So, some time ago, I was working for a complete puckered anus of a cosmetics company on their ecommerce product. Won't name names, but they're shitty and known for MLM. If you're clever, go you ;)

Anyways, over the course of years they brought in a competent firm to implement their service layer. I'd even worked with them in the past and it was designed to handle a frankly ridiculous-scale load. After they got the 1.0 released, the manager was replaced with some absolutely talentless, chauvinist cuntrag from a phone company that is well known for having 99% indian devs and not being able to heard now. He of course brought in his number two, worked on making life miserable and running everyone on the team off; inside of a year the entire team was ex-said-phone-company.

Watching the decay of this product was a sheer joy. They cratered the database numerous times during peak-load periods, caused $20M in redis-cluster cost overrun, ended up submitting hundreds of erroneous and duplicate orders, and mailed almost $40K worth of product to a random guy in outer mongolia who is , we can only hope, now enjoying his new life as an instagram influencer. They even terminally broke the automatic metadata, and hired THIRTY PEOPLE to sit there and do nothing but edit swagger. And it was still both wrong and unusable.

Over the course of two years, I ended up rewriting large portions of their infra surrounding the centralized service cancer to do things like, "implement security," as well as cut memory usage and runtimes down by quite literally 100x in the worst cases.

It was during this time I discovered a rather critical flaw. This is the story of what, how and how can you fucking even be that stupid. The issue relates to users and their reports and their ability to order.

I first found this issue looking at some erroneous data for a low value order and went, "There's no fucking way, they're fucking stupid, but this is borderline criminal." It was easy to miss, but someone in a top down reporting chain had submitted an order for someone else in a different org. Shouldn't be possible, but here was that order staring me in the face.

So I set to work seeing if we'd pwned ourselves as an org. I spend a few hours poring over logs from the log service and dynatrace trying to recreate what happened. I first tested to see if I could get a user, not something that was usually done because auth identity was pervasive. I discover the users are INCREMENTAL int values they used for ids in the database when requesting from the API, so naturally I have a full list of users and their title and relative position, as well as reports and descendants in about 10 minutes.

I try the happy path of setting values for random, known payment methods and org structures similar to the impossible order, and submitting as a normal user, no dice. Several more tries and I'm confident this isn't the vector.

Exhausting that option, I look at the protocol for a type of order in the system that allowed higher level people to impersonate people below them and use their own payment info for descendant report orders. I see that all of the data for this transaction is stored in a cookie. Few tests later, I discover the UI has no forgery checks, hashing, etc, and just fucking trusts whatever is present in that cookie.

An hour of tweaking later, I'm impersonating a director as a bottom rung employee. Score. So I fill a cart with a bunch of test items and proceed to checkout. There, in all its glory are the director's payment options. I select one and am presented with:

"please reenter card number to validate."

Bupkiss. Dead end.

OR SO YOU WOULD THINK.

One unimportant detail I noticed during my log investigations that the shit slinging GUI monkeys who butchered the system didn't was, on a failed attempt to submit payment in the DB, the logs were filled with messages like:

"Failed to submit order for [userid] with credit card id [id], number [FULL CREDIT CARD NUMBER]"

One submit click later and the user's credit card number drops into lnav like a gatcha prize. I dutifully rerun the checkout and got an email send notification in the logs for successful transfer to fulfillment. Order placed. Some continued experimentation later and the truth is evident:

With an authenticated user or any privilege, you could place any order, as anyone, using anyon's payment methods and have it sent anywhere.

So naturally, I pack the crucifixion-worthy body of evidence up and walk it into the IT director's office. I show him the defect, and he turns sheet fucking white. He knows there's no recovering from it, and there's no way his shitstick service team can handle fixing it. Somewhere in his tiny little grinchly manager's heart he knew they'd caused it, and he was to blame for being a shit captain to the SS Failboat. He replies quietly, "You will never speak of this to anyone, fix this discretely." Straight up hitler's bunker meme rage.

Lets create a library.

Lets use that library in a project.

Lets wrap the library call in a wrapper functione to remove duplicate code.

