Dear people who complain about spending a whole night to find a tiny syntax error; Every time I read one of your rants, I feel like a part of me dies.

As a developer, your job is to create elegant optimized rivers of data, to puzzle with interesting algorithmic problems, to craft beautiful mappings from user input to computer storage and back.

You should strive to write code like a Michelangelo, not like a house painter.

You're arguing about indentation or getting annoyed by a project with braces on the same line as the method name. You're struggling with semicolons, misplaced braces or wrongly spelled keywords.

You're bitching about the medium of your paint, about the hardness of the marble -- when you should be lamenting the absence of your muse or the struggle to capture the essence of elegance in your work.

In other words:

Fix your fucking mindset, and fix your fucking tools. Don't fucking rant about your tabs and spaces. Stop fucking screaming how your bloated swiss-army-knife text editor is soooo much better than a purpose-built IDE, if it fails to draw something red and obnoxious around your fuck ups.

Thanks.

Never trust the user with input...

My Toddler son playing cars on the keyboard, simultaneously simulating dumb user input on a website.

Things have been a little too quiet on my side here, so its time for an exciting new series:

practiseSafeHex's new life as a manager.

Episode 1: Dealing with the new backend team

It's great to be back folks. Since our last series where we delved into the mind numbing idiocy of former colleagues, a lot has changed. I've moved to a new company and taken a step up as a Dev manager / Tech lead. Now I know what you are all thinking, sounds more dull and boring right? Well it wouldn't be a practiseSafeHex series if we weren't ...

<audience-shouting>
DEALING! ... WITH! ... IDIOTS!
</audience-shouting>

Bingo! so lets jump right in and kick us off with a good one.

So for the past few months i've been on an on-boarding / fact finding / figuring out this shit-storm, mission to understand more about what it is i'm suppose to do and how to do it. Last week, as part of this, I had the esteemed pleasure of meeting face to face with the remote backend team i've been working with. Lets rattle off a few facts to catch us all up:

- 8 hour time difference to me
- No documentation other than a non-maintained swagger doc
- Swagger is reporting errors and several of the input models are just `Type: String`
- The one model that seems accurate, has every property listed as optional, including what must be the primary key
- Properties go missing and get removed at the drop of a hat and we are never told.
- First email I sent them took 27 days to reply, my response to that hasn't been answered so far 31 days later (new record! way to go team, I knew we could do it!!!)
- I deal directly with 2 of them, the manager and the tech lead. Based on how things have gone so far, i've nick named them:
1) Ass
2) Hole

So lets look at some example of their work:

- I was trying to test the new backend, I saw no data in QA. They said it wouldn't show up until mid day their time, which is middle of the night for us. I said we need data in our timezone and I was told: a) "You don't understand how big this system is" (which is their new catch phrase) b) "Your timezone is not my concern"

- The whole org started testing 2 days later. The next day a member from each team was on a call and I was asked to give an update of how the testing was going on the mobile side. I said I was completely blocked because I can't get test data. Backend were asked to respond. They acknowledged they were aware, but that mobile don't understand how big the system is, and that the mobile team need to come up with ideas for the backend team, as to how mobile can test it. I said we can't do anything without test data, they said ... can you guess what? ... correct "you don't understand how big the system is"

- We eventually got something going and I noticed that only 1 of the 5 API changes due on their side was done. Opened tickets. 2 days later asked them for progress and was told that "new findings" always go to the bottom of the backlog, and they are busy with other things. I said these were suppose to be done days ago. They said you can't give us 2 days notice and expect everything done. I said the original ticket was opened a month a go *sends link* ......... *long silence* ...... "ok, but you don't understand how big the system is, this is a lot of work"

- We were on a call. Product was asking the backend manager (aka "Ass") a question about a slight upgrade to the new feature. While trying to talk, the tech lead (aka "Hole") kept cutting everyone off by saying loudly "but thats not in scope". The question was "is this possible in the future" and "how long would it take", coming from management and product development. Hole just kept saying "its not in scope", until he was told to be quiet by several people.

- An API was sending down JSON with a string containing a message for the user with 2 bits of data inside it. We asked for one of those pieces to also come down as a property as the string can change and we needed it client side. We got that. A few days later we found an edge case and asked for the second piece of data to be a property too. Now keep in mind, they clearly already have access to them in order to make the string. We were told "If you keep requesting changes like this, you are going to delay the release of the backend by up to 2 weeks"

Yes folks, there you have it, the most minuscule JSON modifications, can delay your release by up to 2 weeks ........ maybe I should just tell product, that they don't understand how big the app is, and claim we can't build it on our side? Seems to work for them

Thats all the time we have for today,

Tune in for more, where we'll be looking into such topics as:

- If god himself was an iOS developer ... not
- Why automate when you can spend all day doing it by hand
- Its more time-efficient to just give everything a story point of 5
- Why waste time replying to emails ... when you can do nothing instead

See you all next week,
practiseSafeHex

So a user reported they couldn't login to our site, so I reset their password to:

uI+ffRT7M2NAzo8uOqzf4QxO3I9tj8PJ4TS0n8zDV7I

And sent them back an email with the updated password. A few minutes later, they replied and said that password didn't work. They even tried a different web browser, etc. I tried it myself, and sure enough, it didn't work.

I spent the next several hours trying to figure out why the password didn't save properly, or why the logic didn't compare them correctly. Perhaps it was some sort of caching issue? Oh the horror.

As it turns out, the problem was a maxlength of 28 on the login form field:

<input type="password" name="password" value="" maxlength="28"/>

I don't know who wrote that code, but it sure wasn't me.

To be a good developer, you must thrive in chaos, and have an insatiable desire to turn it into order.

All user input, both work tasks and actual application input, is pure fucking chaos.

The only way to turn that input into anything usable, is to interpret, structure and categorize it, to describe the rules for transformation as adequately as you can.

Sometimes companies create semi-helpful roles to assist you with this process. Often, these people are so unaware of the delicacy of the existing chaos, that any decision they make just ripples out in waves leaving nearly irreparable confusion and destruction in its path.

So applications themselves also slowly wear down into chaos under pressure of chaotic steak-holders which never seem to be able to choose between peppercorn or bernaise sauce for their steaks.

Features are added, data is migrated between formats, rules become unclear. Is ketchup even fucking valid, as a steak sauce?

The only way to preserve an application long term, is refactoring chaos into order.

But... the ocean of chaos will never end.

You must learn to swim in it.

All you can hope to do is create little pools of clarity where new creative ideas can freely spawn.

Ideas which will no doubt end up polluting their own environment, but that's a problem for tomorrow.

So you must learn to deal with the infinite stream of perplexed reactions from those who can't attach screenshots to issue reports.

You must deflect dragging conversations from those who never quite manage to translate gut feeling into rational sentences.

You must learn to deal with the fact that in reality there are no true microservice backends. There are no clean React frontends. There are no normalized databases. Full test coverage, well-executed retrospectives, finished sprints -- they are all as real as spherical cows in a vacuum.

There is no such thing as clean code.

There is only "relatively cleaner code", and even then there are arguments as to why it would be "subjectively relatively cleaner code".

Every repository, every product, every team and every company is an amalgamation of half-implemented ideals, well-intended tug of war games, and brilliantly shattered dreams.

You will encounter fragmented shards of perfect APIs, miles of tangled barbed documentation, beheaded validator classes, bloody mangled corpses of analytical dashboards, crumbled concrete databases.

You must be able to breathe in those thick toxic clouds of rotting technical and procedural debt, look at your reflection in the locker room mirror while you struggle yourself into a hazmat suit, and think:

"Fuck yes, I was born for this job".

One week, and it turned out to be worse than that.

I was put on a project for a COVID-19 program in America (The CARES Act). The financial team came to us on Monday morning and said they need to give away a couple thousand dollars.

No big deal. All they wanted was a single form that people could submit with some critical info. Didn't need a login/ registration flow or anything. You could have basically used Google Forms for this project.

The project landed in my lap just before lunch on Monday morning. I was a junior in a team with a senior and another junior on standby. It was going to go live the next Monday.

The scope of the project made it seem like the one week deadline wasn't too awful. We just had to send some high priority emails to get some prod servers and app keys and we were fine.

Now is the time where I pause the rant to express to you just how fine we were decidedly **not**: we were not fine.

Tuesday rolls around and what a bad Tuesday it was. It was the first of many requirement changes. There was going to need to be a review process. Instead of the team just reading submissions from the site, they needed accept and reject buttons. They needed a way to deny people for specific reasons. Meaning the employee dashboard just got a little more complicated.

Wednesday came around and yeah, we need a registration and login flow. Yikes.

Thursday came and the couple-thousand dollars turned into a tens of millions. The amount of users we expected just blew up.

Friday, and they needed a way for users to edit their submissions and re-submit if they were rejected. And we needed to send out emails for the status of their applications.

Every day, a new meeting. Every meeting, new requirements that were devastating given our timeframe.

We put in overtime. Came in on the weekend. And by Monday, we had a form that users could submit and a registration/ login flow. No reviewer dashboard. We figured we could take in user input on time and then finish the dashboard later.

Well, financial team has some qualms. They wanted a more complicated review process. They wanted roles; managers assign to assistants. Assistants review assigned items.

The deadline that we worked so hard on whizzed by without so much as a thought, much less the funeral it deserved.

Then, they wanted multiple people to review an application before it was final. Then, they needed different landing pages for a few more departments to be able to review different steps of the applications.

Ended up going live on Friday, close to a month after that faithful Monday which disrupted everything else I was working on, effective immediately.

I don't know why, but we always go live on a Friday for some reason. It must be some sort of conspiracy to force overtime out of our managers. I'm baffled.

But I worked support after the launch.

And there's a funny story about support too: we were asked to create a "submit an issue" form. Me and the other junior worked on it on a wednesday three weeks into the project. Finished it. And the next day it was scrapped and moved to another service we already had running. Poor management like that plagued the project and worked in tandem with the dynamic and ridiculous requirements to make this project hell.

Back to support.

Phone calls give me bad anxiety. But Friday, just before lunch, I was put on the support team. Sure, we have a department that makes calls and deal with users. But they can't be trained on this program: it didn't exist just a month ago, and three days ago it worked differently (the slippery requirements never stopped).

So all of Friday and then all of Saturday and all of Monday (...) I had extended panic attacks calling hundreds of people. And the team that was calling people was only two people. We had over 400 tickets in the first two days.

And fuck me, stupid me, for doing a good job. Because I was put on the call team for **another** COVID project afterwards. I knew nothing about this project. I have hated my job recently. But I'm a junior. What am I gonna say, no?

In a user-interface design meeting over a regulatory compliance implementation:
User: “We’ll need to input a city.”
Dev: “Should we validate that city against the state, zip code, and country?”
User: “You are going to make me enter all that data? Ugh…then make it a drop-down. I select the city and the state, zip code auto-fill. I don’t want to make a mistake typing any of that data in.”
Me: “I don’t think a drop-down of every city in the US is feasible.”
Manage: “Why? There cannot be that many. Drop-down is fine. What about the button? We have a few icons to choose from…”
Me: “Uh..yea…there are thousands of cities in the US. Way too much data to for anyone to realistically scroll through”
Dev: “They won’t have to scroll, I’ll filter the list when they start typing.”
Me: “That’s not really the issue and if they are typing the city anyway, just let them type it in.”
User: “What if I mistype Ch1cago? We could inadvertently be out of compliance. The system should never open the company up for federal lawsuits”
Me: “If we’re hiring individuals responsible for legal compliance who can’t spell Chicago, we should be sued by the federal government. We should validate the data the best we can, but it is ultimately your department’s responsibility for data accuracy.”
Manager: “Now now…it’s all our responsibility. What is wrong with a few thousand item drop-down?”
Me: “Um, memory, network bandwidth, database storage, who maintains this list of cities? A lot of time and resources could be saved by simply paying attention.”
Manager: “Memory? Well, memory is cheap. If the workstation needs more memory, we’ll add more”
Dev: “Creating a drop-down is easy and selecting thousands of rows from the database should be fast enough. If the selection is slow, I’ll put it in a thread.”
DBA: “Table won’t be that big and won’t take up much disk space. We’ll need to setup stored procedures, and data import jobs from somewhere to maintain the data. New cities, name changes, ect. ”
Manager: “And if the network starts becoming too slow, we’ll have the Networking dept. open up the valves.”
Me: “Am I the only one seeing all the moving parts we’re introducing just to keep someone from misspelling ‘Chicago’? I’ll admit I’m wrong or maybe I’m not looking at the problem correctly. The point of redesigning the compliance system is to make it simpler, not more complex.”
Manager: “I’m missing the point to why we’re still talking about this. Decision has been made. Drop-down of all cities in the US. Moving on to the button’s icon ..”
Me: “Where is the list of cities going to come from?”
<few seconds of silence>
Dev: “Post office I guess.”
Me: “You guess?…OK…Who is going to manage this list of cities? The manager responsible for regulations?”
User: “Thousands of cities? Oh no …no one is our area has time for that. The system should do it”
Me: “OK, the system. That falls on the DBA. Are you going to be responsible for keeping the data accurate? What is going to audit the cities to make sure the names are properly named and associated with the correct state?”
DBA: “Uh..I don’t know…um…I can set up a job to run every night”
Me: “A job to do what? Validate the data against what?”
Manager: “Do you have a point? No one said it would be easy and all of those details can be answered later.”
Me: “Almost done, and this should be easy. How many cities do we currently have to maintain compliance?”
User: “Maybe 4 or 5. Not many. Regulations are mostly on a state level.”
Me: “When was the last time we created a new city compliance?”
User: “Maybe, 8 years ago. It was before I started.”
Me: “So we’re creating all this complexity for data that, realistically, probably won’t ever change?”
User: “Oh crap, you’re right. What the hell was I thinking…Scratch the drop-down idea. I doubt we’re have a new city regulation anytime soon and how hard is it to type in a city?”
Manager: “OK, are we done wasting everyone’s time on this? No drop-down of cities...next …Let’s get back to the button’s icon …”

Simplicity 1, complexity 0.

people often forget the real first rule of programming: "All user input is malicious."

When you assume user input.
I stole this from a Discord server, sorry if repost

Client: Please remove the address inputs from the inquiry form. Our marketing strategist said that more people will fill out the form if there are less input fields.

Me: But you are required by law to include the address in the generated inquiry PDFs!

Client: Can you remove the fields and still include the address in the PDF somehow?

Me: No. How would the website know the users address without asking for it.

Client: Okay. Wait! Can we change the form to just one large input where the user has to enter everything at once? That is even less inputs so more users would do it, right?

Me:...

I was in a public place on my laptop, and my laptop went into hibernation to save battery. I switched it back on and then the laptops BIOS came up saying that the battery was critically low, nothing bad here.

Instead of clicking continue, I decided to press "Diagnostics" instead. The diagnostics immediately began to run in the BIOS.

The screen began to show different coloured bars and patterns, obviously a screen test. Then a prompt appeared asking me if coloured bars were displayed. The options were yes and no, and a button saying "Exit" in the top right. Me, not wanting to do a full diagnostics on such a low battery, pressed exit.

The screen turned black, and then flashed red. The beeper on the motherboard began to beep at an ear-piercing volume. It sounded as if it was a bomb about to go off. Everyone around me stared and some people began to even panic. I tried switching it off by holding the power button but nothing was happening. People were just staring all around me.

