I have to admit I didn't expect that...

I always like to approach a new coding project by concentrating on the data model first. I've seen a lot of projects built on extremely convoluted database structures and it really hurts because it makes it hard to add new features to the project.

So I look at the requirements of the new project and try to come up with a basic data model. Then I like to think about what logical future additions to the project could be. And using those, I try to see if the data model is flexible enough to be able to handle those additions fairly easily or if complex migrations or hacks would be needed to account for new use cases and features.

I think once you have a solid data structure and database technology, planning out an API or rest of the software is pretty straight forward. I like to create reusable pieces of middleware early on in the project which makes it easy to apply consistent functionality with ease to different API endpoints.

People complaining "oh I always have trouble figuring out if the clock goes forwards or backwards in October"

Bitch please, I'm dealing with 12 databases, with SQL dates as local timezone timestamps, and an influxDB in UTC. I'm dealing with a backend server configured in CEST and a middleware layer configured in Pacific time, and a hundred functions which try to keep everything straight because no one dares to migrate it all to UTC at this point.

In the whole argument about DST you hear about sleep psychology, electricity bills and farmers.

But what about me, the poor database administrator? What about all these ugly legacy systems, what about all the UX designers trying to fix time input pickers?

I spend 2 months a year in agony having nightmares of rips and folds in the flow of time. DAYLIGHT SAVING DOESN'T FUCKING MAKE SENSE HOW CAN TIME EXIST TWICE?

Laravel is the worst framework ever.

Everything has to be made convenient and easy. That sounds amazing, because developers want to save time, worry less about boilerplate code, right? No more constructors, no more dependency injection, fuck all the tedious OOP shit... RIGHT?

It does one thing well: Make PHP syntax uniform and concise through easily integrated libraries such as Collection and Carbon. But those are actually not really part of the framework... just commonly integrated and associated with Laravel.

The framework itself is completely derailed: You can define code in a callback in the routes file. You can define a controller in the routes file. You can define middleware as a parameter to the route, as a fluent method to the route, you can stack them up in a service provider. Validators can be made in controllers, Request objects, service providers, etc. You can send mail inline, through Mailable objects, through Notification objects, etc.

Everything is macroable, injectable, and definable in a million different places. Ultimate freedom!

Guess what happens when you give 50 developers of various seniority a swiss army knife?

One hammers in a screw with a nail file, the other clips the head from the screw using scissors, and you end up with an unworkable mess and blunt tools.

And don't get me started about Eloquent, the Active Record ORM. It's cute for the simple blog/article/author/comment queries, but starts choking when you want more selective and performant queries or more complex aggregates, and provides such an opaque apple-esque interface which lets people think everything is OK, when in reality it's forcing the SQL server to slowly commit suicide.

Hey @Root! I know you won't have time to finish Ticket A before holiday vacation, so work on Ticket B instead.

I finished Ticket A in time. except for converting/fixing some horrible spaghetti monstrosity. More or less: "we overwrote this gem's middleware and now it calls back into our codebase under specific circumstances, and then calls the gem again, which calls the middleware again." Wtf? It's an atrocity against rationality.

The second day after vacation:

Hey @Root, drop Ticket B and work on Ticket C instead. Can you knock this out quick, like before friday? ... Uh, sure. It looks easy.

Ticket C was not easy. Ticket C was a frontend CSS job to add a print button, and for unknown reasons, none of the styles apply during printing. The only code involved is adding a button with a single line of javascript: `window.print()`, so why give it to the chick who hasn't been given a frontend ticket in over a year? Why not give it to the frontend guy who does this all day every day? Because "do it anyway," that's why.

And in somewhere between 13 (now 5) minutes and two hours from now, I'm going to have a 1:1 with my boss to discuss the week. Having finished almost all of Ticket A won't matter because it's not a "recent priority" -- despite it being a priority before, and a lot of work. I've made no progress on Ticket B due to interruptions (and a total and complete lack of caring because I'm burned out and quite literally can no longer care), and no progress on ticket C because... it's all horribly broken and therefore not quick. I assigned it to Mr. Frontend, which I'll probably get chewed out for.

So, my 1:1 with bossmang today is going to be awful. And the worst part of all: I'm out of rum! Which means sobriety in the face of adversity! :<

but like, wtf. Just give me a ticket and let me work on it until it's done. Stop changing the damn priorities every other freaking day!

Ok story of my most most recent job search (not sure devRant could handle the load if I was to go through them all)

First a little backstory on why I needed to search for a new job:

Joined a small startup in the blockchain space. They were funded through grants from a non-profit setup by the folks who invented the blockchain and raised funds (they gave those funds out to companies willing to build the various pieces of the network and tools).

We were one of a handful of companies working on the early stages of the network. We built numerous "first"s on the network and spent the majority of our time finding bugs and issues and asking others to fix them so it would become possible, for us to do what we signed up for. We ended up having to build multiple server side applications as middleware to plug massive gaps. All going great, had a lot of success, were told face to face by the foundation not to worry about securing more funds at least for the near term as we were "critical to the success of the network".

1 month later a bug was discovered in our major product, was nasty and we had to take it offline. Nobody lost any funds.

1-2 months later again, the inventor of the blockchain (His majesty, Lord dickhead of cuntinstein) decided to join the foundation as he wasn't happy with the orgs progress and where the network now stood. Immediately says "see that small startup over there ... yeah I hate them. Blackball them from getting anymore money. Use them as an example to others that we are not afraid to cut funds if you fuck up"

Our CEO was informed. He asked for meetings with numerous people, including His royal highness, lord cockbag of never-wrong. The others told our CEO that they didn't agree with the decision, but their hands were tied and they were deeply sorry. Our CEO's pleas with The ghost of Christmas cuntyness, just fell on deaf ears.

