Changing numbers on CSS randomly until it works.

Aka, using magic numbers

When someone really really doesn't like "magic numbers" in their code.

I noticed that I frequently notice patterns in my ++ count
I may have a slight obsession with numbers. There are too many screenshots with numbers in my gallery
This is also kind of an evolution of my avatar and my ++ count

On the 18th October 2021 I had to hastily write some magic numbers into our code.
I added a comment saying "TODO: add a damn enum to make this selection clear"

Today, I refactored this module... and I used a damn enum.

Good things happen – have a nice weekend yall

This codebase reminds me of a large, rotting, barely-alive dromedary. Parts of it function quite well, but large swaths of it are necrotic, foul-smelling, and even rotted away. Were it healthy, it would still exude a terrible stench, and its temperament would easily match: If you managed to get near enough, it would spit and try to bite you.

Swaths of code are commented out -- entire classes simply don't exist anymore, and the ghosts of several-year-old methods still linger. Despite this, large and deprecated (yet uncommented) sections of the application depend on those undefined classes/methods. Navigating the codebase is akin to walking through a minefield: if you reference the wrong method on the wrong object... fatal exception. And being very new to this project, I have no idea what's live and what isn't.

The naming scheme doesn't help, either: it's impossible to know what's still functional without asking because nothing's marked. Instead, I've been working backwards from multiple points to try to find code paths between objects/events. I'm rarely successful.

Not only can I not tell what's live code and what's interactive death, the code itself is messy and awful. Don't get me wrong: it's solid. There's virtually no way to break it. But trying to understand it ... I feel like I'm looking at a huge, sprawling MC Escher landscape through a microscope. (No exaggeration: a magnifying glass would show a larger view that included paradoxes / dubious structures, and these are not readily apparent to me.)

It's also rife with bad practices. Terrible naming choices consisting of arbitrarily-placed acronyms, bad word choices, and simply inconsistent naming (hash vs hsh vs hs vs h). The indentation is a mix of spaces and tabs. There's magic numbers galore, and variable re-use -- not just local scope, but public methods on objects as well. I've also seen countless assignments within conditionals, and these are apparently intentional! The reasoning: to ensure the code only runs with non-falsey values. While that would indeed work, an early return/next is much clearer, and reduces indentation. It's just. reading through this makes me cringe or literally throw my hands up in frustration and exasperation.

Honestly though, I know why the code is so terrible, and I understand:

The architect/sole dev was new to coding -- I have 5-7 times his current experience -- and the project scope expanded significantly and extremely quickly, and also broke all of its foundation rules. Non-developers also dictated architecture, creating further mess. It's the stuff of nightmares. Looking at what he was able to accomplish, though, I'm impressed. Horrified at the details, but impressed with the whole.

This project is the epitome of "I wrote it quickly and just made it work."

Fortunately, he and I both agree that a rewrite is in order. but at 76k lines (without styling or configuration), it's quite the undertaking.

------

Amusing: after running the codebase through `wc`, it apparently sums to half the word count of "War and Peace"

ARGH. I wrote a long rant containing a bunch of gems from the codebase at @work, and lost it.

I'll summarize the few I remember.

First, the cliche:
if (x == true) { return true; } else { return false; };
Seriously written (more than once) by the "legendary" devs themselves.

Then, lots of typos in constants (and methods, and comments, and ...) like:
SMD_AGENT_SHCEDULE_XYZ = '5-year-old-typo'

and gems like:

def hot_garbage
magic = [nil, '']
magic = [0, nil] if something_something
success = other_method_that_returns_nothing(magic)
if success == true
return true # signal success
end
end

^ That one is from our glorious self-proclaimed leader / "engineering director" / the junior dev thundercunt on a power trip. Good stuff.

Next up are a few of my personal favorites:

Report.run_every 4.hours # Every 6 hours
Daemon.run_at_hour 6 # Daily at 8am

LANG_ENGLISH = :en
LANG_SPANISH = :sp # because fuck standards, right?

And for design decisions...

The code was supposed to support multiple currencies, but just disregards them and sets a hardcoded 'usd' instead -- and the system stores that string on literally hundreds of millions of records, often multiple times too (e.g. for payment, display fees, etc). and! AND! IT'S ALWAYS A FUCKING VARCHAR(255)! So a single payment record uses 768 bytes to store 'usd' 'usd' 'usd'

I'd mention the design decisions that led to the 35 second minimum pay API response time (often 55 sec), but i don't remember the details well enough.

