What only relying on JavaScript for HTML form input validation looks like

When you get high on validation

When your coffee supplier won't let you order < 5. Client side validation wins again.

js validation

"enter Phone number"
"numbers not allowed"

Finally I have something to rant about.

Your move, human...

Client side validation be like:

client side validation ?

Never trust the user with input...

The GET /users endpoint will return a page of the first 13 users by default.

To request other pages, add |-separated querystring with the limit and offset, as roman numerals enclosed in double quotation marks. Response status is always equal to 200, plus the total count of the resource, or zero when there's an error.

You can include an array of friends of the user in the result by setting the request header "friends" to the base64-encoded value of the single white pixel png.

Other metadata is not included by default in responses, but can be requested by appending ?meta.json to any endpoint, which will return an xml response.

If you want to update the user's profile picture, you can request an OAuth token per fax machine, followed by a pigeon POST capsule containing a filename and a rolled up Polaroid picture. The status code attached to the return postal dove will be the decimal ASCII code for a happy smiley on success, and a sad smiley if any field fails form validation.

-- Every single external REST API I've ever worked with.

A typical demo...
Me: We added validation, server communication, caching....
Customer: Meh...
Me: We fixed bugs, sped up queries, implemented X features.
Customer: Meh...
Me: We surpassed the speed of light, transcended to another plane of reality, cured cancer, brought peace to galaxy.
Customer: Meh...

UI Designer: I prepared these sketches for the UI
Customer: Wow, so innovative, look at that beautiful transitions, even mobile design, just wow

Me: * dies *

I've always made this joke, but it happened for real.

There was a existing bug in our machine for a very long time. So long that the validation engineer now treats it as a feature and they raised a issue when the bug was fixed :/

My recent failure to build a responsive website according to a template tells me I should have worked with CSS a bit more.

The thing is, I write the type of CSS that passes the CSS validation with flying colors, but doesn't work as it should. Am I a minority(I hate that word), in that?

Now I have to redo the website or I'm not passing the exam. Lovely.

Today I realized that I hit a total burnout. Last 3 years were extremely stressful for me (4 jobs in 3 different countries, exhausting and toxic relationship, bad habits). Last 7 months are the worst. I became lonely isolated and miserable. I learned to rely purely on stress, determination and validation to get through my days. Was supressing my emotions for a long time just to focus on making the money. Its time to break the cycle.

Im done with this. Next week Im quitting my fulltime job. Saved enough money for starting capital of my own dev services company. Built three projects that generate stable income to cover my living costs. Now finally I can take a long break to recover from this burnout and to heal myself. That poor persons mentality that I had from my poor family has been shattered. I achieved what I wanted in terms of having the money and gathered enough experience necessary to survive anywhere.

I managed to get through all this shit on my own with barely any support. People around me were draining me more than actually helping me. But I managed to do it and now its time to focus on myself, to heal and restore love for living. Im safe now.

Me: "I'm a programmer"

Others: talks about linux
Others: search algorithms!
Others: service infrastructure
Others: memory optimization
Others: encryption

Me: "I'm a front end web developer"

Others: complex services
Others: strong user form validation
Others: lazy loading
Others: SEO

Me: "fucking, I make shit look pretty alright"

Client-Side Form Validation only be like...

That validation tho...

Don't mind me, just writing maintainable, legible, commented and documented code. What's that, an email validation? Let me just
/^(([^<>()\[\]\.,;:\s@\"]+(\.[^<>()\[\]\.,;:\s@\"]+)*)|(\".+\"))@(([^<>()[\]\.,;:\s@\"]+\.)+[^<>()[\]\.,;:\s@\"]{2,})$/i

Got assigned to fix a bug in a validation function that would always return true even if the data is invalid.

I looked at the code from the function and noticed that the only line of code in the function was "return true;"

Apparently, the programmer who wrote this function a few years ago got fired and no one ever finished his work.

Now it amazes me that no one ever has looked at the problem and just assumed it would be a complicated bug.

Way to many...

- Passwords stored in plain text on the year 2014
- Not supporting HTTPS because to expensive
- Hidden admin URLS
- Databases available all over the internet
- Client Side validation
- IoT

Ex-boss (who boasted 20 years of programming exp.) Would not let us work on a web project saying we didn't have enough experience and said he'd do it alone... Fast forward to 3 days before presenting to client, we get to check the log in interface and immediately find that there's no actual security, no validation... Just 2 text boxes with hard coded users and no way to add more without creating them in db... And if you knew the next page's URL you can actually skip the login... Needless to say he was removed from the project that instant and we (interns at the time) had to do everything from scratch. A 3 months project done in 2 days. Never been more stressed in my life :'(

I'm guessing the last person didn't have time to validate..

Productive day!

Rewrote an intern's feature and briefly explained how/why
Gave intern a choice of projects, and explained them
Removed two unused models, one unused route
Dried up two views into a partial
Redesigned said partial
Tested validation edge cases (ex: Jan 10nd, 101bc)
Fixed an api
Simplified three models
Added scheduling and platform restriction to a feature
Le wild bug appears: a user with negative xp!?
Wrote a migration to expand players' max xp to 2^64-1 because a certain legacy game gives it away like my ex-boss makes promises. Chewed at devs, but they're all long gone so :/
Won two games of pool
Browsed devRant

Busy day, and all of this while falling asleep! 😊
I'm quite proud of myself today.

Worst legacy experience...

Called in by a client who had had a pen test on their website and it showed up many, many security holes. I was tasked with coming in and implementing the required fixes.

Site turned out to be Classic ASP built on an MS Access database. Due to the nature of the client, everything had to be done on their premises (kind of ironic but there you go). So I'm on-site trying to get access to code and server. My contact was *never* at her desk to approve anything. IT staff "worked" 11am to 3pm on a long day. The code itself was shite beyond belief.

The site was full of forms with no input validation, origin validation and no SQL injection checks. Sensitive data stored in plain text in cookies. Technical errors displayed on certain pages revealing site structure and even DB table names. Server configured to allow directory listing in file stores so that the public could see/access whatever they liked without any permission or authentication checks. I swear this was written by the child of some staff member. No company would have had the balls to charge for this.

Took me about 8 weeks to make and deploy the changes to client's satisfaction. Could have done it in 2 with some support from the actual people I was suppose to be helping!! But it was their money (well, my money as they were government funded!).

Javascript Input validation

Never loose your hope ..
.
.
because once upon a time javascript was used just for form validation and jquery animation.

!rant
The change log from notepad++ update. The last paragraph is the cream!

" The issue of a hijacked DLL concerns scilexer.dll (needed by Notepad++) on a compromised PC, which is replaced by a modified scilexer.dll built by the CIA. When Notepad++ is launched, the modified scilexer.dll is loaded instead of the original one.
It doesn't mean that CIA is interested in your coding skill or in your sex message content typed in Notepad++, but rather it prevents raising any red flags while the DLL does data collection in the background.

It's not a vulnerability/security issue in Notepad++, but for remedying this issue, from this release (v7.3.3) forward, notepad++.exe checks the certificate validation in scilexer.dll before loading it. If the certificate is missing or invalid, then it just won't be loaded, and Notepad++ will fail to launch.

Checking the certificate of DLL makes it harder to hack. Note that once users’ PCs are compromised, the hackers can do anything on the PCs. This solution only prevents from Notepad++ loading a CIA homemade DLL. It doesn't prevent your original notepad++.exe from being replaced by modified notepad++.exe while the CIA is controlling your PC.

Just like knowing the lock is useless for people who are willing to go into my house, I still shut the door and lock it every morning when I leave home. We are in a f**king corrupted world, unfortunately. "

I thought we were encouraging people not to smoke these days? "{0} is required!"

The problem with my life is acceptance from others. Validation (almost wrote vladiation).

