Following a conversation with a fellow devRanter this came to my mind ago, happened a year or two ago I think.

Was searching for an online note taking app which also provided open source end to end encryption.

After searching for a while I found something that looked alright (do not remember the URL/site too badly). They used pretty good open source JS crypto libraries so it seemed very good!

Then I noticed that the site itself did NOT ran SSL (putting the https:// in front of the site name resulted in site not found or something similar).

Went to the Q/A section because that's really weird.

Saw the answer to that question:

"Since the notes are end to end encrypted client side anyways, we don't see the point in adding SSL. It's secure enough this way".

😵

I emailed them right away explaing that any party inbetween their server(s) and the browser could do anything with the request (includingt the cryptographic JS code) so they should start going onto SSL very very fast.

Too badly I never received a reply.

People, if you ever work with client side crypto, ALWAYS use SSL. Also with valid certs!

The NSA for example has this thing known as the 'Quantum Insert' attack which they can deploy worldwide which basically is an attack where they detect requests being made to servers and reply quickly with their own version of that code which is very probably backdoored.

This attack cannot be performed if you use SSL! (of course only if they don't have your private keys but lets assume that for now)
Luckily Fox-IT (formerly Dutch cyber security company) wrote a Snort (Intrustion Detection System) module for detecting this attack.

Anyways, Always use SSL if you do anything at all with crypto/sensitive data! Actually, always use it but at the very LEAST really do it when you process the mentioned above!

I swear I work with mentally deranged lunatics.
Dev is/was using TFS's web api to read some config stuff..

Ralph: "Ugh..this is driving me crazy. I've spent all day trying to read this string from TFS and it is not working"
Me: "Um, reading a string from an web api is pretty easy, what's the problem?"
Ralph: "I'm executing the call in a 'using' statement and cannot return the stream."
Me: "Why do you need to return a stream? Return the object you are looking for."
Ralph: "Its not that easy. You can return anything from TFS. All you get back is a stream. Could be XML, JSON, text file, image, anything."
Me: "What are you trying to return?"
Ralph: "XML config. If I use XDoc, the stream works fine, but when I step into each byte from the stream, I the first three bytes have weird characters. I shouldn't have to skip the first three bytes to get the data. I spent maybe 5 hours yesterday digging around the .Net stream readers used in XDoc trying to figure out how it skips the first few bytes."
Me: "Wow...I would have used XDoc and been done and not worried about that other junk."
Ralph: "But I don't know the stream is XML. That's what I need to figure out."
Me: "What is there to figure out? You do know. Its your request. You are requesting a XML config."
Ralph: "No, the request can be anything. What if Sam requests an image? XDoc isn't going to work."
Me: "Is that a use-case? Sam requesting an image?"
Ralph: "Uh..I don't know...he could"
Me: "Sounds like your spending a lot of time doing premature optimization. You know what your accessing TFS for, if it's XML, return XML. If it's an image, return an image. Something new comes along, modify the code to handle it. Eazy peezy."
<boss walks in from a meeting>
Boss: "Whats up guys?"
Ralph: "You know the problem with TFS and not being able to stream the data I had all day yesterday? I finally figured it out. I need to keep this TFS reader simple. I'll start with the XML configs and if we more readers later, we can add them."
Boss: "Oh yea, always start simple and add complexity only when you need it."

Frack...Frack..Frack...you played some victim complaining to anyone who would listen yesterday (which I mostly ignored) about reading data from TFS was this monumental problem no one could solve, then you start complaining to me, I don't fall for the BS, then tell the boss the solution was your idea?

Lunatic or genius? Wally would be proud.

Its so weird working in this company. No onboarding, no micromanaging, noone to track your progress or performance. U can basically do what u want and ask what u want and requests will be fulfilled.

Initially was assigned to a random team and started fixing stuff. I hated the scope so after 2 months in requested to switch teams, request approved.

3 months in realized I lowballed myself during the interview and actually am doing better than half of the team, so I asked for a 43% bump, request approved.

4 months in I realized that I did atleast 100hrs overtime in a month during crunchtime, burned out. Asked for a paid week off to recover, request approved.

