Long story short, I'm unofficially the hacker at our office... Story time!

So I was hired three months ago to work for my current company, and after the three weeks of training I got assigned a project with an architect (who only works on the project very occasionally). I was tasked with revamping and implementing new features for an existing API, some of the code dated back to 2013. (important, keep this in mind)

So at one point I was testing the existing endpoints, because part of the project was automating tests using postman, and I saw something sketchy. So very sketchy. The method I was looking at took a POJO as an argument, extracted the ID of the user from it, looked the user up, and then updated the info of the looked up user with the POJO. So I tried sending a JSON with the info of my user, but the ID of another user. And voila, I overwrote his data.

Once I reported this (which took a while to be taken seriously because I was so new) I found out that this might be useful for sysadmins to have, so it wasn't completely horrible. However, the endpoint required no Auth to use. An anonymous curl request could overwrite any users data.

As this mess unfolded and we notified the higher ups, another architect jumped in to fix the mess and we found that you could also fetch the data of any user by knowing his ID, and overwrite his credit/debit cards. And well, the ID of the users were alphanumerical strings, which I thought would make it harder to abuse, but then realized all the IDs were sequentially generated... Again, these endpoints required no authentication.

So anyways. Panic ensued, systems people at HQ had to work that weekend, two hot fixes had to be delivered, and now they think I'm a hacker... I did go on to discover some other vulnerabilities, but nothing major.

It still amsues me they think I'm a hacker 😂😂 when I know about as much about hacking as the next guy at the office, but anyways, makes for a good story and I laugh every time I hear them call me a hacker. The whole thing was pretty amusing, they supposedly have security audits and QA, but for five years, these massive security holes went undetected... And our client is a massive company in my country... So, let's hope no one found it before I did.

Shit. It's the weekend and my plan is to... code more.

Yup, that's about right.

Our technical debt has technical debt. There's no way we're fixing this tire fire 😔

Store POJOs as json inside a database column so that we have a dynamic relational database!

For those who don't know what a POJO
*POJO: plain old Java object
Technically I was asked to store all data models as json in a single column 🙄

Kotlin makes the development experience so much better. Humans are creatures of habit. Some don't want to change what they already know. RIP to those who still start their project in Java and do not want to adapt in this competitive world. :/

Last 4 days, struggling to get ship it from a Dev who is reviewing my code.

The comments have already piled up more than the LOC submitted.

The code review consists of just 2 interfaces and a pojo. Hardly 20 LOC in total, excluding javadocs.

I hope it gets ship it soon.
Wish me luck.

"Do you know OOP in Java?"
"No, I don't."
"How about POJO?"
"I dunno too."
"Okay, so what do you know?"
"Pascal."
"Then why do you call yourself a Java programmer, dude?"
"Cuz, I'm a programmer, and I'am a Javanese."
"Oh..."

Who the hell named it POJO.

That "Plain Old" doesn't make sense at all. They could have just named it "JO"

DynamoDbMapper ISSUE

There were multiple pojos which maps with one of our DynamoDb table with slightly different schema (leveraging nosql).

For one of the pojos, while populating one of the attributes, it was always throwing some weird exception and no one had any idea about it.
An intern was assigned to fix it in case some new pair of eyes can observe something weird about the pojo.

Later, I realized that the way DynamoDbMapper behaves inside a pojo is very particular and hidden.
A method was declared as public instead of private in the pojo, and DynamoDbMapper while mapping the pojo to the table with reflection, it said that this attribute (a substring of the method name) cannot be converted.

Finally, it was just a single word change from PUBLIC TO PRIVATE.

!rant
I have my 121 in a few days with my new manager and am trying to get a raise either through moving from junior to mid level dev or being given a significant raise , am being paid a tad below the London market rate's lower range for my skill level.

Any advice on how to approach the topic?

Some bits of my background:

I got almost 4 years of exp :
almost 2 working there...
6 months short term contract as a ruby sql dev another company...
1.5 years worked for an abusive joke of a company who took advantage of my naivety since i was fresh out of uni ( did stuff like pressured me to add more features to a pojo system i made for them) barely learned anything there since i was the only IT person there developing solo, the project lasted 1.5 years and was a total mess to finish, so am not too sure of factoring it into my years of exp.

My Qualifications are:
bsc in information systems
Msc in enterprise sw engineering

My "new" Manager is seeking to retire real soon.

The company isn't doing too well but we just landed 2 big customers who are buying the product my team is working on

I Am one of two last devs on my team and we are barely holding on with the load, can't afford the time to train a newbie to join us

my department is soon to be sold (soon according to what mgr says). They have been saying so for 10 months now.

