I have to admit I didn't expect that...

I always like to approach a new coding project by concentrating on the data model first. I've seen a lot of projects built on extremely convoluted database structures and it really hurts because it makes it hard to add new features to the project.

So I look at the requirements of the new project and try to come up with a basic data model. Then I like to think about what logical future additions to the project could be. And using those, I try to see if the data model is flexible enough to be able to handle those additions fairly easily or if complex migrations or hacks would be needed to account for new use cases and features.

I think once you have a solid data structure and database technology, planning out an API or rest of the software is pretty straight forward. I like to create reusable pieces of middleware early on in the project which makes it easy to apply consistent functionality with ease to different API endpoints.

People complaining "oh I always have trouble figuring out if the clock goes forwards or backwards in October"

Bitch please, I'm dealing with 12 databases, with SQL dates as local timezone timestamps, and an influxDB in UTC. I'm dealing with a backend server configured in CEST and a middleware layer configured in Pacific time, and a hundred functions which try to keep everything straight because no one dares to migrate it all to UTC at this point.

In the whole argument about DST you hear about sleep psychology, electricity bills and farmers.

But what about me, the poor database administrator? What about all these ugly legacy systems, what about all the UX designers trying to fix time input pickers?

I spend 2 months a year in agony having nightmares of rips and folds in the flow of time. DAYLIGHT SAVING DOESN'T FUCKING MAKE SENSE HOW CAN TIME EXIST TWICE?

Laravel is the worst framework ever.

Everything has to be made convenient and easy. That sounds amazing, because developers want to save time, worry less about boilerplate code, right? No more constructors, no more dependency injection, fuck all the tedious OOP shit... RIGHT?

It does one thing well: Make PHP syntax uniform and concise through easily integrated libraries such as Collection and Carbon. But those are actually not really part of the framework... just commonly integrated and associated with Laravel.

The framework itself is completely derailed: You can define code in a callback in the routes file. You can define a controller in the routes file. You can define middleware as a parameter to the route, as a fluent method to the route, you can stack them up in a service provider. Validators can be made in controllers, Request objects, service providers, etc. You can send mail inline, through Mailable objects, through Notification objects, etc.

Everything is macroable, injectable, and definable in a million different places. Ultimate freedom!

Guess what happens when you give 50 developers of various seniority a swiss army knife?

One hammers in a screw with a nail file, the other clips the head from the screw using scissors, and you end up with an unworkable mess and blunt tools.

And don't get me started about Eloquent, the Active Record ORM. It's cute for the simple blog/article/author/comment queries, but starts choking when you want more selective and performant queries or more complex aggregates, and provides such an opaque apple-esque interface which lets people think everything is OK, when in reality it's forcing the SQL server to slowly commit suicide.

Ok story of my most most recent job search (not sure devRant could handle the load if I was to go through them all)

First a little backstory on why I needed to search for a new job:

Joined a small startup in the blockchain space. They were funded through grants from a non-profit setup by the folks who invented the blockchain and raised funds (they gave those funds out to companies willing to build the various pieces of the network and tools).

We were one of a handful of companies working on the early stages of the network. We built numerous "first"s on the network and spent the majority of our time finding bugs and issues and asking others to fix them so it would become possible, for us to do what we signed up for. We ended up having to build multiple server side applications as middleware to plug massive gaps. All going great, had a lot of success, were told face to face by the foundation not to worry about securing more funds at least for the near term as we were "critical to the success of the network".

1 month later a bug was discovered in our major product, was nasty and we had to take it offline. Nobody lost any funds.

1-2 months later again, the inventor of the blockchain (His majesty, Lord dickhead of cuntinstein) decided to join the foundation as he wasn't happy with the orgs progress and where the network now stood. Immediately says "see that small startup over there ... yeah I hate them. Blackball them from getting anymore money. Use them as an example to others that we are not afraid to cut funds if you fuck up"

Our CEO was informed. He asked for meetings with numerous people, including His royal highness, lord cockbag of never-wrong. The others told our CEO that they didn't agree with the decision, but their hands were tied and they were deeply sorry. Our CEO's pleas with The ghost of Christmas cuntyness, just fell on deaf ears.

CEO broke the news to us, he had 3 weeks of funds left to pay salaries. He'd pay us to keep things going and do whatever we could to reduce server costs, so we could leave everything up long enough for our users to migrate elsewhere. We reduced costs a lot by turning off non essential features, he gave us our last pay check and some great referrals. That was that and we very emotionally closed up shop.

When news got out, we then had to defend ourselves publicly, because the loch ness moron, decided to twist things in his favour. So yeah, AMAZING experience!

So an unemployed and broken man, I did the unthinkable ... I set my linkedin to "open to work". Fuck me every moronic recruiter in a 10,000 mile radius came after me. Didn't matter if I was qualified, didn't matter if I had no experience in that language or type of system, didn't matter if my bio explicitly said "I don't work with X, Y or Z" ... that only made them want me more.

I think I got somewhere around 20 - 30 messages per week, 1 - 2 being actually relevant to what I do. Applied to dozens of jobs myself, only contacted back by 1, who badly fucked up the job description and I wasn't a fit at all.

Got an email from company ABC, who worked on the same blockchain we got kicked off of. They were looking for people with my skills and the skills of one other dev in the preious company. They heard what happened and our CEO gave us a glowing recommendation. They largely offered us the job, but both of us said that we weren't interested in working anywhere near, that kick needing prick, again. We wanted to go elsewhere.