Also:
The senior devs can get pretty much anything through code review. So can the dev accountants. and ... well, pretty much everyone else. Seriously, i have absolutely no idea how all of this shit managed to get published.

But speaking of code reviews: Some security holes are allowed through because (and i quote) "they already exist elsewhere in the codebase." You can't make this up.

Oh, and another!
In a feature that merges two user objects and all their data, there's a method to generate a unique ID. It concatenates 12 random numbers (one at a time, ofc) then checks the database to see if that id already exists. It tries this 20 times, and uses the first unique one... or falls through and uses its last attempt. This ofc leads to collisions, and those collisions are messy and require a db rollback to fix. gg. This was written by the "legendary" dev himself, replete with his signature single-letter variable names. I brought it up and he laughed it off, saying the collisions have been rare enough it doesn't really matter so he won't fix it.

Yep, it's garbage all the way down.

I could bitch about XSLT again, as that was certainly painful, but that’s less about learning a skill and more about understanding someone else’s mental diarrhea, so let me pick something else.

My most painful learning experience was probably pointers, but not pointers in the usual sense of `char *ptr` in C and how they’re totally confusing at first. I mean, it was that too, but in addition it was how I had absolutely none of the background needed to understand them, not having any learning material (nor guidance), nor even a typical compiler to tell me what i was doing wrong — and on top of all of that, only being able to run code on a device that would crash/halt/freak out whenever i made a mistake. It was an absolute nightmare.

Here’s the story:

Someone gave me the game RACE for my TI-83 calculator, but it turned out to be an unlocked version, which means I could edit it and see the code. I discovered this later on by accident while trying to play it during class, and when I looked at it, all I saw was incomprehensible garbage. I closed it, and the game no longer worked. Looking back I must have changed something, but then I thought it was just magic. It took me a long time to get curious enough to look at it again.

But in the meantime, I ended up played with these “programs” a little, and made some really simple ones, and later some somewhat complex ones. So the next time I opened RACE again I kind of understood what it was doing.

Moving on, I spent a year learning TI-Basic, and eventually reached the limit of what it could do. Along the way, I learned that all of the really amazing games/utilities that were incredibly fast, had greyscale graphics, lowercase text, no runtime indicator, etc. were written in “Assembly,” so naturally I wanted to use that, too.

I had no idea what it was, but it was the obvious next step for me, so I started teaching myself. It was z80 Assembly, and there was practically no documents, resources, nothing helpful online.

I found the specs, and a few terrible docs and other sources, but with only one year of programming experience, I didn’t really understand what they were telling me. This was before stackoverflow, etc., too, so what little help I found was mostly from forum posts, IRC (mostly got ignored or made fun of), and reading other people’s source when I could find it. And usually that was less than clear.

And here’s where we dive into the specifics. Starting with so little experience, and in TI-Basic of all things, meant I had zero understanding of pointers, memory and addresses, the stack, heap, data structures, interrupts, clocks, etc. I had mastered everything TI-Basic offered, which astoundingly included arrays and matrices (six of each), but it hid everything else except basic logic and flow control. (No, there weren’t even functions; it has labels and goto.) It has 27 numeric variables (A-Z and theta, can store either float or complex numbers), 8 Lists (numeric arrays), 6 matricies (2d numeric arrays), 10 strings, and a few other things like “equations” and literal bitmap pictures.

Soo… I went from knowing only that to learning pointers. And pointer math. And data structures. And pointers to pointers, and the stack, and function calls, and all that goodness. And remember, I was learning and writing all of this in plain Assembly, in notepad (or on paper at school), not in C or C++ with a teacher, a textbook, SO, and an intelligent compiler with its incredibly helpful type checking and warnings. Just raw trial and error. I learned what I could from whatever cryptic sources I could find (and understand) online, and applied it.

But actually using what I learned? If a pointer was wrong, it resulted in unexpected behavior, memory corruption, freezes, etc. I didn’t have a debugger, an emulator, etc. I had notepad, the barebones compiler, and my calculator.

Also, iterating meant changing my code, recompiling, factory resetting my calculator (removing the battery for 30+ sec) because bugs usually froze it or corrupted something, then transferring the new program over, and finally running it. It was soo slowwwww. But I made steady progress.

Painful learning experience? Check.
Pointer hell? Absolutely.

A dev team has been spending the past couple of weeks working on a 'generic rule engine' to validate a marketing process. The “Buy 5, get 10% off” kind of promotions.

The UI has all the great bits, drop-downs, various data lookups, etc etc..

