Had an interesting time these past few days. Had a customer who, when I left for vacay, was complaining that he couldn't get access to our private package registry. Get back, this issue is still active.

We'd granted access to his github enterprise, and for some reason he wasn't getting the activation email. We spent about 22 hours of customer support time on his failing to help himself before he finally escalated to the standard 40 person IT enterprise tantrum/come to jesus meeting.

Long story short, he had somehow ignored repeated attempts (35 email replies to the ticket chain, 4 phone calls) to get him to check his spam folder. In which, as it was revealed to all the hollywood squares in attendance, there were no less than 35 activation emails from github granting him access. Of course, none of this was his fault. And while screensharing his big brain to god and everyone he decides the problem is now actually Microsoft because their office 365 spam email filtered his emails incorrectly. We of course agreed with his big brain, smoothed over his bruised ego and went about our day.

I mean, fair enough, it's kind of dumb that Microsoft ever spam lists github, but still. I was just a fly on the wall, and he burned all his paid support tickets on the issue, so hopefully we won't be dealing with him again this year.

Also, this is an edge case with our new product line, most of our customers are painless.

38°C, sunday afternoon, client be like: "Omg, I need you, it's important, can you call me?"

*calls client*

"So I got this E-Mail that said my SEO could be improved alot, why didn't you do that"

*looks at auto generated spam mail, hangs up*

I think I've finally realized something:
my boss does not actually listen to me.

Quite often during out weekly conference calls, he asks me questions about things I had just covered. I always assumed he couldn't hear because a) i'm rather quiet, and b) freeconferencecall.com bloody sucks.

But it happens for written things, too. I type an update on something in Slack, and an hour later he asks me for an update on it. I always assumed (likely correctly) that he has nearly zero reading comprehension. He writes like a 5th grader and only remembers a few nouns and one verb from anything he reads. But I swear he actively skips reading anything I write.

Now, however, I have frigign' proof that he ignores me. We have both been trying to get ahold of {Clover contractor} via email for months. We have gotten three replies, but twice scheduling prevented setting up a meeting, and once I simply missed the email amongst the flood of log spam I haven't been allowed to address.

I have asked the boss multiple times for the guy's phone number -- in emails, in Slack, and in front of everyone during our weekly conference calls -- and he has totally ignored me every. single. time.

Here's a transcript of my seventh(!) attempt:

Boss [2:13 PM]
Have you and {Clover contractor} met yet? If not make it happen. Stop letting it not happen. GIve specific dates and times. {Clover contractor} let's talk Tuesday 2pm or Wednesday 4pm which works better for you.

Root [2:14 PM]
For the seventh and last time, give me his phone number.
Getting ahold of him via email has not worked.

Boss [2:14 PM]
I am sendning one more, from that I want you to make the meeting happen asap.

Root [2:14 PM]
if i call him, setting up a meeting will be _easy_
Give me his phone number and I will handle this.

It is now 3:00pm and I haven't gotten a response.

Either he doesn't want it to happen, wants me to fail for some reason, or he's totally fucking oblivious. Yet ofc it's me who earns all of the blame when this meeting doesn't happen, and I'm likely to get yelled at in front of everyone, fucking again.

I'm really beginning to hate this guy.

I can't wait to walk out on him and watch the company come crashing down in my absence. It'll be sad to watch, but bloody hell does he deserve it for his arrogant incompetence.

Would the web be better off, if there was zero frontend scripting? There would be HTML5 video/audio, but zero client side JS.

Browsers wouldn't understand script tags, they wouldn't have javascript engines, and they wouldn't have to worry about new standards and deprecations.

Browsers would be MUCH more secure, and use way less memory and CPU resources.

What would we really be missing?

If you build less bloated pages, you would not really need ajax calls, page reloads would be cheap. Animated menus do not add anything functionally, and could be done using css as well. Complicated webapps... well maybe those should just be desktop/mobile apps.

Pages would contain less annoying elements, no tracking or crypto mining scripts, no mouse tracking, no exploitative spam alerts.

Why don't we just deprecate JS in the browser, completely?

I think it would be worth it.

The nightmare continues.

