using Linux quite passionately for the last year or so, and a few weeks ago she got so fed up with how Windows refused to work on both her computers (on one of them literally failing to run exe's, go figure), that she allowed me to reinstall both systems, with one of them being dualbooted Windows 10 + Linux.

The computer that runs Linux is not one she uses very often, but for gaming (The Sims) it's her platform to go. On it I installed Debian KDE, for the following reasons:
- It had to be stable as I didn't want another box to maintain.
- It had to be pretty OOTB, as first impressions are crucial.
- It had to be easy to use, given her skill level.
- It had to have a GUI abstraction to apt, the KDE team built Discover which looks gorgeous.

She had the following things to say about Linux, when she went to download The Sims from a torrent (I installed qBittorrent for her iirc).

"Linux is better, there's no need to download anything"
"Still figuring things out, but I'm liking it"
"I'm scared of using Windows again, it's so laggy"
"Linux works fine, I'm becoming a Linux user"

Which you can imagine, it filled me with pride. We've done it boys. We've built a superior system that even regular users can use, if the system is set up to be user-friendly.

There are a few gripes I still have, and pitfalls I want to address. There's still too many options, users can drown in the sheer amount of distro's to choose from. For us that's extremely important but they need to have a guide there. However, don't do remote administration for them! That's even worse than Microsoft's tracking! Whenever you install Linux on someone else's computer, don't be all about efficiency, they are coming from Windows and just want it to be easy to use. I use Mate myself, but it is not the thing I would recommend to others. In other words, put your own preferences aside in favor of objective usability. You're trying to sell people on a product, not to impose your own point of view. Dualboot with Windows is fine, gaming still sucks on Linux for the most part. Lots of people don't have their games on Steam. CAD software and such is still nonexistent (OpenSCAD is very interesting but don't tell me it's user-friendly). People are familiar with Windows. If you were to be swimming for the first time in the deep water, would you go without aids? I don't think so.

So, Linux can be shown and be actually usable by regular people. Just pitch it in the right way.

Bind's top {number} dev tools to make your 2018 easier!

//note 0: feel free to add your own
//note 1: no ides, only stuff thats useful for everyone

0) vscode, it got significantly better after the latest updates and is very versatile
1) gitkraken, now i use sourcetree because of the jira integration but kraken is available for linux too so
2) scaleway, they provide really cheap servers for whatever you want, easy to install images (docker too)
3) protonmail, an encrypted mail service that works a lot better than gmail (tutanota is a close 2nd but has a weeb name)
4) telegram, if you can, tell your team to ditch slack, because telegram is a lot more lightweight and even if you dont, just the channels make it worth giving it a shot
5) steemit, a blockchain based website where the users write the articles, you can find some good reads there (and photography if you like that stuff)
6) a dildo because it wouldnt be a bindview content without out of context penile objects

My project at work (an electron/angular desktop app) has an exceedingly rare bug that causes it to crash-to-desktop while loading. Nothing about the bug makes sense, and there's no way to catch or detect it until the next run, and it happens 100% of the time for affected users.

There have been six confirmed cases so far (out of 500k+ users), and nothing linking them together. None of the fixes discovered by those users have worked for other affected users.

The worst part?
I was the first of those cases. I inadvertently fixed it for myself and haven't been able to reproduce it since.

I'm stumped!

If programming languages were countries, which country would each language represent?

Disclaimer: its just a joke

Java: USA -- optimistic, powerful, likes to gloss over inconveniences.

C++: UK -- strong and exacting, but not so good at actually finishing things and tends to get overtaken by Java.

Python: The Netherlands. "Hey no problem, let'sh do it guysh!"

Ruby: France. Powerful, stylish and convinced of its own correctness, but somewhat ignored by everyone else.

Assembly language: India. Massive, deep, vitally important but full of problems.

Cobol: Russia. Once very powerful and written with managers in mind; but has ended up losing out.

SQL and PL/SQL: Germany. A solid, reliable workhorse of a language.

Javascript: Italy. Massively influential and loved by everyone, but breaks down easily.

Scala: Hungary. Technically pure and correct, but suffers from an unworkable obsession with grammar that will limit its future success.

C: Norway. Tough and dynamic, but not very exciting.

PHP: Brazil. A lot of beauty springs from it and it flaunts itself a lot, but it's secretly very conservative.

LISP: Iceland. Incredibly clever and well-organised, but icy and remote.

Perl: China. Able to do apparently almost anything, but rather inscrutable.

Swift: Japan. One minute it's nowhere, the next it's everywhere and your mobile phone relies on it.

C#: Switzerland. Beautiful and well thought-out, but expect to pay a lot if you want to get seriously involved.

R: Liechtenstein. Probably really amazing, especially if you're into big numbers, but no-one knows what it actually does.

Awk: North Korea. Stubbornly resists change, and its users appear to be unnaturally fond of it for reasons we can only speculate on.

The entire reason I became a developer was so that I could one day build something that I can say has/had a handful of users, that I could build something that helped save someone's life, that helped someone in their time of need.

That reason was fulfilled when I built my only successful and proudest project during a cold night in 2011. I was 16 at the time, and here in South India, there was a major cyclone affecting a portion of our country (Chennai/Tamil Nadu). A lot of my family were in affected areas, and I didn't know what I could do being so far away (around 400kms/250mi away, in Bangalore).

I stayed up all night to build what was then known as ChennaiRains.org. It was a simple website, a directory and a safe house for everyone's information. Whoever needed help, whoever was ready to give help, whoever was volunteering their travel, their time. I didn't think it would help much. I just wanted to make a small difference.

Next morning, after the hangover of the all-nighter I pulled faded away, I see that the website went viral after a few shares on Twitter. The community was so supportive of my little project to help my family and friends. It caught a peak traffic of a million users overnight, no ads, no money made from this, I just earned the experience of a lifetime. It eventually helped a lot of people in need, connected a lot of volunteers and victims.

It has been the epitome of my life. It's the reason I still develop applications to-date, even if they are simple. Somewhere out there, someone needs it, and I want to be able to help to them :)

It is once again that time of year when we say farewell to our current interns and say hello to a brand new batch.

The two groups overlap for a few days. During this time the old interns show the new interns the ropes, while the mentors silently weep in the lunchroom having realized that nothing that they've said over the last 12 months has had any effect whatsoever.

Some choice quotes:
---
New Intern: It says 'uncaught exception'.
Old Intern: Oh don't worry that will fix itself on production.
---
OI: Did you pull the code?
NI: Yeah, but I have all these weird brackets everywhere... [merge conflict]
OI: Oh yeah that happens sometimes, just delete them.
---
NI: It says "push to master rejected". [we enforce code reviews]
OI: Ohh that means the server is broken. You should tell someone, they have to reboot it.
---
NI: Where did that file save to? [we use ONLY macOS and Linux]
OI: C:\Users\<your name>\My Documents\...
---
OI: You can use either pgAdmin or MySQL Workbench. I like Workbench better but I couldn't get it to work, it kept giving me errors.
---
And of course...
---
OI: No, we don't use Linux. We use CentOS.
---

I did the math today. Only 35 more years and I can retire.

Watch out for these fucking bug bounty idiots.

Some time back I got an email from one shortly after making a website live. Didn't find anything major and just ran a simple tool that can suggest security improvements simply loading the landing page for the site.

Might be useful for some people but not so much for me.

It's the same kind of security tool you can search for, run it and it mostly just checks things like HTTP headers. A harmless surface test. Was nice, polite and didn't demand anything but linked to their profile where you can give them some rep on a system that gamifies security bug hunting.

It's rendering services without being asked like when someone washes your windscreen while stopped at traffic but no demands and no real harm done. Spammed.

I had another one recently though that was a total disgrace.

"I'm a web security Analyst. My Job is to do penetration testing in websites to make them secure."
"While testing your site I found some critical vulnerabilities (bugs) in your site which need to be mitigated."
"If you have a bug bounty program, kindly let me know where I should report those issues."
"Waiting for response."

It immediately stands out that this person is asking for pay before disclosing vulnerabilities but this ends up being stupid on so many other levels.

The second thing that stands out is that he says he's doing a penetration test. This is illegal in most major countries. Even attempting to penetrate a system without consent is illegal.

In many cases if it's trivial or safe no harm no foul but in this case I take a look at what he's sending and he's really trying to hack the site. Sending all kinds of junk data and sending things to try to inject that if they did get through could cause damage or provide sensitive data such as trying SQL injects to get user data.

It doesn't matter the intent it's breaking criminal law and when there's the potential for damages that's serious.

It cannot be understated how unprofessional this is. Irrespective of intent, being a self proclaimed "whitehat" or "ethical hacker" if they test this on a site and some of the commands they sent my way had worked then that would have been a data breach.

These weren't commands to see if something was possible, they were commands to extract data. If some random person from Pakistan extracts sensitive data then that's a breach that has to be reported and disclosed to users with the potential for fines and other consequences.

The sad thing is looking at the logs he's doing it all manually. Copying and pasting extremely specific snippets into all the input boxes of hacked with nothing to do with the stack in use. He can't get that many hits that way.

Stakeholder: In user profiles, I want users to be able to renew gift memberships for their giftee.

Me: ???

SH: For example, if I buy a gift membership for you and it expires or is about to expire, then I want to be able to renew it for you.

Me: Typically, gifts aren’t the gifter’s responsibility to manage. There’s no reason for you to be able to manage my membership from your account, even if just to renew. You’re opening up Pandora’s box here. If you let users renew for giftees, you’ll eventually have a user ask if they can cancel the giftee’s membership because they got into a fight and want to stick it to the giftee.

SH: But our users aren’t using the gift membership sales flow correctly. That results in all sorts of data issues for our reporting services and we spend so much time fixing it by hand.

Me: Your sales flow is confusing. The website asks users to verify membership for a giftee in case the giftee has or had a membership. How it the gifter supposed to know that? You’re trying to make things easier for you, but you’re expecting the user to know that and comply. That’s unrealistic.

SH: But there must be a something you can do.

Me: No.

LONG RANT ALERT, no TL;DR

* Writes an email to colleague about why I can't create a page on our CMS without at least a H1 title. She wants to me to put up an image with text on it (like a flyer), for multiple reasons, I say I need a textless image. *

30 minutes later:
* Casually plans a frontend optimization project, by looking at files on the CMS, in order to make further development easier and less time-taking*

*** EMAIL NOTIFICATION ***
* clicks *

"Hello, this is [Graphic designer] from the company who created the image with text on it. I do not understand why you can't put display:none on your <h1> tag. Also, being a web company, we are used to making themes and my solution of display:none will work. It's pityful to work on a design only to have it stripped out from most of its concept. If you can't do that, do tell me what resolution you need."

My first reaction:

"Dear [Graphic designer], I am managing our corporate identity, our backend and frontend codebase, I am a graphic designer myself, and am also SEO-aware. For at least 8 reasons (redacted, 'cuse too long), I will need an image without text. As told to my colleagues, I need a 72/96 DPI 16:9 ratio image, 1920x1080 is a good start but may be bigger. Also, looking at the image, it'll have to be in JPG, at 100% quality, exported for the web. Our database software will optimize the image by itself."

Reasons are about SEO issues, responsiveness issues, CMS tools issues, backend and frontend issues.

Instead, I sent following email "We can't. Image please."

I mean seriously. A bit of clarity for you:

In my company, nobody has the slightest idea what I do. They don't understand how a computer works (we all know it works by magic, right?). So of course, when one thinks what we don't know, we know it better than the one who knows, my colleague thought our CMS was like a word document, and began telling me how I should display her bible-length text-infected image, by using some inline css styling display:none.

I tell her "nope, because of my 8 reasons". She transmits that to the agency who's done the visual, now I have this [Graphic designer] not understanding that there are other CMSs than Wordpress on the web, and she tells me, me being one of the most aware on this CMS we have, how I should optimize my site?

Fucking shit, she connects on our CMS for 1 second and she'll get cancer since it's so bad. I'm in the process of planning a whole new rewrite so the website is well designed (currently I am modifying a base theme made by an incompetent designer). I know the system by heart and I know what you can, or can't do.

Now I just received an answer: "so it's only a pure technical problem". NO, OUR WEBSITE WAS CODED BY A CHIMPANZEE WHO THOUGHT WEB DEV WAS AS EASY AS WRITING "HELLO WORLD" ON A SHITTY CMS THAT FORCES DEV USERS TO USE A FUCKING CUM-WHITE-THEMED EDITOR TO EDIT THE WHOLE SITE!!!

I can't just sneeze and "oh look, it's working!"

Recently started at a new job. Things were going fine, getting along with everyone, everything seems good and running smoothly, a few odd things here and there but for the most part fine.