Went back to searching, finding nothing. The other dev got a contract job elsewhere. The guy from ABC message me again to say look, we understand your issues, you got fucked around. We can do out best to promise you'll never have to speak to, the abominable jizz stain, again. We'll also offer you a much bigger role, and a decent salary bump on top of that.

Told them i'd think about it. We ended up having a few more calls where they showed me designs of all the things they wanted to do, and plans on how they would raise money if the same thing was to ever happen to them. Eventually I gave in and signed up.

So far it was absolutely the right call. Haven't had to speak to the scrotum at all. The company is run entirely by engineers. Theres no 14 meetings per week to discuss "where we are" which just involves reading our planning tool tickets, out loud. I'm currently being left alone 99% of the week to get work done. and i'm largely in-charge of everything mobile. It was a fucking hellhole of a trip, but I came out the other side better off

I'm sure there is a thought provoking, meaningful quote I could be writing now about how "things always work out" or that crap. But remembering it all just leaves me with the desire to find him and shove a cactus where the sun don't shine

.... happy job hunting everyone!

Hey @Root! I know you won't have time to finish Ticket A before holiday vacation, so work on Ticket B instead.

I finished Ticket A in time. except for converting/fixing some horrible spaghetti monstrosity. More or less: "we overwrote this gem's middleware and now it calls back into our codebase under specific circumstances, and then calls the gem again, which calls the middleware again." Wtf? It's an atrocity against rationality.

The second day after vacation:

Hey @Root, drop Ticket B and work on Ticket C instead. Can you knock this out quick, like before friday? ... Uh, sure. It looks easy.

Ticket C was not easy. Ticket C was a frontend CSS job to add a print button, and for unknown reasons, none of the styles apply during printing. The only code involved is adding a button with a single line of javascript: `window.print()`, so why give it to the chick who hasn't been given a frontend ticket in over a year? Why not give it to the frontend guy who does this all day every day? Because "do it anyway," that's why.

And in somewhere between 13 (now 5) minutes and two hours from now, I'm going to have a 1:1 with my boss to discuss the week. Having finished almost all of Ticket A won't matter because it's not a "recent priority" -- despite it being a priority before, and a lot of work. I've made no progress on Ticket B due to interruptions (and a total and complete lack of caring because I'm burned out and quite literally can no longer care), and no progress on ticket C because... it's all horribly broken and therefore not quick. I assigned it to Mr. Frontend, which I'll probably get chewed out for.

So, my 1:1 with bossmang today is going to be awful. And the worst part of all: I'm out of rum! Which means sobriety in the face of adversity! :<

but like, wtf. Just give me a ticket and let me work on it until it's done. Stop changing the damn priorities every other freaking day!

Writing more infrastructure than product.

Look, my application requests and transforms data from a single external API endpoint, it's just one GET request...

But I made an intelligent response caching middleware to prevent downtime when the parent API goes down, I made mocks and tests for everything, the documentation is directly generated from the code and automatically hosted for every git branch using hooks, responses are translated into JSONschema notation which automatically generate integration tests on commit, and the transformations are set up as a modular collection of composable higher order lenses!

Boss: Please use less amphetamine.

Day 1:

Me: 'Hi'

Middleware guy: 'Raise a Jira. We have always been so accommodating. Contact your manager.'

*Jeez*

===

Day 2:

Me: 'Could you please start the server in dev environment? I am a new joiner. I don't have access. Here is a jira.'

Middleware guy: 'Deadlines may be for you. It is not for me. Wait until tomorrow.'

*Damn, did he get a divorce recently?*

===

Day 5: *An urgent delivery asap* 'Hi, could you please do the configuration of the new app in staging?'

Middleware guy: 'So, here is the split up...
Task 1
Task 2
Task 3
Task 4
Task 5 & 6
Your app will be configured by tomorrow first half hopefully.. Oh and you can escalate if it is too late..
'
*What a b...*

===

Day 8:

Me: *Doing late sit for pushing a task* 'Hi, we have an issue. The server is not starting. Could it be due to..'

MW guy in 'second' shift: 'Oh, we don't extend support on unusual hours'

Me: 'But this is second shift.'

MW guy: 'Yeah, but I have to go home early now...'

====

Day 10:

Team Lead: 'Any innovative solutions?'

Me: 'Let's go SERVERLESS!' :D

What's the point of using a framework if you don't use any of its features!? What the heck, I have to fix this damn web frontend that is so broken in many ways.

Instead of using an authentication middleware, every single view has the same block of code to check if a user is authenticated. Instead of templates, they used static HTML/JavaScript files and they passed data to pages through cookies.

The "REST" API is so messed up, nothing is resource-oriented, HTTP methods are chosen randomly as well as status codes. They are returning "412 Precondition Failed" instead of a plain simple "401 Unauthorized" when you're not authenticated! What the hell, did they even bother to check what 412 is about when they copied and pasted it from a crappy website!? I would never come up with 412, not even in my scariest nightmare.

What kind of drugs were they using when they wrote such code? Oh dear, I need a vacation...

Root gets ignored.

I've been working on this monster ticket for a week and a half now (five days plus other tickets). It involves removing all foreign keys from mass assignment (create, update, save, ...), which breaks 1780 specs.

