Nothing is more permanent than a temporary fix.

Finally did it. Quit my job.

The full story:
Just came back from vacation to find out that pretty much all the work I put at place has been either destroyed by "temporary fixes" or wiped clean in favour of buggy older versions. The reason, and this is a direct quote "Ari left the code riddled with bugs prior to leaving".

Oh no. Oh no I did not you fucker.

Some background:

My boss wrote a piece of major software with another coder (over the course of month and a balf). This software was very fragile as its intention was to demo specific features we want to adopt for a version 2 of it.

I was then handed over this software (which was vanilajs with angular) and was told to "clean it up" introduce a typing system, introduce a build system, add webpack for better module and dependency management, learn cordova (because its essential and I had no idea of how it works). As well as fix the billion of issues with data storage in the software. Add a webgui and setup multiple databses for data exports from the app. Ensure that transmission of the data is clean and valid.

What else. This software had ZERO documentation. And I had to sit my boss for a solid 3hrs plus some occasional questions as I was developing to get a clear idea of whats going on.

Took a bit over 3 weeks. But I had the damn thing ported over. Cleaned up. And partially documented.

During this period, I was suppose to work with another 2 other coders "my team". But they were always pulled into other things by my Boss.

During this period, I kept asking for code reviews (as I was handling a very large code base on my own).

During this period, I was asking for help from my boss to make sure that the visual aspect of the software meets the requirements (there are LOTS of windows, screens, panels etc, which I just could not possibly get to checking on my own).

At the end of this period. I went on vacation (booked by my brothers for my bday <3 ).

I come back. My work is null. The Boss only looked at it on the friday night leading up to my return. And decided to go back to v1 and fix whatever he didnt like there.

So this guy calls me. Calls me on a friggin SUNDAY. I like just got off the plane. Was heading to dinner with my family.
He and another coder have basically nuked my work. And in an extremely hacky way tied some things together to sort of work. Moreever, the webguis that I setup for the database viewing. They were EDITED ON THE PRODUCTION SERVER without git tracking!!

So monday. I get bombarded with over 20 emails. Claiming that I left things in an usuable state with no documentation. As well as I get yelled at by my boss for introducing "unnecessary complicated shit".

For fuck sakes. I was the one to bring the word documentation into the vocabulary of this company. There are literally ZERO documentated projects here. While all of mine are at least partially documented (due to lack of time).

For fuck sakes, during my time here I have been basically begging to pull the coder who made the admin views for our software and clean up some of the views so that no one will ever have to touch any database directly.

To say this story is the only reason I am done is so not true.

I dedicated over a year to this company. During this time I saw aspects of this behaviour attacking other coders as well as me. But never to this level.

I am so friggin happy that I quit. Never gonna look back.

Fixing interface with "temporary" solution
PS: please hide it from electricians (even hobbyist). It can scary them to death.

I am starting to realise that there really is nothing more permanent than a temporary fix.

Nothing is more permanent than a temporary fix

string excuses[]={
"it's not a bug it's a feature",
"it worked on my machine",
"i tested it and it worked",
"its production ready",
"your browser must be caching the old content",
"that error means it was successful",
"the client fucked it up",
"the systems crashed and the code got lost" ,
"this code wont go into the final version",
"It's a compiler issue",
"it's only a minor issue",
"this will take two weeks max",
"my code is flawless must be someone else's mistake",
"it worked a minute ago",
"that was not in the original specification",
"i will fix this",
"I was told to stop working on that when something important came up",
"You must have the wrong version",
"that's way beyond my pay grade",
"that's just an unlucky coincidence",
"i saw the new guy screw around with the systems",
"our servers must've been hacked",
"i wasn't given enough time",
"its the designers fault",
"it probably won't happen again",
"your expectations were unrealistic",
"everything's great on my end",
"that's not my code",
"it's a hardware problem",
"it's a firewall issue",
"it's a character encoding issue",
"a third party API isn't responding",
"that was only supposed to be a placeholder",
"The third party documentation is wrong",
"that was just a temporary fix.",
"We outsourced that months ago.","
"that value is only wrong half of the time.",
"the person responsible for that does not work here anymore",
"That was literally a one in a million error",
"our servers couldn't handle the traffic the app was receiving",
"your machines processors must be too slow",
"your pc is too outdated",
"that is a known issue with the programming language",
"it would take too much time and resources to rebuild from scratch",
"this is historically grown",
"users will hardly notice that",
"i will fix it" };