Lets add an overloaded wrapper call that wraps the wrapper call that calls the library to partially undo the duplicate code removal.

Lets add another overloaded wrapper call that wraps the wrapper call that wraps the wrapper call that calls the library to partially undo the duplicate code removal.

How I love it. Not.

Sometimes redundancy makes sense, especially when it are two lines which make it obvious whats going on vs a single line that leads to a fuckton of overloaded wrapper functions.

Sheeesh.

Today in "code monkeys deserve divine punishment".

Another funny thing is creating a Helper class for Junit 5 tests, making it instantiable and adding to it all kinds of shit like testcontainer creation, applications instantiation, mocks, ....

... Then " crying " why the tests are so slow.

Yeah. Logic. Isolation of concerns, each test should be a stand alone complex.

But that would lead to redundancy... Oh no.

Better to create a global state god object.

Some devs... Really amaze me, especially when they argument in ways that makes one really wonder whether they are serious or just brain dead.

Diary of an insane lead dev: day 447

pdf thumbnails that the app generates are now in S3 instead of saved on disk.

when they were on disk, we would read them from disk into a stream and then create a stream response to the client that would then render the stream in the UI (hey, I didn't write it, I just had to support it)

one of my lazy ass junior devs jumps on modifying it before I can; his solution is to retrieve the file from the cloud now, convert the stream into a base64 encoded string, and then shove that string into an already bloated viewmodel coming from the server to be rendered in the UI.

i'm like "why on earth are you doing that? did you even test the result of this and notice that rendering those thumbnails now takes 3 times as long???"

jr: "I mean, it works doesn't it?"

seriously, if the image file is already hosted on the cloud, and you can programmatically determine its URL, why wouldn't you just throw that in the src attribute in your html tag and call it a day? why would you possibly think that the extra overhead of retrieving and converting the file before passing it off to the UI in an even larger payload than before would result in a good user experience for the client???

it took me all of 30 seconds to google and find out that AWS SDK has a method to GetPreSignedURL on a private file uploaded to s3 and you can set when it expires, and the application is dead at the end of the year.

JFC. I hate trying to reason with these fuckheads by saying "you are paid for you brain, fucking USE IT" because, clearly these code monkeys do not have brains.

The story of how I got my dream job.

I was working for a company with a job I got just after graduating university. It was ok, not very exciting tech but I learned a lot by just surrounding myself with professional code monkeys. I was there for about a year when my company bought parts of another company and there was talk about people getting fired. This made me worried since I was the last one to get hired, so I started looking around for other jobs. I received this e-mail from a company saying they were looking for interns, what a coincidence! I adjusted my CV and sent it in.

--A few weeks pass--

It's Friday and I'm at a dinner party, it's 10pm and someone is calling me. I pick up and it's a recruiter from this company. I get very nervous but the alcohol helps me keep my cool, I pass the initial idiot test and they invite me for an interview. Yay!

I go to work on Monday and in a 1-on-1 and I tell my boss about the upcoming interview, he gives me a high-five :)

The interview is approaching and I'm feeling that I'm about to get sick, I refuse to believe this so I start taking a lot of medicine (painkillers, cough medicine etc.). I feel a bit better and thank the gods for medication.

--D-day--

I wake up, put on my nicest clothes and get on the train. I had one hour to spare just in case, which was well needed because the fucking train is late by 30 minutes. I'm still heavily medicated because of my ongoing fever. When I arrive I basically have to run there and somehow I manage to pick up a coffee on the way there which I devour in two seconds. I'm ready for the interview!

Some guy meets me in reception and the first thing he says is "My colleague doesn't speak our language so we'll have to speak english". This is fine, I speak good english but I was not prepared for this so it caught me off-guard and made me even more nervous. We get in and start talking. Things are going OK despite my numbed brain. I try to make eye-contact to make a good impression with the foreign engineer but he keeps staring somewhere which is making me nervous.

