A "support" guy my boss got in. I had told my boss numerous times, "Get rid of this guy, he's only wasting our time and money. And he's going to end up doing something where we will end up having to put out the fires."

Sure as a pair of nuts on a squirrel, this crazy bastard goes and DELETES a client's database. Yes folks, in fucking production. A live database. The heart of the business' transactions are... *poof*... GONE!!!

No backups for the day! No synchronisation beforehand! No nothing... just GONE!!! Fucking flat-lining!

Well, when I realised what he has done, I had to remove myself from the room before shit got outta hand!

I told the boss man that is the last straw and he needs to go...

The long and short of it...
- The client had luckily only lost about half a days data.
- I'm no longer at the company.
- This dumb fuck still is.

My biggest dev blunder. I haven't told a single soul about this, until now.

👻👻👻👻👻👻

So, I was working as a full stack dev at a small consulting company. By this time I had about 3 years of experience and started to get pretty comfortable with my tools and the systems I worked with.

I was the person in charge of a system dealing with interactions between people in different roles. Some of this data could be sensitive in nature and users had a legal right to have data permanently removed from our system. In this case it meant remoting into the production database server and manually issuing DELETE statements against the db. Ugh.

As soon as my brain finishes processing the request to venture into that binary minefield and perform rocket surgery on that cursed database my sympathetic nervous system goes into high alert, palms sweaty. Mom's spaghetti.

Alright. Let's do this the safe way. I write the statements needed and do a test run on my machine. Works like a charm 😎

Time to get this over with. I remote into the server. I paste the code into Microsoft SQL Server Management Studio. I read through the code again and again and again. It's solid. I hit run.

....

Wait. I ran it?

....

With the IDs from my local run?

...

I stare at the confirmation message: "Nice job dude, you just deleted some stuff. Cool. See ya. - Your old pal SQL Server".

What did I just delete? What ramifications will this have? Am I sweating? My life is over. Fuck! Think, think, think.

You're a professional. Handle it like one, goddammit.

I think about doing a rollback but the server dudes are even more incompetent than me and we'd lose all the transactions that occurred after my little slip. No, that won't fly.

I do the only sensible thing: I run the statements again with the correct IDs, disconnect my remote session, and BOTTLE THAT SHIT UP FOREVER.

I tell no one. The next few days I await some kind of bug report or maybe a SWAT team. Days pass. Nothing. My anxiety slowly dissipates. That fateful day fades into oblivion and I feel confident my secret will die with me. Cool ¯\_(ツ)_/¯

Hello again, everyone. I've been busy with all the paperwork at my ship (will make a post about it later) but for now, I'll bore you with another story (not navy one, fortunately) to justify my slacking off.
And this story... is the story on how I got into ITSec. And it is pretty damn embarrassing. It all began when I was 16. I was hooked on battleknight.gameforge.com, a browser game. My father had just had ADSL installed at our home, and the new opportunities before me were endless. Well...
After I've had my fill with the porn torrents and them opportunities dwindled to just a few dozens, I began searching for free games, and I stumbled on that game. I played a lot, but as a free-to-play game, it was also pay-to-win. I didn't have a credit card, so I paid for a few gems with SMS messages. Fast forward a couple of years, I got into the Naval Academy. A guy came in to advertise something (I think it was an encyclopaedia or something - yes, wikipedia wasn't a thing back then) and to pay for it, we could apply for a credit card. So I applied. And I resisted the temptation for a year.
Note: prepaid wasn't that known where I live, so using credit cards was the only way for online transactions.
So I made 1 transaction. Just one. After a couple of months my monthly report from the bank came, showing a 2.5$ (I think) transaction on Paypal. I paid no mind, thinking that it was some hidden fee. Oh boy, I shit you not, I was THAT much of an idiot. Six months later, BOOM!
600$ transaction to ebay via paypal. You can imagine all those nice things that came to my mind. In any case, the bank accepted my protest that I filed at their central offices and cancelled the transaction. I promptly cancelled my card, destroyed it right there for good measure, and got to thinking... what the fuck just happened?
As many people here, I am afflicted with a deadly virus, called curiosity. I started researching the matter, trying to figure out how. And, because I didn't like black boxes and "it is just like it is" explanations, I tumbled down the rabbit hole of ITSec. I soon found out that, not only it was possible, but also it was sometimes EXTREMELY easy to steal credit card info. There are sites, to this very day, that store user info (along with credit cards info) IN FUCKING CLEARTEXT. Sometimes your personal, financial and even medical info are just an SQLi away.
So, I got very disillusioned on many things. But I never regretted it. It may cause me to age prematurely and will kill me of stroke or heart attack one day, but as I still tumble down the ITSec rabbit hole, I can say with confidence that
I REGRET NOTHING
Plus, my 600$ were returned, so look on the bright side :)

I was on vacation when my employer’s new fiscal year started. My manager let me take vacation because it’s not like anything critical was going to happen. Well, joke was on us because we didn’t foresee the stupidity of others…

I had to update a few product codes in the website’s web config and deploy those changes. I was only going to be logged in for 30 minutes to complete that.

