Guy called in:

Guy: hello, i can't seem to login to the sql database, could you check if the ip whitelist went right? It's on the *names server* server.
Me: *checks if guy is calling from an authorized number* - nope.
Me: I'm sorry but you're not calling from an authorized number so I can't check that for you!
Guy: no you don't understand. I don't want any of this not-authorized bullshit, I just want a solution for this right now.
Me: and I just want you to call from an authorized number.

Yeah, I actually said that. He wasn't very happy 😅

I'm still employed by the way 🤣

No it's not AI. YOU ARE RUNNING FUCKING SQL QUERIES AND CALLING IT AI!

No it's not AI. YOU ARE RUNNING SIMPLE DATA ANALYSIS MACROS AND FUNCTIONS IN EXCEL!

Stop labelling everything as AI, you attention and investment seeking morons! @&£$¢×xo##!

I had just started my new job and deleted 3 years of data that the client had spent over £450,000 collecting 😱

another developer used my PC to quickly access the clients database while I was out the room as I had sql management studio open. I went back to my PC thinking I was connected to my local database, did a few truncate tables to test my software and :0 minutes later I get a call asking why there was no data on the server!

Thank god for backups 😓

Company: "We'd like to use SQL Server Enterprise" MS: "That'll be a quarter million dollars + $20K/month" Company: "Ok!" ... Company: "We'd like to use Babel" Babel: "Ok! npm i babel --save" Company: "Cool" Babel: "Would you like to help contribute financially?" Company: "lol no"

I worked on a greenfield project a couple of years ago. The company had an old solution written in Omnis (heard of it? Yeah, me neither) with an SQL database. My team was to create a completely new web based system... on top of the old database, so the customers could keep their existing stuff.

The dba was an intelligent man, one of the nicest people I've met, and over the course of fifteen years he had made a remarkably terrifying monstrosity of a database. Some years before me they wanted to "future proof" the system and make it "easier to switch to new technologies". So they moved the entire business logic into the database...

I used a tool to create a visualization of said database when we started. It had no views, only tables and sprocs. Look at it! Tables and sprocs are rectangles (well, dots) and any connections are drawn in grey lines. There were no foreign keys, so a tables only visualization only yielded a collection of independent rectangles without a single line.

Now, the stored procedures were bloody MASSIVE. A single procedure that only registered a new interested party and attached them to a property had 2500+ lines and over 150 parameters.

Also, this dba added features and fixed bugs by logging into the respective customers production server and writing SQL.

That database is the stupidest thing I've ever seen a developer do.

My biggest dev blunder. I haven't told a single soul about this, until now.

👻👻👻👻👻👻

So, I was working as a full stack dev at a small consulting company. By this time I had about 3 years of experience and started to get pretty comfortable with my tools and the systems I worked with.

I was the person in charge of a system dealing with interactions between people in different roles. Some of this data could be sensitive in nature and users had a legal right to have data permanently removed from our system. In this case it meant remoting into the production database server and manually issuing DELETE statements against the db. Ugh.

As soon as my brain finishes processing the request to venture into that binary minefield and perform rocket surgery on that cursed database my sympathetic nervous system goes into high alert, palms sweaty. Mom's spaghetti.

Alright. Let's do this the safe way. I write the statements needed and do a test run on my machine. Works like a charm 😎

Time to get this over with. I remote into the server. I paste the code into Microsoft SQL Server Management Studio. I read through the code again and again and again. It's solid. I hit run.

....

Wait. I ran it?

....

With the IDs from my local run?

...

I stare at the confirmation message: "Nice job dude, you just deleted some stuff. Cool. See ya. - Your old pal SQL Server".

What did I just delete? What ramifications will this have? Am I sweating? My life is over. Fuck! Think, think, think.

You're a professional. Handle it like one, goddammit.

I think about doing a rollback but the server dudes are even more incompetent than me and we'd lose all the transactions that occurred after my little slip. No, that won't fly.

I do the only sensible thing: I run the statements again with the correct IDs, disconnect my remote session, and BOTTLE THAT SHIT UP FOREVER.

I tell no one. The next few days I await some kind of bug report or maybe a SWAT team. Days pass. Nothing. My anxiety slowly dissipates. That fateful day fades into oblivion and I feel confident my secret will die with me. Cool ¯\_(ツ)_/¯

*Interview*

Interviewer: We have an opening. Are you interested to work?

Me: What is that I'll be doing?

I: What technologies and languages do you know?

Me: I know Scala, Java, Spark, Angular, Typescript, blah blah. What is your tech stack?

I: Any experience working on frontend?

Me: Yes. But what do you use for it?

I: Can you work with databases?

Me: I can, on SQL based. What are yours?

I: Can you do big data processing?

Me: I know Spark, if that's what you are asking for. What is it that you actually do?

I: Any experience in cloud development?

Me: Yes. AWS? Azure? GCP?

I: Do you know CI CD?

Me: Excuse me.. I've been asking a lot of questions but you're not paying attention to what I'm asking. Can you please answer the questions I asked.

I: Yes. Go ahead.

Me: What will be my position?

I: A full stack developer.

Me: What technologies do you use in your project?

I: We use all the latest tech.

Me: Like?

I: All latest tech.

Me: You mentioned big data processing?

I: Yes. Processing data from DB and generating reports.

Me: what do you use for that?

I: Java.

Me: Are you planning to rebuild it using Spark or something and deploy in the cloud?

I: No we're not rebuilding it. Just some additions to the existing.

Me: Then what's with cloud? Why did you ask for that?

I: Just to know if you're familiar.

Me: So I'll be working with Java. Okay. What do you use for UI?

I: Flash

Me: 🙄

I sat for a couple of minutes contemplating life.

I: Are you willing to join?

Me: No. Not at all. Thankyou for the offer.

I was hired as a senior software engineer. During handover I found out I'm actually replacing the CTO.

I queried why he was leaving and got a simple "just want a break from working" which I found odd.

Fast forward and now I also just want a break from work, permanently. This place has followed every bad practise and big no-no out there. Every bit of software is a built in house knockoff janky piece of crap that doesn't work and makes people's jobs 5000 times harder.

The UI looks worse than Windows 3.1, absolutely horrendous code formatting, worst database structure I've ever seen.

The mere mention of using a team communication tool results in being yelled at from the CEO whom communicates purely via email, who then gets annoyed when you don't reply because they sent the email to a client instead of you.

We get handed printed out "tickets" to work instead of the so called "amazing in house ticket system" built using PHP 5 and is literally crammed into an 800x600 IFrame. Yes a F$*#ing IFRAME!

It's not like we have an outdated TFS server that has work items we can use...

Why not push for changes you say. I have, many times, tried to suggest better tools. The only approval I've gotten is using PhpStorm. Everything else is shutdown immediately and you get the silent treatment.

The CEO hired me to do a job, then micromanages like crazy. I can't make UI changes, I can't make database changes, why? They insists they know best, but has admitted multiple times to not knowing SQL and literally uses a drag and drop database table builder.

Every page in the webapps we make are crammed into 800x600 iframes with more iframes inside iframes. And every time it's pointed out we need to do something, be it from internal staff or client suggestions, the CEO goes off about how the UI is industry leading and follows standards.. what in the actual f....

Literally holding on by a thread here. Why hire a CTO under the guise of being a senior developer but then reduce the work that can be done down to the level of a junior?

Sure the paycheck is really nice but no job is worth the stress, harassment and incompetent leadership from the CEO.

They've verbally abused people to the point they resign, best part is that was simply because the CEO made serious legal mistakes, was told about it by the employee then blamed it on others.

Fuck you, devs who quote Knuth:

"Premature optimization is the root of all evil"

I agree with the spirit of the quote. I agree that long-winded arguments comparing microsecond differences in performance between looping or matching constructs in a language syntax is almost always nonsense. Slightly slower code can even be preferable if it's significantly clearer, safer and easier to maintain.

But, two fucking points need to be made to you lazy quickfix hipsters trying to sell your undercooked spaghetti code as "al dente", just fucking admit that you had no clue what you were doing.

So here we go:

1. If you write neat correct code in one go, you don't need to spend time to optimize it. Takes time to learn the right patterns, but will save you time during the rest of your career.

2. If you quote Knuth, at least provide the context: "We should forget about small efficiencies, say about 97% of the time [...] Yet we should not pass up our opportunities in that critical 3%"

YES THAT CRITICAL 3% IS WHERE YOU MESSED UP.

I'll forgive you for disgorging your codevomit into this silly PR.

BUT YOU'RE QUOTING KNUTH IN YOUR DEFENSE?

Premature optimization is the root of all evil... 6300 SQL queries to show a little aggregate graph on the dashboard... HE WOULD FUCKING SLAP YOUR KEYBOARD IN HALF IN YOUR FACE.

Searching SQL with no index.

I'm drunk and I'll probably regret this, but here's a drunken rank of things I've learned as an engineer for the past 10 years.

The best way I've advanced my career is by changing companies.

Technology stacks don't really matter because there are like 15 basic patterns of software engineering in my field that apply. I work in data so it's not going to be the same as webdev or embedded. But all fields have about 10-20 core principles and the tech stack is just trying to make those things easier, so don't fret overit.

There's a reason why people recommend job hunting. If I'm unsatisfied at a job, it's probably time to move on.

I've made some good, lifelong friends at companies I've worked with. I don't need to make that a requirement of every place I work. I've been perfectly happy working at places where I didn't form friendships with my coworkers and I've been unhappy at places where I made some great friends.

I've learned to be honest with my manager. Not too honest, but honest enough where I can be authentic at work. What's the worse that can happen? He fire me? I'll just pick up a new job in 2 weeks.

If I'm awaken at 2am from being on-call for more than once per quarter, then something is seriously wrong and I will either fix it or quit.

pour another glass

Qualities of a good manager share a lot of qualities of a good engineer.

When I first started, I was enamored with technology and programming and computer science. I'm over it.

Good code is code that can be understood by a junior engineer. Great code can be understood by a first year CS freshman. The best code is no code at all.

The most underrated skill to learn as an engineer is how to document. Fuck, someone please teach me how to write good documentation. Seriously, if there's any recommendations, I'd seriously pay for a course (like probably a lot of money, maybe 1k for a course if it guaranteed that I could write good docs.)

Related to above, writing good proposals for changes is a great skill.

Almost every holy war out there (vim vs emacs, mac vs linux, whatever) doesn't matter... except one. See below.

The older I get, the more I appreciate dynamic languages. Fuck, I said it. Fight me.

If I ever find myself thinking I'm the smartest person in the room, it's time to leave.

I don't know why full stack webdevs are paid so poorly. No really, they should be paid like half a mil a year just base salary. Fuck they have to understand both front end AND back end AND how different browsers work AND networking AND databases AND caching AND differences between web and mobile AND omg what the fuck there's another framework out there that companies want to use? Seriously, why are webdevs paid so little.

We should hire more interns, they're awesome. Those energetic little fucks with their ideas. Even better when they can question or criticize something. I love interns.

sip

Don't meet your heroes. I paid 5k to take a course by one of my heroes. He's a brilliant man, but at the end of it I realized that he's making it up as he goes along like the rest of us.

Tech stack matters. OK I just said tech stack doesn't matter, but hear me out. If you hear Python dev vs C++ dev, you think very different things, right? That's because certain tools are really good at certain jobs. If you're not sure what you want to do, just do Java. It's a shitty programming language that's good at almost everything.

The greatest programming language ever is lisp. I should learn lisp.

For beginners, the most lucrative programming language to learn is SQL. Fuck all other languages. If you know SQL and nothing else, you can make bank. Payroll specialtist? Maybe 50k. Payroll specialist who knows SQL? 90k. Average joe with organizational skills at big corp? $40k. Average joe with organization skills AND sql? Call yourself a PM and earn $150k.

Tests are important but TDD is a damn cult.

Cushy government jobs are not what they are cracked up to be, at least for early to mid-career engineers. Sure, $120k + bennies + pension sound great, but you'll be selling your soul to work on esoteric proprietary technology. Much respect to government workers but seriously there's a reason why the median age for engineers at those places is 50+. Advice does not apply to government contractors.

Third party recruiters are leeches. However, if you find a good one, seriously develop a good relationship with them. They can help bootstrap your career. How do you know if you have a good one? If they've been a third party recruiter for more than 3 years, they're probably bad. The good ones typically become recruiters are large companies.

Options are worthless or can make you a millionaire. They're probably worthless unless the headcount of engineering is more than 100. Then maybe they are worth something within this decade.

Work from home is the tits. But lack of whiteboarding sucks.

Biggest scaling challenge I've faced?

Around 2006~2007 the business was in double-digit growth thanks to the eCommerce boom and we were struggling to keep up with the demand.

Upper IT management being more hardware focused and always threw more hardware at the problem. At its worst, we had over 25 web servers (back then, those physical tall-rectangle boxes..no rack system yet) and corresponding SQL server for each (replicated from our main sql server)

Then business boomed again and projected the need for 40 servers (20 web servers, 20 sql servers) over the next 5 years. Hardware+software costs (they were going to have to tear down a wall in order to expand the server room) were going to be in the $$ millions.

Even though we were making money, the folks spending it didn't seem to care, but I knew this trajectory was not sustainable, so I started utilizing (this was 2007) WCF services and Microsoft's caching framework Velocity. Started out small, product lookup data (description, price, the simple stuff) and within a month, I was able to demonstrate the web site could scale with less than half of our current hardware infrastructure.

After many political battles (I've ranted about a few of those), the $$ won and even with the current load, we were able to scale back to 5 web servers and 2 sql servers. When the business increased in the double-digits again, and again...we were still the same hardware for almost 5 years. We only had to add another service server when the international side of the business started taking off.

Challenge wasn't the scaling issue, the challenge was dealing with individuals who resisted change.

People complaining "oh I always have trouble figuring out if the clock goes forwards or backwards in October"

Bitch please, I'm dealing with 12 databases, with SQL dates as local timezone timestamps, and an influxDB in UTC. I'm dealing with a backend server configured in CEST and a middleware layer configured in Pacific time, and a hundred functions which try to keep everything straight because no one dares to migrate it all to UTC at this point.

In the whole argument about DST you hear about sleep psychology, electricity bills and farmers.

But what about me, the poor database administrator? What about all these ugly legacy systems, what about all the UX designers trying to fix time input pickers?

I spend 2 months a year in agony having nightmares of rips and folds in the flow of time. DAYLIGHT SAVING DOESN'T FUCKING MAKE SENSE HOW CAN TIME EXIST TWICE?

Attended one of the best meetups ever. To give you an idea how awesome it was..

Speaker took the first ~20 minutes introducing himself.
His intro card deck kept referring to himself in the third person (he is the only employee in consulting 'company'). Ex. "Mr. Smith began his humble career .."

The powerpoint presentation began with him clicking each page, not executing the slideshow (ex. pressing F5).
Finally someone asked "Can you make slide bigger?"

S:"You can't read that?..um..sure...I guess .."
Starts fumbling around the zoom ...
Dev: "No, can you start the slideshow?"
S: "I don't know what you mean...there...I zoomed it, is that better? Now I can't see my notes..just sec.."
<fumbles again with the zoom>
Dev: "No, not zoom, start the slide show, press F5"
S: "Oh...you want me to F5 it...OK..."
<he *clicks* the slide show button>

Finally getting into code, trying to get out of powerpoint ...
S: "How do I get out of this fullscreen?.."
Dev: "Hit escape"
S:"No..um.."
<keeps trying to click on 'something'>
S:"I see visual studio, but its not on the big screen... "
<keeps click on 'something', no one is sure whats going on>
Dev: "Hit Escape to stop the slideshow"
<finally hits escape, then able to put Visual Studio on the big screen>
S: "Ahh...there, I figured it out."

Speaker had no end of making wild/random statements like:
".Net Core is the future of Microsoft, if you're using .Net 4.5...forget it, its not even supported anymore."
"When I was at Microsoft Build, I asked them why not put all the required .Net assemblies in one directory. Looks like with .Net Core, they listened to me" (he was serious)
"I don't use SQL Server Mgmt Studio. Its free and it sucks. I use <insert a very expensive SSMS clone>, its great, you guys should check it out", then proceeds to struggle to open a query window to write some SQL.
"When you use .Net Core and EntityFramework, you have to write your own stored procedures. If a developer can't write stored procedures, he shouldn't be in this business."

I was on the edge of my seat, hungry for the next crazy bat-shit thing to come out of his mouth. He did not disappoint. BEST MEETUP EVER!

I worked in the same building as another division in my organization, and they found out I had created a website for my group. They said, “We have this database that was never finished. Do you think you could fix it?”

I asked, “What was it developed in?”
He replied, “Well what do you know?”
I said, “LAMP stack: PHP, MySQL, etc.” [this was over a decade ago]

He excitedly exclaimed, “Yeah, that’s it! It’s that S-Q-L stuff.”

I’m a little nervous at this point but I was younger than 20 with no degree, entirely self-taught from a book, and figured I’d check it out - no actual job offer here yet or anything.