After about 10 seconds, the beeping stopped and the screen displayed an error message similar to this:
"CRITICAL ERROR: Monitor test FAILED.
No user input was provided."

Moral of the story: Make your program account for all possible options.

I misclicked an nsfw channel on discord and I got a dialog asking my age. I wasn't interested in loading the channel and you cannot close this dialog - it even reappears if you restart the app because the channel will still be selected.

I input 0 years just to cancel, which lead to an instant account ban and an email about scheduled deletion. In order to retain my account I need to send in selfies of myself holding my ID.

That's... a surprising user flow from a misclick. May I suggest a little x in the corner, as we professionals call it.

For april fools i added a code that reverses the user input password
and wrote " due to a bug occurred in our database all user passwords have been inverted. Our developers are working on this issue "

Imagine a database table where dates were saved as strings from raw user input. Then do migration to other database with table where dates are datetime.

Yep. That's me. 😶

I hate humans. 😧🔫

Especially those who try to be original like:
11|Sept.|2016 or 13;Juni;17

There are rules in this world, damn. 😥

Our html:

<input type="number"/>

Accepts only numbers, so far so good. Until QA files a bug:

"Numeric input accepts the letter 'e' "

Apparently 'e' is a valid because you can input something like '1e3' which fucking means '1000' !

Our team tried to argue with the QA that 'e' is valid because it simply means exponent but they argue a normal user would not know what an exponent means because they are not "mathematically inclined"

Part of me agrees with what the QA argues but then I think an average user who could use a fucking laptop or mobile will most certainly know what an exponent is.

Worst WTF dev experience? The login process from hell to a well-fortified dev environment at a client's site.
I assume a noob admin found a list of security tips and just went like "all of the above!".

You boot a Linux VM, necessary to connect to their VPN. Why necessary? Because 1) their VPN is so restrictive it has no internet access 2) the VPN connection prevents *your local PC* from accessing the internet as well. Coworkers have been seen bringing in their private laptops just to be able to google stuff.
So you connect via Cisco AnyConnect proprietary bullshit. A standard VPN client won't work. Their system sends you a one-time key via SMS as your password.

Once on their VPN, you start a remote desktop session to their internal "hopping server", which is a Windows server. After logging in with your Windows user credentials, you start a Windows Remote Desktop session *on that hopping server* to *another* Windows server, where you login with yet another set of Windows user credentials. For all these logins you have 30 seconds, otherwise back to step 1.
On that server you open a browser to access their JIRA, GitLab, etc or SSH into the actual dev machines - which AGAIN need yet another set of credentials.

So in total: VM -> VPN + RDP inside VM -> RDP #2 -> Browser/SSH/... -> Final system to work on
Input lag of one to multiple seconds. It was fucking unusable.

Now, the servers were very disconnect-happy to prevent anything "fishy" going on. Sitting at my desk at my company, connected to my company's wifi, was apparently fishy enough to kick me out every 5 to 20 minutes. And that meant starting from step 1 inside the VM again. So, never forget to plugin your network cable.

There's a special place in hell for this admin. And if there isn't, I'll PERSONALLY make the devil create one. Even now that I'm not even working on this any more.

all user input is evil
trust none of it

The nightmare continues.

Currently dealing with a code review from a “principal” dev (one step above senior), who is unironically called a “legendary dev” by some coworkers. It’s painfully obvious he didn’t read the code, and just started complaining and nitpicking.

It’s full of requests to do things that make absolutely no sense, and would make the code an unmaintainable mess.
• Ex: moving the logic and data collection from the module’s many callers into the module instead of just passing in the data.
• Ex: hiding api endpoint declarations by placing them in the module itself, and using magic instance variables to pass data to it. Basically: using global functions and variables instead of explicit declarations and calls.
• Ex: moving the logic to determine which api endpoint to use, for all callers, into the view.

More comments about methods being “too complex” (barely holds water) right next to comments saying “why are these separate? merge them together!”

Incredulously asking how many times I’m checking permissions and how ridiculous it all is. (The answer? Twice.)

Conflating my “permissions” param and method names with a supposedly forthcoming permissions system overhaul, and saying I shouldn’t use permissions because my code will all have to get rewritten. Even if that were true, and it’s likely not, the ticket still needs to use the current permissions. I can’t just ignore them because they might be rewritten someday.

Requests to revert some code cleanup because the reviewer thought the previous heavily-nested and uncommented versions (with code duplication) were easier to read. Unsurprisingly, he wrote them.

On the same ticket, my boss wants me to remove all styling and clientside validation, debouncing, and error messages from a form. Says “success” and “connection failed” messages are good enough. The form in question sends SMS and email using arbitrary user input for addresses. He also says it shouldn’t be denounced on the server, and doesn’t want me to bother checking permissions. Hello, spam!

Related: the legendary dev reviewer says he can’t think of a reason why we would want to disable the feature for consumers, so I should remove the consumer feature flag.

You can’t make this stuff up.

#define Minion (A junior from my college)

Minion : Hey, can you suggest me from some good project for my final year.

Me : Sure , which "programming language" do you know?

Minion : Well i am good at HTML.

Me(triggered);
Me : Ya sure , make a "program" using HTML only that takes input from a user and prints that nth prime number.

Minion : 😱😱😱😱

I really have this fucking love/hate relationship with application security.

For a lot of stuff that I write, user input has to be validated, authentication is required and so on and I do love looking into that, pentesting my own applications to death and thinking about the security architecture of the application itself.

But, sometimes, I just want to focus on the fucking features and then it annoys the living hell out of me that securing an application can take so much time and brain power.

Yay and grrrr, I guess.

Root gets ignored.

I've been working on this monster ticket for a week and a half now (five days plus other tickets). It involves removing all foreign keys from mass assignment (create, update, save, ...), which breaks 1780 specs.

For those of you who don't know, this is part of how rails works. If you create a Page object, you specify the book_id of its parent Book so they're linked. (If you don't, they're orphans.) Example: `Page.create(text: params[:text], book_id: params[:book_id], ...)` or more simply: `Page.create(params)`

Obviously removing the ability to do this is problematic. The "solution" is to create the object without the book_id, save it, then set the book_id and save it again. Two roundtrips. bad.

I came up with a solution early last week that, while it doesn't resolve the security warnings, it does fix the actual security issue: whitelisting what params users are allowed to send, and validating them. (StrongParams + validation). I had a 1:1 with my boss today about this ticket, and I told him about that solution. He sort of hand-waved it away and said it wouldn't work because <lots of unrelated things>. huh.

He worked through a failed spec to see what the ticket was about, and eventually (20 minutes later) ran into the same issues Idid, and said "there's no way around this" (meaning what security wants won't actually help).

I remembered that Ruby has a `taint` state tracking, and realized I could use that to write a super elegant drop-in solution: some Rack middleware or a StrongParams monkeypatch to mark all foreign keys from user-input as tainted (so devs can validate and un-taint them), and also monkeypatch ACtiveRecord's create/save/update/etc. to raise an exception when seeing tainted data. I brought this up, and he searched for it. we discovered someone had already build this (not surprising), but also that Ruby2.7 deprecates the `taint` mechanism literally "because nobody uses it." joy. Boss also somehow thought I came up with it because I saw the other person's implementation, despite us searching for it because I brought it up? 🤨

Foregoing that, we looked up more possibilities, and he saw the whitelist+validation pattern quite a few more times, which he quickly dimissed as bad, and eventually decided that we "need to noodle on it for awhile" and come up with something else.

Shortly (seriously 3-5 minutes) after the call, he said that the StrongParams (whitelist) plus validation makes the most sense and is the approach we should use.

ffs.
I came up with that last week and he said no.
I brought it up multiple times during our call and he said it was bad or simply talked over me. He saw lots of examples in the wild and said it was bad. I came up with a better, more elegant solution, and he credited someone else. then he decided after the call that the StrongParams idea he came up with (?!) was better.

jfc i'm getting pissy again.

A few weeks ago I stepped onto the grounds of lovely Canada. Back then - coming from Europe - I was surprised. Free WiFi everywhere without all the bells and whistles of creating an account and such.

Well ... at least I thought so ...

Today I went to a location where they actually charge you for their wireless services - fair enough the coverage area is pretty huge - and provide you with an access coupon. All good my optimistic me told me but once the login page loaded...

There are a lot of things about UX I could rant about but let's put that aside. The coupon came from the office where they KNEW all your contact details but it required you to create an account with all of them again to redeem the coupon.

Not only that but it asked for things like the phone number - obviously asking for a Canadian landline number since hell who uses mobiles anyway with numbers longer than ten characters?! - and even though it had a nice country selection it kept the states field there even when selecting a country that doesn't have states ...
Oh, and on a regular phone screen (which would be the target user for WiFi on a campground I suppose) the input fields for state and zip were occluded by the margins of the input rendering the content invisible.

And if that weren't enough after creating your account they made you watch an ad as if the personal data and the 4$ you paid them wasn't enough for the lousy 400 KB/s you get for 24h ...

Gets better though! After creating the account they display your password to make sure you remembered it ... over a non-secured WiFi network ... and send you an email afterward ... password via unencrypted mail via an unencrypted WIRELESS connection ... not that it protects anything that would matter anyways you can just snoop the MAC of your neighbor and get in that way or for that sake get their password but oh well ...

Gosh, sometimes I just feel the urgent need to find the ones responsible and tell them to GTFO of the IT world ...

Is it just me feeling like this about crappy UI/UX design? Always wondering...

Business User: Hey can we get a sample output you plan to send us?

Me: yes heres a mock

BU: This doesn't look right, can you use real values?

Me (said nicely): WELL IF WHEN YOU WROTE THE FCKIN REQUIREMENTS WEREN'T SO VAGUE AND ACTUALLY PROVIDED REAL VALUES FOR THE INPUTS WE WOULD GET AND WHAT WE SHOULD OUTPUT USING THEM MAYBE I COULD GIVE YOU A BETTER SAMPLE... AND DO LESS GUESSING ABOUT WHAT THE FUCK YOU ACTUALLY WANT...

BU: Oh I forwarded some data

Me: *looks at input data*

(thoughts) THIS FUCKING MAKES NO SENSE!! NOWHERE DOES ANYTHING LOOK LIKE WHAT YOU WANTED.... HOW ABOUT I PULL MAGIC VALUES OUT OF MY ASS?

Oh man. Mine are the REASON why people dislike PHP.

Biggest Concern: Intranet application for 3 staff members that allows them to set the admin data for an application that our userbase utilizes. Everything was fucking horrible, 300+ php files of spaghetti that did not escape user input, did not handle proper redirects, bad algo big O shit and then some. My pain point? I was testing some functionality when upon clicking 3 random check boxes you would get an error message that reads something like this "hi <SENSITIVE USERNAME DATA> you are attempting to use <SERVER IP ADDRESS> using <PASSWORD> but something went wrong! Call <OLD DEVELOPER's PHONE NUMBER> to provide him this <ERROR CODE>"

I panicked, closed that shit and rewrote it in an afternoon, that fucking retard had a tendency to use over 400 files of php for the simplest of fucking things.

Another one, that still baffles me and the other dev (an employee that has been there since the dawn of time) we have this massive application that we just can't rewrite due to time constraints. there is one file with (shit you not) a php include function that when you reach the file it is including it is just......a php closing tag. Removing it breaks down the application. This one is over 6000 files (I know) and we cannot understand what in the love of Lerdorf and baby Torvalds is happening.

From a previous job we had this massive in-house Javascript "framework" for ajax shit that for whatever reason unknown to me had a bunch of function and object names prefixed with "hotDog<rest of the function name>", this was used by two applications. One still in classic ASP and the other in php version 4.something

Legacy apps written in Apache Velocity, which in itself is not that bad, but I, even as a PHP developer, do not EVER mix views with logic. I like my shit separated AF thank you very much.

A large mobile application that interfaced with fucking everything via webviews. Shit was absolutley fucking disgusting, and I felt we were cheating our users.

A rails app with 1000 controller methods.

An express app with 1000 router methods with callbacks instead of async await even though async await was already a thing.

ultraFuckingLarge Delphi project with really no consideration for best practices. I, to this day enjoy Object Pascal, but the way in which people do delphi can scare me.

ASP.NET Application in wich there seemed to be a large portion of bolted in self made ioc framework from the lead dev, absolute shitfest, homie refused to use an actual ioc framework for it, they did pay the price after I left.

My own projects when I have to maintain them.

I'll use this topic to segue into a related (lonely) story befitting my mood these past weeks.

This is entire story going to sound egotistical, especially this next part, but it's really not. (At least I don't think so?)

As I'm almost entirely self-taught, having another dev giving me good advice would have been nice. I've only known / worked with a few people who were better devs than I, and rarely ever received good advice from them.

One of those better devs was my first computer science teacher. Looking back, he was pretty average, but he held us to high standards and gave good advice. The two that really stuck with me were: 1) "save every time you've done something you don't want to redo," and 2) "printf is your best debugging friend; add it everywhere there's something you want to watch." Probably the best and most helpful advice I've ever received 😊

I've seen other people here posting advice like "never hardcode" or "modularity keeps your code clean" -- I had to discover these pretty simple concepts entirely on my own. School (and later college) were filled with terrible teachers and worse students, and so were almost entirely useless for learning anything new.

The only decent dev I knew had brilliant ideas (genetic algorithms, sandboxing, ...) before they were widely used, but could rarely implement them well because he was generally an idiot. (Idiot sevant, I think? Definitely the idiot part.) I couldn't stand him. Completely bypassing a ridiculously long story, I helped him on a project to build his own OS from scratch; we made very impressive progress, even to this day. Custom bootloader, hardware interfacing, memory management, (semi) sandboxed processes, gui, example programs ...; we were in highschool. I'm still surprised and impressed with what we accomplished.

But besides him, almost every other dev I met was mediocre. Even outside of school, I went so many years without having another competent dev to work with. I went through various jobs helping other dev(s) on their projects (or rewriting them), learning new languages/frameworks almost every time: php, pascal, perl, zend, js, vb, rails, node, .... I learned new concepts occasionally (which was wonderful) but overall it was just tedious and never paid well because I was too young to be taken seriously (and female, further exacerbating it). On the bright side, it didn't dwindle my love for coding, and I usually spent my evenings playing with projects of my own.

The second dev (and one one of the best I've ever met) went by Novo. His approach to a game engine reminded me of General Relativity: Everything was modular, had a rich inheritance tree, and could receive user input at any point along said tree. A user could attach their view/control to any object. (Computer control methods could be attached in this way as well.) UI would obviously change depending on how the user could interact and the number of objects; admins could view/monitor any of these. Almost every object / class of object could talk to almost everything else. It was beautiful. I learned so much from his designs. (Honestly, I don't remember the code at all, and that saddens me.) There were other things, too, but that one amazed me the most.

I havent met anyone like him ever again.

Anyway, I don't know if I can really answer this week's question. I definitely received some good advice while initially learning, but past that it's all been through discovering things on my own.

It's been lonely. ☹

My university has impeccable data management. I needed to ssh into their Linux server for an assignment but it refused to accept my login. Which was weird because I could login to the same account on one of our websites just fine. I typed my password into a text file and then copy and pasted it into both logins. The Linux one failed but the website succeeded. After some experimentation it turns out that the Linux server only recognized my username if I typed it in all lowercase, even though when I created the account it had uppercase characters as well.