Then I decided to take a look at our (public facing) website... What's this? Outdated plugins from 2013? Okay, that's an easy fix I guess? All of these are free and the way we're using them wouldn't require a lot of refactoring...

Apparently not. Apparently, we can't even update them ourselves, we have to request that an external company does it (which we pay, by the way, SHITELOADS of money to). A week goes past, and we finally get a response.

No, we won't update it, you'll have to pay for it. Doesn't matter that there's a CVE list a bloody mile long and straight up no input validation in several areas, doesn't matter that tens of thousands of users are at risk, pay us or it stays broken. Boggles the fuckin' mind.

I dug into it a bit more than I probably should have (didn't break no laws though I'm not a complete dumbass, I just work for em) and it turns out it's not just us getting fucked over, it's literally EVERYONE using their service which is the vast majority of people within the industry in my country. It also turns out that the entirety of our region is running off a single bloody IP which if you do a quick search on shodan for, you guessed it, also has a CVE list pop up a fuckin' mile long. Don't get me started on password security (there is none). I hate this, there's fucking nothing I can do and everyone else is just fine sitting on their hands because "nobody would target us because we're not a bank!!", as if it bloody matters and as if peoples names, addresses, phone numbers and assuming someone got into our actual database, which wouldn't be a fuckin' stretch of the imagination let me tell you, far more personal details, that these aren't enticing to anyone.

What would you do in my situation?
What can I even do?
I don't want to piss anyone senior off but honestly, I'm thinkin' they might deserve it. I mean yeah there's nothing we can do but at least make a fuss 'cause they ain't gunna listen to my green ass.

!dev (Please, don't take this very seriously, I'm kind of burnt out)

I'm not having a good time.

I can't even write a post to properly explain how I feel.

I feel disappointed by life and by myself in many levels. Life is disappointing. I am disappointing too.

I'm having issues to focus, can't even write a couple of lines of code.

Time to listen to some emo lofi and write about how much I hate myself.

I wished I didn't feel these feelings.
I wished I didn't regret so many things I did or didn't do.
I wished I could fucking understand everything I read, but I don't, everything I read is gibberish, every paragraph makes me feel like I'm drifting in a storm.

I wished I was happy with my career, with my job. I wished I had a true friend.
I wished I could finish one goddamn fucking project for once.

I wished there was something that made me unique, but I don't think there's any.
I just feel like an ant, and that I don't really matter.

I don't feel like I'm someone at all, I feel like I'm experiencing a dream, and a rather boring one.

Programming used to be challenging and fun for me, but it has become this dull and stressful ordeal.

The internet has shown me that I don't matter really. I remember being a little kid and believing that the internet would not discriminate you, that right from the comfort of your house you could connect to people and be cared for, and collaborate in something.

But every year that passes I see that I was wrong. I have tried to put in time into people, I have asked people how they're doing, I have cared for their projects. But there's no reciprocation.

The internet itself has become a thing where the big fish only matters. The top 1k users will get 99% of the attention.

Fuck nurture, rule competition.

What's the point of creating a github project that you think it's cool? No one will give two shits about it, it won't make a goddamn difference whether you push it or not.

You know what fucking matters? If you're an apple or google developer and have thousands of followers.

Bla, bla, bla, I'm depressed...

Im getting a bit tired of programming.

I have been struggling for years regarding programming. I did have some moments of perceived success, but most of the time it has been depressing.

I’m not sure if I dislike programming. But there are some aspects of it that make me feel not as passionate about it.

First of, programs are invisible. No one sees your program or you (assuming we’re talking about a non artistic dev job).

People can’t see lines of code executing, but even if they did it would be gibberish to them.

Users can only become aware of bad software and that kind of breaks my heart a bit.

You could write fast, stable, secure, easy to read, easy to update software. People won’t notice. Hell, even your boss/coworkers might not notice.

In fact, sometimes you try to do the good thing, you try to become a better dev, you try to write tests first, you try to i18n, and what do you get? “Uhh, that’s taking too much time and I don’t see the benefit”.

I know some people will say that people noticing bad service happens on every job.

But programming is the ultimate isolation job. No client has ever told me “hey that code you wrote was pretty good”. They can’t even read code.

I don’t know the users, the users don’t know me, and the users can only judge my program by the result, they can only judge the visual interface.

Let’s say you write a cool project at github. The code is great. Guess what, every language’s ecosystem out there is saturated. Everything is already written. GitHub is saturated. Your best project ends up being a just for yourself enjoyment.

I’m not saying you shouldn’t enjoy code for yourself. That’s how I bet most prolific coders start. I’ve been doing that for many years now. But at some point you want to be part of something with humans.

Imagine I’m stranded on an island with nothing no humans, just food, water and a computer. Would I write code just for myself, just for fun? I think I would off myself 3 months in.

Maybe I should do develop a more social talent...

And this, ladies and gentlemen, is why you need properly tested backups!

TL;DR: user blocked on old gitlab instance cascade deleted all projects the user was set as owner.

So, at my customer, collegue "j" reviews gitlab users and groups, notices an user who left the organisation
"j" : ill block this user
> "j" blocks user
> minutes pass away, working, minding our own business
> a wild team devops leader "k" appears
k: where are all the git projects?
> waitwut?.jpg
> k: yeah all git projects where user was owner of, are deleted
> j.feeling.despair() ; me.feeling.despair();
> checks logs on server, notices it cascade deletes all projects to that user
> lmgt log line
> is a bugreport reported 3(!) years ago
> gitlab hasnt been updated since 3 years
> gitlab system owner is not present, backup contact doesnt know shit about it
> i investigate further, no daily backup cron tasks, no backup has been made whatsoever.
> only 'backups' are on file system level, trying to restore those
> gitlab requires restore of postgres db
> backup does not contain postgres since the backup product does not support that (wtf???)
> fubar.scene
> filesystem restore finished...
> backup product did not back up all files from git tree, like none of refs were stored since the product cannot handle such filenames .. Git repo's completely broken

Fuck my life

iPhones are ridiculously picky when it comes to finding a mate- um charger. And knowing why doesn't really make it any easier to understand why. If anything it baffles me more.

So, let's start with appliances that are not phones. Think Bluetooth headsets, keyboards, earbuds, whatever. Those are simple devices. They see 5V on the VCC line and 0V on ground, and they will charge at whatever current they are meant to. Usually it will not exceed 200mA, and the USB 2.0 spec allows for up to 500mA from any USB outlet. So that's perfectly reasonable to be done without any fuss whatsoever.

Phones on the other hand are smarter.. some might say too smart for their own good. In this case I will only cover Android phones, because while they are smarter than they perhaps should be, they are still reasonable.

So if you connect an Android phone to the same 5V VCC and 0V ground, while leaving the data lines floating, the phone will charge at 500mA. This is exactly to be within USB 2.0 spec, as mentioned earlier. Without the data lines, the phone has no way to tell whether it *can* pull more, without *actually* trying to pull more (potentially frying a charger that's not rated for it). Now in an Android phone you can tell it to pull more, in a fairly straightforward way. You just short the data lines together, and the phone will recognize this as a simple charger that it can pull 1A from. Note that shorting data lines is not a bad thing, we do it all the time. It is just another term for making a connection between 2 points. Android does this right. Also note that shorted data lines cannot be used to send data. They are inherently pulled to the same voltage level, probably 0V but not sure.

And then the iPhones come in, Thinking Different. The iPhones require you to pull the data lines to some very specific voltage levels. And of course it's terribly documented because iSheep just trying to use their Apple original white nugget charger overseas and shit like that. I do not know which voltage levels they are (please let me know!), but it is certainly not a regular short. Now you connect the iPhone to, say, a laptop or something to charge. An Android phone would just charge while keeping data transmission disabled (because they can be left floating or shorted). This is for security reasons mostly, preventing e.g. a malicious computer from messing with it. An iPhone needs to be unlocked to just charge the damn thing. I'm fairly sure that that's because the data lines need to be pulled up, which could in theory enable a malicious computer to still get some information in or out of it. USB data transmission works at at least 200mV difference between the data lines. It could be more than that. So you need to unlock it.

Apple, how about you just short your goddamn data lines too like everyone else? And while you're at it, get rid of this Lightning connector. I get it, micro USB was too hard for your users. I guess they are blind pigs after all. But USB-C solved all of that and more. The only difference I can think of is that the Lightning connector can be a single board with pads on either side on the connector, while in USB-C that could be at the socket end (socket being less common to be replaced). And at the end of the day, that really doesn't matter with all the other things that will break first.

Think Different. Think Retarded. Such tiny batteries and you can't even fucking charge them properly.

Just now I realized that for some reason I can't mount SMB shares to E: and H: anymore.. why, you might ask? I have no idea. And troubleshooting Windows.. oh boy, if only it was as simple as it is on Linux!!

So, bimonthly reinstall I guess? Because long live good quality software that lasts. In a post-meritocracy age, I guess that software quality is a thing of the past. At least there's an option to reset now, so that I don't have to keep a USB stick around to store an installation image for this crap.

And yes Windows fanbois, I fucking know that you don't have this issue and that therefore it doesn't exist as far as you're concerned. Obviously it's user error and crappy hardware, like it always is.

And yes Linux fanbois, I know that I should install Linux on it. If it's that important to you, go ahead and install it! I'll give you network access to the machine and you can do whatever you want to make it run Linux. But you can take my word on this - I've tried everything I could (including every other distro, custom kernels, customized installer images, ..), and it doesn't want to boot any Linux distribution, no matter what. And no I'm not disposing of or selling this machine either.

Bottom line I guess is this: the OS is made for a user that's just got a C: drive, doesn't rely on stuff on network drives, has one display rather than 2 (proper HDMI monitor recognition? What's that?), and God forbid that they have more than 26 drives. I mean sure in the age of DOS and its predecessor CP/M, sure nobody would use more than 26 drives. Network shares weren't even a thing back then. And yes it's possible to do volume mounts, but it's unwieldy. So one monitor, 1 or 2 local drives, and let's make them just use Facebook a little bit and have them power off the machine every time they're done using it. Because keeping the machine stable for more than a few days? Why on Earth would you possibly want to do that?!!

Microsoft Windows. The OS built for average users but God forbid you depart from the standard road of average user usage. Do anything advanced, either you can't do it at all, you can do it but it's extremely unintuitive and good luck finding manuals for it, or you can do it but Windows will behave weirdly. Because why not!!!

OMFG I don't even know where to start..
Probably should start with last week (as this is the first time I had to deal with this problem directly)..

Also please note that all packages, procedure/function names, tables etc have fictional names, so every similarity between this story and reality is just a coincidence!!

Here it goes..

Lat week we implemented a new feature for the customer on production, everything was working fine.. After a day or two, the customer notices the audit logs are not complete aka missing user_id or have the wrong user_id inserted.
Hm.. ok.. I check logs (disk + database).. WTF, parameters are being sent in as they should, meaning they are there, so no idea what is with the missing ids.

OK, logs look fine, but I notice user_id have some weird values (I already memorized most frequent users and their ids). So I go check what is happening in the code, as the procedures/functions are called ok.

Wow, boy was I surprised.. many many times..
In the code, we actually check for user in this apps db or in case of using SSO (which we were) in the main db schema..
The user gets returned & logged ok, but that is it. Used only for authentication. When sending stuff to the db to log, old user Id is used, meaning that ofc userid was missing or wrong.

Anyhow, I fix that crap, take care of some other audit logs, so that proper user id was sent in. Test locally, cool. Works. Update customer's test servers. Works. Cool..

I still notice something off.. even though I fixed the audit_dbtable_2, audit_dbtable_1 still doesn't show proper user ids.. This was last week. I left it as is, as I had more urgent tasks waiting for me..

Anyhow, now it came the time for this fuckup to be fixed. Ok, I think to myself I can do this with a bit more hacking, but it leaves the original database and all other apps as is, so they won't break.
I crate another pck for api alone copy the calls, add user_id as param and from that on, I call other standard functions like usual, just leave out the user_id I am now explicitly sending with every call.
Ok this might work.

I prepare package, add user_id param to the calls.. great, time to test this code and my knowledge..

I made changes for api to incude the current user id (+ log it in the disk logs + audit_dbtable_1), test it, and check db..
Disk logs fine, debugging fine (user_id has proper value) but audit_dbtable_1 still userid = 0.

WTF?! I go check the code, where I forgot to include user id.. noup, it's all there. OK, I go check the logging, maybe I fucked up some parameters on db level. Nope, user is there in the friggin description ON THE SAME FUCKING TABLE!!
Just not in the column user_id...

WTF..Ok, cig break to let me think..