I get messaged by one of our database admins. He was doing testing and was unable to complete a payment on the website. That was strange. There was a change pushed by our offsite dev agency, but that was all frontend changes (just updating text) and wouldn’t affect payments.

We don’t want to enlist the dev agency for debugging work, especially when it’s not likely that it’s a code issue. But I was on vacation and I couldn’t stay online past the time I had budgeted for. So my employer enlists the dev agency for help. It’s going to be costly because the agency is in Lithuania, it was past their business hours, and it was emergency support.

Dev agency looks at error logs. There are Apple Pay errors, but that doesn’t explain why non Apple Pay transactions aren’t going through. They roll back my deployment and theirs, but no change. They tell my employer to contact our payment processor.

My manager and the Product Manager contact Payroll, who is the stakeholder for our payment gateways. Payroll contacts our payment gateway and finds out a service called Decision Manager was recently configured for our account. Decision Manager was declining all payments. Payroll was not the person who had Decision Manager installed and our account using this service was news to her.

Payroll works with our payment processor to get payments working again. The damage is pretty severe. Online payments were down for at least 12 hours. Our call center had logged reports from customers the night before.

At our post mortem, we had to find out who ok’d Decision Manager without telling anyone. Luckily, it was quick work. The first stakeholder up was for the Fundraising Dept. She said it wasn’t her or anyone on her team. Our VP of Analytics broke it to her that our payment processor gave us the name of the person who ok’d Decision Manager and it was someone on the Fundraising team. Fundraising then starts backtracking and says that oh yes she knew about it but transactions were still working after the Decision Manager had been configured. WTAF.

Everyone is dumbfounded by this. How could you make a big change to our payment processor and not tell anyone? How did our payment processor allow you to make this change when you’re not the account admin (you’re just a user)?

Our company head had to give an awkward speech about communication and how it’s important. The web team can’t figure out issues if you don’t tell us what you did. The company head was pissed because it was a shitty way to start off the new fiscal year. Our bill for the dev agency must have been over $1000 for debugging work that wasn’t helpful.

Amazingly, no one was fired.

I've found and fixed any kind of "bad bug" I can think of over my career from allowing negative financial transfers to weird platform specific behaviour, here are a few of the more interesting ones that come to mind...

#1 - Most expensive lesson learned

Almost 10 years ago (while learning to code) I wrote a loyalty card system that ended up going national. Fast forward 2 years and by some miracle the system still worked and had services running on 500+ POS servers in large retail stores uploading thousands of transactions each second - due to this increased traffic to stay ahead of any trouble we decided to add a loadbalancer to our backend.

This was simply a matter of re-assigning the IP and would cause 10-15 minutes of downtime (for the first time ever), we made the switch and everything seemed perfect. Too perfect...

After 10 minutes every phone in the office started going beserk - calls where coming in about store servers irreparably crashing all over the country taking all the tills offline and forcing them to close doors midday. It was bad and we couldn't conceive how it could possibly be us or our software to blame.

Turns out we made the local service write any web service errors to a log file upon failure for debugging purposes before retrying - a perfectly sensible thing to do if I hadn't forgotten to check the size of or clear the log file. In about 15 minutes of downtime each stores error log proceeded to grow and consume every available byte of HD space before crashing windows.

#2 - Hardest to find

This was a true "Nessie" bug.. We had a single codebase powering a few hundred sites. Every now and then at some point the web server would spontaneously die and vommit a bunch of sql statements and sensitive data back to the user causing huge concern but I could never remotely replicate the behaviour - until 4 years later it happened to one of our support staff and I could pull out their network & session info.

Turns out years back when the server was first setup each domain was added as an individual "Site" on IIS but shared the same root directory and hence the same session path. It would have remained unnoticed if we had not grown but as our traffic increased ever so often 2 users of different sites would end up sharing a session id causing the server to promptly implode on itself.