Currently dealing with a code review from a “principal” dev (one step above senior), who is unironically called a “legendary dev” by some coworkers. It’s painfully obvious he didn’t read the code, and just started complaining and nitpicking.

It’s full of requests to do things that make absolutely no sense, and would make the code an unmaintainable mess.
• Ex: moving the logic and data collection from the module’s many callers into the module instead of just passing in the data.
• Ex: hiding api endpoint declarations by placing them in the module itself, and using magic instance variables to pass data to it. Basically: using global functions and variables instead of explicit declarations and calls.
• Ex: moving the logic to determine which api endpoint to use, for all callers, into the view.

More comments about methods being “too complex” (barely holds water) right next to comments saying “why are these separate? merge them together!”

Incredulously asking how many times I’m checking permissions and how ridiculous it all is. (The answer? Twice.)

Conflating my “permissions” param and method names with a supposedly forthcoming permissions system overhaul, and saying I shouldn’t use permissions because my code will all have to get rewritten. Even if that were true, and it’s likely not, the ticket still needs to use the current permissions. I can’t just ignore them because they might be rewritten someday.

Requests to revert some code cleanup because the reviewer thought the previous heavily-nested and uncommented versions (with code duplication) were easier to read. Unsurprisingly, he wrote them.

On the same ticket, my boss wants me to remove all styling and clientside validation, debouncing, and error messages from a form. Says “success” and “connection failed” messages are good enough. The form in question sends SMS and email using arbitrary user input for addresses. He also says it shouldn’t be denounced on the server, and doesn’t want me to bother checking permissions. Hello, spam!

Related: the legendary dev reviewer says he can’t think of a reason why we would want to disable the feature for consumers, so I should remove the consumer feature flag.

You can’t make this stuff up.

Buy a domain. Watch 100s of spam email, sms and dodgy phone calls come in.

Life can't be too bad when most of your spam calls are from recruiters. It made me emotional to remember 4 years ago when I was the one calling to them.

I've found and fixed any kind of "bad bug" I can think of over my career from allowing negative financial transfers to weird platform specific behaviour, here are a few of the more interesting ones that come to mind...

#1 - Most expensive lesson learned

Almost 10 years ago (while learning to code) I wrote a loyalty card system that ended up going national. Fast forward 2 years and by some miracle the system still worked and had services running on 500+ POS servers in large retail stores uploading thousands of transactions each second - due to this increased traffic to stay ahead of any trouble we decided to add a loadbalancer to our backend.

This was simply a matter of re-assigning the IP and would cause 10-15 minutes of downtime (for the first time ever), we made the switch and everything seemed perfect. Too perfect...

After 10 minutes every phone in the office started going beserk - calls where coming in about store servers irreparably crashing all over the country taking all the tills offline and forcing them to close doors midday. It was bad and we couldn't conceive how it could possibly be us or our software to blame.

Turns out we made the local service write any web service errors to a log file upon failure for debugging purposes before retrying - a perfectly sensible thing to do if I hadn't forgotten to check the size of or clear the log file. In about 15 minutes of downtime each stores error log proceeded to grow and consume every available byte of HD space before crashing windows.

#2 - Hardest to find

This was a true "Nessie" bug.. We had a single codebase powering a few hundred sites. Every now and then at some point the web server would spontaneously die and vommit a bunch of sql statements and sensitive data back to the user causing huge concern but I could never remotely replicate the behaviour - until 4 years later it happened to one of our support staff and I could pull out their network & session info.

Turns out years back when the server was first setup each domain was added as an individual "Site" on IIS but shared the same root directory and hence the same session path. It would have remained unnoticed if we had not grown but as our traffic increased ever so often 2 users of different sites would end up sharing a session id causing the server to promptly implode on itself.

#3 - Most elegant fix

Same bastard IIS server as #2. Codebase was the most unsecure unstable travesty I've ever worked with - sql injection vuns in EVERY URL, sql statements stored in COOKIES... this thing was irreparably fucked up but had to stay online until it could be replaced. Basically every other day it got hit by bots ended up sending bluepill spam or mining shitcoin and I would simply delete the instance and recreate it in a semi un-compromised state which was an acceptable solution for the business for uptime... until we we're DDOS'ed for 5 days straight.