They logged me on to a Windows 2000 Server and I become aware it’s a web application written in VB / ASP.NET 2.0 with a SQL Server backend. But most of the fixes they wanted were aesthetic (spelling errors in aspx pages, etc.) so I proceeded to fix those. They hired me on the spot and asked when I could start. I was a wizard to them and most of what they needed was quite simple (at first). I kept my mouth shut and immediately went to a bookstore after work that day and bought an ASP.NET book.

I worked there several years and ended up rewriting that app in C# and upgrading the server and ASP.NET framework, etc. It stored passwords in plaintext when I started and much more horrific stuff. It was in much better shape when I left.

That job was pivotal in my career and set the stage for me to be where I am today. I got the job because I used the word “SQL” in a sentence.

What an awful day :(

The server where I host my 4 clients websites crashed.

Unable to reboot from the console.

I contact the support. 15 minutes later: "we'll look at this"

No news for 1 week despite my messages.

Then... 1st ticket escalation... 2nd ticket escalation... 3rd ticket escalation...

Answer: "Sorry, your server is down and cannot be repaired."

Fuck.

I ask "is there any way to get my data back?". Answer: "No, because we would shutdown the whole bay and all our clients would be impacted".

Fuck.

I subscribe to another server, at another provider.

I look at my backups... shit, the last one is 4 month ago!!

I restore the first website: OK

I restore the second website: OK

I restore the third website: My new server is "too recent" and not compatible. with this old Wordpress. Fuck! I'll look at this later...

I restore the fourth website: database is empty!! What??? I look at the SQL backup for this site... it failed...

I lost ALL my 4th client data!!!

I'm sooooo piece of crap!

FML. An overreaching supergenius "architect" and a database team:

A: "We have decided that apps should use mysql. Install a MySQL so we match cloud"
DBA: "we don't have an image or experience with MySQL. We have mssql and Oracle "
A: "ok, use mssql in data center and mysql in production cloud"
DBA: "that's... not going to work well"
A: "just do it!"

...

Me, reading this shit, sends email: "ignoring the fact that we have more than 500 queries in this application which will need to be checked and most likely rewritten, how are we supposed to test the mysql queries without production access?"
A: "just use mssql local and MySQL in cloud"
M: "... Just to make sure I understand, you want us to write queries for mssql, test them locally, and then write separate queries, with a separate SQL connection abstraction that deploys to production? Again, how are we going to test this?"
A: "no, use same queries, should be fine"
M: "they really won't, they're different dialects"
A: "do the needful, make work!"

If karma were a thing, this person would have long since exploded into a cloud of atomized blood.

Laravel is the worst framework ever.

Everything has to be made convenient and easy. That sounds amazing, because developers want to save time, worry less about boilerplate code, right? No more constructors, no more dependency injection, fuck all the tedious OOP shit... RIGHT?

It does one thing well: Make PHP syntax uniform and concise through easily integrated libraries such as Collection and Carbon. But those are actually not really part of the framework... just commonly integrated and associated with Laravel.

The framework itself is completely derailed: You can define code in a callback in the routes file. You can define a controller in the routes file. You can define middleware as a parameter to the route, as a fluent method to the route, you can stack them up in a service provider. Validators can be made in controllers, Request objects, service providers, etc. You can send mail inline, through Mailable objects, through Notification objects, etc.

Everything is macroable, injectable, and definable in a million different places. Ultimate freedom!

Guess what happens when you give 50 developers of various seniority a swiss army knife?

One hammers in a screw with a nail file, the other clips the head from the screw using scissors, and you end up with an unworkable mess and blunt tools.

And don't get me started about Eloquent, the Active Record ORM. It's cute for the simple blog/article/author/comment queries, but starts choking when you want more selective and performant queries or more complex aggregates, and provides such an opaque apple-esque interface which lets people think everything is OK, when in reality it's forcing the SQL server to slowly commit suicide.

Ok, so, to every pieces of shit out there that got a "revolutionary idea that will change the way we look at things" and who asks you to code it :

Fuck you, you sons of a cunt

No, i won't make your app on 3 different platforms for free, i'll make you pay for every platform you wanker, i'm a freelancer, i need money.

No, making database is not something that a little business cunt like you can handle, you don't even know what sql means

And fuck no, I won't make that shit in 2 weeks just because your peabrain thinks that it'll make mad dosh and that "It MusT bE eAsy to Do!!111", "a dating app but with a twist" won't work you gobeshit

If you want me to work on this shit, you give me money, specs and shit, you handle the rest, if it doesn't make money, it'll be your problem. I'm not your employee you wanker

Fuck y'all

Time for an actual rant:

During an internship I heard from my PM that my assignment for the week after was going to be working on a specific sql query to add some features and fix some bugs.

When talking with colleagues about that assignment later, they laughed and referred to the query as the "query of doom" (QoD), naive as I was back then, I thought that one of my colleagues had the QoD displayed on his screen because the query he was working on looked rather large (about 20 lines). They all laughed and told me I was in for a treat.

Starting my assignment the week after I was horrified to find out the QoD was huge, and by huge I mean, printing that specific query resulted in 8 A4 pages font size 10, front and back.
There were over a 100 union statements, no proper aliases, no documentation, not a single foreign key in the entire database, naming that makes no sense. And everything written manually by 10 different developers over the past years, who all fell of the face of the earth.

And this was only the query of doom. The entire product was a complete clusterfuck of forms with a queries directly behind action buttons, because we weren't allowed to make classes (yes you read that correctly. We couldn't make classes, unless we had a very compelling reason). Everything was created by over 30 different devs who only managed to stay just long enough to get some work done.

And all of this was the result of a PM who didn't believe in frameworks, ORM's, OOP, classes, ... because that made the software slow. To this day he still manages that product, but I'm glad that I quickly decided to move on.

How did I start:

It was 1994. I had been kicked out of school on academic behavior. I was working at as a telemarketer to pay the bills. I got drunk on St. Patrick's day and over slept my shift. My boss was going to fire me but said he wanted to give me a second chance. He asked if I knew anything about computers. I said no. He said if I was willing to learn, our IT guy was burning out and needed help. I said ok. Next thing I know I'm learning how to write SQL and importing data to print call cards. I read the manual for Foxpro and started building small desktop apps as labor saving devices. 6months later in knew more than our IT guy. Later a friend showed me "the Internet". I went back to our IT guy in amazement. He said it was just a fad. He called it the CB Radio of the 90s. Our network we ran was called Lantastic.

I immediately quit went back to school and changed my major. I have been a full stack Java Web developer will the heavy emphasis on UI since 1999.

Our website once had it’s config file (“old” .cgi app) open and available if you knew the file name. It was ‘obfuscated’ with the file name “Name of the cgi executable”.txt. So browsing, browsing.cgi, config file was browsing.txt.
After discovering the sql server admin password in plain text and reporting it to the VP, he called a meeting.
VP: “I have a report that you are storing the server admin password in plain text.”
WebMgr: “No, that is not correct.”
Me: “Um, yes it is, or we wouldn’t be here.”
WebMgr: “It’s not a network server administrator, it’s SQL Server’s SA account. Completely secure since that login has no access to the network.”
<VP looks over at me>
VP: “Oh..I was not told *that* detail.”
Me: “Um, that doesn’t matter, we shouldn’t have any login password in plain text, anywhere. Besides, the SA account has full access to the entire database. Someone could drop tables, get customer data, even access credit card data.”
WebMgr: “You are blowing all this out of proportion. There is no way anyone could do that.”
Me: “Uh, two weeks ago I discovered the catalog page was sending raw SQL from javascript. All anyone had to do was inject a semicolon and add whatever they wanted.”
WebMgr: “Who would do that? They would have to know a lot about our systems in order to do any real damage.”
VP: “Yes, it would have to be someone in our department looking to do some damage.”
<both the VP and WebMgr look at me>
Me: “Open your browser and search on SQL Injection.”
<VP searches on SQL Injection..few seconds pass>
VP: “Oh my, this is disturbing. I did not know SQL injection was such a problem. I want all SQL removed from javascript and passwords removed from the text files.”
WebMgr: “Our team is already removing the SQL, but our apps need to read the SQL server login and password from a config file. I don’t know why this is such a big deal. The file is read-only and protected by IIS. You can’t even read it from a browser.”
VP: “Well, if it’s secured, I suppose it is OK.”
Me: “Open your browser and navigate to … browse.txt”
VP: “Oh my, there it is.”
WebMgr: “You can only see it because your laptop had administrative privileges. Anyone outside our network cannot access the file.”
VP: “OK, that makes sense. As long as IIS is securing the file …”
Me: “No..no..no.. I can’t believe this. The screen shot I sent yesterday was from my home laptop showing the file is publicly available.”
WebMgr: “But you are probably an admin on the laptop.”
<couple of awkward seconds of silence…then the light comes on>
VP: “OK, I’m stopping this meeting. I want all admin users and passwords removed from the site by the end of the day.”

Took a little longer than a day, but after reviewing what the web team changed:
- They did remove the SQL Server SA account, but replaced it with another account with full admin privileges.
- Replaced the “App Name”.txt with centrally located config file at C:\Inetpub\wwwroot\config.txt (hard-coded in the app)
When I brought this up again with my manager..
Mgr: “Yea, I know, it sucks. WebMgr showed the VP the config file was not accessible by the web site and it wasn’t using the SA password. He was satisfied by that. Web site is looking to beat projections again by 15%, so WebMgr told the other VPs that another disruption from a developer could jeopardize the quarterly numbers. I’d keep my head down for a while.”

Worst legacy experience...

Called in by a client who had had a pen test on their website and it showed up many, many security holes. I was tasked with coming in and implementing the required fixes.

Site turned out to be Classic ASP built on an MS Access database. Due to the nature of the client, everything had to be done on their premises (kind of ironic but there you go). So I'm on-site trying to get access to code and server. My contact was *never* at her desk to approve anything. IT staff "worked" 11am to 3pm on a long day. The code itself was shite beyond belief.

The site was full of forms with no input validation, origin validation and no SQL injection checks. Sensitive data stored in plain text in cookies. Technical errors displayed on certain pages revealing site structure and even DB table names. Server configured to allow directory listing in file stores so that the public could see/access whatever they liked without any permission or authentication checks. I swear this was written by the child of some staff member. No company would have had the balls to charge for this.

Took me about 8 weeks to make and deploy the changes to client's satisfaction. Could have done it in 2 with some support from the actual people I was suppose to be helping!! But it was their money (well, my money as they were government funded!).

The man who runs my IT department. The man who is in charge of all things and people that are technical: IT management software development, infrastructure, training, help desk, system administration​, etc. A man with a staff of fifty plus. If you were to peel back the flesh on this man's head and crack open his skull you would find dung beetles feasting on the feces that power his thoughts and motor functions. Underneath this foul membrane, if you could push past the maggots; the meal worms; his undying love for hourly binges of Johnny Walker Black on any day of the week with a name that contains a vowel; his fascination with shiny objects and his endless internal monologue wondering when they would hatch rainbow ponies that fly; his desire whenever he enters a paint store to open all the cans of paint and taste the different colors; if you could push past all of the vile crap that exists where Thomas Aquinas once theorized there was a soul, you would find a colony of paramecia at the end of their short lives laughing hysterically at how much smarter they were than the host they lived in.

This man was in charge of hiring the Manager of Software Development. The manager I report to. After seven months of ignoring this chore; after interviewing the sum total of four candidates; after making a point to tell myself and a colleague that there was no one qualified to fill this position within our company (an opinion that is both untrue and, when spoken, runs afoul of internal hiring policies) this man hired a soulless cretin with no experience in software development or with running a software development group. A man who regularly confuses web servers and SQL servers. A man who asked me how my previous manager reviewed my work, was told by me that said previous manager read my code, and then replied in his capacity as the manager of software development that "looking at code is a compete waste of time for a manager." A man so without any humanity or reason for being that he will sit silently, creepily, in conference rooms with the lights off waiting for meetings to begin. Meetings he has scheduled. That have no reason for being in the first place. Just like himself.

Shortly before the man in charge offered the Dev Manager job to the simulacrum of human flesh that is my manager, he met with me and others who had been involved in the interview process. When I informed him that hiring someone with no technical knowledge for a very technical position would be a mistake that he would suffer through for years, he replied in reference to his future hire that "his managerial experience makes up for his lack of technical knowledge."

Best. Prank. Ever. Worst prank ever too. Fuck.

SQL is the only database you’ll ever use. Don’t bother to learn anything else. If you ever need to store anything, use an SQL database. No .txt or that shit.

Intelligence and ability cannot be measured by education.

I have a client who asked a Master in Computer Science to develop a small system, for querying product title and their code. The guy used python, vanilla js, and... Txt file for the "database". Then my client asked me to integrated this in... WordPress.

This was in 2016. And idiot as I'm, I agreed and adapted his code to use php and a database.

April this year, my client said they are still using the python system to add new products all this time, in parallel. And wanted to update the WordPress with the data.

- No problem! - I said. Just send me the SQL file.

So the Master in CS sent me a SQL coded in ANSI. I asked for the SQL again, but with a more appropriate encoding. He took 1 month to reply back, and said it would be better if I get rid of the database and just use the txt file for querying.

This is outrageous.

I really hate people who are educated but completely useless.

You can't imagine how many lines of pure and utter horseshit, seemingly written in PHP, I had to dig through this whole weekend. (relating to my 2 previous rants)

How is it even possible to write code this unbelievably ugly?

Examples:
- includes within loops
- included files use variables from parent files
- start- and endtags separated to different files
- SQL queries generated by string concatenation, no safety measures at all (injection)
- repeating DB calls within loops
- multiple directories with the same code (~40 files), only different by ~8 lines, copied
- a mixture of <?php echo ... ?> and <?= ... ?>
- a LOT of array accesses and other stuff prefixed with "@" (suppress error messages)
- passwords in cleartext
- random non-RESTful page changes with a mixture of POST and GET
- GET parameters not URL-encoded
- ...

My boss told me it took this guy weeks and weeks of coding to write this tool (he's an "experienced dev", of course WITHOUT Git).

Guess what?
It took me only 20 hours and about 700 lines of code.

I must confess, since this task, I don't hate PHP anymore, I just simply hate this dev to death.

Addendum: It's Monday, 5:30am. Good night. 😉

Buddy from dept I was in 4 years ago: Check your email.
Me: OK
10 mins later
Buddy: Can you join a webex now?
Me: No
Buddy: OK, I'll forward the details, join when you can.
Me: Could you give me a little context?
Buddy: You helped them pull a cert off a USB stick in Switzerland last year (I'm in US).
Me: Don't think I did.

When I get a chance to read email chain, half of it is in German (I don't read it). Have not idea what this is about, but there seems to be a newer one that says it was resolved.

Me to Buddy: Looks like it was resolved.
Buddy: Yes, but they're still mad at you.
Me: Why?
Buddy: Because you wrote that app and it's hard to update the certs.
Me: I wrote that app as a favor, the dev they hired spent 6 months rewriting 3 SQL queries before being fired.
Buddy: LOL, well I guess they don't like the cert part.
Me: OK, but when I turned it over to them it didn't have a cert at all, I have no idea what the feature is.
Buddy: They said you help them last year.
Me: I didn't.
Buddy: Well they still think it's all your fault.

Just looked at the anonymous analytics I collect on the security/privacy blog.

No SQL Injection attacks yet (would be useless anyways as I don't use MySQL/MariaDB for the databasing.

Directory Traversal attacks. Really? 🤣

Nice try, guys.

Dev created a new service for our application that opened SQL connections. The catch? They never closed said connections. How this passed QA/review I've no idea, but after a few minutes on Staging the service would crash with "connection pool overflow".

I raised a urgent defect, and the devs "fix"? To up the maxConnectionPool to Int.Max!! Argh!

We had issues with lack of disk space on our production SQL server. Another developer decided to delete the databases he thought weren't in use to clear some space.

Ever think about checking first?!

Production chaos!

Not that i mean any disrespect but fuck you. Fuck you and all that you stand for. No seriously, just go hit a train and die.
You are a DBMS teacher in an Engineering college and teaching to the Computer Science students in the year 2017, where computers are fully capable of playing sports and simulating human brain.
And you want your students to write down all the sql queries along with their monolithic tabular output on paper..... With pen?
And you wont accept my printed out output?
Fuck you from the depths of my heart.
Go ahead and dont accept my project.
I dont need your fucking credits.

Most hated language features?

PL/SQL:
• it exists

XSLT:
• it also exists

PHP:
• it still exists.

VB:
• Significant parentheses: `subName` calls the subroutine, and `subName()` calls the subroutine and gets a return value. If you use the wrong invocation, it yells at you. Why!?
• For reasons unknown, you can only have `sleep` appear once per codebase. (So put it in a function!)

Ruby:
• It’s bloody easy to write code with absolute shit performance, and it kind of feels encouraged because of just how easy Ruby makes everything. Less critical thinking means worse performance, and Ruby’s blissful elegance encourages mental laziness.
• Minor: You cannot pass a hash as the first method parameter without enclosing it in parentheses, ex:`method({key: value})`. This is due to the ambiguous case between passing a hash argument and a (curly) block/proc (`method {|args| code}`). This could be remedied pretty easily with a little bit of look ahead.
• Minor: There is no `elsif` for `unless` (a negated if). Why? No reason given.