Nothing is more permanent than temporary fix.
Marps.. 😂😂

/***********************************
/* a temporary hack, fix it later *
***********************************/

That was 7 years ago. I mean it was last edited 7 years ago when a temporary hack was created. It is now a permanent solution as nobody know what we are supposed to fix

.... Nothing is more permanent than a temporary fix. Not even clean refactored and tested code.

This is what I found in the logs:
3280546 I had a cup of tea and now it's fixed
9daaf6c copy and paste is not a design pattern
958ca5b It compiles! Ship it!
a9edf8d LAST time, Masahiro, /dev/urandom IS NOT a variable name generator...
438072f 640K ought to be enough for anybody
1fb839b Too lazy to write descriptive message
4d70890 ...
d6ce0c8 Ugh. Bad rebase.
a00b544 Programming the flux capacitor
49715cb Fix my stupidness
4babf07 Do things better, faster, stronger
49b3a7b SEXY RUSSIAN CODES WAITING FOR YOU TO CALL
12c7b55 formatted all
2658c87 and so the crazy refactoring process sees the sunlight after some months in the dark!
2376c89 - Temporary commit.
a83220a I honestly wish I could remember what was going on here...
3347007 work in progress
3382b4c well crap.
109748a Glue. Match sticks. Paper. Build script!
c3f025e Useful text
70394e7 Who knows WTF?!
0d78f14 breathe, =, breathe
5344e39 removed tests since i can't make them green
8a3a6bf better grepping
2777cc4 first blush
cf620ff Continued development...
9591c19 Too lazy to write descriptive message
767e0cd Some shit.
763602a Yes, I was being sarcastic.
8d7a602 /sigh
c6296e5 rats

Insecure... My laptop disk is encrypted, but I'm using a fairly weak password. 🤔

Oh, you mean psychological.

Working at a startup in crisis time. Might lose my job if the company goes under.

I'm a Tech lead, Senior Backender, DB admin, Debugger, Solutions Architect, PR reviewer.

In practice, that means zero portfolio. Truth be told, I can sniff out issues with your code, but can't code features for shit. I really just don't have the patience to actually BUILD things.

I'm pretty much the town fool who angrily yells at managers for being dumb, rolls his eyes when he finds hacky code, then disappears into his cave to repair and refactor the mess other people made.

I totally suck at interviews, unless the interviewer really loves comparing Haskell's & Rust's type systems, or something equally useless.

I'm grumpy, hedonistic and brutally straight forward. Some coworkers call me "refreshing" and "direct but reasonable", others "barely tolerable" or even "fundamentally unlikable".

I'm not sure if they actually mean it, or are just messing with me, but by noon I'm either too deep into code, or too much under influence of cognac & LSD, wearing too little clothing, having interesting conversations WITH instead of AT the coffee machine, to still care about what other humans think.

There have been moments where I coded for 72 hours straight to fix a severe issue, and I would take a bullet to save this company from going under... But there have also been days where I called my boss a "A malicious tumor, slowly infecting all departments and draining the life out of the company with his cancerous ideas" — to his face.

I count myself lucky to still have a very well paying job, where many others are struggling to pay bills or have lost their income completely.