What the dev is storing the database is the actual string representation FieldA=“Buy 5, get 10% off” that is “built” from the UI.

Might be OK, but now they want to apply that string to an actual order. Extract ‘5’, the word ‘Buy’ to apply to the purchase quantity rule, ‘10%’ and the word ‘off’ to subtract from the total.

Dev asked me:

Dev: “How can I use reflection to parse the string and determine what are integers, decimals, and percents?”
Me: “That sounds complicated. Why would you do that?”
Dev: “It’s only a string. Parsing it was easy. First we need to know how to extract numbers and be able to compare them.”
Me: “I’ve seen the data structures, wouldn’t it be easier to serialize the objects to JSON and store the string in the database? When you deserialize, you won’t have to parse or do any kind of reflection. You should try to keep the rule behavior as simple as possible. Developing your own tokenizer that relies on reflection and hoping the UI doesn’t change isn’t going to be reliable.”
Dev: “Tokens!...yea…tokens…that’s what we want. I’ll come up with a tokenizing algorithm that can utilize recursion and reflection to extract all the comparable data structures.”
Me: “Wow…uh…no, don’t do that. The UI already has to map the data, just make it easy on yourself and serialize that object. It’s like one line of code to serialize and deserialize.”
Dev: “I don’t know…sounds like magic. Using tokens seems like the more straightforward O-O approach. Thanks anyway.”

I probably getting too old to keep up with these kids, I have no idea what the frack he was talking about. Not sure if they are too smart or I’m too stupid/lazy. Either way, I keeping my name as far away from that project as possible.

I hate buying new laptops. HATE IT. The manufacturers are always trying to do something that makes it more complicated to buy a laptop confidently.

Why not name all of the laptops with numbers? Make them really hard to differentiate. Then offer the same model number across multiple years so it is difficult to determine which year the laptop is from.

Oh. And let’s make sure every laptop has a major flaw in the form factor.

Let’a add a numpad that squishes the keyboard to the left in a weird way. Lets do something to the trackpad to make it awkward to use. Maybe the keyboard should have a weird configuration. Maybe we can put 4 spare characters of various colours on the symbol key caps. How about a battery only lasts a few hours. May we add specialized hardware so you are stuck with windows. Maybe we can make it super thick and heavy. Lets have a screen with terrible viewing angles. Since this laptop has no major flaws we should overprice it. No repairs or upgrades on this one because we filled the computer with glue. Lets double the amount of useless media keys.

It is like manufacturers are trying to design laptops like RPG game character classes. The fighter has no magic or stealth. The magician is weak and gets fatigued. The rogue is very stealthy but has poor defence and attack. The cleric can use magic but only to heal so it is useless in battle. The ranger is good at distance but has poor defence and no magic.

The only notebooks sold that are trying to make balanced character classes are MacBooks. Those cost a premium and aren’t reparable.

is it just me, or do some people just make life difficult for the fucking sake of making life difficult?

now, lets ignore the lack of sanitised data, lets also ignore the lack of prepared statements, and for the love of god... lets ignore some magic numbers, because I still don't know what they mean yet....

but why! why would you create an array, implode it, smash it into a database query on the fucking fly, instead of just adding the data into the query in the first place.... it's not like you were doing this right to begin with, but this... this is next level!

Rant!

Been working on 'MVP' features of a new product for the past 14 months. Customer has no f**king clue on how to design for performance. An uncomfortable amount of faith was placed on the ORM (ORMs are not bad as long as you know what you are doing) and the magic that the current framework provides. (Again, magic is good so long as you understand what happens behind the smoke and mirrors - but f**k all that... coz hey, productivity, right?). Customer was so focussed on features that no one ever thought of giving any attention to subtler things like 'hey, my transaction is doing a gazillion joins across trizillion tables while making a million calls to the db - maybe I should put more f**king thought into my design.' We foresaw performance and concurrency issues and raised them way ahead of the release. How did the customer respond? By hiring a performance tester. Fair enough - but what did that translate into? Nothing. Nada. Zilch. Hiring a perf tester doesn't automagically fix issues. The perf tester did not have a stable environment, a stable build or anything that is required to do a test with meaningful results. As the release date approached, the customer launched a pilot and things started failing spectacularly with the system not able to support more than 15 concurrent users. WTF! (My 'I told you so' moment) Emails started flying in all directions and the hunt for the scapegoat was on (I'm a sucker for CYA so I was covered). People started pointing in all directions but no one bothered to take a step back and understand what was causing the issues. Numero uno reason for transaction failure was deadlocks. We were using a proprietary DB with kickass tooling. No one bothered to use the tooling to understand what was the resource in contention let alone how to fix the contention. Absolute panic - its like they just froze. Debugging shit and doing the same thing again and again just so that management knew they were upto something. Most of the indexes had a fragmentation of 99.8% - I shit you not. Anywho, we now have a 'war room' where the perf tester needs to script the entire project by tonight and come up with some numbers that will amount to nothing while we stay up and keep profiling the shit out of the application under load.