So let me walk you through the sloppiness that had to have occurred for this to happen. When I first created the account it must have ignored what I entered and just saved the username in all lowercase without communicating that to me. Then the websites that use this account must either ignore case for usernames or lowercase the user input before querying the database. Finally, the Linux server, despite knowing that all the usernames are lowercase, is case sensitive and won't recognize the username as I originally typed it in.

Can you guess what department manages the account, website and Linux server? The Department of Computer and Information Science. Incredible.

So we ordered a piece of software from external software house becouse I was low on time and we needed it asap.

So. Long story short, their software was bugged as hell, they deny all the bugs and they have their BDD that they done and anything we say about it like "feature XYZ is broken on firefox" they will deny it "becouse it wasn't on BDD" or "let's get on call" (in which +- 6-7 people participate from their side and we of course have to pay them for this...)

So they fixed like 20% of bugs (mostly trivials/minors) Application is fairly small scope. You have integration with like 3 endpoints on arbitary API, user registration/login, few things to do in database (mainly math running from cron).

They done it in ASP so I don't know the language and enviroment so can't just fix it myself.

2 days ago (monday) they annoyed me to point where I just started to break things. For starters I found that every numeric input is vunrable to integer overflow (which is blocker). I figured most of fields are purefect opportunity to XSS (but I didn't bother to do JS... anything but not JS...). I figured I can embed into my name/surname/phone (none validated) anything in HTML...

So for now we have around 25 bugs, around 15 of them are blockers.

They figured it's somehow our fault that it's bugged and decided to do demo with us to show off how perfectly it works. I'm happy to break their demos. I figured I will register bunch users that have name - image with fixed/absolute position top:0;left:0 width/height 100% - this will effectively brick admin panel

Also I figured I can do some addotional sounds in background becouse why not. And I just dont know what to put in. It links to my server for now so I can freely change content of bricked admin panel.

I have curl's ready to execute in case they reset database.

I can put in GIFs or heck, even videos, dosen't really matter. Framework escapes some things for them so at least that. But audio/image/video works.

Now I have 2 questions:
- what image + audio combo will work the best (of course we need to keep it civil). Im thinking finding some meme with bugs or maybe nuclear logo image with some siren sound
- am I evil person?

Edit:

I havent stated this clearly:

"There is no BDD that describes that if user inserts malicious input server should deny it" - that's almost literally what we get from them....

I was pressued to shift the blame.

We received an angry email from a customer that some of their data had disappeared. The boss assigns me to this task. This feature is relatively new and we've found some bugs in the past in here. I go through request logs, search the database, run some diagnostics, etc. for about 5 hours and I cannot find the problem. I focus on the bugs that we've had before but they don't seem to be the problem.

I tell the boss "sorry but I checked XYZ and I can't find the problem. I'm out of ideas." But the boss wanted answers by the end of the day. They did not want to admit to the client that we couldn't figure out what's wrong.

By now I was more pressured to find an answer, find something or someone to blame it on, not exactly to find the real solution. So I made up some BS:

"Sometimes, in HTML forms, the number inputs allow you to change the number by scrolling. We have some long forms where the user has to scroll. Perhaps the focus remained on the number input, so when they scrolled down they accidentally changed the number they meant to input."

The boss was happy with that. We explained this to the customer, and there's now a ticket to change type="number" to type="text" in our HTML forms and to validate it in th backend.

A week later another customer shows us a different error. This one is more clear because it had a stack trace, but I realise that this error is what caused our last error. It was pretty obscure, mind you, the unit tests didn't detect it.

I didn't tell the boss that they were connected tho.

With two angry clients in two weeks, I finally convinced the boss to give us more time to write more unit tests with full coverage.

TL;DR
I accidentally surpassed(?) my user permissions and closed some of my classmates browsers and locked up a terminal for me

In school we have 2 primary operating systems: Windows and Ubuntu. Windows is hell in general and but not as hell as the firefox installation on Ubuntu.

"Just loaded this page. Now wait half a minute so that I can render it"
"Woah, woah, woah. Slow there. You just made an input event. Give me those 5 seconds to compute what you just did"

Executing "top" or "htop" shows you a long list of firefox processes with a cpu usage of 99.9%, since the whole school shares that linux environment.

Anyway, one day it was way more servere than normally and I way forced to kill my firefox instances. So I pressed CTRL+ALT+T for that terminal, waited 5 minutes until it accepted input typed "killall firefox" with a delay of half a minute per character and smahed that enter key.

At this very point in time I could hear confusion from every corner of the room. "What happened to firefox?"

Around 30% of the opened browsers where abruptly stopped. I looked back to my screen noticed I was logged out. I couldn't login from that terminal for the rest of that day.

Our network admin, which happened to be there, since the server is just next door, said that this was just convenience, but the timing was too perfect so I heighly doubt that.

I felt like a real hackerman even if it was by accident :)

For two weeks I am paid 50$ an hour 6 hours a day / 5 days per week as someone called "Web deployment supervisor". The work is based on checking if the website throws an error and fixing it (devops) and staying in touc with the customer and helping him. The wevsite i wrote is just a small PHP site, well tested, almost no user input, if you dont drop whole DB it cannot basically crash. So for past week I am just copypasting documentation for the client what/how to do things. Today I already sent him same info 4 times. For me as a student and a freelance web dev it's a gold mine. I am having vacations for 14 days (thanks to damaged school water supply), getting paid 50$/hour for playing PUBG and using Ctrl+F in my Firefox, but god hell, it's so fucking psychically hard. Sometimes I have an urge to scream on that retard "I'VE SENT YOU THAT SAME SHIT 4 MINUTES AGO RETARD USE YOUR FUCKING SCROLL WHEEL IN OUR CHAT FOR FUCK SAKE".

Watch out for these fucking bug bounty idiots.

Some time back I got an email from one shortly after making a website live. Didn't find anything major and just ran a simple tool that can suggest security improvements simply loading the landing page for the site.

Might be useful for some people but not so much for me.

It's the same kind of security tool you can search for, run it and it mostly just checks things like HTTP headers. A harmless surface test. Was nice, polite and didn't demand anything but linked to their profile where you can give them some rep on a system that gamifies security bug hunting.

It's rendering services without being asked like when someone washes your windscreen while stopped at traffic but no demands and no real harm done. Spammed.

I had another one recently though that was a total disgrace.

"I'm a web security Analyst. My Job is to do penetration testing in websites to make them secure."
"While testing your site I found some critical vulnerabilities (bugs) in your site which need to be mitigated."
"If you have a bug bounty program, kindly let me know where I should report those issues."
"Waiting for response."

It immediately stands out that this person is asking for pay before disclosing vulnerabilities but this ends up being stupid on so many other levels.

The second thing that stands out is that he says he's doing a penetration test. This is illegal in most major countries. Even attempting to penetrate a system without consent is illegal.

In many cases if it's trivial or safe no harm no foul but in this case I take a look at what he's sending and he's really trying to hack the site. Sending all kinds of junk data and sending things to try to inject that if they did get through could cause damage or provide sensitive data such as trying SQL injects to get user data.

It doesn't matter the intent it's breaking criminal law and when there's the potential for damages that's serious.

It cannot be understated how unprofessional this is. Irrespective of intent, being a self proclaimed "whitehat" or "ethical hacker" if they test this on a site and some of the commands they sent my way had worked then that would have been a data breach.

These weren't commands to see if something was possible, they were commands to extract data. If some random person from Pakistan extracts sensitive data then that's a breach that has to be reported and disclosed to users with the potential for fines and other consequences.

The sad thing is looking at the logs he's doing it all manually. Copying and pasting extremely specific snippets into all the input boxes of hacked with nothing to do with the stack in use. He can't get that many hits that way.

Windows: No internet connection.

Me: Runs troubleshooter.

Windows: Problem found and resolved: Default Gateway Server is not available

Me: Wait.. since when can windows fix user input?!

Windows: Still no internet connection

Updating code for big client.

Find that they are not encrypting passwords in the database and are not sanitizing user input from forms.

Do not trust the user!

Our UX guy today presented a prototype of a new UI where users can declare an order.

Under the categorie "measuring unit" used to give the specification of mass or volume. He gave the following options

- kg
- litres
- m^3
- m^2
- others (which would allow the user to input anything)

Wtf why do you give the user the option to input anything. So we had to explain to him what SI units are...

I do not like the direction laptop vendors are taking.

New laptops tend to feature fewer ports, making the user more dependent on adapters. Similarly to smartphones, this is a detrimental trend initiated by Apple and replicated by the rest of the pack.

As of 2022, many mid-range laptops feature just one USB-A port and one USB-C port, resembling Apple's toxic minimalism. In 2010, mid-class laptops commonly had three or four USB ports. I have even seen an MSi gaming laptop with six USB ports. Now, much of the edges is wasted "clean" space.

Sure, there are USB hubs, but those only work well with low-power devices. When attaching two external hard drives to transfer data between them, they might not be able to spin up due to insufficient power from the USB port or undervoltage caused by the impedance (resistance) of the USB cable between the laptop's USB port and hub. There are USB hubs which can be externally powered, but that means yet another wall adapter one has to carry.

Non-replaceable [shortest-lived component] mean difficult repairs and no more reserve batteries, as well as no extra-sized battery packs. When the battery expires, one might have to waste four hours on a repair shop for a replacement that would have taken a minute on a 2010 laptop.

The SD card slot is being replaced with inferior MicroSD or removed entirely. This is especially bad for photographers and videographers who would frequently plug memory cards into their laptop. SD cards are far more comfortable than MicroSD cards, and no, bulky external adapters that reserve the device's only USB port and protrude can not replace an integrated SD card slot.

Most mid-range laptops in the early 2010s also had a LAN port for immediate interference-free connection. That is now reserved for gaming-class / desknote laptops.

Obviously, components like RAM and storage are far more difficult to upgrade in more modern laptops, or not possible at all if soldered in.

Touch pads increasingly have the buttons underneath the touch surface rather than separate, meaning one has to be careful not to move the mouse while clicking. Otherwise, it could cause an unwanted drag-and-drop gesture. Some touch pads are smart enough to detect when a user intends to click, and lock the movement, but not all. A right-click drag-and-drop gesture might not be possible due to the finger on the button being registered as touch. Clicking with short tapping could be unreliable and sluggish. While one should have external peripherals anyway, one might not always have brought them with. The fallback input device is now even less comfortable.

Some laptop vendors include a sponge sheet that they want users to put between the keyboard and the screen before folding it, "to avoid damaging the screen", even though making it two millimetres thicker could do the same without relying on a sponge sheet. So they want me to carry that bulky thing everywhere around? How about no?

That's the irony. They wanted to make laptops lighter and slimmer, but that made them adapter- and sponge sheet-dependent, defeating the portability purpose.

Sure, the CPU performance has improved. Vendors proudly show off in their advertisements which generation of Intel Core they have this time. As if that is something users especially care about. Hoo-ray, generation 14 is now yet another 5% faster than the previous generation! But what is the benefit of that if I have to rely on annoying adapters to get the same work done that I could formerly do without those adapters?

Microsoft has also copied Apple in demanding internet connection before Windows 11 will set up. The setup screen says "You will need an Internet connection…" - no, technically I would not. What does technically stand in the way of Windows 11 setting up offline? After all, previous Windows versions like Windows 95 could do so 25 years earlier. But also far more recent versions. Thankfully, Linux distributions do not do that.

If "new" and "modern" mean more locked-in and less practical and difficult to repair, I would rather have "old" than "new".

I was helping my girlfriend's sister on her programming homework yesterday. But the thing is that she missed a lot of classes to be with her boyfriend. So now she has a reasonably advanced task, without knowing the basics.

Her assignment was to open a file, extract it's text, and count how many times an user-given word appeared on it. So here's how it went:

- so you use the input function to ask the user to type the word.
- ok, but where do I type the word?
- in that black screen, on the bottom of visual code
~ changes name of the variable that receives the input()~
-like that?
- no, that is just the variable name. You should type in that black screen AT THE BOTTOM OF VISUAL CODE
- oh, ok.
~ changes name of .py file ~

I'm taking an Intro to Programming course along aside an Intro to Computers class so I already know about basic programing, still very new to it though! At the end of the Intro to Comp, we're learning about programming and a classmate was having a hard time understanding assignments and variables.

I explained the idea of the input command at least three times and he kept trying to print out a statement he just wanted to write in instead of printing out the input that the user will enter. He also assigned the same name to different variables.

Explained that what he was doing was not versatile and not useful, explained in an example situation, explained by writing some lines of code myself (THRICE), and he still had trouble understanding me. I didn't want to hold his hand the entire time.

Glad that I was called to leave early since I might get too frustrated if I had to stay back and continue to help him.

Hope he managed to finish the assignments successfully though! Feel kinda bad now...

Being a programmer for a while now it always irritates me to try to explain what I'm working on to friends and family. I forget what I knew before I developed. I'm always like "I made the strings in the database- oh I mean the words...well they're actually more like strings of letters- well anyway I made a code to sanitize the user input- I mean make it so it is secure before uhhh saving." I spend so much time watering what I'm saying down I forget what I'm talking about

It's not even funny. It'd be funny if one single person in my family or friend group understood what I meant to some degree.

My very first staggering steps with programming were made with Basic, and commands like INPUT that allowed me to create simple text adventures. As silly as it might sound, my biggest hurdle was to figure out how to make realtime action games, reading input from any sort of user device (using GET and JOY) without waiting for input, and designing game cycles in such way that they gave the impression of multitasking (keep in mind there was no such thing as threads). These machines and the Basic interpretor were extremely slow so making anything move a little...er...smoothly, let alone creating a game, was a challenge in itself.

These motherfucking incompetent programmers... Demon spaghetti code base saga continues.

So they have a password change functionality in their web app.

We have to change the length of it for cybersecurity insurance. I found a regex in the front end spaghetti and changed it to match the required length.

Noticed 7 regexes that validate the password input field. Wtf, why not just use one?! REGEX ABUSE! Also, why not just do a string length check, it's fucking easy in JS. I guess regex makes you look smart.

So we test it out and the regexes was only there for vanity, like display a nicely designed error that the password doesn't have x amount of characters, doesn't have a this and that, etc.

I check the backend ColdFusion mess that this charismatic asshole built. Finally find the method that handles password updates. THERE'S NO BACKEND VALIDATION. It at least sanitises the user input...

What's worse is that I could submit a blank new password and it accepts it. No errors. I can submit a password of "123" and it works.

The button that the user clicks when the password is changed, is some random custom HTML element called <btn> so you can't even disable it.

I really don't enjoy insulting people, but this... If you're one of the idiots who built this shit show and you're reading this, change your career, because you're incompetent and I don't think you should EVER write code again.

My friend ha just big exam in their programming class. They got the assignment week before and were allowed to use libraries. They were using Java and Maven repos. He created his own Maven repo and added finished assignment as a library. He just added his repo to the gradle project and selected his library as a dependecy. He then created one class with main method, 10 lines of user input and called main method from his library. Since the school newly tests students work automatically, he instantly passed with 100% and had to look like hes actually working for next 3 hours 😂. Noone noticed anything after 2 weeks 😂

Realized there was a bug in my npm package that made it hard to update the state of the input field conditionally (rather than explicitly through user action) and fixed it, wrote tests to ensure it was working the way I thought it was, updated the dist, updated the package version, merged, cut a GitHub release...

Then uninstalled and reinstalled it in the project I’m using it in and it didn’t work. What the eff, I think. Take a couple hours furiously trying to figure out why the hell the behavior doesn’t seem to match the behavior of the new version.