CEO broke the news to us, he had 3 weeks of funds left to pay salaries. He'd pay us to keep things going and do whatever we could to reduce server costs, so we could leave everything up long enough for our users to migrate elsewhere. We reduced costs a lot by turning off non essential features, he gave us our last pay check and some great referrals. That was that and we very emotionally closed up shop.

When news got out, we then had to defend ourselves publicly, because the loch ness moron, decided to twist things in his favour. So yeah, AMAZING experience!

So an unemployed and broken man, I did the unthinkable ... I set my linkedin to "open to work". Fuck me every moronic recruiter in a 10,000 mile radius came after me. Didn't matter if I was qualified, didn't matter if I had no experience in that language or type of system, didn't matter if my bio explicitly said "I don't work with X, Y or Z" ... that only made them want me more.

I think I got somewhere around 20 - 30 messages per week, 1 - 2 being actually relevant to what I do. Applied to dozens of jobs myself, only contacted back by 1, who badly fucked up the job description and I wasn't a fit at all.

Got an email from company ABC, who worked on the same blockchain we got kicked off of. They were looking for people with my skills and the skills of one other dev in the preious company. They heard what happened and our CEO gave us a glowing recommendation. They largely offered us the job, but both of us said that we weren't interested in working anywhere near, that kick needing prick, again. We wanted to go elsewhere.

Went back to searching, finding nothing. The other dev got a contract job elsewhere. The guy from ABC message me again to say look, we understand your issues, you got fucked around. We can do out best to promise you'll never have to speak to, the abominable jizz stain, again. We'll also offer you a much bigger role, and a decent salary bump on top of that.

Told them i'd think about it. We ended up having a few more calls where they showed me designs of all the things they wanted to do, and plans on how they would raise money if the same thing was to ever happen to them. Eventually I gave in and signed up.

So far it was absolutely the right call. Haven't had to speak to the scrotum at all. The company is run entirely by engineers. Theres no 14 meetings per week to discuss "where we are" which just involves reading our planning tool tickets, out loud. I'm currently being left alone 99% of the week to get work done. and i'm largely in-charge of everything mobile. It was a fucking hellhole of a trip, but I came out the other side better off

I'm sure there is a thought provoking, meaningful quote I could be writing now about how "things always work out" or that crap. But remembering it all just leaves me with the desire to find him and shove a cactus where the sun don't shine

.... happy job hunting everyone!

Writing more infrastructure than product.

Look, my application requests and transforms data from a single external API endpoint, it's just one GET request...

But I made an intelligent response caching middleware to prevent downtime when the parent API goes down, I made mocks and tests for everything, the documentation is directly generated from the code and automatically hosted for every git branch using hooks, responses are translated into JSONschema notation which automatically generate integration tests on commit, and the transformations are set up as a modular collection of composable higher order lenses!

Boss: Please use less amphetamine.

Day 1:

Me: 'Hi'

Middleware guy: 'Raise a Jira. We have always been so accommodating. Contact your manager.'

*Jeez*

===

Day 2:

Me: 'Could you please start the server in dev environment? I am a new joiner. I don't have access. Here is a jira.'

Middleware guy: 'Deadlines may be for you. It is not for me. Wait until tomorrow.'

*Damn, did he get a divorce recently?*

===

Day 5: *An urgent delivery asap* 'Hi, could you please do the configuration of the new app in staging?'

Middleware guy: 'So, here is the split up...
Task 1
Task 2
Task 3
Task 4
Task 5 & 6
Your app will be configured by tomorrow first half hopefully.. Oh and you can escalate if it is too late..
'
*What a b...*

===

Day 8:

Me: *Doing late sit for pushing a task* 'Hi, we have an issue. The server is not starting. Could it be due to..'

MW guy in 'second' shift: 'Oh, we don't extend support on unusual hours'

Me: 'But this is second shift.'

MW guy: 'Yeah, but I have to go home early now...'

====

Day 10:

Team Lead: 'Any innovative solutions?'

Me: 'Let's go SERVERLESS!' :D

What's the point of using a framework if you don't use any of its features!? What the heck, I have to fix this damn web frontend that is so broken in many ways.

Instead of using an authentication middleware, every single view has the same block of code to check if a user is authenticated. Instead of templates, they used static HTML/JavaScript files and they passed data to pages through cookies.

The "REST" API is so messed up, nothing is resource-oriented, HTTP methods are chosen randomly as well as status codes. They are returning "412 Precondition Failed" instead of a plain simple "401 Unauthorized" when you're not authenticated! What the hell, did they even bother to check what 412 is about when they copied and pasted it from a crappy website!? I would never come up with 412, not even in my scariest nightmare.

What kind of drugs were they using when they wrote such code? Oh dear, I need a vacation...

Root gets ignored.

I've been working on this monster ticket for a week and a half now (five days plus other tickets). It involves removing all foreign keys from mass assignment (create, update, save, ...), which breaks 1780 specs.

For those of you who don't know, this is part of how rails works. If you create a Page object, you specify the book_id of its parent Book so they're linked. (If you don't, they're orphans.) Example: `Page.create(text: params[:text], book_id: params[:book_id], ...)` or more simply: `Page.create(params)`

Obviously removing the ability to do this is problematic. The "solution" is to create the object without the book_id, save it, then set the book_id and save it again. Two roundtrips. bad.