For instance, I finished my course in Advanced Java Programming a few days ago. Supposed to be a year course or some shit, finished it in two months. They told me I don't need to go to the remainder classes and I could write the examination. Got the certifications, passed with flying colours.
Well done me? No, fuck you me. "It's not through Oracle, so it's completely useless. Har har you wasted your measly salary on a course and it means nothing". You know what? Fuck you and fuck validation. I will validate myself from now on.

Anywhom, what a start to a shitty rant. Let's go over some generic points so I can finally make my avatar.

IE can suck a duck ("oooh you made it and it runs fine in every fucking browser except fucking IE - slow clap).

Chrome RAM usage can suck a duck, two times. (just generic post, don't actually give a shit - I use Firefox).

People who can't use one fucking indentation standard ("oooh two spaces, oooh three spaces, oooooh a fucking tab button... " etc) can fuck off.

That fucker who came and converted my buildings in Age of Empires with the "wolololo" priest can fuck off too.

Been reading through devRant and you know what? You guys are pretty cool

Rant rant = new Rant
rant.isRant = false // !!!

I woke up this morning after not thinking about my code for a day, and realized i had a flaw in my validation design. I fixed it before opening my eyes.

It's kind of amazing how not thinking about a problem can help solve it. Even if you don't know it's there!

I'm just copying and pasting regular expressions from Google, and praying they work.

A client asked me to add a mobile phone field to a registration form and asked me explicitly to use their server side validation for it.
Apparently they need a valid provider prefix, but after that everything goes. This was passed as valid mobile phone number.

"Your password must be between 8-20 characters and contain an uppercase letter, a lowercase letter, a number, a special character and a haiku about your childhood pet."

When you have a poor form validation....

Friend asked me to help with his HTML5 form validation. His back-end work was decent, but whoever did the front-end... Oh boy.

They used media queries for mobile etc, which was fine. Until I saw what the queries did. Instead of resizing the form accordingly, they hide the visible one and make another one visible.

WHY WOULD YOU DO THIS

Why does it take so loooong!

Funny :D

I hate this fucking front-end stuff so hard..

How DA FUCK is it possible that I set up the whole backend including DB connection, base controllers, models, base validation and stuff in an hour but don't get this fucking fucking retarded JS framework piece of shit to display a test string after ONE FUCKING HOUR!!!

Why do we need this shit anyway? Why does everything have to be shiny with some fucking animations???

It's about the information, isn't it? Then WHY DOES IT HAVE TO LOOK PRETTY???

I gonna travel back in fucking time to the early 80's!

Stupid front-end shit..

I was taking an introductory programming course. One assignment was to do a little payroll program, including some data validation. The program was supposed to accept terminal input and send output back to either the console or a printer.

Suddenly the printer began spewing out paper like crazy. One of the students (a particularly mouthy woman) had programmed a less-than-helpful error message ("YOU ARE WRONG") and then not provided any exit from the error-checking logic -- the program just re-read the last (failing) input and re-tested it. All in all, it was a very nice infinite loop.

After spitting through about fifty pages of "YOU ARE WRONG," somebody cut power to the printer, and the instructor had to flush the print queue manually. He went back to the student and asked if she had tested the program by sending the output to the console before trying to print it, and she said, yes, she had tested it on the console and ended up with a screen full of "YOU ARE WRONG" messages. Why, then, had she sent her output to the printer? "I thought I would be daring!"

Whoever coded tinder and bumble, fuck you for preying on desperation to try to make a quick buck.

Dating apps are just a tool for attractive folks to get quick self validation and for desperate folks to lose even more self esteem.

Client side validation op xD

Root gets ignored.

I've been working on this monster ticket for a week and a half now (five days plus other tickets). It involves removing all foreign keys from mass assignment (create, update, save, ...), which breaks 1780 specs.

For those of you who don't know, this is part of how rails works. If you create a Page object, you specify the book_id of its parent Book so they're linked. (If you don't, they're orphans.) Example: `Page.create(text: params[:text], book_id: params[:book_id], ...)` or more simply: `Page.create(params)`

Obviously removing the ability to do this is problematic. The "solution" is to create the object without the book_id, save it, then set the book_id and save it again. Two roundtrips. bad.

I came up with a solution early last week that, while it doesn't resolve the security warnings, it does fix the actual security issue: whitelisting what params users are allowed to send, and validating them. (StrongParams + validation). I had a 1:1 with my boss today about this ticket, and I told him about that solution. He sort of hand-waved it away and said it wouldn't work because <lots of unrelated things>. huh.

He worked through a failed spec to see what the ticket was about, and eventually (20 minutes later) ran into the same issues Idid, and said "there's no way around this" (meaning what security wants won't actually help).

I remembered that Ruby has a `taint` state tracking, and realized I could use that to write a super elegant drop-in solution: some Rack middleware or a StrongParams monkeypatch to mark all foreign keys from user-input as tainted (so devs can validate and un-taint them), and also monkeypatch ACtiveRecord's create/save/update/etc. to raise an exception when seeing tainted data. I brought this up, and he searched for it. we discovered someone had already build this (not surprising), but also that Ruby2.7 deprecates the `taint` mechanism literally "because nobody uses it." joy. Boss also somehow thought I came up with it because I saw the other person's implementation, despite us searching for it because I brought it up? 🤨

Foregoing that, we looked up more possibilities, and he saw the whitelist+validation pattern quite a few more times, which he quickly dimissed as bad, and eventually decided that we "need to noodle on it for awhile" and come up with something else.

Shortly (seriously 3-5 minutes) after the call, he said that the StrongParams (whitelist) plus validation makes the most sense and is the approach we should use.

ffs.
I came up with that last week and he said no.
I brought it up multiple times during our call and he said it was bad or simply talked over me. He saw lots of examples in the wild and said it was bad. I came up with a better, more elegant solution, and he credited someone else. then he decided after the call that the StrongParams idea he came up with (?!) was better.

jfc i'm getting pissy again.

My girlfriend...

We can't go longer than a few seconds without her saying something trivial and demanding validation from me 😂😂 Oh and trying to work while your lady is half naked sprawled out on the bed isn't very easy either...

Oh well, some things you just have to deal with in life.

Rather than singling out one person, I wanna present what I see as incompetent/stupid/ignorant:
- no will to learn
- failure to follow the very specific instructions & later asking for help when they FUBR sth & not even knowing what they did to fuck up in the first place
- asking how to solve stuff, then ignoring the suggestions & doing sth totally against recommendations
- failure to remember most basic stuff, especially if not writing it down to look at later when needed
- failure to check logs & 'google' stuff before asking why something isn't working the way they want it
- after two weeks, asking me how feature xy works, mind you they coded it, not me
- asking me why they did something in a specific way - WTF, am I a mind reader?! Who designed that crap?! Me or you?!!
- being passive/aggressive & snarky when told to do something or being asked why isn't it done already
- not testing their shit properly
- not making backups when upgrading (production) servers
- not checking the input value, no validation.. even after many many debacles on production with null ref exceptions
- failure to admit they fucked up
- not learning from (their) mistakes

Oh my dear DevRant, please add code-formatting standards & check-style validation on submitted code snippets, because the wrong indentations of code snippet posts on DevRant is driving me crazy, check-style ftw!

Being a developer has it's advantages: I wanted to apply for a internet subscription for my home but my home adress wasn't recognized by the provider. So i wanted to send a complain form but this was only possible by providing it with a client number, which I obviously didn't have.
So this was my solution 🎉

Me: ya hi, we integrated with your API and I'm receiving error x
Provider: ok we'll disable validation, plz check
Me: ya it works, what's the problem? I used a GUID for id and I'm sure it's unique, here is URL and request body
Provider: you have something wrong in your implementation. Fix it and it will work
Me: aaand what's the wrong part of my implementation?
Provider: id is not unique, fix it. *Hangs up*

I sometimes sit and wonder, how and why does this kind of people get hired, FOR FUCK SAKE YOU ARE THE PROVIDER AND YOU DONT KNOW WHAT THE FUCK IS WRONG!
fucking useless ...