Lessons learnt - When you foresee a problem make a LOT of noise to get people to act upon it and not wait till it comes back and bites you in the ass. Better yet, try not to get into a team where people can't understand the implications of shitty design choices. War room my ass!

Dude... have you ever heard about... enums? They were invented so that you don’t have to explain magic numbers.

3 hours...

3 damn hours for 200 lines of bash code.

Exorcism, Magic I don't care.... But please make a special person never touching bash programming again.

I ripped my hairs out. Really.

Till I realized someone wrote functions with _logical_ return true codes as numbers.

0 - as logical false, for failure
1 - as logical true, for success

Leading my brain into a severe segfault fun.

Why... Oh why.

Second fun part as I corrected that...

Someone wasn't fond of exit codes at all.

Script is now 86 % rewritten....

God damn it, if you don't like a languages fine.

But inverting core logic should give a free trip to the electrical chair.

!dev

i made some dice for displaying health, when playing Magic the Gathering.
They're not exactly fair, but you also don't roll them. I ordered the numbers in a way, so whenever you loose or gain health, you don't need to look for the next/previous number, since it's always nearby.

They're made using a resin printer and painted with oil based lacquer.

Jumping back and revisiting some basics of game development that I've ignored for a while and decided to follow a tutorial for building a 2D minecraft clone just to see how easy it is to incorporate some of my engines capabilities...

Every single fucking function he is creating does not have arguments and instead uses hard coded numbers repeated throughout... Fucking send help

*laughing maniacally*

Okidoky you lil fucker where you've been hiding...

*streaming tcpdump via SSH to other box, feeding tshark with input filters*

Finally finding a request with an ominous dissector warning about headers...

Not finding anything with silversearcher / ag in the project...

*getting even more pissed causr I've been looking for lil fucker since 2 days*

*generating possible splits of the header name, piping to silversearcher*

*I/O looks like clusterfuck*

Common, it are just dozen gigabytes of text, don't choke just because you have to suck on all the sucking projects this company owns... Don't drown now, lil bukkake princess.

*half an hour later*

Oh... Interesting. Bukkake princess survived and even spilled the tea.

Someone was trying to be overly "eager" to avoid magic numbers...

They concatenated a header name out of several const vars which stem from a static class with like... 300? 400? vars of which I can make no fucking sense at all.

Class literally looks like the most braindamaged thing one could imagine.

And yes... Coming back to the network error I'm debugging since 2 days as it is occuring at erratic intervals and noone knew of course why...

One of the devs changed the const value of one of the variables to have UTF 8 characters. For "cleaner meaning".

Sometimes I just want to electrocute people ...

The reason this didn't pop up all the time was because the test system triggered one call with the header - whenever said dev pushed changes...

And yeah. Test failures can be ignored.
Why bother? Just continue meddling in shit.

I'm glad for the dev that I'm in home office... :@

TLDR: Dev changed const value without thinking, ignoring test failures and I had the fun of debunking for 2 days a mysterious HAProxy failure due to HTTP header validation...

CSS! after days thinking about this and using chrome dev tools to find the magic numbers ( thank arrow keys) i finally made this thing responsive. The magic is in 53px. Thanks to javascript i also did what seemed almost impossible for me in CSS. Phew!!!

Of course I use magic numbers, but at least I explain them in a comment!

Eg:
// 1 is this one

Allright, so now I have to extend a brand new application, released to LIVE just weeks ago by devs at out client's company. This application is advertised as very well structured, easy to work on, µservices-based masterpiece.

Well either I lack a loooot of xp to understand the "µservices", "easy to work on" and "well structured" parts in this app or I'm really underpaid to deal with all of this...