We get to the technical part on a whiteboard and this is where my brain decides to stop communicating. I'm presented a simple task which I'm struggling with finishing, and I feel the embarrassment coming over me. "NOOOOO THIS IS MY DREAM JOB, THIS CANNOT BE HAPPENING!" I'm thinking to myself. After making myself look like a complete arsehole for some time we wrap it up and just before I step out the door I say to the engineer "You should checkout my Github page, I have lots of interesting stuff there" and he says "I'll be sure to do that" but I don't believe him.

I leave the office in fury (of myself) and make my way to the train station and even though it's the middle of the day I quickly devour two beers to calm my nerves and make me feel a bit better. I was so damn disappointed in myself, I wasted the opportunity of a lifetime! I go back home to my regular (now shitty) job.

--Two days later--

I get a call from an unknown number. I pick up the phone and it's the same recruiter guy. "So how did you think it went?" he says. "To be honest, I think it went really bad", I replied. "What? Really? Because they loved you, you got the job". (this was an obvious recruiter lie) "... wat, are you sure you called the correct person?" I said and he just laughed. The day after I quit my old job the whole department gets fired - such impeccable timing.

--A few months later--

I finish my internship and they want to keep me. I'm so happy. The engineer that was in the interview works on my team. I ask him "Why did you hire me? You know as well as I do that my interview was horrible". It turns out he _did_ look at my Github profile and that's how he knew I could write code. I also heard later that for my position there was about 2000 applicants and somehow I made the interviews.

I still work there today and I couldn't be happier (Sorry for the long text).

After 3 interviews with test:
"Ok very good, I see you are good with JavaScript, Php, MySQL and some frameworks, it's exactly what we need because we use only on the edge technologies and we do very cool products."
"Thanks, so what about the first app?"
"App? oh no eheh, now you must manage our 12 wordpress sites and edit the CSS!"
"Very good, so while I see you all goin to fuck monkeys I with to you a nice day"

Our employee management system, for some reason, stored Testlists (I work in QA) linked to the user accounts that created them. Now after an colleague who worked there for five years left pretty much all our data was suddenly down the drain and nobody backed the fricking server up because, hey, whats the fun in that. Now all the tests need to be rewritten and other than the whole gui test automation of our product, maintenance of the same for another product, manually testing dev issues and training my new code monkeys to frickin not commit non working code to the trunk I have now also "Make a better Employee management system" (roughly translated those are the specs I've got) on my plate... I can remember back to the care free days of just before my boss asked me if I wanted to try to automate some of the test cases... How did I ever survive this paralyzing tranquility. Ha, surprise.
!rant, I fucking love the stress and juggling a shit ton of problems at the same time keeps ine on edge.

I hate having to deal with our IT service desk. Every time it takes enormous energy to get to the right people and make them understand that no, you are not an idiot, but you actually have a technical issue.

Sure thing they do have a few competent nice folks there too I've gotten to know over time and they indeed have to deal with a ton of dumb non-tech savvy idiots on a daily basis. However, if my job title mentions "software" and "engineer" they should at least assume I'm an idiot in tech. Or something. Every single time I need to open a ticket, even for the simplest "add x to env y", I need to quadruple check that the subject line is moron-friendly because otherwise they would take every chance to respond "nah we can't do that", "that's not us", or "sry that's not allowed". And then I would need to respond, "yes you do:) your slightly more competent colleague just did this for us 2 weeks ago".

Now you might imagine this is on even another level when the problem is complex.

One of our internal apps has been failing because one of the internal APIs managed by a service desk team responds a 500 status code randomly but only when called with a specific internal account managed by another service desk team.
(when I say "managed by", that doesn't mean they maintain it, it just mean they are the only ones who would have access to change something)

Yesterday I spent over a fucking hour writing a super precise essay detailing the issue, proving a million times it's not on our end and that they need to fix it. Now here is an insight to what beautiful "IT service" our service desk provides:

1) ticket gets assigned to a "Connectivity Engineer" lady

2) few hours later she responds and asks me to give her the app and environment IDs and grant her access to those
(naturally everything in my email was ignored including these two IDs)