I come back and check the original auditing procedure on the db.. It is usually used/called with null as the user id. OK, I have replaced those with actual user ids I sent in the procedures/functions. Recheck every call!! TWICE!! Great.. no fuckups. Let's test it again!
OFC nothing changes, value in the db is still 0. WTF?! HOW!?

So I open the auditing pck, to look the insides of that bloody procedure.. WHAT THE ACTUAL FUCK?!
Instead of logging the p_user_sth_sth that is sent to that procedure, it just inserts the variable declared in the main package..
WHAT THE ACTUAL FUCK?! Did the 'new guy' made changes to this because he couldn't figure out what is wrong?! Nope, not him. I asked the CEO if he knows anything.. Noup.. I checked all customers dbs (different customers).. ALL HAD THIS HARDOCED IN!!! FORM THE FREAKING YEAR 2016!!! O.o

Unfuckin believable.. How did this ever work?!

Looks like at the begining, someone tried to implement this, but gave up mid implementation.. Decided it is enough to log current user id into BLABLA variable on some pck..
Which might have been ok 10+ years ago, but not today, not when you use connection pooling.. FFS!!

So yeah, I found easter eggs from years ago.. Almost went crazy when trying to figure out where I fucked this up. It was such a plan, simple, straight-forward solution to auditing..

If only the original procedure was working as it should.. bloddy hell!!

Well, devRant has turned me from a bigot arse into quite the humble and decent person, and on top of that, introduced me to some new series (well more so the users than the platform, but you know what I mean).

Binge watched Silicon Valley (season one, I just started) and learnt about dick to floor ratio.

Prior to that binge watched Mr Robot. Cannot remember who suggested that, so I cannot attribute the appropriate gratitude to the appropriate person here.

Add to that that I no longer claim one language to be holy amongst others. Yeah. I was that dick before, we all have a bad side. I'm just admitting it.

I sat down and started utilising other languages, and even found quite a few that did what I wanted more efficiently. Plus I have gotten to meet some sharp people and broaden my own mind.

Fuck I hate my job, but I see a fucking brilliant future for myself thanks to coding and the open mind that I have attained. I attribute this to devRant (perhaps it was lying dormant, but you guys awoke it.).

Enough chitty chat, I'm off to sleep and then code my balls off.

Flash has made Java programs look desirable. And anyone keeping up with me knows I despise Java and C#, despite having written C# and currently working on deciphering a Java server to create documentation.

Before I begin, I want to make this clear: IT IS TWO THOUSAND AND FUCKING EIGHTEEN. 2018. WE HAVE BETTER TECH. JAVASCRIPT HAS TAKEN OVER THIS BITCH. So, firstly, FUCK FLASH. Seriously, that shit's a security liability. If you work for a company that uses it, find a new job and then fucking quit, or go mutany and get several devs to begin a JS-based implementation that has the same functionality. There is no excuse. "I'm fired?" That's not an excuse - if there is a way to stop the madness, then fucking hit the brakes on that shit or begin job hunting. Oh, and all you PMs who are reading this and have mandated or helped someone else to mandate work on an enterprise flash program, FUCK YOU. You are part of the problem.

The reason for this outburst seems unreasonable until you realize the hell I went through today. At my University, there is a basic entry-level psychology course I'm taking. Pearson, a company I already fucking hate for some of the ethically sketchy shit they pulled with PARCC as well as overreach in publishing to the point they produce state tests here in the US - has a product called "My PsychLab" and from here on out, I'm referring to it as MPL. MPL has an issue - it is entirely fucking Flash. Homework assignments, the textbook, FUCKING EVERYTHING. So, because of that, you need to waste time finding a browser that works. Now let me remind all of you that just because something SHOULD WORK does NOT mean that it actually does.

I'm sitting on my Antergos box a few days ago: Chromium and Firefox won't load Flash. I don't know why, and don't care to find out. NPAPI and whatnot are deprecated but should still run in a limited mode or some shit. No go on Antergos.

So, today I went to the lab in the desolated basement of an old building which is where it's usually empty except a student hired by the university to make sure nobody fucks things up. I decided - because y'all know I fuckin' hate this - to try Windows. No go in Chrome still - it loaded Flash but couldn't download the content. So I tried Firefox - which worked. My hopes were up, but not too long - because there was no way to input. The window had buttons and shit - but they were COMPLETELY UNRESPONSIVE.

So the homework is also Flash-based. It's all due by 1/31/18 - FOUR CHAPTERS AND THE ACCOMPANYING HOMEWORK - which I believe is Tuesday, and the University bookstore is closed both Saturday and Sunday. No way to get a physical copy of the book. And I have other classes - this isn't the only one.

Also, the copyright on the program was 2017 - so whoever modded or maintained that Flash code - FUCK YOU AND THE IRRESPONSIBLE SHIT YOUR TEAM PULLED. FUCK THE SUPERIORS MAKING DECISIONS AS WELL. Yeah, you guys have deadlines? So do the end users, and when you have to jump through hoops only to realize you're fucked? That's a failure of management and a failure of a product.

How many people are gonna hate me for this? Haters gonna hate, and I'm past the point of caring.

I do not like the direction laptop vendors are taking.

New laptops tend to feature fewer ports, making the user more dependent on adapters. Similarly to smartphones, this is a detrimental trend initiated by Apple and replicated by the rest of the pack.

As of 2022, many mid-range laptops feature just one USB-A port and one USB-C port, resembling Apple's toxic minimalism. In 2010, mid-class laptops commonly had three or four USB ports. I have even seen an MSi gaming laptop with six USB ports. Now, much of the edges is wasted "clean" space.

Sure, there are USB hubs, but those only work well with low-power devices. When attaching two external hard drives to transfer data between them, they might not be able to spin up due to insufficient power from the USB port or undervoltage caused by the impedance (resistance) of the USB cable between the laptop's USB port and hub. There are USB hubs which can be externally powered, but that means yet another wall adapter one has to carry.

Non-replaceable [shortest-lived component] mean difficult repairs and no more reserve batteries, as well as no extra-sized battery packs. When the battery expires, one might have to waste four hours on a repair shop for a replacement that would have taken a minute on a 2010 laptop.

The SD card slot is being replaced with inferior MicroSD or removed entirely. This is especially bad for photographers and videographers who would frequently plug memory cards into their laptop. SD cards are far more comfortable than MicroSD cards, and no, bulky external adapters that reserve the device's only USB port and protrude can not replace an integrated SD card slot.

Most mid-range laptops in the early 2010s also had a LAN port for immediate interference-free connection. That is now reserved for gaming-class / desknote laptops.

Obviously, components like RAM and storage are far more difficult to upgrade in more modern laptops, or not possible at all if soldered in.

Touch pads increasingly have the buttons underneath the touch surface rather than separate, meaning one has to be careful not to move the mouse while clicking. Otherwise, it could cause an unwanted drag-and-drop gesture. Some touch pads are smart enough to detect when a user intends to click, and lock the movement, but not all. A right-click drag-and-drop gesture might not be possible due to the finger on the button being registered as touch. Clicking with short tapping could be unreliable and sluggish. While one should have external peripherals anyway, one might not always have brought them with. The fallback input device is now even less comfortable.

Some laptop vendors include a sponge sheet that they want users to put between the keyboard and the screen before folding it, "to avoid damaging the screen", even though making it two millimetres thicker could do the same without relying on a sponge sheet. So they want me to carry that bulky thing everywhere around? How about no?

That's the irony. They wanted to make laptops lighter and slimmer, but that made them adapter- and sponge sheet-dependent, defeating the portability purpose.

Sure, the CPU performance has improved. Vendors proudly show off in their advertisements which generation of Intel Core they have this time. As if that is something users especially care about. Hoo-ray, generation 14 is now yet another 5% faster than the previous generation! But what is the benefit of that if I have to rely on annoying adapters to get the same work done that I could formerly do without those adapters?

Microsoft has also copied Apple in demanding internet connection before Windows 11 will set up. The setup screen says "You will need an Internet connection…" - no, technically I would not. What does technically stand in the way of Windows 11 setting up offline? After all, previous Windows versions like Windows 95 could do so 25 years earlier. But also far more recent versions. Thankfully, Linux distributions do not do that.

If "new" and "modern" mean more locked-in and less practical and difficult to repair, I would rather have "old" than "new".

Gaming community of mine launched their slick new website with their new "ticket system" where people could put in tickets to get help by volunteers.

2 hours and an approval by one of the admins later I managed to inject forge http request into literally every form on that side. Modify permissions, delete users, edit tickets, put invalid values into every attribute of them... In other words break everything.
Turns out the whole thing was coded as a first time project by a person who has no clue about web development and noone is in charge of anything really. There are no requirements, no beta testing, no version control or backups, but at least they had a hard deadline. 🤣

Still not sure if I wanna fix their shit and do it properly or just enjoy seeing it crash and burn.

YouTube just deleted my favorites playlist for supposed hate speech. My playlist had like 4k vids in it (none of them uploaded by me) and most of them were just stupid music videos or whatever, nothing even comes to mind that would qualify as hate speech, so because of this alleged needle in a 4k video haystack my playlist got deleted, YouTube did not even show any evidence of the supposed hate speech content within, my appeal was denied instantly. This is why I hate big tech- it is tyrannical and bullshit. It serves as an extra government nanny rather than appealing to its user base. This is because once a social platform grows so large that it has the monopoly on users, it no longer has to appeal to its users, it can then just focus on politics or other agendas. They can do this with confidence that they will not lose their users because they know that the modern internet narcissist will flock to any app that gives them the biggest audience, and since they have the monopoly on users they can rest assured the common narcissist will flock to their app (no matter how shitty or tyrannical) because they’ll get the most exposure there. This is the pattern every big social media platform falls into. At one point YouTube was cool….

Some websites are a disgrace to the internet and I wish there was a service that terminates them on a daily basis.

Really though, can you do some simple research about your users and see what will make their life easy?

You put the most important button of your website in a place where the I have to scroll down and looks for it. The beginning of your page has a stock picture that has no meaning or relevance to the topic of your page. WHAT THE FUCK IS WRONG WITH YOU?

And your button, it doesn't even look like a fucking button. It looks like a normal text, which doesn't even react to hovering. At least change the cursor to pointer so that I can understand that it's a button.

Fuck you, your button and your useless stock picture.

I hate some parts of this company.

They literally have a "Designer" which made a mockup for our new UI and honestly when I first saw it I almost threw up.

Having made a lot of designs myself for personal projects and for fun I LITERALLY SAW he barely put any effort into it he just threw some stuff together took a shit on it and called it a UI.

For that interview we were actually expecting wireframes and not mockups since we were not sure what workflow we wanted for the UI.
Of course this would have come with feedback from us and then would have been reiterated and this was clear from our last talk with him.

Maybe he didn't know what wireframes were ¯\_(ツ)_/¯

If this wasn't enough, he was also consistently misspelling words all over the place, not aligning parts of the UI, misplacing common UI elements and stupid stuff like having a GIGANTIC + button for adding a object to a list for a NO TOUCH SCREEN UI.

(The plus button was all the way to the bottom left of the screen as far away from the list so users get a good hand workout).

But everyone just loved it because "We have known him for a long time and he has a big portfolio so he must know what he's doing".

I couldn't bring in anything, you truly notice the difference between "I don't agree with your opinion but you are heard" and "Shutup my buddy the designer is amazing".

I was not being an asshole I was giving critique on specific parts of the UI and not just saying "it's shit" hoping we could improve on it. Still having naive hope for the future of this project.

He even looked kinda mad and irritated by my opinion and just looked at the people previously mentioned.

I truly hate people who just keep using the exact same worthless piece of garbage people because they have known them for a long time.

Personally I wanted to grab him off his chair and throw him out through the window, 2 floors down, straight into the garbage bin, making damn sure he doesn't accidentally fall into the recycle bin.

Never ever would I enjoy or like this application's UI if I had to work with it as a user.

SQL Rule 1. Always assume there are external processes that might affect your data. (for instance, triggers).
SQL Rule 2. In Denormalised data, never execute logic on dependant table values, always copy from the parent.
SQL Rule 3. When Denormalised data schemas are created the DBA knows what they are doing.
SQL Rule 3.1. If DBA knows what they is doing then according to Rule 1 there is no problem with adding in some triggers to maintain data clones as they are created.
SQL Rule 4. If you don't like or agree with triggers, deal with it. They are a first class tool in a first class RDBMS. In a multi-app or service environment there may be many other external processes massaging your data
SQL Rule 5. If all previous rules are not broken and the system has been running efficiently for many years DO NOT complain that there are triggers in the database that are doing and have been doing the same process that you just butchered (by violating Rule 1 and 2) in your makeshift "hello world, look what I can do from my phone" angular BS when the rest of the users are still relying on the existing runtime app.
SQL Rule 6. If you turn my triggers off, you sure as hell better turn them back on!