For those of you who don't know, this is part of how rails works. If you create a Page object, you specify the book_id of its parent Book so they're linked. (If you don't, they're orphans.) Example: `Page.create(text: params[:text], book_id: params[:book_id], ...)` or more simply: `Page.create(params)`

Obviously removing the ability to do this is problematic. The "solution" is to create the object without the book_id, save it, then set the book_id and save it again. Two roundtrips. bad.

I came up with a solution early last week that, while it doesn't resolve the security warnings, it does fix the actual security issue: whitelisting what params users are allowed to send, and validating them. (StrongParams + validation). I had a 1:1 with my boss today about this ticket, and I told him about that solution. He sort of hand-waved it away and said it wouldn't work because <lots of unrelated things>. huh.

He worked through a failed spec to see what the ticket was about, and eventually (20 minutes later) ran into the same issues Idid, and said "there's no way around this" (meaning what security wants won't actually help).

I remembered that Ruby has a `taint` state tracking, and realized I could use that to write a super elegant drop-in solution: some Rack middleware or a StrongParams monkeypatch to mark all foreign keys from user-input as tainted (so devs can validate and un-taint them), and also monkeypatch ACtiveRecord's create/save/update/etc. to raise an exception when seeing tainted data. I brought this up, and he searched for it. we discovered someone had already build this (not surprising), but also that Ruby2.7 deprecates the `taint` mechanism literally "because nobody uses it." joy. Boss also somehow thought I came up with it because I saw the other person's implementation, despite us searching for it because I brought it up? 🤨

Foregoing that, we looked up more possibilities, and he saw the whitelist+validation pattern quite a few more times, which he quickly dimissed as bad, and eventually decided that we "need to noodle on it for awhile" and come up with something else.

Shortly (seriously 3-5 minutes) after the call, he said that the StrongParams (whitelist) plus validation makes the most sense and is the approach we should use.

ffs.
I came up with that last week and he said no.
I brought it up multiple times during our call and he said it was bad or simply talked over me. He saw lots of examples in the wild and said it was bad. I came up with a better, more elegant solution, and he credited someone else. then he decided after the call that the StrongParams idea he came up with (?!) was better.

jfc i'm getting pissy again.

So, I was going to complain about JS being finicky and not making a damned bit of sense, but it turns out that it wasn't JS's fault. Not entirely, anyway. It was the halfassed JS minifier middleware (written by the legendary dev himself) that was breaking the JS while writing it to the page.

The original problem:
My code worked. I removed some comments. Big ol' block of //'s. And suddenly $() isn't a function. But if I call $(); at the top, it all works!

It turns out the "minifier" caused JS to think my code was chaining off the previous JS line in the rendering pipeline instead of being a separate statement. so all it really needed was a `;` at the start. What threw me, though, was the last line of the previous blob of (non-minified) JS was a comment, so it should be a separate statement, right?

But as it turns out...

```
console
// JS really is finicky.
.log('Sigh.');
```

I’m trying to add digit separators to a few amount fields. There’s actually three tickets to do this in various places, and I’m working on the last of them.

I had a nightmare debugging session earlier where literally everything would 404 unless I navigated through the site in a very roundabout way. I never did figure out the cause, but I found a viable workaround. Basically: the house doesn’t exist if you use the front door, but it’s fine if you go through the garden gate, around the back, and crawl in through the side window. After hours of debugging I eventually discovered that if I unlocked the front door with a different key, everything was fine… but nobody else has this problem?

Whatever.
Onto the problem at hand!

I’m trying to add digit separators to some values. I found a way to navigate to the page in question (more difficult than it sounds), and … I don’t know what view is rendering the page. Or what controller. Or how it generates its text.

The URL is encrypted, so I get no clues there. (Which was lead dev’s solution to having scrapeable IDs instead of just, you know, fixing them). The encryption also happens in middleware, so it’s a nightmare to work through. And it’s by the lead dev, so the code is fucking atrocious.

The view… could be one of many, and I don’t even know where they are. Or what layout. Or what partials go into building it.

All of the text on the page are “resources” — think named translations that support plus nested macros. I don’t know their names, and the bits of text I can search for are used fucking everywhere. “Confirmation number” (the most unique of them) turns up 79 matches. “Fee” showed up in 8310 places before my editor gave up looking. Really.

The table displaying the data, which is what I actually care about, isn’t built in JS or markup, but is likely a resource that goes through heavy processing. It gets generated in a controller somewhere (I don’t know the resource name so I can’t find it), and passed through several layers of “dynamic form” abstraction, eventually turned into markup, and rendered as a partial template. At least, that’s how it worked in the previous ticket. I found a resource that looks right, and there’s only the one. I found the nested macros it uses for the amount and total, and added the separators there… only to find that it doesn’t work.

Fucking dead end.

And i have absolutely nothing else to go on.

Page title? “Show”
URL? /~LiolV8N8KrIgaozEgLv93s…
Text? All from macros with unknown names. Can’t really search for it without considerable effort.
Table? Doesn’t work.
Text in the table? doesn’t turn up anything new.
Legal agreement? There are multiple, used in many places, generates them dynamically via (of course) resources, and even looking through the method usages, doesn’t narrow it down very much.

Just.
What the fuck?
Why does this need to be so fucking complicated?

And what genius decided “$100000.00” doesn’t need separators? Right, the lot of them because separators aren’t used ANYWHERE but in code I authored. Like, really? This is fintech. You’d think they would be ubiquitous.

And the sheer amount of abstraction?
Stupid stupid stupid stupid stupid.