My first actual rant on devRant:

Fuck corporate companies. Fuck agile development.

In the last 8 months I’ve been with this company, I’ve 1) made the app layout (which was super fucked) compatible with iPad. 2) reduced the apps size by 1/3 of the original size. 3) improved memory usage by double the efficiency, nearly eliminated all memory leaks. 4) gotten employee of the quarter for some of the above mentioned.

After all of this I got a talking to from product manager that “he knows I am a good developer but needs more consistency” after I spent a sprint on one story trying to consolidate front end validation logic and make a “validatableTextField” actually do some validation. So much for the MVVM you promised me.

Also, was promised I’d get some experience with Android, and with a team of 8 devs 6 of which have droid backgrounds and other two are juniors, guess whose only even built the droid project once in 8 months? You guessed it. This company has drained me of all of my knowledge, went against most of its promises to me, and values pushing features to the point of adding tech debt faster than I can solve it.

Unfortunately my personal life relies on this job or I’d quit right away. But you bet your ass I’m passively looking for something and I can’t wait till I get a job offer and quit on these ungrateful hypocrites.

teenage me: "people asking me to help them with the printer or simple tasks are so annoying"
now: helps anyone with anything just to catch a break and get some validation

Junior coder says validation is not needed on asp.net mvc form pages because it is not in the requirements or part of the definition of done. Wants to argue about it. Refuses to do it. Says I am over optimizing or some shit like that. Good luck with that. If you can't figure that one out or listen to feedback perhaps you should become a project manager not a programmer.

I'm moving some old data into a new database.

It contains some dates that *should* be in ISO 8601...

This is some of the trash that I found:
01/01/70
2010-11-05T08:06:48T08:06:03.7
2007-09-13T

Moreover, it has a column which *should* contains numbers, instead it has been defined using varchar, so it contains also some wonderful 'NaN' values.

I really would like to beat the person who set up all this stuff without some basic validation policies.

No Cross Validation needed...

Thanks to Devrant I've learned about rubber duck debugging. Never heard of it before! It reminds me of a story many moons ago when I worked for a certain multinational company as a business analyst. The company brought in some consultants who basically stole the work my team was already doing on a big project (a horrendous series of spreadsheets linked to data coming from the core systems) and sold it back to the company for an insane amount of money as their idea.

When they launched the new product, the team I was in was asked to test and review it. It took my colleague ten seconds to bring the whole thing to its knees and trigger a corrupt data export back into the core systems. Bearing in mind this external company somehow managed to charge tens of thousands of pounds. So what did my colleague do? Hack the system? Some kind of complicated sabotage? Nope. He typed "FISH" into one of the spreadsheet cells! Thus the FISH test was born.

That day I learned several things: it's easy to break things with a fish; the importance of validating your input; and the satisfaction of showing up the smug bastards who stole your ideas and work.

Me : I should start building user authentication system.
inner self : there are enough free and secure ones out there, just go read the documentation.
Me : fuck I'm not reading 10000 pages of documentation written in alien language.
inner self : well then you better start building
Me : **writes code
Inner self : you better add the data validation and security while coding
Me : I just want it to work !
Me after a few days trying not to suicide : the site is hacked, the code is bugged, hello darkness my friend

When starting a project at work:

My name everywhere. Every file, every change-list I proudly put my name to prove my skills.

Program goes for validation:

Thousands of bugs.

Realize that I've written shit code. Slowly removing my names from all over the code.

You know what really grinds my gears?

When a manager writes up some bullshit "this doesn't work".

Then you waste your time following up, and they say, "oh yeah, this so and so pop up came up with validation error X".

YEAH? AND I'M SUPPOSED TO KNOW THAT WHEN YOU WRITE ABSOLUTELY NO STEPS TO REPRODUCE, JUST COMING TO ME WITH "HEY, X IS BROKEN" GOD JUST GET FUCKING 1% TECHNICALLY LITERATE THATS ALL I ASK FOR I'M SO SICK OF YOUR SHIT

Today was epic.
I made the first formal demo of the mobile application I have been working on for the past three months, and the whole team of the start-up I work at were all psyched about it. I got compliments from everybody.
Since I am the only tech oriented employee, what I do is pretty obscure to the rest of the company and I was not expecting such reactions and it was awesome. I'm proud of what I achieved, and the undivided validation made me feel like I own the world, even if I have still much learning to do.

coffee. secret word: validation

Today for the 4th time I explained to my colleague that just because the front end app can perform validation doesn't mean the backend shouldn't. Every fucking time for all of them.

Just got a lection from my manager.
Today he sent me an email with request to change validation on one field validation from decimal(5,3) to int which will be 5 digit number. Ok i did that, I changed it on UI, changed validation, changed mappings, changed dtos, created migration files, and changed it in databse. After i did all of that I replied to his email and said that ive changed validation and adjusted it in database.

After my email here comes rage mail from manager with every fuckin important person in cc I kid you not. Manager is asking why the fuck did I change database when Ive could only use different validaton for that field on UI.

I Almost flipped fuckin table. What does validation good do if you wouldnt be able ti save that form? And form has like 150 fields. And if I left validation only everthing would fuckin break.

Sometimes i think that its better not to think.

FML

"at least 3 alphabets"

I felt uncomfortable reading this response from the server ._. ( response is from a validation library called Joi )

dear api author at my company pt. 2:

If you're gonna create an api method that takes some arguments.

And one of those arguments is an array.

THEN MAKE THE FUCKING ARGUMENT'S NAME PLURAL YOU FUCKING PIECE OF SHIT.

REPEAT WITH ME, MOTHERFUCKER.
ARRAY, PLURAL, NON-ARRAY, SINGULAR.

I need to pass a shitload of filters for the data for this table, and for every suckin fuckin filter I need to singularize this shit. Thank god for es6.

I know this sounds like nitpick, but I swear to fucking alpha omega this guy is inconsistent as fuck.

Every time it feels like he makes up a new rule.

Sometimes I need to send arrays of ids, other times arrays of objects with an id property on each.

He uses synonyms too, sometimes it's remove, other times erase.

PICK ONE MOTHERFUCKER.

If you can't do the basic things well, then what is to expect of more advanced stuff?

Naming conventions you fucking idiot, follow them. It's programming 101.

You're already sending them as plural in the fucking response. Why change them for the request?

And that's just style, conventions.

This idiot asshole also RARELY DOES ANY FUCKING CHECK ON THE ARGUMENTS.

"Oh, you sent a required argument as null? 500"

We get exceptions on sentry UP THE ASS thanks to this useless bone container.

YOU'RE SEEING THE EXCEPTIONS TOO!!!!! 500'S ARE BUGS YOU NEED TO FIX, YOU CUMCHUGGER

And sometimes he does send 400, you know what the messages usually are?
"Validation failed".

WHYYYYYY YOU GODDAMN APATHETIC TASTELESS FUCK???
WHAT EXACTLY CAUSED THE FUCKING VALIDATION TO FAIL????

EXCEPTIONS HAPPEN AND THANKS TO YOU I HAVE NO IDEA WHY.

The worst of all... the worst of fucking all is that everytime I make a suggestion to change shit, every time, you act like you care.
You act like the api is the way it is because you designed it in a calculated manner.

MOTHERFUCKER. IF A USER HAS ONLY PRODUCT A, THEN HE SHOULDN'T BE ABLE TO ACCESS DATA FOR PRODUCT B. IT IS NOT ENOUGH TO JUST RESTRICT SHIT WITH ADMIN ROLES. IDIOT!!!!!

This is the work of someone who has no passion for programming.

