So;dfjkhijasdfkjq;sdfhjkl;asdf

I copy a line from one spec (to create a user) and paste it in another spec. It works just dandy in the first, and throws MySQL missing column errors in the other.

Fucking what.

This codebase is full of shit like this. Things work in one place but not another, and it’s never obvious why. Tens of thousands of gotchas and quirks. The only way I can get an answer to things like these is to either beg my boss for an explanation, which I’m sure he’s long since tired of, or spend a full day (or more) wading through several rabbit holes filled with raw sewage.

I wasted two hours today trying to get a simple fucking factory to work. And you know what? I just gave up and used the existing admin user. Yeah it’s a bad idea, but it’s fucking good enough.

They can yell if they want.
I have no cares left.

I have Ladytron — Weekend stuck in my head. I don’t mind.

Yesterday's (scheduled and adhoc) meetings:
10:30-11:00
11:00-11:30
12:30-1:30 (adhoc)
1:30-2:30
4:30-5:00
6:00-6:20 (adhoc)

Today's (scheduled) meetings:
9:30-10:00
11:00-12:00
12:30-1:15
1:30-2:30

Tomorrow's meetings include a 1:1 with my boss who will invariably ask why I'm not done on this "should take a week" project that I've had for a week, despite that he just unblocked me on yesterday morning, and I've had nothing but meetings since...

Fucking hell.
They fill my day with shit spaced out just enough to waste practically my entire freaking day so I can't get anything done, conveniently forget this, and then have the audacity to yell at me for not finishing my tickets. Of course I didn't finish! You all were too busy blabbing at me every day for the past fucking week! (Oh, and do they listen if I have something to say? Of course they fucking don't.)

Also, as a secondary rant, the product douchebag files tickets (usually complex as hell tickets worded to appear trivial) with enough missing information to make missing large sections of them easy. If I ask him for clarification, he tells me to read the ticket, and if I insist, he gets all exasperated and quickly zooms through the site faster than I can follow, shows maybe half of what's in the ticket, and asks why I don't know how to do any of this yet. After I finish his shit ticket (and true to his douchebag nature) he blames me for missing several of those pieces he never outlined or showed, and insists that I obviously don't test anything. And because that's clearly not douchey enough, the fucking sack of shit also goes behind my back and trashtalks me to my coworkers, tells them he can't trust me to do a simple fucking thing, and that he's given up on me.

What the FUCK is wrong with these people?

I’m conducting a train.

For testing, I tell the train to go to station C when someone requests station G. But when I request station G afterwards, it sends me to station H instead.

I never asked for this.

Every time I interact with this DBA he treats me like I’m some fucking moron who barely knows what a query is. It doesn’t help that I can’t get him to understand a damned fucking thing, no matter what the topic is. We speak the same language, supposedly, but can barely communicate. I can’t even begin describe how his half of the conversations go because I am unable to follow much of it.

Maybe if I start aligning my fucking chakras and channeling my inner goddamn cosmic peace energy, or whatever it is he’s on about, he might start making more sense? I swear he’s been so high so often that he’s never quite come down.

There’s obviously a language barrier, somehow, but the guy is also such a douche every freaking time. Ugh.

YELLED AT FOR 45 FUCKING MINUTES OVER OTHER PEOPLE’S FUCKUPS

IF YOU PIECES OF SHIT WANT ME TO DO SOMETHING, FUCKING SAY IT. WRITE IT THE FUCK DOWN IN THE FUCKING TICKET.

AND IF YOU WANT A FUCKING DEMO, SCHEDULE THE FUCKING THING, AND STOP FUCKING CANCELING THEM. DON’T BLAME ME WHEN IT’S YOUR FUCKING FINGER ON THE FUCKING CANCEL BUTTON EVERY. FUCKING. WEEK.

AND SERIOUSLY, DON’T FUCKING EXPECT ME TO DROP MY LAST FUCKING TICKET THE AFTERNOON BEFORE VACATION FOR SOME LOW-PRIOIRTY CRAP BECAUSE SUDDENLY IT’S ALL THE RAGE INSIDE YOUR TINY DUMBASS HEAD. BUT OH BOO FUCKING HOO, @ROOT DIDN’T DO WHAT I ASKED WHEN I WAS BEING A FUCKING MORON! GO FUCK YOURSELF YOU FUCKING STUCK-UP IDIOT