I had a project where I completely suprised the client and the company within the beginning. It was silky smooth, working on multiplatform ios android,standalone. I wrote the most complex shader I ever made. Everything was great and I even got a bonus for the project.
Then one day. Videos started to stutter. Not playing, completely black on some cases and some devices.
I started to think about reasons. I tried every solution I come up with. No success.
Updated all the codecs, middleware still nothing. Tried to solve the problem for a week. It was a total diaaster and I even thought I a dont deserve to be a developer.

We encoded the videos a few times. Decided to export the original video again, boom! It worked. Theres no particular reason why it worked. But it worked. I guess I am a good developer. Not the best but, eh.

I'm having an existential crisis with this client.

We are spending millions of $s every year to make sure the product's performance is perfect. We are testing various scenarios, fine-tuning PLABs: the environment, application, middleware, infra,... And then we provide our recommendations to the client: "To handle load of XX parallel users focusing on YY, yy and Zy APIs, use <THIS> configuration".

And what the client does?
- take our recommendations and measure the wind speed outside
- if speed is <20m/s and milk hasn't gone bad yet, add 2x more instances of API X
- otherwise add 3xX, 1xY and give more CPUs to Z
- split the setup in half and deploy in 2 completely separate load-balanced prod environments.
- <do other "tweaking">

- bomb our team with questions "why do we have slow RTs?", "why did the env crash?", "why do we have all those errors?", "why has this been overlooked in PLABs?!?"

If you're improvising despite our recommendations, wtf are we doing here???

One day I will crack. Hopefully, not sometime soon.

So, I was getting started with express middlewares and installed Postman. I saw this. I literally cracked up laughing so hard at this.

I made a SMALLLL change in a .NET middleware that handles WebSockets (in the self-made SAAS I previously talked about) and it somehow fucked up n stopped closing connections even for people who left

On the bright side, I didn't notice any performance reduction in the service so the scalability was unintentionally stress-tested lol
Now to figure out how it fucked up

Any senior types out there find that you’re losing your coding “chops”? I’m involved in so many OS/Middleware upgrades, infrastructure upgrades, status meetings that I can’t code to save my life anymore. I can review and guide design, but I struggle to generate new code. I can get a new dev going really quickly though - is this just a natural progression or is it game over for me? I feel like if I had to get another job, I’d be very unsuccessful. They call me a leader, but I think I’m just a slave.

I inherited a nextjs project from an unknown guy and am fangirling the codebase

But the deeper I familiarise myself with it, the more the cracks begin to appear:

1) The dude Is incapable of grasping the basics of DRY concept. He actually setup a ton of stuff I may have done poorly if I'd started working straight out of the docs, so I feel like I owe him a shower of praise. I guess being new to nextjs makes it look more impressive than it actually is. He was paid off, yet getting the credit seems unearned to me. I'm just afraid reaching out to him might turn around to bite me in the ass
***

I had the above in my drafts, contemplating sending him a token to show some appreciation for unknowingly showing me the ropes. I was going to find him on LinkedIn using his commit names. But after doing everything I've done, undergoing the anxiety and severe pressure I faced at the hands of the project owners, I'm not sharing a farthing with anybody

Yes, I may not have known about zustand and persist middleware. Yes, he did all the ui. Yes, he created the base components and fancy wrappers around form and button html elements. For those, I'm grateful

But the amount of refactoring I had to do to, for an opportunity to implement my own target features, I'd say I can lay as much claim to the project as he does.

Side note #1: I have some newfound respect for front end devs. We used to discriminate against them for doing just css but that was only relevant in the jquery days. Now, they have to use cryptic css frameworks (sass, less, tailwind), they have to learn esoteric syntax of some js framework and write controllers/components as the case may be. They have to (the worst part), bind this data to an API, which would never make sense to me coming from a php ssr-natural world

Back rewarding the guy, some of the challenges I came back from were:

1) Next server outages: I still don't know the workaround this. The app terminates, browser giving an error about using up memory. I have to wait for about 10 minutes before I can access the app again

2) spring Webflux authentication not hydrating: I was unexpectedly asked to work on the back end too, where I got tortured with this horrifying condition. The most poorly documented framework for the Web has no upto date guide on how to implement jwt security measures. I opened a question on stackoverflow. A day later, both my question and the helpful answer got downvoted

3) Zustand not retrieving any data from localstorage once page reloads, until I miraculously stumbled on a hack: there's a config callback for reading state after rehydration or thereabout. So I interact with the state there. That's the only way content clearly in localstorage can get transmuted into dynamic format accessible by the code

4) Mongo database suddenly disconnecting: for no apparent reason, this bailed. Accessible on compass. This was even when I realised it was responsible for front end requests not going through. Eventually created a new database and requests surprisingly began connecting again. Thankfully, my laravel background taught me about seeders so I had them on standby from the onset. Wasn't difficult to just port to a fresh database after confirming the first one was inaccessible to the app

After this painful odyssey and the time constraints, threats of moving forward with someone else, I deserve every dime they deem me worthy of and more

I was working on a thing at work which routes http requests from one endpoint and port to several local services.
I was halfway done when I noticed I just wrote a primitive reverse proxy.

Anyway, I'm calling it GRID, Gateway for REST Interface Distribution.

It's capable of dynamically attaching new routes and services and removing those during runtime via inbuilt typescript compilation service.

Each "runtime module" defines several routes which may have a middleware function (express.js style), which gets executed before forwarding the request to the local service.