Then it dawns on me. I check the package.json.

“react-autosuggestions”: “^2.1.0”

.... I forgot to do the “npm publish” step.

*head desk*

Putty remote executuon vulnerability(no patch yet)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to unspecified input validation error when processing data, received from SSH server. A remote attacker can trick the victim to connect to a specially crafted SSH server and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Agile Coach: you need to take part in the next quarter planning of the work. Work with your business team to create a healthy backlog. Provide your input to the user stories. It’s a collective effort.

Me: why tf it’s not a collective effort when code breaks and only one dev is trying to fix it while taking in all the heat.

Of course I can’t say that out loud without getting fired.

So after the original idea getting scraped during a hackathon this week, we created a slack bot to fetch most relevant answers from StackOverflow using user's input. All the user had to do was input few words and the bot handled all typos, links etc and returned the link as well as the most upvoted or the accepted amswer after scraping it from the website.
The average time to find an answer was around 2 seconds, and we also told that we're planning to use flask to deploy a web application for the same.
After the presentation, one of the judge-guys called me and told me that "It isn't good enough, will not be used widely" and "Its similar to Quora".
Never ever have I wanted to punch a son of a bitch in the balls ever.

I coded the app so good
I optimized the UX SO GOOD
I made the UI look GOOD
I made the error handling and input validation ROCK HARD SOLID BULLETPROOF

NO FUCKING WAY COULD YOU FUCK THIS UP

NO WAY COULD YOU BE DUMB ENOUGH NOT TO KNOW HOW TO USE IT AND NOT FUCK IT UP

I GAVE IT TO MY DAD AS A NORMAL USER TO TEST THE APP AND HE FUCKED IT UP ON THE FIRST TRY

HE DIDNT UNDERSTAND THE UX.

.

I once agreed to maintain and develop an application used in a different section of the school to keep inventory and make sure everything is where it is supposed to be.

At first there was enthusiasm, together with 2 of my classmates we agreed and git clone-d the .NET application that now graduated students built and maintained for the past few years. What could go wrong right?!

It became clear that the original students that worked on it followed an older curriculum, meaning they still got taught .NET instead of the core variant that we get now, not only that but it also seemed that they either did not fully grasp the Clean/Onion architecture or didn't get it in class since there were infrastructure components in the 'Domain' project of the solution. Think of 2 DBContexts in the domain model, yep.

One of us bailed in the first week, the other one and I felt bad for the people using the app so we went on and tried to work on the first bugs that were described in a document. One of these bugs was 'whenever I filter on something in the list, everybody gets to see that filter on their screen instead of only me'. Woah that's weird! Let's see how they put that together!

Oh god, they are using a _static_ variable to store filters, no wonder that it doesn't work properly. Ever heard of sessions?!

Second bug: Sometimes people can't create an account when we sign them up from the admin panel. Alright that is weird, let's figure that one out! Wait a second it seems to work in development? What's this about.

Oh wait I can't create an account on production either? Oh that's weird, wait a second... Why do I have to put my e-mail in a form that was sent to me through e-mail? Why is my address not filled in already? OOH, if someone types in the wrong e-mail address (which is easy since our school has 4 variants of the same f*cking e-mail address) it won't work since it can't recognize the user! Brilliant! Remove e-mail input box and make a token/queryparam determine the user account.

Ah that seems good, it's a mess but it seems a tiny bit better now, great! We're making progress and some sweet buck.

Next bug, trillions of 50x errors on random pages, that's a weird one.

Hm everything works in development, that's odd. Is the production data corrupted?

DID I MENTION that in order to get into the system in development we have to load in a f*cking production database backup ON OUR DEVELOPMENT MACHINE and then ask one of the users' password to login to it and create an account for ourselves? Seeding? What's that, right?!

Anyway, back to bug fixing. I e-mail the the people responsible for the app and get a production admin account, oh I also can't ssh into it because of policies so I have to do everything over e-mail and figure out what's causing the errors. I somehow also wonder if they have any kind of virtualization in place, giving students a VM to do that stuff in doesn't seem so weird does it ? Even with school policies?

Oh btw, 'deploying' means sending a .zip file to a guy in another building and telling him how to configure it, apparently this resulted in a missing folder that the application needed to work and couldn't make on its own. This after 2 weeks of e-mailing back and forth.

After 3 months i quit out of despair and sadness, and due to the fact that I just couldn't do it anymore. I separated everything into logical subprojects and let the last guy handle it, he was OK with that and understood why I left.

Luckily, around that time I already had an actual job at a software development company :)

My designer just had an user interview where the user is a developer and my designer showed him the mock-ups of a no code tool that we are building, asking the dev for his input.

She literally had a session with a guy announcing him that we are building a tool that will put him out of work and moreover asked him for inputs so that we miss no use case.

And in another story, one of my dev lead decided to decommission an entire feature and replace it will a hacky solution because the devs in her team were not comfortable using the current design in their development stage. Hence, without user research, any strong use case, or considering business implications, she went ahead and drafted the entire approach on how to fuck everyone.

I am out of my honeymoon phase at my new org and I am scared. Shit scared.

Forms with autofocus. What are your opinions on that?

My boss keeps asking us to always give autofocus to the first input of a form, without any UX study to support it, just his opinion ("I think it makes sense"). I fucking hate it. He says it's nice for keyboard users, but I'm a keyboard user myself and I say that's what the tab key is for. To fucking focus stuff.

It really annoys me to no end when things like this are requested, but it's ok to have buttons, checkboxes, etc without fucking :focus and :active styles. Just :hover is not enough ffs.

And "links" that work with "onclick". Damn how I want to kill anyone that does that.

Oh boy, this is gonna be good:

TL;DR: Digital bailiffs are vulnerable as fuck

So, apparently some debt has come back haunting me, it's a somewhat hefty clai and for the average employee this means a lot, it means a lot to me as well but currently things are looking better so i can pay it jsut like that. However, and this is where it's gonna get good:

The Bailiff sent their first contact by mail, on my company address instead of my personal one (its's important since the debt is on a personal record, not company's) but okay, whatever. So they send me a copy of their court appeal, claiming that "according to our data, you are debtor of this debt". with a URL to their portal with a USERNAME and a PASSWORD in cleartext to the message.
Okay, i thought we were passed sending creds in plaintext to people and use tokenized URL's for initiating a login (siilar to email verification links) but okay! Let's pretend we're a dumbfuck average joe sweating already from the bailiff claims and sweating already by attempting to use the computer for something useful instead of just social media junk, vidya and porn.

So i click on the link (of course with noscript and network graph enabled and general security precautions) and UHOH, already a first red flag: The link redirects to a plain http site with NOT username and password: But other fields called OGM and dossiernumer AND it requires you to fill in your age???
Filling in the received username and password obviously does not work and when inspecting the page... oh boy!

This is a clusterfuck of javascript files that do horrible things, i'm no expert in frontend but nothing from the homebrewn stuff i inspect seems to be proper coding... Okay... Anyways, we keep pretending we're dumbasses and let's move on.

I ask for the seemingly "new" credentials and i receive new credentials again, no tokenized URL. okay.

Now Once i log in i get a horrible looking screen still made in the 90's or early 2000's which just contains: the claimaint, a pie chart in big red for amount unpaid, a box which allows you to write an - i suspect unsanitized - text block input field and... NO DATA! The bailiff STILL cannot show what the documents are as evidence for the claim!

Now we stop being the pretending dumbassery and inspect what's going on: A 'customer portal' that does not redirect to a secure webpage, credentials in plaintext and not even working, and the portal seems to have various calls to various domains i hardly seem to think they can be associated with bailiff operations, but more marketing and such... The portal does not show any of the - required by law - data supporting the claim, and it contains nothing in the user interface showing as such.
The portal is being developed by some company claiming to be "specialized in bailiff software" and oh boy oh boy..they're fucked because...

The GDPR requirements.. .they comply to none of them. And there is no way to request support nor to file a complaint nor to request access to the actual data. No DPO, no dedicated email addresses, nothing.

But this is really the ham: The amount on their portal as claimed debt is completely different from the one they came for today, for the sae benefactor! In Belgium, this is considered illegal and is reason enough to completely make the claim void. the siple reason is that it's unjust for the debtor to assess which amount he has to pay, and obviously bailiffs want to make the people pay the highest amount.

So, i sent the bailiff a business proposal to hire me as an expert to tackle these issues and even sent him a commercial bonus of a reduction of my consultancy fees with the amount of the bailiff claim! Not being sneery or angry, but a polite constructive proposal (which will be entirely to my benefit)

So, basically what i want to say is, when life gives you lemons, use your brain and start making lemonade, and with the rest create fertilizer and whatnot and sent it to the lemonthrower, and make him drink it and tell to you it was "yummy yummy i got my own lemons in my tummy"

So, instead of ranting and being angry and such... i simply sent an email to the bailiff, pointing out various issues (the ones

Me: *pulls down the quick settings drawer and taps Bluetooth*
phone: *forgets everything about having multiple CPU cores and threads - the process responsible for all user input and drawing the ui grinds to a halt*
me: *sighs* oh, fuck, not this shit again *sets phone down*
*several minutes pass*
*watchdog decides that the UI is stuck and kills it, forcing the phone to soft-reboot*
phone: *boots up after a minute of loading*
me: *checks if Bluetooth is on*
*Bluetooth still off*
me: *tries to tap Bluetooth again*
*the procedure repeats*

Refusing to escape user input in shell commands because "it's the responsibility of the user to insert safe input".

I have quite a few of these so I'm doing a series.
(2 of 3) Flexi Lexi

A backend developer was tired of building data for the templates. So he created a macro/filter for our in house template lexer. This filter allowed the web designers (didn't really call them frond end devs yet back then) could just at an SQL statement in the templates.

The macro had no safe argument parsing and the designers knew basic SQL but did not know about SQL Injection and used string concatination to insert all kinds of user and request data in the queries.
Two months after this novel feature was introduced we had SQL injections all over the place when some piece of input was missing but worse the whole product was riddled with SQLi vulnerabilities.

About to punch Android studio in the face! My SYNTAX IS CORRECT!!!! 😡😡😡😡

Writing a truly crossplatform terminal library is the biggest pain in the ass.

And you thought windows was bad. They have a proper API with droves of features, freely allocatable screenbuffers, scrolling on both axes, etc.
Fucking xterm vtxxx compatible piles of shit are the problem.
Controlling kinda works eventhough the feature set is pretty bad. The really fucked up thing is reading values back. They literally get put into the input buffer. So you have to read all the actual user input before that and then somehow parse out the returned control sequence. Of course the user input has to be consumed so I have to buffer it myself. Even better is when you get a response with non printable characters which the fucking terminal will interpret as another control sequence. So when you set a window title to a ansi control sequence it would get executed when queried. Fuck this shit but I'm not giving up. I will tame this ugly, bodged together dragon

Fuck Homestead.

For the fortune of you not to know, Homestead is a sad attempt at a Wix-like build your own website platform.

However, Homestead is the most unusable piece of shit platform that humans have ever had the misery of interacting with

Lets start off with the login page. The login page is small, unresponsive and half the time just deletes your input whenever you press submit.

It's important to note that unless you're running MacOS or Windows, Homestead will send to an error page on which there's a link to contact support, but pressing that link requires MacOS or Windows.

Fine, I'll fiddle around with my user-agent, and we'll be in soon enough. But now we come to the joy that is the website editor itself.

The website editor is clunky, hard to use, and has enough menus and submenus and sidebars to make the Jira UI shake with fear. Each interface option label is either ridiculously ambiguous or just straight up wrong. The built-in HTML editor doesn't support HTML5, in the name of "browser compatibility".

CSS? Pah! Who needs it! Our psuedo-90s skeuomorphic ugly-as-shit prebuilt styles will work just fine. Responsive design? Bullshit! Nobody uses a smartphone to browse the web, so why do we need to handle it?

Uploading a file? Good fucking luck buddy. There's a complicated dance among the minefield of pop-ups that ask you to confirm some shit or modify some shit and you gotta click the right option each time or else the file won't upload.

Wanna use https like 86% of the entire web and all modern websites? That's a premium feature. Fork over an extra $10 a month

Ok ok, I made it through all that. Dig through the thousands of menus to find the 'publish changes' button, and sigh with relief.

Open up a private browser tab to check my work, and nope. The site looks like shit, even by Homestead's standards. That's because Homestead claims to be a WYSIWYG editor, but it's a damn lie. The site looks like shit, so it's time do dive back into the hellhole that is this damn site editor.

And rinse and repeat. Deal with the shitty editor, publish, and pray it doesn't look like garbage. Be too scared to test on other devices because this flaming pile of dog shit pretending to be a website is bad enough on my device.

Two more months, then I'm done with this client. Someone get me a drink

The whole app was a shitshow...
- Cancel order as a post request (the same post request used to save the order).
I demoed the client how with a couple of lines of code I could change his "Cancel order" button to "Mark my order as payed" button....
- List orders method took an user id as input...
- Update profile did not care about wich properties you should be able to change as a non admin...
And so on...

Hmm...recently I've seen an increase in the idea of raising security awareness at a user level...but really now , it gets me thinking , why not raise security awareness at a coding level ? Just having one guy do encryption and encoding most certainly isn't enough for an app to be considered secure . In this day an age where most apps are web based and even open source some of them , I think that first of all it should be our duty to protect the customer/consumer rather than make him protect himself . Most of everyone knows how to get user input from the UI but how many out here actually think that the normal dummy user might actually type unintentional malicious code which would break the app or give him access to something he shouldn't be allowed into ? I've seen very few developers/software architects/engineers actually take the blame for insecure code . I've seen people build apps starting on an unacceptable idea security wise and then in the end thinking of patching in filters , encryptions , encodings , tokens and days before release realise that their app is half broken because they didn't start the whole project in a more secure way for the user .

Just my two cents...we as devs should be more aware of coding in a way that makes apps more secure from and for the user rather than saying that we had some epic mythical hackers pull all the user tables that also contained unhashed unencrypted passwords by using magix . It certainly isn't magic , it's just our bad coding that lets outside code interact with our own code .

A few weeks ago, I was kept up until the wee hours of the morning trying to figure out how in the hell the Monty Hall problem works. After finally getting it (I'm slow, okay?), I decided to write a program to run simulations of it.

First incarnation of program took user input. User enters what door they choose (1, 2, or 3), then is told what door Monty opens, then given the decision of staying with the door they originally chose or switching, then informed how that worked out for them.

Second incarnation of program ran on a loop. At the start of each loop, a random door is picked for the user guess. Then the door Monty opens is calculated from the remaining doors (excludes user guess and prize door). Then user switches doors (choosing the door that was not their original door or the door Monty opened). At the end of each loop, if the door they switched to was the prize door, it would increment a win counter, else increment a loss counter. After running the loop 1000000000 times, it printed to console `You always switched doors, resulting in ${wins} wins and ${losses} losses`.

THEN I decided to write a variation to run a while loop on the outside of the loop to increase the number of total doors until the point where the decision to switch doors hurt more often than it helped. At this point, I decided to incorporate file I/O and write to a file rather than a console. And that was neat!

And then I decided it would be cool to go back to the three door variation, printing on each loop the original door, the door Monty opened, the door that was switched too, the result of the switch (win or lose) and what the prize door was.

But for the life of me, I couldn't seem to get the file to write properly. It would, like, always crash my terminal. I tried open + append, I tried append. I tried createWriteStream. Still just failure.