Python:
• no block endings, so nested code can be extremely difficult to follow.

Bash:
• The freaking syntax oh god why.

All languages:
• rand vs rand() vs Rand vs Rand() vs rnd vs RND vs random() vs random vs randInt() vs Math.random() vs Math.randInt() vs ...

Went to see Jason Bourne last night. No spoilers, but I'm guessing this is how the writers came up with the story:

Writer 1: Let's make it super techie
W2: Yeah, that way it's about current issues, like Internet privacy.
W1: Should we hire a tech consultant so we get things right?
W2: Nah, I saw the Matrix once, I understand computers.

Actual line from film:
"Use SQL to corrupt their database"
😑

I HATE working with MS Office products. Yes, Access, I'm looking at you, you backwards, whanabe database reject! You're invalid as a serious SQL database and retarded as an data application suite.

VBA, make up your MIND with your damn function calls! Either require me to use parenthesis or don't! I'm sick of this conditional parenthesis sh*t!

While we're talking about not making up your mind... screw 'sub', you half wit language! Either use functions like a real language or go the f&$k home and make room for a language that knows what it's doing!

Oh!!! WHY... WHY! do you have null AND... NOTHING?! Who... Who... WHO invented "nothing"?! And what sick joke are you playing at with isnull() and empty()??? How many damn ways so you need to test for "no value"?!?!

Access... That's right, I'm not done with you yet... How is it you've survived this damn long in the business world with all of the databases you corrupt? Sure, you suck as a real database, but at least have some freaking pride that people even USE you! How DARE your corrupt yourself with the regularity you seem to have! I wish my bowel movements were as regular as your database corruptions, for the love of humanity.

F$@k you, VBA! F@&k you, Access! F$#k you, MS Office! And Fuuuuuu$k YOU Microsoft for shoving these half assed reject tools down my throat!

I hope your cloud uses Access as a back end and gets some injection virus.

*Takes deep breath* need to say that.

VBA is not the language of choice for many of you. But in a big non-software company, Excel is tool numero uno, and VBA saves so much time. Almost nobody bothers to learn it, which drives me nuts already, but those who learn it, suck.
Wrote a beautiful VBA script with SQL inside to fill in excelsheets automatically.

Why the living fucks would someone go in the code and alter it? Why do you ignorant idiot with almost no excel and vba knowledge alter the range of the for loop and delete a few lines.
After that completely knocked out the file, I got a call for help. "¡Your code broke!"

These useless morons.

One step through the door my wife whips around, a look so disgusted she barely seems human. "What's that smell?" she cries. "It's you! You smell like...like bad code!"

Indeed, I am covered with the scent of the forbidden love child of a man who read half a chapter on if-then statements and then pushed out into the world, earthworm-like, a mangled misshapened gelatinous mass that my employer gave the title of line-of-business application purely out of pity.

For more days than I'd like to count I have been porting a ColdFusion 5 application to .NET. Initially written in 2000 and last touched in 2006, it has a data architecture comparable to Dresden after the second world war. It features a table solely comprised of seven columns of IDs so that joins can be made between other tables lacking a common key. Columns that should be contained within a single table spread out among multiple tables. Single columns containing data that should be multiple columns (with handy flags to separate the subsets). A view with 14 joins that playfully displays unintended results. And so much more spread out over almost 200 stored procedures, views, triggers, and tables on the SQL server, and dozens of additional ADO-like SQL statements within the ColdFusion itself. Fortunately, the application overcomes these issues by having absolutely no data validation while allowing nulls pretty much everywhere.

When I am done this will be a very nice ASP.NET MVC app with at least 150 less stored procs, views, and tables. Auto-generated duplicate entries will be a thing of the past. Pop-up windows that inexplicably refresh the underlying screen to display a different part of the program than the one the user wants will be eliminated. And a UI based on the colors of a Rubik's Cube with usability that Mr. Rubik would find challenging will disappear with only the trauma of using it left behind.

Sadly, this is not my worse legacy code experience. Just the most recent. Just the most recent stench added to a lifetime of bathing in code rot.

A few weeks ago a client called me. His application contains a lot of data, including email addresses (local part and domain stored separately in SQL database). The application can filter data based on the domain part of the addresses. He ask me why sub.example.com is not included when he asked the application for example.com. I said: No problem, I can add this feature to the application, but the process will take a longer.

Client: No problem, please add this ASAP.

So, the next day I changed some of the SQL queries to lookup using the LIKE operator.

After a week the client called again: The process is really slow, how can this be?

Me: Well, you asked me to filter the subdomains as well. Before, the application could easily find all the domains (SQL index), but now it has to compare all the domains to check if it ends with the domain you are looking for.

Client: Okay, but why is it a lot slower than before?

Me: Do you have a dictionary in your office?

<Client search for a dictionary, came back with one>

Me: give me the definition of the word "time"

<Client gives definition of time>

Me: Give me the definition of all words ending with "time"

Client: But, ...

Never heard from him again on this issues :-P

Give me a 10 year old application with no comments, layers of spaghetti code, global variables, embedded SQL, and a text editor with no debugging; just don’t make me write Excel formulas.

Today, for fun, I wrote prime number generation upto 1000 using pure single MySQL query.

No already created tables, no procedures, no variables. Just pure SQL using derived tables.

So does this mean that pure SQL statements do not have the halting problem?

Putting an EXPLAIN over the query I could see how MySQL guessed that the total number of calculations would be 1000*1000 even before executing the query in itself and this is amazing ♥️

I have attached a screenshot of the query and if you are curious, I have also left below the plain text.

PS this was a SQL problem in Hackerrank.

MySQL query:

select group_concat(primeNumber SEPARATOR '&') from
(select numberTable.number as primeNumber from

(select cast((concat(tens, units, hundreds)+1) as UNSIGNED) as number from

(select 0 as units union select 1 union select 2 union select 3 union select 4 union select 5 union select 6 union select 7 union select 8 union select 9) unitsTable,
(select 0 as tens union select 1 union select 2 union select 3 union select 4 union select 5 union select 6 union select 7 union select 8 union select 9) tensTable,
(select 0 as hundreds union select 1 union select 2 union select 3 union select 4 union select 5 union select 6 union select 7 union select 8 union select 9) hundredsTable order by number) numberTable

inner join

(select cast((concat(tens, units, hundreds)+1) as UNSIGNED) as divisor from

(select 0 as units union select 1 union select 2 union select 3 union select 4 union select 5 union select 6 union select 7 union select 8 union select 9) unitsTable,
(select 0 as tens union select 1 union select 2 union select 3 union select 4 union select 5 union select 6 union select 7 union select 8 union select 9) tensTable,
(select 0 as hundreds union select 1 union select 2 union select 3 union select 4 union select 5 union select 6 union select 7 union select 8 union select 9) hundredsTable order by divisor) divisorTable

on (divisorTable.divisor<=numberTable.number and divisorTable.divisor!=1)
where numberTable.number%divisorTable.divisor=0
group by numberTable.number having count(*)<=1 order by numberTable.number) resultTable;

I know you guys probably have seen the worst of the worst...

But have you seen a js used to generate xml and send it to backend as json then parse it to xml? No template literals btw so there’s a lot of multiline with lots of + here and there

Or using sql to request web service?

Forgive me father, for I have sinned.  Alot actually, but I'm here for technical sins.  Okay, a particular series of technical sins.  Sit your ass back down padre, you signed up for this shit.  Where was I?  Right, it has been 11429 days since my last confession.  May this serve as equal parts rant, confession, and record for the poor SOB who comes after me.

Ended up in a job where everything was done manually or controlled by rickety Access "apps".  Many manhours were wasted on sitting and waiting for the main system to spit out a query download so it could be parsed by hand or loaded into one of the aforementioned apps that had a nasty habit of locking up the aged hardware that we were allowed.  Updates to the system were done through and awful utility that tended to cut out silently, fail loudly and randomly, or post data horrifically wrong.

Fuck that noise.  Floated the idea of automating downloads and uploads to bossman.  This is where I learned that the main system had no SQL socket by default, but the vendor managing the system could provide one for an obscene amount of money.  There was no buy in from above, not worth the price.

Automated it anyway.  Main system had a free form entry field, ostensibly for handwriting SELECT queries.  Using Python, AutoHotkey, and glorified copy-pasting, it worked after a fashion.  Showed the time saved by not having to do downloads manually.  Got us the buy in we needed, bigwigs get negotiating with the vendor, told to start developing something based on some docs from the vendor.  Keep the hacky solution running as team loves not having to waste time on downloads.

Found SQLi vulnerability in the above free form query system, brought it up to bossman to bring up the chain.  Vulnerability still there months later.  Test using it for automated updates.  Works and is magnitudes more stable than update utility.  Bring it up again and show the time we can save exploiting it.  Decision made to use it while it exists, saves more time.  Team happier, able to actual develop solutions uninterrupted now.  Using Python, AutoHotkey, glorified copy-pasting, and SQLi in the course of day to day business critical work.  Ugliest hacky thing I've ever caused to exist.

Flash forward 6 years.  Automation system now in heavy use acrossed two companies.  Handles all automatic downloads for several departments, 1 million+ discrete updates daily with alot of room for expansion, stuff runs 24/7 on schedule, most former Access apps now gone and written sanely and managed by the automation system.  Its on real hardware with real databases and security behind it.

It is still using AutoHotkey, copy-paste, and SQLi to interface with the main system.  There never was and never will be a SQL socket.  Keep this hellbeast I've spawned chugging along.

I've pointed out how many ways this can all go pearshaped.  I've pointed out that one day the vendor will get their shit together they'll come in post system update and nothing will work anymore.  I've pointed out the danger in continuing to use the system with such a glaring SQLi vulnerability.

Noone cares.  Won't be my problem soon enough.

In no particular order:
Fuck management for not fighting for a good system interface
Fuck the vendor for A) not having a SQL socket and B) leaving the SQLi vulnerability there this long
Fuck me for bringing this thing into existence

It's enough. I have to quit my job.

December last year I've started working for a company doing finance. Since it was a serious-sounding field, I tought I'd be better off than with my previous employer. Which was kinda the family-agency where you can do pretty much anything you want without any real concequences, nor structures. I liked it, but the professionalism was missing.

Turns out, they do operate more professionally, but the intern mood and commitment is awful. They all pretty much bash on eachother. And the root cause of this and why it will stay like this is simply the Project Lead.

The plan was that I was positioned as glue between Design/UX and Backend to then make the best Frontend for the situation. Since that is somewhat new and has the most potential to get better. Beside, this is what the customer sees everyday.

After just two months, an retrospective and a hell lot of communication with co-workers, I've decided that there is no other way other than to leave.

I had a weekly productivity of 60h+ (work and private, sometimes up to 80h). I had no problems with that, I was happy to work, but since working in this company, my weekly productivity dropped to 25~30h. Not only can I not work for a whole proper work-week, this time still includes private projects. So in hindsight, I efficiently work less than 20h for my actual job.

The Product lead just wants feature on top of feature, our customers don't want to pay concepts, but also won't give us exact specifications on what they want.
Refactoring is forbidden since we get to many issues/bugs on a daily basis so we won't get time.
An re-design is forbidden because that would mean that all Screens have to be re-designed.
The product should be responsive, but none of the components feel finished on Desktop - don't talk about mobile, it doesn't exist.
The Designer next to me has to make 200+ Screens for Desktop and Mobile JUST so we can change the primary colors for an potential new customer, nothing more. Remember that we don't have responsiveness? Guess what, that should be purposely included on the Designs (and it looks awful).
I may hate PHP, but I can still work with it. But not here, this is worse then any ecommerce. I have to fix legacy backend code that has no test coverage. But I haven't touched php for 4 years, letalone wrote sql (I hate it). There should be no reason whatsoever to let me do this kind of work, as FRONTEND ARCHITECT.

After an (short) analysis of the Frontend, I conclude that it is required to be rewritten to 90%. There have been no performance checks for the Client/UI, therefor not only the components behave badly, but the whole system is slow as FUCK! Back in my days I wrote jQuery, but even that shit was faster than the architecuture of this React Multi-instance app. Nothing is shared, most of the AppState correlate to other instances.

The Backend. Oh boy. Not only do we use an shitty outated open-source project with tons of XSS possibillities as base, no we clone that shit and COPY OUR SOURCES ON TOP. But since these people also don't want to write SQL, they tought using Symfony as base on top of the base would be an good idea.
Generally speaking (and done right), this is true. but not then there will be no time and not properly checked. As I said I'm working on Legacy code. And the more I look into it, the more Bugs I find. Nothing too bad, but it's still a bad sign why the webservices are buggy in general. And therefor, the buggyness has to travel into the frontend.

And now the last goodies:
- Composer itself is commited to the repo (the fucking .phar!)
- Deployments never work and every release is done manually
- We commit an "_TRASH" folder
- There is an secret ongoing refactoring in the root of the Project called "_REFACTORING" (right, no branches)
- I cannot test locally, nor have just the Frontend locally connected to the Staging webservices
- I am required to upload my sources I write to an in-house server that get's shared with the other coworkers
- This is the only Linux server here and all of the permissions are fucked up
- We don't have versions, nor builds, we use the current Date as build number, but nothing simple to read, nonono. It's has to be an german Date, with only numbers and has always to end with "00"
- They take security "super serious" but disable the abillity to unlock your device with your fingerprint sensor ON PURPOSE

My brain hurts, maybe I'll post more on this shit fucking cuntfuck company. Sorry to be rude, but this triggers me sooo much!

So just about to head to the pub and I got the dreaded call from my boss.

The support team had developed some fixes. They "tested" and deployed without letting us know... And you guessed it there was failures all over the shop!

So it turned out their testing was running on a local base install with no integration compared to the live system with 15 years of customisation and complex integration. My they thought this was acceptable I don't know...

And the best part was the developers who made the changes didn't understand their own code (I found the tutorial they copied online) they just blindly copied it without understanding how it worked!

So 4 hours later we found the bug, nothing like having a query and s SQL connection but not executing the query....

There goes my Saturday evening. Now we're was my beer!

Okay, just because I'm the only one under 35, single, and only white/hispanic guy on this team doesn't give you the right to interrupt me mid sentence IN my meeting. No disrespect to the developers from India and this may just be a culture conflict where I am outnumbered in my company but I don't understand the how some of these guys can't just be polite or respect others opinions(this is just from my experience with 90 or so developers from India and I don't believe in blanketing all Indians as this way just these 90 plus I do love the food).

Don't hijack MY meeting and then completely derail where I was going and disregard my solution without listening to the whole thing for an idea that isn't even solution but adds more work for both parties involved. You may have been working here for 5 years, but I worked in the actual department where we're building the new process and solution to a problem I've worked on. I understand the user since I WAS ONCE THAT USER for a good 8 months. And on top of that you can barely code efficient, or complex SQL statements. You're nothing more than fucking script kiddies and this whole IT department is joke. I apologize if the rant isn't really that coherent, I'm not very good at typing rants with my adrenaline running hot.

Worst fight I've had with a co-worker?

Had my share of 'disagreements', but one that seemed like it could have gone to blows was a developer, 'T', that tried to man-splain me how ADO.Net worked with SQLServer.

<T walks into our work area>
T: "Your solution is going to cause a lot of problems in SQLServer"
Me: "No, its not, your solution is worse. For performance, its better to use ADO.Net connection pooling."
T: "NO! Every single transaction is atomic! SQLServer will prioritize the operation thread, making the whole transaction faster than what you're trying to do."
<T goes on and on about threads, made up nonsense about priority queues, on and on>
Me: "No it won't, unless you change something in the connection string, ADO.Net will utilize connection pooling and use the same SPID, even if you explicitly call Close() on the connection. You are just wasting code thinking that works."

T walks over, stands over me (he's about 6.5", 300+ pounds), maybe 6 inches away

T: "I've been doing .net development for over 10 years. I know what I'm doing!"

I turn my chair to face him, look up, cross my arms.

Me: "I know I'm kinda new to this, but let me show you something ..."

<I threw together a C# console app, simple connect, get some data, close the connection>

Me: "I'll fire up SQLProfiler and we can see the actual connection SPID and when sql server closes the SPID....see....the connection to SQLServer is still has an active SPID after I called Close. When I exit the application, SQLServer will drop the SPD....tada...see?"
T: "Wha...what is that...SQLProfiler? Is that some kind of hacking tool? DBAs should know about that!"
Me: "It's part of the SQLServer client tools, its on everyone's machine, including yours."
T: "Doesn't prove a damn thing! I'm going to do my own experiment and prove my solution works."
Me: "Look forward to seeing what you come up with ... and you haven't been doing .net for 10 years. I was part of the team that reviewed your resume when you were hired. You're going to have to try that on someone else."

About 10 seconds later I hear him from across the room slam his keyboard on his desk.

100% sure he would have kicked my ass, but that day I let him know his bully tactics worked on some, but wouldn't work on me.

So my marketing dept request us to perform a SQL injection to someone's bank account. I refuse to do it.