I don't know why, but I'm kinda proud of this one; Feels like I made something actually useful for once.

Gonna maybe add a webUI with the monaco editor to write typescript modules without needing VSCode...

Also I may implement a load balancing system for scalability.

It comes with a cli too.

Gonna put it on github and post it here once I'm done with v1.

Ive been working on pseudo-Java (ie some 3rd company's UNDOCUMENTED programming language) that they parse into Java in their backend

It doesnt even support if-else (only ifs and elses) or a boolean combination of False and OR together lmao

mainly a GRPC middleware-language

Given its lack of features (arrays/collections) or documentation, I just had to implement a flag-array using a 0-1 string

Im throwing exceptions unless combined strings equal Lengths and is only 1s

living like in 80s-90s 💀

Removing a tonne of controllers, middleware, views and services we no longer need....cleansssssing

?rant
We bought an expensive middleware which helped development speed and stability a lot. Something did not work and after a week I located the bug in the middleware. Support was adequate and the bug got fixed after my report.
I'm not mad at the developers, because bugs happen, and this one was hard to catch, even with tests.
On the other hand I have to explain my boss what took so much time.
It really wasn't my fault, but I also don't want to shame the middleware company, because it will make it harder for me to buy their stuff (and I quite like their products) or even any software at all.

One of the things that I like the most regarding Clojure(and most Lisps to be honest) is how "not for beginners" the ecosystem feels.
Don't get me wrong, setting up a project in lein with dependencies(both internal and external) is a cakewalk, installing lein or boot is a cakewalk. Setting environment consts and middleware etc etc is a cakewalk.
Its just that there are no blogs about convoluted and amateurish ways of doing things. Most presentations and articles are written by really experienced and talented individuals.

I dunno, its just a nice shift in community. Its nice to see people not fucking up Object Oriented programming in java or any of the other oop languages. Its nice not seeing people giving horrible advice regarding memory management in C or c++ and it is sure as shit nice to not see spaghetti php und js code.

And my productivity levels are off the charts man. Really liking this shit and I get to stay inside my JVM

I tried to get this trainwreck of a middleware running again. Generations of imbecile devs turned this once ambitious project into a dumpster fire. I had some feeble hopes. Wrote a little framework to get this braindead architecture back on its track. BUT EVERY PULL REQUEST I GET TO REVIEW SHOWS THEY DON'T CARE. FML! Why am I even trying. I should have known these morons just want to pour gasoline onto an already blazingly burning software. GODDAMMIT SHOW SOME ENGINEERING SPIRIT. Why are you even in this industry in the first place?

IBM Websphere Application Server... the fact that that needs to be install for other middleware to run makes me irrate my balls with a grinder...

Service necessary for many applications is failing at 8am this morning, it connects to a virtual directory. Trying to figure out why it's failing, application is fine, Middleware is fine, asked to reboot virtual directory servers "no we can't do that" fast forward to a wasted day trying to find the error, asked again to restart, they said yes, what do you know it started working again

dear ietf-people i want to thank you that tls1.3 is official. i know it was hard work to say just no to the doughbags and preventing that middleware and spyware manufacturers implementing static keys.
to make it short:
Thank you for your hard work

I needed to do some brainstorming for a starting point to connect Monday.com to some middleware so I can send assets in Monday.com to another server for providing status reports to non-Monday.com users. So, I fired up Anthropic Claude 3.7 Sonnet and asked it to give me some ideas of where to begin. It seems to have done really well stubbing out some starter code and a basic architecture for this system. Except for one thing. The system architecture diagram. Anyone know this language?

Curious to see if anyone else is in this situation: I somehow have become the “infrastructure upgrade guy”. I’m in this constant loop of retrofitting our applications to work with the latest Windows Version or Java Middleware. Or, I’m stuck porting apps from one middleware to another. I guess I got good at this, and now I’m stuck in this constant loop of being the “go to” for all system upgrades/ports, which seem to just be in this endless cycle. It gets me a lot of recognition, but the work is miserable. Anyone else experience something like this, and if so, how did you get out?

being middleware... had to split up back end work in two parts which wasn't necessary but for 1 day it is split up and at the end 3 days delayed because of split up... controlling temper was the biggest challenge of that part.

Let me rant! I don’t usually do this but this is just frustrating and draining. Please tell me if im wrong. We have authentication that needs to be refactored. I was assigned on this issue. Im a junior btw. I also attached an image of my proposals. The issue of the old way of our signup process is that when validation fails they will keep on accepting the TaC (terms and conditions) and on our create method we have the validation and creating the user. Basically if User.create(user_params) create else throw invalid end. (Imma take a photo later and show it you)which needs to be refactored. So I created a proposal 1. On my first proposal I could create a middleware to check if the body is correct or valid if its valid show the TaCs and if they accept thats the moment the user is created. There is also additional delete user because DoE told me that we dont need middlewares we have before and after hooks! (I wanted to puke here clearly he doesn’t understand the request and response cycle and separation of concerns) anyway, so if middleware is not accepted then i have to delete the user if they dont accept the TaCs. Proposal 2. If they dont want me to touch the create method i could just show the TaCs and if they dont accept then redirect if they do then show form and do the sign process.