- part of business logic is implemented in controllers. Good luck reusing it w/o bringing up all the mappings...
- magic numbers every-fucking-where... I tried adding some constants to make it at least a tiny bit more configurable... I was yelled at by the lead dev of the app for this later.
- crud-only subservices (wrapped by facade-like services, but still.. CRUD (sub)services? Then what's a repository for...?). As a result devs didn't have a place where they could write business logic. So business logic is now in: controllers (also responsible for mapping), helpers (also application layer; used by controllers; using services).
- no transactions wrapping several actions, like removing item from CURRENT table first and then recreating it in HISTORY table. No rollback/recovery mechanism in service layers if things go South.
- no clean-code. One can easily find lines (streams) 400+ cols long.
- no encapsulation. Object fields are accessed directly
- Controllers, once get result from Services (i.e. Facade), must have a tree of: if (result instanceof SomeService.SomeSubservice1.Item1) {...} else if (result instanceof SomeService.SomeSubservice2.Item4) {...} etc. to build a proper DTO. IMO this is not a way to make abstraction - application should NOT know services' internals.
- µservices use different tables (hats off for this one!) but their records must have the same IDs. E.g. if I order a burger and coke - there are 2 order items in my order #442. When I make a payment I create an invoice which must have an id #442. And I'm talking about data layer, not service or application (dto)! Shouldn't µservices be loosely coupled and be able to serve independently...? What happens if I reuse InvoiceµService in some other app?

What are your thoughts?

I shall delay your PR with my giant egotistical scrotum by:

- Use less words for your function name

- Use this obscure pattern you have not learnt in your outdated compsci degree

- Each loop should get their own function

- Your function has too many parameters

- You must name every instance of magic numbers / strings

- Here, have another obscure test case to write

This internal api is killing me. Why the fuck do people return an array of numbers inside a field that has a generic name such as `icons` to convey information such as "hasOptionFooIncluded". Because of course then icons contains '6'. Yet if both 6 and 4 are in there, it means something else. Needless to say there is no documentation whatsoever what each number or group of numbers actually means so I have to ask around to find out what numbers means what in order to wrap that call away into something maintainable. Because the API is deprecated and we don't want to fix shit in there. We just create other shit depending on this crappile. :/

Stop using magic numbers. Just stawp it!

What do you think are the most common magic numbers? I think it's something like 1440 or 86400

Now I know why no one uses the google cloud. Making TTS and STT working costed me the whole night. Gemini was easy tho. But fuck google, you costed me a lot of energy. You guys are crazy. Now my api connects in a magic way i don't even understand with the gcloud cli app. The rest of my application is totally rest, don't use much of the google library.

I implemented google TTS and STT into ChatGPT. I use for somethings google because it's cheaper. It works using a JBL Go! speaker. I can just turn it on and start chatting with it. I implemented google search and gave it a memory. It can remember numbers for me. It accepts dutch and english. I can say 'google' and google is the main action. It will fetch results from google and uses gpt to summary the results. It works perfect! BUT FUCKING AI. I want to know the color of the hair from Mona Lisa. Not freaking Ona Isa! I send it literally correct. The speechtotext works great. But fucking API with it's reading. Pathethic. How far is AI? Barely usable as home assistant. So far - besides auto completion and giving code snippets / concepts AI is freaking useless. You need more patience for AI than a kid.

I hope the inventor of oauth2 dies alone. He should.

Another terrible rant from the inhereted Hydra source code. So deep in the dark dungeon of that code I noticed something interesting. They declare this INT32 array with an incredibly long (like 200 values) list of hard coded magic numbers. Something along the lines of:

INT32 array[200] = {-1,0,1,21,4,7,19,33...};

However, the resulting output was incorrect. After spending a fort night and a good chunk of my remaining sanity I had overcone the 437 levels of indirection left by the previous programmers, and narrowed it down to this line. But it looked perfectly fine.

I pull up the diffs and notice someone had checked in a change to the source. I track it to this line and find what the original data had been.

INT32 array[200] = {-1,0,1,2l,4,7,19,33...};

In VS the default font shows l and 1 as fucking identical. Someone had accidentally made that change to 21 from the original 2l and checked it in. I mean I can't really blame them. Who the fucking hell inatantiates a fucking int32 array and peppers in a fucking 2l (long) for no fucking reason?!

WTF?
Just found this code:
"It is assumed that all 'static final String'-Attributes of this class are a key in the property file (which is validated by reflection)."

SO REFACTORING YOUR FUCKING MAGIC NUMBERS WITH A MEANINGFUL CONSTANT MADE THE APP CRASH. ASSHOLE.

I'm doing a project for uni in Omnet (C++ framework that should facilitate working with networks of queues, simulating and displaying statistics).