This is how Pokémon Go shows errors to its users. It says a generic „Error“ in German with different numbers for different errors.
I am not an UX expert, but isn’t this a really bad practice? The error number has no meaning to the user, so why displaying it? I think it is just confusing and looks ugly 😐

Rant!

Been working on 'MVP' features of a new product for the past 14 months. Customer has no f**king clue on how to design for performance. An uncomfortable amount of faith was placed on the ORM (ORMs are not bad as long as you know what you are doing) and the magic that the current framework provides. (Again, magic is good so long as you understand what happens behind the smoke and mirrors - but f**k all that... coz hey, productivity, right?). Customer was so focussed on features that no one ever thought of giving any attention to subtler things like 'hey, my transaction is doing a gazillion joins across trizillion tables while making a million calls to the db - maybe I should put more f**king thought into my design.' We foresaw performance and concurrency issues and raised them way ahead of the release. How did the customer respond? By hiring a performance tester. Fair enough - but what did that translate into? Nothing. Nada. Zilch. Hiring a perf tester doesn't automagically fix issues. The perf tester did not have a stable environment, a stable build or anything that is required to do a test with meaningful results. As the release date approached, the customer launched a pilot and things started failing spectacularly with the system not able to support more than 15 concurrent users. WTF! (My 'I told you so' moment) Emails started flying in all directions and the hunt for the scapegoat was on (I'm a sucker for CYA so I was covered). People started pointing in all directions but no one bothered to take a step back and understand what was causing the issues. Numero uno reason for transaction failure was deadlocks. We were using a proprietary DB with kickass tooling. No one bothered to use the tooling to understand what was the resource in contention let alone how to fix the contention. Absolute panic - its like they just froze. Debugging shit and doing the same thing again and again just so that management knew they were upto something. Most of the indexes had a fragmentation of 99.8% - I shit you not. Anywho, we now have a 'war room' where the perf tester needs to script the entire project by tonight and come up with some numbers that will amount to nothing while we stay up and keep profiling the shit out of the application under load.

Lessons learnt - When you foresee a problem make a LOT of noise to get people to act upon it and not wait till it comes back and bites you in the ass. Better yet, try not to get into a team where people can't understand the implications of shitty design choices. War room my ass!

The only thing more dangerous than an alcoholic short-term-memory-challenged non-technical throw-you-under-the-bus IT director with self-esteem issues that are sporadically punctuated by delusions of superiority is one who fears for his job. Submitted for your inspection: a besotted mass of near-human brain function who not only has a 50 person IT department to run, but has also been questioned by the business owners as to what he actually does. So he has decided to show them. He has purchased a vendor product to replace a core in-house developed application used to facilitate creating the product the business sells. The purchased software only covers about 40 percent of the in-house application's functionality, so he is contracting with the vendor to perform custom development on the purchased product (at a cost likely to be just shy of six-figures) so that about 90 percent of existing functionality will be covered. He has asked one of his developers (me) to scale down the existing software to cover the functionality gaps the purchased software creates. There is no deployment plan that will allow the business to transition from the current software to the new vendor​-supplied one without significantly hurting the ability of the business to function. When anyone raises this issue he dismisses it with sage musings such as, "I know it will be painful, but we'll just have to give the users really good support." Because he has no idea what any of his staff actually does, he is expecting one of his developers (again, unfortunately, me) to work with the vendor so that the Frankensoftware will perform as effectively as the current software (essentially as a project manager since there will be no in-house coding involved). Lastly, he refuses to assign someone to be responsible for the software: taking care of maintenance, configuration, and issue resolutions after it has been rolled out. When I pointedly tell him I will not be doing that (because this is purchased software and I am not a system admin or desktop engineer) he tells me, "Let me think about this." The worst part is that this is only one of four software replacement initiatives he is injecting himself into so he can prove his worth to the business owners. And by doing so he is systematically making every software development initiative akin to living in Dante's Eighth Circle. I am at the point where I want to burn my eye out with a hot poker, pour salt into the wound, and howl to the heavens in unbearable agony for a month, so when these projects come to fruition, and I am suffering the wrath of the business owners, I can look back on that moment I lost my eye and think "good times."

Just another big rant story full of WTFs and completely true.

The company I work for atm is like the landlord for a big german city. We build houses and flats and rent them to normal people, just that we want to be very cheap and most nearly all our tenants are jobless.
So the company hired a lot of software-dev-companies to manage everything.

The company I want to talk about is "ABI...", a 40-man big software company. ABI sold us different software, e.g. a datawarehouse for our ERP System they "invented" for 300K or the software we talk about today: a document management system. It has workflows, a 100 year-save archive system, a history feature etc.
The software itself, called ELO (you can google it if you want) is a component based software in which every company that is a "partner" can develop things into, like ABI did for our company.

Since 2013 we pay ABI 150€ / hour (most of the time it feels like 300€ / hour, because if you want something done from a dev from ABI you first have to talk to the project manager of him and of course pay him too). They did thousand of hours in all that years for my company.

In 2017 they started to talk about a module in ELO called Invoice-Module. With that you can manage all your paper invoices digital, like scan that piece of paper, then OCR it, then fill formular data, add data and at the end you can send it to the ERP system automatically and we can pay the invoice automatically. "Digitization" is the key word.

After 1.5 years of project planning and a 3 month test phase, we talked to them and decided to go live at 01.01.2019. We are talking about already ~ 200 hours planning and work just from ABI for this (do the math. No. Please dont...).

I joined my actual company in October 2018 and I should "just overview" the project a bit, I mean, hey, they planned it since 1.5 years - how bad can it be, right?

In the first week of 2019 we found 25 bugs and users reporting around 50 feature requests, around 30 of them of such high need that they can't do their daily work with the invoices like they did before without ELO.
In the first three weeks of 2019 we where around 70 bugs deep, 20 of them fixed, with nearly 70 feature requests, 5 done. Around 10 bugs where so high, that the complete system would not work any more if they dont get fixed.

Want examples?
- Delete a Invoice (right click -> delete, no super deep hiding menu), and the server crashed until someone restarts it.
- missing dropdown of tax rate, everything was 19% (in germany 99,9% of all invoices are 19%, 7% or 0%).

But the biggest thing was, that the complete webservice send to ERP wasn't even finished in the code.
So that means we had around 600 invoices to pay with nearly 300.000€ of cash in the first 3 weeks and we couldn't even pay 1 cent - as a urban company!

Shortly after receiving and starting to discussing this high prio request with ABI the project manager of my assigned dev told me he will be gone the next day. He is getting married. And honeymoon. 1 Week. So: Wish him luck, when will his replacement here?

Deep breath.
Deep breath.

There was no replacement. They just had 1 developer. As a 40-people-software-house they had exactly one developer which knows ELO, which they sold to A LOT of companies.

He came back, 1 week gone, we asked for a meeting, they told us "oh, he is now in other ELO projects planned, we can offer you time from him in 4 weeks earliest".

To cut a long story short (it's to late for that, right?) we fought around 3 month with ABI to even rescue this project in any thinkable way. The solution mid February was, that I (software dev) would visit crash courses in ELO to be the second developer ABI didnt had, even without working for ABI....

Now its may and we decided to cut strings with ABI in ELO and switch to a new company who knows ELO. There where around 10 meetings on CEO-level to make this a "good" cut and not a bad cut, because we can't afford to scare them (think about the 300K tool they sold us...).

01.06.2019 we should start with the new company. 2 days before I found out, by accident, that there was a password on the project file on the server for one of the ELO services. I called my boss and my CEO. No one knows anything about it. I found out, that ABI sneaked into this folder, while working on another thing a week ago, and set this password to lock us out. OF OUR OWN FCKING FILE.
Without this password we are not able to fix any bug, develop any feature or even change an image within ELO, regardless, that we paid thausend of hours for that.

When we asked ABI about this, his CEO told us, it is "their property" and they will not remove it.
When I asked my CEO about it, they told me to do nothing, we can't scare them, we need them for the 300K tool.

No punt.
No finish.

Just the project file with a password still there today

School gave me 3 DigitalOcean droplets to try out Kubernetes in the cloud, awesome!

Wrote an Ansible script to not only simply install docker and add users but also add kubernetes, nice!

Oh wait, error?! Well I should've known this wasn't going to be easy... ah well no problem. Let's see... Ansible is cryptic as always, it can't connect to the API server? Is it even running?

Let's ssh to the master, ah nothing is running, great. Let's try out kubeadm init and see what happens, oh gosh, my Docker version has not been validated! No problem, let's just downgrade!

How do I do that? Oh I know, change the version in the role! Wait that version doesn't exit? Let's travel to Docker's website and see what versions exist of docker-ce, oh I see, it needs a subversion, no problem.

Oh that errors too? Wait then what... Oh I need a ~ and a ubuntu and a 0 somewhere, my mistake!

Let's run it again! Fails!

Same ssh process, oh wait...

Oh god no...

Kubernetes requires 2 cores and these things only have 1...

Welp, time to ask the teachers to resize my droplet by a small amount tomorrow, hopefully I'll get a new error!

----------------------------------------------

My adventure so far with Kubernetes. I'm not installing it for any serious/prod reason, just for educational purposes. K8s seems like 'endgame' to me, like one of the 'big guys' that big enterprises use so I'm eager to throw stuff at a droplet and see what happens.

Going further down the rabbit hole tomorrow!

Wish me luck :3

(And yes, I could've figured this all out beforehand with documentation, but this is more fun in my opinion)

Static HTML pages are better than "web apps".

Static HTML pages are more lightweight and destroy "web apps" in performance, and also have superior compatibility. I see pretty much no benefit in a "web app" over a static HTML page. "Web apps" appear like an overhyped trend that is empty inside.

During my web browsing experience, static HTML pages have consistently loaded faster and more reliably, since the browser is immediately served with content useful for consumption, whereas on JavaScript-based web "apps", the useful content comes in **last**, after the browser has worked its way through a pile of script.

For example, an average-sized Wikipedia article (30 KB wikitext) appears on screen in roughly two seconds, since MediaWiki uses static HTML. Everipedia, in comparison, is a ReactJS app. Guess how long that one needs. Upwards of three times as long!

Making a page JavaScript-based also makes it fragile. If an exception occurs in the JavaScript, the user might end up with a blank page or an endless splash screen, whereas static HTML-based pages still show useful content.

The legacy (2014-2020) HTML-based Twitter.com loaded a user profile in under four seconds. The new react-based web app not only takes twice as long, but sometimes fails to load at all, showing the error "Oops something went wrong! But don't fret – it's not your fault." to be displayed. This could not happen on a static HTML page.

The new JavaScript-based "polymer" YouTube front end that is default since August 2017 also loads slower. While the earlier HTML-based one was already playing the video, the new one has just reached its oh-so-fancy skeleton screen.

It would once have been unthinkable to have a website that does not work at all without JavaScript, but now, pretty much all popular social media sites are JavaScript-dependent. The last time one could view Twitter without JavaScript and tweet from devices with non-sophisticated browsers like Nintendo 3DS was December 2020, when they got rid of the lightweight "M2" mobile website.

Sometimes, web developers break a site in older browser versions by using a JavaScript feature that they do not support, or using a dependency (like Plyr.js) that breaks the site. Static HTML is immune against this failure.

Static HTML pages also let users maximize speed and battery life by deactivating JavaScript. This obviously will disable more sophisticated site features, but the core part, the text, is ready for consumption.

Not to mention, single-page sites and fancy animations can be implemented with JavaScript on top of static HTML, as GitHub.com and the 2018 Reddit redesign do, and Twitter's 2014-2020 desktop front end did.

From the beginning, JavaScript was intended as a tool to complement, not to replace HTML and CSS. It appears to me that the sole "benefit" of having a "web app" is that it appears slightly more "modern" and distinguished from classic web sites due to use of splash screens and lack of the browser's loading animation when navigating, while having oh-so-fancy loading animations and skeleton screens inside the website. Sorry, I prefer seeing content quickly over the app-like appearance of fancy loading screens.

Arguably, another supposed benefit of "web apps" is that there is no blank page when navigating between pages, but in pretty much all major browsers of the last five years, the last page observably remains on screen until the next navigated page is rendered sufficiently for viewing. This is also known as "paint holding".

On any site, whenever I am greeted with content, I feel pleased. Whenever I am greeted with a loading animation, splash screen, or skeleton screen, be it ever so fancy (e.g. fading in an out, moving gradient waves), I think "do they really believe they make me like their site more due to their fancy loading screens?! I am not here for the loading screens!".