And then I changed it to an appendFileSync and happened to look at one of the files that I was writing to. "Huh, over a gig seems a lot."

"Well, how much are you writing each loop? Did you forget to keep in mind how many bytes that would be?"

TLDR: If you're going to write a program that's going to write data to a file on a loop, you might want to figure out how much it's going to end up writing .... before trying to run it. And running a loop 1000000000 times may be a little excessive.

*face palm*

I JUST SPENT A PAINFUL TWO HOURS TRYING TO FIND OUR WHY MY EXCEPTIONS WERE BEING THROWN AFTER EVERY SINGLE INPUT THE USER ENTERED...

I commented out the try catch, it worked, I commented out the throw and it worked, so I uncommented them both and it worked again? WHY DIDN'T IT WORK BEFORE Y U DO DIS

Hey so this may be a harsh one. Me and my friend are computer science and game development students and he's now in Programming 2 and he's not understanding day 1 concepts (i.e. "you dont have to redefine a variable every time you use it", "That's a string why are you setting it to 0?", "the program needs to take in user string input how would you do that?", etc.) and at this point I don't know how to help him actually understand and retain information. What do I do?

Sitting in a board room with about 20 people all who have flown in from different parts of the world to discuss the project plan for a web app with an international user base.

We are discussing a web form with a dynamic layout based upon the users profile. Users enters a ton of information, calculations, are made, and info in stored into a db. Info can be updated and will be reported upon later.

One of the project leads representing Europe suggest that the form be exported into Excel so that the user can fill it out in Excel only to be imported via the application. WTH!!!! Later I found out this was that leads 2nd week with the company. Why were you even at the meeting and why did you have input?

A few years ago I would whine, complain and rant about shitty software, which I knew could be so much better than it was. But I didn't yet write software of my own.

Now I complain about shitty libraries, API's and users. Not much has changed really. And every time I write code, I curse myself, and whoever made this trashpile I have to work with. I curse the user to the moon and beyond for using the program wrong. Funny thing is, exactly the thing I was complaining about (input validation, see earlier rant) is also exactly what no more than 5 minutes after release, a user fucked up with. The bot just does not respond at this point. But fuck these braindead retards for users.

In a few years I expect myself to be complaining about shitty compilers and buffer overflows, segmentation violations, bad coding style (don't make your program a fucking colander kthx), and so on.

Next decade I expect myself to be complaining about physics itself, and why the universe is governed by the laws it's governed by. Whoever this God is, he's a fucking retard. Funny thing is, the signs for it are already there. Electron theory! If only those electrons were positrons, then the math would check out properly. Instead of negative electrons traveling from negative to positive, we'd have positive positrons traveling from positive to negative. At least from what I understand so far, this is still a decade away after all.

The point I'm trying to make is that nothing changes, only my understanding of the world around me does, as I tumble further and further down the rabbit hole. Sometimes I wish I had taken the blue pill... Either complain about others' software or perhaps not give a shit at all. Become one of those filthy users I now despise.

Looking for a second opinion/validation.

*Me: “Perhaps this simple and concise way to ensure the user doesn’t lose their data before they leave the page that requires non-zero yet minimal input from the user. (Read: ya gotta push a save/submit button)”

*Everyone else: Let’s pretend to read the user’s mind and perform relatively complicated functions behind the scenes, of which the user will most likely be unaware, that will add an undetermined amount of complexity to the development because we think it’s “where things are going,” by saving the value of a certain HTML element as it loses focus.

Edit: this is an exclusively-internally used app.

GWT.
Let me explain:
Tl;dr : someone fucked up, I took shit, it was a gwt project. In a sense I don't hate GWT because of the framework itself but because how I was introduced and forced to "work" with it.

Context:
Was working as a paid intern at a small company there were 3 devs 2 interns and one senior employee that only worked from home handling the shit ton of legacy VB6 code he wrote over several year and a boss with no technical knowledge. (Other unimportant people as well)
I was working with their DBA (cool dude) because I was writing statistic and report generating software.

Story:
The other intern was tasked of doing a gwt app that was supposed to use a input file.
Rather than asking the user to upload it with a file picker (I guess they exist in gwt I didn't got to dig in the framework) he was trying to load the file with a http request directed at the same host the app was running on.
It did not work.
Then his contract was other and the app was left in an unfinished state.
The boss then tried to have the app deployed, the remaining dev dodged the bullet invoking some bullshit because he was clearly incapable of doing it.
So it fell on me, couldn't deploy the app because it was not even close to working.
Tried to fix things and make it work.
Turns out he thought it would take me 3h to deploy when I clearly explained that the other guy didn't finish the app.
Boss got mad, threatened to ruin my studies and my future career.
Couldn't because my uni had my back.
Didn't want to see me anymore.
Couldn't break my contract.
Told me to work from home for the end of my internship.
I got 3 weeks early vacation and got paid, fuck him, fuck GWT, fuck his company.
Still got well marked for the internship as my supervisor was the DBA who was happy with my work.

Morality:
Don't let your intern unsupervised, don't let your main dev work from home when you don't know shit, don't piss me off and send me work from home.

Checking for a hardcoded password and submitting User and password in a hidden Input each time.

Didn't know about Sessions back then

Continuation of the issue I had yesterday, and a realization of just HOW FRICKING STUPID C++ could be. Basically, yesterday my code for class was skipping a line of user input code, I checked the code for hours to see if I missed anything, if anything was out of scope, both input's I was using were back to back and absolutely identical all the way from the implementation both equaling "\0" and I couldn't figure why only one of the input lines were being ignored. Out of desperation posted the code on here (see my last post). Welp, I finally fixed it, and BOY AM I SO SIMPLE. cin.ignore().

TL;DR
Dumb issue, dumb solution (in my opinion)

TLDR: There's some days where the Gods of IT are not with you. Just lost a whole day of work.

So this morning, we (me and my team) big performance issues with our web app. Lot's of requests time out, big latency, etc

Try to ssh to VPS, latency of 10 seconds between user input and output.

Usual checks: RAM ok, Proc ok, hard drive ok, reboot server (20 minutes), update/upgrade

We decide to call OVH. After 15 minutes call, we try to reboot in rescue mode. Reboot fails at 60% + everything freezes.

After an hour, OVH opens an incident ticket on +200 vps instances (including mine) everything is down during +1h

Finally everything is okay ! Even had time to migrate my new database schema.

Still, quick heavy on the mind but feels good to go home with everything working out correctly

Today a task was assigned to a coworker, he is a good guy, but one of those that never complain, never say anything, get there early, go to lunch at the exact same hour everyday, doesnt talk to anybody and gets off at exactly 6pm.

So, the task was submitted by QA, according to them, a disabled input could be enabled by going into the dev tools and enabling it...

So i went over the pm and told her (cos she is a cunt) that the ticket was just bullshit and that first of all, we had no control of it, but if that is the case, we can go over and add event listeners to all the inputs in the platform to avoid people changing them...like wtf?

Since she is a dumb cunt, she 'escalated' the task to the senior dev... he is also a total fucktard who doesnt know a shit. The dude said that the task was ok and we had to do it or not but it was better to do it, justifying the ticket in the most stupid and incoherent way... like wtf is to do with it? Tell the user to not go over the devtools and enable it? The fuckkkk

I felt like i was about to shit my kidney, seriously, but what can i do? It is not the first time things like that happen. The stupid fuck also let one of his friends add several migrations to change several tables columns just because of 'good practices' which in first place left the databas all fucked up and with fucked relations.

I'm just so tired of these fucks, incompetent motherfuckers... I told a friend about it and he said that that was nothing, it is worse when you have to work for banks and that the only thing i could do was to let it go and learn from it, to not do the same mistakes. Im thinking in quitting... what should i do?

[CMS of Doom™]
Imagine creating a CMS so bad that you let the owner (who I work for) define in a simple input field what email address is used as the sender address for the welcome email of newly registered users.
Basically they filled in a personal email of the company some 3 years ago AND of course the person with said email address left the company a few months later thus for some 2-3 years newly registered users received a welcome email with a sender address of an unavailable user.

And I thought I've seen it all in this CMS...

This is actually a question about the devRant app.

I’ve noticed this a few times. When I click a rant repeatedly (say x times), from the front page or from the notifications pane, multiple layers of that rant open up. And I have to hit the back button x amount of times to go back to where I initially was (again, front page or notification pane).

Now, I understand an app capturing multiple user inputs on the same object but shouldn’t it also account for this by only considering those taps as one input, especially if the object is lagging and hadn’t been loaded? Why is devRant implemented this way?

I would consider it undesirable to have Gmail open the same email in multiple layers when you click the same email repeatedly. So, is devRant’s a feature or a bug?

I’m not a web (app) developer. I’d just like some knowledge on how user input might be captured and why repeated inputs aren’t screened out?

If anyone could page the two awesome doods who work on devRant, that would be awesome! I hope I didn’t just wrongly assume their genders.

so…

let's make a translation website game thing

ooh! web hosting! check black friday deal!
buys website + hosting
~$100

oooh, let's check out google's translation api

>0.00001$ wtf no i aint paying that shitz or i wouldnt been a h4x3r

how can i work around this?
i know! ill make an iframe and input text as if i were a user

firefox: fuq u bish google isnt allowing framing for its translations

well gonna find another work around tommorow

maybe share the link too :)

Yet another day at my company, Im rewriting some old code for client (rewriting old, php 4 system for vindications managment) and you know the moment when you are focused and someone comes to you to absolutely ruin your focus. Fine, whatever. Oh, for fuck sake. Again dev is doing as support becouse one moron with second can't login into zimbra admin panel and add fucking mailbox. I show them exacly how they login, remind them they are admins too, slowly show them, so you click "manage" than you click that gear icon and than you click "new", fill in email address and password. As simple as 1-2-3. Okay, fuck it, time to go for a cig. I just finish up few lines and stand, grab my vape and start walking towards door. In door I find my buddy with 2 random people. He told me that they are interns and that I should show them some basics and stuff around that. Oh god, fuck my life. If anything, Im definitely very bad teacher, mainly becouse I often have problems with saying what I mean in the way that somebody actually understans and knows what I am trying to say. Whatever. Fuck it all. I grab two of our old laptops that nobody used in like a year or so, and first thing I quickly figure out, is that one day for some what the fuck reason I dont even dont bothered to remember I installed Arch on both while I dont usually use Arch. I just needed it for some specific reason. Whatever. So I guess I will need to upgrade fucking system. Our network isn't really great so that was like... hour or so. In the meantime I figured what they know about coding in general etc, and holly shit. One of them (there was boy and girl), girl, apparently never ever in her life even touched code. Well... fuck. Why am I wasting my time? Becouse there was some programme or some shit like that... Someone could tell me before so I could mentally prepare.. fuck it. whatever. So while laptops are doing their pacman thing, I sit with them and slowly start to explain based on my machine some really basic concepts. Second guy actually had some expirience, he knew how to make some really really basic logic and stuff, so he had another world of problems, becouse it was PHP and, as we all know, everyone hates PHP, and... yeah.. You can probably imagine his approach. Yes, you get user input in super global array. I really wanted to say "Now shut the fuck up and write that fucking $_POST".

hour or so passed, I was close to giving up to not let my anger rise (im not really good teacher... I mentioned it. I suck at teaching others) but luckly machines upgraded. He wanted to use visual studio code, she didnt care too much, so I installed phpstorm in trial mode. whatever. Since that's linux and they were not comfortable with that, I walked them through installing LAMP stack, and when finally it started to look like LAMP stack, I requested them to google how to install xdebug, becouse xdebug is very usefull and googling skill is your best weapon on that field. I go for cig, come back and what I see boiled me a little bit. The girl was stuck looking at github page randomly looking through xdebug source code and idk... hoping for miracle (she admited she thought there will be instructions somewhere) and the guy was in good place, xdebug has a place to paste your phpinfo() for custom instructions. But it didn't work for him, he claims that wizzard told him it cant help him.. hmm intresting, you are sure you pasted in phpinfo? yes, he is sure. Okay, show me.

Again mindblown how someone can have problems with reading.