1. Most bank no longer use Relational Database , they use something like NoSQL Database.

2. Even if the bank Use Relational Database system, I assume their security must be high, validating my session maybe...

3. I am not going to do shit like this for illegal purposes, well this task sounds super illegal to me

4. Hacking is not a part of my job description. I was hired to be a Senior Fullstack Mobile App Developer.

This is screwed up !

my story so far

Hey guys. i just wantes to share my story becoming something i think is like a dev.
I was always interested in solving problems. my grandfather has a company with a bit over a 100 employees. one day i decided to start working there. he needed someone to build up the erp system (mostly maintenance). about a month after i started he decided to get a new erp system because the one he had would not fill his needs. not knowing how big this got i told him that i want to build it up. from getting the orders over production with machines to billing.
he agreed. after a short time we knew that even this new system does not fullfill our needs. but it was so damn expensive. i told my grandfather: trust me, i am handling this. no further costs. and i started to learn programming. i learned night and day (visual basics.net, sql, c#). since then i wrote about 8 additional modules for the system in coorperation with the users. today, 3 years later we are far ahead our market in terms of transparency and information flow. i worked very hard for this and it is a great feeling to see that the things i do help my colleagues and are used.

i never learned this stuff in school and i know that i cannot tell that i am a professional programmer.

but when someone asks me i tell them i am a programmer because my solutions work and i think i deserve to call me that.

thanks for reading :)

Him: Relation databases are stupid; SQL injections, complex relationships, redundant syntax and so much more!

Me: so what should we use instead? Mongo, redis, some other fancy new db?

Him: no, I have this class in Java, it loads all the data into memory and handles transfers with http.

Me: ...... Bye!

me: oh you can add a where clause to filter xxx out with your group by.

arrogant junior: whuuut? you can use where clause with group by ? No u can't!

me: err... yes you can...

arrogant junior: NO!!!! No it doesn't work that way!

me : okay okay... fine ...

**30 mins later**

i see a where clause in the sql statement lol...I don't know why this person is always so pissed and fierce lol

Never thought I will be hired by Chinese software/hardware company located in NYC to code in languages I don't know so well. Instead of lying and saying I know everything about C, PHP and SQL, I said that I suck pretty much at everything, but I'm a quick learner and will study day and night to catch up with their practices. Now I see they have no regret about me, but I still suspect them in hiring me because there is another guy who is Russian too and we all communicate well. Our current squad is 17 Chinese, 2 Russians, 1 Americans. Guess what, I learn Mandarin quicker than PHP. Sometimes a small lie is OK, but sometimes honesty is better.

> TeamLeader1: I just discovered SQL is actually super fast! The low responsiveness I've experienced comes from our ORM!
> IHateForALiving: well of course SQL is blazingly fast. SQL has been refined by the best engineers in the world for the past 50 years, its performances are unparalleled for everything you could possibly need, unless you want to scale REALLY big. Sequelize, instead, is an Active Record ORM, so it's bound to struggle with huge amount of data, because every single row will get attached a significant amount of black magic to make sure everything syncs correctly. Why is that?
> TeamLeader1: I have a problem with this frontend component, it doesn't allow pagination. I tried downloading the whole DB to bypass that, but the ORM is slow... so I will bypass the ORM and download the whole table with a raw query. Look at that! It works like a charm, it's super duper fast!'

This mf is downloading some 35 thousand rows every time some user loads a page because he doesn't know how to paginate the fucking table with Angular, there's no way these people are real.

Unaware that this had been occurring for while, DBA manager walks into our cube area:

DBAMgr-Scott: "DBA-Kelly told me you still having problems connecting to the new staging servers?"
Dev-Carl: "Yea, still getting access denied. Same problem we've been having for a couple of weeks"
DBAMgr-Scott: "Damn it, I hate you. I got to have Kelly working with data warehouse project. I guess I've got to start working on fixing this problem."
Dev-Carl: "Ha ha..sorry. I've checked everything. Its definitely something on the sql server side."
DBAMgr-Scott: "I guess my day is shot. I've got to talk to the network admin, when I get back, lets put our heads together and figure this out."
<Scott leaves>
Me: "A permissions issue on staging? All my stuff is working fine and been working fine for a long while."
Dev-Carl: "Yea, there is nothing different about any of the other environments."
Me: "That doesn't sound right. What's the error?"
Dev-Carl: "Permissions"
Me: "No, the actual exception, never mind, I'll look it up in Splunk."
<in about 30 seconds, I find the actual exception, Win32Exception: Access is denied in OpenSqlFileStream, a little google-fu and .. >
Me: "Is the service using Windows authentication or SQL authentication?"
Dev-Carl: "SQL authentication."
Me: "Switch it to windows authentication"
<Dev-Carl changes authentication...service works like a charm>
Dev-Carl: "OMG, it worked! We've been working on this problem for almost two weeks and it only took you 30 seconds."
Me: "Now that it works, and the service had been working, what changed?"
Dev-Carl: "Oh..look at that, Dev-Jake changed the connection string two weeks ago. Weird. Thanks for your help."
<My brain is screaming "YOU NEVER THOUGHT TO LOOK FOR WHAT CHANGED!!!"
Me: "I'm happy I could help."

Not a rant about anything in particular. Just a summary of some feelings stored in the hateful part of my heart.

Developing for Android: Add this third-party library to your Gradle build. Use (this) built-in Android class to make the thing work.

*Clicks link

Deprecated since API version SUCKMYDICK-7. Use (this) instead

*Clicks link

Deprecated since API version LICKMYBALLS-32. Use...

Developing for Windows: Please use (this) API call. It was literally already available before Bill Gates was born. Carbon dating has placed this item to older than the universe itself and it is likely the entry point for the big bang. It is also still the best way to accomplish (task).

Developing for Linux: "Hmm, I wonder how to use this"

> > > Some shitty mailing list in small blue monospace font tells you to reference a man page that is three versions behind but the only version available.

What? Those three sentences didn't explain it enough? Well, maybe you aren't cut out for this type of thing.

JavaScript: you know how it is.

SQL: You expect a decent-quality answer from stack overflow but you always get an outdated and hacky response and it's using syntax from Microsoft SQL. You need MySQL.

C#: A surprising number of Microsoft forum results ranking high on Google. You click on one in hopes that it will be of any sort of quality. You quickly close the tab and wonder why you ever even had hope.

Literally any REST API: Is it "query" or "q"? "UserID" or "user_id"? Oh, fuck, where's the docs again?

You thought you escaped JavaScript, but it was a trick!: Some bullshit library you downloaded to make your other library work redefined one of the global variables in the project you inherited. Now you get 347 "<x> is not a function" errors in your console. Good luck, asshole.

FontAwesome/ Material fonts/ Any icon font pack: You search "Close" for a close button icon. No results. You search "Simplified railroad crossing sign without the railroad". You get a close icon.

I think that's all of my pent up rage. Each of them were too small for an individual rant so I had to do this essay.

Teacher: "Will this SQL statement work LavaTheif?"

Me: "you need to put a 'WHERE id.."

T: "but will it work like this?"

Me: "well it wont do what you're trying to do, so it wont work properly"

T: "so will it work?"

Me: "no."

T: "wrong. It will work, but it will change everything in the database, which we dont want"

Thats what I was saying??

Also, he spent 50 mins out of our hour lesson explaining how to use SELECT, INSERT, UPDATE, and DELETE. I just wanted to get on with the work tbh.

Teaching new recruit some SQL (even though hes supposed to fucking know SQL and have multiple years experience but I was a contractor and idgaf, not messing up my money. Just fucking annoying to have an idiot around you all the time).

Me: Okay, so sys tables, so this one is for jobs yeah?

Him: Yeah

Me: Okay, so in this table, its obviously not one row per job per step cos you have multiple rows for the same job and step. Also, there is a datetime field, so what is it showing?

Him: Hmmmmm..... (after some time, back and forth we get to the answer).... history table

Me: Cooooooool, okay, so, lets say, I have a job with 5 steps. If i run it once, how many rows will be in this table?

Him: 5 rows.

Me: Correct, so if I were to have run this same job, 10 times, how many rows get inserted into the table?

Him: (Now...you have to understand, how long this thought process was, im trying to fill the gap with words but really, he was like, having a flashback or something...I kept quiet but silently wanting him to say anything....then he looks me dead in the eyes).... 10!

Me: Motherfucker what!?!? 10 What? If 1 time == 5, what does 10 times ==?

Him: Hmmmmmmmmm.... (yes...we are doing this whole flashback montage all over again)....... Ohhhhh, 1!

Me: .....Stop, think, its a history table. It holds history, for when every step is run for a job, why would it be only one row?

Him: OMG, I know what a history table is!!!!

Me: (Pissed off cos I don't take disrespect calmly). Fine, genius, answer, go!

Him: (LONGER WAIT THAN LAST TIME!!!!)....is it not 10?

Me: I swear, I'm gonna kill you one of these days.

Him: *chuckle*

Me: No...seriously....

TOOK 20-30 MINUTES FOR HIM TO SAY 50!!!!!!

And even then, I swear he didn't understand why. Serious, he was a special breed, had a manager that was a super tard and when I worked here, the spirit of that manager possessed this idiot, the CIO and his little right hand bitch zzzzzzzzzzzzzzzzz.

If there was ever a time I was willing to catch a case at work, it was there.

Bonus: Serious, it got to the point I had to come in and tell this idiot that he can only ask me questions today if he calls me by my name...and my name has changed today...and no, you can't ask me for it cos you need my name to ask me questions.....FUCK OFF kkthxbai.

Before 10 years, a WordPress site hacked with sql injection. They had access to site, they modified many php files and installed commands to download random malwares from over the internet.

At first I didn't know that it hacked and I was trying to remove any new file from the server. That was happening every 1-2 days for a week.

Then I decided to compare every WordPress file with the official, it was too many files, and I did it manually notepad side notepad!! :/

Then I found about over 50 infected files with the malware code.

Cleaned and finished my job.

No one else knows that I did a lot of hard job.

I sometimes remember the time when I wrote a Email-inbox-exporter-PHP-script-type of application that collects all the emails from an inbox, "copied" it to a database with the attachements and stuff and moves it to a folder..

I just started at the company for like a couple of months, had no privileges to create mailboxes and such and I didn't want to interrupt our programmer to do this for me, so... I decided.. to save time and resources.. to test run it on our global, live 'support' mailbox.. :D Well.. You might guess what happened.. Apparently I mistyped the name of the move-destination folder (because imap-weird-things) that resulted in a completly empty mailbox and an empty database because the inserts failed due to bad encoding and mime-type issues..

The moment I refreshed my Outlook and noticed that all our mails where gone.. I swear, I can't describe that feeling of fear, cold sweat, intense heartbeat... I just stood up, asked if anyone wanted coffee, and just walked out of the office.. When in the hallway, I heard my collegues ask to one another "do you have any issues with outlook, all my mails are gone?". Everyone was stressing out, the chief was stressing out "what happened?!", nobody knew what happened.. :D

They could partially resolve it via one collegue who hadn't refreshed the mailbox and he could forward all the mails back to our support mailbox..

I dropped the project idea and learned to work with dev environments :D A couple of months later, I accidentially forgot a where condition in my SQL UPDATE statement, but that was the last time I seriously f*cked up.. :D Got to learn the hard way I guess.. Now everything I do runs in dev environments, I test everything before publishing,.. When I look back.. I don't even recognize the (inexperienced) guy I was back then ! :D

Ps. No one still knows what happened that day and they blamed it on server issues :D

!rant
In my Software Engineering II class, our teacher begins a overview of NoSQL DBs. A buddy of mine leans over and asks me "A SQL DB walks into a NoSQL bar, do you know why he left?"
I said, "No idea".
He said, "Because there were no tables".
Our teacher heard me laugh, so my buddy had to explain the joke to the entire class. Needless to say, the whole class got a kick out of it!

I've found and fixed any kind of "bad bug" I can think of over my career from allowing negative financial transfers to weird platform specific behaviour, here are a few of the more interesting ones that come to mind...

#1 - Most expensive lesson learned

Almost 10 years ago (while learning to code) I wrote a loyalty card system that ended up going national. Fast forward 2 years and by some miracle the system still worked and had services running on 500+ POS servers in large retail stores uploading thousands of transactions each second - due to this increased traffic to stay ahead of any trouble we decided to add a loadbalancer to our backend.

This was simply a matter of re-assigning the IP and would cause 10-15 minutes of downtime (for the first time ever), we made the switch and everything seemed perfect. Too perfect...

After 10 minutes every phone in the office started going beserk - calls where coming in about store servers irreparably crashing all over the country taking all the tills offline and forcing them to close doors midday. It was bad and we couldn't conceive how it could possibly be us or our software to blame.

Turns out we made the local service write any web service errors to a log file upon failure for debugging purposes before retrying - a perfectly sensible thing to do if I hadn't forgotten to check the size of or clear the log file. In about 15 minutes of downtime each stores error log proceeded to grow and consume every available byte of HD space before crashing windows.

#2 - Hardest to find

This was a true "Nessie" bug.. We had a single codebase powering a few hundred sites. Every now and then at some point the web server would spontaneously die and vommit a bunch of sql statements and sensitive data back to the user causing huge concern but I could never remotely replicate the behaviour - until 4 years later it happened to one of our support staff and I could pull out their network & session info.

Turns out years back when the server was first setup each domain was added as an individual "Site" on IIS but shared the same root directory and hence the same session path. It would have remained unnoticed if we had not grown but as our traffic increased ever so often 2 users of different sites would end up sharing a session id causing the server to promptly implode on itself.

#3 - Most elegant fix

Same bastard IIS server as #2. Codebase was the most unsecure unstable travesty I've ever worked with - sql injection vuns in EVERY URL, sql statements stored in COOKIES... this thing was irreparably fucked up but had to stay online until it could be replaced. Basically every other day it got hit by bots ended up sending bluepill spam or mining shitcoin and I would simply delete the instance and recreate it in a semi un-compromised state which was an acceptable solution for the business for uptime... until we we're DDOS'ed for 5 days straight.

My hands were tied and there was no way to mitigate it except for stopping individual sites as they came under attack and starting them after it subsided... (for some reason they seemed to be targeting by domain instead of ip). After 3 days of doing this manually I was given the go ahead to use any resources necessary to make it stop and especially since it was IIS6 I had no fucking clue where to start.

So I stuck to what I knew and deployed a $5 vm running an Nginx reverse proxy with heavy caching and rate limiting linked to a custom fail2ban plugin in in front of the insecure server. The attacks died instantly, the server sped up 10x and was never compromised by bots again (presumably since they got back a linux user agent). To this day I marvel at this miracle $5 fix.

I interviewed to this small company. It was a position requiring a lot of experience they said. They did Microsoft SQL server and their technical interview questions were so easy it took me a lot of time to answer them because I was looking for traps, like for real. Think I might've answered too complex for them as well.

In the non-technical interview they joked about how they'd need to reserve two saunas in team events (Finnish thing) as they were all male and I would've been the first female.

Then they asked questions about my *children*. "Who takes care of them when they're sick?" Ummm, yeah, illegal much.

In the end they didn't hire me but they took two interns from the vocational school (or applied sciences). Yeah, so hard a job a Master of Science in Software Engineering with (at that point) three years of full-stack experience couldn't handle but some not even graduate interns could do?

Oh, and fun thing was. A couple months later a recruiter called me about the same company. I told *her* the story and she said she's gonna drop that company from her list and said no wonder they complain about not getting people for them. xD

I also send a tip to my unions discrimination department. They used my case as an example in presentations so suppose this experience served a purpose. ¯\_(ツ)_/¯

Assigned to a new project team..

Using git, in a creative way. So.. "master" is "dev" branch, usually. Everyone can push their branch to dev server .. so it's "dynamic for us". Production branch is whatever, as long as the branch has the release version. Sometimes, the release comes from "master".. that mean "dev" in normal geek..

That's just Git. The source code is a saturated spagetti of Entity framework and Caliburn. It is littered with antipatterns, especially basebean. Holy Christmas and Easter that baseclass do a lot of stuff that has no place as a base class ..

Fucking frameworks, I'm gonna start to evangelize frameworks as the no1 antipattern.

MS SQL as the main DB, but is dumped to json FILES through a scheduled task to increase read performance on web.

There is a soap endpoint to expose the json files, fml..

I am assuming I was placed here to improve stuff, I have never in my life seen anything like this before.

There is a special place in hell for this repository

Guys guys guys. Conversation had right just now. A PM from the company I’m freelancing for just said

“We need to move away from SQL server and shift all the data to MongoDB. I don’t want it to take more than a month tops”

Verbatim. No context. Nothing. The website is for a small time supply chain software that’s been chugging along for a decade now with spaghetti code everywhere.

How do I even respond? The other guy who works with me sent 😂😂😂 to me privately and now is offline lol wtf

Time to rant about JavaScript tutorials.

If you don't know the 'jQuery basic arithmetic' joke, Google it now. It'll make you laugh, promised.

In that manner i just remembered a JavaScript tutorial my fiancee tried to follow when she did an internship at the company i work for last year.

She was tasked to create a temperature interface for our server rack, which she wanted to do via an Arduino and a webserver aswell as an SQL database.