But I realize I'm really not that easy to work with... Over time, I've recruited a team of compatible psychopaths and misfits, from a Ukranian ex-military explosives expert & brilliant DB admin to a Nigerian crossfitting gay autist devops weeb, to a tiny alcoholic French machine learning fanatic, to the paranoid "how much keef is there in my beard" architecture lead who is convinced covid-19 is linked to the disappearance of MH370 and looks like he bathes in pig manure.

So... I would really hate to ever have to look for a new employer.

I would really hate to ever lose my protective human meat shield... I mean, my "team".

I feel like, despite having worked to get my Karma deep into the red by calling people all kinds of rude things, things are really quite sweet for me.

I'm fucking terrified that this peak could be temporary, that there's a giant ravine waiting for me, to remind me that life is a ruthless bitch and that all the good things were totally undeserved.

Ah well, might as well stay in character...

*taunts fate with a raised middlefinger*

Hahaha

Before becoming a developer, I used to work as a sales rep at this company that spent a good amount of time building what they believed to be an innovative state-of-the-art “code generator”. It was basically a scaffolding tool for generating software.

They were using it to auto generate customized iOS and Android native mobile app templates, along with a web backed.

The problem was that the generated code was shit, and the developers on the team basically spent more time fixing bugs than if they had built everything from scratch. But their passion for the product meant they just kept using it.

For some reason they never fixed issues in the original templates, so basically all the bugs that were found, kept showing up with each new app!

I have never seen apps like this that essentially had more bugs than features. Opening more than 10 app screen meant the app would freeze and crash. Sign up forms were actually dummy forms. The list goes on...

All the apps had the same shitty UI. For example, Product pages had a product image area that was like 5% of the screen view!

Last but not least, apps had a backend IP address hardcoded pointing to a server with an IP address that was temporary. So one day they had to restart the server and suddenly all customer apps stopped working and required a software update to work!

It was amazing seeing how a team of 3 developers trying to fix messy autogenerated code, couldn’t accomplish what was essentially a website on an app that I managed to build in my free time.

That’s how I knew it was time to quit my job and code full time.

When the department’s large plotter printer broke down, the users demanded they still be able to execute their large reports. The area manager understood reality, if we are waiting on parts, not a lot we can do, but one developer decided to re-write the report/application as a web/.asp application. Mind you, he wasn’t a web developer, mostly VB experience, so the ‘report’ executed the same queries and filled up simple html tables. Did it work? Sort of. The output had none of the specialized formatting like headers, grouping, summary calculations, etc. Since the users could see the data in the web browser and scroll left/right, they were OK with the temporary fix. When I heard this:
Me: “You do know the application could output the report in HTML exactly the way it prints to the printer. All we would have to do enable that feature in the application.”
Dev: “Yea, but I thought it would be cool to do it as a web app.”
Me: “OK, but we should just update the app.”
Dev: “Um...that is going to be difficult, the boss liked my idea so much, he wanted the report replaced with my asp application. I deleted the application from source control and from the network. Sorry.”
Me: “OMFG!…tell me you make a backup!”
Dev: “Ha!...no…boss said you would fight innovation. Web is the future.”
Me: ”What is going to happen when the printer is fixed!? Users are going to flip”
Dev: “Oh, we didn’t think of that. Oh well, that’s your problem now.”
Me: “WTF? My problem?”
Dev: “Yea, you are moving to the team responsible for those legacy applications, since innovation really isn’t your thing. I just got promoted to senior developer.”

Coming up to (very) tight deadline..

Manager - "Stick in a temporary fix, if the data is mocked out it will do for the demo. We really want to show this feature."
Me - "Okay, I"ll pick up the technical debt after the demo."

*Changes are coded and rolled out*

Manager calls me over to his desk..

Manager - "This feature isn't bringing back real data."

Do these kind of people exist in all companies?

So, my last post was about dual booting to Linux. I haven't had problems with Windows. However, after an apart partial update to the Creaters version, I can't open anything without an error that says "ceip.exe was unable to start correctly (0xc0000142)." I can't even run command prompt.