To make a page dependent on JavaScript and sacrifice lots of performance for a slight visual benefit does not seem worthed it.

Quote:

> "Yeah, but I'm building a webapp, not a website" - I hear this a lot and it isn't an excuse. I challenge you to define the difference between a webapp and a website that isn't just a vague list of best practices that "apps" are for some reason allowed to disregard. Jeremy Keith makes this point brilliantly.
>
> For example, is Wikipedia an app? What about when I edit an article? What about when I search for an article?
>
> Whether you label your web page as a "site", "app", "microsite", whatever, it doesn't make it exempt from accessibility, performance, browser support and so on.
>
> If you need to excuse yourself from progressive enhancement, you need a better excuse.

– Jake Archibald, 2013

At work, my closest relation is with the DBA. Dude is a genius when it comes to proper database management as well as having a very high level of understanding concerning server administration, how he got that good at that I have no clue, he just says that he likes to fuck around with servers, Linux in particular although he also knows a lot about Windows servers.

Thing is, the dude used to work as a dev way back when VB pre VB.NET was all the rage and has been generating different small tools for his team of analysts(I used to be a part of his team) to use with only him maintaining them. He mentioned how he did not like how Microsoft just said fk u to VB6 developers, but that he was happy as long as he could use VB. He relearned how to do most of the GUI stuff he was used to do with VB6 into VB.NEt and all was good with the world. I have seen his code, proper OOP practices and architectural decisions, etc etc. Nothing to complain about his code, seems easy enough to extend, properly documented as well.

Then he got with me in order to figure out how to breach the gap between building GUI applications into web form, so that we could just host those apps in one of our servers and his users go from there, boy was he not prepared to see the amount of fuckery that we do in the web development world. Last time my dude touched web development there was still Classic ASP with JScript and VBScript(we actually had the same employer at one point in the past in which I had to deal with said technology, not bad, but definitely not something I recommend for the current state of web development) and decided that the closest thing to what he was used was either PHP(which he did not enjoy, no problem with that really, he just didn't click with the language) and WebForms using VB.NET, which he also did not like on account of them basically being on support mode since Microsoft is really pushing for people to adopt dotnet core.

After came ASP.NET with MVC, now, he did like it, but still had that lil bug in his head that told him that sticking to core was probably a better idea since he was just starting, why not start with the newest and greatest? Then in hit(both of us actually) that to this day Microsoft still not has command line templates for building web applications in .net core using VB.NET. I thought it was weird, so I decided to look into. Turns out, that without using Razor, you can actually build Web APIs with VB.NET just fine if you just convert a C# template into VB.NET, the process was...err....tricky, and not something we would want to do for other projects, with that in we decided to look into Microsoft's reasons to not have VB.NET. We discovered how Microsoft is not keeping the same language features between both languages, having crown C# as the language of choice for everything Microsoft, to this point, it seems that Microsoft was much more focused in developing features for the excellent F# way more than it ever had for VB.NET at this point and that it was not a major strategy for them to adapt most of the .net core functionality inside of VB, we found articles when the very same Microsoft team stated of how they will be slowly adding the required support for VB and that on version 5 we would definitely have proper support for VB.NET ALTHOUGH they will not be adding any new development into the language.

Past experience with Microsoft seems to point at them getting more and more ready to completely drop the language, it does not matter how many people use it, they would still kill it :P I personally would rather keep it, or open source the language's features so that people can keep adding support to it(if they can of course) because of its historical significance rather than them just completely dropping the language. I prefer using C#, and most of my .net core applications use C#, its very similar to Java on a lot of things(although very much different in others) and I am fine with it being the main language. I just think that it sucks to leave such a large developer pool in the shadows with their preferred tool of choice and force them to use something else just like that.

My boy is currently looking at how I developed a sample api with validation, user management, mediatR and a custom project structure as well as a client side application using React and typescript swappable with another one built using Angular(i wanted to test the differences to see which one I prefer, React with Typescript is beautiful, would not want to use it without it) and he is hating every minute of it on account of how complex frontend development has become :V

Just wanted to vent a little about a non bothersome situation.

Boss"So, we need to get some data about the users using the APIs from this list of sites."
Me"Alright, sounds feasible enough"

Navigating to first site.

M"Hold on, where's the API?"
B"What do you mean? You're looking at it."
M"This is a website with a search bar, not an API"
B"Same thing. Get to scrapping that data."
M"I-It's written in a JS framework to be reactive in a half-assed way."
B"We need that data"
M"The data is not even consistent!"
B"That's why we need to join it with all these different sources."

The API was a lie. None of the sites had anything remotely similar to an API.

Having to use bloody selenium with chrome driver to scrap all the information because of course, it has to be done programatically every week from now on.

I just hope no captcha of any kind is installed before I finish this project.

I once agreed to maintain and develop an application used in a different section of the school to keep inventory and make sure everything is where it is supposed to be.

At first there was enthusiasm, together with 2 of my classmates we agreed and git clone-d the .NET application that now graduated students built and maintained for the past few years. What could go wrong right?!

It became clear that the original students that worked on it followed an older curriculum, meaning they still got taught .NET instead of the core variant that we get now, not only that but it also seemed that they either did not fully grasp the Clean/Onion architecture or didn't get it in class since there were infrastructure components in the 'Domain' project of the solution. Think of 2 DBContexts in the domain model, yep.

One of us bailed in the first week, the other one and I felt bad for the people using the app so we went on and tried to work on the first bugs that were described in a document. One of these bugs was 'whenever I filter on something in the list, everybody gets to see that filter on their screen instead of only me'. Woah that's weird! Let's see how they put that together!

Oh god, they are using a _static_ variable to store filters, no wonder that it doesn't work properly. Ever heard of sessions?!

Second bug: Sometimes people can't create an account when we sign them up from the admin panel. Alright that is weird, let's figure that one out! Wait a second it seems to work in development? What's this about.

Oh wait I can't create an account on production either? Oh that's weird, wait a second... Why do I have to put my e-mail in a form that was sent to me through e-mail? Why is my address not filled in already? OOH, if someone types in the wrong e-mail address (which is easy since our school has 4 variants of the same f*cking e-mail address) it won't work since it can't recognize the user! Brilliant! Remove e-mail input box and make a token/queryparam determine the user account.

Ah that seems good, it's a mess but it seems a tiny bit better now, great! We're making progress and some sweet buck.

Next bug, trillions of 50x errors on random pages, that's a weird one.

Hm everything works in development, that's odd. Is the production data corrupted?

DID I MENTION that in order to get into the system in development we have to load in a f*cking production database backup ON OUR DEVELOPMENT MACHINE and then ask one of the users' password to login to it and create an account for ourselves? Seeding? What's that, right?!

Anyway, back to bug fixing. I e-mail the the people responsible for the app and get a production admin account, oh I also can't ssh into it because of policies so I have to do everything over e-mail and figure out what's causing the errors. I somehow also wonder if they have any kind of virtualization in place, giving students a VM to do that stuff in doesn't seem so weird does it ? Even with school policies?

Oh btw, 'deploying' means sending a .zip file to a guy in another building and telling him how to configure it, apparently this resulted in a missing folder that the application needed to work and couldn't make on its own. This after 2 weeks of e-mailing back and forth.

After 3 months i quit out of despair and sadness, and due to the fact that I just couldn't do it anymore. I separated everything into logical subprojects and let the last guy handle it, he was OK with that and understood why I left.

Luckily, around that time I already had an actual job at a software development company :)

!rant

The efficiency of every dev stack in the world will never compare to just dropping my folder of php code into a server, with proper configurations, routes envs and everything else into a folder and watch it run.

I a pops shop wants me to build something for them? php

If an enterprise grade with a lot of users comes about? php

I have yet to have a single issue with it as most of you evee poluted, herd ready, mob mentality mfkers want to make believe.

Legit, the language is flawed, but has yet to fuck with me, i have memorized the quirks and fuckups of the language (much like I have done with JS) to know that a lot of you just bandwaggon over shit.

"It DoeSnt hAve proPer geNerics"

boom, deployed a form to a customer for his site, charged $2k for a one day job with no issue. But go ahead, setup an entire fucking pipeline of dependencies, a .net app and/or an entire bs app in node or rails(which I love btw) or an entire fuckState centric app in Go that gets messier the more you look at it and it would not be as easy or as simple to deploy.

Legit, in my entire career, nothing makes my life simpler for the web.

Startup-ing 101, from Fitbit:
- spy on users
- sell data
- cut production costs
- mutilate people's bodies, leaving burn scars that will never heal
- announce the recall, get PR, and make the refund process impossibly convoluted
- never give actual refunds
- claim that yes, fitbit catches fire, but only the old discontinued device, just to mess with search results and make the actual info (that all devices catch fire) hard to find
- try hard to obtain the devices in question, so people who suffered have no evidence
- give bogus word salad replies to the press

This is what one of the people burned has to say:
"I do not have feeling in parts of my wrist due to nerve damage and I will have a large scar that will be with me the rest of my life. This was a traumatic experience and I hope no one else has to go through it. So, if you own a Fitbit, please reconsider using it."

Ladies and gentlemen, cringefest starts. One of fitbit replies:
"Fitbit products are designed and produced in accordance with strict standards and undergo extensive internal and external testing to ensure the safety of our users. Based on our internal and independent third party testing and analysis, we do not believe this type of injury could occur from normal use. We are committed to conducting a full investigation. With Google's resources and global platform, Fitbit will be able to accelerate innovation in the wearables category, scale faster, and make health even more accessible to everyone. I could not be more excited for what lies ahead".

In the future, corporate speech will be autogenerated.

(if you wear fitbit, just be aware of this.)

Everybody is criticizing Microsoft for leaving too much legacy code in Windows, etc., but let me tell you that I prefer 100% that and have lifetime backward compatibility than having to deal with Google bullshit.

Google sucks ass.
It's one of the most dev unfriendly company on this planet (along with Facebook).

You can't fucking change BASIC stuff in Android SDK every fucking version.
You just can't!

You can't use a system of "PERMISSIONS" each developer has to set in its application and each user has to accept during the installation, that a few versions later become USELESS... because "Hmmm… no, It's not enough, let's make a new privileged permission that makes the old one fucking worthless".

YOU FUCKING, TOXIC, BASTARDS.

It's my app, my code, my device, my fucking conditions. If I want to install viruses on my device, I should be able to do it.
I shouldn't have to call fucking Sundar fucking Pichai fucking CEO of fucking GOOGLE.

USERS != BABIES.
DEVS != CRIMINALS

We are the reason you have a fucking job, fucking food on your fucking table.

I want a fucking GOD_MODE permission in the next SDK, assholes!

You can't REMOVE fucking "Android.OS.getSerial()" making it only for system apps.
It's not sensible data… and if It's in your opinion, you've already created a "android.permission.READ_PHONE_STATE", so what else do you want, fucking asshole?
Right, you want to introduce "android.permission.READ_PRIVILIGED_PHONE_STATE" to make obsolete the other one, son of a bitch!

I don't fucking use you're garbage Google Play Store, no worries! I won't upload my app on your servers, bitch!

They've created a monopoly in the industrial space (PDAs) and they keep making fucking wrong decisions every single year.

My job is already stressful, why you can't just stop making it worse? fml

Pull-to-refresh is useless.

If you are a mobile app developer, please get rid of pull-to-refresh. Your users will thank you.

I have the impression that mobile app developers choose to implement the pull-to-refresh gimmick just in order to make their app comply with a design trend. It seems like a desperate attempt to appear "modern" and "fancy", not because of the actual usefulness of the gesture.

Pull-to-refresh is one of those things that are well-intended but backfire. It appears helpful on first sight, but turns out to be a burden.

It takes effort and cognitive strain to avoid triggering a pull-to-refresh. The user can't use the app relaxed but has to walk on eggshells.

Every unwanted refresh wastes battery power, mobile data (if it is an Internet-connected app), and can lead to the loss of form data.

To avoid pull-to-refresh, the user has to resort to finger gymnastics like a shorter swipe for scrolling up or swiping slightly up before down. Pull-to-refresh could even be triggered while pinch-zooming in or out near the top of a page, if the touchscreen does not recognize one of the two fingers.

Pull-to-refresh also interferes with the double-tap-swipe zoom gesture. If one of the two taps are not recognized, a swipe-down to zoom in can trigger a pull-to-refresh instead.

To argue "if you don't like pull-to-refresh, just don't use it" is like blaming a person who stepped on a mine, since the person moved and the mine was stationary.

A refresh button can be half a second away in the menu bar, URL bar, or a submenu, where it is unlikely to be pressed accidentally. There is no need for a gesture that does more harm than good.