I came up with a solution early last week that, while it doesn't resolve the security warnings, it does fix the actual security issue: whitelisting what params users are allowed to send, and validating them. (StrongParams + validation). I had a 1:1 with my boss today about this ticket, and I told him about that solution. He sort of hand-waved it away and said it wouldn't work because <lots of unrelated things>. huh.

He worked through a failed spec to see what the ticket was about, and eventually (20 minutes later) ran into the same issues Idid, and said "there's no way around this" (meaning what security wants won't actually help).

I remembered that Ruby has a `taint` state tracking, and realized I could use that to write a super elegant drop-in solution: some Rack middleware or a StrongParams monkeypatch to mark all foreign keys from user-input as tainted (so devs can validate and un-taint them), and also monkeypatch ACtiveRecord's create/save/update/etc. to raise an exception when seeing tainted data. I brought this up, and he searched for it. we discovered someone had already build this (not surprising), but also that Ruby2.7 deprecates the `taint` mechanism literally "because nobody uses it." joy. Boss also somehow thought I came up with it because I saw the other person's implementation, despite us searching for it because I brought it up? 🤨

Foregoing that, we looked up more possibilities, and he saw the whitelist+validation pattern quite a few more times, which he quickly dimissed as bad, and eventually decided that we "need to noodle on it for awhile" and come up with something else.

Shortly (seriously 3-5 minutes) after the call, he said that the StrongParams (whitelist) plus validation makes the most sense and is the approach we should use.

ffs.
I came up with that last week and he said no.
I brought it up multiple times during our call and he said it was bad or simply talked over me. He saw lots of examples in the wild and said it was bad. I came up with a better, more elegant solution, and he credited someone else. then he decided after the call that the StrongParams idea he came up with (?!) was better.

jfc i'm getting pissy again.

So, I was going to complain about JS being finicky and not making a damned bit of sense, but it turns out that it wasn't JS's fault. Not entirely, anyway. It was the halfassed JS minifier middleware (written by the legendary dev himself) that was breaking the JS while writing it to the page.

The original problem:
My code worked. I removed some comments. Big ol' block of //'s. And suddenly $() isn't a function. But if I call $(); at the top, it all works!

It turns out the "minifier" caused JS to think my code was chaining off the previous JS line in the rendering pipeline instead of being a separate statement. so all it really needed was a `;` at the start. What threw me, though, was the last line of the previous blob of (non-minified) JS was a comment, so it should be a separate statement, right?

But as it turns out...

```
console
// JS really is finicky.
.log('Sigh.');
```

I’m trying to add digit separators to a few amount fields. There’s actually three tickets to do this in various places, and I’m working on the last of them.

I had a nightmare debugging session earlier where literally everything would 404 unless I navigated through the site in a very roundabout way. I never did figure out the cause, but I found a viable workaround. Basically: the house doesn’t exist if you use the front door, but it’s fine if you go through the garden gate, around the back, and crawl in through the side window. After hours of debugging I eventually discovered that if I unlocked the front door with a different key, everything was fine… but nobody else has this problem?

Whatever.
Onto the problem at hand!

I’m trying to add digit separators to some values. I found a way to navigate to the page in question (more difficult than it sounds), and … I don’t know what view is rendering the page. Or what controller. Or how it generates its text.

The URL is encrypted, so I get no clues there. (Which was lead dev’s solution to having scrapeable IDs instead of just, you know, fixing them). The encryption also happens in middleware, so it’s a nightmare to work through. And it’s by the lead dev, so the code is fucking atrocious.

The view… could be one of many, and I don’t even know where they are. Or what layout. Or what partials go into building it.

All of the text on the page are “resources” — think named translations that support plus nested macros. I don’t know their names, and the bits of text I can search for are used fucking everywhere. “Confirmation number” (the most unique of them) turns up 79 matches. “Fee” showed up in 8310 places before my editor gave up looking. Really.

The table displaying the data, which is what I actually care about, isn’t built in JS or markup, but is likely a resource that goes through heavy processing. It gets generated in a controller somewhere (I don’t know the resource name so I can’t find it), and passed through several layers of “dynamic form” abstraction, eventually turned into markup, and rendered as a partial template. At least, that’s how it worked in the previous ticket. I found a resource that looks right, and there’s only the one. I found the nested macros it uses for the amount and total, and added the separators there… only to find that it doesn’t work.

Fucking dead end.

And i have absolutely nothing else to go on.

Page title? “Show”
URL? /~LiolV8N8KrIgaozEgLv93s…
Text? All from macros with unknown names. Can’t really search for it without considerable effort.
Table? Doesn’t work.
Text in the table? doesn’t turn up anything new.
Legal agreement? There are multiple, used in many places, generates them dynamically via (of course) resources, and even looking through the method usages, doesn’t narrow it down very much.

Just.
What the fuck?
Why does this need to be so fucking complicated?

And what genius decided “$100000.00” doesn’t need separators? Right, the lot of them because separators aren’t used ANYWHERE but in code I authored. Like, really? This is fintech. You’d think they would be ubiquitous.

And the sheer amount of abstraction?
Stupid stupid stupid stupid stupid.

I had a project where I completely suprised the client and the company within the beginning. It was silky smooth, working on multiplatform ios android,standalone. I wrote the most complex shader I ever made. Everything was great and I even got a bonus for the project.
Then one day. Videos started to stutter. Not playing, completely black on some cases and some devices.
I started to think about reasons. I tried every solution I come up with. No success.
Updated all the codecs, middleware still nothing. Tried to solve the problem for a week. It was a total diaaster and I even thought I a dont deserve to be a developer.