3) since the app needs to be in prod for the issue, I make a copy isolating the failing part and grant her access to the original "for reference" and the copy to play with

4) few hours later I get an email from the env that some guy called P made changes to the actual app, no changes to the copy
(maybe they immediately fixed the app even though I asked them to only touch the copy)
I also check the env and the live app had been shared with another 2 people giving them editing rights:)

5) another few hours pass and the lady responds that she had been chatting with P (no mention of who tf that guy is) and that P has a suggestion that might work and I should test it, "please see screen shot" for details:

These motherfuckers sent me a fucking screenshot of the env config file where "P has edited a few parameters" that might help. The screenshot had a 16 line part of the config json with a bunch of IDs and Base64 params which HE EDITED LOCALLY.

Again, because I needed a few iterations to realise what I've just witnessed:
These idiots modified some things in the main app (not the copy) for hours. Then came to the conclusion that the config needs some IDs and params updated. They downloaded the config json. Edited it locally. Did not fucking upload it back to the main or test app. Did not test it live. Did not CC in or direct the guy with changes to me. Did not send me the modified config file. Did not even paste the new IDs into the email. But TOOK A FUCKING SCREENSHOT OF THE MODIFIED FILE AND SENT THAT SHIT TO ME. And then had the audacity to ask me to test it when they had access to it and that's literally their fucking job.

I had to compare the fucking screenshot to the live config file and manually type in the changes.

And no, it still doesn't work. And Now I have to get back to them showing it still fails the same way but I just can't deal with these people. Fuck. Was hoping by the time I write it all down it'd be better, and it does feel a bit better, but I still need to get this app fixed. And I can only do it through these... monkeys. I just can't. Talking to these people drains my life energy... I'm just sad.

When you write a new project using TDD and your colleague who isn't in to it make all unit tests practically fail and also breaks code style tests and doesn't give a flying monkeys.

His excuse is if you write tests what will test the tests -.-

What would your reaction be to that?

Tester has found an issue: controller input stops working when performing certain steps.

Creates a report and provides an attachment.

The attachment depicts some menu where, at first, the cursor moves around various options, then simply stops moving.

The problem:

Since this is a simple in-game recording, there is neither an overlay of the controller w/ a visual representation of the input actually being provided but not working, nor there is a camera recording available where I can see the tester pressing buttons on a controller.

For all I know, the tester put down the controller / stopped pressing buttons.

...I've also seen reports of animations not working... w/ fucking screenshots attached.

How the fuck can you see something not being animated in a fucking static picture?

Long post, TLDR: Given a large team building large enterprise apps with many parts (mini-projects/processes), how do you reduce the bus-factor and the # of Brent's (Phoenix Project)?

# The detailed version #

We have a lot of people making changes, building in new processes to support new flows or changes in the requirements and data.

But we also have to support these except when it gets into Production there is little information to quickly understand:
- how it works
- what it does/supposed to do
- what the inputs and dependencies are

So often times, if there's an issue, I have to reverse engineer whatever logic I can find out of a huge mess.

I guess the saying goes: the only people that know how it works is whoever wrote it and God.

I'm a senior dev but i spend a lot of time digging thru source code and PROD issues to figure out why ... is broken and how to maybe fix it.

I think in Agile there's supposed to be artifacts during development but never seen em.

Personally whenever i work on a new project, I write down notes and create design diagrams so i can confirm things and have easy to use references while working.

I don't think anyone else does that. And afterwards, I don't have anywhere to put it/share it. There is no central repo for this stuff other than our Wiki but for the most part, is like a dumping ground. You have to dig for information and hoping there's something useful.

And when people leave, information is lost forever and well... we hire a lot of monkeys... so again I feel a lot of times i m trying to recover information from a corrupted hard drive...

The only way real information is transferred is thru word of mouth, special knowledge transfer sessions.

Ideally I would like anything that goes into PROD to have design docs as well as usage instructions in order for anyone to be able to quickly pick it up as needed but I'm not sure if that's realistic.

Even unit tests don't seem to help much as they just test specific functions but don't give much detail about how a whole process is supposed to work.