Using a mobile app with pull-to-refresh feels like having Windows StickyKeys forcibly enabled at all times. The refresh circle animation sticks to the finger.

If the user actually wants to refresh, pull-to-refresh is slower than a refresh button in a menu if the page is not at the top, meaning pull-to-refresh is useless as a shortcut anyway if the page is in any other position than the top.

An alternative to pull-to-refresh is pull-for-details. Samsung did it in some of their apps. Pulling down against the top reveals additional information such as the count and total size of selected items.

If you own a website, add this CSS to make browsing your website on the pre-installed Android web browser not a headache:

html,body { overscroll-behavior: none; }

Why is this necessary? In 2019, Google took the ability to deactivate the pull-to-refresh gesture on their Chrome browser for Android OS away from users. On Chrome for Android, pull-to-refresh can only be disabled on the server side, not the user side. The avalanche of complaints? Neglected.

Good thing several third-party browsers let the user turn off this severe headache.

Issue or Error? Rant story time!

I was working on a windows desktop app, and everything was ok, you know, tests completed succesfully, all in time, etc. The problem was when we showed the demo to one of our clients. He saw several screens and we explained all the features to him.

Client: *Sees a Error pop-up indicating that a remote service is temporarly unavailable (what it has to happen in order to show him how the system would warn him when an external service is out of service)
Client: What’s that?
Lead dev: What do you mean?
Client: Yes. That’s an error pop-up
Lead dev: Yes, it’s a message that tells you that there was an issue connecting to the bank service
C: No, no and no. Please change it
L: Why? Don’t you want the system to tell you when there is a connection issue and why is that happening?
C: Yes, but my employees could lost their minds because of this class of messages!
L: So...?
C: You have to change it
L: Ok. What do you want to change?
C: First of all, don’t put an “Error” icon, put an “Warning” icon, and instead of “Error” title, put... “Issue”
L: “Issue?”
C: Yeah. Don’t put the “E” word, if the users see an “Error” message, they could think that the program doesn’t work, even if it does work.

We all though “WTF?!”

To make the story shorter, we changed all the pop-ups. That took two days.

Is that correct? I know that “Error” sounds hard but, seriously? “Issue: The remote service is not available, contact your bank?”

I have multiple (in no particular order) :

Nextcloud : It was an idea that I had in my head as well - to take on corporations like Google in the space of personal cloud. Be free, open-source and put the users in charge.

Gitlab : The most open and transparent company that I've ever come across. And they work 99% remote. They've got features that no other players in the space have. All while putting users in control.

Fediverse social media - Mastodon, GNU Social, Diaspora (soon) : For taking a major step in the direction of putting the users in control of their data; all while enabling a decentralized social network.

Ruby : An open community and building a programming language that runs a lot of software of the world.

Python : The oldest thriving community that has a special place in the development community (and my heart)

Javascript / ECMAScript : The scripting language that grew to be a beast of it's own.

Whelp. I started making a very simple website with a single-page design, which I intended to use for managing my own personal knowledge on a particular subject matter, with some basic categorization features and a simple rich text editor for entering data. Partly as an exercise in web development, and partly due to not being happy with existing options out there. All was going well...

...and then feature creep happened. Now I have implemented support for multiple users with different access levels; user profiles; encrypted login system (and encrypted cookies that contain no sensitive data lol) and session handling according to (perceived) best practices; secure password recovery; user-management interface for admins; public, private and group-based sections with multiple categories and posts in each category that can be sorted by sort order value or drag and drop; custom user-created groups where they can give other users access to their sections; notifications; context menus for everything; post & user flagging system, moderation queue and support system; post revisions with comparison between different revisions; support for mobile devices and touch/swipe gestures to open/close menus or navigate between posts; easily extendible css themes with two different dark themes and one ugly as heck light theme; lazy loading of images in posts that won't load until you actually open them; auto-saving of posts in case of browser crash or accidental navigation away from page; plus various other small stuff like syntax highlighting for code, internal post linking, favouriting of posts, free-text filter, no-javascript mode, invitation system, secure (yeah right) image uploading, post-locking...

On my TODO-list: Comment and/or upvote system, spoiler tag, GDPR compliance (if I ever launch it haha), data-limits, a simple user action log for admins/moderators, overall improved security measures, refactor various controllers, clean up the code...

It STILL uses a single-page design, and the amount of feature requests (and bugs) added to my Trello board increases exponentially with every passing week. No other living person has seen the website yet, and at the pace I'm going, humanity will have gone through at least one major extinction event before I consider it "done" enough to show anyone.

help

I have been keeping this inside for long time and I need to rant it somewhere and hear your opinion.

So I'm working as a Team Lead Developer at a small company remotely based in Netherlands, I've been working there for about 8 years now and I am the only developer left, so the company basically consists of me and the owner of the company which is also the project manager.

As my role title says I am responsible for many things, I maintain multiple environments:
- Maintain Web Version of the App
- Maintain A Cordova app for Android, iOS and Windows
- Working with pure JavaScript (ES5..) and CSS
- Development and maintenance of Cordova Plugins for the project in Java/Swift
- Trying to keep things stable while trying very hard to transit ancient code to new standards
- Testing, Testing, Testing
- Keeping App Stable without a single Testing Unit (sadly yes..)
- Just pure JavaScript no framework apart from JQuery and Bootstrap for which I strongly insist to be removed and its being slowly done.

On the backend side I maintain:
- A Symfony project
- MySQL
- RabbitMQ
- AWS
- FCM
- Stripe/In-App Purchases
- Other things I can't disclose

I can't disclose the nature of the app but the app is quite rich in features and complex its limited to certain regions only but so far we have around 100K monthly users on all platforms, it involves too much work especially because I am the only developer there so when I am implementing some feature on one side I also have to think about the other side so I need to constantly switch between different languages and environments when working, not to mention I have to maintain a very old code and the Project Owner doesn't want to transit to some more modern technologies as that would be expensive.

The last raise I had was 3 years ago, and so far he hasn't invested in anything to improve my development process, as an example we have an iOS version of the app in Cordova which of course involves building , testing, working on both frontend and native side and etc., and I am working in a somewhat slow virtual machine of Monterey with just 16 GB of RAM which consumed days of my free time just to get it working and when I'm running it I need to close other apps, keep in mind I am working there for about 8 years.

The last time I needed to reconfigure my work computer and setup the virtual machine it costed me 4 days of small unpaid holiday I had taken for Christmas, just because he doesn't have the enough money to provide me with a decent MacBook laptop. I do get that its not a large company, but still I am the only developer there its not like he needs to keep paying 10 Developers.

Also:
- I don't get paid vacation
- I don't have paid holiday
- I don't have paid sick days
- My Monthly salary is 2000 euro GROSS (before taxes) which hourly translates to 12 Euro per hour
- I have to pay taxes by myself
- Working remotely has its own expenses: food, heating, electricity, internet and etc.
- There are few other technical stuff I am responsible of which I can't disclose in this post.

I don't know if I'm overacting and asking a lot, but summarizing everything the only expense he has regarding me is the 2000 euro he sends me on which of course he doesn't need to pay taxes as I'm doing that in my country.

Apart from that just in case I spend my free time in keeping myself updated with other tech which I would say I fairly experienced with like: Flutter/Dart, ES6, NodeJS, Express, GraphQL, MongoDB, WebSockets, ReactJS, React Native just to name few, some I know better than the other and still I feel like I don't get what I deserve.

What do you think, do I ask a lot or should I start searching for other job?

Why is it that you guys are not seeing the big picture and reading between the fucken lines... why is it that people always have to run to legislation to fix their problems .... THIS IS WHY.. the other generation accomplished so much more because when there’s a problem they came up with a solution many times better than the status quo.
Those people are few and far between now.. those folks are the innovators. You know whom I’m referring to... those people didn’t whine to create laws to fix or protect their industry from competitors.
We need to stop looking toward our government to fix our issues... especially regarding this issue.. WHY because the people in government ARE NOT TECH PEOPLE!!! THEY DONT EVEN KNOW HOW COMPUTERS WORK! for Pete’s sake folks we had a lady in there who thought the term whip the server ment to literally clean it with a rag... come-on guys, do what they did years ago you don’t like something FIX IT.. by creating something new!
There’s a reason our grandparents generation made it to the fucken moon with less technology than a calculator, BECAUSE THEY PROBLEM SOLVED!
What have we achieved in the last 5 years that is really “big”... fucken apps

Unite together build the next internet learning from the issues we’ve seen with the internet over the last 30 years.. No it won’t be quick no it won’t be easy but nothing revolutionary is easy.
It took 6 years to land a man on the moon, I think we can rebuild the network infrastructure in that time OR FAR LESS if we unite together! Without the government interference we can eliminate the ISPs from the equation and screw them over for screwing us for so long

My group is has the solution, the vision and need, to get this done be we can’t do it alone I will make the official public statement within 24 hours of the vote results...
explaining everything, the plan, the work, EVERYTHING.
We need more people.
For reference the plan can be summarized like this.. nonprofit CoOp Tier 1 ISP.. members being the end users from both sides of the equation ...

TILL THEN
Contact me here,
Or SnapChat: theqsolution
Until I release all the contact info.

A couple of years ago, we decide to migrate our customer's data from one data center to another, this is the story of how it goes well.

The product was a Facebook canvas and mobile game with 200M users, that represent approximately 500Gibi of data to move stored in MySQL and Redis. The source was stored in Dallas, and the target was New York.

Because downtime is responsible for preventing users to spend their money on our "free" game, we decide to avoid it as much as possible.

In our MySQL main table (manually sharded 100 tables) , we had a modification TIMESTAMP column. We decide to use it to check if a user needs to be copied on the new database. The rest of the data consist of a savegame stored as gzipped JSON in a LONGBLOB column.

A program in Go has been developed to continuously track if a user's data needs to be copied again everytime progress has been made on its savegame. The process goes like this: First the JSON was unzipped to detect bot users with no progress that we simply drop, then data was exported in a custom binary file with fast compressed data to reduce the size of the file. Next, the exported file was copied using rsync to the new servers, and a second Go program do the import on the new MySQL instances.

The 1st loop takes 1 week to copy; the 2nd takes 1 day; a couple of hours for the 3rd, and so on. At the end, copying the latest versions of all the savegame takes roughly a couple of minutes.

On the Redis side, some data were cache that we knew can be dropped without impacting the user's experience. Others were big bunch of data and we simply SCAN each Redis instances and produces the same kind of custom binary files. The process was fast enough to launch it once during migration. It takes 15 minutes because we were able to parallelise across the 22 instances.

It takes 6 months of meticulous preparation. The D day, the process goes smoothly, but we shutdowns our service for one long hour because of a typo on a domain name.

Probably had my worst half-week ever this week.

Customer's CRM system, the read and edit masks just...stopped existing on last week friday. CRM fell back on some default masks for the dataset. No way to create new masks directly without putting the whole system upside down.
We couldn't do anything anyway because they reported the issue literally as we all were about to leave for weekend and our boss was like "Ah nah, well do it next week."
Our brains were already fried anyway...
I mail the reporter that we've registered their issue, will investigate and report back ASAP once we've got news.

Monday rolls around, I'm whacking my head against their system trying to figure the fuck out, what went wrong and how to solve it, I come up empty; Not that terrible since the masks only stopped existing in the webclient version of the system and they can still use the windows client, so they can still work.

Tuesday rolls around, I'm at an on site training for an ERP system with my boss at a remote company. Get an email in midst of the training, I was doing protocol.
Guy from the afflicted company goes and tells me that the issue has somehow spread to his colleague and him...IN THE WINDOWS CLIENT.

I'm fucking flabbergasted, so to speak, since the masks for the windows client and the web client are totally isolated from one another.
After we're back at our company, I investigate, less efficiently this time because my brain got fried at the training. I come up empty again.

NOW TODAY: Discuss further proceedings with my boss, he's not pissed at me or anything, just to say, but we're both worried, obviously.

Then at 10:20, a guy from the afflicted company mails me in an annoyed tone that the masks are still broken.

11:00, we figure out a workaround so the windows client users can at least work again, albeit limited.

11:10, I mail the guy, telling him that although we're still not able to fully work everything out and are still investigating, we've made a workaround so they can at least work again.

11:20, the guy mails me in a pissed tone around the lines of "This is very very important and must be fixed ASAP or else we'll not be able to work at all [...]"
And I think like "Dude I literally just told you like 8 minutes ago that there's are workaround so you'll be able to at least work again..."

Forward the mail to boss, we meet up quickly to discuss how in God's name we can deescalate this mfer.

