Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "why is regex like this"
-
These motherfucking incompetent programmers... Demon spaghetti code base saga continues.
So they have a password change functionality in their web app.
We have to change the length of it for cybersecurity insurance. I found a regex in the front end spaghetti and changed it to match the required length.
Noticed 7 regexes that validate the password input field. Wtf, why not just use one?! REGEX ABUSE! Also, why not just do a string length check, it's fucking easy in JS. I guess regex makes you look smart.
So we test it out and the regexes was only there for vanity, like display a nicely designed error that the password doesn't have x amount of characters, doesn't have a this and that, etc.
I check the backend ColdFusion mess that this charismatic asshole built. Finally find the method that handles password updates. THERE'S NO BACKEND VALIDATION. It at least sanitises the user input...
What's worse is that I could submit a blank new password and it accepts it. No errors. I can submit a password of "123" and it works.
The button that the user clicks when the password is changed, is some random custom HTML element called <btn> so you can't even disable it.
I really don't enjoy insulting people, but this... If you're one of the idiots who built this shit show and you're reading this, change your career, because you're incompetent and I don't think you should EVER write code again.7 -
Behold the monstrosity regex my transpiler produces!
/val|var|[1-9]{1,32}|\+|\-|\*|s\/s|>>|=|;|(["'])(?:(?=(\\?))\2.)*?\1|print\(|log\(|sqrt\(|input\(|strToArray\(|httpGet\(|if\(|else|{|}|s==s|s>=s|s<=s|s>s|s<s|s&&s|\|\||!|;|\(|\)|\[|\]| |\w+/gi13 -
Elasticsearch, from the bottom of my heart...
How can one ecosystem be so batshit crazy inconsistent?
Seemingly every agent does the same (e.g. filebeat vs journalbeat vs packetbeat)… yet there are subtle changes in configuration everywhere.
Plus YML. The most shitty markup language one can use and the cockslubbing durps used it fucking everywhere.
Makes fun to have complex stuff and requiring a python Jinja to JSON to YML converter to be able to write the complex stuff without having the fucking migraine to count like a stupid 4 year old whitespace with both hands...
To make it even more absurd: the ingest pipelines which contain a lot of regular expressions / grok and are thus very prone to quoting issues... Yes. Let's do this in YML too.
If you need to add an fucking manual section how to debug YML errors you should have realized what a fucking stupid idea it was, morons.
Now I have the joy of having a python script regex quoting the shit for a Jinja template which then generates JSON which then generates YML.
Why the JSON part?
Yeah... Because ECS and changes in the upstream YML files / GitHub.
To be able to run diffs in a sane way because in YML distinguishing thing is pretty much impossible, so JSON as an intermediary format solely for the purpose of converting upstream YML to JSON to diff it against modified JSON ingest pipelines downstream.
I fucking hate elasticsearch8 -
Ah, the little subtle things we have to iron out as we progress from Junior Developer to Medior Developer.. things like:
- knowing the difference between a carriage return and a line feed (although having worked with analog typewriters helps) and later knowing that Unix-based systems and Windows NT-based systems implement it differently..
- knowing that serialization is important because not all computers interpret data the same way and some computers allocate 4 Bytes for a construct, others 16 Bytes.. and then we get the funkiness of transferring character sets between machines..
- knowing that a whitespace character is not only an actual space (as is known in ASCII as code 32). This one can cause even medior developers a headache, as in: why the fuck does this string function say that "hello I am a duck" and "hello I am a duck" are not the same?! Turns out then in the debugger that when you expand every character in the string you see that string1 contains 32 32 32 32 as usual.. but then string2 contains -96 -96 -96 -96 and you're like.. what the fuck..? Then you know you have to throw \\h regex at it. Haha.
- finalizing our objects and streams (although modern languages do that for us).. otherwise we have to do funky shit like trying to find what's locking a file, which is not so easy to figure out.
- figuring out why something won't work often requires you to not only break down the problem in smaller steps, to use a debugger, but sometimes it's even better to just create a proof of concept, slap some minimal code in there and debug that.. much easier.
- etc.
:)7 -
Apparently my learning style is more rote memorization than learn-by-doing and I've been trying to learn by doing for years as a hobbyist.
It took a fucking *national quarantine* to get me to try something different and I'm blown away.
What would have taken me many months to learn I've all but grasped in detail in a matter of 20 hours of study over the course of a week.
Fuck you javascript. I WIN THIS ROUND. No more looking at the documentation for stupid shit like how to write a regex, or why everything is wrapped in fucking parenthesis (IIFE), or why
I keep getting a uncaught reference exception.
The important thing to realize about learning is NEVER be obstinate about it. Try many things, and don't get stuck in one way of learning unless you know thats what works for you.
This is why having study partners and mentors are important.
I think experience/practice and rote learning work in tandem. Rote learning lets you skip the much longer step of grasping the fundamentals, bootstrapping the process of learning the abstractions that are composed of those fundamentals.
I'm still adding cards to my anki flash card deck, but if anyone wants it I'm willing to share. It's mostly just 1. practice questions, 2. detail questions (what are the types? What does this regex do?, etc), 3. implication questions (heres this bit of code. It's XYZ, why did it fail? Correct it.), combining core details to memorize, and the application of the facts learned.