This whats weird (weird because he has a lot of experience and has master or phd) he proposes to create a method called validate (this method is in the same controller as the create, i think hes thinking about hooks) call it first and if it fails then response with error and dont save user, heres the a weird part again he wants me to manually check on each entity. Like User.find_by_email(bs@g.com) something like that and on my mind wtf. Isnt it the same as User.create(user_params) because this will return false if paras are invalid?? (I might be wrong here)

This is not the first time though He proposes solutions that are complex, inefficient, unmaintainable. And i think he doesnt understand ruby on rails or webdev in particular. This the first time i complained or I never complained because im thinking im just a junior and he hs more experience and has a higher degree. This is mot the case here though. I guess not all person who has a higher degree are right. To all self thought and bachelors im telling you not all people who went to prestige university and has a higher degree are correct and right all the time. Anyway ill continue later and do what he says. Let me know if im wrong please. Thanks

Project/Middleware/APIs website about section- Writes a lot of things which is hard to get for many, than explaining exactly what it does

I have implemented RESTful API using expressJS, and another React app which will use the API's to fetch data.
I'm getting a problem of Allow-Origin Header.
what's the proper way of calling a API ?

do I use a CORS middleware and allow all origin ('*') and use Api-key as way of check authorization to prevent mis-use. ?
any other tricks ?

tried to stress-test an authenticated websocket endpoint (that makes 2-3 DB calls) by opening closing randomly and it crashed after 20-30 times within a few seconds

I was focused on the middleware glitching out, but error was in the DB-Postgres coz of multiple-connections

Even if I increase the upper limit of simultaneous open connections, the problem at-scale will still exist
If I tried to use a static forever-open connection, it errors out coz 1-command-at-a-time per connection

so im constrained on both sides -.-
Either I rate-limit the endpoint in general and force-close open connections or I cache Organisation-level info that rarely changes

this is one of the few times I miss MS-SQL, it can take a beating but still serve without much complains or losing data consistency -_-

Someone wrote some error handling middleware for the whole application.
Then someone wrote some default classes for HTTP errors; BadRequest, Unauthorized and so on.

If I didn't know any better, I'd think throwing one of these default errors would give the proper status code, instead of default everything to 500.

But alas, I do know better.

When you create a middleware function and title it gtfo // no comments need to explain this function

That shitty moment when you are finally about to release your code, after about one month of developing and testing, and making sure everything is OK, imagining: "Oh we're finally releasing this feature, I have worked so hard on it, it's going to kick some ass!" but surprisingly things get fucked up on production server... I mean seriously? Stupid middleware I killed myself to get to work messed up. Where the hell have you been in staging, you stupid little bug? You happy now? My CTO giving me awkward looks and shit like: "I'm sorry but you have to come fix it, during weekend." The best way to fuck up my mood, today is the last day of week for god's sake!
I hate releasing like this. seriously SAG in this release!

Worst experience: Learning how data is stored in segments in a middleware application called PMS on mainframe and how to manipulate that data.

Best Experience: Building a app that lets you pull down any set of segment data from mainframe and figuring out a way to automatically annotate the data so you could just hover over it and you know what the data is exactly. This way I didn't have to constantly refer back to a reference manual to see what a field name is in a segment, or having to go talk to a mainframe developer to go look at their code. Btw, did I mention I made it searchable by field name??

Just to show you.

The overhead between actual SQL requests and the stack :

.Net 6 =>
Web API =>
EntityFramework core 6 =>
(middleware) GraphQl.EntityFramework =>
GraphQl =>
SQL

Seems a lot ? Yep. But actually... that shit just scales. More sql requests will not cost much. And this stack will take care of generating optimal querry better than me by hand.

(These querries on screenshot are fairly complex).

I like it. So, so much checks done for me and front end people love it too ! They don't need to open a tiocket when they need a new field.

So, /adpoted by me.

PS : And pair it with Blazor, miam.

I feel there aren't enough tutorials on "best practices" when it comes to combining server/client tooling in a monorepo.

Having done so this weekend, the tasks involved were:
* using graphql w/ express to serve requests and expose a "graphiql" ide instance
* differentiating build steps in prod vs. dev
* applying middleware in prod vs. dev
* working with a single heroku dyno

Still missing:
* hot reloading
* my general sense of direction

Damn feeling really happy. Finally I am able to understand and make my custom workable middleware in python. It took me 3-4 days to code authorization process 😓

How the fuck does someone not check from Middleware server to database? Going to production and we find that was never checked.... It's 1130pm and now I have to wake people up on a Friday night...

#Suphle Rant 9: a tsunami on authenticators

I was approaching the finish line, slowly but surely. I had a rare ecstatic day after finding a long forgotten netlify app where I'd linked docs deployment to the repository. I didn't realise it was weighing down on me, the thought of how to do that. I just corrected some deprecated settings and saw the 93% finished work online. Everything suddenly made me happier that day

With half an appendix chapter to go, I decided to review an important class I stole from my old company for clues when I need to illustrate something involved using a semblance of a real world example (in the appendix, not abstract foo-bar passable for the docs)

It turns out, I hadn't implemented a functionality for restricting access to resources to only verified accounts. It just hasn't been required in the scheme of things. No matter, should be a piece of cake. I create a new middleware and it's done before I get to 50 lines. Then I try to update the documentation but to my surprise, user verification status turns out to be a subset of authentication locking. Instead of duplicating bindings for both authentication and verification, dev might as well use one middleware that checks for both and throws exceptions where appropriate.

BUT!

