AboutFull Stack Software Engineer, Electrical Engineering Driven by OCD & Club Mate. Beatiful anf maintainable code is what gives life its beauty.
Joined devRant on 4/25/2017
Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
(relating the CMS of Doom™)
Imagine loading a shared CSS for your subdomain site from your main site via PHP over cURL and then embed it in a <style/> tag on every single damn request.
The gift that keeps on giving... the Custom CMS Of Doom™
I've finally seen enough evidence why PHP has such a bad reputation to the point where even recruiters recommended me to remove my years of PHP experience from the CV.
The completely custom CMS written by company <redacted>'s CEO and his slaves features the following:
- Open for SQL injection attacks
- Remote shell command execution through URL query params
- Page-specific strings in most core PHP files
- Constructors containing hundreds of lines of code (mostly used to initialize the hundreds of properties
- Class methods containing more than 1000 lines of code
- Completely free of namespaces or package managers (uber elite programmers use only the root namespace)
- Random includes in any place imaginable
- Methods containing 1 line: the include of the file which contains the method body
- SQL queries in literally every source file
- The entrypoint script is in the webroot folder where all the code resides
- Access to sensitive folders is "restricted" by robots.txt 🤣🤣🤣🤣
- The CMS has its own crawler which runs by CRONjob and requests ALL HTML links (yes, full content, including videos!) to fill a database of keywords (I found out because the server traffic was >500 GB/month for this small website)
- Hundreds of config settings are literally defined by "define(...)"
- LESS is transpiled into CSS by PHP on requests
I could go on, but yes, I've seen it all now.10
Imagine implementing PHP scripts which execute shell commands defined in URL GET query params on your customer's dedicated server without any basic authentication or similar. The only security is by barely obfuscating it's URL.
I think I've seen it all now...5
I think I have PHPTSD...
This absolutely abysmal custom PHP CMS I have to migrate is even worse than I expected. At this point it's easier to guess the table relationships in MySQL than trying to decypher the code which that other company's CEO and his slaves wrote.
I have to assume that he is an absolute genius, well above 180 IQ points, as I have zero chance of understanding his code within my limited lifetime...4
Imagine this clusterfuck:
A small company creates its own CMS on PHP 5.5 and MySQL, coded by fresh junior devs who apparently just got into coding.
My new employer sadly is one of their customers and now I got the task to migrate a group of tightly linked websites on subdomains to an actually sane and maintainable CMS...
Apparently the continuous extension of the websites over the years got so labor intense, that the mentioned company lacks the manpower to fulfill further development wishes.
I've looked into the code today... let me tell you, PTSD is helluva thing.
- Each subdomain has a complete copy of the Crap Management System, there is no use of composer packages and each of the 50 folders in the webroot contains a mix of source code and images or other resources.
- LESS is transpiled into CSS by PHP on requests.
- There is no central file for environment variables like a ".env".
- Each website uses at least 5 different versions of jQuery, of which some jquery.min.js files were manually modified.
Don't get me started on how the DB is organized...
My work on this has just started, there will be more I've yet to uncover.
"C'mon, man! Gimme a break!"16
I haven't started yet, but I will start with a small and simple operating system for microcontrollers written in C++.5
Imagine what PHP could be, if its native API wasn't still based on a C-like pile of turds, abused by below average coders...
On can just dream 😢
I like PHP a lot, but man, the PHP job offerings I've seen...
99% WorstPress, Typo3 or Joomla in companies that exist for 15 years and have just recently started to use Git.
Even with a 6 figure salary I couldn't bear the desolation of working for such single-celled organisms.7
In my opinion you have to be a psychopath to actually like learning WP at all.
It makes me wanna jump off the closest bridge, taking a header.4
Not quite dev-related, but I once had to migrate and replace a Windows Server 2003 Domain (1 DC) to a new Windows Server 2016 Domain Controller. The network consisted of about 30 PCs, 1 DC and 1 DB Server.
Eventhough it worked, I wouldn't do it again... 😰
At the beginning I almost deleted the old Domain Controller VM from the old ESXi host server, before any VM backup existed. Close one...
Fun is, when you get to fix the front-end made by a "front-end expert" consisting of bootstrap and a single "custom.css" of 3800 lines.
Peak sadism. 🤡15
Outsourcing front-end for web is like playing russian roulette, but with 6 bullets in 6 chambers.
You shoot yourself in the balls (or ovaries)... HARD.
I don't know how you can develop in a complete nightmare of a SCSS file - 3500 lines of insanity.
This dev must have changed his mousewheel at least 50 times!
SERIOUSLY, why the fuck use SCSS when you piss everything into one single fucking file???