so his phpinfo() looked like that:
```<?php
phpinfo();```

I highlighted on the page the words "output of phpinfo". He somehow didn't see it or something. He didnt know, he thought that he needs to put in phpinfo so he did. OMG.

Finally, I figured out I can workaround my intern problem, and I just briefly shown them php.net, how documentation looks, said to allways google in english, if he uses tutorial to read whole fucking thing, not just some parts of it, and left them with simple task, that took them whole day and at which they ultimately failed.

To make 3 buttons labeled "1" "2" "3" and if someone presses one of them, remember in session that they pressed it and disallow pressing other ones.

Never fucking again interns. Especially those who randomly without apparent reason almost literally just spawn in front of you and here, its your fucking problem now.

Fuck it, I have some time to get back to my stuff. Time is running so lets not waste it.

After around 15 minutes my one of my superiors comes in and asks me if I can go on meeting with him and other superior. My buddy goes with us, and next 3 hours I was basically explaining that you cannot do some things (ie. know XYZ happened without any source of information) in code, and I can't listen for callbacks from ABC becouse it wont send anyc cuz in their fucking brilliant idea ABC can't even know that this script would even exist, not to mention it wants callbacks.

Sometimes I hate my job.

My biggest dev epiphany was also my dumbest one. We were working on a payment system for a roadside rescue company where an employee would register payments "in the field".

The challenge was automating input with typeahead and autocompletes in order to lessen the workload as manual input had to be an absolute minimum; this will be used by truck drivers/mechanics as they are trying to hurry to the next customer who has been waiting for 3 hours longer than we said we'd take.

We managed to make the invoice path first (customer has not paid, employee logs personalia needed for billing), but when it came to "paid on site" we almost upended the entire system trying to find a way to fetch user personalia outside of the invoice path.

Neither of us realized it during the days we were banging our heads against it. Realizing we don't need to make an invoice for a job that has been paid for was equal parts relief and utter embarrassment.

Probably my greatest lesson in how important it is to pull my head out of the code once in a while, and to ask myself what I'm trying to do and why.

How do you get over the bad times? I keep having to work with shitty legacy systems that were written in perl and flash in the 90s, but my boss keeps telling me "No" on redoing some of the bigger stuff even though it is really needed. I mean, that is your goal here, right? Rebuilding this POS? FFS you still stored passwords in plain text twoo weeks ago! But no, you's rather dig around in Perl than upset some random user because his fucking interface looks different.

But then I also have to work with another system that I could redo in Cake/Laravel in two weeks (it's literally getting and writing data to one table, so two views and user auth), and the previous dev just... made a huge mess. I mean, why would you need to post data asynchronously when it's this one stupid form ? Just do a regular form submit? And the system is really not suitable for extending, because everything is in the database, EVERYTHING! Like, html form inputs? So to add a simple input to the template I have to create a new input type in the types table and then add that to the form structure table? Only to have the input checked by fucking regex? REGEX! Why? Seriously, this is not some high end CMS that needs this level of code reusability No. This is a simple fucking form.

And I can't get it to work. No documentation of course. No comments, either. All of this makes me feel like I'm just the shittiest dev ever. I feel dumb, and useless. Haven't turned on my private PC in weeks because I see no reason to work on any of my own stuff.

I used to have a job, working with Magento and Wordpress. And yeah, it was horrible, it was chaos, but it was fun and I was great at it. I bent that motherfucking system to fit my needs. People respected my opinion, they were convinced I could program this and that, and I proved them right. Did I make mistakes? Hell yeah. Did I give up? Fuck no!

But now, I just feel like I can't even write a simple fucking form any more. I'm just so close to giving up on development as a whole, even though I love it so much.

My org (of which i'm basically CTO) has this administrative tool that a team uses to combat spam and scams, which is quite the problem for us.. the tool was written like 9 years ago, by my predecessor, very quick & dirty and unaesthetic and without input from those who would use it as far as interface or UX... it got modded a little a few years later by a kind of amateur coder who was at the time on the spam control team, and now there's this new maybe slightly less amateur coder guy on the team who has written this amateur tool that scrapes data off our site and massages it and stores it on his own server and then provides a better interface, or so they say.... this is all because for a couple of years people didnt want to "bother me" with a request to improve our internal tool, they thought I was "too busy" doing other things... so instead this outsider has built this stupid thing that lives on his own personal server and so now we have these problems to do with performance, security, privacy for user info, etc etc... someone please shoot me....

It's gotten to the point where I am legitimately impressed when I can tell a service is hashing their passwords.

All of these unnecessary complications of "must not have more than 2 of the same character in a row" but "can't be more than 12 characters" requirements make me think that the passwords are being saved in plain text.

Amazon and Dropbox do it right - present the user with an input box and no requirements printed anywhere.

Didn't think I had material for a rant but... Oh boy (at least at the level I'm at, I'm sure worse is to come)

I'm a Java programmer, lets get that out of the way. I like Java, it feels warm and fuzzy, and I'm still a n00b so I'm allowed to not code everything in assembly or whatever.

So I saw this video about compilers and how they optimize and move and do stuff with the machine code while generating the executable files. And the guy was using this cool terminal that had color, autocomplete past commands and just looked cool. So I was like "I'll make that for my next project!"

In Java.

So I Google around and find a code snipped that gives me "raw" input (vs "cooked" input) and returns codes and I'm like 😎. Pressing "a" returns 97 (I think that's the ASCII value) and I think this is all golden now.

No point in ranting if everything goes as planned so here is the *but*

Tabs, backspaces and other codes like that returned appropriate ASCII codes in Unix. But in windows, no such thing. And since I though I'd go multiplatform (WORA amarite) now I had to do extra work so that it worked cross platform.

Then I saw arrow keys have no ASCII codes... So I pressed a arrow key and THREE SEPARATE VALUES WERE REGISTERED. Let me reiterate. Unix was pretending I had pressed three keys instead of one, for arrow keys. So on Unix, I had to work some magic to get accurate readings on what the user was actually doing (not too bad but still...). Windows actually behaved better, just spit out some high values and all was good. So two more systems I had to set up for dealing with arrow keys.

Now I got to ANSI codes (to display color, move around the terminal window and do other stuff). Unix supports them and Windows did but doesn't but does with some Win 10 patch...? But when tested it doesn't (at least from what I've seen). So now, all that work I put into making one Unix key and arrow key reader, and same for Windows, flies out the window. Windows needs a UI (I will force Win users, screw compatibility).

So after all the fiddling and messing, trying to make the bloody thing work on all systems, I now have to toss half the input system and rework it to support UI. And make a UI, which I absolutely despise (why I want to do back end work and thought this would be good, since terminal is not too front end).

Teach things properly, most teachers are confused and they start throwing keywords at even more confused students who then have no clue what they are doing and they then ask me to do their work for them showing me their unindented(well... kinda, they all seem to fight with the IDE, which is trying to properly indent their mess, for some reason), teachers think that Turbo Pascal is the way of life and that it is used everywhere(one teacher tried to tell me that Pascal is used in the stock market and in modern operating systems - U wot m8?! how high are you right now) and they don't teach user input sanitization and type checking, they stare at you like you are the fucking satan when you dare to use objects, collections and abstraction because they are scared to death of that stuff... and then they think 60 minutes is enough to teach HTML, CSS, JS and PHP in one go(which they even don't know properly - the teacher that made and maintains the school's website is probably stuck in 1998 judging by the design and functionality of the website and his clothes) and they then send absolutely clueless students to compete in a web design competition (and then they get angry at the judges for giving the students 0 points)

Stakeholder: We have users who are putting like “John and Mary” on their membership’s first name field. Can we restrict that field so they can’t do that?

Me: But what if that user does identify as “John and Mary”?

Besides, what’s to stop any user from taking out the “and” and making it “John Mary” so they can get around input validation for words like “and”?

I was working on a simple notebook project in java (console app)
But I think I need a little help :
When user wants to edit a note , he should write the note all over again!
How can insert the current note in console(like user input) so that the user can iterate and modify the text ?

Thanks

every day I see full stack here and there...
full stack is not only db and code, but also "every step the bit goes through " from end user's screen/input to server and back to him
whether is an app or service, end user is only an example.

it's about knowing how the language behaves, how the server interprets and replies to requests, protocols, even how to do every single configuration on the systems you are using, and in my point of view that includes hardware.

pretty much that...

I get sic when I see on a resume claiming "I'm a full stack dev" and there's nothing on it saying that the guy knows at least to change a light bulb... lol
Even worse, when I see job offers asking for "Full stack Dev, with no experience" ...

that's not possible without experience ! sorry

so I started a side project a while ago.
the only thing it could do was to create some files with desired names and extensions. so this was basically a pretty simple editor.

I left this project with no future plans for a month or so until I started working on it again this week. I added comments to the editor, a console user interface.

the ui isn't futuristic. the program runs in the console. it just lists all the files and folders where the program is currently located in. in the beginning it could take user input and that input was the location where the files created in the editor would be saved. then I thought: it would be more interesting if I created a folder in which I saved the files from the editor. so I did this thing.

then I thought, again: hey, this console is pretty boring and stuff. why should I add some special commands? and so I did.
now you can create an empty folder, before you created a folder and saved at the same time the files created in the editor. now you can open another folder in which you can do the same stuff as before. you can get the current location of the folder you are currently in, so you don't get lost in your fancy computer. you can delete a folder completely, set color, reset color.

but one thing that I lost almost ONE FREAKING HOUR ON IT TO MAKE THE USER EXPERIENCE BETTER was the following: when creating a folder, either empty or with the files from the editor, the program automatically opens the folder, not in the console(hey, I didn't thought of that) but in the file explorer from the os. now it only works for windows and windows explorer because I used system(const char*). I know it's not portable or efficient but I just wanted things to work, I will optimise it later.

the thing that made me lose that one hour debugging was figuring out how to open that file.

ok, so I used windows api with GetCurrentDirectory, I knew how to use system, I knew how to form the path that would match up with the folder, I almost knew how to open the folder with system().

the problem was that I had the path complete, but if the folder had white spaces system() wouldn't recognise the freaking command!

so the string with the path would also contain the command used in system() and I would just .c_str() the string so it could work. as an example my wrong way to make the path was this:

"start C:\\path"

can you figure out what is the problem?
you don't?
it's just so trivial.
how cannot you figure it out?
of course you NEED to put "explorer" between the start command and the actual path!
pffft, you idiot! so easy to figure it out.

so yeah, the right way to open a folder is like this:

"start explorer C:\\path to heLL!!"

p.s.: I still don't understand why putting explorer works and without it doesn't. without explorer it just just says that path with the first word before the white space doesn't exist.

!rant
Digging though my old emails found this joke sent to me long time ago. Think that originally was posted in a 1997 issue of Computerworld. Maybe you already suffered the effect of the "Opcodes" listed here. Hope that !tl;dr

ARG Agree to Run Garbage
BDM Branch and Destroy Memory
CMN Convert to Mayan Numerals
DDS Damage Disk and Stop
EMR Emit Microwave Radiation
ETO Emulate Toaster Oven
FSE Fake Serious Error
GSI Garble Subsequent Instructions
GQS Go Quarter Speed
HEM Hide Evidence of Malfunction
IDD Inhale Dust and Die
IKI Ignore Keyboard Input
IMU Irradiate and Mutate User
JPF Jam Paper Feed
JUM Jeer at Users Mistake
KFP Kindle Fire in Printer
LNM Launch Nuclear Missiles
MAW Make Aggravating Whine
NNI Neglect Next Instruction
OBU Overheat and Burn if Unattended
PNG Pass Noxious Gas
QWF Quit Working Forever
QVC Question Valid Command
RWD Read Wrong Device
SCE Simulate Correct Execution
SDJ Send Data to Japan
TTC Tangle Tape and Crash
UBC Use Bad Chip
VDP Violate Design Parameters
VMB Verify and Make Bad
WAF Warn After Fact
XID eXchange Instruction with Data
YII Yield to Irresistible Impulse
ZAM Zero All Memory

Things that piss me the fuck off about user programs(in this case text editors):

No fucking documentation or signs of it available, a promise from like 3 years ago to post: tutorials/actual docs and yet unfulfilled shit. Yet the author sells the editor, you can get a free version of it, but the extension api is only given in the paid version. It's like $12 bucks, which depending on where you are from is really the cost of a meal.

The editor in question is 4coder, seems like a good stack for building C/C++ based applications with a lot of cool utilities underneath, I see dudes using it to create a lot of cool shit online, but things like moving input, stopping the thing from formatting pasted code etc etc. Shit, even reaching the documentation is fucky, you get the names of the commands......ok...awesome...wtf do I do with these? Why do i need to watch a 20+ minute tutorial from the developer instead of being able to read a retarded ass tutorial regarding how to do the most basic shit? For an editor that is set to replace Emacs and Vim for developers inside of a windows platform....it sure is lacking AF in that regards.

I really want to work with this thing because it seems to be made with a lot of heart, just can't stand the fact that the documentation is lacking like a motherfucker

So we have this administration page in the clients app that has tables of data.

The user can click on a row to edit or click "Add' to create a new one, doing so pops up a modal with a form full of inputs and a save button at the bottom.

The other day our client told me he was concerned that users would not understand how to edit data and that I should add some text below the first input field of each modal that says "Type in a new value and click 'SAVE' to change the [field name]"

As I implimented this crap, I took a few minutes to come up with a nice way of saying that his idea made no sense, added unnecessary clutter to the UI, and proposed some alternatives.

He essentially said, "Thanks for your much better ideas, for now let's just stick with what we've got and we can revisit this later."

Everytime I open that UI, I physically feel pain and get a little sick.

Friend comes over.
Friend: "Should I declare this as long or double?"
*Shows me code, requires user input for that particular part.
Me: That's VARIABLE
*dies laughing

Once I maintained one of the most used and fucked up codebases on the market with almost 1M+ daily users. (cannot say more, sorry).

It's written in PHP and is absolutely terrifying,
the first time I saw some lines of code I was about to scream and cry.

- spaghetti code
- no indentation
- random SQL query unoptimized
- unused vars
- Code is split among several files with no logical reasoning
- Mixed procedural and oop programming
- Unsanitised user input (yes, you got it right)

No test environment, no backup database, every commit goes straight to production.

It's a real disaster but the company prefers to keep it as it is without refactoring or anything else.

Just to make it clear:
It's not hatred against PHP, it's against the code's current status and the older programmers which used to work on it.

So I traveled for an hour and 30 minutes to go to my school and complete an assignment that is mandatory for being accepted to my study next year. Guess what.. the assignment was writing a python script that prints specific characters of a set string based on user input. Seriously??? print(str[inp1:inp2]) I was done within a minute and got to leave again. 99% of my time was spent sitting in a train wondering what the point of a mandatory assignment in python is when we are only supposed to learn it once the study starts anyway.

Working from home. Most of the team is off. Client has an official half day. Most of them are off. Instead of being online at 7 am, gonna get online around 850 just before daily standup. Laying in bed, enjoying the cool sheets and the fact that there's no rush. ~0730 team lead calls, user shit himself and I need to fix it. Server issue? Nope. Data issue? Nope. Portal bug? Nope.

Client input conflicting data and can't progress with tool.

Have you ever thought to send a security code to the email the user put in the sign up form just to say him later "the password must contains at least 8 characters, etc." and ask him to fill the form again from scratch?

Who is so dumb to put the input check in this order? Honeywell.

- The email is correct?
- Ok, send a code and ask to confirm it
- The password meets the requirements?
- No, ask to confirm the email again just for fun.

I'll just ignore the waste of server resources to send N * Number of users emails for no reason.

I'm developing a new (just for fun) programming language and I'm wondering what features I should add next? These features are already implemented:

- Printing text
- Variables
- user-input
- Datatype conversion (String, Int, Float, Bool, List, Dictionary)
- lists/arrays
- dictionaries
- Sorting
- Shuffling
- random numbers & choices
- Math stuff like: log, abs, floor, ceiling, sin, etc...
- Time & Date
- Working with files
- If-else statements
- Ternary operators
- Loops (for & while)
- Functions
- Classes
- Error handling
- Importing libraries & other scripts
- Arrow/callback functions
- Escaping (\)

is there anything you often use missing?

I have been spending all day optimizing a wordpess site for pagespeed, looking into how can I optimize the custom scripts which block rendering and I was learning some new things, it was hard but I was making progress. Then comes the senior engineer who installs a plugin and pagespeed went from 60 to 90 on mobile, I was pretty shocked. Then it hit me. IT DELAYS THE LOADING OF EVERY SCRIPT AND IMAGE UNTIL USER INPUT TRICKING THE SCORING SYSTEM. U GET A WHITE SCREEN IF YOU DON'T DO ANYTHING. I told him it's not really faster this way, and he agreed it is not "ethical" but the score is good.
Am I still an idiot naive kid? There is a line between scamming people and quality work, but it keeps getting more blurry.

My colleague had some problems today.