AND FUCK BOZO THE CLOWN BOSS FOR BLAMING ME FOR THE FUCKING IDIOT’S BRUISED FUCKING EGO

FUCK THE LOT OF YOU

Had a meeting with my boss earlier. Got yelled at for:
a) Working on a high-priority, externally-committed ticket (digit separators) that i was 85% done with on the Friday afternoon before my vacation instead of jumping to a lower-priority screwdriver ticket that just came in. Even though my boss agreed with me that what I did was exactly what I should have done, it's still bad because I was apparently rude to product by not doing as they asked?
b) Taking too long on that digit separator ticket that amounts to following a gigantic mess of convoluted spaghetti and making a few small changes, and making sure it doesn't break the world because it's all so fucking convoluted and fragile as hell. Let's not even mention my 4-10 hours of mandatory useless meetings every week.
c) Missing something that wasn't even listed in that same ticket -- somehow my fault? -- so I very obviously didn't test my work. Even though specs all passed and QA also tested and signed off on it as working and complete. Clearly half-assed and untested. Product keeps promising/planning UATs and then skipping them, and then has the audacity to complain about it.
d) Not recovering fast enough from burnout and daily mental breakdowns. I can still barely get out of bed and you want me to be super productive? Got it. Guess what? I'm being amazingly productive for my mental health. But my boss, Mr. Happy-go-lucky, thinks depression is dropping your icecream cone on your clean kitchen table, and this three-ton pile of spaghetti is "maybe a little messy, I guess."

So I need to somehow "regain the confidence" of both him and product because I'm taking awhile on difficult tickets (surprise), while having these ridiculous breakdowns (surprise), and because I don't fix things that aren't even listed in the fucking tickets (fucking surprise) -- and worse, that the lack of information is somehow entirely. my. fault. (surprise fucking surprise)

GOD I HATE THESE PEOPLE.

Yay! Mentions are working again!
How I’ve missed you.
Praise to @dfox 💜

Product: Hey, this screwdriver feature I never requested isn’t there. Why? Can you fix it? It’s kinda urgent.

Product: @Root please jump on the ticket above … fairly urgent.

Root: It’s Friday, I’m out next week, and I’m working on finishing <urgent comma ticket> right now.

Boss: Work on the screwdriver instead. But make sure you finish the comma ticket too!

Boss: By the way, I volunteered you for eight security reviews next month!

Security: You’re on call for AWS audits next month, too!

Seven hours of meetings this week, and every. single. one. of them could have been an email.

How can they expect me to get anything done when all I’m doing is listening to them drone on and on and …

And of course this shouldn’t affect the deadlines. No siree! But can I work during them? Not a chance! … Totally do anyway …

Commas.
I fix one display, and another breaks.

Now I’m getting “$$1002.99” and can’t figure out why. Where is this popup coming from? Where does the encrypted URL point to? What does this ajax call do? Where does the amount go? When does it change? Why is it a string now? Where does the total get defined? How far down the rabbit hole do I need to go?

Short short version:

I found something to try fixing. I made some changes, forced a crash to inspect, and… Joy! My log stopped updating. How long have I been debugging on stale data?

Skipping a long debugging session…

I discover a suspect instance var in a suspect method, and… i have no freaking clue where it’s being defined. It’s used in the class, but never defined in it. Oh, and the name is pretty generic, so searching for it is even more fun.

Just.
Qxfrfjkalstf.

WHO WRITES THIS CRAP?!
AND WHY DO PEOPLE CALL THEM “LEGENDS”? Like, really. That’s the word they use. “Legends.” I still can’t believe it.

I’m adding some fucking commas.
It should be trivial, right?
They’re fucking commas. Displayed on a fucking webpage. So fucking hard.

What the fuck is this even? Specifically, what fucking looney morons can write something so fucking complicated it requires following the code path through ten fucking files to see where something gets fucking defined!?

There are seriously so fucking many layers of abstraction that I can’t even tell where the bloody fucking amount transforms from a currency into a string. I’m digging so deep in the codebase now that any change here will break countless other areas. There’s no excuse for this shit.

I have two options:
A) I convert the resulting magically conjured string into a currency again (and of course lose the actual currency, e.g. usd, peso, etc.), or

B) Refactor the code to actually pass around the currency like it’s fucking intended to be, and convert to a string only when displaying. Like it’s fucking intended to be.

Impossible decision here.

If I pick (A) I get yelled at because it’s bloody wrong. “it’s already for display” they’ll say. Except it isn’t. And on top of that, the “legendary” devs who wrote this monstrosity just assumed the currency will always be in USD. If I’m the last person to touch this, I take the blame. Doesn’t matter that “legendary Mr. Apple dev” wrote it this way. (How do I know? It’s not the first time this shit has happened.) So invariably it’ll be up to me to fix anyway.

But if I pick (B) and fix it now, I’ll get yelled at for refactoring their wonderful code, for making this into too big of a problem (again), and for taking on something that’s “just too much for me.” Assholes. My après Taco Bell bathroom experiences look and smell better than this codebase. But seriously, only those two “legendary” devs get to do any real refactoring or make any architecture decisions — despite many of them being horribly flawed. No one else is even close to qualified… and “qualified” apparently means circle jerking it in Silicon Valley with the other better-than-everyone snobs, bragging about themselves and about one another. MojoJojo. “It was terrible, but it fucking worked! It fucking worked!” And “I can’t believe <blah> wanted to fix that thing. No way, this is a piece of history!” Go fuck yourselves.