5 months in realized that we have many MR's piling up in the team and I could help with approving some of them, but they grant MR approval rights only when u work here for a year or are a decent dev from the get go. Requested for MR approval rights, request approved.

Again it feels so weird working on a big product with 6-7 scrum teams. Its like there is no bullshit, just ask what you need you will get what you asked so you can continue working.

On the other hand its kinda weird to keep asking everything, in other companies a good teamlead/manager shows more initiative takes care of stuff like this without even asking.

I'm getting so fucking tired of frontend development...

I still like part of it, but I really hate CSS, browser compatibility, stupid users, dumb requests from product owners and fucking weird designs. And to top it all, it's the frontend team that handles all the pressure when the deadline comes up and the project's late, even if it was the product/design/whatever phase that took too much time.

Being a frontend developer is very stressful and has so many annoyances and I'm getting sick of it.

My company's been promising giving me some backend work because there are some backend-heavy projects coming up and they know I have the skills, but they just keep giving me frontend work. Also, one of our frontend developers is on leave, which means more work for the rest of us.

Why did I ever decided to do frontend development?

I had a client that used to send emails to detail requests or report bugs on a software.
Now, believe it or not, this was the regular way:
An email with just an introduction and a Word document attached, containing very verbose descriptions (usually not in a human known language) and most importantly, screenshots.
What's so weird about this? Those pictures were captured with printscreen, printed on paper, scanned and then inserted inside the doc 😭😭
Why all this? I don't know, otherwise I wouldn't have posted it as #wk32 ☺

Client asks to point their domain to a new 'squarespace' they just got, then call you bc they cannot access the admin console to their old site and 'it's so weird that all the requests are now going to squarespace !!'

Got demoted, got a pay raise and don't know how to feel about it. A story of how not to drink with your coworkers?

The story begins roughly 8-9 months ago. Me and this coworker (let's name him Tim) go out drinking after a Friday party at the office. We do some rounds and we're both smashed. Tim starts telling me how he's happy with life and that he's earning a nice salary right now. He told me his salary. It was the same as mine. Which was weird - He codes in a more hardcore languages than me and has almost double the time in the company as me. I think after some more drinking I've confessed that I make the same as him. This part is sort of a blur (drinking). I've gotten a pay raise(+30-40%) roughly a few months ago from that point backwards because another company gave be a much higher offer. The company I work for matched to keep me. Anyway, 3 months or so after the drinking,Tim is promoted to team lead, and me and a few other people are added to his team. Conversation slips and he told me his new salary - quite a bit more than me.I think it's safe to assume what happened.

The problem with that is that I was a team lead of 1 person (me) at that time, and I was managing my own time and my own tasks, was working with people individually. I was part of the weekly meetings with the CEO and other team leads. Being stripped of this title wasn't a problem at the beginning, as people still contacted me because of their problems, suggestions, whatever. A few more months pass (to now) and less and less people are contacting me - instead they are talking with Tim, and are asking of his opinion on tasks I should do, where he has no experience and roughly 0 lines in the programming language I code in. This is starting to piss me off.

There are a couple other things to take into consideration as well - The company is hiring a lot of people right now. The whole structure for team leads changed a bit, more team leads then ever right now and new roles added pretty fast.

I've gotten a pay raise a few weeks ago though(10%~).

I'm not sure on how to react to this. Should I comply and just keep on working on these tasks? Or should I still keep contacting people directly on their requests and talk to them directly, take credit for the projects I complete publicly and the stuff I do as I was previously doing? Part of me wants to reroute all of the stupids questions people have to Tim, as he is now responsible for these tasks and get this weight off my shoulders.

I'm starting to shift to learning a new programming language and thinking of jumping ship. Thoughts?

The CTO has admin on the git repo and while we all have to have 2 other people review our pull requests. This guy will just go make a pr and merge it without review. It's not like its perfect code either. I will be going behind him and finding weird shit that he did days later and then go check the git blame. Yup its another one of his had to push it right now without review moments.

So my boss run 2 different companies, the one that hired me and the one that I work for like 40% of the time (through the first one).

This second company is now having a client that's asking for educational qualification for both my boss and me (?)

I mean, even if I didn't study, why would you need that? The product is up and running and works, so wtf do you want?