We encoded the videos a few times. Decided to export the original video again, boom! It worked. Theres no particular reason why it worked. But it worked. I guess I am a good developer. Not the best but, eh.

I'm having an existential crisis with this client.

We are spending millions of $s every year to make sure the product's performance is perfect. We are testing various scenarios, fine-tuning PLABs: the environment, application, middleware, infra,... And then we provide our recommendations to the client: "To handle load of XX parallel users focusing on YY, yy and Zy APIs, use <THIS> configuration".

And what the client does?
- take our recommendations and measure the wind speed outside
- if speed is <20m/s and milk hasn't gone bad yet, add 2x more instances of API X
- otherwise add 3xX, 1xY and give more CPUs to Z
- split the setup in half and deploy in 2 completely separate load-balanced prod environments.
- <do other "tweaking">

- bomb our team with questions "why do we have slow RTs?", "why did the env crash?", "why do we have all those errors?", "why has this been overlooked in PLABs?!?"

If you're improvising despite our recommendations, wtf are we doing here???

One day I will crack. Hopefully, not sometime soon.

So, I was getting started with express middlewares and installed Postman. I saw this. I literally cracked up laughing so hard at this.

I made a SMALLLL change in a .NET middleware that handles WebSockets (in the self-made SAAS I previously talked about) and it somehow fucked up n stopped closing connections even for people who left

On the bright side, I didn't notice any performance reduction in the service so the scalability was unintentionally stress-tested lol
Now to figure out how it fucked up

?rant
We bought an expensive middleware which helped development speed and stability a lot. Something did not work and after a week I located the bug in the middleware. Support was adequate and the bug got fixed after my report.
I'm not mad at the developers, because bugs happen, and this one was hard to catch, even with tests.
On the other hand I have to explain my boss what took so much time.
It really wasn't my fault, but I also don't want to shame the middleware company, because it will make it harder for me to buy their stuff (and I quite like their products) or even any software at all.

So, I've had a personal project going for a couple of years now. It's one of those "I think this could be the billion-dollar idea" things. But I suffer from the typical "it's not PERFECT, so let's start again!" mentality, and the "hmm, I'm not sure I like that technology choice, so let's start again!" mentality.

Or, at least, I DID until 3-4 months ago.

I made the decision that I was going to charge ahead with it even if I started having second thoughts along the way. But, at the same time, I made the decision that I was going to rely on as little external technology as possible. Simplicity was going to be the key guiding light and if I couldn't truly justify bringing a given technology into the mix, it'd stay out.

That means that when I built the front end, I would go with plain HTML/CSS/JS... you know, just like I did 20+ years ago... and when I built the back end, I'd minimize the libraries I used as much as possible (though I allowed myself a bit more flexibility on the back end because that seems to be where there's less issues generally). Similarly, any choice I made I wanted to have little to no additional tooling required.

So, given this is a webapp with a Node back-end, I had some decisions to make.

On the back end, I decided to go with Express. Previously, I had written all the server code myself from "first principles", so I effectively built my own version of Express in other words. And you know what? It worked fine! It wasn't particularly hard, the code wasn't especially bad, and it worked. So, I considered re-using that code from the previous iteration, but I ultimately decided that Express brings enough value - more specifically all the middleware available for it - to justify going with it. I also stuck with NeDB for my data storage needs since that was aces all along (though I did switch to nedb-promises instead of writing my own async/await wrapper around it as I had previously done).

What I DIDN'T do though is go with TypeScript. In previous versions, I had. And, hey, it worked fine. TS of course brings some value, but having to have a compile step in it goes against my "as little additional tooling as possible" mantra, and the value it brings I find to be dubious when there's just one developer. As it stands, my "tooling" amounts to a few very simple JS scripts run with NPM. It's very simple, and that was my big goal: simplicity.

On the front end, I of course had to choose a framework first. React is fine, Angular is horrid, Vue, Svelte, others are okay. But I didn't want to bother with any of that because I dislike the level of abstraction they bring. But I also didn't want to be building my own widget library. I've done that before and it takes a lot of time and effort to do it well. So, after looking at many different options, I settled on Webix. I'm a fan of that library because it has a JS-centric approach. There's no JSX-like intermediate format, no build step involved, it's just straight, simple JS, and it's powerful and looks pretty good. Perfect for my needs. For one specific capability I did allow myself to bring in AnimeJS and ThreeJS. That's it though, no other dependencies (well, at first, I was using Axios because it was comfortable, but I've since migrated to plain old fetch). And no Webpack, no bundling at all, in fact. I dynamically load resources, which effectively is code-splitting, and I have some NPM scripts to do minification for a production build, but otherwise the code that runs in the browser is what I actually wrote, unlike using a framework.

So, what's the point of this whole rant?

The point is that I've made more progress in these last few months than I did the previous several years, and the experience has been SO much better!

All the tools and dependencies we tend to use these days, by and large, I think get in the way. Oh, to be sure, they have their own benefits, I'm not denying that... but I'm not at all convinced those benefits outweighs the time lost configuring this tool or that, fixing breakages caused by dependency updates, dealing with obtuse errors spit out by code I didn't write, going from the code in the browser to the actual source code to get anywhere when debugging, parsing crappy documentation, and just generally having the project be so much more complex and difficult to reason about. It's cognitive overload.