The Arduino part wasn't really a problem, but since she had no experience with js she very closely clinged to a chart visualisation tutorial.

All of that worked very well, but beeing the person i am i looked at the code and found something off.

The chart library had no dependencies to external libraries or any local files for any of them. Though the tutorial used a jQuery import.

So why did it use jQuery?
Well...
To load the chart initialization after the page has loaded.

So they pulled the entirety of jQuery in just to do what fucking window.addEventListener('DOMContentLoaded',function(){...}); could have done.

I wonder how many people who just want something to work did this shit. I hate it that so many tutorials do not adhere any kinds of standards, override behavior because they don't like it, even though it may have a very good reason to exist, pull entire libraries in for something vanilla <language> can do in 3 lines, etc.

Fuck.

If programming languages were countries, which country would each language represent?

Disclaimer: its just a joke

Java: USA -- optimistic, powerful, likes to gloss over inconveniences.

C++: UK -- strong and exacting, but not so good at actually finishing things and tends to get overtaken by Java.

Python: The Netherlands. "Hey no problem, let'sh do it guysh!"

Ruby: France. Powerful, stylish and convinced of its own correctness, but somewhat ignored by everyone else.

Assembly language: India. Massive, deep, vitally important but full of problems.

Cobol: Russia. Once very powerful and written with managers in mind; but has ended up losing out.

SQL and PL/SQL: Germany. A solid, reliable workhorse of a language.

Javascript: Italy. Massively influential and loved by everyone, but breaks down easily.

Scala: Hungary. Technically pure and correct, but suffers from an unworkable obsession with grammar that will limit its future success.

C: Norway. Tough and dynamic, but not very exciting.

PHP: Brazil. A lot of beauty springs from it and it flaunts itself a lot, but it's secretly very conservative.

LISP: Iceland. Incredibly clever and well-organised, but icy and remote.

Perl: China. Able to do apparently almost anything, but rather inscrutable.

Swift: Japan. One minute it's nowhere, the next it's everywhere and your mobile phone relies on it.

C#: Switzerland. Beautiful and well thought-out, but expect to pay a lot if you want to get seriously involved.

R: Liechtenstein. Probably really amazing, especially if you're into big numbers, but no-one knows what it actually does.

Awk: North Korea. Stubbornly resists change, and its users appear to be unnaturally fond of it for reasons we can only speculate on.

Currently, I am going through a legacy application built in microsoft access back in 90s.

* No Comments
* No Relationships between tables
* Random code that does nothing
* Weird form layouts
* Weird naming conventions

I need to copy this functionality into modern version using SQL Server Management studio and asp.net core, I also need to kill myself because none of this fucking shit fucking fuck makes sense.

I do my best to write clean and concise code along with comments but after this ordeal I am going to up my game because nobody should need to suffer through spaghetti code and stupid logic that is uncommented.

😶

My CS teacher uses html 4 spec that has shit like <strong> and <font size=5> and all sorts of inline garbage. She writes the tags in ALL CAPS and it honestly looks like SQL had a baby with brainfuck. I can't handle this shit anymore. She feels like she's apparently very good at programming and has just been promoted to the School's CS HOD (Head of Department). I have no idea what to do I go to school everyday having to face her mutilating my interest in programming. My peers are all incompetent and don't care at all. Don't get me started on how she writes Python. What the fk man.

I think I want to quit my first applicantion developer job 6 months in because of just how bad the code and deployment and.. Just everything, is.

I'm a C#/.net developer. Currently I'm working on some asp.net and sql stuff for this company.

We have no code standards. Our project manager is somewhere between useless and determinental. Our clients are unreasonable (its the government, so im a bit stifled on what I can say.) and expect absurd things from us. We have 0 automated tests and before I arrived all our infrastructure wasn't correct to our documentation... And we barely had any documentation to begin with.

The code is another horror story. It's out sourced C# asp.net, js and SQL code.. And to very bad programmers in India, no offense to the good ones, I know you exist. Its all spagheti. And half of it isn't spelled correctly.

We have a single, massive constant class that probably has over 2000 constants, I don't care to count. Our SQL projects are a mess with tons of quick fix scripts to run pre and post publishing. Our folder structure makes no sense (We have root/js and root/js1 to make you cringe.) our javascript is majoritly on the asp.net pages themselves inline, so we don't even have minification most of the time.

It's... God awful. The result of a billion and one quick fixes that nobody documented. The configuration alone has to have the same value put multiple times. And now our senior developer is getting the outsourced department to work on moving every SINGLE NORMAL STRING INTO THE DATABASE. That's right. Rather then putting them into some local resource file or anything sane, our website will now be drawing every single standard string from the database. Our SENIOR DEVELOPER thinks this is a good idea. I don't need to go into detail about how slow this is. Want to do it on boot? Fine. But they do it every time the page loads. It's absurd.

Our sql database design is an absolute atrocity. You have to join several tables together just to get anything done. Half of our SP's are failing all the time because nobody really understands the design. Its gloriously awful its like.. The epitome of failed database designs.

But rather then taking a step back and dealing with all the issues, we keep adding new features and other ones get left in the dust. Hell, we don't even have complete browser support yet. There were things on the website that were still running SILVERLIGHT. In 2019. I don't even know how to feel about it.

I brought up our insane technical debt to our PM who told me that we don't have time to worry about things like technical debt. They also wouldn't spend the time to teach me anything, saying they would rather outsource everything then take the time to teach me. So i did. I learned a huge chunk of it myself.

But calling this a developer job was a sick, twisted joke. All our lives revolve around bugnet. Our work is our BN's. So every issue the client emails about becomes BN's. I haven't developed anything. All I've done is clean up others mess.

Except for the one time they did have me develop something. And I did it right and took my time. And then they told me it took too long, forced me to release before it was ready, even though I had never worked on what I was doing before. And it worked. I did it.

They then told me it likely wouldn't even be used anyway. I wasn't very happy at all.

I then discovered quickly the horrors of wanting to make changes on production. In order to make changes to it, we have to... Get this

Write a huge document explaining why. Not to our management. To the customer. The customer wants us to 'request' to fix our application.

I feel like I am literally against a wall. A huge massive wall. I can't get constent from my PM to fix the shitty code they have as a result of outsourcing. I can't make changes without the customer asking why I would work on something that doesn't add something new for them. And I can't ask for any sort of help, and half of the people I have to ask help from don't even speak english very well so it makes it double hard to understand anything.

But what can I do? If I leave my job it leaves a lasting stain on my record that I am unsure if I can shake off.

... Well, thats my tl;dr rant. Im a junior, so maybe idk what the hell im talking about.

Coworker: so once the algorithm is done I will append new columns in the sql database and insert the output there

Me: I don't like that, can we put the output in a separate table and link it using a foreign key. Just to avoid touching the original data, you know, to avoid potential corruption.

C: Yes sure.

< Two days later - over text >

C: I finished the algo, i decided to append it to the original data in order to avoid redundancy and save on space. I think this makes more sense.

Me: ahdhxjdjsisudhdhdbdbkekdh

No. Learn this principal:
" The original data generated by the client, should be treated like the god damn Bible! DO NOT EVER CHANGE ITS SCHEMA FOR A 3RD PARTY CALCULATION! "

Put simply: D.F.T.T.O
Don't. Fucking. Touch. The. Origin!

I have this great professor who taught us how to be logical human beings (not that I learned much of that haha). He introduced us to web dev. He started with the basic html shit, then proceed with php and sql. His lectures were awesome. He'll then proceed with code exercises. And we'll have mini 'codefights' in his classes! yey! He taught us that in programming, it is much more important to practice logic than master a single language(no hate please). I learned to love programming through his passion. :) I learned to program in his class, now I hope never to stop learning. :D

> IHateForALiving: I have added markdown on the client! Now the sys admin can use markdown and it's going to be rendered as HTML
> Team leader: ok, I've seen you also included some pics of the tests you made. It's nice, there's no XSS vulnerabilities, now I want you to make sure you didn't introduce any SQL injection too. Post the results of the tests in the tickets, for everybody to see.

I've been trying to extract from him for 15 minutes how sending a text through a markdown renderer on the client is supposed to create a SQL injection on the server, I've been trying to extract from him how showing all of this to the world would improve our reputation.
I miserably failed, I don't know how the fuck am I supposed to test this thing and if I a colleague wasted time to make sure some client-side rendering didn't create a SQL injection I'd make sure to point and laugh at them every time they open their mouth.

Watch out for these fucking bug bounty idiots.

Some time back I got an email from one shortly after making a website live. Didn't find anything major and just ran a simple tool that can suggest security improvements simply loading the landing page for the site.

Might be useful for some people but not so much for me.

It's the same kind of security tool you can search for, run it and it mostly just checks things like HTTP headers. A harmless surface test. Was nice, polite and didn't demand anything but linked to their profile where you can give them some rep on a system that gamifies security bug hunting.

It's rendering services without being asked like when someone washes your windscreen while stopped at traffic but no demands and no real harm done. Spammed.

I had another one recently though that was a total disgrace.

"I'm a web security Analyst. My Job is to do penetration testing in websites to make them secure."
"While testing your site I found some critical vulnerabilities (bugs) in your site which need to be mitigated."
"If you have a bug bounty program, kindly let me know where I should report those issues."
"Waiting for response."

It immediately stands out that this person is asking for pay before disclosing vulnerabilities but this ends up being stupid on so many other levels.

The second thing that stands out is that he says he's doing a penetration test. This is illegal in most major countries. Even attempting to penetrate a system without consent is illegal.

In many cases if it's trivial or safe no harm no foul but in this case I take a look at what he's sending and he's really trying to hack the site. Sending all kinds of junk data and sending things to try to inject that if they did get through could cause damage or provide sensitive data such as trying SQL injects to get user data.

It doesn't matter the intent it's breaking criminal law and when there's the potential for damages that's serious.

It cannot be understated how unprofessional this is. Irrespective of intent, being a self proclaimed "whitehat" or "ethical hacker" if they test this on a site and some of the commands they sent my way had worked then that would have been a data breach.

These weren't commands to see if something was possible, they were commands to extract data. If some random person from Pakistan extracts sensitive data then that's a breach that has to be reported and disclosed to users with the potential for fines and other consequences.

The sad thing is looking at the logs he's doing it all manually. Copying and pasting extremely specific snippets into all the input boxes of hacked with nothing to do with the stack in use. He can't get that many hits that way.

I messed up carelessly in production. Learnt how SQL queries bite you in the ass when it knows you are under pressure.

Was hosting an online quiz kinda thing during my college techfest. Tens of thousands of people participating.

Using MySQL as database and thousands of queries were being executed. Everyone were pretty excited as the event just opened up.

None of the teams could solve one particular level. Turns out the solution was wrong and was asked by the organisers to change the solution for that particular level. Usual stuff, right?

Was too lazy to open up the web UI for the back office and so, straight ahead logged in to the MySQL server and ran the UPDATE query on the table consisting of the solutions.

It had been a couple of hours and the organisers came to me with a weird problem. There were no changes in the scoreboard for the last two hours. Everyone were stuck wherever they were. Weird, right?

I then realized.

Fk.

In that dreaded query, I had only run

UPDATE 'qa' SET answer = 'something'

leaving out the where clause, specifying the question to update, like

WHERE qno=13

As a result, solutions to all the questions were updated to the same answer. After hastily fixing everything back, I had the dreaded conversation.

Org: What was the problem?

Me: It was the cache.

Org: Damn thing. Always messes up.

Me: *sheepishly* yeah

Probably the most embarrassing moment in my life, wrt coding 😑

Sooo I've been working on an ancient php 5.6 project that did not have any documentation and was a homemade "framework" created 7 years ago. The original creator is long gone and no one else knows a lot about this project.

When I first looked into it I almost immediately noticed the security flaws...

Old outdated libraries
a "development" feature to easily turn dev mode on/off
BY A GET PARAMETER!

it spits out full sql queries and php warnings -.-

Oh and did I mention that the site is a webshop.... and has a backdoor password?
AND THAT THE CUSTOMER REQUESTED THAT?

i understand some developers like to write wrapper functions to handle tedious things, I even understand how to write dynamic SQL queries, but for the love of fucking god and sanity, NEVER FUCKING DO THIS!!!!

Yes its PHP, but its not even bad PHP, its a fucking abomination from hell of PHP.

The only serious, as in customer affecting, bug I never git fixed was an indexing bug that caused an exception requiring manual intervention by one of us.

Despite going at it for many years I never found the root cause before I left the company.

The reason it was so difficult was that it only occurred every second month or less and with different customers.
It was also not triggering directly when the error occurred but a while later once the error had caused accumulated errors until one value got negative.

Also, it was a combination SQL, backend code and frontend js and the time from initial error until an invalid value could be hours, days or even weeks.

And we never ever managed to replicate it our self and found no common pattern between occasions.

We think it was some kind of race condition when updating the db that caused duplicate values or a hole in the index series (db transaction or db index was not an option for various reason that would require a redesign of the central tables and most if the central code).

This then grew into multiple error on consecutive updates until one f them resulted in a negative number that then caused a regex in js to fail.

**Me, while working on sql based project**

Manager: Does anyone knows java! Want a sample login screen written in java.

**I'm the only one in my team to know java, thus raised my hand**

Me: It's done. Mailed you the .java file.

Manager: I can see my password

Me: I fuckn hate myself. ***Forgot to set password field as password type***

Manager: you are no different than others.

Me: Yeah..😶 **f@#& you**

<just got out of this meeting>
Mgr: “Can we log the messages coming from the services?”
Me: “Absolutely, but it could be a lot of network traffic and create a lot of noise. I’m not sure if our current logging infrastructure is the right fit for this.”
Senior Dev: “We could use Log4Net. That will take care of the logging.”
Mgr: “Log4Net?…Yea…I’ve heard of it…Great, make it happen.”
Me: “Um…Log4Net is just the client library, I’m talking about the back-end, where the data is logged. For this issue, we want to make sure the data we’re logging is as concise as possible. We don’t want to cause a bottleneck inside the service logging informational messages.”
Mgr: “Oh, no, absolutely not, but I don’t know the right answer, which is why I’ll let you two figure it out.”
Senior Dev: “Log4Net will take care of any threading issues we have with logging. It’ll work.”
Me: “Um..I’m sure…but we need to figure out what we need to log before we decide how we’re logging it.”
Senior Dev: “Yea, but if we log to SQL database, it will scale just fine.”
Mgr: “A SQL database? For logging? That seems excessive.”
Senior Dev: “No, not really. Log4Net takes care of all the details.”
Me: “That’s not going to happen. We’re not going to set up an entire sql database infrastructure to log data.”
Senior Dev: “Yea…probably right. We could use ElasticSearch or even Redis. Those are lightweight.”
Mgr: “Oh..yea…I’ve heard good things about Redis.”
Senior Dev: “Yea, and it runs on Linux and Linux is free.”
Mgr: “I like free, but I’m late for another meeting…you guys figure it out and let me know.”
<mgr leaves>
Me: “So..Linux…um…know anything about administrating Redis on Linux?”
Senior Dev: ”Oh no…not a clue.”

It was all I could do from doing physical harm to another human being.
I really hate people playing buzzword bingo with projects I’m responsible for.

Only good piece is he’s not changing any of the code.

My first time working with Java and SQL queries(SQL with little/no knowledge): created separate db for each entities and hoped it to work together after the coding was finished.

what a noob!

Where is the location of hell for bad SQL devs?

NO "WHERE"

Today I looked at some code from our CTO. He used plain SQL Statements with huge selects and no prepared statements.

I asked him:
1. why dont you build some helpers or even use some frameworks?
2. why are there no prepared statements?

His answer (to both questions)
We do not need that. That just uses too much ressources and time. It's more cleaner and simpler this way.

My Face: 😵

I learned that there is no undo button in sql after wiping clean 1074 rows of data... #fmdl actually just #fm

Tl;DR; version:
French designer, Mexican PSD -> HTML converter, Indian VueJS developer, Spanish project manager and a Taiwanese back-end developer. Application was made like an tower of pizza from bullcrap held by boogers and constantly licked by an orangutang to keep it standing.

Longer version:
We had to take a "half-finished" project from one of our clients, received the code for full-stack project. The css/design was so unbearable that it mostly broke on anything that had higher than 720px wide screen, structure was full of tables/divs and no fucking flexbox/grid... Then the fun part - we saw it's conversion to vueJS - a single fucken App.vue file that had shitton of conditions for pages.... yea, not even multi-component/routed app, just conditions!!!! And then... A back-end (in which I mainly specify myself) - it was made by a developer that had to mainly use Java/C# as their daily driver while all being build on php and Laravel. 0 Fucken laravel functions used, 0 of models, logic and so on.... Most of the page was running on RAW sql queries. Names... Oh my god the function names....
`getTheUsersThatHasAtLeastOneSpaceAssignedToThemByGivenCompanyId(int $id)`
And it held an RAW sql that was coming from a model....

All of this was managed by a random spanish manager who couldn't really understand what our client needed and what he actually wanted so from 100% of the site, only 20% was correct in logic....