These aspects of the framework aren't middleware, at all. Call it poor design but I didn't envisage a situation where the indicators (authentication, path based authorisation and a 3rd one I don't recall), would perform behaviour deviating from the default. They were directly connected to their handlers and executed after within the final middleware. So there's no way to replace that default authentication scheme with one that additionally checks for verification status.

Whew

You aren't going to believe this. It may seem like I'm not serious and will never finish. I shut my system down for that day, even unsure how those indicators now have to refactored to work as middleware, their binding and detachment, considering route collections are composed down a trie

I'm mysteriously stronger the following day, draw up designs, draft a bunch of notes, roll my sleeves, and the tsunami began. Was surprisingly able to get most of previous middleware tests passing again before bed, with the exception of reshuffled classes. So I guess we can be optimistic that those other indicators won't cause more suffering or take us additional days off course

Trying to do middleware api key in python with flask and decoration @wraps wtf im doing XD

New guy - Senior profile - First question asked - Nope it's a Junior. How come - asking the basic functionality of the middleware piece you have to extend and cannot even answer on this one

I feel like I need a slap in the face here: My team can’t agree on a platform for our apps (Windows/.Net or Linux/Java Middleware/Java). So we have apps all over the place, and our team is fractured. Support is a mess, and I’m caught in the middle because I’m the only one willing to try to keep all these systems upgraded (our infrastructure team refuses to work with anyone except me on our team because I just shut up about my platform beliefs and get work done). I’ve pitched trying .Net core on Linux although I know very little about that. We have no technical challenges that require one platform over another - these are simple business apps. I think our architects should force one platform. Am I nuts? Maybe it’s time to look for another career if this is the new norm.

Yeah, that pretty much sums up talend for me.

Dear frontend dev,

if you can't check whether a variable is defined or not, why do i have to change the back end to accept urlparam='undefined' as valid and replace it with your default value in my backend? Why are you afraid of 40X's? You should be interested in the bugs of your code.

It feels awful to have a middleware in place catching all errors and replacing them with empty 200 responses 😭. All of this because you don't fucking ensure your variables exist before use.

I love how my boss wants to use libraries for everything, even the most minor task needed he looks up for a library to do it, I think that sometimes he even spends more time looking for a library than the time he would spend writing the functionality
e.g. Roles for routes permissions, dude, you have the users role in session you can just write a middleware with ~15-20 lines of code to get them rid of the route come on

What the hell am I!? I wonder if you guys can help me...

I've been programming most of my life but I've never actually been a developer by title or job role. I thought maybe if I list what I do and have done someone here could help? I'm sure there are more of you in a similar boat.

- C# and VB dev for some quick DBMS projects to help me understand and mine databases and create a nice simple view for project teams to show findings from the data to help make certain decisions.
- Automating a lot of my colleagues work with Python and if very restricted then just VBA macros in Excel and MSP. This did also include creating tools to gather data during workshops and converting the data for input into other systems.
- Brought Linux to the office with most team members now moving over to Linux with the peace of mind to know that though they do need to try solve their own problems, I can help if need be.
- Had to learn AWS and then implement an autoscaling and load balanced data center installation of a few Atlassian toolsets.
- Creating the architecture diagrams documentation needed for things like the above point.
- Having said that, also have ended up setting up all the Jira/Confluence etc. servers we use and have implemented so far whether cloud (Azure/AWS) or on prem and set up scripts to automate where possible.
- Implemented an automated workflow view in SharePoint based on SP list data and though in an ASPX page, primarily built in JS.
- Building test systems in PHP/JS with Laravel and Angular to help manage integration between systems. Having quite a time right looking into how to build middleware to connect between SOAP and REST API's, the trouble caused more by the systems and their reliance on frameworks we're trying to cut out of the picture.
- Working on BI and MI and training a team to help on the report creation so that I can do the fun creative stuff and then set them to work on the detail :)

Actually it seems safe to say that it seems that though I've finally moved into a dev office (beforehand being the only developer around) I seem to be the one they go to when a strategic solution is needed ASAP and the normal processes can't be followed (fun for someone with a CompSci degree and a number of project management courses under the belt... though I honestly do enjoy the challenges)

But I always end up Jack of all but master of, well hopefully some at least. let's not even get started on the tech related hobbies from circuit design and IoT to Andoid / iOS and game dev and enjoying a bit of pen testing to make sure we're all safe at work and at home.

As much as I don't like boxes, I'm interested to know if there is in fact a box for me? By the way, the above is just a snapshot of my last two years minus the project management work...

Something annoying about the Node.JS and express stack: no way to globally catch errors using middleware.

I mean, you can try. There's even specific middleware designed for it. However, it only catches synchronous errors. So basically only controllers that don't fetch or upload any sort of data and just return some static view or whatever.

ASP.Net middleware chain is so much more robust :(

The best Redux logger is the simplest (in-browser: console.log(store.getState())

I was hired about 6 weeks ago to help the company take ownership of a piece of software written by an external team. The whole thing was MEAN stack. I had never done anything extensive in nodeJS, but I am quite comfortable in JavaScript and so there weren't any problems. I even ordered myself a JS DevDuck for my new desk.
Just about 2 weeks after my new DevDuck came in, my boss told me that everything the external team wrote is shit and is going to be thrown out. Instead, we're going to rewrite the whole thing inside the existing middleware in Java. Luckily for me, I am also pretty comfortable with Java, though it has been about 5 years, and I know a bunch has changed. But I'm confident I can do the work.
I guess I need a new cape for my duck. Or maybe I'll just start a duck family.