I needed to retrieve a random value from an exponential distribution, and the function to do so requires a random number generator as input. The framework has 2 implementations of the RNG and I picked the first one.

I spent 3 hours trying every possible thing, using both the exponential() function and its class wrapper (both provided by the framework), it was always returning 0 or NaN.

The RNG was spitting out values correctly, so I thought it was okay.

When I was almost ready to give up, I figured I could try and change to the second implementation of RNG, expecting nothing to change. And it fucking worked.

Zero reports on this behavior on Google, no apparent reason why it would work with one and not with the other when the two RNGs literally implement the same abstract class and spit out the same exact numbers... Just black magic...

Oh and cherry on top, it works with the raw function but not with the class wrapper on that same function... IF YOU GOTTA IMPLEMENT SOMETHING IN YOUR DAMN FRAMEWORK THAT DOESN'T WORK, FUCKING DON'T! 1 combination working out of 4 is not good! Or at least document it!

Sorry just had to share my pain

Crypto. I've seen some horrible RC4 thrown around and heard of 3DES also being used, but luckily didn't lay my eyes upon it.
Now to my current crypto adventure.
Rule no.1: Never roll your own crypto.
They said.
So let's encrypt a file for upload. OK, there doesn't seem to be a clear standard, but ya'know combine asymmetric cipher to crypt the key with a symmetric. Should be easy. Take RSA and whatnot from some libraries. But let's obfuscate it a bit so nobody can reuse it. - Until today I thought the crypto was alright, but then there was something off. On two layers there were added hashes, timestamps or length fields, which enlarges the data to encrypt. Now it doesn't add up any more: Through padding and hash verification RSA from OpenSSL throws an error, because the data is too long (about 240 bytes possible, but 264 pumped in). Probably the lib used just didn't notify, silently truncating stuff or resorting to other means. Still investigation needed. - but apart from that: why the fuck add own hash verification, with weak non-cryptographic hashes(!) if the chosen RSA variant already has that with SHA-256. Why this sick generation of key material with some md5 artistic stunts - is there no cryptographically safe random source on Windows? Why directly pump some structs (with no padding and magic numbers) into the file? Just so it's a bit more fucked up?
Thanks, that worked.

Am I in developer hell already? A shitty project is about to come to an end (hopefully), or should I rather say: It needs to come to an end. But I am still quite lost in how to deal with it, hence procrastinating on it - making the deadline come closer and with it the realization that I'll probably have to rewrite almost everything. I'm not sure how, but I do know that the current code is a dumpster fire.

Basically what I need to do is dealing with the APIs of different payment providers/gateways (like PayPal, AmazonPay). For most cases I'll get a payment ID from the shop and need to act on it later, e.g. capture the authorized money in the case of a credit card transaction or do refunds (without user interaction, unless there is an error). Now at first I put something together where I try to abstract the payment information into two tables:
orders{1}<->{0..n}payments
payments{1}<->{1..n}paymentDetails

Unfortunately trying to abstract the different payment methods and to squeeze them (and their different possible stati and functions) in these tables was not very successful, it's a total mess with magic numbers, half-broken behavior and without any consideration for partial payments/captures or unfinished requests (i.e. if there is an exception before the response is dealt with, there is no indication that anything has ever been sent). Also the current amount is calculated through the history of the paymentDetails table, which basically works differently for each payment type.

How to fix this mess in a way that I'll still have a job by next week?

I'm trying to improve the db schema first, as I think my biggest problems are lying there. Through some research I've come across a recommendation for making payment type specific subtables (with a magic number/string in the main table to prevent having to look up all subtables). That way I can record what I send and receive without having to abstract it too much, so I'll have an acceptable transaction log. The paymentDetails table can be removed (necessary fields go to the payments table). The payments table gets multiple fields for the amount (differentiating between open, authorized, captured, processing and refunded values) and always reflects the current status.

Tables:
payments
paymentRequestsPaypal
paymentRequestsAmazonpay
paymentRequestsXyz

I think I'm going in the right direction here. hm. Maybe there's some light at the end of this long, dark tunnel. Or a train. I'll have two days to find out.

things I have to deal with while adding features to old code

Magic Numbers.

WHY?! >:(

Thank god for code reviews

The only thing cooler than magic numbers are magic no-go numbers.
Or does anyone have a reason for considering 2 or 4 spaces indent but not 3?

I just had to convince another "senior" dev that Magic Numbers are bad. Her argument was that the API already knows the mapping so creating another mapping on the front end was overkill and not needed when you know the value you need to compare against.