And yet, according to the whole "package" (team) - they did everything correctly, saw no issues and our client was ungrateful fucker that refused to pay 10x the amount that we asked in order to completely re-do the application....

Morale: Remote teams are great... As long as all of them can work remote in TEAM.

Did some updates to an older Web Forms website built by a previous SENIOR developer who is a notoriously horrible developer.

Now before I start, you have to understand this guy studied at a University and had been working for at least two years before I even started working. He is supposed to know the basic shit mentioned below.

This also happened a couple of days ago, so I have calmed down since then so I apologise for the relaxed tone. My next rant will contain a lot more swearing.

This fucking guy did the stupidest shit imaginable.

On the details view of a post|page|article|product|anything that would require a details view this jackass would load the data from the DB.

Using an OleDbConnection, OleDbDataAdapter, DataTable and the poorest writter fucking sql statements you have ever seen. All of these declared in the Page_Load method.

There was literally no reason for him to use OleDb instead of Sql, but he simply did not know any better.

He especially liked: "select * from tbl where id = " & Request("T") & ""

ZERO fucking checks to see if the value is even passed or valid, nothing. He did not even check whether the DataTable had any rows.

He then proceeded to use only the Heading column of the returned row to change the page's title.

Stupidly I assumed the aspx page will be in a better state. Fuck NO!

This fucktard went, added server tags to the opening of the asp:Content tag, copied that shit he used to fetch the data and pasted it between the server tags.

He did not know how to access the DataTable mentioned above from the aspx page!

He did this on every fucking project he worked on. Any place that required <%= %> to display data instead of using asp server controls, this cunt copied whatever was written in the code behind and pasted everything between server tags.

Fuck I could go on forever, but I think this is enough for my first rant.

I hired 2 fresh out of school junior devs to work with me on my old web app.
They were brilliant, knew a lot of things, and were motivated.
They started complaining about how the code was shit, the db was shit, there were no best practices, the technology was old, bug fixing was boring, no comments in code.

I felt bad, very bad during 3 years, because they were absolutely right. I tried to work with them through better coding practices, rewriting, documenting etc.

Now they both have left.
I'm alone maintaining and evolving the application.
And I start to come across the code THEY developed.

What a bunch of shit. SQL queries bringing down the server. Duplicate code, because they didn't want even read the old one. Useless comments.
Performance killing functions. Exceptions swallowed without mercy. I have to clean up they poop.

I feel somewhat better, though. The application is still growing and holding the ground after many years and generating at least 800K$ per year in revenues.

Maybe better, but sad. I really wanted to share the project with somebody else but I failed, and I'm left alone....

My first rant/story

> 3 years ago company x decides to pay for my software dev degree

> fast forward to today.. x has no idea what I've learned as they never asked..(basically java,php,sql,android)

> x gives me a contract 1 week before my final exams and expects me to work everyday except exam days..

>next day, a dev contacts me - 'oh please brush up on your Vue, Node, angular as well as laravel php framework'

>I've never touched any of those xD fml.. what to do!?

Best code performance incr. I made?

Many, many years ago our scaling strategy was to throw hardware at performance problems. Hardware consisted of dedicated web server and backing SQL server box, so each site instance had two servers (and data replication processes in place)

Two servers turned into 4, 4 to 8, 8 to around 16 (don't remember exactly what we ended up with). With Window's server and SQL Server licenses getting into the hundreds of thousands of dollars, the 'powers-that-be' were becoming very concerned with our IT budget. With our IT-VP and other web mgrs being hardware-centric, they simply shrugged and told the company that's just the way it is.

Taking it upon myself, started looking into utilizing web services, caching data (Microsoft's Velocity at the time), and a service that returned product data, the bottleneck for most of the performance issues. Description, price, simple stuff. Testing the scaling with our dev environment, single web server and single backing sql server, the service was able to handle 10x the traffic with much better performance.

Since the majority of the IT mgmt were hardware centric, they blew off the results saying my tests were contrived and my solution wouldn't work in 'the real world'. Not 100% wrong, I had no idea what would happen when real traffic would hit the site.

With our other hardware guys concerned the web hardware budget was tearing into everything else, they helped convince the 'powers-that-be' to give my idea a shot.

Fast forward a couple of months (lots of web code changes), early one morning we started slowly turning on the new framework (3 load balanced web service servers, 3 web servers, one sql server). 5 minutes...no issues, 10 minutes...no issues,an hour...everything is looking great. Then (A is a network admin)...
A: "Umm...guys...hardly any of the other web servers are being hit. The new servers are handling almost 100% of the traffic."
VP: "That can't be right. Something must be wrong with the load balancers. Rollback!"
A:"No, everything is fine. Load balancer is working and the performance spikes are coming from the old servers, not the new ones. Wow!, this is awesome!"
<Web manager 'Stacey'>
Stacey: "We probably still need to rollback. We'll need to do a full analysis to why the performance improved and apply it the current hardware setup."
A: "Page load times are now under 100 milliseconds from almost 3 seconds. Lets not rollback and see what happens."
Stacey:"I don't know, customers aren't used to such fast load times. They'll think something is wrong and go to a competitor. Rollback."
VP: "Agreed. We don't why this so fast. We'll need to replicate what is going on to the current architecture. Good try guys."
<later that day>
VP: "We've received hundreds of emails complementing us on the web site performance this morning and upset that the site suddenly slowed down again. CEO got wind of these emails and instructed us to move forward with the new framework."

After full implementation, we were able to scale back to only a few web servers and a single sql server, saving an initial $300,000 and a potential future savings of over $500,000. Budget analysis considering other factors, over the next 7 years, this would save the company over a million dollars.

At the semi-annual company wide meeting, our VP made a speech.

VP: "I'd like to thank everyone for this hard fought journey to get our web site up to industry standards for the benefit of our customers and stakeholders. Most of all, I'd like to thank Stacey for all her effort in designing and implementation of the scaling solution. Great job Stacy!"
<hands her a blank white envelope, hmmm...wonder what was in it?>

A few devs who sat in front of me turn around, network guys to the right, all look at me with puzzled looks with one mouth-ing "WTF?"

I’m a team lead in the tech team, myself and another team lead manage the on call processes for the department, so when stuff breaks we need to fix it. I assume there is sufficient documentation available for me to fix a process that is not mine.

one of the other managers processes breaks. He’s on annual leave and is away for another week. I attempt to fix the process. No documentation. What do i do?

I go to my manager the next day and tell her the process is broken and I can’t fix it because there’s no documentation and I don’t know what the full impacts are. She agreed we should leave it until he comes back from AL.

He comes back a week later. I tell him the process is broken and it’s been failing since he went on AL.

Him: we had a handover before I went on holiday
Me: no, you showed me where the ‘documentation’ was. Said documentation is not defined enough and is out of date. I didn’t want to break it further by trying to repair it when it’s not completely critical
Him: but it is critical, it has to run every day
Me: so why doesn’t it say that in the documentation?
Him: ............
Me: can you fix it please
Him: no, I’ve got too much to do having just come back from holiday
Me: more critical that a process that has to run EVERY DAY and has been failing for the past 10 DAYS??
Him: I’ll see if I have time

2 hours later...

Him: Lets put in some time for handover so you can understand the process. Is an hour long enough?
Me: I don’t know, you tell me, it’s your process, you know what’s involved and how long it should take to explain
Him: well is an hour long enough?
Me: I don’t know, it takes however long it takes you to explain it
Him: I’m asking you
...........

At this point I’m getting more and more angry, how can you not know how long your process is gonna take to explain when you’re the one that wrote it?! I fully well know that it’s gonna take longer than an hour because it’s an SSIS package that looks like a plate of spaghetti, you spend 15 minutes working out what box flows to where before even looking at any SQL, and he’s still asking me how long it’s gonna take and distracting me from my ACTUAL critical work

Man is a waste of space, so quick to give you work that isn’t his but never takes responsibility for his own... honestly have no clue whatsoever how he became a manager....

This rant doesn’t seem like much reading it back but I swear it’s the last in a looooonnngggg like of his fuck ups that other people have had to deal with 🙄🙄

Why dont people trust you?

I was hired to be an SQL developer, I don't actually get to do much development, normally doing something involving copying and pasting in Excel.

Some of our databases were running slow and we noticed some (a few hundred) indexes were in shit state.

I knocked up a couple of scripts, one to reorganise indexes that were up to a certain amount of fragmentation and one to rebuild the indexes

My boss wants them tested (they were several times in dev) we've had these for over 3 weeks, but she doesn't want to run them.

Instead of fixing hundred of indexes she decided I should contrate on fixing some historic data issues that are preventing 10 indexes from being rebuilt.

Now there are serious issues and the CTO is asking why the indexes haven't been fixed.

I could have done this nearly a month ago, but now it's turned into a huge fucki g deal, and no doubt they'll try and push it back on me

Well on my last full-time job, that ware using cookies for authentication (not something new, eh?). The thing is, you see, the cookies had the 'accountId' which if you change to another number, kaboom you're that account, oh but that was not all, there was an option to mark the account type in there 'accountType', which was kind of obvious in VLE (virtual learning environment), 'Teacher', 'Student', 'Manager' put what of those values and boom you are that role for the session

Thing was open of SQL injection from the login form, from said cookies and form every part you can pass input to it, when I raised the question to my TL he said 'no one is going to know about thatt, I don't see what is the problem', then escalated to higher management 'oh well speak to *tl_guy*'

Oh and bonus points for it being written in ASP CLASSIC in 2014+ (I was supposed to rewrite, but ended up patching ASP code and writing components in PHP)

In 2015-2016, in a private college, charging kind-of big money per year

Dear Microsoft Kusto Query Language (KQL)

Screw you. You suck like more than a sudden depressurization event in an airplane. Creating your own freaking query language is bad, the people who invented SQL based it on a the principles of mathematical relational algebra, which although confusing, and not suited for all use cases is at least consistent.

You were invented by a bunch of oxygen deprived halfwits based on the principles of sadism and incompetence.

The only situation in which I would voluntarily use KQL as my tool of choice is if my purpose was to extract a Dantesque style revenge on someone who had committed grievous harm to myself and my family members. In that case forcing them to work with you day in and day out would still border on cruel and unusual punishment.

Sincerely, A developer who has spent the past 2 hours dealing with your Lovecraftian madness.

P.S. I hope you choke on a raw chicken bone and no one gives you CPR.

Hosting a PHP/MySQL application for a really wealthy NGO that must have paid thousands of dollars for the app, and everything works fine but no sanitised inputs and direct SQL statement execution. Just waiting for little Bobby Tables so I can charge them a fortune for recovery 😊

SQL Rule 1. Always assume there are external processes that might affect your data. (for instance, triggers).
SQL Rule 2. In Denormalised data, never execute logic on dependant table values, always copy from the parent.
SQL Rule 3. When Denormalised data schemas are created the DBA knows what they are doing.
SQL Rule 3.1. If DBA knows what they is doing then according to Rule 1 there is no problem with adding in some triggers to maintain data clones as they are created.
SQL Rule 4. If you don't like or agree with triggers, deal with it. They are a first class tool in a first class RDBMS. In a multi-app or service environment there may be many other external processes massaging your data
SQL Rule 5. If all previous rules are not broken and the system has been running efficiently for many years DO NOT complain that there are triggers in the database that are doing and have been doing the same process that you just butchered (by violating Rule 1 and 2) in your makeshift "hello world, look what I can do from my phone" angular BS when the rest of the users are still relying on the existing runtime app.
SQL Rule 6. If you turn my triggers off, you sure as hell better turn them back on!

If anyone has been keeping up with my data warehouse from hell stories, we're reaching the climax. Today I reached my breaking point and wrote a strongly worder email about the situation. I detailed 3 separate cases of violated referential integrity (this warehouse has no constraints) and a field pulling from THE WRONG FLIPPING TABLE. Each instance was detailed with the lying ER diagram, highlighted the violating key pairs, the dangers they posed, and how to fix it. Note that this is a financial document; a financial document with nondeterministic behavior because the previous contractors' laziness. I feel like the flipping harbinger of doom with a cardboard sign saying "the end is near" and keep having to self-validate that if I was to change anything about this code, **financial numbers would change**, names would swap, description codes would change, and because they're edge cases in a giant dataset, they'll be hard to find. My email included SQL queries returning values where integrity is violated 15+ times. There's legacy data just shoved in ignoring all constraints. There are misspellings where a new one was made instead of updating, leaving the pk the same.

Now I'd just put sorting and other algos, but the data is processed by a crystal report. It has no debugger. No analysis tools. 11 subreports. The thing takes an hour to run and 77k queries to the oracle backend. It's one of the most disgusting infrastructures I've ever seen. There's no other solution to this but to either move to a general programming language or get the contractor to fix the data warehouse. I feel like I've gotten nowhere trying to debug this for 2 months. Now that I've reached what's probably the root issue, the office beaucracy is resisting the idea of throwing out the fire hazard and keeping the good parts. The upper management wants to just install sprinklers, and I'm losing it.

Got a job as a database manager, they wanted me to update their sql server and some of their .net apps. Turns out their sql server had no databases and all their data was stored in an ms access 2003 applications that was using windows for workgroups security!!! It also had no interface, hundreds of tables and queries and there were multiple access db it was connected to. To make things worse the person who built all this stuff used acronyms for everything he did, table names, variables, queries and even bloody window folders!!! It was hard as hell to figure out what anything ment. Oh and the .net apps were asp sites that heavily used dll for storing his code and no one knows where the original source code for them are. Did I also mention there were no comments for any of the code, no database dictionary, no notes or anything.

So apparently I'll be rebuilding everything from scratch and transferring over the data to sql server. AND NO MORE F**KING ACRONYMS!!!!!!!

So as applying for an internship to a new company, they wanted me to make an account and do some things to get use to the website... That's great, until I learned their website is fucking garbage!

Takes 5 seconds to load any page (they import and link so much shit, it's poorly optimized), their website is vulnerable to Javascript injection (in many different places), im sure it will be vulnerable to sql injection too.

Their design looks bad, icons are terrible, no common design flow, super busy. And they are taking about using machine learning and big data? Bitch you need to fucking make your site usable first!! If contacted them and will give them 30 days to fix their shit before I write about it

Depends. No one took for the job. VSCode is really good for web and Python. I use Visual Studio for c#, c++ and c. Jetbrains for Java stuff, including Android studio.

When writing SQL I usually use vendor-provided editors like MySQL Workbench. They're the tool made for the job.

Visual Studio Code is my generic editor thanks to it's easy-access terminal. Makes running anything a breeze.

It doesn't feel as snappy as other editors though and installing plugins just for intellisense to work can be annoying, which is why I use other tools for other workflows.

Generally, I avoid things like vim. Sorry, but I have a mouse AND a keyboard. Paid for em both, and I intend to use em. Sometimes I wanna find a setting in a menu and not fuck around with config files after googling what the right setting is called.

I used Sublime for a while, but never really got too into it. It's okay.

Php code without any class. Every page is a separate php file in project root folder.

Everything is all over the place, code repetition is everywhere.

The worst part? No security. The sql calls are with mysql_ functions and string concatenation. Files are just uploaded without checking.

And I had to repair it.

Want to make someone's life a misery? Here's how.

Don't base your tech stack on any prior knowledge or what's relevant to the problem.

Instead design it around all the latest trends and badges you want to put on your resume because they're frequent key words on job postings.

Once your data goes in, you'll never get it out again. At best you'll be teased with little crumbs of data but never the whole.

I know, here's a genius idea, instead of putting data into a normal data base then using a cache, lets put it all into the cache and by the way it's a volatile cache.

Here's an idea. For something as simple as a single log lets make it use a queue that goes into a queue that goes into another queue that goes into another queue all of which are black boxes. No rhyme of reason, queues are all the rage.

Have you tried: Lets use a new fangled tangle, trust me it's safe, INSERT BIG NAME HERE uses it.

Finally it all gets flushed down into this subterranean cunt of a sewerage system and good luck getting it all out again. It's like hell except it's all shitty instead of all fiery.

All I want is to export one table, a simple log table with a few GB to CSV or heck whatever generic format it supports, that's it.

So I run the export table to file command and off it goes only less than a minute later for timeout commands to start piling up until it aborts. WTF. So then I set the most obvious timeout setting in the client, no change, then another timeout setting on the client, no change, then i try to put it in the client configuration file, no change, then I set the timeout on the export query, no change, then finally I bump the timeouts in the server config, no change, then I find someone has downloaded it from both tucows and apt, but they're using the tucows version so its real config is in /dev/database.xml (don't even ask). I increase that from seconds to a minute, it's still timing out after a minute.

In the end I have to make my own and this involves working out how to parse non-standard binary formatted data structures. It's the umpteenth time I have had to do this.

These aren't some no name solutions and it really terrifies me. All this is doing is taking some access logs, store them in one place then index by timestamp. These things are all meant to be blazing fast but grep is often faster. How the hell is such a trivial thing turned into a series of one nightmare after another? Things that should take a few minutes take days of screwing around. I don't have access logs any more because I can't access them anymore.