11:31, the guy mails me again, all apologetically this time "Stop! All is good, I just now fully read you mail, thanks for implementing the workaround, nothing will come to a standstill [...]"

BRUH CAN YOU NOT FUCKING READ BEFORE ESCALATING SHIT

Fuck customers. Dumb fucking cretins unable to fucking read.

The issue is still unresolved. Support of the CRM software lets us sit on our collective asses and wait.

There is no such thing as stable software, it's a myth.

Every corporate software is like an ever-decaying semi-corpse of a brain dead patient slowly getting worse and worse but not fucking dying.

Rant over.

So I am a part of this volunteering initiative where one of our tasks is to assist people in distress (virtually).

Now this activity is led by two chipmunks. One claims to be a therapist who themselves is seeking professional therapy from someone else and the other is a corporate HR.

Well that information should be enough for you to understand how chaotic the situation would be.

But allow me to continue...

So they decide to go about an activity in the group where everyone has to share a meme. Some of the cringest memes I have seen in my life. One of them went to an extent of sharing a husband wife joke as a dark joke.

Next day, someone spammed in the group and one user sent a sticker of some character hanging from a rope. It was evidently a fun and sarcastic sticker which they all use.

But all of a sudden the chipmunks got offended and went on a delete spree warning and banning users.

Most of the time, the group is dead and another group where they plan shit is more active. Full of mindless opinions and worthless conversations.

All they are doing is spamming everyone and forcing people to participate in the name of volunteering.

What's more exciting is, they control it so rigidly that no one, except the two chipmunks, is allowed to even have an opinion or disagree with them. If you do, they'll belittle you in front of everyone.

Yes, you guessed it right, the entire initiative is a massive failure and being dragged in the name of hElPiNg pEoPlE iN dIsTrEsS

A few years ago I would whine, complain and rant about shitty software, which I knew could be so much better than it was. But I didn't yet write software of my own.

Now I complain about shitty libraries, API's and users. Not much has changed really. And every time I write code, I curse myself, and whoever made this trashpile I have to work with. I curse the user to the moon and beyond for using the program wrong. Funny thing is, exactly the thing I was complaining about (input validation, see earlier rant) is also exactly what no more than 5 minutes after release, a user fucked up with. The bot just does not respond at this point. But fuck these braindead retards for users.

In a few years I expect myself to be complaining about shitty compilers and buffer overflows, segmentation violations, bad coding style (don't make your program a fucking colander kthx), and so on.

Next decade I expect myself to be complaining about physics itself, and why the universe is governed by the laws it's governed by. Whoever this God is, he's a fucking retard. Funny thing is, the signs for it are already there. Electron theory! If only those electrons were positrons, then the math would check out properly. Instead of negative electrons traveling from negative to positive, we'd have positive positrons traveling from positive to negative. At least from what I understand so far, this is still a decade away after all.

The point I'm trying to make is that nothing changes, only my understanding of the world around me does, as I tumble further and further down the rabbit hole. Sometimes I wish I had taken the blue pill... Either complain about others' software or perhaps not give a shit at all. Become one of those filthy users I now despise.

A long long time ago ( 2007 I think ) I worked for a company that made landing sites, so basically an email campaign would go out, users would be sent to a 1 page website with a form to capture their data, ready to be spammed even more. You know how it was back then.

So I worked with a guy who we had just hired, I didn't do the hiring but his CV checked out, so I gave him one of my tasks. Now most pages were made with js and html, with a PHP backend ( called with Ajax). Now this guy didn't know PHP so I was like all good, ASP works too at the end of the day we don't judge, we do like 2 or 3 of these a day and never look at them again. So he goes of and does is thing.

3 weeks later, the customer calls up to me they still haven't received their landing page. Ok so he probably forgot to email the customer np, I tell him to double check he has emailed the customer. Another week goes by end the customer calls back, same problem. At this point I'm getting worried, because we're days away from the deadline and it was originally my task.

So I go back to the guy and I tell him I want that landing page so I can send it myself, half thinking to myself that we had a freeloader, that guy that comes in to companies for 3 weeks, doesn't work, but still cashes his pay. But no, this was much worse.

So he tells me he has finished yet. I ask him why, what's the blocker ? You had 4 weeks to tell me you were blocked and couldn't progress. And his answer was simply, because I wasn't blocked I have been working on it this whole time. So I tell him to zip his project up and email it to me. We didn't do SVN or git back then, simply wasn't worth it. So he comes back to me and says the email server is telling him attachments can't be bigger then 50mb. At this point I'm thinking he didn't properly sized the art or something, so I give him a flash drive to put it on.

When I then open the flash drive, the archive is 300mb, thinking to myself, the images weren't even that big to begin with.
So I open it up, and I don't even find any images, just a single asp page. About 500mb. When I opened that up and it finally loaded, I saw the most horrendous things ever.

The first 500 lines was just initializing empty vars. Then there was some code that created an empty form with an onChange event that submits the form. After that.. it was just non stop nested if's. No loops, no while, for, foreach, NO elseif's, just nested if's, for every possible combination of the state the form could be in. Abou 5000 of them, in a single file. To make matters worse, all the form ( and page ) layout was hardcoded in the if's. Includes inline css, base64 encoded images, nothing but as dynamic, based on the length of the form he changes the layout, added more background etc. He cut the images up for every possible size of the page and included them in the code.

I showed it to my boss, he fired the guy on the spot. I redid the work from scratch, in under 4 hours. Send it to the client. they had no ammends to make, happy as Larry. Whish I kept the code somewhere.

Morale of the story, allways do a coding test on interviews, even if small things just to sanity check.

A bit of an anecdote here:
The project I am working on at my internship has to function perfectly in IE11.
There are users using it on fucking IE6, but no one paid extra for IE6 support.
Meanwhile, Microsoft themselves doesn't support IE11 anymore.

Since my first post was a success, here's another shameless hack-- in this case, ripping a "closed" database I don't usually have access to and making a copy in MySQL for productivity purposes. That was at a former job as an IT guy at a hardware store, think Lowes/Rona.

We had an old SCO Unix server hosting Informix SQL (curious, anyone here touched iSQL?), which has terminal only forms for the users to handle data, and has keybindings that are strangely vi based (ESC does commit changes. Mindfsck for the users!). To add new price changes to our products, this results to a lengthy procedure inside a terminal form (with ascii borders!) with a few required fields, which makes this rather long. Sadly, only I and a colleague had access to price changes.

Introducing a manager who asks a price change for a brand- not a single product, but the whole product line of a brand we sell. Oh and, those price changes ends later after the weekend (twice the work, back at regular price!)

The usual process is that they send me a price change request Excel document with all the item codes along with the new prices. However, being non technical, those managers write EVERYTHING at hand, cell by cell (code, product name, cost, new price, etc), sometimes just copy pasted from a terminal window

So when the manager asked me to change all those prices, I thought "That's the last time I manually enter all of this sh!t- and so does he". Since I already have a MySQL copy of the items & actual (live) price tables, I wrote a PHP backend to provide a basic API to be consumed to a now VBA enhanced Excel sheet.

This VBA Excel sheet had additional options like calculating a new price based on user provided choices ("Lower price by x $ or x %, but stay above cost by x $ or x %"), so the user could simply write back to back every item codes and the VBA Excel sheet will fetch & display automatically all relevant infos, and calculate a new price if it's a 20% price cut for example.

So when the managers started using that VBA sheet, I had also hidden a button which simply generate all SQL inserts for the prices written in the form, including a "back to regular price" if the user specified an end date, etc.

No more manual form entry for me, no more keyboard pecking for the managers with new prices calculated for them. It was a win/win :)

These ignorant comments about arch are starting to get on my nerves.

You ranted or asked help about something exclusive to windows and someone pointed out they don't have that problem in arch and now you're annoyed?

Well maybe it's for good.

Next comes a very rough analogy, but imagine if someone posts "hey guys, I did a kg of coke and feeling bad, how do I detox?"

It takes one honest asshole to be like "well what if you didn't do coke?".

Replace the coke with windows.
Windows is a (mostly) closed source operating system owned by a for profit company with a very shady legal and ethical history.

What on earth could possibly go wrong?

Oh you get bsod's?
The system takes hours to update whenever the hell it wants, forces reboot and you can't stop it?
oh you got hacked because it has thousands of vulnerabilities?
wannacry on outdated windows versions paralyzed the uk health system?

oh no one can truly scrutinize it because it's closed source?

yet you wonder why people are assholes when you mention it? This thing is fucking cancer, it's hundreds of steps backwards in terms of human progress.

and one of the causes for its widespread usage are the savage marketing tactics they practiced early on. just google that shit up.

but no, linux users are assholes out to get you.

and how do people react to these honest comments? "let's make a meme out of it. let's deligitimize linux, linux users and devs are a bunch of neckbeards, end of story, watch this video of rms eating skin off his foot on a live conference"

short minded idiots.

I'm not gonna deny the challenges or limitations linux represents for the end user.

It does take time to learn how to use it properly.
Nvidia sometimes works like shit.
Tweaking is almost universally required.
A huge amount of games, or Adobe/Office/X products are not compatible.
The docs can be very obscure sometimes (I for one hate a couple of manpages)

But you get a system that:
* Boots way faster
* Is way more stable
* Is way way way more secure.
* Is accountable, as in, no chance to being forced to get exploited by some evil marketing shit.

In other words, you're fucking free.
You can even create your own version of the system, with total control of it, even profit with it.

I'm not sure the average end user cares about this, but this is a developer forum, so I think in all honesty every developer owes open source OS' (linux, freebsd, etc) major respect for being free and not being corporate horseshit.

Doctors have a hippocratic oath? Well maybe devs should have some form of oath too, some sworn commitment that they will try to improve society.

I do have some sympathy for the people that are forced to use windows, even though they know ideally isn't the ideal moral choice.
As in, their job forces it, or they don't have time or energy to learn an alternative.

At the very least, if you don't know what you're talking about, just stfu and read.

But I don't have one bit of sympathy for the rest.

I didn't even talk about arch itself.
Holy fucking shit, these people that think arch is too complicated.

What in the actual fuck.

I know what the problem is, the arch install instructions aren't copy paste commands.
Or they medium tutorial they found is outdated.

So yeah, the majority of the dev community is either too dumb or has very strong ADD to CAREFULLY and PATIENTLY read through the instructions.

I'll be honest, I wouldn't expect a freshman to follow the arch install guide and not get confused several times.
But this is an intermediate level (not megaexpert like some retards out there imply).

Yet arch is just too much. That's like saying "omg building a small airplane is sooooo complicated". Yeah well it's a fucking aerial vehicle. It's going to be a bit tough. But it's nowhere near as difficult as building a 747.

So because some devs are too dumb and talk shit, they just set the bar too low.

Or "if you try to learn how to build a plane you'll grow an aviator neckbeard". I'll grow a fucking beard if I want too.

I'm so thankful for arch because it has a great compromise between control and ease of install and use.

When I have a fresh install I only get *just* what I fucking need, no extra bullshit, no extra programs I know nothing about or need running on boot time, and that's how I boot way faster that ubuntu (which is way faster than windows already).

Configuring nvidia optimus was a major pain in the ass? Sure was, but I got it work the way I wanted to after some time.

Upgrading is also easy as pie, so really scratching my brain here trying to understand the real difficult of using arch.

First month of project we suggest that we test that Entity Framework has made reasonable DB queries because the system will need to handle a lot of records. “Not a priority in this sprint because we need features.” Devs try to get it into every sprint. The last week of the project they want us to dump in a ton of records so they can test it. The N+1 SELECT query issue is on main queries. It is so bad and slow with more records that a simple query causes the container management to auto scale the application on a single query. They can have max 8 users in the system at a time and it will take 10 seconds to do a simple page refresh.

They get on our case and we dredge up all of the correspondence where they completely ignored our advice. Fix it now! We need another sprint. Fix it free! No.

So recently I installed Windows 7 on my thiccpad to get Hyperdimension Neptunia to run (yes 50GB wasted just to run a game)... And boy did I love the experience.

ThinkPads are business hardware, remember that. And it's been booting Debian rock solid since.. pretty much forever. There are no hardware issues here. Just saying.

With that out of the way I flashed Windows 7 Ultimate on a USB stick and attempted to boot it... Oh yay, first hurdle to overcome. It can't boot in UEFI mode. Move on Debian, you too shall boot in BIOS mode now! But okay, whatever right. So I set it to BIOS mode and shuffled Debian's partitions around a bit to be left with 3 partitions where Windows could stick in one more.