I've been doing this professionaly for a LONG time, I've seen so many fads come and go. The one thing I think we've lost along the way is the idea that simplicity leads to the best outcomes, and simplicity doesn't automatically mean you write less code, doesn't mean you cede responsibility for various things to third parties. Those things aren't automatically bad, but they CAN be, and I think more than we realize. We get wrapped up in "what everyone else is doing", we don't stop to question the "best practices", we just blindly follow.

I'm done with that, and my project is better for it!

Any senior types out there find that you’re losing your coding “chops”? I’m involved in so many OS/Middleware upgrades, infrastructure upgrades, status meetings that I can’t code to save my life anymore. I can review and guide design, but I struggle to generate new code. I can get a new dev going really quickly though - is this just a natural progression or is it game over for me? I feel like if I had to get another job, I’d be very unsuccessful. They call me a leader, but I think I’m just a slave.

I was working on a thing at work which routes http requests from one endpoint and port to several local services.
I was halfway done when I noticed I just wrote a primitive reverse proxy.

Anyway, I'm calling it GRID, Gateway for REST Interface Distribution.

It's capable of dynamically attaching new routes and services and removing those during runtime via inbuilt typescript compilation service.

Each "runtime module" defines several routes which may have a middleware function (express.js style), which gets executed before forwarding the request to the local service.

I don't know why, but I'm kinda proud of this one; Feels like I made something actually useful for once.

Gonna maybe add a webUI with the monaco editor to write typescript modules without needing VSCode...

Also I may implement a load balancing system for scalability.

It comes with a cli too.

Gonna put it on github and post it here once I'm done with v1.

One of the things that I like the most regarding Clojure(and most Lisps to be honest) is how "not for beginners" the ecosystem feels.
Don't get me wrong, setting up a project in lein with dependencies(both internal and external) is a cakewalk, installing lein or boot is a cakewalk. Setting environment consts and middleware etc etc is a cakewalk.
Its just that there are no blogs about convoluted and amateurish ways of doing things. Most presentations and articles are written by really experienced and talented individuals.

I dunno, its just a nice shift in community. Its nice to see people not fucking up Object Oriented programming in java or any of the other oop languages. Its nice not seeing people giving horrible advice regarding memory management in C or c++ and it is sure as shit nice to not see spaghetti php und js code.

And my productivity levels are off the charts man. Really liking this shit and I get to stay inside my JVM

Ive been working on pseudo-Java (ie some 3rd company's UNDOCUMENTED programming language) that they parse into Java in their backend

It doesnt even support if-else (only ifs and elses) or a boolean combination of False and OR together lmao

mainly a GRPC middleware-language

Given its lack of features (arrays/collections) or documentation, I just had to implement a flag-array using a 0-1 string

Im throwing exceptions unless combined strings equal Lengths and is only 1s

living like in 80s-90s 💀

Removing a tonne of controllers, middleware, views and services we no longer need....cleansssssing

IBM Websphere Application Server... the fact that that needs to be install for other middleware to run makes me irrate my balls with a grinder...

dear ietf-people i want to thank you that tls1.3 is official. i know it was hard work to say just no to the doughbags and preventing that middleware and spyware manufacturers implementing static keys.
to make it short:
Thank you for your hard work

I tried to get this trainwreck of a middleware running again. Generations of imbecile devs turned this once ambitious project into a dumpster fire. I had some feeble hopes. Wrote a little framework to get this braindead architecture back on its track. BUT EVERY PULL REQUEST I GET TO REVIEW SHOWS THEY DON'T CARE. FML! Why am I even trying. I should have known these morons just want to pour gasoline onto an already blazingly burning software. GODDAMMIT SHOW SOME ENGINEERING SPIRIT. Why are you even in this industry in the first place?

being middleware... had to split up back end work in two parts which wasn't necessary but for 1 day it is split up and at the end 3 days delayed because of split up... controlling temper was the biggest challenge of that part.

Service necessary for many applications is failing at 8am this morning, it connects to a virtual directory. Trying to figure out why it's failing, application is fine, Middleware is fine, asked to reboot virtual directory servers "no we can't do that" fast forward to a wasted day trying to find the error, asked again to restart, they said yes, what do you know it started working again

Someone wrote some error handling middleware for the whole application.
Then someone wrote some default classes for HTTP errors; BadRequest, Unauthorized and so on.

If I didn't know any better, I'd think throwing one of these default errors would give the proper status code, instead of default everything to 500.

But alas, I do know better.

Let me rant! I don’t usually do this but this is just frustrating and draining. Please tell me if im wrong. We have authentication that needs to be refactored. I was assigned on this issue. Im a junior btw. I also attached an image of my proposals. The issue of the old way of our signup process is that when validation fails they will keep on accepting the TaC (terms and conditions) and on our create method we have the validation and creating the user. Basically if User.create(user_params) create else throw invalid end. (Imma take a photo later and show it you)which needs to be refactored. So I created a proposal 1. On my first proposal I could create a middleware to check if the body is correct or valid if its valid show the TaCs and if they accept thats the moment the user is created. There is also additional delete user because DoE told me that we dont need middlewares we have before and after hooks! (I wanted to puke here clearly he doesn’t understand the request and response cycle and separation of concerns) anyway, so if middleware is not accepted then i have to delete the user if they dont accept the TaCs. Proposal 2. If they dont want me to touch the create method i could just show the TaCs and if they dont accept then redirect if they do then show form and do the sign process.