#3 - Most elegant fix

Same bastard IIS server as #2. Codebase was the most unsecure unstable travesty I've ever worked with - sql injection vuns in EVERY URL, sql statements stored in COOKIES... this thing was irreparably fucked up but had to stay online until it could be replaced. Basically every other day it got hit by bots ended up sending bluepill spam or mining shitcoin and I would simply delete the instance and recreate it in a semi un-compromised state which was an acceptable solution for the business for uptime... until we we're DDOS'ed for 5 days straight.

My hands were tied and there was no way to mitigate it except for stopping individual sites as they came under attack and starting them after it subsided... (for some reason they seemed to be targeting by domain instead of ip). After 3 days of doing this manually I was given the go ahead to use any resources necessary to make it stop and especially since it was IIS6 I had no fucking clue where to start.

So I stuck to what I knew and deployed a $5 vm running an Nginx reverse proxy with heavy caching and rate limiting linked to a custom fail2ban plugin in in front of the insecure server. The attacks died instantly, the server sped up 10x and was never compromised by bots again (presumably since they got back a linux user agent). To this day I marvel at this miracle $5 fix.

User: I need you to extract all the invoice data for us.

Me: What invoice data in particular, what are filters you require. This is a massive database with millions of transactions.

User: JUST EXTRACT THE TABLE!

Me: Right.....(this is a database with 3000+ tables and hundreds of joins)

Dogecoin hit USD $0.40 recently, which means it's time for the Crypto Rant.

TL;DR: Dogecoin is shit and is logically guaranteed to eventually fall unless it is fundamentally changed.

===========================

If you know how Crypto works under the hood, you can skip to the next section. If you don't, here's the general xyz-coin formula:

Money is sent via transactions, which are validated by *anybody*.

Since transactions are validated by anybody, the system needs to make sure you're not fucking it up on purpose.

The current idea (that most coins use today) is called proof-of-work. In short, you're given an extremely difficult task, and the general idea is you wouldn't be willing to do that work if you were just going to fuck up the system.

For validating these transactions, you are rewarded twofold:

1) You are given a fixed-size prize of the currency from the system itself. This is how new currency is introduced, or "minted" if you prefer.
2) You are given variable-size and user-determined prize called "transaction fees", but it could be more accurately called a "bribe" since it's sole purpose is to entice miners to add YOUR transaction to their block.

This system of validation and reward is called mining.

===========================

This smaller section compares the design o f BTC to Dogecoin - which will lead to my final argument

In BTC, the time between blocks (chunks of data which record transactions and are added to the chain, hence blockchain) is ten minutes. Every ten minutes, BTC transactions are validated and new Bitcoins are born.

In Dogecoin, the time between blocks is only one minute. In Theory, this means that mining Dogecoin is about ten times easier, because the system expects you to be able to solve the proof of work in an average of one minute.

The huge difference between BTC and Doge is the block reward (Fixed amount; new coins minted). The block reward for BTC is somewhat complicated compared to Doge: It started as 50 BTC per block and every 4 years it is halved ("the great halving"). Right now it's 6.25 BTC per block. Soon, the block reward will be almost nothing until BTC hits it's max of 21 million bitcoins "minted".

Dogecoin reward is 10,000 coins per block. And it will be that way for the end of time - no maximum, no great halving. And remember, for every 1 BTC block mined, 10 Doge blocks are mined.

===========================

Bitcoin and Dogecoin are now the two most popular coins in pop culture. What makes me angry is the widespread misunderstanding of the differences between the two. It is likely that most investors buy Dogecoin thinking they're getting in "early" because it's so cheap. They think it's cheap because it isn't as popular as Bitcoin yet. They're wrong. It's cheap because of what's outlined in section two of this rant.

Dogecoin is actually not very far off Bitcoin. Do the math: there's a bit over 100 billion Dogecoin in circulation (130b). There's about 20 million BTC. Calculate their total CURRENT values:

130b * $0.40 = 52b
20m * $60k = 1.2t

...and Doge is rising much, much faster than BTC because of the aforementioned lack of understanding.

The most common thing I hear about Doge is that "nobody expects it to reach Bitcoin levels" (referring to being worth 60k a fucking coin). They don't realize that if Doge gets to be worth just $10 a coin, it will not just reach Bitcoin levels but overtake Bitcoin in value ($1.3T).