He had problems from both user input and predefined strings sent with ajax to backend. The "&"-sign was splitting values in GET-requests into unintended parameters. So... he was simply going to search and replace all of those signs with the word "and"...

encodeURI()? Why are you sending our forms with GET-requests?! 🙃

Has to fix a bug in our old products web interface, how did I ever put up with it. In some places it has 7 nested iframes. It is also some of the worst code I have ever seen, no user input is sanitised plus there is no structure to the code, try looking for a CDs element without going into chrome dev tools is impossible as there are 52 separate CSS files

!rant
Before I left my other company I was in the midst of finishing one project and I was ansious to finish everything to leave as a rockstar. Now, one of my js scripts brought a huge and long json response that had many nested items and arrays and whatnot. Instead of properly destructuring or finding a particular piece that went similarly to "status": "Verify input"(that was nested unser a shitload of items) i did the unspeakable......i stringified the whole object and just used indexOf.

I still feel guilty over it...but it works :P thing is, if it returns that it means that the user entered an invalid status into the app (it was an inventory application) but it works :P

Oh well. Mind you they thought it was going to take months and I finished in 1 week so yay.

Client be like:
Pls, could you give the new Postgres user the same perms as this one other user?

Me:
Uh... Sure.

Then I find out that, for whatever reason, all of their user accounts have disabled inheritance... So, wtf.

Postgres doesn't really allow you to *copy* perms of a role A to role B. You can only grant role A to role B, but for the perms of A to carry over, B has to have inheritance allowed... Which... It doesn't.

So... After a bit of manual GRANT bla ON DATABASE foo TO user, I ping back that it is done and breath a sigh of relief.

Oooooonly... They ping back like -- Could you also copy the perms of A on all the existing objects in the schema to B???

Ugh. More work. Lets see... List all permissions in a schema and... Holy shit! That's thousands of tables and sequences, how tf am I ever gonna copy over all that???

Maybe I could... Disable the pager of psql, and pipe the list into a file, parse it by the magic of regex... And somehow generate a fuckload of GRANT statements? Uuuugh, but that'd kill so much time. Not to mention I'd need to find out what the individual permission letters in the output mean... And... Ugh, ye, no, too much work. Lets see if SO knows a solution!

And, surprise surprise, it did! The easiest, simplest to understand way, was to make a schema-only dump of the database, grep it for user A, substitute their name with B, and then input it back.

What I didn't expect is for the resulting filtered and altered grant list to be over 6800 LINES LONG. WHAT THE FUCK.

...And, shortly after I apply the insane number of grants... I get another ping. Turns out the customer's already figured out a way to grant all the necessary perms themselves, and I... No longer have to do anything :|

Joy. Utter, indescribable joy.

Is there any actual security reason for disabling inheritance in Postgres? (14.x) I'd think that if an account got compromised, it doesn't matter if it has the perms inherited or not, cuz you can just SET ROLE yourself to the granted role with the actual perms and go ham...

Alright got an idea I have for my game engine that I'd love some input on...

So the engine has emphasis on user made content and openness to that content (EG. open source dev tools and no licencing of art) but I also want to try and build a basic ecosystem with the engine and one way I'm doing it is with cross game mods (Take a mod from one game and drop it in another and it just works... Famous last words) but something I want to try is a companion app for the engine itself...

So it'll have a custom written save system baked in engine to make progress saving and the like simpler for the end user, thinking about building an app for smart watches and phones that would connect to the engine and actually back up and sync local saves to the app and vice versa as long as they have a connection (Hotspot your phone, bluetooth or wifi) but allow you to manage some data within the app by building a basic API to let devs show the user information about the save and the game by adding description, thumbnails to distinguish games and the like...

Just want opinions if it may be a good idea to invest some time into and if anyone has idea's that could make it better.

TL;DR - I came up with an ingenious version of a solution to a problem and still got 0 marks.

In my bachelor's degree we learned about abstraction, as usual for CS degree students.

In a later exam, a coding question asked us to swap two variables values without using a third variable and print the before and after on the screen.

You can read the question above again, because wait for it....

So this is what I wrote basically (JS equivalent solution),

class Solution {
constructor(obj) {
this.var1 = obj.var1;
this.var2 = obj.var2;
}

swap() {
return {"var1": this.var2, "var2": this.var1};
}
}

let input = {"var1":5, "var2": 7}
let object = new Solution(input);
console.log('Before');
console.log(input);
let solution = object.swap();
console.log('After');
console.log(solution);

Now look, before your boomer asses jump in and say "aCkChUaLlY tHiS iS iNcORrEcT"
I did include all kinds of comments that this is abstracted. The swap function is hidden away and the object variable doesn't need to know what it's doing.

In the context of this question, this is absolutely acceptable as a solution since the end-goal is to print the results on the screen and the user wouldn't see the source code.

I still got 0 on that question and I still get pissed about it sometimes, when I remember it, like just now.

What the fucking shit, Arch. In what universe/reality is a user expected to easily/quickly address GPG/PGP bullshit when they install Arch. It's already hilarious enough as it is for the user to input every single command in order to install the thing. -- That's actually what's great about Arch; you get return and assurance from each command. -- I understood the fact that you need the latest ISO release in order to even install Arch, but now, if you decide to pacstrap linux-hardened, or god forbid, a package that is who knows what, less maintained?... fuck knows what will happen.

The fantastic part, is that you can't do shit when you're in an arch ISO install. All of the simple and possible solutions that involve GPG DBs/keyrings/etc require you to have the all of the shit installed already; which is fucking impossible if the package manager is bitching about keys not being imported. The most fantastic part, is that there is probably some complete bullshit, ultra-exclusive command or simple solution that will fix this crap. - And if you even dare ask the Arch forums, you'll be branded as a "newbie" and sentenced to read the fucking wiki. - ??? -- That's not a fucking good thing. -- The majority of people who are installing Arch right now, are people who are installing it for the first time, and chances are, most of those people have no fucking clue what is happening; they're learning what is happening. Furthermore, they're probably the kind of people who aren't inclined (or they don't know how) to scour Google or the Arch forums for answers to vague, lazy-ass error messages. The whole point of this thing is show and confront the user about what they're installing and what they want on their computer. Holy shit. This is all the more reason to ensure that total, stupid, ambiguous bullshit errors do not occur. -- "error: key "dogshit master <dogshitmaster@dogshit.org>?" could not could not be imported". -- That's it. That's the error in it's entirety. For a fucking OS install. What the fuck.

I always wanted to become a business man like my dad and I was going to study BBA. Until I saw the tv show Person of Interest, I know it sounds silly but it inspired me to make my own AI system that can predict stuff.

I could not make the machine or Samaritan, but in my final year project, we managed to make an AI system that can categorize emails automatically without any input from the user. The system can create category names by itself and put the emails accordingly.

The importance of not using static salt / IVs.

I've been working on a project that encrypts files using a user-provided password as key. This is done on the local machine which presents some challenges which aren't present on a hosted environment. I can't generate random salt / IVs and store them securely in my database. There's no secure way to store them - they would always end up on the client machine in plain text.

A naive approach would be to use static data as salt and IV. This is horrendously harmful to your security for the reason of rainbow tables.

If your encryption system is deterministic in the sense that encrypting / hashing the same string results in the same output each time, you can just compile a massive data set of input -> output and search it in no time flat, making it trivial to reverse engineer whatever password the user input so long as it's in the table.

For this reason, the IVs and salt are paramount. Because even if you generate and store the IVs and salt on the user's computer in plaintext, it doesn't reveal your key, but *does* make sure that your hashing / encryption isn't able to be looked up in a table

Just got an Android app project from friends, but already have a bad feeling about it.

It already start with 11 freaking screen, an input activity with 17 field(include spinners, date picker, location picker, and a freaking table). 3 different account type, each has different item and function visible to the user. 5 main feature, one of it include *chat* that supports multimedia, A freaking alarm system, both scheduled and automatic based on certain parameter with push notification, and deadline at January 1st with teams of 3 people :)

Not really a rant, but I love Android!

Go to Settings -> Language and Input -> Language, and change it to English (UK), the answers given by Google assistant will have a British accent. Change it to English (India), Google assistant will have an Indian accent, and the same thing applies for English (Australia) and obviously English (US).

Perfect example of phone adapting to the user!

The most excited was probably when I had to write a Visual Basic program with a try/catch statement that took user input and would send a “You Done Messed Up!” Popup Error message in the catch. For some reason it was sending it anyways even after the input was correct. Took me an hour of debugging to find out it was my logic that was wrong. Finished the assignment 5 minutes before it was due. I celebrated as if I had just won the World Cup.

As a long time Ubuntu user, last month I upgraded from Xenial to Bionic to try the new Gnome based desktop.
At first I thought it was a good transition, everything was working fine, beautiful UI, nice animations, so I installed all my tools and started the real work... then the problems started. The memory usage was always very high and only getting higher, the animations were stuttering and laggy, and it was having an unrecoverable freeze at least twice a week. Searching the web I was seeing more and more people complaining about freezes, lags, bugs, memory leaks, password input field bugs... damn, how I missed Unity! That was it, Gnome Shell made me miss Unity more and more.
This week I installed Unity 7 and purged Gnome Shell from Bionic. Now I'm happy again!
It's so good to be free of the anxiety caused by the lack of stability of the system, so good to know that the system will not break or freeze if I'm doing a resource intensive task. Now he sh** is working fast and stable, and I'm here wondering why such a good DE could be dumped for something so buggy like Gnome.

ok I give up trying to make a screensaver for Linux

I don't even have anything to rant about

just everything I tried didn't work and nothing makes sense

I'm gonna find somewhere to bury my woes

this is so stupid, too. because I can just query the system if it's idle, run my app, and then ask my app to exit if there's any user input. but instead I'm trying to integrate it with the existing screensaver software. which evidently never runs my application for God knows what reason. and I'm tired of reading 100 pages hunting for the answer. where's my arch wiki page for how to make a screensaver =[

I am just student looking for job, and got this pre interview test:
Develop an Android or iOS app with login and password input field, download button, place for image we prvided.

... reading further:
What we are looking for in the code ?
internal quality:
-consistent formatting of the source code
-clean, robust code without smells
-consistent abstractions and logical overall structure
-no cyclic dependencies
-code organized in meaningful layers
-low coupling and high cohesion
-descriptive and intention-revealing names of packages, classes, methods etc.
-single small functions that do one thing
-truly object-oriented design with proper encapsulation, sticking to DRY and SOLID principles, without procedural anti-patterns
-lots of bonus points for advanced techniques like design patterns, dependency injection, design by contract and especially unit (or even functional or integration) tests

external quality:
-the app should be fully functional, with every state, user input, boundary condition etc. taken care of (although this app is indeed very small, treat it as a part of big production-ready project)
-the app should correctly handle screen orientation changes, device resources and permissions, incoming calls, network connection issues, being pushed to the background, signing deal with the devil :D and other platform intricacies and should recover from these events gracefully
-lowest API level is not defined - use what you think is reasonable in these days
-bonus points if the app interacts with the user in an informative and helpful way
-bonus points for nice looks - use a clean, simple yet effective layout and design

... I mean really ? and they give me like 2 days ?

So this is the story of myself getting from hating vim to find it pretty good.

When i started fiddling around with linux i was literally overrun by vim. I mean how the fuck should i remember all these stupid commands.
So there we go ... nano was my favourite (and only) editor i used.

Everything was fine in my little nano world. I saw some colleague editing every damn thing in vim. I asked him "man what the fuck are you damn crazy"? And thats where till that moment the deepest conversation about an editor in my life began. He told me he could do that much with vim, its almost everywhere nowadays and a must for any admin.

So after letting him tell me about every thing you can do he promised me he is going to help me getting started quicker. And i must say boi vim is really awesome. But for "real" development i still use a ide. Although i find myself programming go, python or bash scripts entirely in vim and its not that bad.

So if you find your way through the deep shit of that single damn command input down there you can get a pretty decent editor.

Dont get me wrong i am forced to use nano sometimes, when i help some of friends with their servers or so and they litterally uninstalled vim because they were to frustrated.

So as i am started to go into the devops area you get more and more towards you have to edit a file on a server, or just tweak around before automating the shit out of it.

And i must say vim has become a solid alternative for me to a full blown ide, or any other text editor.

So yeah i am gone from freaking hating vim to using it almost everyday. But why some people out their treat vim like a religion is not understandable to me in any way.

So whats your story why do you hate/love vim? Or are you just like me a "happy user" that would switch to another editor anytime it would be a better fit?

First post on devRant... Aaaaand it's university hw... I can't wrap my head around this...

So, the problem is: I have to implement writing and printing 64 bit decimal integers (negative and positive with 2s complement) in NASM Assembly. There are no input parameters, and the result should be in EDX:EAX. The use of 64 bit registers is prohibited.

There is a library which I can use: mio.inc
It has these functions:
- mio_writechar (writes the character which corresponds to the ASCII code stored in AL to console)
- mio_readchar (reads an ASCII character from console to AL)

It also has to manage overflow and backspace. An input can be considered valid or invalid only after the user hits Enter... It's actually a lot of work, and it's just the first exercise out of 10... 😭

The problem is actually just the input - printing should be easy, once I have valid data...

Please help me!

I wrote a stored procedure and declared the input as varchar instead of varchar(100). everything seemed to be working. later on we noticed that the procedure only saved the first character of the input (a user form). unfortunately we found out first when the monthly form reports where issued. a whole month of incomplete forms from our users. the client wasn't happy.

Jason Bourne logic: type "run predictive algorithm" without any parameters into a terminal and it returns the locations of whatever you want. Either that function is the _best_ at predicting user input, or its variables are so hardcoded that we've just discovered the hardest material on earth

Sanitize before db input.
And as a user I get my pdf document full of &gt;
Thanks!

Debugging a Velocity template issue the other day where I was presenting a firm to the user to fill in some data. Whenever the user had entered in one or more lines, a 'true' kept showing up cryptically before the form. Drove me fucking nuts because there was nowhere in the template code that was printing before the form input.

Turns out it was the output of a $list.add(...) being rendered to the screen.

Spent 40 mins on that shit.

😐🔫

How do you implement TDD in reality?

Say you have a system that is TDD ready, not too sure what that means exactly but you can go write and run any unit tests.

And for example, you need to generate a report that uses 2 database tables so:

1. Read/Query
2. Processor logic
3. Output to file

So 1 and 3 are fairly straightforward, they don't change much, just mock the inputs.

But what about #2. There's going to be a lot of functions doing calculations, grouping/merging the data. And from my experience the code gets refactored a lot. Changing requirements, optimization (first round is somewhat just make it work) so entire functions and classes maybe deleted. Even the input data may change. So with TDD wouldn't you end up writing a lot of throwaway code?

A lot of times I don't know exactly what I want or need other than I need a class that can do something like this... but then I might end up throwing the whole thing out and writing a new one one I get a clearer idea of what i or the user wants or needs.

Last week I was building a new REST API, the parameters and usage changed like 3 times. And even now the code is in feasibility/POC testing just to figure out what needs to be used. Do I need more, less parameters, what should they be. I've moved and rewritten a lot of code because "oh this way won't work, need to try this way instead"

All I start with is my boss telling me I need an API that lets users to ... (Very general requirements).

So, finally decided to write my first rant.
I finished today a function that takes the generated week calendar of a WordPress plugin and gives the user a nice print layout.
Problem: The plugin doesn't use the database for it's calendar, only for the events in the calendar. I had to write really unefficent code in jQuery(ajax) and PHP and additionally create a new table. Finally completed the code for printing out a selected day, the current week and a timespan that can be defined, every exception and input is now handled correctly .
Such a great feeling to be finally done with this 4000 rows code.
I hope that I will never again have to create a workaround for such a not-developer-friendly plugin.
Why do clients always want to use such plugins?!

Just sat through a demo of some clicky-draggy data visualisation stuff.

The guy showed us how you can write a custom script that takes a user input and pokes it into a sql command using string concatenation, so a very obvious injection vulnerability.

Ok, so it's only a demo. But you wouldn't do a demo with an example user called Captain Cock, so why do a demo with a screamingly obvious security hole?

Whole thing was basically pivot tables in a short skirt anyway.

At what point do you say a junior dev is no longer a junior? What metrics do you use? Like scope of knowledge, impact on team / code decisions, years experience, management skills, etc.?

I feel I'm qualified as a mid level developer now despite only being a junior for a little over a year. I had tons of internships in college and was kind of placed in a role where growing fast was required.