This whats weird (weird because he has a lot of experience and has master or phd) he proposes to create a method called validate (this method is in the same controller as the create, i think hes thinking about hooks) call it first and if it fails then response with error and dont save user, heres the a weird part again he wants me to manually check on each entity. Like User.find_by_email(bs@g.com) something like that and on my mind wtf. Isnt it the same as User.create(user_params) because this will return false if paras are invalid?? (I might be wrong here)

This is not the first time though He proposes solutions that are complex, inefficient, unmaintainable. And i think he doesnt understand ruby on rails or webdev in particular. This the first time i complained or I never complained because im thinking im just a junior and he hs more experience and has a higher degree. This is mot the case here though. I guess not all person who has a higher degree are right. To all self thought and bachelors im telling you not all people who went to prestige university and has a higher degree are correct and right all the time. Anyway ill continue later and do what he says. Let me know if im wrong please. Thanks

I have implemented RESTful API using expressJS, and another React app which will use the API's to fetch data.
I'm getting a problem of Allow-Origin Header.
what's the proper way of calling a API ?

do I use a CORS middleware and allow all origin ('*') and use Api-key as way of check authorization to prevent mis-use. ?
any other tricks ?

I feel there aren't enough tutorials on "best practices" when it comes to combining server/client tooling in a monorepo.

Having done so this weekend, the tasks involved were:
* using graphql w/ express to serve requests and expose a "graphiql" ide instance
* differentiating build steps in prod vs. dev
* applying middleware in prod vs. dev
* working with a single heroku dyno

Still missing:
* hot reloading
* my general sense of direction

Project/Middleware/APIs website about section- Writes a lot of things which is hard to get for many, than explaining exactly what it does

Curious to see if anyone else is in this situation: I somehow have become the “infrastructure upgrade guy”. I’m in this constant loop of retrofitting our applications to work with the latest Windows Version or Java Middleware. Or, I’m stuck porting apps from one middleware to another. I guess I got good at this, and now I’m stuck in this constant loop of being the “go to” for all system upgrades/ports, which seem to just be in this endless cycle. It gets me a lot of recognition, but the work is miserable. Anyone else experience something like this, and if so, how did you get out?

Damn feeling really happy. Finally I am able to understand and make my custom workable middleware in python. It took me 3-4 days to code authorization process 😓

When you create a middleware function and title it gtfo // no comments need to explain this function

Just to show you.

The overhead between actual SQL requests and the stack :

.Net 6 =>
Web API =>
EntityFramework core 6 =>
(middleware) GraphQl.EntityFramework =>
GraphQl =>
SQL

Seems a lot ? Yep. But actually... that shit just scales. More sql requests will not cost much. And this stack will take care of generating optimal querry better than me by hand.

(These querries on screenshot are fairly complex).

I like it. So, so much checks done for me and front end people love it too ! They don't need to open a tiocket when they need a new field.

So, /adpoted by me.

PS : And pair it with Blazor, miam.

Worst experience: Learning how data is stored in segments in a middleware application called PMS on mainframe and how to manipulate that data.

Best Experience: Building a app that lets you pull down any set of segment data from mainframe and figuring out a way to automatically annotate the data so you could just hover over it and you know what the data is exactly. This way I didn't have to constantly refer back to a reference manual to see what a field name is in a segment, or having to go talk to a mainframe developer to go look at their code. Btw, did I mention I made it searchable by field name??

That shitty moment when you are finally about to release your code, after about one month of developing and testing, and making sure everything is OK, imagining: "Oh we're finally releasing this feature, I have worked so hard on it, it's going to kick some ass!" but surprisingly things get fucked up on production server... I mean seriously? Stupid middleware I killed myself to get to work messed up. Where the hell have you been in staging, you stupid little bug? You happy now? My CTO giving me awkward looks and shit like: "I'm sorry but you have to come fix it, during weekend." The best way to fuck up my mood, today is the last day of week for god's sake!
I hate releasing like this. seriously SAG in this release!

tried to stress-test an authenticated websocket endpoint (that makes 2-3 DB calls) by opening closing randomly and it crashed after 20-30 times within a few seconds

I was focused on the middleware glitching out, but error was in the DB-Postgres coz of multiple-connections

Even if I increase the upper limit of simultaneous open connections, the problem at-scale will still exist
If I tried to use a static forever-open connection, it errors out coz 1-command-at-a-time per connection

so im constrained on both sides -.-
Either I rate-limit the endpoint in general and force-close open connections or I cache Organisation-level info that rarely changes

this is one of the few times I miss MS-SQL, it can take a beating but still serve without much complains or losing data consistency -_-

How the fuck does someone not check from Middleware server to database? Going to production and we find that was never checked.... It's 1130pm and now I have to wake people up on a Friday night...

Trying to do middleware api key in python with flask and decoration @wraps wtf im doing XD

New guy - Senior profile - First question asked - Nope it's a Junior. How come - asking the basic functionality of the middleware piece you have to extend and cannot even answer on this one

#Suphle Rant 9: a tsunami on authenticators

I was approaching the finish line, slowly but surely. I had a rare ecstatic day after finding a long forgotten netlify app where I'd linked docs deployment to the repository. I didn't realise it was weighing down on me, the thought of how to do that. I just corrected some deprecated settings and saw the 93% finished work online. Everything suddenly made me happier that day

With half an appendix chapter to go, I decided to review an important class I stole from my old company for clues when I need to illustrate something involved using a semblance of a real world example (in the appendix, not abstract foo-bar passable for the docs)

It turns out, I hadn't implemented a functionality for restricting access to resources to only verified accounts. It just hasn't been required in the scheme of things. No matter, should be a piece of cake. I create a new middleware and it's done before I get to 50 lines. Then I try to update the documentation but to my surprise, user verification status turns out to be a subset of authentication locking. Instead of duplicating bindings for both authentication and verification, dev might as well use one middleware that checks for both and throws exceptions where appropriate.