===========================

It's worth highlighting that Dogecoin is literally designed to fail. Since it lacks a cap on new coins being introduced, it's just simple math that no matter how much Doge rises, it will eventually be worthless. And it won't take centuries, remember that 100k new Doge are mined EVERY TEN MINUTES. 1,440 minutes in a day * 10K per minute is 14.4 million new coins per day. That's damn near every Bitcoin to ever exist mined every day in Dogecoin

Yknow, I want to make an android app that I have in my mind for about half a year now and I already tried twice, both with Kotlin and with Java but everytime I try it's just pain and suffering and frustration...

No it's not because of the language, I like Java and I like Kotlin too and I'd say I'm at least decent at Kotlin and really good in Java...

No no.. the issue is the fucking Android SDK and the mix-and-match documentation available online!!!

Every fucking time I want to implement some sort of UI element, user action or a background service and I start googling how to do it It comes with with at least 3 different stack overflow solutions, all of them saying "that way of doing it is deprecated, instead you should X" and looking up the OFFICIAL FUCKING DOCS it will just make me roll up in the corner and cry because of how fucking inconsistent it is and the retarded domain language it uses... fucking transactions for fucking fragments inside fucking activities... because I guess the word "screen"/"view"/"template" or something similar natural just was too mainstream for the all knowing alphabet soup that google is...

And then you start looking up what the fucking difference even is and how to code it up only to find out there's at least 12 other opinions on how fragments should be used and what should be an activity and what should be a damn fragment...

But that's not all, that's just the base... I get a headache even thinking about how the fucking inflating of templates and the entire R. notation works. You want to open a fucking tiny corner menu with the settings options? WELL THEN YOU FUCKING BETTER REMEMBER TO IMPLEMENT IT THROUGH SOME SORT OF EVENT AND INFLATE THE MENU YOURSELF EVEN THOUGH ITS THE SAME FUCKING THING WITH STATIC STRINGS...

AND WHY THE FUCK DO I NEED LIKE 4 NEW FILES TO IMPLEMENT A FUCKING LISTVIEW...
also talking about ListViews... what was wrong with "ListView"... Why do we need a "RecyclerView"... oh right... because the fucks fucked the fuck up and all the legacy components were designed by a monkey and are next to useless! SO WE NEEDED A NEW NAME FOR THE FIXED VERSION, CANT NAME IT LISTVIEW AGAIN... FUCK YOU...

honestly... if I got a dolar for every "what the fuck android" I said during trying to understand that mess I'd be richer by a few hundred...

oh oh oh, but you know what? You don't like the android SDK? that's fine, you can use fucking React or Flutter or something... yeah.. because instead of torturing myself with the android SDK I want to torture myself with an abstraction of the same SDK and JavaScript as the fucking cherry on top... HAVE YOU FUCKING SEEN THE CODE FLUTTER SHOWS ON THEIR WEBSITE AS THE "Introduction" ?!!!

Look at this piece of shit:

[code in attached image, we could really use a proper Markdown support at least for rants]

THAT'S NOT EVEN THE ENTIRE THING, THAT'S JUST THE *REALLY* UGLY PART...

The fucking nesting... What is it with JS and all the fucking nesting everytime?! It looks like shit.... It reads like shit as well...

WHY, in the name OF FUCK, IS THERE MORE THAN 5 ANDROID FRAMEWORKS and ALL of them... used this FUCKING NOVEL idea of programming using A FUCKING BRACKET WALL

It always looks like:
(code(code[code{code(code{code()})}]));

If I wanted to make a fucking app or a website using fucking Haskell I'd do that.... at this point reading assembly code feels like heaven compared to this retardation... Why is this so popular?! WHAT DO YOU PEOPLE SEE IN IT?! Clearly it's not the aesthetics... it looks like a fucking frog vomit running down an emus leg, fuck that.... I don't even hate classic JavaScript, it's a good enough language and it does what I tell it to... but these ugly fucking frameworks like react, angular and whatever else uses this fucking format can go fuck right off. This is not the way JS is gonna get a better name for itself...

So:
Fuck Google

Fuck the marionette that designed the Android SDK

Fuck the Hellspawn the came up with the "functional-like" way of using JavaScript

Fuck everyone that thinks "JavaScript everywhere" is a good thing

And deeply future-fuck everyone that makes a new framework following any of these standards, stucks a .js at the end of the name and releases his hairball.js of an invention into the fucking world....

It's a mess... fuck everything android related...