I have nothing on my PC that I can't replace (everything is backed up in at least two places) other than the programs I need for work. I can get them on Monday. But I'm on call the rest of today and tomorrow. And i need them because they help me test system health.

Trying to run the update again to see if I can repair it that way, otherwise, any suggestions for a temporary fix? Thinking my switch to Linux is sooner than I thought, but I have to be able to work.

JavaScript is very similar to duct tape, if it doesn't work, you haven't used enough.

"'This is just a temporary fix, I'll refactor it into something great and modular later" thought I as I continued to sin for the umpteenth time.

I dunno about coolest, but I did sort of cement my reputation as the "database guy" in my first job because of this.

My first job was with a group maintaining a series of websites. Because of the nature of the websites, every morning we had to pull the records from one database on one network, sneaker net the data to a database on another network, and import the data via custom data import function.

However, the live site would crash after 100 or so records were imported. The dba at the live site had to script out a custom data partitioning script to do his daily duties, but it definitely messed up his productivity.

Turns out, the custom mass import function had recycled the standard import function, which was only used to import 1 record at a time, and it never closed its database connections, because it never needed to. A one line fix to production code was delivered 6 months later (because that was our release cycle) and I came up with the temporary work around, which was basically removing the connection limit. It would still crash with the work around, but only with multiple days worth of data. So basically only on Monday. Also developed the test set for the import (15k+ records).

In today's episode of kidding on SystemD, we have a surprise guest star appearance - Apache Foundation HTTPD server, or as we in the Debian ecosystem call it, the Apache webserver!

So, imagine a situation like this - Its friday afternoon, you have just migrated a bunch of web domains under a new, up to date, system. Everything works just fine, until... You try to generate SSL certificates from Lets Encrypt.

Such a mundane task, done more than a thousand times already... Yet... No matter what you do, nothing works. Apache just returns a HTTP status code 403 - Forbidden.

Of course, what many folk would think of first when it came to a 403 error is - Ooooh, a permission issue somewhere in the directory structure!

So you check it... And re-check it to make sure... And even switch over to the user the webserver runs under, yet... You can access the challenge just fine, what the hell!

So you go deeper... And enable the most verbose level of logging apache is capable of - Trace8. That tells you... Not a whole lot more... Apparently, the webserver was unable to find file specified? But... Its right there, you can see it!

So you go another step deeper and start tracing the process' system calls to see exactly where it calls stat/lstat on the file, and you see that it... Calls lstat and... It... Returns -1? What the hell#2!

So, you compile a custom binary that calls lstat on the first argument given and prints out everything it returns... And... It works fine!

Until now, I chose to omit one important detail that might have given away the issue to the more knowledgeable right away. Our webservers have the URL /.well-known/acme-challenge/, used for ACME challenges, aliased somewhere else on the filesystem - To /tmp/challenges.

See the issue already?

Some *bleep* over at the Debian Package Maintainer group decided that Apache could save very sensitive data into /tmp, so, it would be for the best if they changed something that worked for decades, and enabled a SystemD service unit option "PrivateTmp" for the webserver, by default.

What it does is that, anytime a process started with this option enabled writes to /tmp/*, the call gets hijacked or something, and actually makes the write to a private /tmp/something/tmp/ directory, where something... Appeared as a completely random name, with the "apache2.service" glued at the end.

That was also the only reason why I managed fix this issue - On the umpteenth time of checking the directory structure, I noticed a "systemd-private-foobarbas-apache2.service-cookie42" directory there... That contained nothing but a "tmp" directory with 777 as its permission, owned by the process' user and group.

Overriding that unit file option finally fixed the issue completely.

I have just one question - Why? Why change something that worked for decades? I understand that, in case you save something into /tmp, it may be read by 3rd parties or programs, but I am of the opinion that, if you did that, its only and only your fault if you wrote sensitive data into the temporary directory.

And as far as I am aware, by default, Apache does not actually write anything even remotely sensitive into /tmp, so...