BUT!

These aspects of the framework aren't middleware, at all. Call it poor design but I didn't envisage a situation where the indicators (authentication, path based authorisation and a 3rd one I don't recall), would perform behaviour deviating from the default. They were directly connected to their handlers and executed after within the final middleware. So there's no way to replace that default authentication scheme with one that additionally checks for verification status.

Whew

You aren't going to believe this. It may seem like I'm not serious and will never finish. I shut my system down for that day, even unsure how those indicators now have to refactored to work as middleware, their binding and detachment, considering route collections are composed down a trie

I'm mysteriously stronger the following day, draw up designs, draft a bunch of notes, roll my sleeves, and the tsunami began. Was surprisingly able to get most of previous middleware tests passing again before bed, with the exception of reshuffled classes. So I guess we can be optimistic that those other indicators won't cause more suffering or take us additional days off course

I feel like I need a slap in the face here: My team can’t agree on a platform for our apps (Windows/.Net or Linux/Java Middleware/Java). So we have apps all over the place, and our team is fractured. Support is a mess, and I’m caught in the middle because I’m the only one willing to try to keep all these systems upgraded (our infrastructure team refuses to work with anyone except me on our team because I just shut up about my platform beliefs and get work done). I’ve pitched trying .Net core on Linux although I know very little about that. We have no technical challenges that require one platform over another - these are simple business apps. I think our architects should force one platform. Am I nuts? Maybe it’s time to look for another career if this is the new norm.

Yeah, that pretty much sums up talend for me.

Dear frontend dev,

if you can't check whether a variable is defined or not, why do i have to change the back end to accept urlparam='undefined' as valid and replace it with your default value in my backend? Why are you afraid of 40X's? You should be interested in the bugs of your code.

It feels awful to have a middleware in place catching all errors and replacing them with empty 200 responses 😭. All of this because you don't fucking ensure your variables exist before use.

I love how my boss wants to use libraries for everything, even the most minor task needed he looks up for a library to do it, I think that sometimes he even spends more time looking for a library than the time he would spend writing the functionality
e.g. Roles for routes permissions, dude, you have the users role in session you can just write a middleware with ~15-20 lines of code to get them rid of the route come on

What the hell am I!? I wonder if you guys can help me...

I've been programming most of my life but I've never actually been a developer by title or job role. I thought maybe if I list what I do and have done someone here could help? I'm sure there are more of you in a similar boat.

- C# and VB dev for some quick DBMS projects to help me understand and mine databases and create a nice simple view for project teams to show findings from the data to help make certain decisions.
- Automating a lot of my colleagues work with Python and if very restricted then just VBA macros in Excel and MSP. This did also include creating tools to gather data during workshops and converting the data for input into other systems.
- Brought Linux to the office with most team members now moving over to Linux with the peace of mind to know that though they do need to try solve their own problems, I can help if need be.
- Had to learn AWS and then implement an autoscaling and load balanced data center installation of a few Atlassian toolsets.
- Creating the architecture diagrams documentation needed for things like the above point.
- Having said that, also have ended up setting up all the Jira/Confluence etc. servers we use and have implemented so far whether cloud (Azure/AWS) or on prem and set up scripts to automate where possible.
- Implemented an automated workflow view in SharePoint based on SP list data and though in an ASPX page, primarily built in JS.
- Building test systems in PHP/JS with Laravel and Angular to help manage integration between systems. Having quite a time right looking into how to build middleware to connect between SOAP and REST API's, the trouble caused more by the systems and their reliance on frameworks we're trying to cut out of the picture.
- Working on BI and MI and training a team to help on the report creation so that I can do the fun creative stuff and then set them to work on the detail :)

Actually it seems safe to say that it seems that though I've finally moved into a dev office (beforehand being the only developer around) I seem to be the one they go to when a strategic solution is needed ASAP and the normal processes can't be followed (fun for someone with a CompSci degree and a number of project management courses under the belt... though I honestly do enjoy the challenges)

But I always end up Jack of all but master of, well hopefully some at least. let's not even get started on the tech related hobbies from circuit design and IoT to Andoid / iOS and game dev and enjoying a bit of pen testing to make sure we're all safe at work and at home.

As much as I don't like boxes, I'm interested to know if there is in fact a box for me? By the way, the above is just a snapshot of my last two years minus the project management work...

Something annoying about the Node.JS and express stack: no way to globally catch errors using middleware.

I mean, you can try. There's even specific middleware designed for it. However, it only catches synchronous errors. So basically only controllers that don't fetch or upload any sort of data and just return some static view or whatever.

ASP.Net middleware chain is so much more robust :(

I was hired about 6 weeks ago to help the company take ownership of a piece of software written by an external team. The whole thing was MEAN stack. I had never done anything extensive in nodeJS, but I am quite comfortable in JavaScript and so there weren't any problems. I even ordered myself a JS DevDuck for my new desk.
Just about 2 weeks after my new DevDuck came in, my boss told me that everything the external team wrote is shit and is going to be thrown out. Instead, we're going to rewrite the whole thing inside the existing middleware in Java. Luckily for me, I am also pretty comfortable with Java, though it has been about 5 years, and I know a bunch has changed. But I'm confident I can do the work.
I guess I need a new cape for my duck. Or maybe I'll just start a duck family.

