aslkfjasf. i've spent 12 hours today (and lots more over the past two days) trying to reproduce a bug that my [sort of] coworker insists is present. I haven't seen any proof of it anywhere, let alone steps to reproduce it.

I've poured through the code, following all of its tangled noodles of madness from start to fuck-this-shit. I've read and reread the pile of demon excrement so many times i can still read the code when i close my eyes. so. not. kidding.

anyway, the coworker person is getting mad because i haven't fixed the bug after days, and haven't even reproduced it yet. This feature is already taking way too fucking long so I totally don't blame him. but urghh it's like trying to unwind a string someone tied into a tight little ball of knots because they were bored.

but i just figured out why I haven't been able to reproduce it.

the stupid fucking unreliable dipshit ex-"i'm a rockstar and my code rocks"-CTO buffoon (aka API Guy, aka the `a=b if a!=b`loody pointless waste of mixed spaces and tabs) that wrote the original APIs ... 'kay, i need to stop for breath.

The dumbfuck wrote the APIs (which I based the new ones on mostly wholesale because wtf messy?), but he never implemented a very fucking important feature for a specific merchant type. It works for literally every type except the (soon-to-be) most common one. and it just so happens that i need that very specific feature to reproduce this bug.

Why is that one specific merchant type handled so differently? No fucking idea.

But exactly how they're handled differently is why I'm so fking pissed off. It's his error checking. (Some) of his functions return different object types (hash, database object, string, nullable bool, ...) depending on what happened. like, when creating a new gift, it (eventually...) either returns a new Gift object or a string error basically saying "ahhh everything's broken again!" -- which is never displayed, compared against, or recorded anywhere, ofc. Here, the API expects a Hash. That particular function call *always* returns a Hash, no matter what happens in the myriad, twisting, and interwoven branches the code could take. So the check is completely pointless.

EXCEPT. if an object associated with another object associated with the passed object (yep) has a type of 8. in which case, one of the methods in the chain returns a PrintQueue that gets passed back up the call stack. implicitly, and nested three levels in. ofc.

And if the API doesn't get its precious Hash, it exclaims that the merchant itself is broken, and tells the user to contact support. despite, you know, the PrintQueue showing that everything worked perfectly. In fact, that merchant's printer will be happily printing away in the background.

All because type checking is this guy's preferred method of detecting errors. (Raise? what's that? OOP? Nah, let's do diverging splintered-monolithic with some Ruby objects thrown in.)

just.
what the crap.

people should keep their mental diarrhea away from their keyboards.

Anyway. the summary of this long-winded, exhaustion-fueled tirade is that our second-most-loved feature doesn't work on our second-most-common merchant type.

and ofc that was the type of merchant i've been testing on. for days. while having both a [semi] coworker and my boss growing increasingly angry at me for my lack of progress.

It's also a huge feature, and the boss doesn't understand that. (can't or won't, idk)

So.
yep.
that's been my week.

...... WHAT A FUCKING BUFFOON!

This codebase reminds me of a large, rotting, barely-alive dromedary. Parts of it function quite well, but large swaths of it are necrotic, foul-smelling, and even rotted away. Were it healthy, it would still exude a terrible stench, and its temperament would easily match: If you managed to get near enough, it would spit and try to bite you.

Swaths of code are commented out -- entire classes simply don't exist anymore, and the ghosts of several-year-old methods still linger. Despite this, large and deprecated (yet uncommented) sections of the application depend on those undefined classes/methods. Navigating the codebase is akin to walking through a minefield: if you reference the wrong method on the wrong object... fatal exception. And being very new to this project, I have no idea what's live and what isn't.

The naming scheme doesn't help, either: it's impossible to know what's still functional without asking because nothing's marked. Instead, I've been working backwards from multiple points to try to find code paths between objects/events. I'm rarely successful.

Not only can I not tell what's live code and what's interactive death, the code itself is messy and awful. Don't get me wrong: it's solid. There's virtually no way to break it. But trying to understand it ... I feel like I'm looking at a huge, sprawling MC Escher landscape through a microscope. (No exaggeration: a magnifying glass would show a larger view that included paradoxes / dubious structures, and these are not readily apparent to me.)