My hands were tied and there was no way to mitigate it except for stopping individual sites as they came under attack and starting them after it subsided... (for some reason they seemed to be targeting by domain instead of ip). After 3 days of doing this manually I was given the go ahead to use any resources necessary to make it stop and especially since it was IIS6 I had no fucking clue where to start.

So I stuck to what I knew and deployed a $5 vm running an Nginx reverse proxy with heavy caching and rate limiting linked to a custom fail2ban plugin in in front of the insecure server. The attacks died instantly, the server sped up 10x and was never compromised by bots again (presumably since they got back a linux user agent). To this day I marvel at this miracle $5 fix.

@netikras since when does proprietary mean bad?

Lemme tell you 3 stories.

CISCO AnyConnect:
- come in to the office
- use internal resources (company newsletter, jira, etc.)
- connect to client's VPN using Cisco AnyConnect
- lose access to my company resources, because AnyConnect overwrites routing table (rather normal for VPN clients)
- issue a route command updating routing table so you could reach confluence page in the intranet
- route command executes successfully, `route -n` shows nothing has changed
- google this whole WTF case
- Cisco AnyConnect constantly overwrites OS routing table to ENFORCE you to use VPN settings and nothing else.

Sooo basically if you want to check your company's email, you have to disconnect from client's VPN, check email and reconnect again. Neat!

Can be easily resolved by using opensource VPN client -- openconnect

CISCO AnyConnect:
- get a server in your company
- connect it to client's VPN and keep the VPN running for data sync. VPN has to be UP at all times
- network glitch [uh-oh]
- VPN is no longer working, AnyConnect still believes everything is peachy. No reconnect attempts.
- service is unable to sync data w/ client's systems. Data gets outdated and eventually corrupted

OpenConnect (OSS alternative to AnyConnect) detects all network glitches, reports them to the log and attempts reconnect immediatelly. Subsequent reconnect attempts getting triggered with longer delays to not to spam network.

SYMANTEC VIP (alleged 2FA?):
- client's portal requires Sym VIP otp code to log in
- open up a browser in your laptop
- navigate to the portal
- enter your credentials
- click on a Sym VIP icon in the systray
- write down the shown otp number
- log in

umm... in what fucking way is that a secure 2FA? Everything is IN the same fucking device, a single click away.

Can be easily solved by opensource alternatives to Sym VIP app: they make HTTP calls to Symantec to register a new token and return you the whole totp url. You can convert that url to a qr code and scan it w/ your phone (e.g. Google's Authenticator). Now you have a true 2FA.

Proprietary is not always bad. There are good propr sw too. But the ones that are core to your BAU and are doing shit -- well these ARE bad. and w/o an oppurtunity to workaround/fix it yourself.

Alright, this my fucking rant right here. Distraction? This whole company is a distraction! Boss decided to throw us all in an open work environment doing jobs that require careful concentration. Straight outta college I'm getting handed vague ideas, (make a desktop app that helps our customers put data on the internet, make an iPhone app) with out so much as an inkling of what technologies to use, just make it work.
Ok I will but when you hit a roadblock with very little resources to draw in it's hard to stay focused.
On top of that since I worked in support for a year I'm our senior support person! But sometimes support just doesn't use their brains and I'm using my time to solve very basic problems.
That brings me to my next point, the goddamn piece of shit that is our telephone. Fuck that thing when it rings it's never good. Moreover, since I don't want to get roasted for not being responsive I have the motherfucker forward to my personal cell. So I answer every fucking call and I get so many spam calls!
Not to mention I'm mainly running the hardware show around here. Shits broke I'm the one fixing it. Need new shit I'm putting the order together.
Tried to get a new guy to be the sys admin, ordered a 6th gen board with a 7th gen proc, had to pull 3 machines apart to get that sorted. Then he left bc family issues, and has been gone for weeks.
The other devs are also slam up busy, and the main product is about 15 people's piss on a plate of garb age spaghetti. (I got a lot of shit going on but at least I'm the only one pissing in my spaghetti) it's a constant run around if who does what with a code first plan later mentality causing confusion and delay.
Nobody wants to help anybody because they are also annoyed with this setup and are getting bitched at by customers or management.
Sales is mostly composed of a bunch of crackhead yes men and women who just want a commission and only half know the shit we sell and have sold 15 new features that had not been discussed. But management always says make it happen. In what priority? It's all a priority they say! Wtf.
So yea, then it brings me to me, dealing with this much chaos at work makes it seem like a high amount of chaos in my life is normal. I'm just now learning to control this.
I've had to do a lot of growing up as a person and as a developer. I've went from being the most junior to about the 3rd most seniors and I've no doubt my efforts have contributed to the growth of the company.
I'm a big believer in coding flow, and that it takes at least 15 mins to get in that flow and about 5 seconds to break it. There is no do not disturb on the company chat, everything always on fire it seems.
So fuck a lot of this, but I've done the research and where I'm at is the best opportunity in a 100 mile radius. So I am thankful for this job. Plus I usually win the horror story contest.