I broke a sweat for most of that ~1 year I worked as a junior and my contributions to my project aren't insignificant

I don't say that to toot my own horn here, I really do want to ground myself in reality. But I don't know if my standards are too low or my organizations standards are too high. FWIW, other devs on my team have commented privately / informally that the junior title isn't super fitting.

I'm still pretty dependent on my boss but that's more for final say of things. He'll often have some input to my work but I'll also be involved with design discussion and take up a large chunk of work without question. On light sprints I'm knocking out 20+ taskhours of work, going closer to 30/40 when things pick up. Not uncommon to kill 10 user stories in a sprint.

I don't know, what do you guys think?

I'm writing a Python script to manipulate Excel files, I'm using the openpyxl module, does anybody know how can I check if a user input is in a column, I've done this:
newItem = input("What is the new item?")
for itemChecker in inventory["A"]:
>>>>if itemChecker == newItem:
>>>>>>>>item_on = True
>>>>if itemChecker != itemNuevo:
>>>>>>>>item_on = False
if the user input (newItem) is in the "A" column of the variable assigned to an Excel file called "inventory", the variable "item_on" is set equal to True, if the user input isn't in the "A" column, "item_on" is set equal to False
what am I doing wrong, I'm not getting any errors but it always says that the user input isn't at the "A" column (sets "item_on" equal to False) even when I know it is

Hey guys I've a problem I've been trying to solve for a while. Also I'm a college student so my knowledge isn't going to be the greatest so go easy on me if it's simple to solve😂. So I'm creating a real time licence plate detector using yolo lite, my own deep learning ocr and plan to add the model to fast api. So as an input to the rest api, the user will submit a IP camera link for openCV to get individual frames for preprocessing before yolo predictions. The problem I have is how to I handle multiple real time IP camera feeds at once?. Ive been researching multi threading but read that it can cause issues with async definitions in fast api. Any advice will be greatly appreciated and if more information is needed just shout!.

I had serious depednecy problems for a while. I couldn't find anything similar on the stackoverflow so I had to figure it out myself, so after some planning I found it out that I have to replace a complete module to reach the full potential of the application. To reach the desired speed and the correct output I had to split the input in two and then run one side trough an external module which made some state changes on one part of the input data, then the application merge the output with the rest and returns every single drop in a nice processed way. It works quite well, the user can decide in what percentage of the data shall be processed to get the desired output and the right state. I am really happy with the end result. The picture of the result in the comment.

So, I have a weird issue. I'm trying to finish my homework and the only thing that's stopping me is that for some reason VS is skipping a line of user input code. Can anyone help me understand why?

cout << "Make: ";
cin.getline((*c).make, 32);
//when debugging the the console skips this line of code. Trying to figure out the issue.

cout << "\n\nModel: ";
cin.getline((*c).model, 32);

I want to emulate a dial input because skeuomorphism is cool. I thought it would be nice to freeze the mouse pointer while a dial is clicked so it doesn't wander off to the void while the user watches the dial value. Do you think this is a good idea? Also, is there any gui toolkit that allows this?

!rant

Just did some really satisfying refactoring. Much happier with my work now. Its a little cli app to poll M-bus devices and write the data to file if the user wants. Can scan the whole range, search for specific devices and VIFE codes, parse an input file for lots of the previous data and one or two other things.

How's everyone's else's weekend?

(!rant && user_input)

I have been pondering for the last couple of days on how to validate whether a referring http request is actually coming from the referrer it claims to come from. Any ideas on this?

You know how the machine learning systems are in the news (and Ted talks, tech blogs, etc.) lately over how they're becoming blackbox logic machines, creating feedback loops that amply things like racism on YouTube, for example. Well, what might the ML/AI systems be doing with our code repositories? Maybe not so much yet, I don't know. But let's imagine. Do you think it's probably less worrisome? At first I didn't see as much harm potential, there's not really racist code, terrorist code, or code that makes people violence prone (okay, not entirely true...), but if you imagine the possibility that someone might use code repositories to create applications that modify code, or is capable of making new programs, or just finding and squishing bugs in code algorithmically, well then you have a system that could arguably start to get a little out of control! What if in squashing code bugs it decides the most prevalent bugs are from code that takes user input (just one of potentially infinite examples). Remember though, it's a blackbox of sorts and this is just one of possibly millions of code patterns it's finding troublesome, and most importantly it's happening slowly (at first). Just like how these ML forces are changing Google and YouTube algorithms so slowly that many don't notice the changes; this would presumably be similar and so it may not be as obvious as one would think. So anyways, 'it' starts refactoring code that takes user input into something 'safer'. Great! But what does this mean? Not for this specific example really, but this concept of blackbox ML/AI solutions to problems we didn't realize we had, what does a future with this stuff look like (Matrix jokes aside)? Well, I could go on all day with imaginative ideas... But talking to myself isn't so productive, let's start a fun community discussion here! Join in if you find this topic as interesting as I do! :)

Note: if you decide to post something like "SNN have made this problem...", or other technical jargan please explain it as clearly as possible. As the great Richard Feynman once said, the best way to show you understand a thing is to be able to explain it clearly to others who don't understand it... Or something like that ;)

!rant
Starting my first small c++ project with website interaction on an Ubuntu server as practice for next semester. Any good recommendations to get user input from a webpage using only c++ (there can be html within the c++ program of course) and libraries?

I have once worked with an httpd-deamon and got user info from the url but I want a user to be able to fill in 2 textboxes and submit them using a button.
Plain text is good enough and it will only be used by 2 people once every week or so.

!Rant
If I'm validating a user input form should I use a hash or a encrypted string. I hope to include the user IP, header requested time plus a random number for the string.

Hey errrbody!!!

I'm banging out a couple "showcase" mobile apps for practice, portfolio, and/or as potential templating tools.

I have no issue writing the code, I just wanted to see if I could get a couple pointers as far as user databases go. I'd like to have some "user profile" features generated from a FB...vlike profile images, name, address, contact, yadda yadda yadda. I usually use Firebase, but I am still having a little trouble with the more advanced stuff when it comes to integrating users profile data. I can get values from Google and whatnot, but I'd like to see what my other options are on the smaller scale.

I am currently writing code in Flutter/Dart, ReactJS( not native!), Vanilla Js, Python, and CPP.

I know there's options for client side storage like Shared Prefs, Sqflite, etc, as well as server/DB side stuff like Firebase, Aws, Mongo, Node, SQL, etc- you get the idea.
I just want something with decent documentation that's reliable, not a massive undertaking (at least not for all this little stuff, anyways) and could potentially be a go-to platform configuration in the future. It'd be cool to wire in my Flutter and js shit of possible, bit honestly I'm cool with having separate setups for the time being. Any extra input regarding the use of python and/or cpp as well (either separately or with mobile) would be rad as fuck!!!
I do realize it's a pretty vast area to cover, but I figured it couldn't hurt to see what everyone likes to use for full-stack setups.
Thanks!!!!

hmm I need suggestion.

Actually am working on autocomplete address (zip code to autofill countries,state,city) feature.

But am confused with events. For example I have input field user is typing zip code so on which event I call my api example onsubmit or onChanged.

I seriously don't want to use onSubmit. But if I use onChange event than it will start searching for every character :(

any advice

So I'm working on a project with my professor, I ran into problem and don't know how to solve it.. everytime a spreadsheet is saved it should ask for two step verfication. Doing so while testing in matlab was easy. Now I can't implement it on system level..Since we're using Linux i thought i would be good idea to change the kernal files which handle copying and pasting or replacing... Any idea (I'm not a hardcore linux user) any input will be much appreciated

Relatively often the OpenLDAP server (slapd) behaves a bit strange.

While it is little bit slow (I didn't do a benchmark but Active Directory seemed to be a bit faster but has other quirks is Windows only) with a small amount of users it's fine. slapd is the reference implementation of the LDAP protocol and I didn't expect it to be much better.

Some years ago slapd migrated to a different configuration style - instead of a configuration file and a required restart after every change made, it now uses an additional database for "live" configuration which also allows the deployment of multiple servers with the same configuration (I guess this is nice for larger setups). Many documentations online do not reflect the new configuration and so using the new configuration style requires some knowledge of LDAP itself.
It is possible to revert to the old file based method but the possibility might be removed by any future version - and restarts may take a little bit longer. So I guess, don't do that?

To access the configuration over the network (only using the command line on the server to edit the configuration is sometimes a bit... annoying) an additional internal user has to be created in the configuration database (while working on the local machine as root you are authenticated over a unix domain socket). I mean, I had to creat an administration user during the installation of the service but apparently this only for the main database...

The password in the configuration can be hashed as usual - but strangely it does only accept hashes of some passwords (a hashed version of "123456" is accepted but not hashes of different password, I mean what the...?) so I have to use a single plaintext password... (secure password hashing works for normal user and normal admin accounts).

But even worse are the default logging options: By default (atleast on Debian) the log level is set to DEBUG. Additionally if slapd detects optimization opportunities it writes them to the logs - at least once per connection, if not per query. Together with an application that did alot of connections and queries (this was not intendet and got fixed later) THIS RESULTED IN 32 GB LOG FILES IN ≤ 24 HOURS! - enough to fill up the disk and to crash other services (lessons learned: add more monitoring, monitoring, and monitoring and /var/log should be an extra partition). I mean logging optimization hints is certainly nice - it runs faster now (again, I did not do any benchmarks) - but ther verbosity was way too high.

The worst parts are the error messages: When entering a query string with a syntax errors, slapd returns the error code 80 without any additional text - the documentation reveals SO MUCH BETTER meaning: "other error", THIS IS SO HELPFULL... In the end I was able to find the reason why the input was rejected but in my experience the most error messages are little bit more precise.

HOW to document business logic in code?

background:

I'm a frontend dev for admin system of our company. Often times I code things like: if user choose this product type and that settings then I show some other input field to input. I deal with mostly forms and show/hide UI for user. And after some time nor did user/PM/test or myself remember the logic of what should show or why something do not show.

So I want something to be able to let me write code and business logic along the way.(I'm not asking for API docs or function docs like JSDoc)

Great Thanks

Related topics:

And In terms of this, I would also like to build something to centralize PM's business DOC with developers API/dev Doc and also things like how to test for our test team and etc... basically a unified place to document everything, I think scenarios like these inside companies should exists so I would like to know how other company do this.

I love how the devRant webapp is intercepting scroll events (I assume) such that attempting to scroll down results in one step down, two steps up.

Why? Is this an attempt to solve jellypotato for infiniscrolling?

Looking further I see the scrollbar itself is actually getting smaller, like some element on the page is extending beyond the end or something. 🤔

I don't know, man...

i always get sucked into this "cute code" hell whenever i am working with a b2c codebase, and especially with kotlin code.

here's a scenario:

task : build a debounce logic for an input view where each user input is currently triggerring an api call.

my steps
1. read what debouncing is.
2. see if any code is available on the internet
=> found a code piece on the internet with some level of abstraction ( basically a simple final class that implements the input event callback and encapsulates the debounce logic)
3) copy it, run it , it wokrs

------

for any sane coder, these steps are hardly 10-30 mins and they can move on with life. but its your truly that made this task into a 6hour research only to come up at similar solution. my curiosity led me to stupid places

1) why this class is final? what if someone else wanna use it but with a different behaviour? lets try open(non final class) .

2) why even use a class? it extends an interface, lets try to wrap the logic in interface itself (kotlin supports interfaces that don't require implementation)

3) umm , the interface works but it looks ugly, with all its global overridden variables. what about we make it extension?

4) yeah the extension approach is also not very good, lets go back to open class.

5) but extend is super nice to look! lets keep the extension and open class too

6) can we optimise the implementation? why it uses an additional handler? what if we provided everything in constructor? how about builder pattern?

FUCK MY BRAIN! there are so much fucking options that i forgot that i spent 4 hours on this small thing

the simplest approach would have been tk just shove all the listeners and everything in activity and forget about it :/

senior devs on this platform, how do you stop yourself from adding every concept that you know into the smallest possible task?

Since Google is failing me...

Given a user input (string query) and a list of larger strings (like email bodies or something), what's the best way to search and rank the list of strings against the user input.

So far I have implemented levenshtein distance but it doesn't really seem to do extremely well. (Short strings rank very well against each other, whereas long strings **containing** exact matches will go lower in the list)

Should I be splitting the input and the list by word and then averaging the distances?

The only thing I have tried is removing complete non-matches from the list by not including them if the distance is equal to the length of the largest string

NEED HELP: C#

Please I am a Beginner in C# and I need little help with Methods.

In the Picture attached, I'd love to use User input as Parameters in the method. Example: example getting user imput with Console.ReadLine(); and storing it to num1 or num2 as parameter in the Method.

Is this possible in C#, if so, how can I make it work? Thanks

Okay, I hope a few people can help me with this; what are the benefits/reasons to use MS technologies? I'm talking about .NET, ASP, Windows Server, Powershell...

I've never understood it. I love Nodejs because you don't have any packages unless you ask for them. Alpine Linux is amazing! It runs on 8MB of RAM from fresh and doesn't need much more space to install.

You want .NET core? 140MB download. You're configuring database connection strings? Feel free to type in whatever you like, it'll parse and replace with some magic variables that have come from some other random file.

I was using Powershell recently, needed to set an env variable. Bash is happy with "export name=value". You want to do that in Powershell? I just googled it and found an entire 40-minute read discussing how to set env vars. Why?! It should be one command, and I don't know who thought that "Get-ChildItem" was _obviously_ referring to env variables.

It seems to me that everywhere MS has got their hands on development-wise, it inherits the typical sales bullshit. No no, you can't call them "websockets", they have to be branded "SignalR" and add tons of overhead. You can't say "disable notifications" it has to be "focus assist". I'm really surprised something as simple as a keyboard hasn't become a "varied user input device" or something of the like.

Am I alone in thinking this?

Following some new nextjs tutorial to learn how to efficiently build a web chat app, the guy built it very solid, but is it efficient?

Im having mixed feelings about this approach. The way he did it is, for example when you click on a user (imagine it as a list of users from your contacts), it actually calls a route, which stores that in database, and once its done Then the route triggers lets say socket.io event to notify the frontend to update the UI.

Not only that but each new message that gets sent it actually calls a route which stores that message in database and once that's successful Then it emits a socket.io event to the frontend to fetch that message.

As you can imagine constantly calling routes like this Does induce small delays. Creating conversations, navigating, opening someones profile and especially sending messages, is NOT instantaneous. When you do it theres a small delay, giving the impression as if the app is SO large that it lags

But it doesnt lag, it just needs a few ms to store that in db so it can return the socket.io bidirectional message event. Which does make sense because what if the internet broke and the user immediately gets sent a message, but the message fails to get stored in database? Or db storage gets fucked or something else fails but socket.io works while db doesnt? The data then may be inconsistent. This approach fulfulls the single source of truth principle

So thats why im having mixed feelings about this approach particularly because of small delays. It is not instantaneous like whatsapp discord telegram signal viber etc the input UI freezes until the message is successfully sent

---

Of course this can be a UI/UX decision and can be handled differently even if the backend works like that.

My concern is is this approach valid?

My question is... I had an idea what if i emit socket.io event to send the message while in the background also call the route to store that message in db? This way not only would it work asynchronously but the message gets sent instantaneously, and if the backend fucks up to store it in db then the UI gets updated with message failed to get delivered, switching the socket.io into polling state. Is this a good (proper, efficient, better) way to do it or not?

Developed module for e-commerce system to batch upload product information from MS Excel document. First test from user & got error stating that comment is too long. Some input contains about 100 whitespace in end...

Then I found that PHP's built-in trim function isn't trimming Japanese whitespace character. 😓😓😓 ... Quick fix for that..

I doubt i'll never become familiar with that Japanese 2-byte character thing 😶

How can I take user input in "livesqloracledotcom"

I am developing an app for industrial automation that requires frequent user input. I am exploring the idea of using voice input to input data. The problem is the application will never have access to the internet during use. This is due to being in the middle of nowhere and security requirements. So I am looking for voice control libraries/systems to control an app that can be installed on a Windows 7/10 machine.

Has anyone had any success with a completely self-hosted voice control system?