Why. WHY!
I wasted 4 hours of my life debugging this! Only to find out its just another SystemD-enabled "feature" now!

And as much as I love kidding on SystemD, this time, I see it more as a fault of the package maintainers, because... I found no default apache2/httpd service file in the apache repo mirror... So...

"Do not lose time improving the data pipelines from our ERP, it is about to be replaced!"
Then suddenly there is a week of bugs and stress because the non-improved data pipeline can't handle new situations.
"Just fix the bugs! It is all about to change anyway!"
Repeat. And repeat.

Fuck, I hate when managers think that there are such things as "temporary fixes" in ERPs. Or that companies can ever migrate to another ERP. Those things are forever, as Cheetos dust on your bowels.

setTimeout(() => {
// some temporary fix, will solve later
}, 0)

...aaaand it stayed there for eternity.

Got a strange thing today in class, as a teacher in programming. We have a lab where the computers haven't yet their final configuration ended, so the user used by the students is the administrator of the computer. And today, a student calls me and tell "sir, the password isn't the one you gave to us" (temporary the same for each machine until we fix the configuration).
Go to student's place, password incorrect with a hint "you know the code : up, up, down, down... oh, you don't know, huh? Too old! Too bad!"
Password was - off course - "konami".

But... how a student born in 1997 can think he can troll me with the konami code?!
He wasn't even born when I played on the NES as kid!

Sometimes I'd like to teach my students how to fly by tossing them by the windows...

My workplace has been forcing me to work everyday for almost a month now. I've been working at least 8-10 hours from Saturday to Thursday, and 2-3 hours on Friday as well. I'm so exhausted. I can't sleep properly. All I do is work. I have no time left to do things that I want to enjoy. I tried coding today but I'm too exhausted to do it. I was literally at 0 productivity today. I hate seeing my computer now. I don't know how to overcome this especially during the current lockdown situation. The work I do is not valued or appreciated and it's mentally breaking me honestly. I don't know what I want anymore. For sure another job but I need at least a temporary fix till the lockdown is over.

For those who know me or read through my profile, yup it's the same company. The reason I haven't left them even after all this is because this is a really tough time for me financially and I have no other sources of income and right now at my place there are no job opportunities. So the only option is to continue with the existing work place.

This temporary hack will just temporarily fix this problem. We will come back and actually fix the problem later.

We never come back to fix it later. This shitty hack I made in less than a day that fixed the problem for the day "fixed" the problem for the next year.

Lesson learned that temporary structures and side projects will be there forever. Make them right the first time.

This is just a temporary workaround. I will come back to this and fix this later. NEVER HAPPENS :)

How often do we come across IT managers who don't plan their work properly?

I teach software development and programming at a vocational school. Our IT manager said that we got a certain budget influx and that he can procure new computers for our teaching facilities. I happily agreed and hinted that i would really like some new hardware with proper graphics cards so i could do a few small projects with Unreal engine, Unity3d or use adobe products without hardware lag. The new computers arrived about a week ago and then the "fun" started.

He had ordered some PCs with proper graphics cards and processing power and talked about putting them to up in my classroom, so wheres the "fun" i meantioned? He only ordered half a classroom worth of them - i guess the budget didn't allow for more. A week later i was supposed to move to a new room and was waiting for my new computers to be installed and yet the IT manager said that my computers would be moved along with me. I was appalled - what had happened to the new PCs he promised?

Turns out he had put em up in another building without notice, a teacher there wanted to do an extracurricular movie making activity (that included a bit of video editing at some point). That classroom is always in use so me getting more than 1-2 hours a week in there is nigh impossible.

In the end i got no new computers, hardware or software.... he didnt even bother to switch out the 2 "temporary" laptops i had in my classroom since 2 years ago due to a small shortage back then and even these have an old image that didnt include a third of the software i normally use.

PS. He had about another 2-3 classrooms worth of new PCs but those were promised to the other IT teachers back then....