So TL;DR the biggest distraction is every fucking thing in this god forsaken place.

It all started with an undelivereable e-mail.

New manager (soon-to-be boss) walks into admin guy's office and complains about an e-mail he sent to a customer being rejected by the recipient's mail server. I can hear parts of the conversation from my office across the floor.

Recipient uses the spamcop.net blacklist and our mail was rejected since it came from an IP address known to be sending mails to their spamtrap.

Admin guy wants to verify the claim by trying to find out our static public IPv4 address, to compare it to the blacklisted one from the notification.
For half an hour boss and him are trying to find the correct login credentials for the telco's customer-self-care web interface.
Eventually they call telco's support to get new credentials, it turned out during the VoIP migration about six months ago we got new credentials that were apparently not noted anywhere.

Eventually admin guy can log in, and wonders why he can't see any static IP address listed there, calls support again. Turns out we were not even using a static IP address anymore since the VoIP change. Now it's not like we would be hosting any services that need to be publicly accessible, nor would all users send their e-mail via a local server (at least my machine is already configured to talk directly to the telco's smtp, but this was supposedly different in the good ol' days, so I'm not sure whether it still applies to some users).

In any case, the e-mail issue seems completely forgotten by now: Admin guy wants his static ip address back, negotiates with telco support.
The change will require new PPPoE credentials for the VDSL line, he apparently received them over the phone(?) and should update them in the CPE after they had disabled the login for the dynamic address. Obviously something went wrong, admin guy meanwhile having to use his private phone to call support, claims the credentials would be reverted immediately when he changed them in the CPE Web UI.

Now I'm not exactly sure why, there's two scenarios I could imagine:
- Maybe telco would use TR-069/CWMP to remotely provision the credentials which are not updated in their system, thus overwriting CPE to the old ones and don't allow for manual changes, or
- Maybe just a browser issue. The CPE's login page is not even rendered correctly in my browser, but then again I'm the only one at the company using Firefox Private Mode with Ghostery, so it can't be reproduced on another machine. At least viewing the login/status page works with IE11 though, no idea how badly-written the config stuff itself might be.

Many hours pass, I enjoy not being annoyed by incoming phone calls for the rest of the day. Boss is slightly less happy, no internet and no incoming calls.

Next morning, windows would ask me to classify this new network as public/work/private - apparently someone tried factory-resetting the CPE. Or did they even get a replacement!? Still no internet though.
Hours later, everything finally back to normal, no idea what exactly happened - but we have our old static IPv4 address back, still wondering what we need it for.

Oh, and the blacklisted IP address was just the telco's mail server, of course. They end up on the spamcop list every once in a while.

tl;dr: if you're running a business in Germany that needs e-mail, just don't send it via the big magenta monopoly - you would end up sharing the same mail servers with tons of small businesses that might not employ the most qualified people for securing their stuff, so they will naturally be pwned and abused for spam every once in a while, having your mailservers blacklisted.

I'm waiting for the day when the next e-mail will be blocked and manager / boss eventually wonder how the 24-hours-outage did not even fix aynything in the end...

OMGosh! I am so screwed! Just got a call from someone saying my warranty on my car expired! I just bought it last year! What am I gonna do?!