What drives me completely nuts is the fact that he even used an @import to include his custom.scss file... how many more IQ poins are needed to realize that you could SPLIT your spaghetti into smaller, sane files?
I need a whiskey...3
So it turns out I had to set the memory_limit of a PHP cronjob to a whopping 8 Gigglebytes to make it run.
Call me haxX0r m4n from now on.2
Damn, I really love Vue! 🥰
It's so clean and refreshingly simple compared to the shitfuckery called AngularJS (should be renamed to AngularJK or AngularRIP btw.).
I don't understand why I haven't tried Vue sooner... much mind boggle, so regret, many thinking...16
Imagine you can test newly created catalogs, but on error you only receive an error ID, which you have to send to a support email to get the acual error message, but support only responds after maybe 2 weeks if you're lucky.
How hard can it be to implement a log viewer next to your catalog testing forms.
I hate lying customers.
Today a customer opened a support ticket related to his website account. Apparently he is losing his session right after the login success.
I've debugged everything, checked all logs and couldn't reproduce it.
I know every bit of business logic on the website by heart.
The only explanation could be that his browser either doesn't allow cookies or expires them after page change.
So I asked him to check.
"Yes, cookies are allowed in my browser" he wrote.
Well... fuck me... I will change the code to put the session ID in the URL as well. If it works - and I'm 100% sure of that - I will personally mail him a collection of the finest turds.4
There was a time in Windows 95, where during login, you could just press cancel and you were logged in without the need of a password.8
My top reasons for you to not become a dev are:
- You don't like stress
- You like to overengineer but you want to "take your time"
- You hate bug-detective work
- You are impatient
- You want to overcome your virginity
- You are an overly social person6
The top reasons to become a dev are:
- your brain acutally gets challenged to its fullest
- you can fix most of your IT problems yourself
- you are forced to learn how to deal and live with stress
I won't list the disadvantages, becaus it would result in memory allocation errors.5
Front-end hacking is pure dog shite.
Some banana fuckers changed a forms plugin for PukePress some odd years ago and now I am responsible, after installing 2 major releases, to make it behave and look the same as it did before.
I'd rather dangle in a noose than cleaning up their spaghettified CSS selectors and random jokeQuery code.4
Programming is life ❤️
Just as life, it has it's ups and downs, but it's truly satisfying to create complex systems and get them to actually work and be useful to others.
We have only just started with the digitalisation of previously manual, tedious tasks. Imagine what all this saved time and labour could bring us to achieve in areas we haven't yet had the time to explore.
I hope mankind is ready for the ongoing and upcoming challenges regarding data privacy and security.
Nah, in reality, we will be stuck with Fakebook and Tweeter selling all our dickpics to *in Trump voice* "Chiner" and censoring unpopular opinion and discourse.
These "digital parasites" can all go sit on a rusty spike.
I love PHP, but...
the PHP API has been designed by crackpipe smoking cave trolls.
Every other function has its params completely reversed or in random order compared to similar functions.
array_map, array_filter, property_exists, array_key_exists11
Ah yes, progress...
Why do SJWs have to infiltrate everything and project their own racist views of the world onto non-problematic terms?
Slavery has existed for as long as humanity and abolishing the terms will definitely not solve slavery and opression.
I am not against Git changing the default name but I am against them doing it in the name of "inclusivity". The technical world exists by merit and not inclusivity. Why make everything about color, race or slavery level?89
My biggest influence on coding style is:
"If code make reviewer puke, code bad."
In all seriousness though, I think the biggest influence is seeing messy code and not trying to replicate that.
I think every code file, however ugly it is, tells you a story. Maybe the coder was less experienced, maybe it was written during crunch or the coder is an enterprise software engineer who has to make a factory for everything and everything is generic.
In my opinion there is no perfect code style. You do what's required and hopefully in your best ability, and, as a bonus, think of the person who has to look at your code next...
For me it's kind of hard to tell whether my code is good. I have no reviewer in the company, which brings the risk of writing code so only you understand it... but so far it has worked and I've definitely seen worse than my 1 year old files. 😄
Does somebody know how to send data to the PHP CGI executable directly and how to receive it (stdin/stdout)?
Or point me to a useful resource?
In a side project (just for fun) I try to implement the interface on NodeJS so I could process PHP through ExpressJS (long story).
I've been able to send and receive stuff, but the PHP CGI always tells me that I am "not allowed" to use this interface...
Docs/mailinglists seem reeeally old and don't want to go through the Apache source code 😅
Or does Node not have enough privileges for communicatig with PHP CGI exe?8
Damn... some dude has his full SSH credentials to his webserver in his published NPM package...
I have to tell him 😅16