The terror of this isn't that it's so awful, it's that all the little kiddies doing all this jazz for the first time and using all these shit wipe buzzword driven approaches have no fucking clue it's not meant to be this difficult. I'm replacing entire tens of thousands to million line enterprise systems with a few hundred lines of code that's faster, more reliable and better in virtually every measurable way time and time again.

This is constant. It's not one offender, it's not one project, it's not one company, it's not one developer, it's the industry standard. It's all over open source software and all over dev shops. Everything is exponentially becoming more bloated and difficult than it needs to be. I'm seeing people pull up a hundred cloud instances for things that'll be happy at home with a few minutes to a week's optimisation efforts. Queries that are N*N and only take a few minutes to turn to LOG(N) but instead people renting out a fucking off huge ass SQL cluster instead that not only costs gobs of money but takes a ton of time maintaining and configuring which isn't going to be done right either.

I think most people are bullshitting when they say they have impostor syndrome but when the trend in technology is to make every fucking little trivial thing a thousand times more complex than it has to be I can see how they'd feel that way. There's so bloody much you need to do that you don't need to do these days that you either can't get anything done right or the smallest thing takes an age.

I have no idea why some people put up with some of these appliances. If you bought a dish washer that made washing dishes even harder than it was before you'd return it to the store.

Every time I see the terms enterprise, fast, big data, scalable, cloud or anything of the like I bang my head on the table. One of these days I'm going to lose my fucking tits.

Waiting for an email from a job j applied for as a SQL manager, they have no IT and they want me to rework their data model for the year. Did I mention I'm incredibly underqualifyed.

BI dev: Hey, can you help me with my SQL query?
Me: Sure, let me see it.
BI dev: sends screenshot - not even the whole query, literally a screenshot with a segment of text in it. No errors showing either.
Me: ...

!rant
Reddit comment on a thread about Joomla! sites being vulnerable to SQL-injections:

"Joomla sites are so infested they became sentient.

Joomla sites needs no webmaster, some one else will administer it for you.

Joomla sites have very good SEO, specially in "v1agra c1alis p3nis size"

Traffic count with Joomla is high, all the bots breaking all the vulnerabilities count for somethin'."

😂 Pure gold.

No matter how logically clean and simple your SQL code is, test your data....TEST YOUR DATA.

During a design meeting, our boss tells me that Vertx's MySQL drivers don't have prepared statements, and that in the past, he's used a library or his own functions to do all the escaping.

"Are you kidding me? Are you insane?"

I insisted that surely he must be wrong; that no one would release a database library without built in support for query arguments. Escaping things by hand is just asinine and a security risk. You should always use the tools in the database drivers, as new security vulnerabilities in SQL drivers can be found and fixed so long as you keep your dependencies up to date.

He told me escaping wasn't as tricky as I made it out to be, that there were some good libraries for it, and insisted Vertx didn't have any built in support for "prepared statements." He also tried to tell us that prepared statements had performance issues.

He searched specifically for "prepared statements" and I was like, "You know they don't have to be called that. They have different names in different frameworks."

Sure enough, a short search and we discovered a function in the Vertx base database classes to allow SQL queries with parameters.

An example of today's generation:
My little cousin 22 years old wants to get into BI Dev. I tell him to read a certain book. The book has practice examples and various things that are hands on.

What does he do?
He READS the book and is like, "ask me any question and I know the answer". So I'm like, "fine, what's the structure of a basic SQL statement?", after some hard thought he's like, "SELECT * FROM?" I'm like, "ok.....how would you filter that?" and he's like, "you got me man........no clue".

What didn't he do?
Practice.

I mean.........come on.

I have quite a few of these so I'm doing a series.
(2 of 3) Flexi Lexi

A backend developer was tired of building data for the templates. So he created a macro/filter for our in house template lexer. This filter allowed the web designers (didn't really call them frond end devs yet back then) could just at an SQL statement in the templates.

The macro had no safe argument parsing and the designers knew basic SQL but did not know about SQL Injection and used string concatination to insert all kinds of user and request data in the queries.
Two months after this novel feature was introduced we had SQL injections all over the place when some piece of input was missing but worse the whole product was riddled with SQLi vulnerabilities.

This is a public service announcement with a threat at the end of it:

"Do not, I repeat, do NOT attempt to write web applications, or any particular sort of application that works with a relational database (damn near more than half of applications) without a PROPER grasp and knowledge of SQL.
I do not want to see you reaching out for an ORM either, no, you need to learn to properly design a database or to properly interact with them AT most before you even attempt using an ORM OR designing an application from the beginning, shit will only hurt you in the long term I promise, learning SQL can go a looooong fucking way and most DBA's I know make way tf more than people think they make, it might even be an interesting career choice"

If you do not follow the above advise, and I see your ass reaching for building a web application without the above knowledge I will be under your bed at night, putting oil in my hairy body before I jump into bed to you and leave you confused for the rest of your life.

Build to learn, YES, but for the love of Chamberlain and Boyce PLEASE do not neglect SQL. I have seen such neglect REACH production and I am currently wishing I had these mfkers close to me.

So I'm tasked with rewriting the old software my employer uses to track basically anything in his company. They want to stick quite close to the old workflow as much as possible, I get that.

"Why exactly do you need access to the system? No you don't need to look at it just recreate the flow. I'll give you the sql structure is that OK? Oh and this won't take long, you can copy from the old code can't you? Wait why do you need access to the code? No. "

🙄

This may be the best Stack Overflow comment I have seen when learning SQL.
How old is Frank? I don't know (null).
How old is Shirley? I don't know (null).
Are Frank and Shirley the same age?
Correct answer should be "I don't know" (null), not "no", as Frank and Shirley mightbe the same age, we simply don't know

What's wrong with this list

List of shit my superior said and wrote in the project:

1. Prefer to write "pure" SQL statement rather than ORM to handle basic CRUD ops.

2. Mixing frontend and backend data transformation.

3. Dump validation, data transformation, DB update in one fucking single function.

4. Calculate the datetime manually instead of using library like momentjs or Carbon.

5. No version control until I requested it. Even with vcs, I still have to fucking FTP into the staging and upload file one by one because they don't use SSH (wtf you tell me you don't know basic unix command?)

6. Don't care about efficiency, just loop through thousands of record for every columns in the table. An O(n) ops becomes O(n * m)

7. 6MB for loading a fucking webpage are you kidding me?

Now you telling me you want to make it into AJAX so it'll response faster? #kthxbye

The day after I delivered a secure programming course to our junior devs.

Junior dev: I can't figure out what's happening when I generate this sql.

Me: what do you mean generating ... It should be a prepared statement..

Junior dev: no I'm just generating the strings from the form

Me: ... Let's try this again....

I thought SQL was supposed to be very easy? I'd like to jump off a balcony right now because of it ...
I don't know if I'm just dumb or if my sources for learning are bad or idk
maybe I'm just tired and dislike SQL

It’s been so long since I posted but this time it’s juicy again.

I got a coworker, no prio experience but already a year and few months into the job. He’s bad.
Magnitudes of bad!

We’re trying to teach him but to no avail. Everything about him sucks, major ballsack to be exact.

His attitude is to avoid every task, finishes nothing and then starts something new.

„Did you do X like we told you to?“
„No I started on Y, because I thought it [looks better, seems more interesting, thought that X is useless…]“

When you ask him much is done he is always „almost“ finished and needs your help on the „last 5-10%“. Yeah fuck that!

But that guy has a talent, his talent is to always give you technically correct answers which actually are complete bullshit.

„What are you doing at your job?“
„Staring at a screen and typing things.“ dude what?

That guy used the excuse „I can’t do maths“ on everything.

For an exam he had to calculate how long it would take to reach a certain amount if you would get some interest in that every year.
He asked the teacher for the formula. During the exam! And when the teacher didn’t want to give it to him he wrote plainly „can’t do maths“ on the paper and left

His code is of a quality as if he would write his first line in a week and then has the audacity to blame me and the colleagues for not explaining it right.

Ok you might think now we’re teaching him bad, or are too impatient. But honestly if you have to explain how to do a for loop for over about 15 months and get that attitude I think you get the right to be angry. I don’t mind explaining on how things work, even for the hundredth time, but then don’t tell me you understood, go behind my back, complain at a colleague how bad I explained, get explained by him and then do it again until you whored yourself through the whole staff!

It’s like he got the mind swiper from Men in black at home. Every day he hits the reset button.

He had a week of just changing indentation on a html file. Why? Because he wanted to find his style.

Yeah his style

if(a==b){
console.log(a);
}
else {
console.log(b)
}

And to produce code like that it takes him atleast 4 hours of trial and error.

And at the same time he goes arround and boasts what a super good programmer he his and that he can do some project work for them.
How we found out? Because he started working in those projects during work time at the office and asked us how to do things.
And he does so like a complete bastard!
Broken sql query? “No that query is perfect as it is, it’s supposed to show no results! But, just in theory, if I wanted to show some results, what would I need to change?”

I’m so mad about it and pissed on a personal level because he goes around blames everyone and the world for his short comings

Rant time of 'Derp & Co.'

Today I decided that I am going to find another job, I just can't keep with this shit.

They said that use Agile: FALSE.
• Daily (best scenario) take like 1 hour and a half.
• New task enter the sprint and "Fuck you, more task in the same time". This is something regular done.

• "Oh, dev, we need you to check this other project" I am in the middle of my sprint on this project. "But you have to fix this bug here". (3 fucking days the bloody bug) "You are late again with tasks".

• Meeting for fresh sprint: 6 BLOODY hours... nonstop

The workflow is garbage:
• SOMEONE should did all the devops shit on the first sprint, guess what? They did nothing!, guess now who is being blamed for it (not only me, but a few coworkers).

• Nothing is well designed/defined:
~ task are explained like shit
~ times measured wrongly
~ We are in the last fucking SPRINT and still doing de ER of the DataBase cause Oh, apparently no one has work before with SQL (damn you MongoDB! (Not really)) so I am doing my best, but "jezz dev, this is so hard... maybe we can do it WRONG and easy".
~ No one is capable of take responsability of their mess, they just try to push down the problems. (Remember the devops situatuion? Why is.my fault? I came at the 3 or 4 sprint and I am doing backend tasks, I know nothing about devops).

But the big prize, the last one:
• Apparently you can't send whatever you want to the boss, it has to pass a filter previously of coordinators and managers, hell yeah!

And I am an idiot too!
because I see that we can't reach our schedule and do hours on my spare time!
This is because there are a few good coworkers who probably ended with my unfinished tasks... and they are equaly fucked as me...

This is just the tip of the iceberg. I am not a pro, I am not a full stack developer and still need to learn a lot, but this is just not normal, eight months like this...

This is the reason why I am still don’t have a girl friend

!rant

I've seen some rants about people complaining about websites using the 'www' subdomain, so I'd like to take this opportunity to try to explain my opinion about why sites might use it.

I use to feel the same way about not having the www subdomain. It felt like an outdated standard that serves no purpose. But I have changed my option...

Sometimes certain servers have other services running other than just the website, such as ssh, ftp, sql, etc., running on different ports. What if you want to use a web proxy and caching service similar to cloudflare or a cdn? We'll you can't, because they won't allow traffic to flow through to your other ports.

That's where the www subdomain comes in. Enable your caching and cdn on your www subdomain, and slap a 301 redirect from your primary domain on port 80 or 443 to the www subdomain. This still allows you to access your other services via the domain name while still gaining the benefits of using a cdn.

Now I know you could use an 'ftp' subdomain or the like, but to each their own in that regard.

Im now working as a fulltime dev for 3 years. I do programming since im 9 and now that I collected some experience, I have to to say, its horrible. Seriously. What the fuck is wrong with german internship companys? Letting me do 3 years of FUCKING CRYSTAL REPORTS. IN A DEVELOPMENT TEAM THAT CONSISTS OF A TEAM LEAD THAT ACTUALLY HAS TO LEARN SHIT LIKE PROPER OOP AND ASYNC/AWAIT FROM ME. THEY EVEN ASKED ME IF I CAN DROP OF MY HOBBY PROJECTS TO WORK ON SAMPLES THAT THEY CAN LEARN FROM! NO! FUCK! JUST BECAUSE THESE DOUCHBAGS ARE TOO LAZY TO FUCKING LEARN TECHNOLOGY THEY SHOULD BE PASSIONATE ABOUT IN THEIR FREE TIME, IM NOT MAKING IT MY JOB TO FREAKING SHOW THEM THAT HAVING A STATIC CLASS CONTAINING ALL MODELS EVER EXISTED IN THE APP IS A BAD THING! SERIOUSLY, THERES ONLY ONE INSTANCE OF EVERY MODEL WE HAVE! AND THEN THEY BLAME SQL SERVER FOR RACE CONDITIONS WHEN TRYING ASYNC!!!! WHAT THE FUCK!! AND STILL, IF I TELL THEM WHATS WRONG, IM AN IDIOT BECAUSE IM A JUNIOR! Please tell me that i didnt waste 10 years of my life dedicating to such bullshit. Will that change? Is it company specific?

I am doing some freelance work for a client who is thankfully mindful about security. I found out that they are so strict with their access because they had a huge data breach last year.

Today I was given access to their repo for connecting to their AS400. In the docker file the username and password were included and were the same for dev and prod. They also are performing no sql injection prevention. They are just joining strings together.

I went to uni for CompSci with knowing no prior knowledge.

In my first year of uni I created a DigitalOcean droplet to host an SQL server. I didn't change the root password or disable password login out of convenience and as I didn't think anyone would be able to find the IP address to be able to hack it.

Within 3 hours DigitalOcean had locked my account for using my droplet to send DDoS attacks. Support contacted me to ask what was going on. I knew nothing at the time so I was a bit 🤷‍♂️.

And that's when I learned the importance of changing your root password.

What is it with devs (not all, by any means!) who don't understand networks or basic computer operation? I'm not talking about anything complex, but things like the dev who asked if his IP address could be whitelisted so he could remote in from home. We asked what his public IP address is and he said 10.0.0.27.

Or the new dev who started and said her laptop camera didn't work and logged a ticket, only to be asked if she had the camera cover open or closed and said, "oh, that's what that lever is for."

Don't get me wrong - many devs and sysadmins and IT people of all fields are excellent. And there are some who are crap in every field. This is no rant about devs in general, just *these* crap devs that I can only throw my hands in the air and think, well, they scored ok in the SQL test.

When I began my sandwich course in a big French company, I was dreaming about cutting edge stack, rocket computer and stuff...

I was disappointed when I came to my office with an old Windows 7 computer, coding via LANDesk to an old server with Windows Server 2008 on it, with Eclipse ... INDIGO...
I have to use Java 1.7 ...
Tomcat 7.
PRTG for monitoring...
Microsoft SQL Server 2008 ...
One screen...
Coding on a codebase where, indubitably, MVC pattern was just a weird thing in books.
No UT.
Lasagna code.

Well it really disappointed me.

Luckily, the Information Service was very open minded and gave me a laptop with Fedora, 3 screens, updated the servers, and let me update the stack, with Java 10, Angular for the front, they are okay for using Docker.

So ... even if it seems to be fucked up, there’s still hope !!

This is a true story. We had this subject, called “Web Design” (really, “design”), where we studied HTML, CSS, JavaScript, PHP and MySQL (confusing, right?). And when we get the PHP (e-)book, it was this old PDF (probably downloaded illegally) teaching the legacy 4.0 version of PHP. Anyway, when we had to develop the final project, the sane professor allowed us to use a newer version of PHP — 5.2, released on 2008. I had to follow the rules, so I developed probably the less secure web application I will ever develop. That means no protection from SQL injection, XSS vulnerable and a bunch of other security holes… And that’s how they liked it developed!

My day so far:
"No, we can't just make that public."
"See this? That's a SQL injection..."
"We have output escaping, please use it..."

My boss's SQL schema has no foreign keys and he said he left them out intentionally because they should be handled in the application layer and they're a large performance impact.

This is a fresh greenfield project and he's already pre-optimizing for problems we don't have yet, on things that may or not be bottlenecks using ideas (e.g. foreign keys have huge performance costs on mariadb/auora) with no hard data or facts to back them up.

Let's start a new project with some technical debt!

I started to work in the CreditCard / Bank business a year ago.
Now they stopped the hole server migration project, so I leave again. They could have had it all. Server 2016, SQL 2016, Citrix, Surface Books and so on.
But no, the new shitty projects are more important than security or on what technology the system is build on.

Seems like the FTP Server will run on Windows 2003 forever...

Ok so I was fetching some JSON data from a SQL database server and loading it on the front-end. Every single data is being loaded onto the table except for a single data column, which is empty.

Hmmm... So I go and check my code... everything looks fine.
Then I console.log the JSON (using .stringify() of course), all the values from the table are present in the printed out JSON.

Ok, now I am really pissed.

Long story short...
I had misplaced a single 'i' in the SQL statement, I had included the 'í' (the i-acute) character instead. And since I was using an alias in the query statement, no error was shown.

me to dba: do you have any recommendations of sql or query improvements? dba: no, just let us know once you're done.

after sending them explain plans, new queries and asking for reviews with no response from them, i applied the changes in dev.

after applying changes.

dba: you should involve us in any development. we need to collaborate.

me: please check your emails over the past 3 weeks.

wtactualfuck.