Boss: So what are your biggest achievements for this year?
Me: mmm, probably not killing myself
Boss: .....
Me: I meant I reduced the number of fraudulent transactions in our service by adding machine learning to flag suspicious transaction
Boss: Yeah, you should've start with that
Me: .....

this just happened a few seconds ago and I am just laughing at the pathetic site that is Facebook. xD
4 years ago:
So I was quite a noobie gamer/hacker(sort of) back then and i had a habit of having multiple gmail/fb accounts, just for gaming, like accounts through which i can log in all at once in the same poker room, so 4/5 players in the game are me, or just some multiple accounts for clash of clans for donations.
I had 7-8 accounts back then. one had a name that translated to "may the dead remain in peace "@yahoomail.com . it was linked to fb using same initials. after sometime only this and 2 of my main accs were all i cared about.even today when i feel like playing, i sometimes use those accs.

2 years ago.
My dad is a simple man and was quite naive to modern techs and used to hang around with physical button nokia phones.But we had a business change, my father was now in a partnership in a restaurant where his daily work included a lot of sitting job and and casual working. So he bought a smartphone for some time pass.
He now wanted to download apps and me to teach him.I tried a lot to get him his own acc, but he couldn't remember his login credentials.
so at the end i added one of my own fake ID's(maythedead...) so he could install from playstore, watch vids on youtube and whatever.

The Actual Adventure starts now
Today, 1 hour ago:
I had completely forgot about this incident, since my parents are now quite modern in terms of tech.
But today out of nowhere i recieved an email that someone has JUST CHAINGED MY FB PASSWORD FOR ONE OF MY FAKE ACCS!?!??
what the hell, i know it was just a useless acc and i never even check my fb from any acc these days, but if someone could login into that acc, its not very difficult to track my main accs, id's, etc so i immediately opened this fb security portal and that's where the stupidity starts:

1)To recover your account they FUCKIN ASKS FOR A PHYSICAL ID. yeah, no email, no security question you have to scan your driving license or passport to get back to your account.And where would I get a license for some person named "may the dead remain in peace"? i simply went back.
2) tried another hack that i thought that will work.Closed fb help page, opened fb again , tried to login with my old credentials, it says" old password has been changed,please enter new password", i click forget password and they send an otp. i thought yes i won, because the number and recover mail id was mine only so i received it.
when i added the otp, i was first sent to a password change page (woohoo, i really won! :)) but then it sends me again to the same fuckin physical id verification page.FFFFFFFFFuck

3)I was sad and terrified that i got hacked.But 10 mins later a mail comes ,"Your Facebook password was reset using the email address on Tuesday, April 10, 2018 at 8:24pm (UTC+05:30)."
I tried clicking the links attached, hoping that the password i changed(point<2>) has actually done something to account.NADA, the account still needs a physical license to open:/

4) lost, i just login to my main account and lookup for my lost fake account. the fun part:my account has the display pic of my father?!!?!
So apparently, my father wanted to try facebook, he used the fake account i gave him to create one, fb showed him that this id already has an fb account attached to it and he accidently changed my password.MY FATHER WAS THE HACKER THE WHOLE TIME xD.
but response from fb?" well sir, if you want your virtually shitty account back , you first will have to provide us with all details of your bank transactions or your voter id card, maybe trump will like it"

Wow so much hate for WordPress. Le me to the rescue 💀

Yes WP is bloated and crappy and full of security issues etc etc. Agreed. That doesn't mean it is useless though.

It is alright to use for someone who is not really good with web, someone who just needs a blog, someone who just needs a home page, about page and contact form with a possibility of updating photo and text once or two times a month.

It is not suitable for e-commerce nor lots of transactions/forms involving websites.

As long as you know what kind of horse/vehicle you are on, you won't end up in the dirt.

Am i whiny or is resilience so glorified in this field?

I am a junior developer. I was assigned with two projects together with a friend and a senior. My friend and I finished our assigned tasks way before the deadline. Fast forward, my senior got reassigned to a different project since we are lacking with manpower. Naturally, his transactions were assigned to me and my friend. And my goodness, his existing codes are a piece of shit! It's all over the place. His variable naming is shit, his codes are all around the place, his codes doesn't even follow our company's coding standards, no try catch, a lot of unsafe practices. In short, cleaning his code is a pain in the ass and my friend and I got really busy with cleaning his mess. The testing of our system is really near but I just thought that maybe he's really busy with the other project that's why the quality of his codes deteriorated.

He's not. One day, I saw his in discord that he's playing during work hours lol. And the worse part is that he is playing with our boss! YES. DURING WORK HOURS. I got mad but I couldn't say anything because he is really tight with the boss.