Sorry, need to vent.

In my current project I'm using two main libraries [slack client and k8s client], both official. And they both suck!

Okay, okay, their code doesn't really suck [apart from k8s severely violating Liskov's principle!]. The sucky part is not really their fault. It's the commonly used 3rd-party library that's fucked up.

Okhttp3

yeah yeah, here come all the booos. Let them all out.

1. In websockets it hard-caps frame size to 16mb w/o an ability to change it. So.. Forget about unchunked file transfers there... What's even worse - they close the websocket if the frame size exceeds that limit. Yep, instead of failing to send it kills the conn.

2. In websockets they are writing data completely async. Without any control handles.. No clue when the write starts, completes or fails. No callbacks, no promises, no nothing other feedback
3. In http requests they are splitting my request into multiple buffers. This fucks up the slack cluent, as I cannot post messages over 4050 chars in size . Thanks to the okhttp these long texts get split into multiple messages. Which effectively fucks up formatting [bold, italic, codeblocks, links,...], as the formatted blocks get torn apart. [didn't investigate this deeper: it's friday evening and it's kotlin, not java, so I saved myself from the trouble of parsing yet unknown syntax]

yes, okhttp is probably a good library for the most of it. Yes, people like it, but hell, these corner cases and weird design decisions drive me mad!

And it's not like I could swap it with anynother lib.. I don't depend on it -- other libs I need do!

We're all on gradle and we had a new guy who started a project with Maven. He also used atom editor for Java/Scala code (even though we had a license for Intellij), and refused to use anything with code completion (or turned it off if there was an option). My boss had to explain basic git branching to him, his pull requests were missing build files, READMEs and he'd check in tons of scripts to run things instead of using maven/gradle.

I just thought he was weird, but I didn't look at his pull requests close enough to realize how bad his code was, until they fired him earlier this week.

Long long time ago when recharge coupons we a thing, I used to try out more codes in the series and waste my time. After failing a lot over this, I started trying out different USSD codes to see what other stuff is out there. This got me to stumble upon facebook and twitter on USSD. I'm not sure now but, twitter was probably *515# from my carrier.

Facebook. I remember chatting for quite a long period using this. Very slow and limited yet, fun. The USSD message expires within ~60secs. so you have to type the chat message before that or you lose everything you typed. The phone was no smartphone that would allow me to copy the text from the USSD input. On top of that panic, was a character limit to these messages. I remember hitting send while being midway through a message just so I don't lose what I typed, on a T-9 keyboard. Still miss those!

The person on the other side would receive a half message due to this, and would start replying without any patience, to which I panicked as now there's a new thing to respond to, and a half message which I'm waiting to complete.

Later over the weekend when I was allowed to visit the cyber cafe for an hour or two with 15-30 INR, reading the chat threads, being able to use the five sticker packs:) and thus continuing on a computer was fun. But, as the time at the cafe expires, I had to immediately shut off my session or I'd be charged more. Thus, I was left in the middle of a conversation again, and had to continue over USSD.

Using social media without any internet like this was quite fun in a weird way. If I get a new message, I'd get a USSD alert, and then an sms if I didn't reply in some 10-15mins!

This had all the features like like and comment. Friend requests too. For the posts in a "timeline" which was new and fancy in those days, all you see is the caption of a post which also gets truncated quite a bit as USSD also has to show it's options like:
1. Like
2. Comment
3. Next Post
4. Main Menu

This was around '13 or '14 I guess. After which I later got my first computer- a laptop. Anyways, the tactile feel of pressing the buttons on a T-9 keypad is nostalgic to me. 😅 And if you were a pro at texting, u must hv used shrtcts lyk dis too w/ emojis lyk :-) <3

Dev: [does some weird code to make test pass]
Me: this won't work. Literally the documentation says what you did won't work once we move towards our end goal architecture.
Dev: [shows middle finger and requests merge and somehow managed to get code merged]
.... One Sprint later nothing works...
Dev: [does some weird code to make test pass]
Me: no. You need to solve underlying problem.
Dev: [shows middle finger and requests merge and somehow managed to get code merged]
.... One Sprint later nothing works...
Me: please stahp
Dev: [shows middle finger and requests merge and somehow managed to get code merged]
Me: WTF man do your fucking job
Scrum Master: stahp lowering our velocity
Me: wut? 😒