To all the web developers out there that use email validation, stop using a check for common domain names! If I try to sign up with my email address (something@coded-websites.be) it won't work! So stop doing that and use a RegEx please! Who has had this problem too?

team lead: what is the minimum lenght validation on the first name field?
dev: i decided to put minlenhgt 3
team lead: why? did you tests it
Dev: i tested it. 3 makes sense to me
Team lead: isint your first name 2 letters long?
Dev: oh i dodth think about that

Yes you can have hyphens in email addresses, you incompetent nincompoops!!! Just use the standard regex for email validation and stop trying to make your own rules!!!!

We (as new hires) had to add a fallback logic for input validation on every input element using only JSP and Spring controllers just because the client still uses IE6 and fucking disables Javascript!!

We have an API available for our customers to integrate our software with their Webshop.

A client and their developer complained because not all of the products came through. I checked the products, the validation, the parameters, the database .. everything looked fine and I was scratching my head why these articles wouldn't come through (but it did work at my end).

After some time, I checked the request logs..
Apparently it wasn't quite clear for them that a loop is required with the 'skip' and 'take' parameters to create an offset for pagination.They only synchronised the first 500 products.. everytime..

We have a limit of 500 products per batch (take) for performance reasons.

They asked if we could increase this limit, because they have "a large range of products" (not really, only 800 or so and we have clients with more than 2mil. products..) Oh pls.. I've sent them a link to the PHP manual for a basic 'while' loop..

Colleague asked me to review his code. I honor this top tier email validation.

Hey, just spent 9 hours on my computer. Just seeking validation, I'm not the only one right?

This rings true even if the customer is internal. Built a feature and provided documentation on how to use it and one of the end users still used it wrong.

It was a simple validation process too. Input the member ID then click validate, the app then checks if the person is in the system and fills in some other fields and does some other backend stuff. How could you get that wrong?! 🤔

Did you know that talking about your goals actually decreases your chances of reaching them? It's a form of social validation. Talking about them and receiving praise from your peers in a sort of mini-goal which could replace the actual goal so you are less motivated to actually go for the real goal. Best of luck anyway! May the odds be ever in your favor when facing procrastination😂

What.. the actual... fuuuuuck?!

Browsing through changes on TFS (yeah, yeah boo me for using TFS instead of git if you like, I don't care, most people use/prefer TFS here, so I conform 'to the standards'..)

Anyhow, going through changes, looking for the one where some comment appeared..

'a wild comment appeared'.. tadaaah!

Checked the rest of changes.. Hm.. Someone did a validity check.. that returns the 'false' if not passed.
// OK, great! They are finally testing their shit and fixing stuff..
But apparently then they decided it is OK to do all the shit anyways.. so WTF?!
Why even bother validating it?! Oh yeah, forgot... cuz in case it returned false YOU WERE NOT SUPPOSED TO LET SOME STUFF HAPPEN!! But they weren't assigned with that exact task I guess..

TO DO:
- do the validation algo // fml, not going into how fucked up that was written..but it was horrible!
- do validity check where appropriate/needed
- test validity check and that it doesn't break functionality

+ check if the validation actually logically works?! nope, not on my to do list, not my job..

All done, better not actually do something that requires you to think.. :\

How the fuck that happened?! How can one person be assigned to check if something is stupid/wrong?! and when checking (&confirming) still lets the customer do that shit anyways?! What's the point?! O.O

Me: "The exploit worked when you tested it too, right?"
Them: "..."
Me: "You tested it too, right?"
Them: "..."
*facepalm*

Woke up this morning to a fucking giant snowstorm and my first reaction was 'fml' , poured some coffee , lit a smoke and started checking my work mail 'Issue xxxx response : Not solvable '...what the...I go through the files on my phone , look at what that issue was : lack of proper validation , filtering and encoding of input thus enabling xss . Not solvable my ass ...simply adding literally 3 more characters to that fucking retarded filter would stop all the bypasses . This issue is a showstopper for their project and that is what they answer ?
Sorry to indians out here but some of your colleagues are as stupid and unimaginative as they can possibly ever come .

Fuck uninspired jr devs that are simply collecting a pay check.

I have been handed a project that a jr dev was allowed to wallow on for over two fucking years. This lazy mother fucker managed to create 5 functions, a whole fucking mess of bullshit that I now have to straighten out on top of the 8 other things that I have to deliver on in the next month.

They never followed requirements. Not-a-one. The API is fully broken. The DB schema is BEYOND fucked. There's ZERO validation/sanitation on I/O. The deployments only work half the fucking time. Their code is so spaghetti I'm getting triggered from when I worked at Olive Garden with Eminem. But hey, at least they were able to demo it to the client to say "it works".

I don't condone violence, but every time I find malformed if statements, linter exceptions, broken deploy configurations in this project -- I just want to kick them in their stupid fucking face.

Wherever you ended up you piece of shit, I hope your dreams of becoming a rich asshole only bring you unending despair. I believe you can make it though, because you're already halfway there.

How software engineer fix a broken lock 😂
Also known as "USB validation"

I made a functional parsing layer for an API that cleans http body json. The functions return insights about the received object and the result of the parse attempt. Then I wrote validation in the controller to determine if we will reject or accept. If we reject, parse and validation information is included on the error response so that the API consumer knows exactly why it was rejected. The code was super simple to read and maintain.

I demoed to the team and there was one hold out that couldn’t understand my decision to separate parse and validate. He decided to rewrite the two layers plus both the controller and service into one spaghetti layer. The team lead avoided conflict at all cost and told me that even though it was far worse code to “give him this”. We still struggle with the spaghetti code he wrote to this day.

When sugar-coating someone’s engineering inadequacies is more important than good engineering I think about quitting. He was literally the only one on the team that didn’t get it.

PayPal always making me laugh. A photo I tweeted some years ago...
Translation:
Placeholder: (Optional)
Validation: This field is mandatory

I had to make an account for my kid's school.

Last night I start. I put in a username, then it has a quality meter for the password. I put one in and it goes to like 90%. Ok, fine. I submit and...

Validation error on the username field. Message? [object Object].

Try all different kinds of username: no numbers, all caps, etc. But no luck so I give up.

Today I try again and get stuck again. Then I think... "Maybe the devs suck worse than I think..."

I change the password so that it's rated 100% and submit... Success.

Fucking devs.

One of my classmates was working on a login form, and the fucker handtyped a 100+ character email validation regex but forgot to add a check to make sure no fields were blank.

It was funny when I was able to create an account with no username, breaking his website, and even funnier when I told him html forms have a built-in email pattern

What's a bigger sin.

Returning a status code of 200 and then the message body saying "An Error Occurred"

or

Only performing data validation on the frontend.

Putty remote executuon vulnerability(no patch yet)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to unspecified input validation error when processing data, received from SSH server. A remote attacker can trick the victim to connect to a specially crafted SSH server and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Me: After 3 days of deliberation, I finally picked a framework, I can jump into the rewrite

*2 hours of inspired coding later

I finished the configuration validation and logging setup! What was that framework again?

Want to be likeable or get your way through people?

No need to sell ice cream, just validate those insecure souls.

Wide majority does not want their fragile bubble to be broken even if they are suffocating within.

All they seek is validation. That's fucking it. That's the secret.

If someone asks you for some opinion or support, most of the time they are just want to hear how great their mediocre thought process is.

Someone's lack of ability accept criticism and grow is the sole reason they are stuck in quicksand situation and only drowning further.

An unethical social skill but this will take you a long way and also help you stay sane from the insecure narcissistic scums by avoiding toxic interaction.

JUST VALIDATE THEM.

I coded the app so good
I optimized the UX SO GOOD
I made the UI look GOOD
I made the error handling and input validation ROCK HARD SOLID BULLETPROOF

NO FUCKING WAY COULD YOU FUCK THIS UP

NO WAY COULD YOU BE DUMB ENOUGH NOT TO KNOW HOW TO USE IT AND NOT FUCK IT UP

I GAVE IT TO MY DAD AS A NORMAL USER TO TEST THE APP AND HE FUCKED IT UP ON THE FIRST TRY

HE DIDNT UNDERSTAND THE UX.