Later on that day, we had our meeting. I was surprised when my boss told me that she's expecting that the excel part of our system is already finished. A little background here, my boss asked me to study Excel VB. However, I didnt get to study that much because I was so busy fixing bugs and after that came the cleaning of our senior's shit codes.

So I tried to say these things to my boss but I was cut out by the same senior shouting "You can do it!" over and over again. No one listened to what I was trying to say! And to make it even worse, the boss had a very proud look on her face and she even had the audacity to tell me that I'm lucky I have such a good support system. I dont.

Now, the company is planning to put me in a very demanding project. I havent finished cleaning up my senior's codes, I havent started anything with the excel and the deadline is next week!

The boss told me that even if I enter the other project, that I will still be responsible for the Excel part of our system. So fucking shoot me in the face.They were telling me that I should have a good time management system, that I should be flexible, that I should adapt easily, yada yada yada. She just makes you feel bad about yourself if you're not as 'flexible' as her.

The thing is, even if I have the best time management techniques in the world, if you bombard me with a shitload of tasks, then I won't be able to do it properly! I don't even take breaks anymore! I work literally 8 hours a day, even more than that. And I dont understand, why the hell is she overworking me when her friend (the senior dev) is just playing during work hours?

Another funniest thing is that she told us that when we encounter technical problems, we should ask our senior dev. Oh boy, if only she knows how shitty his codes are.

"Our supplier asks that you double the number of php child processes for this fpm pool"

"Are you aware, that that would lead to about 100% of memory overcommit, taken the current limit of 128MB/child, and that if a lot of them started at once, the system would probably go for OOM-Kill, which would most probably kill your database, that still runs on 100% MyISAM tables that do not support transactions, and you'd have to kiss your data integrity goodbye, right?"

"Uh... Nevermind then"

I get that some people are not IT-versed, but really... Hire someone who knows what they are doing and doesn't live 20 years in the past, god damn it!

Allright, so now I have to extend a brand new application, released to LIVE just weeks ago by devs at out client's company. This application is advertised as very well structured, easy to work on, µservices-based masterpiece.

Well either I lack a loooot of xp to understand the "µservices", "easy to work on" and "well structured" parts in this app or I'm really underpaid to deal with all of this...

- part of business logic is implemented in controllers. Good luck reusing it w/o bringing up all the mappings...
- magic numbers every-fucking-where... I tried adding some constants to make it at least a tiny bit more configurable... I was yelled at by the lead dev of the app for this later.
- crud-only subservices (wrapped by facade-like services, but still.. CRUD (sub)services? Then what's a repository for...?). As a result devs didn't have a place where they could write business logic. So business logic is now in: controllers (also responsible for mapping), helpers (also application layer; used by controllers; using services).
- no transactions wrapping several actions, like removing item from CURRENT table first and then recreating it in HISTORY table. No rollback/recovery mechanism in service layers if things go South.
- no clean-code. One can easily find lines (streams) 400+ cols long.
- no encapsulation. Object fields are accessed directly
- Controllers, once get result from Services (i.e. Facade), must have a tree of: if (result instanceof SomeService.SomeSubservice1.Item1) {...} else if (result instanceof SomeService.SomeSubservice2.Item4) {...} etc. to build a proper DTO. IMO this is not a way to make abstraction - application should NOT know services' internals.
- µservices use different tables (hats off for this one!) but their records must have the same IDs. E.g. if I order a burger and coke - there are 2 order items in my order #442. When I make a payment I create an invoice which must have an id #442. And I'm talking about data layer, not service or application (dto)! Shouldn't µservices be loosely coupled and be able to serve independently...? What happens if I reuse InvoiceµService in some other app?

What are your thoughts?

When the CTO/CEO of your "startup" is always AFK and it takes weeks to get anything approved by them (or even secure a meeting with them) and they have almost-exclusive access to production and the admin account for all third party services.

Want to create a new messaging channel? Too bad! What about a new repository for that cool idea you had, or that new microservice you're expected to build. Expect to be blocked for at least a week.

When they also hold themselves solely responsible for security and operations, they've built their own proprietary framework that handles all the authentication, database models and microservice communications.

Speaking of which, there's more than six microservices per developer!

Oh there's a bug or limitation in the framework? Too bad. It's a black box that nobody else in the company can touch. Good luck with the two week lead time on getting anything changed there. Oh and there's no dedicated issue tracker. Have you heard of email?