For a new microservice we were designing, I recently had a design discussion with a team member on creating REST endpoints for a new entity. This discussion went on for almost 3 hours, most of the time was spent on why to have two endpoints for getting this resource, one is a POST using a graphQL-like query and another one is a GET using unique ID. I said, the client-side use case is different, one is a dashboard where search results need to be shown based on multiple fields and the unique ID won't be available there because it is a system generated value, second one will be used when the unique ID is present in the client as a result of previous search result. Their responses will be similar, first returns a list of entities, second returns a single entity of the same structure.

Then came the next argument: if both APIs are returning same response, why do we need two different requests ?

It was like saying, because 5+6=11, any sum of two numbers resulting in 11 should always use 5 & 6.

Are people so frustrated of working remotely all the time that they come with such weird arguments ?

Okay, so I'm developing a system for a global rent-a-car broker. Basically website + a bunch of third party APIs + analytics, it's been running in production for over 4 years now.

Anyway, we had to connect our system to an external rental insurance API, nothing too complicated, got it to production in a month and it seemed to work okay, except the insurance provider claimed they're not getting any analytics data, which was weird, because there were no errors with API calls, and customers had no problem with the insurance.

After going back and forth for a month, we finally figured what's going on: after each API request, the insurance provider expected us to send the exact same data to their analytics API, because for whatever dumb reason they were unable to internally log requests in their analytics database.

tl;dr: we're doing 2 API calls with the exact same data to different endpoints, because a large rent-a-car insurance provider can't log their own analytics data.

One of my favorite parts of my job is that I’m not allowed to resolve firewall issues myself. IT ops frequently breaks my firewall config, preventing me from resolving any domain names or running dns queries in general even though I still have connectivity. So I call the support number. Remote Desktop icon appears in the corner of my screen.

“Hi I have connectivity but can’t resolve any domain names”
“Have you tried using your browser, maybe they just block pings”
“Well no because I can ping 8.8.8.8, see?”
“Hmm well have you tried from your browser?”
“Yes.”
“Maybe it’s just an issue with ping traffic”
“Well no because I’m not having issues with icmp traffic. I can still ping 8.8.8.8, see?”
“Hmm that’s weird”
*opens network config, renews dhcp lease*
“But I don’t think that’s relat...”
“I know!”
*opens my command prompt, flushes dns cache*
“But if this were a cache issue the requests wouldn’t take so long to tim...”
“I know.”
(Starting to think he doesn’t know)
“I’ll pass this on to the networking guys”
“Thanks”

Third time this has happened. Every time they claim they didn’t change anything and it fixed itself. Obviously this is not the case, because after networking guys “don’t change anything” it starts working again. Every time they talk to me like I have the technical prowess of an HR rep. Like somehow I’m the only software engineer in the world that doesn’t know what the ping command does.

I’m not upset though. They’re just giving me a great excuse to be completely unproductive on a Monday

#Suphle Rant 3: Road to PHP8, Flow travails

Some primer: Flows is a feature that causes the framework to bypass handling the request now but read it from cache. This cache entry is meant to be populated without warming, based on the preceding request. It's sort of like prefetching but done on the back end

While building Suphle, I made some notes on some chapters about caveats and gotchas I may forget while documenting. One such note was that when users make the Flow request, the framework will attempt to determine who user is, using authentication mechanism defined on the first module (of the modular monolith)

Now, I got to this point during documentation and started wondering whether it's impossible for the originating request to have used a different authentication mechanism, which would result in an empty entry for returning user. I *think* it's possible cuz I've got something else called "route mirroring", where web based routes can be converted to API routes. They'll then return JSON, get served under defined API path, use JWT, all automatically. But I just couldn't connect the dots for the life of me, regarding how any of this could impact authentication on the Flow request

While trying to figure out how to write the test for this or whether it was even necessary (since I had no use case), it struck me that since Flow requests are not triggered by an actual user, any code attempting to read authenticated user will see nothing!