Last year , since the acquisition Is taking so long and funds were running out We were hit by a wave of redundancies which slashed our workforce in august/ july, told we could last till march this year on our funds . Even senior staff were on a reduced work week...but since we Got new customers then money should be coming in again , this should mean thats no longer the case. Even the senior staff have returned to 5 day work weeks.

Am being given only JavaScript work to do despite being hired as a junior java dev, my more senior colleagues dont wanna even touch js with a long stick

Spoke to 3 recruiters , said they got open roles in the junior- mid level range that pay the proper market range if am interested to put my cv through.
Thats like 25% more than I currently make.

Am a bit scared to jump into a mid level position in another company because i lack a bit confidence in my core java skills.
although a senior dev who used to be on my team thinks i can do it.
i recon i can take on the responsibilities of a mid level dev in me existing company since am pretty familiar with the products

I dont get to work with senior devs and learn from them since we are so stretched thin, hence am not really getting the chance to grow my skills

I know i have gaps in my knowledge and skills having not been able work in java for a while hasn't allowed me to fix that too well. I badly need to learn stuff like proper unit testing, not the adhoc rubbish we do at the moment, frameworks like spring etc

Since I have been pretty much pushed into being the js guy for the large chunks of the project over the last year , its kinda funny am the only guy who has the barest idea how some of the client facing stuff works

The new manager does seem to be a nice guy but he is like a politician, a master bullshitter who kept reassuring all is well and the company is fineeee (just ignore the redundancies as the fly past you)

The deal for thr aquisition seem to have sped up according to rumors
And we heard is a massive company buying us, hence things might pick up again and be better than ever

Any ideas how to approach the 121 with him?

Any advice career wise?
Should i push for a raise ?
promotion to mid?
Leave to find a junior to mid level position?
Tought it out and wait for the take over or company crash while trying to fill the gaps in my knowledge ?

Sorry for the length of this post

Imagine supporting blackbox software that still uses practices from the 1980s - unreadable 5 string DB2 column names, a custom piece of shit language you have to edit in what is essentially an Excel editor live on the server, etc.

Even better, the company that supports it has 6 month fix/release turnarounds. Six months in 2017!

I'm writing a minor productivity app which consumes and modifies a vbscript file on a network drive which apparently gets included in other productivity tools to drive the business, as well as updates the relevant DNS entry the field is associated with, and because I care about making the world a better place now writes the data out to what I hope becomes the authoritative source for said data which eventually replaces these who-the-knows-why-they-are-there network drive files and snippets.

The tool removes the need for an ISP tech in the field to make TWO phone calls when they update network equipment. One for the vbscript tweak, one for the DNS update.

Oh, did I mention that some PHP app under a L1 helpdesk guy's desk that the company has made absolutely necessary for their business (and I subsequently moved to a god damn server) consumes the vbscript file and parses it into something PHP can understand?

You can't make this shit up.

The only saving grace is that I have my team rewriting all of this ridiculous shit in Haskell. Type safety and long term refatorability will keep us sane.

Gson is an excellent library every Java/Android developer should know. You can easily parse a Json or XML network response into a POJO class and get ready to go. But the guys who started the project I currently support found a better, smarter, slicker way to parse network responses into memory:

ArrayList<ArrayList<HashMap<String, String>>>

I would love to meet the genius who came up with this idea. I mean, you can parse absolutely any API response without even having to define stupid Java classes or importing libraries! And also you can reutilize the same scheme for literally all Java projects that handle API responses! Wonderful

I need to write a standalone server in Java 1.7 and have it

-handle GET urls and map them to different classes/methods
-extract the query params and expose them to the method
-Can respond in JSON by serialising the POJO or a list of them

We have an existing server I think that uses JBoss but takes forever to start and uses a lot of memory.

I also wrote one before with just a (Grizzly?) HttpServer so had to manually implement the above as needed. Only needed it to do one thing so really just 1 path.

Similar situation this time but I'd prefer to not have to implement this stuff manually and need it to be a bit more flexible to extension.

Q).How does one try to understand how or what a programme is in a third world country with no basis of proper infrastructure?

Apart from using raspberry pi which not only requires a person to help yiu understand it but cost a lot.......Something that Completes the circle , from bundling the the hardware with seamless software out of the box and for the fraction of the cost of a raspberry pi

[Open to all sorts of input.....from this thing has no practical use to lets do something]

Your language has nulls. Would rather smash my own skull in with a mechanical keyboard with blue cherry switches so everyone can hear because omg how do you even get by.