I work for an investment wank. Worked for a few. The classic setup - it's like something out of a museum, and they HATE engineers. You are only of value if work on the trade floor close to the money.

They treat software engineering like it's data entry. For the local roles they demand x number of years experience, but almost all roles are outsourced, and they take literally ANYONE the agency offers. Most of them can't even write a for loop. They don't know what recursion is.

If you put in a tech test, the agency cries to a PMO, who calls you a bully, and hires the clueless intern. An intern or two is great, if they have passion, but you don't want a whole department staffed by interns, especially ones who make clear they only took this job for the money. Literally takes 100 people to change a lightbulb. More meetings and bullshit than development.

The Head of Engineering worked with Cobol, can't write code, has no idea what anyone does, hates Agile, hates JIRA. Clueless, bitter, insecure dinosaur. In no position to know who to hire or what developers should be doing. Randomly deletes tickets and epics from JIRA in spite, then screams about deadlines.

Testing is the same in all 3 environments - Dev, SIT, and UAT. They have literally deployment instructions they run in all 3 - that is their "testing". The Head of Engineering doesn't believe test automation is possible.

They literally don't have architects. Literally no form of technical leadership whatsoever. Just screaming PMOs and lots of intern devs.

PMO full of lots of BAs refuses to use JIRA. Doesn't think it is its job to talk to the clients. Does nothing really except demands 2 hour phone calls every day which ALL developers and testers must attend to get shouted at. No screenshare. Just pure chaos. No system. Not Agile. Not Waterfall. Just spam the shit out of you, literally 2,000 emails a day, then scream if one task was missed.

Developers, PMO, everyone spends ALL day in Zoom. Zoom call after call. Almost no code is ever written. Whatever code is written is so bad. No design patterns. Hardcoded to death. Then when a new feature comes in that should take the day, it takes these unskilled devs 6 months, with PMO screaming like a banshee, demanding literally 12 hours days and weekends.

Everything on spreadsheets. Every JIRA ticket is copy pasted to Excel and emailed around, though Excel can do this.

The DevOps team doesn't know how to use Jenkins or GitHub.

You are not allowed to use NoSQL database because it is high risk.

Someone is trying to get into my shit. Mail Accounts and my phone is receiving lots of. Spam calls and phishing messages...

Fucking bastards..

We all get phishing shit but if it’s targeted it makes me feel awkward..

Little fucking bastards.. I think I even know who it is.. that useless piece of junk that got fired because of my honest feedback. Not many others know my current nr, emails etc..

I absolutely hate it when companies use this or that medium for communications despite me asking them time and time again for another.

I have a mail server for more professional communications. The phone, only for stuff that won't matter if I inevitably end up forgetting about it (even more so now that Google made call recording more or less impossible, laws be damned). I will forget about a phone call no doubt. I've got better shit to do than to remember your manglement decisions, thank you very much. On mail, that's all nicely on my mail server for retrieval in several years even.

So I ask them to use the email address I gave them, a dedicated one for their company too (catch-all go brrr). Can't do that with phone numbers. Managing all those SIM cards aside, our government has now limited the amount of SIM cards one can have to 10. And texts and phone calls are not a long-term medium! And I can't share my phone number with just about anyone because people will inevitably spam the shit out of it, AND it's hard to replace! It's not a good medium! So with all due respect, companies - I couldn't care less what medium you prefer to use for your customers. You don't care about what your customer wants you to use - explicitly so! - and you lose a customer. It's as simple as that. Dealing with manglement is one thing, but dealing with manglement using the wrong media is something I'd really rather not do.

But hey I guess that virtue signalling is more "in" than actually listening to your goddamn customers nowadays? Let's replace another master/slave reference. You know, arguing that if we did that 2 years ago, George Floyd would've totally survived. Not by fixing the US police brutality, oh no no no. That's not the right way. Changing nomenclature and hashtags however, and not giving half a shit about your customers, yeah that's the way to go!

There is a pretty popular job search site I have used for quite some time. I wanted to close my account due to spam phone calls and emails. The website has no ui for closing your account. I fly into a fit of rage and change my email address to 20 random characters @gmail.com. Now I still have an account there but can't log in. Still getting the spam.