It's also rife with bad practices. Terrible naming choices consisting of arbitrarily-placed acronyms, bad word choices, and simply inconsistent naming (hash vs hsh vs hs vs h). The indentation is a mix of spaces and tabs. There's magic numbers galore, and variable re-use -- not just local scope, but public methods on objects as well. I've also seen countless assignments within conditionals, and these are apparently intentional! The reasoning: to ensure the code only runs with non-falsey values. While that would indeed work, an early return/next is much clearer, and reduces indentation. It's just. reading through this makes me cringe or literally throw my hands up in frustration and exasperation.

Honestly though, I know why the code is so terrible, and I understand:

The architect/sole dev was new to coding -- I have 5-7 times his current experience -- and the project scope expanded significantly and extremely quickly, and also broke all of its foundation rules. Non-developers also dictated architecture, creating further mess. It's the stuff of nightmares. Looking at what he was able to accomplish, though, I'm impressed. Horrified at the details, but impressed with the whole.

This project is the epitome of "I wrote it quickly and just made it work."

Fortunately, he and I both agree that a rewrite is in order. but at 76k lines (without styling or configuration), it's quite the undertaking.

------

Amusing: after running the codebase through `wc`, it apparently sums to half the word count of "War and Peace"

Uhm. I don't like this

Fuck you for imposing the upper limit on password length for my online banking! Why do you even care about my pass - don't you fucking hash it beforehand?!

!personal

So, I was diagnosed with congenital nystagmus at an early fucking age. This is complicated for people who've never heard of it before to comprehend, until they notice the eyes of the person in question. Think of it this way: I lack the biological form of optical image stabilization. Because of nystagmus, I can't fucking drive.

Now, let me tell you, it really fucking sucks. I've never had a girlfriend, never been able to get a job, basically never been able to do the type of shit most of you can already fucking do. Pile that on with college, where I don't really fucking know anybody, and it's really fucking easy to see why I've had depression and nearly fucked my GPA over last semester (2.08, yeah it's embarrassing but fuck it).

That out of the way, nystagmus is rare. So rare that any surgeries to fix it aren't guaranteed to fix the problem, and are only marginally better. I have strong skepticism for any optometrist who acts like they perform this surgery every day, because the numbers simply don't back them up. If there's so few who have this issue, then the amount of operations and opportunities to do them are fucking slim.

Today, my mom came over to Indiana from Ohio, and took me to the local Cheddar's (do other countries have those??). We sit down, and she wanted to re-hash this surgery idea. I have made the statement before that these are the only two eyes that I will ever have, and there's no guaranteed ROI on any procedures, and is probably going to fuck me over if shit hits the fan.

Then she tells me there's this doctor in Maryland. I might be geographically challenged (lol), but I'm pretty sure that's over on the east coast. It's forever from here, we'd probably have to take an airliner.

This doctor made some pretty bold fucking claims. Not only was it possible he could fix the nystagmus, but he could help me use a special form of glasses that would enable me to learn to drive. Knowing that R&D on nystagmus was sketchy because of the aforementioned conditions, I had to tell her that I still don't know how I feel about it. Also, if this doctor moves from Maryland to any of the other states, would he still be allowed to do these things?

I told her I don't know how I feel about it. I'm not sure it's worth the money if we follow through and come to find out it's not enough, and I still can't drive. She acts like this stuff is dead simple. I don't think it is. You have perceived benefits, but there have to be caveats. This would be a major change, and I don't know how I feel about following through with it.

*Nervous student comes in for the first interview I am conducting as a developer*

Me (as an interviewer): What is best approach to search data?

Student: It will take linear time but if data is sorted, we can do it in logarithmic time.

Me: [Smiles] Take a hint Hash Map?

Student: Yes, with it, we can do it in constant time.

Me: Okay, Bloom Filter anytime?

Student: *sweating* noooo...

Me: Okay. I am a developer so I know this.

Student: *about to cry*

Me: No problem but why will you search data when there is no problem? Don't you have better work.

Student: *confused* yup

Me: *laughs but immediately controls* Take it lightly. You know what you need to do this job. You are HIRED. :)

Have you ever had the moment when you were left speechless because a software system was so fucked up and you just sat there and didn't know how to grasp it? I've seen some pretty bad code, products and services but yesterday I got to the next level.

A little background: I live in Europe and we have GDPR so we are required by law to protect our customer data. We need quite a bit to fulfill our services and it is stored in our ERP system which is developed by another company.

My job is to develop services that interact with that system and they provided me with a REST service to achieve that. Since I know how sensitive that data is, I took extra good care of how I processed the data, stored secrets and so on.