When the systems and processes in place were designed for "consistency" and "scalability" in mind you can be certain that everything is consistently broken at scale. Each microservice offers:

1. Anemic & non-idempotent CRUD APIs (Can't believe it's not a Database Table™) because the consumer should do all the work.
2. Race Conditions, because transactions are "not portable" (but not to worry, all the code is written as if it were running single threaded on a single machine).
3. Fault Intolerance, just a single failure in a chain of layered microservice calls will leave the requested operation in a partially applied and corrupted state. Ger ready for manual intervention.
4. Completely Redundant Documentation, our web documentation is automatically generated and is always of the form //[FieldName] of the [ObjectName].
5. Happy Path Support, only the intended use cases and fields work, we added a bunch of others because YouAreGoingToNeedIt™ but it won't work when you do need it. The only record of this happy path is the code itself.

Consider this, you're been building a new microservice, you've carefully followed all the unwritten highly specific technical implementation standards enforced by the CTO/CEO (that your aware of). You've decided to write some unit tests, well um.. didn't you know? There's nothing scalable and consistent about running the system locally! That's not built-in to the framework. So just use curl to test your service whilst it is deployed or connected to the development environment. Then you can open a PR and once it has been approved it will be included in the next full deployment (at least a week later).

Most new 'services' feel like the are about one to five days of writing straightforward code followed by weeks to months of integration hell, testing and blocked dependencies.

When confronted/advised about these issues the response from the CTO/CEO
varies:

(A) "yes but it's an edge case, the cloud is highly available and reliable, our software doesn't crash frequently".
(B) "yes, that's why I'm thinking about adding [idempotency] to the framework to address that when I'm not so busy" two weeks go by...
(C) "yes, but we are still doing better than all of our competitors".
(D) "oh, but you can just [highly specific sequence of undocumented steps, that probably won't work when you try it].
(E) "yes, let's setup a meeting to go through this in more detail" *doesn't show up to the meeting*.
(F) "oh, but our customers are really happy with our level of [Documentation]".

Sometimes it can feel like a bit of a cult, as all of the project managers (and some of the developers) see the CTO/CEO as a sort of 'programming god' because they are never blocked on anything they work on, they're able to bypass all the limitations and obstacles they've placed in front of the 'ordinary' developers.

There's been several instances where the CTO/CEO will suddenly make widespread changes to the codebase (to enforce some 'standard') without having to go through the same review process as everybody else, these changes will usually break something like the automatic build process or something in the dev environment and its up to the developers to pick up the pieces. I think developers find it intimidating to identify issues in the CTO/CEO's code because it's implicitly defined due to their status as the "gold standard".

It's certainly frustrating but I hope this story serves as a bit of a foil to those who wish they had a more technical CTO/CEO in their organisation. Does anybody else have a similar experience or is this situation an absolute one of a kind?

Me, working hard on a SQL project with a deadline that is half what it should be with no support from the other people on the project and was mostly made with with data I imagined would be in there cos no one could get me any fucking shit done (i.e. effectively designed, built, tested, fixed, upgraded, documented on my own for an entire weekly/monthly/ad-hoc analysis process that would output various reports for internal/external/management)

Manager - man who is a known waste of space but for some reason is in charge of the smallest part of the project, shouldn't have been fucking involved fucking management guzzling stain magnet...

Manager: Hey, do I need to refresh the database?

Me: .................

Me: .................

Me: ............I dunno, do you think we should refresh the database that this entire project is reliant? I mean...why do we need up to date transactions to analyse? Wait....you telling me it's not been being refreshed this ENTIRE time?

Manager: No....you never said I should. So should I?

Me: ..................I never said you should!?!? Are you not in the meetings talking about dependencies?????? Do you think i should have up to date trans or just run this with old stuff????? Why would you not update it!??!!?!?!? Its transactions...... (Desperately trying not to punch through my screen, through his, into his throat)

Manager: ..............

Me: .................

Manager: I think i'll refresh it and add it to the job?

Me: ....................(goes back to work cursing with music in so I think its quiet but who knows).

Tard, don't know how he even gets to work without someone holding his fucking hand.

Happy ending, I don't work there anymore :p

Sad ending, his spirit of tard follows me to my new jobs and possesses someone (or three sometimes)

Ticket: here's something wrong with the export of transactions, please check.

Very useful description, let me just go over this logic I've written months ago.

Yeah, I went extra sure that everything's right, besides the ones for created during the initial testing that we left. Took me a hell a long time to prove because there's such a vague description but ok.