Beware: Here lies a cautionary tale about shared hosting, backups, and -goes without saying- WordPress.

1. Got a call from a client saying their site presented an issue with a third-party add-on. The vendor asked us to grant him access to our staging copy.

2. Their staging copy, apparently, never got duplicated correctly because, for security reasons, their in-house dev changed the name of the wp-content folder. That broke their staging algo. So no staging site.

3. In order to recreate the staging site, we had to reset everything back to WP defaults. Including, for some reason, absolute paths inside the database. A huge fucking database. Because WordPress.

4. Made the changes directly in a downloaded sql file. Shared hosting, obviously, had an upload limit smaller to the actual database.

5. Spent half an hour trying to upload table by table to no avail.

6. In-house uploads a new, fixed database with the help of the shared hosting provider.

7. Database has the wrong path. Again.

8. In-house performs massive Find and Replace through phpMyAdmin on the production server.

9. Obviously, MySQL crashes instantly and the site gets blocked for over 3 hours for exceeding shared hosting limits.

10. Hosting provider refuses to accept this was caused by such a stupid act and says site needs to be checked because queries are too slow.

11. We are gouging our eyeballs as we see an in-house vs. hosting fight unfold. So we decide to watch a whole Netflix documentary in between.

12. Finally, the hosting folds and enables access to the site, which is obvi not working because, you know, wrong paths.

13. Documentary finishes. We log in again, click restore from backup. Go to bed. Client phones to bless us. Client’s in-house dev probably looking for a cardboard box to pack his stuff first thing in the morning. \_(ツ)_/¯

I was employed as a Researcher so for three months i basically did nothing but read, document, read, document, read, document. Then one day in a review i was doing a demo that required sql. Three months no coding. Of course I've forgotten. And now, this ass back boss of mine gets surprised because i asked for help on update syntax for sql?!?! Like, come on. I COULD GOOGLE THAT. No big deal. But it was to him. He thought i was incompetent as a software engineer. So hE DECIDED TO JUST RANDOMLY PUT ME IN A DEV TEAM and i was expected to perform as fAst AS THEM while still doing mountains of task on research. Worst part is THEY EVALUATED ME BASED ON THAT PERFORMANCE. AFTER I WORK MY ASS OFF FOR THREE MONTHS AS A RESEARCHER, I GET EVALUATED BADLY BECAUSE I DIDNT MEMORIZE THE UPDATE SYNTAX NGNGNNGGNGNNGNGGNF

I remember the first time I was experimenting with Linux and decided to install Kali Linux (was still version 1 at the time) and in the process cleaned my hard drive. I was in first year and I hadn't been introduced to git, so you can imagine what happened to my code.

Or when I dumped all my databases into one SQL file (the feature looked tasty in phpmyadmin) and then after reinstalling everything, I couldn't import back the files.

Or last year, where I was on industrial attachment. So we were to delete some data from DHIS2 manually. So as a developer I grouped all organisation units to be deleted under one parent and wrote a python script to recursively delete anything in that group. Just when I was about to show my supervisor how efficiently my script was deleting stuff, he said, "Don't delete anything yet". I hope he doesn't read this *wink*

Fast forward, last week on Friday I dropped my external hard drive. It just works on one USB port now, no idea how and why.

First software refactoring in the company I worked for. No test environnement because "who needs it?", no unit testing, no comments, had to make sql updates and shit, was scared all day long that something would fuck up.
"Fuck fuck fuck, forgot a part of the where !" Had to fix everything quickly so no one would notice, no coffee/smoke pauses. On top of that, got a ton of retarded requests from the PM and other technicians working with me like "hey boi, could you add an icon to every button we made? There's like a thousand, we need it for tonight, our client will come visit us and I want to show him a better interface blablabla"
And since I was an intern, I couldn't refuse, had to work like a prostitute in virgin-land, and for what?

"Oi, you did good, now do other stuff"

Never have I been so satisfied as I am right now after having implemented a login and user account system with the ability to update user preferences with databases n' shit in PHP after only knowing PHP for a day.

Speaking of all that, do you guys know of any good place to make sure all my stuff is secure? No SQL injections n' the like.

It's a tie between 3 things for me.

1. md5 hashed passwords
2. post variable concatenated into sql with no checks
3. admin login over http

sad thing is that all 3 was one website I redid a few years ago

I'm so fkin happyyyyyy!!
2 months ago a friend hits me up and says "lets make a fkin website"
I had no knowledge of web dev and didn't take it seriously cuz "web dev is for losers who can't code, also they get paid in peanuts" as stated by someone I highly respected back in school.

Fuck him.
It's all changed.
I never thought I'd say this.
But web dev is the best thing I've picked up in 3 years

Been making steady progress in js, php, sql then picked up jquery and made a few dynamic test sites. God it was so fkin satisfactory. Started node- it's intimidating but I'll get the hang of it soon and thinking of starting vue or ember as soon as I'm confident in all the stuff I've picked up. Oh and friend's website?
Fuck that it's a trash concept. I still thanked him for getting me to start web dev and moved on.
I still have my roots in c++ and Python and I'll never forget them but I think this may be the start of a wonderful journey. Be sure to burst my bubble I'm just a noob now

Welp, this made my night and sorta ruined my night at the same time.

He decided to work on a new gaming community but has limited programming knowledge, but has enough to patch and repair minor issues. He's waiting for an old friend of his to come back to start helping him again, so this leads to me. He needed a custom backend made for his server, which required pulling data from an SQL/API and syncing with the server, and he was falling behind pace and asked for my help. He's a good friend that I've known for a while, and I knew it wouldn't take to long to create this, so I decided to help him. Which lead to an interesting find, and sorta made my night.

It wasn't really difficult, got it done within an hour, took some time to test and fix any bugs with his SQL database. But this is where it get's interesting, at least for me. He had roughly a few hundred people that did beta testing of the server, anyways, once the new backend was hooked in and working, I realized that the other developer he works with had created a 'custom' script to make sure there are no leaks of the database. Well, that 'custom' script actually begins wiping rows/tables (Depends on the sub-table, some get wiped row by row, some just get completely dropped), I just couldn't comprehend what had happened, as rows/tables just slowly started disappearing. It took me a while of checking, before checking his SQL query logs (At least the custom script did that properly and logged every query), to realize it just basically wiped the database.

Welp, after that, it began to restrict the API I was using, and due to this it identified the server as foreign access (Since it wasn't using the same key as his plugin, even though I had an API key created just so it could only access ranks and such, to prevent abuse) and begin responding not with denied, but with a lovely "Fuck you hacker!" This really made my night, I don't know why, but I was genuinely laughing pretty hard at this response.

God, I love his developer. Luckily, I had created a backup earlier, so I patched it and just worked around the plugin/API to get it working. (Hopefully, it's not a clusterfuck to read, writing this at 2 am with less than an hour of sleep, bedtime! Goodnight everyone.)

I run update without where on mysql console on production database Today.

CLASSIC

Just because I needed to fix database after bug fix on the backend of the application.
I thought I wrote good sql statement after executing it on my local machine and then everything got bad.

Luckily it was only one column with some cached statistics data and I checked that it was not important data before I actually started fixing stuff but still ...
Almost got hard attack afterwards.
Made a script to fix this column and it took me only 15 minutes but still...

Bug was caused in part I got no unit tests and application grow after 3 years of development from simple one for one customer and volumes of documents around 50k to over 40 customers and volumes over 2mil per month, don’t know how many pages each, just in one year after we completed all needed features.

I have daily backups and logs of every api operation but still.
I think this got to far for one backend developer.

I got scared that I will loose money cause I am contractor and the only backend developer working on it.
I am so tired of this right now I think I need a break from work.

Responsibility is killing me so hard right now.
It will take a week to get back to normal.

When I was in my final year of B.Tech.
There we had to do one major project so me and my friend both decided to build QUERA project for college. So as planned we informed to our superior and we got clean chit.
But later on we didn't know what to do??
That time my friend also didn't have programming awareness so days were going on. And the final month came and till then no progress.
My F was suggesting for purchase.
I was little bit worried too.
Then I had decided to build.
So me alone started building without any copying of templates from web(Actually at that time I didn't know that we can copy templates from web) so stupidly I was building templates using HTML and CSS. Parallely I was doing with php and phpmyadmin(SQL queries).
Seriously it was in PHP.
So this was running for approximately 14 days.
And believe me in that 14 days I was just doing project with all this stuff (obviously eating & 5 hrs sleep).

So, here the fun came

I was near to completion of my project but on last day I was not feeling well so I went to medical for some tablets.

And you know what, I was applying CSS in my mind on that tablet cover which was in rectangular shape.

Literally I was applying :D

Finally, I submitted project and got A+ for that.
Happy ending!

I’ve been a solo frontend developer for a couple of weeks now with critical enormous features and some bugs to get out the door by the end of next week.

On top of that, I got a backend bug to fix which is fine since I know the stack. The SQL that’s causing a bug is an obvious fix but as a FE dev I have no damn idea about DB structure.

I decide to setup local DB to see it for myself. So as a reasonable developer I look for docs to set it up since it sounds like quite a process after confirming with colleagues.

ANNNND... SURPRISE, the docs ARE NON EXISTENT unless you wanna call an outdated diagram a sufficient doc. Just so you understand the pain, we have 9 micro services, a weird db structure and only 5% is documented.

I requested help from my colleagues, but their answers were similar to docs with a follow up of “maybe you can document it after you set this up”. Barely stopped myself from asking “do I look like I have time for this crap? Why don’t you document it SINCE YOUR SETUP IS READY TO GO?”

So I’ve been at it for a couple of hours and I gave up. Will go back to frontend development since still a ton of shit to do anyway. Tomorrow I will attempt this again.

Since my first post was a success, here's another shameless hack-- in this case, ripping a "closed" database I don't usually have access to and making a copy in MySQL for productivity purposes. That was at a former job as an IT guy at a hardware store, think Lowes/Rona.

We had an old SCO Unix server hosting Informix SQL (curious, anyone here touched iSQL?), which has terminal only forms for the users to handle data, and has keybindings that are strangely vi based (ESC does commit changes. Mindfsck for the users!). To add new price changes to our products, this results to a lengthy procedure inside a terminal form (with ascii borders!) with a few required fields, which makes this rather long. Sadly, only I and a colleague had access to price changes.

Introducing a manager who asks a price change for a brand- not a single product, but the whole product line of a brand we sell. Oh and, those price changes ends later after the weekend (twice the work, back at regular price!)

The usual process is that they send me a price change request Excel document with all the item codes along with the new prices. However, being non technical, those managers write EVERYTHING at hand, cell by cell (code, product name, cost, new price, etc), sometimes just copy pasted from a terminal window

So when the manager asked me to change all those prices, I thought "That's the last time I manually enter all of this sh!t- and so does he". Since I already have a MySQL copy of the items & actual (live) price tables, I wrote a PHP backend to provide a basic API to be consumed to a now VBA enhanced Excel sheet.

This VBA Excel sheet had additional options like calculating a new price based on user provided choices ("Lower price by x $ or x %, but stay above cost by x $ or x %"), so the user could simply write back to back every item codes and the VBA Excel sheet will fetch & display automatically all relevant infos, and calculate a new price if it's a 20% price cut for example.

So when the managers started using that VBA sheet, I had also hidden a button which simply generate all SQL inserts for the prices written in the form, including a "back to regular price" if the user specified an end date, etc.

No more manual form entry for me, no more keyboard pecking for the managers with new prices calculated for them. It was a win/win :)

Follow up on a previous rant:

I visited a customer to talk about the reporting discrepancy between two applications.

It turns out the applications were custom built by outsourced developers from Russia, that communicate with each other through a byzantine (and completely undocumented) series of web services, excel import/export tasks, and a customized SSRS environment.

These are spread across at least half a dozen servers, some on-premise and some cloud based, there are at least 3 SQL servers (2 running 2005, one running 2000), a 10 year old local install of TFS (which no one knows a username/password for), and who-knows-what-else.

They laid off their entire IT team years ago, and they have no backups.

I'm not certain anyone there even understands what the software is supposed to be doing beyond the most general terms.

No one knows if they even have source code.

Biggest case of "nope!" I've encountered in more than 20 years of IT experience.

When used properly No-SQL databases are an incredible resource but my employer keeps hammering them in problems which could better be solved by traditional SQL databases in an attempt to be more "hip" and "cool".

This causes huge PITA in making the database work properly with the ORM we're using and waste of time since we're force to emulate basic features which are already exists in almost any SQL database (i.e. relational integrity) using No-SQL storage.

Windows: restarting in 10 seconds

Me: probably just a bug or something like that *click OK button*

10 seconds later

Me: it's no a bug! IT'S NOT A BUG! let me save my stuff

(I don't now why windows did that it made some kind of update without warning except for the 10 seconds and then I had some problem s like I couldn't connect to a SQL server and the computer was super slow)

Working in a organization that hire people that don't know what they doing and can't ask a question correctly...

HELP WE'RE GETTING AN ERROR IN OUR CODE WHILE TRYING TO GET DATA FROM YOUR DB... PLZ FIX IT

WTF IS NOT WORKING, WHAT ARE YOU QUERYING, WHAT IS THE ERROR?

**Sends a SQL query but with ? for all the parameters**

WTF..... U PPL ARE IDIOTS.... CAN'T EVEN ASK A QUESTION CORRECTLY OR PROVIDE NECESSARY INFORMATION... CLEARLY YOU HAVE NO IDEA WTF UR DOING..

EVEN GOD CAN'T HELP YOU...

One word rants really .. just piss me off ... like omg ... you can't take the time out to actually have an opinion !

Eclipse ... no that not a rant it's a hateful pies of sh1t which supplies you a default view of code which makes you feel like you are a pirate looking though a portal to an island 10 miles away ..

Soap ... that just the annoying mechanism you will use and and swear at and every time you use it it's different ...

Sql ... that's just something you should learn ... learn it .. it's useful ..

Software developers like to solve problems. If there are no problems handily available, they will create their own problem.

3 database SQL walked into a NoSQL bar. A little while later, they walked out. Because they couldn't find a table.

If the box says:
"This software requires Windows xp or better."
Does that mean it will run on Linux?

I'm a .Net developer from Morocco, i'm currently working on an accounting software for this fucking company owned by an American boss. And i'm handling every single aspect of the project including the back-end (C#), Database (Sql Server), Reports (crystal reports, ABAP, VSTO), and design (UI, logos, animation...). For a salary of 300 USD/month, with no insurance, no transportation fees, and no fuck given about my health or my coworkers'. Not mentioning the shitty working hours and condition.
This is my first (job)

Update Table_Name Set Column_Name = ‘New Value’;

Commit;

I did this on prod and my manager started screaming on me.

Is there any issue in it?

Wouldn't say our teamwork failed we just sucked that day.

I had a ticket to fix a SQL sp and then correct some data afterwards. As this was the typical "urgent fix need now" we went through a different process for fixing it.

Me: Just sent you some scripts can you check them over before we apply it to uat?
Boss: let's go through it together.
5 mins later
Boss: looks fine I'll apply the scripts.
2 minutes later
Me: did you apply the scripts to uat?
Boss: No I applied them to live.
Me: oh ... oh no.

At this point I realized I was missing a critical where clause so yup my update was applied against all of the data.

Boss: oh
Yup he just spotted my error.

Helpdesk phones start ringing
Boss: you pick it up it's your code
Me: hey you applied its your problem now.

One db restore and several incident meetings later we fixed it. Twas a fun day.

I just dealt with a 3 nested "if" statements in SQL. There is no indentation so I am quite frustrated since each "if" spans up to 2-30 lines.

I now understand why Python white space is significant

Me: Alright Derwent, don't fuck up this database update. There's no undo button and no way to import a database backup so you gotta be extra careful or you're going to have to spend hours writing a whole bunch of regular expressions and sql statements to sift through an 11mb database dump and figure out how to restore 59 thousand records to the correct state. Let's practice this transition on a staging server first and make sure we get it right
Me: I got you fam *presses the wrong button*

Yesterday, microsoft showed me once again, what it means to "obey".

I tried to install Microsoft SQL Server 2012 on a virtual machine with OS Windows7.
The installation-center asked me to choose an installation-folder for SQL-Server.
No matter what, for any folder i had chosen for the installation, the setup replied with the errormessage "The installation-folder is invalid"

So i considered asking our platform-services team, whether they gave me administrative rights for the vm.
They did. I had full access to the components of my vm.

After a few days i finally recognized, that i had picked a wrong iso for the installation of sql server.

Instead of sql server 2012 + Service Pack 3, i picked sql server 2012 ServicePack 3.

So after all, Microsoft tried to tell me by showing the message "The installation-folder is invalid", that the setup weren't able to find an installation of Microsoft SQL Server 2012.

God damned!!1!

Company A: Oh yes we work with this huge tech company all the time and our APIs are just amazingly well made! DONT WORRY!

Company B: Yeah we've worked together once or twice and nothing seemed to go wrong the last time. DONT WORRY!

Reality: 11 API warnings, no data transfer and a SQL error meaning nothing I've been working on actually worked. #Rantover