Stop commenting out code blocks!

Either fix your shit or delete it.

I am open to argue what fixing may mean, as it is perfectly fine to make your broken code not reachable, e.g. via feature flags or skipping certain tests. Yet never ever should you comment those blocks!

So you say you want to keep it for historic reasons? You know, that is why we use version control! If you ever need certain functionality back, you can restore that state.

Each decent IDE also offers a local history where you can even restore code blocks that weren't even pushed or committed. So use that!

Commenting out test cases is a really bad habit, as you have no reminder that you shall restore it.

And no, a TODO and a FIXME won't count as a reminder as you have to actively look for them. And we all know how well that goes, don't we? (One time, I found a typo of a `TDO`. So even with a regular lookup for TODO, stuff will slip.)

Each test suite offers you ways to skip tests if there are valid reasons why they should not fail the build temporary and they offer colorful feedback. Yes, that means that your tests won't be green, but guess what: That's a feature! They shouldn't be.

That yellow is a fine reminder, aka warning!, that you should really fix your shit.

Commented code screams: "I DON'T KNOW WHAT I WAS DOING!" and it confuses the hell out of other developers ("Was this commented because of debugging purposes and should be active again or can I safely delete this!?") and adds verbose crap to the code base.

If you find yourself to be in a place that you comment code a lot, I also argue that your workflow is broken.

When you are using a decent debugger, there shouldn't that much of a need to comment in and out a lot of code in order to reason about your code-base.

Well, I'm no professional developer, still at school, but I thought about this, regarding convincing PMs of you writing permanent fix instead of a temporary workaround: Just tell them that this one particular issue can't have a hotfix, and that you need time to fix it.

Working on a project to create a space Invaders clone using Android studio/java. Point is to prove teamwork and our ability to optimise for a phone.

Leader makes the engine
Passes code to me who is doing gameplay.
Creating classes, testing them with a temporary activity class to get them on screen.
Okay, time to get it going properly.
Starts creating the game by placing aliens to the screen via the new alien manager, created in the true starting place.
Nothing appears on screen, sounds still play.
Odd. Repeatedly try to fix, but objects will not appear on the screen if created outside of temporary activity.
Show problem to leader as I haven't been able to figure out.
Gets lectured to no end about how I can't just ask him for help (first fucking time) if I get stuck!!!
Turns out, the value for frame time is way off for the first frame, and their positions get going way off the screens range when being placed. Temp activity works as it skips first frame.
Why did this happen? Genius leader didn't properly initialise it, so first frame time was equal to the First Date Object time ever locked - current time 🤔🤔🤔
We figured it out together.

Just reed a comment in the fucking shitty codebase im working on :

/* temporary fix */

I’m fucking done guys !

Need a serious help as I can't find a solution to this. My Google search (homepage + results) changes the language to a regional one on every refresh. I want it back to English, I even changed search language setting and the account language for all apps to english. When it hinted, "some apps don't have the same language" in a toast message, I updated that too.

Now I don't understand what is causing this. Here's what I tried. I reinstalled chrome. Removed all my extensions. Used the chrome malicious software detection. Used a different browser- Edge.

I see this is a problem with my Google account as this only happens after I sign in. The language automatically changes to a random regional language, but the search language settings still show English selected.

I checked all the apps authorized with my account but there's nothing suspicious there.
I added "?hl=en" to the url as a temporary fix but that doesn't really help much if I'm on another device. I also found some video suggesting to add "/ncr" to the url. It somehow fixed this for like 10 secs. and then I refreshed to see- back to the same problem.

I tried looking for similar issues and even asked a question on google forums but no luck. Somehow after an hour of repeating the same process of switching the language in settings, it seemed like it got fixed. Until now, where I logged into another device and the issue is back.

Any help? Please? Thanks. :)

Because of cache split brain issue I have to invalidate cache every 5min. I've said to lead dev about this hack and we both agree to solve it asap.