.

I've heard that it has a very high validation accuracy and is super efficient 🤔

Can companies please check their address policy for consistency before implementing some bullshit constraints? Literally happened minutes ago:

Me: __enters address "city"__
Website: Hey, I auto-correct your city to "City (Region)"
Me: __submits form__
Website: Whoa there, you can't enter braces in your city name!

Dont become a dev if you:

- Cant sit in the office for 8-10 hours a day

- Dont know how to google information/ errors, instead you interrupt your teammates with stupid questions every 5 minutes

- Are a perfectionist and don't like constant change.

- Are neurotic and give up easily. If you get triggered about broken or messy things to the point where it ruins your day to you and everyone else around you. You need to separate your work from your life.

- Don't have good communication skills. Worst I saw was a guy who speaks with a stutter(nobody understands him) and also writes very poorly (nobody understands his emails). Also he gets very angry when you ask additional questions to clarify what he said. How can you work with someone like that?

- Are very sensitive to critique. I prefer someone telling me that my code is shit and telling me why, instead of feeding me delusions and false validation.

- Dont know how to balance working in team and working solo. Nobody likes lone wolfs who are arrogant and not in sync with the team. But also nobody likes to drag teammates who cant think for themselves and even after years of spent in the field are required constant spoonfeeding because they are unable to google and teach themselves with trial and error.

How is this not a valid address!

Don't you just hate filling a sign-up form which is validated to such an extent that it even requires everything to be entered in capitals. UGH! JUST CONVERT TO CAPS IN YOUR BACKEND FOR GODS SAKE!!!

API Request validation is stupid.

Until you remember
* Your target audience is highschool students
* Your front end dev loves to fuck your stuff up
* His mom works in QA and she equally likes to fuck shit up
* It's just a good idea
* People just fucking suck

A team at school spent 3-4months on an eStore web app, for selling items. The title was "Securing your eStore".

When they were done with their presentation, the examinator asked: "But... You haven't said a thing about the security part."

"Oh, sure we did, as we showed you, we added validation on the email address and credit card text fields etc. If you press the Pay button here, you will get an alert()-dialog telling you which fields are invalid..."

UX quiz:
a) trim whitespace characters from credit card or bank account input
b) refuse transaction, show error message: "no spaces are allowed in the card number"

So, according to my customer, the internal app I just released is "far too aggressive and not overly polite to users".

After querying this the client was referring to validation error messages.

Where I've wrote "Set a payment method before creating the order", the client would prefer it to be ""Please set a payment ...".

I guess it's a fair enough observation, but the client's phrasing made me chuckle :)

Fulfillment company: the order you put in our system is wrong, the hours we needed to correct this will be charged to you (Red: or rather my employer)

Me: *Checks logs and our server - finds out the order was made in their own webform/webapp*

Me: hey how come I can put in values in your webform that should not pass sanity checks, thats weird (in this case it was a product w/ a quantity of 0)

Fulfillment company: we don't do sanity checks or validation, we just find out when shit crashes and burns, nothing weird about that

Me: WTF

'17:15' < '09:45' === false
'5:15pm' < '9:45am' === true

I either need a language with a stronger type system, or coworkers who understand that comparing raw time input in validation is a bad idea 😡

HTML quick maffs
If you want to have a placeholder for native <select> element, just do the following:
<option value="" selected disabled hidden>Choose...</option>

It will make a native placeholder that:
- is accessible and readable by screen reader
- doesn't show up in options list
- allows native validation with "required" attribute (note the empty value attribute in the placeholder option).

It's unfortunate that we don't have it the way we have placeholder in inputs, but this is the next best thing.

Just had my last day at my current job last week. I got this amazing virtual card with 20-30 people telling me how amazing I was and how large of a difference I made. I’m not someone that seeks or needs validation, but to see those comments in writing really made me feel good and like I made a huge difference.

List of shit my superior said and wrote in the project:

1. Prefer to write "pure" SQL statement rather than ORM to handle basic CRUD ops.

2. Mixing frontend and backend data transformation.

3. Dump validation, data transformation, DB update in one fucking single function.

4. Calculate the datetime manually instead of using library like momentjs or Carbon.

5. No version control until I requested it. Even with vcs, I still have to fucking FTP into the staging and upload file one by one because they don't use SSH (wtf you tell me you don't know basic unix command?)

6. Don't care about efficiency, just loop through thousands of record for every columns in the table. An O(n) ops becomes O(n * m)

7. 6MB for loading a fucking webpage are you kidding me?

Now you telling me you want to make it into AJAX so it'll response faster? #kthxbye

Got a ticket saying we need our website's record creation wizard to have better validation. No worries, just some regex, right?

Sure, regex for name entry (with the usual white person assumptions about names), and fixing the fact that it's in-page popup doesn't close on save. Or save draft. Or delete.

And also you need to apply the name regex for the fields on this page to all the previous names that the user lists.

And there's that one issue where the address history message always shows no matter what.

Oh and make sure that if they choose to ignore those validation issues then the validation message is in the notes for the record.

And fix the thing where it saves as draft instead of as a normal record.

And and and and and...

Can we just talk about making it 1 problem per ticket? This sort of shit makes me look bad when it takes me a week to fix 1 ticket, when I'm usually a few-a-day kinda person

About to punch Android studio in the face! My SYNTAX IS CORRECT!!!! 😡😡😡😡

I just created a free Spotify account using the email spotify@spotify.com. The leisurely breeze that is the input validation team's work at Spotify.

I am stuck with another Postman.

Attrition in my current org is way to high in product teams and we have only one designer shared between ~100 people (10 product lines).

My ex-lead (a genius) and my skip level manager (very smart chap), both keep saying that my manager is a very good manager.

However, in reality, I don't find so.

- Only responds to my questions
- Ignores any other form of communication
- No help on any front
- No support or validation on my tasks (hence, I have to actively keep asking for feedback)
- Regularly cancels 1:1
- Involves other team members in 1:1 and cancels theirs as well
- Says I am doing well but keeps nitpicking in my work
- Hardly reviews anything

My company is amazing, pay is good, perks and opportunities are wonderful, kickass learning but my direct manager isn't making me feel comfortable working here.

Maybe she is too cramped with responsibilities but again, I have never seen her deliver anything and all she does is a postman job of taking inputs from her manager and pass on to me and coordinates until me and her manager decide to jump on a call and figure things out ourselves.

It's just been 3 months and I feel more annoyed than worried about being here.

Yes, a plus, i.e. `+`, is a fucking valid char for an email address.

Your online service is shit, you don't know your craft, and you should feel bad about yourself!

But you thought email is fucking simple, google for email validation regex and took copy pasted the first fucking find from some random blog that validates anything but an actual fucking valid email addresses, didn't you!?

(Funfact, the plus sign allow to create email aliases in some free mailer services. GMail for instance. That's why I l like using emails like my.actual.mail+I_KNOW_WHY_YOU_ARE_SENDING_SPAM@gmail.com as my registration email. Also, brute-force that login email.)

Only because i write validation for your input does not mean you can shut down your brain.

Did you know, that you can just type 'thisisunsafe'? This will tell Chrome to skip certificate validation 🤯

Our invoice report crushed because someone paste an invalid character which devExpress couldn’t handle.
I told boss we should trim and run regexp test for all string input.
Got rejected.
Why?!?!?!🧟‍♀️🧟‍♂️🧟‍♀️ 🧟‍♂️

I may not be a dev... (learning in my off time though, best thing ever) but I have been responsible for the computer system validation, requirements definitions and planning of a new piece of software that will have a major increase in effeciency for a division consisiting of over half our companies employees.

For months it has been a painful process. I have had night terrors, immense pressure on my head all the while thinking we are getting to that final goal (live deployment), and the light at the end of the tunnel has just seemed to be getting further and further away... Like a donkey chasing a carrot on a stick.