Firebase is a fucking piece of dog shit.

Testing is so bad and complicated to set up, I've spent two days trying to write ONE fucking simple test with an auth middleware via expressjs. Why firebase doesn't mock my dung, you pieces of shit. Even the documentation is all spread out, it's difficult and terrible to follow. I would rather build my own backend because of all the workarounds I have to make because of your limited SHIT product. Even the type libraries are shit, import Timestamp? NOPE. YOU HAVE TO IMPORT FIREBASE TO IMPORT A TIMESTAMP. Learn to define types, shitty google devs. You all suck, thanks for making shitty clients sdk's.

I hope this piece of shit gets deprecated and my clients stops using it.

I recently started working on laravel. As the community says it was easy to get along with the framework and its methodologies. But then i had to do multiple login with framework in same domain.

Oh man, i spent a week to make it work. All those guards and middlewares realted to login was driving me crazy. The concept was clear, but somehow the framework was like "You! I shall make you spend a week for my satisfaction". The project demo was nearing and i was doing all kind of stuff i found. Atlast after continous tries it worked. Never in my 4+ years as a developer i had to face such an issue with login.

So here is how it works,if anyone faces the same issue:
(This case is beneficial if you're using table structures different from default laravel auth table structures)

1. Define the guards for each in auth.php
Eg:
'users' => [
'driver' => 'session',
'provider' => 'users',
],
'client' => [
'driver' => 'session',
'provider' => 'client',
],
'admin' => [
'driver' => 'session',
'provider' => 'admins',
],

2. Define providers for each guards in auth.php
'users' => [
'driver' => 'eloquent',
'model' => <Model Namespace>::class,
'table' => '<table name>', //Optional. You can define it in the model also
],
'admins' => [
'driver' => 'eloquent',
'model' => <Model Namespace>::class,
],
'client' => [
'driver' => 'eloquent',
'model' => <Model Namespace>::class,
],

Similarly you can define passwords for resetting passwords in auth.php

3. Edit login controller in app/Http/Controller/Auth folder accordingly
a. Usually this particular line of code is used for authentication
Auth::guard('<guard name>')->attempt(['email' => $request->email, 'password' => $request->password]);
b. If above mentioned method doesn't work, You can directly login using login method
EG:
$user = <model namespace>::where([
'username' => $request->username,
'password' => md5($request->password),
])->first();
Auth::guard('<guard name>')->login($user);

4. If you're using custom build table to store user details, then you should adjust the model for that particular table accordingly. NOTE: The model extends Authenticatable
EG
class <model name> extends Authenticatable
{
use Notifiable;

protected $table = "<table name>";

protected $guard = '<guard name>';

protected $fillable = [
'name' , 'username' , 'email' , 'password'
];

protected $hidden = [
'password' ,
];

//Below changes are optional, according to your need
public $timestamps = false;
const CREATED_AT = 'created_time';
const UPDATED_AT = 'updated_time';

//To get your custom id field, in this case username
public function getId()
{
return $this->username;
}
}

5. Create login views according to the user types you required

6. Update the RedirectIfAuthenticated middleware for auth redirections after login

7. Make sure to not use the default laravel Auth routes. This may cause some inconsistancy in workflow

The laravel version which i worked on and the solution is for is Laravel 6.x

Multer is shit.

Do you know how to validate file size + mime type of the file before saving it to the disk?

Here is an instruction:

1. In one place you provide a it a fileFilter function that will validate the mime type, but this function can not validate file size or send user response.
2. In second place provide it a config limits file, that will validate file size, but can not validate mime type
3. In third place you provide middleware to capture any errors caused by previous 2 places and send response back to the user.
4. Go google for what is cb in multer because their shit documentation says nothing about it

Such simple thing as request->validation->response is split into 3 different parts, each of different type: callback, config file and middleware.

Why do so much people use this shit written by a braindead retarded morons?

There's no official integration (package) for JWT in Java Spring?

I am new to Java Spring and want to create a simple RESTful server with JWT auth. Checked many tutorials, all of them involved creating your own JWT middleware to retrieve JWT token from incoming request and validate it using some 3rd party JWT library like jwtk/jjwt.

I am surprised this is not as simple as including a Spring JWT package and it would work out of box. I used to write a similar site using Python/Django, and for that adding JWT support is quite simple as adding "xxx.middleware.JWTAuthMiddleware".

EY and ConsenSys announced the formation of the Baseline Protocol with Microsoft which is an open source initiative that combines cryptography, messaging and blockchain to deliver secure and private business processes at low cost via the public Ethereum Mainnet. The protocol will enable confidential and complex collaboration between enterprises without leaving any sensitive data on-chain. The work will be governed by the Ethereum-Oasis Project.

Past approaches to blockchain technology have had difficulty meeting the highest standards of privacy, security and performance required by corporate IT departments. Overcoming these issues is the goal of the Baseline Protocol.

John Wolpert, ConsenSys’ Group Executive for Enterprise Mainnet added, “A lot of people think of blockchains as the place to record transactions. But what if we thought of the Mainnet as middleware? This approach takes advantage of what the Mainnet is good at while avoiding what it’s not good at.”

Source : ConsenSys

Is their a better way than ASP Identity Claims to verify permissions before accessing a page? Refreshing claims in every page load doesn’t seem to be a great solution. Thinking about some sort of permissions middleware. I need to check those IsAdmin roles before any admin area data is accessed. What techniques are you using for authorization in your code base?