Of course I have the time to make an eyecandy of an excel spreadsheet for you.

Only for you I'll also go and fix these entries manually. If you want me to do it so badly, I'll gladly do it.

Oh what, you're upset that I wasted 5h for this complete bullshit? Well fucking go and learn the database structure yourself then or get sued idk

Hope it was worth that 1€ difference the customer paid himself.

Not to mention that I also had to do an emergency setup to work from home because those people who are responsible for giving me an appointment for a covid test sure like to wait days after my sick leave is over. ffs, I just had a cold...

Also fuck all this bullshit mac software required to work in this network, half of this shit flat out requires you to use the same software and ofc it's all closed source to the point where I'd be glad to have an electron app for everything.

My visceral hate of Spring.Net burns with the force of a thousand suns.

Almost everything it does is done wrong or solved better by other solutions.

Specifying which classes to instantiate from .xml files? Sure why not, compile type safety (the whole reason for using a static programming language) is obviously overrated and dependency based injection is surely impossible!
And for extra bonus points, now our client code must be aware of the internals of the service classes, and all of their references as well, because, encapsulation? Who cares.

Have you made an typo? Good fucking luck finding out from which of the 100 config files we have floating around...

And, because it has baked in AOP and Transactions its woven into the fabric of the project like a tapewom.

Of course this may just be how our "special snowflake" project uses Spring.

What makes it more painful is that I love good DI tools (ninject, castlewindsor, autofac, there are so many...) and we're stuck with this turd because 7 years ago some java devs couldn't be arsed to learn a new library...

Learn what blobs, trees, hashes and the concept of "commiting" (transactions) are.

Then learn how to use diff/patch.

Then learn Git.

In that order.

What is your favorite method of debugging?

Mine is a debug log. I like a key value setting for enabling/disabling, and logging most transactions, calculations, and variables, even if they seem trivial. I've been able to locate bugs much quicker with detailed logs while some coworkers are still stepping through the process line by line. I don't fault the step method as I use it when logging uncovers nothing (it usually means I didn't log something critical :p) or when logging is not possible.

I need to change how payments are applied to invoices.

ApplyPolicyPayments() looks promising! Make changes to the method to look at the bills in order of the invoice due dates.

Run a test on the DEV environment, and the system is still exhibiting the same bug.

At this point, I wrote a quick logging plugin that I could attach to the DLL and start telling me what is going on.

Turns out, payments are actually applied in a method named BalancePolicy(). So what does ApplyPolicyPayments() do? It DOES apply payments to bills, but then just doesn't save the work. Having it commit the transactions breaks the billing system. FML.

Today Tornado Cash (TC) discord deleted, website deleted, devs got arrested.

Heres my question: although i believe TC didnt have any bad intentions in context of to help people launder money, how come the government can that easily shut down ANY crypto/nft if they really want to?

What exactly is "decentralized" here...?

TC was not made for money laundering, just like onlyfans wasnt made to be pornographic website - the Users are the ones who determined its fate.

If TC had a way to block illegal transactions, then that would be a web2 company and not web3.

And now when TC doesnt block illegal transactions in order to remain "decentralized" and "anonymous", they got arrested and their system got shut down. Ironically, so much for "anonymity" and "decentralization"...

This means the government is able to shut down absolutely any and every crypto, including BTC if they really wanted to. The question now remains is: why are they letting it roll and not shut down the whole of crypto?

What if crypto was a part of the governments plan for a future financial world where they can control, freeze, block or shut down our finances with a click of a button just as easily as they arrested TC founders today?

You know
When I first saw etherum talking about am distributed state machine i thought wow. Not very practical but NEAT. I envisioned being able to make a byte code that could be stored in transactions and run by individual clients in an async function and each step of the resulting execution and the values of managed ram would be stored at intervals so other clients could take over and execute a few more statements and compare what should always be expected results that are identical

A grand incredibly inefficient system however really neato from the theoretical computer nerd standpoint !

Boy was I disappointed lol all it is a basic contracts language but yet they state it could be like a word computer ! How ? I thought maybe if you had enough nodes participating maybe you could store registers and the like in transaction values ? Wouldn’t that be the way ?

Seems like as a word computer they’re stuck somewhere between very simplistic js and something prior to amptron in usability yet they advertised as a world computer
Am i missing something ? I mean you could create something that would translate higher level code into smal numeric statements and then send it additions values but what would it be useful for and how would you actually. Store anything ?