After all the grey hairs, stress and drinking I am finally going to deploy this thing to the live environment tomorrow. Funny thing is its the part of this process that managers are stressing about and I am here like... Oh wow my Friday just got a whole lot better

The whole autistic “no ssl validation” ServerCertificateValidationCallback to true

Me: The dev agency didn’t follow best practices. They only implemented front end validation on the form. The form submits to a public endpoint, so bots don’t have to go through our site to submit the form. That’s why our database is still filled with $1 donation transactions. I honestly recommend telling this to the dev agency and request that you not be charged for the extra work needed to do this right.

Manager: They charge $95/hr and they’re billing for 8 hours already.

[Aside: The agency’s task was to implement a $10 minimum on the form, do some text changes, and deploy.]

Me: I would expect work to be done according to accepted best practices. It’s really a half done job.

Manager: But they were very helpful when we had that payment processing emergency. They stayed late to help us. We shouldn’t push this in case we need their help again. Can you do the backend validation? [We are in US and agency is in Lithuania.]

Me: 🤬😩😑🤐[To myself: This wouldn’t have happened if the fundraising team hadn’t panicked and would only wait until I came back from my one day of PTO.]

Using cookies for verification and validation without encrypting the values which should have been handled in the backend without any use of cookies.
I wonder how vulnerable by website was...

Just discovered one of our core systems had literally used api key validation of "drop into database, if exists, its fine"

Well, around 30 seconds later, I have successfully authenticated with apikey "%". Wonder why.... Sigh... Patch already pushed, but still it left bad taste in my mouth...

lesson for beginers:
validate, validate, validate. If user could touch it, treat is as broken unsafe and if used it will nuke your home. check if it will, than use it.

Looking for a second opinion/validation.

*Me: “Perhaps this simple and concise way to ensure the user doesn’t lose their data before they leave the page that requires non-zero yet minimal input from the user. (Read: ya gotta push a save/submit button)”

*Everyone else: Let’s pretend to read the user’s mind and perform relatively complicated functions behind the scenes, of which the user will most likely be unaware, that will add an undetermined amount of complexity to the development because we think it’s “where things are going,” by saving the value of a certain HTML element as it loses focus.

Edit: this is an exclusively-internally used app.

I hate dumb variable names as much as I hate people who don't signal when they drive.

Never mind the fact that there's a validation-state variable inside his controller, separate rant.

If you’re a Russian ux engineer who is present in a Russian ux community and you fucking make your form validate on change event and that leads to the situation when a user starts entering their email and your bouba form immediately throws WRONG EMAIL errors, we don’t call you a bouba.

We call you a ебанок (ebanok) — a small, stupid and miserable creature that you can only feel hatred mixed with disgust towards.

This shit is acceptable if you’re an intern making their first shy steps creating their own personal project, but if you push this to production, you’re a ebanok. If you don’t know how to do ux, just use server-side validation or display errors with alerts on submit.

You fucking ebanok.

I was think of using ajax to pass data from javascript to php because of some validation to my multiple checkbox, then before i go home the idea hit me to just use validation in php with some basic variable manipulation and if else, i just wasted 2 hours of searching just to arrived at a basic solution, i think it's much better to think before you code about what you want to do,but when i open my text editor i get distracted a lot.

One of the online education tools my high school used had client-side validation for test answers

As if that wasn't bad enough, the correct answers were literally marked by the CSS class 'correct', meaning that any idiot who could figure out how to open the devtools could see the correct answers

Thankfully, this program was ditched before it was used for anything major

javascript generated captcha and javascript captcha validation in my university website... over hundred thousand students use this website to check results

function ValidCaptcha(){
var string1 = removeSpaces(document.getElementById("AVCODE").value);
var string2 = removeSpaces(document.getElementById("UVCODE").value);
if (string1 == string2){
return true;
}
else{
alert("invalid captcha");
return false;
}
}
function removeSpaces(string){
return string.split(' ').join('');
}

Some hacker went through a lot of trouble to get around a minimum order amount on our site. And they’re still hitting us after Cloudflare issued a bunch of blocks. Well, there are some back doors I have to finish closing. I guess I’m lucky I’m just inheriting this site and I’m not the one who built it. But I’m still unlucky because I have to fix this mess. But damn hacker, why’d you go though all this trouble to get around existing validation. Go find another site to charge $1 amounts and test your stolen credit card info. Pretty please 🥺

WTF?!? so apparently I guy I know, knows the guy who built dodeley.com (don't get me started on the name!)

Oh boy... Where should I begin? So besides the fact that I'm pretty sure these newsletters will be classified as spam (aites like mailchimp and so on actually pay large mail providers not to classify them as spam, I doubt they do...), their so called "widget" is just a form, sent to their domain using GET, FUCKING GET, NOT POST, GET!!! The request looks something like "dodeley.com/?action=subscribe&id=xxx&field1=xxx&..." I mean like, WTF? Oh and their solution to not leave the page is simply to add a target="_blank" to the form, that you have to include on your site.

Did I mention, that the form id is static? Did I mention, that there's no validation on what you enter?

Who the fuck programmed this shit? Honestly!

I was just going to sign up for a new ISP when they asked for my email. But they managed to screw up the email form validation by only allowing domains with the tld comprising of two or three characters! My email address ends with “.blog” so had to use my university email 😠
Please follow the RFC

First real dev project was a calculator for a browser game, that calculates the optimal number/combination of buildings to build. I got bored constantly doing it manually, so I made this program as a fun and useful challenge. It involved basic math, and I did it in VB.

Second one was a stats tracking page for my team in another browser game, that let us easily share and keep track of stuff. It allowed us to minmax our actions and reduced the downtime between actions of different players. HTML, CSS, JS, PHP, MySQL.

Third one was a userscript for the same game that added QoL features and made the game easier to play. JS

Fourth was for the first game, also a QoL feature userscript, that added colors/names, number limit validation to inputs, and optimization calculators built in the interface. It also fixed and improved various UI things. Also had a cheating feature where I could see the line of sight of enemies in the fog of war (lol the dev kept the data on the page even if you couldnt see the enemies on the map), but I didnt use it, it was just fun to code it. JS

From there on, I just continued learning and doing more and more complex shit, and learning new languages.

"Can you look at this bug when inputting negative numbers?"
I check the app and think, "negative numbers don't make sense here".
Sure enough there is validation in place to prevent negative numbers being typed.
Yet they still managed...
By pasting in negative numbers, after being unable to type them, thinking "fuck it I'll paste it instead", then complaining to us because they abused our app.
Seriously.
Fuck.
Off.

User role validation in JavaScript ....

Like user type != 4

😑

My email is just as valid if there is a whitespace at the end of it as if there wasn't.. ffs, just add a trim!

You may know I love to hate tests. Well not the tests actually, what I hate is the TDD culture.

DBMS schema in my app dictates a key can either have a value, or be omitted - it can't be null, and all queries are written with that in mind (also they're checked compile-time against schema). But tester failed to mock schema validation, inserted a bunch of null keys with mock data, actually wrote assertions to check those keys are null (even though they never should be), and wanted me to add "or null" to my "exists" queries.

No, we don't need more tests, and you're not smart with your "edge cases" argument. DBMS and compiler ensure those null values can never exists in our DB, and they're already well tested by their developers. We need you to stop relying on TDD so much you forget about the practical purpose of the code, and to occasionally break from the whole theoretical independent tests to make sure your testing actually aligns with third-party services some code uses.

And no, we don't need more tests to test your mocks, and tests to test those test, and yo dawg, I heard ...

Today when registering myself for a website I was asked to validate my email address. Literally I was sent an email with only "Please verify your email" in the body. So I responded with "ok". Lets see how long it takes for them to realise their mistake.

Not adding input validation to that one page that time.

I knew my users were bad. I knew they'd fuck up. But I trusted the spec I trusted them.

Never again.