I HATE it when I realize there's ambiguity or an oversight, after the amount of attention and suffering devoted. This, along with a chain of personal troubles set off despondency for a couple of days. No appetite for food or talk. Grudgingly refactored in this update over some days. Wrote some tests, not all passed. More pain. May have to convert them to unit tests

For clarity, my expectation is, I built this. Nothing should be impossible for me

Surprisingly, I caught a somewhat lucky break –an ex colleague referred me to the 1st gig I'm getting in 1+ year. It's about writing a plugin for some obscure forum software. I'm not too excited cuz it's poorly documented and I'll have to do a lot of groping, they use arrays instead of objects etc. There's no guarantee I'll find how to implement all client's requirements

While brooding last night, surfing the PHP subreddit, stumbled on a post about using Rector to downgrade a codebase. I've always been interested in the reverse but didn't have any incentive to fret over it. Randomly googled and saw a post promising a codebase can be upgraded with 3 commands in 5 minutes to PHP 8. Piqued my interest around 12:something AM. Stayed up all night upgrading it, replacing PHPSTAN with Psalm, initializing the guy's project, merging Flow auth with master etc. I think it may have taken 5 minutes without the challenge of getting local dev environment to PHP 8

My mood is much lighter than it was, although the battle is not won yet –image tests are failing. For some weird reason, PHP8 can't read generated test images. Hope I can ride on that newfound lease on life to study the forum and get the features working

I have some other rant but this is already a lot to digest in one sitting. See you in rant #4

I'm having a weird time with my current project.There are many companies involved and we are several teams coordinating with each other. My team was initially very large, for various reasons we were divided into smaller groups and I must say that the transition has been catastrophic.

We are doing SCRUM…sort of. The customer assigns the tasks to be completed at the end of the sprint, the story points are given without full understanding of the implementation and the deadlines are tights. I always find myself rushing to the release day with code that isn't production-ready but since the customer requests it and there's no objection among my superiors (please note, i tell them the deadline is tight) I gotta rush to deliver.

The customer doesn't know what he wants, but if he does know the deadline is unreasonable, or if he has just an idea of what he wants he still demands it... somehow without specifying what kind of implementations is expecting.

The current senior project developer takes everything (any task) as an emergency, it's never possible to defer to the next sprint, it's quite demeaning.

And I'm here wondering if maybe I've missed something, if the project simply lacks method and coordination, if I have more responsibility than I think, if my project leadership is too absent but I know one thing, at the moment I'm in anxiety about the current sprint due date because there is a task that will take longer than expected.

Any advice?

My team is pretty small right now. It's myself and two other guys. One lead, who's been here for five years. A senior who we brought on 2 weeks ago. And me, a regular app dev. The lead put his two weeks in last week and has been trying to brain dump as much as he can onto us.

I've been building a list of prioritization to compensate for when he leaves based on what he was saying was the most important. This list has gotten pretty massive after reviewing most of the processes in place.

I was hired mainly to quell new requests coming in and not to maintain our systems, so that's what I did. I didn't examine our prod code base too closely. I wish I had. It's in a sorry state. I'm pretty sure I have about 2 years of tech debt for a crew of two guys constantly working on it.

I've been trying to prioritize based on what gets the most bug fixes and change requests. These apps will see the biggest changes and will undergo the most maintenance.

Since I'm just a regular app dev it feels weird trying to come up with this and try to prioritize this and come up with a plan. It feels like someone else should have. If it needs done then I guess it needs done. I need to be able to collaborate and work with my co worker and be able to plan for what projects are coming next.

If anyone has any suggestions to tackle tech debt please make them. Or if there's any help for managing priorities in a different manner that may prove helpful I'm open. Honestly, I don't want to tackle this completely blind, it feels like a lot.

Some random weird shit is happening with my Facebook account, I'm getting 2 - 3 new friend requests per hour and I'm not even a celebrity yet, or am I? But seriously what the fuck is that shit, I don't know half the people adding me up and they either have just a profile photo and two posts or are just totally inactive.

God.

God..

Remember that time I said I was lonely and wanted a new clique of friends? I wasn't asking for anything like this.

This is just so fucking annoying and if I get one more of these requests I'll be deactivating this account forever.

*angry faced emoji goes here*