It helped me to learn and I'm apparently retarded, so if you're new to programming and want to learn JS, it can probably help you too. Unless you're more of a tard than me lol.1 -
How do you get over the bad times? I keep having to work with shitty legacy systems that were written in perl and flash in the 90s, but my boss keeps telling me "No" on redoing some of the bigger stuff even though it is really needed. I mean, that is your goal here, right? Rebuilding this POS? FFS you still stored passwords in plain text twoo weeks ago! But no, you's rather dig around in Perl than upset some random user because his fucking interface looks different.
But then I also have to work with another system that I could redo in Cake/Laravel in two weeks (it's literally getting and writing data to one table, so two views and user auth), and the previous dev just... made a huge mess. I mean, why would you need to post data asynchronously when it's this one stupid form ? Just do a regular form submit? And the system is really not suitable for extending, because everything is in the database, EVERYTHING! Like, html form inputs? So to add a simple input to the template I have to create a new input type in the types table and then add that to the form structure table? Only to have the input checked by fucking regex? REGEX! Why? Seriously, this is not some high end CMS that needs this level of code reusability No. This is a simple fucking form.
And I can't get it to work. No documentation of course. No comments, either. All of this makes me feel like I'm just the shittiest dev ever. I feel dumb, and useless. Haven't turned on my private PC in weeks because I see no reason to work on any of my own stuff.
I used to have a job, working with Magento and Wordpress. And yeah, it was horrible, it was chaos, but it was fun and I was great at it. I bent that motherfucking system to fit my needs. People respected my opinion, they were convinced I could program this and that, and I proved them right. Did I make mistakes? Hell yeah. Did I give up? Fuck no!
But now, I just feel like I can't even write a simple fucking form any more. I'm just so close to giving up on development as a whole, even though I love it so much.5 -
To all websites requiring at least one upper case, one lower case, one number, one special character, 25 emoji and 49 unicorns in the password when signing up.
If you say something is required, then your regex BETTER be checking ONLY for those things. You should not have hidden requirements for passwords that users are supposed to dream about and know. Especially if it's a super time-sensitive thing that they should have opened 2 Fridays ago.
I had to pull my hair out for 20 minutes (that felt like an hour) before looking at their code and reading their regex. The regex was different from what the page said the requirements actually were. What were they even thinking? 😑
The rest of everything related to this organization uses an SSO system, why can't they just use it? Isn't the whole point of SSO to avoid a different login for every tiny part of the system?
I wonder what the other less technically inclined people using the system are doing right now. Sadly, I have no way of letting them know.
I sincerely hope the dev that made that website faces the same thing while picking a password for creating an account somewhere else and realizes what he/she did.
I really needed to let it out.
I feel much better now.
Time to take out the stress ball :)1 -
I love Django. I really do. It's been fun to work with, and wrestle with, and beat my head over repeatedly. I really have enjoyed it. But why in the name of all that is even remotely holy must the URL documentation be so spotty? I finally did get my URL behavior to work, but now that I've created a view function for deleting objects in one of the models, the URL for the editing function breaks. All you do is click "edit" and it brings up this nice little form where you can edit the database entry by querying its ID number and then you can save that ModelForm and everything is fine. So the url scheme is http://foo.com/bar/edit/3/
Should work. Used to work. I swear it used to work, I pulled up an older commit and it works like a charm. Deleting works with that same url scheme.
http://foo.com/bar/delete/3/
deletes the object with id=3 no problem. The two URL schemes in urls.py match perfectly (except one says delete obviously).
But now something has gone and gotten ROYALLY derailed because every time I run that function, that CLEARLY PRESENT 3 is being passed as None. I thought, oh, maybe I rearranged the arguments and am passing in the wrong ID. Nope. Okay, so what if I mixed up the regex on the url? Nope. Matches. WHERE ARE YOU GETTING NONE FROM? I mean, I realize that's the default, but I'M PASSING AN ARGUMENT in.
{% url 'namespace:edit' id=object.id %}
breaks horribly whereas
{% url 'namespace:delete' id= object.id %} deletes the object just fine. Why, Django? We've been wrestling with this for hours. Give me a sign. Tell me what you want from me. I'll give it to you. I will. I promise. -
That feeling when you inherit a script to automate something that takes 10 seconds. Why would they even write this? It's not like the task is hard....
...
And why would they write it this way? I'm sure if I just move this part and ....
That feeling when you spend several hours improving and redesigning a perfectly functional script to automate a 10 second task for zero gain aside from cleaner code. "But the code for this quick-and-dirty script I'm never going to look at again looks so much better now!"
... If only it did a bunch of complicated parsing, regex matching, and error checking just so I can answer one less prompt.... Unless that parsing fails. Then it should still ask me for that prompt... And also validate that the answers I give are valid and correct....
That feeling when you spend a whole nother day starting from scratch to implement error checking and complex parsing logic knowing full well the original task takes 10 seconds to do manually and is needed at most twice a day (for a grand total of 20s a day)
WHY AM I LIKE THIS?!?!?!4