It annoys me when restaurants provide an online form for reservations, put in their disclaimer that "no reservation = no table", but when you make the reservation things go wrong.
For starters: their infrastructure not working on weekends (while they are open on weekends), them doing manual instead of automatic validation of a reservation, them not even knowing how to manage their own reservation system (which gives me the idea that they purchased some random reservation software).

I ended end having to call them about my reservation, they had a confused voice at the phone while they were navigating their own reservation software and ended up saying "Yeah ok table is booked, bye". I understand they're stressed out but come on, I don't think this is a modern nor graceful process. If you're boasting about having a reservation form, then at least live up to it. It reminds me of another restaurant where I had made a reservation online and when I got there, they told me "Next time book by phone please, we're not used to our software". For *********** sake.

Bah.

how i declare Coding session of the day to be over : when i see an error about an error that is not an error... :D

(hint: fatal: validation failed but when asked if it passed, returns true... )

TFW looking at the regex for the password validation is easier than trying to decipher wtf they want

Today I implemented a system for storing all errors in a global store in Vue. That means field validation errors, API errors and potential generic errors. It works really well, and displaying an error is as simple as referencing it's source, if any. Flexibility at its finest.

In my experience object oriented is very good for composing high level abstractions into a complete system. Functional is awesome for validation, parsing and massaging data in any way and imperative is tithe most useful paradigm to handle side effect dependent code that either manipulate the computers state ( read/write) or communicate with external systems.

The people acting as if one of them is the one true way are misleading you.

I totally agree... now go tell my client.

Create a html page on paper, a simple form.

That part was easy.

The hard part was to create the ajax submit function with the validation, jquery is ok.

Failed the test because no way i can remember those shit.

That was 6 years ago

nailed it....

*source:* Bored Panda

Me waiting for my neural network model to finish fitting. Omg, what do I need? A computer the size of the enigma machine just FILLED with graphics processors? And my validation accuracy rate is falling as I wait. Imma cry!

context: I'm sort of a self-deprecating guy and I really don't look for validation.

So, i decided to fuck it. I tried to provide the best decisions in terms of money-wise/biz-wise but apparently this guys rather choose what he believes is best for the code... (he knows shit of coding and that's coming from someone who is not a software engineer but rather a physicist who happens to code).
So, now i let him make all decisions. no opinion from me. a few things are going to shit because of him... fuck it. i had it. as long as I get paid. fuck him.

this is probably common... sorry for the rant.

!rant
We were finishing another sprint of our grocery shop site at school and it was time for a demo.
There we are, showing our work before the other students. Our teams have a healthy habit of always checking each other not to leave some stoopid mistakes in the final versions, so everybody always regExes and validates THE SHIT out of every input field, both in the view and on the server side. But this one team found out that sometimes it's not enough.

Like every team, they're asked to buy a negative value from their shop. The guy clicks through the process, buys exactly -1 of a banana. He clicks the button to purchase and the site returned "Added banana to the cart!" and we're like "haha n00bz". But someone asked them to show the cart and everyone stopped immediately.

There were 9999 bananas in the cart.

Turns out the member responsible for purchase validation made it add 10000 if the quantity of a bought product was negative.
To this day I can't understand why he did that. xD

In a helper for a testing environment there was a flag called CheckLayoutConf. The documentation stated: if set checks if the layout configuration is valid and fixes it. I was curious about the validation and fixing mechanisms, so I looked into the code. But if the flag is set, then the layout configuration is just deleted, so in the next start of the program a new default layout configuration is created. Nice "validation" and "fixing" you for there, I thought to myself.

!rant. Story from my college abt 6 months old.

We had to make projects for our course.
One team made a very nice project. One part of that was mobile no. verification using OTP.

And the student who was supposed to to that, did it by sending the required otp to the frontend page, and when user enters it, validate it using javascript.

The prof got mad about it and the rest of the class couldn't stop laughing.

Just remembered. Thought it would be worth sharing.

Stakeholder: We have users who are putting like “John and Mary” on their membership’s first name field. Can we restrict that field so they can’t do that?

Me: But what if that user does identify as “John and Mary”?

Besides, what’s to stop any user from taking out the “and” and making it “John Mary” so they can get around input validation for words like “and”?

Company sends email notifying us we'd need to register for two factor authentication because it would be mandatory for all access to email within a week. However, it had to get manager approval and had a side effect of giving us access to work from home (which my manager hates). So, we send the request to him, explain the situation, he denies it and says "that can't be right! Let's do this: if you do in fact lose access to email, then I'll approve it". Well, we did lose it, and just spent two days without any access to email and it was a huge pain to get the registration process done because one of its steps involved getting a validation code from the email.

When you register to dev rant and write your first rant, only to realise you didn't validate your mail address, and this validation throws you back to the front page, losing your changes

What the hell is wrong with the browser on iOS....
For Christ sakes almost no input attributes work. I have a Sign Up feature that validates passwords with a pattern attribute; doesn't work, required attribute; doesn't work, input type number; doesn't work.
What the fuck is wrong with this thing. Even Internet Explorer knows what those attributes means. Absolute joke now i need to implement it manually. Fuck off apple.

When you realize your professor who programs since the 486 era names all variables as such ad "vd_gr" (Validation date grant renewal), doesn't know what encapsulation is and writes his own cryptography algs, which basically replace one letter by another

**Facepalm

**then I still I have to tolerate all the critics for why I dropped college

Am I the only one here that needs more time to create user friendly and Idiot-save error Messages than writing the whole validation of stuff?

Started doing deep learning.
Me: I guess the training will take 3 days to get about 60% accuracy
Electricity: I dont think so! *Power cut every day lately
My dataset: I dont think so! *Running training only achieve 30% of learning accuracy and 19% of validation accuracy

Project submission: next week
😑😑😑

I had joined a new company and got access to their codebase. They were updating password on MD5 hash of user name and their email in get request. No password validation, no token based authentication, nothing.

Eg
...com/change_password/email=(plainemail)&name= MD5(name)

That's it, you get change user password.

When in an application security talk put on by our cyber security department and one team (not mine) is being chastised for only doing client side validation, another dev asks so at what point can we trust the user? A few people nod and indicate they want an answer, and the speaker, said never, you never trust the user.

I can't believe people can graduate and get a job and keep a development job, especially in a highly government regulated company like where I work

Decided to get myself a new phone as the 2013 model is getting morally obsolete. I can still flash Lineage/Android10 and it will run it. But the apps (e.g. Google Maps) nowadays are such a performance hog it can't cope.
So I've searched through gsmarena, prioritizing smaller phones, picked myself a candidate and had it on my desk after few days.
The 2013 mindset still the same "do the backup before touching the phone in any way". How do you do backup? Unlock bootloader, boot/flash TWRP, run backup.
I've realized only after the unlocking and some googling, that the unlock automatically deletes TA partition and stored DRM keys. So advanced licensed features of the phone are gone. Also there is no way to lock the bootloader again, so I've lost the SafetyNet validation too.

tl;dr: I've fucked up my new phone as a first step after I got it.

I'll try to pay back some smaller credit by one large credit...

Hence I need to contact the banks and get one (!) fucking frigging stupid piece of paper which lists the account number and the amount of money I need to pay back.

Sounds simple ...

Well.

One bank just answered my email request by sending me that piece of paper. Except they didn't have any validation of my identity.

Yes. They answered the request of 'I want to pay back the credit in full, can u send me the necessary documents?' (more formal of course) with confidential data without any more credibility than my email address.

YAY.

Another bank requests a telephone call for identity validation and sending back a signed form via postal service...

Another bank just needs a PDF sent via mail with an electric signature (yeah. They were aware of what that means - I was shocked and confused) or a "qualified signature matching previous documents" (translated from German).

The last one offers a WhatsApp number - send a GIF / JPG or video and we answer directly.

I need to reach a higher state than drunk.

It's not funny to know how confidential data gets mistreated by companies who should have the highest security.