Installed, it asks for activation. Now my ThinkPad comes with a Windows 7 Pro license key, so fuck it let's just use that and Windows will be able to disable the features that are only available for Ultimate users, right? How convenient would that be, to have one ISO for all the half a dozen editions that each Windows release has? And have the system just disable (or since we're in the installer anyway, not install them in the first place) features depending on what key you used? Haha no, this is Microsoft! Developers developers developers DEVELOPERS!!! Oh and Zune, if anyone remembers that clusterfuck. Crackhead Microsoft.

But okay whatever, no activation then and I'll just fetch Windows Loader from my webserver afterwards to keygen my way through. Too bad you didn't accept that key Microsoft! Wouldn't that have been nice.

So finally booted into the installed system now, and behold finally we find something nice! Apparently Windows 7 Enterprise and Ultimate offer a native NFS driver. That's awesome! That way I don't have to adjust my file server at all. Just some fuckery with registry keys to get the UID and GID correct, but I'll forgive it for that. It's not exactly "native" to Windows after all. The fact that it even has a built-in driver for it is something I found pretty neat already.

Fast-forward a few hours and it's time to Re Boot.. drivers from Lenovo that required reboots and whatnot. Fire the system back up, and low and behold the network drive doesn't mount anymore. I've read that this is apparently due to Windows (not always but often) mounting the network drive before the network comes up. Absolutely brilliant! Move out shitstaind, have you seen this beauty of an init Mr. Poet?

But fuck it we can mount that manually after every single boot.. you know, convenient like that. C O P E.

With it now manually mounted, let's watch a movie! I've recently seen Pyro's review on The Platform and I absolutely loved it. The movie itself is quite good too. Open the directory on my file server and.. oh. Windows.. you just put db.thumb on it and db.thumb:encryptable. I shit you not, with the colon and everything. I thought that file names couldn't contain colons Windows! I thought that was illegal in NTFS. Why you doing this in NFS mate? And "encryptable", am I already infected with ransomware??? If it wasn't for the fact that that could also be disabled with something as easy as a registry key, I would've thought I contracted ransomware!

Oh and sound to go with that video, let's pair up some Bluetooth headphones with that Bluetooth driver I installed earlier! Except.. haha nope. Apparently you don't get that either.

Right so let's just navigate the system in its Aero glory... Gonna need to flick the mouse for that. Except it's excruciatingly slow, even the fastest speed is slower than what I'm used to on Linux.. and it's jerky as hell (Linux doesn't have any of that at higher speed). But hey it can compensate for that! Except that slows down the mouse even more. And occasionally the mouse driver gets fucked up too. Wanna scroll on Telegram messages in a chat where you're admin? Well fuck you mate, let me select all these messages for you and auto scroll at supersonic speeds! And God forbid that you press delete with that admin access of yours. Oh maybe I'll do it for you, helpful OS I am!

And the most saddening part of it all? I'd argue that Windows 7 is the best operating system that Microsoft ever released. Yeah. That's the best they could come up with. But at least it plays le games!

I'm currently working on a feature that no one likes. Everyone knows that it will be removed soon because the users won't understand it, but it still has to be implemented due to client-side Management madness.

Good thing: the contract with this client expires in 3 weeks :)

Android Studio has been the bane of my life for at least the last decade. I hate it beyond description and have given up hope that it will ever improve.

I suffer more than most with it because I am cursed to use C++ on a daily basis, and it has long been obvious that the Google people absolutely do not give a fuck about C++ users.

I get that C++ is niche, a drop in the ocean of Java/Kotlin-centric users, but for the love of god could you Google people at least stop making it worse?

Code navigation is insanely slow. Entire minutes for it to find the right header file to open. "Find usages..." oh my god oh my god oh my god just fucking kill me now. There is no excuse for software ever being this slow.

And thats just doing basic source editing. The build system - cmake and ndkbuild - also defy adequate description. The gradle plugins are constantly going out of date and are often incompatible with whatever gradle version you have. You get no help at all when editing a gradle build file and good luck finding the right documentation.

It's all a giant stinking mess and I wish the whole damn thing would be dragged outside and shot.

love helping users that can describe their problem and then we have the "other" side of users, the life sucking golems of collective stupidity.

You get "software does not work!" and asks for error message or description of what doesn't work and get same response "it does not work".

After a few rounds in the "what is wrong support circle" it ends with user has changed PC to one were the software is not installed...

"it does not work" no effing shit sherlock you want me to install some IQ with it?

I knew this might be an issue, but really Linux just sucks balls. It may not be Linux's fault, but the user experience could be a fuck ton better.

Spent 1.5 hours trying to get mint installed on second drive. It works fine if you don't want to do anything with it.

As you can probably surmise I died on getting the gpu driver installed. Just starts to a black screen. No amount of juggling is helping. It just refuses to show the screen with an nvidia driver installed. What is worse is that settings that might help are not set. Like nomodeset in grub. If you know some drivers fuck up the grub interface then add nomodeset and not leave it up to the user to "figure this shit out". Because users are tired of figuring this shit out.

Really really fucking disappointed. I thought to myself: lets install steam and see how it does. The reality: fucking stuck for 1.5 hours on trying to boot into x with graphics acceleration and failing.

Many of you hate on windows, but one thing it has going for it. It doesn't do fucked up shit like this. It has failsafes that try and account for this.

Fuck you linux. You need to fucking grow up and stop relying on users to fix every damn thing in the command line. Go back to server where you belong.

I know I will get the "I told you so" messages, but guess what? The computer I got doesn't come preinstalled with windows. You have to pay to get it. At this point windows is the only fucking viable solution to make my shit work.

Nvidia, go die in a fire bitch. Fix your fucking Linux support you worthless shit heads.

This has been a rant brought to you by "the pain of others". I hope you enjoyed the experience.

PS, I love you all. Even the "I told you so" bitches.

I work as pharmacist, but code as hobby and recently change job. Have far more options to improve work enviroment, but IT guy sucks balls so much.

Better no password, because you have to remember them.

Some users don't have privilages to do some things, but everyone knows boss password with all privilages.

It guys connects via teamviewet whn I check prescriptions with quite vulnerable data and after my step in he responds that he creates this Pharmacy store and has deal with boss to access database and others.

Due lack of controls there is working against law all the time

Small city so everyone knows everyone and you have to be ultra polite to doctors and after my little unpleasent situation doctor starts to be mad at all employers.

It guy was asked to change disc space on OS drive, but he replies that it will takie at least 2 hours and he doesn't have time, but it takes me 15min top and he was mad at me.

Ffffff....

!!!rant

Most exited I've been about some code? Probably for some random "build a twitter clone with Rails" tutorial I found online.

I've been working on my CS degree for a while (theoretical CS) but I really wanted to mess with something a bit more practical. I had almost none web dev experience, since I've been programming mostly OS-related stuff till then (C). I started looking around, trying to find a stack that's easy to learn since my time was limited- I still had to finish with my degree.

I played around with many languages and frameworks for a week or two. Decided to go with Ruby/Rails and built a small twitter clone blindly following a tutorial I found online and WAS I FUCKING EXITED for my small but handmade twitter clone had come to life. Coming from a C background, Ruby was weird and felt like a toy language but I fell in love.

My excitement didn't fade. I bought some books, studied hard for about a month, learned Ruby, Rails, JavaScript, SQL (w/ pg) and some HTML/CSS. Only playing with todo apps wasn't fun. I had a project idea I believed might be somewhat successful so I started working on it.

The next few months were spent studying and working on my project. It was hard. I had no experience on any web dev technology so I had learn so many new things all at once. Picked up React, ditched it and rewrote the front end with Vue. Read about TDD, worked with PostgreSQL, Redis and a dozen third party APIs, bought a vps and deployed everything from scratch. Played it with node and some machine learning with python.

Long story short, one year and about 30 books later, my project is up and running, has about 4k active monthly users, is making a profit and is steadily growing. If everything goes well, next week I'll close a deal with a pretty big client and I CANT BE FKING HAPPIER AND MORE EXCITED :D Towards the end of the month I'll also be interviewed for a web dev position.

That stupid twitter clone tutorial made me excited enough to start messing with web technologies. Thank you stupid twitter clone tutorial, a part of my heart will be yours forever.

I think the fact that even Apple can't unlock your phone if you forget your passcode proves that they use very naive encryption method.

Suppose my data is "Hey This is Some Data" and Passcode is 1234, I could just Jumble this data using that passcode and It will be difficult to decrypt without Passcode. And If data is huge, it will be fairly impossible to do so. But that doesn't make it a good encryption method.

Such encryption, though safe is not practical, Imagine if there was no "Forget Password" Option on any account, I usually forgot my password very often when I was a child.

Apple has been doing such things for years, Using Bad things as a selling point. Apple users are dumb anyways because they don't want to control their phone.

Reset Password is a weak point which might be exploited but in such cases, usability is more important than security. Any service which doesn't allow resetting Password is a shitty service and I would never use such a service, They are too naive.

I really don't understand this particular Government Department's IT Unit. They have a system and network to maintain except:

- They don't have a DBA
- They don't have a dedicated Network Engineer or Security Staff
- Zero documentation on all of the systems that they are taking care of (its all in each assigned particular staff's brain they said)
- Unsure and untested way of restoring a backup into a system
- Server passwords are too simple and only one person was holding this whole time and its to an Administrator account. No individual user account.
- System was developed by an in-house developer who is now retired and left very little documentation on its usage but nothing on how its setup.

But, the system has been up and operational for the past 20 years and no major issues whatsoever with the users using it. I mean its a super simple system setup from the looks of it.

1 App Server connected to 1 DB Server, to serve 20-30 users. But it contains millions of records (2GB worth of data dump). I'm trying to swing to them to get me on a part time work to fix these gaps.

God save them for another 20 years.

Multi User, One Account, and other shit

I'm gonna rant about something as a user, and someone who makes stupid web stuff.

My bank has been updating their web banking over time and they decided that every individual on an account, should have their own login. They really want to push this on their users, I suspect specifically folks like me and my wife who share one login for the joint accounts we have at the bank together.

Why share one login, because it's the only sure fire way I know that I and my wife can see all the same shit no doubt about it.

The banks never tell you what you can see or can't with joint accounts, I doubt it is even documented on their end, but in every damn case something is hidden or different in some weird way.

Messages to the bank people? If I send it, my wife often can't. I get that for security reasons that's a thing, but it makes no sense for a joint account.

ANY difference to me breaks online banking ENTIRELY. Joint accounts are supposed to be... well one account that is the same.

Other banks we used where we had different logins for the joint account, each login actually had separate bill pay accounts per user. So if I went to bill pay and scheduled something to be paid, my wife had no idea, same if she did.

Right fucking there, banking is just broken entirely!

So no Mr. Bank, fuck you we're both logging in via the same login.

Fast forward to N00bPancakes making a thing.

So my employer has a customer (Direct Customer). Direct Customer wants a thing that makes communication with their customer (Indirect Customer) easier.

The worst thing about making something for your customer's customer is that Direct Customer always imagines that Indirect Customer is gonna be super ninja power users....

But no, that's not the case... in fact almost nobody is a power user, and absolutely nobody WANTS to be a power users.

Worse yet in my case the only reason this tool exists is because Direct Customer and Indirect Customer can't communicate well enough anyway... that should tell you something about the amount of effort Indirect Customer is willing to expend.

So with that tool, this situation constantly comes up:

Direct Customer thinks it would be great if every user from Indirect Company had some sort of custom messaging, views, and etc in of Cool Communication Tool. The reason is because that's what Direct Customer loves about Ultra Complex Primary Tool that they use ....

Then I have to fight the constant fight of:

NOBODY WANTS TO BE A POWER USER, NOBODY EVEN WANTS TO DO MUCH OF ANYTHING ON THE INTERNET THAT ISN'T SCREAMING AT OTHER PEOPLE OR POST MEMES OR WATCH SHITTY VIDEOS. THE MOMENT ANYONE AT INDIRECT COMPANY LOGS IN AND SEES ANY INFO THAT IS DIFFERENT FROM THEIR COWORKER THEY'LL SHIT THEMSELVES, FLOOD EVERYONE WITH 'OH GAWD SOME NON SPECIFIED THING IS WRONG' AND RESPOND TO EMAILS LIKE A JELLYFISH DROPPED OFF IN NEW MEXICO... AND NOTHING WILL GET DONE!!!

God damn it people.

Also side rant while I'm busy fighting the good fight to keep shit simple and etc:

People bitch about how horrible the modern web is and then bitch at web devs like we're rulers of the internet or something.... What really pisses me off about that is other devs who do that.... like bro, do you make policy at your company? You decide not to sell some info or whatever shit your company sells? Like fuck off with your 'man I miss html' because you got scared by some shitty JS error and ran back to your language of choice and just poked your head out of the the basement and got scared... and you shit on another developer about that? Fuck you.