Yesterday, when I was developing a new feature, my first WTF moment happened: I was able to see the passwords of every user - in CLEAR TEXT!!

I sat there and was just shocked: We trust you with our most valuable data and you can't even hash our fuckn passwords?

But that was not the end: After I grabbed a coffee and digested what I just saw, I continued to think: OK, I'm logged in with my user and I have pretty massive rights to the system. Since I now knew all the passwords of my colleagues, I could just try it with a different account and see if that works out too.

I found a nice user "test" (guess the password), logged on to the service and tried the same query again. With the same result. You can guess how mad I was - I immediately changed my password to a pretty hard.

And it didn't even end there because obviously user "test" also had full write access to the system and was probably very happy when I made him admin before deleting him on his own credentials.

It never happened to me - I just sat there and didn't know if I should laugh or cry, I even had a small existential crisis because why the fuck do I put any effort in it when the people who are supposed to put a lot of effort in it don't give a shit?

It took them half a day to fix the security issues but now I have 0 trust in the company and the people working for it.
So why - if it only takes you half a day to do the job you are supposed (and requires by law) to do - would you just not do it? Because I was already mildly annoyed of your 2+ months delay at the initial setup (and had to break my own promises to my boss)?

By sharing this story, I want to encourage everyone to have a little thought on the consequences that bad software can have on your company, your customers and your fellow devs who have to use your services.
I'm not a security guy but I guess every developer should have a basic understanding of security, especially in a GDPR area.

let me preface with the fact that I'm now known at my new job for being the resident cli hipster. I can't lay any claims to knowing if it's "better" but I like it, I don't care if you do or don't, it just works for me and my flow

so at my job, we generally squash all our commits into one commit and delete the source branch upon merging; i accidentally committed all my work to an old, already merged branch, so my boss tells me it would be more of a PITA with the weird references we would encounter by merging the branch again, rather than just cherry pick the commits into a new branch, which i'm like "eh, fine.".

HIM: "You want to share your screen so we can resolve this?"
ME: "k"
HIM: "Oh, you won't be able to do this in a terminal, you are going to have to load up a GUI of some sort"
ME: "lawlz, no you don't"
HIM: "i highly doubt you will be able to accomplish that, but if you wanna make an ass of yourself, i'll humor you"
ME: "yeah, watch this"

> git log > log.txt
> git checkout <new branch>
> git cherry-pick <copy-paste-full-commit-hash-here>
> git push

ME: "done"
HIM: "what? there's no way you did it that easily, where are all your other commits???"
ME: "i usually try to amend my commits since we squash them anyhow. it really helps in situations like this"
HIM: "well, you go girl"

roll that up in your fancy degree and smoke it, why don't ya?

Trying to make a nodejs backend is pure hell. It doesn't contain much builtin functionality in the first place and so you are forced to get a sea of smaller packages to make something that should be already baked in to happen. Momentjs and dayjs has thought nodejs devs nothing about the fact node runtime must not be as restrained as a browser js runtime. Now we are getting temporal api in browser js runtime and hopefully we can finally handle timezone hell without going insane. But this highlights the issue with node. Why wait for it to be included in js standard to finally be a thing. develop it beforehand. why are you beholden to Ecma standard. They write standards for web browser not node backend for god sake.

Also, authentication shouldn't be that complicated. I shouldn't be forced to create my own auth. In laravel scaffolding is already there and is asking you to get it going. In nodejs you have to get jwt working. I understand that you can get such scaffolding online with git clone but why? why express doesn't provide buildtin functions for authentication? Why for gods sake, you "npm install bcrypt"? I have to hash my own password before hand. I mean, realistically speaking nodejs is builtin with cryptography libraries. Hashmap literally uses hashing. Why can't it be builtin. I supposed any API needed auth. Instead I have to sign and verfiy my token and create middlewares for the job of making sure routes are protected.

I like the concept of bidirectional communication of node and the ugly thing, it's not impressive. any goddamn programming language used for web dev should realistically sustain two-way communication. It just a question of scaling, but if you have a backend that leverages usockets you can never go wrong. Because it's written in c. Just keep server running and sending data packets and responding to them, and don't finalize request and clean up after you serve it just keep waiting for new event.

Anyway, I hope out of this confused mess we call nodejs backend comes clean solutions just like Laravel came to clean the mess that was PHP backend back then.

Express is overrated by the way, and mongodb feels like a really ludicrous idea. we now need graphql in goddamn backend because of mongodb and it's cousins of nosql databases.