This was 3 months ago...

Temporary fix becomes production solution. And it only took me 10min to add cron entry to every prod srv.

So productive!

Btw you should see users faces when page referesh changes page completely because of load balancing xD)

!tech i don't understand how people makes any place a home?

I have an experience of living with my parents and that is a place where i feel belonging and safe, but i wonder why? like , in your home, you could be awake till 4 am and still sleep like a log. you won't have thoughts of strangers trying to murder you or rob you when you hear the slightest noise. (atleast not occasionally)

but this is not the case when you try to live alone. for eg , i would often call/text someone before sleep when i am staying in a hotel room. and if the hotel isn't a superior one (imagine those close, small rooms w in a broken up 2 star hotel in a quiet and unpopulated area), i would be sleeping with my eyes open, praying the night to get over

So an early conclusion can be this : a person would feel safe and carefree wherever they are with known people. in my home i got my parents. although its weird since they are neither physically nor financially powerful to deal with any stranger situation. But still, a home feels home. and a home feels safe.

maybe it's because of the the people around the home? so most people have neighbours, shops, parks, efc around their homes. some even have forests, police stations or other places in vicinity. so does that make an area safe to breathe ?

For our family, i don't know if that thing applies. our neighbours are crappy dummies who would rather have someone's home burning than coming for rescue, but fight to death if someone parks in their spot or ask them to fix something. If their is a robbery in our area, i would rather suspect one of those assheads to be the culprits than someone from outside.

however, knowing the fact that they know us makes me think that this is a considerable factor that add to the sense of safeness in an environment . i guess that's why even the verbal quarrels among neighbours are done in such a noisy manner.

So if someone is shifting to another location, say in a different city or even a different state, they should spend first few days befriending every neighborhood person? that would be a weird approach. i have seen a few shiftings in my area and the new people rarely try to come into attention. even the people who get shifter on temporary basis (i.e the rent based pg/tenents etc), are always silent.

so how exactly does anyone make a new house, their comfortable and safe 'home' ?

Very annoyed by PR comments for temporary fixes.

I made a one line change that basically removes a link from showing. Test it via UI and it worked 100%. Then a more senior engineer comes in and says to do it a different way that takes more time to get the hotfix out and 3 times the amount of files changed.

Why? What's the fucking point? It's a temporary fix that will be removed in a week. Why waste my time and your time? Now I'm wasting time on here.

Hey. I'm still very new to CloudFlare and I have a question.

Let's say that I have 4 sub domains: a.test.com, b.test.com, c.test.com, d.test.com. They're all under the same domain (test.com).

I have a page rule setup specifically for a.test.com, where "Disable security" is set to On. I did this as a temporary solution so that I can figure out the problems that a.test.com has when the security is enabled (had users complaints regarding not being able to send requests with CF security On), so that it is still accessible while I try to fix it..

By turning disabling security for a.test.com, do I put others (b, c, d) at risk? I had someone telling me that it is possible for attackers to make use of a.test.con (unprotected by CF) in order to attack the other sub-domains. "a.test.com has no protection so attackers can use it to send requests to other secured subdomains, cross-site attack" or something along that line.

I don't get this. I thought page rule is supposed to be active only for the domain where it's being set up and the rest will still be secured, and that if attacker manages to attack the other subdomain its due to the others not having secure applications inside of it.

Dunno if that person was telling the truth or tried to mess around with me with their joke!

Thanks!

Manager: Can we achieve X?
Dev: We can do with Y. But with the time that you are allocating it is difficult to complete Y.
Manager: Can we do a temporary fix?
Dev: Sure. We can do Z. But we need to prioritise Y in the next sprint else Z will cause issues in the long run.
Manager: Sure

After many next sprints,.......

Manager: Hey, Z is causing us issues regularly. Can we do something about it.
Dev: We still can do Y.
Manager: Come up with document on the implementation. We'll implement it.
Dev: Sure. Will do.