Must be great to be a giant fucking dumbass company raking in more than enough money, that you can't add 40-50 more characters on why your API doesn't like our call.

"Here's an API call with 3 different ways to make a call, we will show you an example for only the easiest method, AND if you get the more complex ways wrong, we'll just respond with an error code 422 with the error message "validation failed".

fuck.

you!!!!!!!!

I don't give a fuck about calling them out:

Its Bexio.

The joy when tools do not have machine parseable output.

I'm looking at you SBT. My favorite pile of poo.

Remove the logging level from each line, then trim the line, then stab around inside the line with regexes, fishing for a possible match which hopefully is right...

Then stripping scala information like the object type, cause yeah...
A line can be for example "[info] Vector(File(...),File(...))" where info is the log level, Vector the wrapping sequence type, File(...) the wrapping element type and the string inside File(...) what yours truly needs.

As this is lot of shitty shabby string stabby stabby, we need to add a fuckton of boiler plate validation cause who knows what we just murdered.

To make it even more fucked up, a multi project project can produce different output for the same key.

:-)

Yeah. So we need to fix that too.

By the way, one can set log output to unbuffered in SBT.

Then the output is in random order :-)

Isn't that fun? Come on, you wanna poke that pile of shit, too.

The SBT plugin way is by the way no alternative, as I need a full Java environment for execution.

Which brings me to the last point:

For fucks sake, writing CLI applications in Java is so much bloody boilerplate code.

There's ugly and then there's the "please kill me" kind of level.

50 lines just to write a basic validation of argc / argv with commons cli.

That's 6 lines in python. Not kidding. :(

I currently hate everything.

Moments where the job sucks: When you have to hotwire two electric cables with high currency by giving both cables the blowjob of your life.

Using Oracle ADF along with ADF Faces to build a simple learning management system. No JavaScript, no external stylesheets, all inline styles, no client side validation, doing form submit for every field's onblur event triggering a server-side validation, creating a VO for every damn page requiring data, creating an EO for every DB table or view, adding big-ass custom queries for most EOs to join on multiple tables, frequent N+1 queries, etc.,

Idont remember the rest of the problems

Mfw on azure/iot conference, one presenter shows his certificate validation, to connect to all devices in his house:

return true;

He said:
"lets not be paranoid about security"

Well at least he added the time....

My Drafts section is looking pretty nice now huh? :)

@dfox is the # of hours between posts now dynamic as well?

And perhaps its time to think about getting outside funding and help. Seems growth is now exponential? and I'm kind of feeling this is like the Facebook/Twitter for Developers.... but prolly not sustainable with just 2 devs who are also footing the bill.

In startup speak I guess validation is over and you have won!

Project with partner company, during the meeting I asked them how can we secure the communication between two services. I suggested api keys, tokens. They were like nope, no need. But I asked them for their IPs to do whitelisting on our side in Nginx.

But their side, nah not even whitelisting, no tokens, no validations. If one has address, can send anything from anywhere.

How hard would it be to do at least, AT LEAST simple token validation. And they are using the very old IIS server. I think for them as long as data flows in as expected, it is fine.

If you use exceptions for your data validation, I hate you. I hate you so much, in fact, that I will become famous. Then I can say to you that a famous person hates you. I will become president and the first executive order I sign will be to make the official policy of the United States that I hate you. I will invent a time machine so that I can go back in time and on every one of your birthdays, past present, and future, look you in the eyes and tell you I hate you. Then I will travel to your death bed and in your final breath I will tell you I hate you. I will change the timeline so that you will celebrate Christmas and believe in Santa and then tell your four year old self that Santa isn't real. I hope your kids never learn how to read, and if they already know how to read I hope they forget how to read and never learn how to read. I hope all of your friends become vegan, atheist, flat earth, crossfitters and insist on regailing you with their life style on your every meeting.

I guess what I'm saying is that I'm having a bad day.

Random opinion question:

I'm working on a thing where the user provides a big CSV and we process it and put it in the database, or update existing records.

This data impacts other things, but the data isn't front and center as a group of n the application for them to notice / see again (well they can query for it).

I'm thinking of taking the CSV and then presenting them with a table showing how we processed that data giving them a chance to review it before they commit it to the database...

I like this idea for two reasons:

1. If something goes sideways there's a chance someone will see it and I'm not sure I can do enough validation on a big ass CSV from god knows where to be sure we're going to process it right... (I'm going to do some validation but just can't cover it all)

2. It takes some of the mystery out of what happened / is happening for the user for.

Anyone try this in the past? Seems reasonable, but lots of things do before they go sideways.

Today I‘ve been investigating a freeze in our app. It took me many hours to narrow it down to the textfield validation regex. And it turned out to be a "catastrophic backtracking" issue.
I‘m a regex noob so I don‘t have a clue how it occurs exactly. But I‘m a bit perplexed about what a seemingly innocent regex can cause.

For me it became another argument against regex now.
I‘ve rewritten the regex into readable code and the freeze is gone.

I could try to fix the regex but… nah. The code is better anyway.

wat?

I am done with .NET and it's bullshit error messages.

"Validation error happened! Please see Entity.Validation.Properties to see what the error is, then consult an oracle, who'll summon a demon who'll answer only three questions . . ."

FUCK OFF and just give me the error. I swear to god exceptions in NET always lead to some stupid fucking scavenger hunt rather than just letting me know what the fuck went wrong. This isn't the first time I've encountered this either, where it tells me there's an error and there's a mountain with a shaman at the top who'll provide me with the details if I can just hire a sherpa who'll help me climb it.

Working for a large client converting paper forms to the web. Stated goals, simplify data entry for clients, improve data quality, reduce resourcing in backend human processing.

We met to review prototype and discuss workflow questions. Crazy deadlines, with the usual changing scope creep.

We start to point out the need for data validation, to shorten # of questions based on answers.

Business says no. All forms should be submittable regardless of what user enters, don’t put validations in because all that warning messaging confuses them and takes up more time.

Web form should behave like the paper copy....

Welcome to 1975!!! This is why 2018 won’t be like 2018...

The website load time is so fucking slow!!
FIX IT!!

And i saw the images they uploaded was a jupiter-sized images.

It's the devs fault for not making validation.

But me, as a designer must help them resize those fucking already uploaded images to be web-friendly.

Let's asume I wan't to use software X. I notice software X is open source.

How do I validate that said software doesn't do shady stuff?

Is there some kind of platform which lists the audits of each software or alerts the internet if shady stuff happens?

I know about alternativeTo.net, where you can find software alternatives with licencing filters. (Which is great btw) but I'm missing proper validation of open source software...

tfw you have matured enough as a developer to look at old legacy code (some of which you contributed to) from a hacked together UI Frankenstein kludge and immediately you notice all the security flaws.

How fortunate there is strong query param validation going on...otherwise this would be a veritable shit storm.

They keep training bigger language models (GPT et al). All the resear4chers appear to be doing this as a first step, and then running self-learning. The way they do this is train a smaller network, using the bigger network as a teacher. Another way of doing this is dropping some parameters and nodes and testing the performance of the network to see if the smaller version performs roughly the same, on the theory that there are some initialization and configurations that start out, just by happenstance, to be efficient (like finding a "winning lottery ticket").

My question is why aren't they running these two procedures *during* training and validation?

If [x] is a good initialization or larger network and [y] is a smaller network, then
after each training and validation, we run it against a potential [y]. If the result is acceptable and [y] is a good substitute, y becomes x, and we repeat the entire procedure.

The idea is not to look to optimize mere training and validation loss, but to bootstrap a sort of meta-loss that exists across the whole span of training, amortizing the loss function.

Anyone seen this in the wild yet?

How we devs hate getting humiliated on stack overflow when we don't get the answer and someone make us feel stupid for even posting the question.
How we also secretly wish for that validation and feel proud when there are more likes on our questions.

No? Just me? Ok cool 👍