The best Redux logger is the simplest (in-browser: console.log(store.getState())

Firebase is a fucking piece of dog shit.

Testing is so bad and complicated to set up, I've spent two days trying to write ONE fucking simple test with an auth middleware via expressjs. Why firebase doesn't mock my dung, you pieces of shit. Even the documentation is all spread out, it's difficult and terrible to follow. I would rather build my own backend because of all the workarounds I have to make because of your limited SHIT product. Even the type libraries are shit, import Timestamp? NOPE. YOU HAVE TO IMPORT FIREBASE TO IMPORT A TIMESTAMP. Learn to define types, shitty google devs. You all suck, thanks for making shitty clients sdk's.

I hope this piece of shit gets deprecated and my clients stops using it.

I recently started working on laravel. As the community says it was easy to get along with the framework and its methodologies. But then i had to do multiple login with framework in same domain.

Oh man, i spent a week to make it work. All those guards and middlewares realted to login was driving me crazy. The concept was clear, but somehow the framework was like "You! I shall make you spend a week for my satisfaction". The project demo was nearing and i was doing all kind of stuff i found. Atlast after continous tries it worked. Never in my 4+ years as a developer i had to face such an issue with login.

So here is how it works,if anyone faces the same issue:
(This case is beneficial if you're using table structures different from default laravel auth table structures)

1. Define the guards for each in auth.php
Eg:
'users' => [
'driver' => 'session',
'provider' => 'users',
],
'client' => [
'driver' => 'session',
'provider' => 'client',
],
'admin' => [
'driver' => 'session',
'provider' => 'admins',
],

2. Define providers for each guards in auth.php
'users' => [
'driver' => 'eloquent',
'model' => <Model Namespace>::class,
'table' => '<table name>', //Optional. You can define it in the model also
],
'admins' => [
'driver' => 'eloquent',
'model' => <Model Namespace>::class,
],
'client' => [
'driver' => 'eloquent',
'model' => <Model Namespace>::class,
],

Similarly you can define passwords for resetting passwords in auth.php

3. Edit login controller in app/Http/Controller/Auth folder accordingly
a. Usually this particular line of code is used for authentication
Auth::guard('<guard name>')->attempt(['email' => $request->email, 'password' => $request->password]);
b. If above mentioned method doesn't work, You can directly login using login method
EG:
$user = <model namespace>::where([
'username' => $request->username,
'password' => md5($request->password),
])->first();
Auth::guard('<guard name>')->login($user);

4. If you're using custom build table to store user details, then you should adjust the model for that particular table accordingly. NOTE: The model extends Authenticatable
EG
class <model name> extends Authenticatable
{
use Notifiable;

protected $table = "<table name>";

protected $guard = '<guard name>';

protected $fillable = [
'name' , 'username' , 'email' , 'password'
];

protected $hidden = [
'password' ,
];

//Below changes are optional, according to your need
public $timestamps = false;
const CREATED_AT = 'created_time';
const UPDATED_AT = 'updated_time';

//To get your custom id field, in this case username
public function getId()
{
return $this->username;
}
}

5. Create login views according to the user types you required

6. Update the RedirectIfAuthenticated middleware for auth redirections after login

7. Make sure to not use the default laravel Auth routes. This may cause some inconsistancy in workflow

The laravel version which i worked on and the solution is for is Laravel 6.x

Multer is shit.

Do you know how to validate file size + mime type of the file before saving it to the disk?

Here is an instruction:

1. In one place you provide a it a fileFilter function that will validate the mime type, but this function can not validate file size or send user response.
2. In second place provide it a config limits file, that will validate file size, but can not validate mime type
3. In third place you provide middleware to capture any errors caused by previous 2 places and send response back to the user.
4. Go google for what is cb in multer because their shit documentation says nothing about it

Such simple thing as request->validation->response is split into 3 different parts, each of different type: callback, config file and middleware.

Why do so much people use this shit written by a braindead retarded morons?

Is their a better way than ASP Identity Claims to verify permissions before accessing a page? Refreshing claims in every page load doesn’t seem to be a great solution. Thinking about some sort of permissions middleware. I need to check those IsAdmin roles before any admin area data is accessed. What techniques are you using for authorization in your code base?

There's no official integration (package) for JWT in Java Spring?

I am new to Java Spring and want to create a simple RESTful server with JWT auth. Checked many tutorials, all of them involved creating your own JWT middleware to retrieve JWT token from incoming request and validate it using some 3rd party JWT library like jwtk/jjwt.

I am surprised this is not as simple as including a Spring JWT package and it would work out of box. I used to write a similar site using Python/Django, and for that adding JWT support is quite simple as adding "xxx.middleware.JWTAuthMiddleware".

EY and ConsenSys announced the formation of the Baseline Protocol with Microsoft which is an open source initiative that combines cryptography, messaging and blockchain to deliver secure and private business processes at low cost via the public Ethereum Mainnet. The protocol will enable confidential and complex collaboration between enterprises without leaving any sensitive data on-chain. The work will be governed by the Ethereum-Oasis Project.

Past approaches to blockchain technology have had difficulty meeting the highest standards of privacy, security and performance required by corporate IT departments. Overcoming these issues is the goal of the Baseline Protocol.

John Wolpert, ConsenSys’ Group Executive for Enterprise Mainnet added, “A lot of people think of blockchains as the place to record transactions. But what if we thought of the Mainnet as middleware? This approach takes advantage of what the Mainnet is good at while avoiding what it’s not good at.”

Source : ConsenSys