So sorry I don’t fit in your stupid club.

Oh, and as an pointed, close-at-hand example of their wonderful code? This API call I’m adding commas to (it’s only used by the frontend) uses a json instance variable to store the total, errors, displayed versions of fees/charges (yes they differ because of course they do), etc. … except that variable isn’t even defined anywhere in the class. It’s defined three. fucking. abstraction. layers. in. THREE! AND. That wonderful piece of smelly garbage they’re so proud of can situationally modify all of the other related instance variables like the various charges and fees, so I can’t just keep the original currency around, or even expect the types to remain the same. It’s global variable hell all over again.

Such fucking wonderful code.

I fucking hate this codebase and I hate this fucking company. And I fucking. hate. them.

I’m trying to add digit separators to a few amount fields. There’s actually three tickets to do this in various places, and I’m working on the last of them.

I had a nightmare debugging session earlier where literally everything would 404 unless I navigated through the site in a very roundabout way. I never did figure out the cause, but I found a viable workaround. Basically: the house doesn’t exist if you use the front door, but it’s fine if you go through the garden gate, around the back, and crawl in through the side window. After hours of debugging I eventually discovered that if I unlocked the front door with a different key, everything was fine… but nobody else has this problem?

Whatever.
Onto the problem at hand!

I’m trying to add digit separators to some values. I found a way to navigate to the page in question (more difficult than it sounds), and … I don’t know what view is rendering the page. Or what controller. Or how it generates its text.

The URL is encrypted, so I get no clues there. (Which was lead dev’s solution to having scrapeable IDs instead of just, you know, fixing them). The encryption also happens in middleware, so it’s a nightmare to work through. And it’s by the lead dev, so the code is fucking atrocious.

The view… could be one of many, and I don’t even know where they are. Or what layout. Or what partials go into building it.

All of the text on the page are “resources” — think named translations that support plus nested macros. I don’t know their names, and the bits of text I can search for are used fucking everywhere. “Confirmation number” (the most unique of them) turns up 79 matches. “Fee” showed up in 8310 places before my editor gave up looking. Really.

The table displaying the data, which is what I actually care about, isn’t built in JS or markup, but is likely a resource that goes through heavy processing. It gets generated in a controller somewhere (I don’t know the resource name so I can’t find it), and passed through several layers of “dynamic form” abstraction, eventually turned into markup, and rendered as a partial template. At least, that’s how it worked in the previous ticket. I found a resource that looks right, and there’s only the one. I found the nested macros it uses for the amount and total, and added the separators there… only to find that it doesn’t work.

Fucking dead end.

And i have absolutely nothing else to go on.

Page title? “Show”
URL? /~LiolV8N8KrIgaozEgLv93s…
Text? All from macros with unknown names. Can’t really search for it without considerable effort.
Table? Doesn’t work.
Text in the table? doesn’t turn up anything new.
Legal agreement? There are multiple, used in many places, generates them dynamically via (of course) resources, and even looking through the method usages, doesn’t narrow it down very much.

Just.
What the fuck?
Why does this need to be so fucking complicated?

And what genius decided “$100000.00” doesn’t need separators? Right, the lot of them because separators aren’t used ANYWHERE but in code I authored. Like, really? This is fintech. You’d think they would be ubiquitous.

And the sheer amount of abstraction?
Stupid stupid stupid stupid stupid.

Designing flight control systems for spacecraft sounds pretty nice.

MOOD:
db “fml”, 0;

🎶 Fixing production issues 🎶
🎶 Fixing production issues 🎶
🎶 In other people’s code! 🎶

Seriously, how am I still in a good mood when I have to deal with this?

A sidebar.
Literally just a sidebar.
And yes, this was in Hell.

Its code was spread across at least 40 files, and it used a bunch of freaking global variables to unfurl accordion sections, hide other sections/items, highlight the active item, etc. These were set (and unset!) in controller actions, so if you didn’t unset one, it remained open and highlighted until another action unset it.

Some of the global variable checks (and permissions checks) were done in the individual views, some outside of the `render` statements that include them. Some of them inherited variables from the parent, some from the controller, some from globals. Getting a view to work was trial and error. Oh, and some had their own inline css, some used css classes.

Subsections were separate views, so were some individual items, both sometimes rendered using shared templates, and all of the views and templates had the exact. same. filename. (They were located in different directories, and thus located automagically via implicit relative paths.) So, it was a virtually endless parade of`render partial => “sidebar”`. Which file does that point to? Good luck figuring it out!

Also, comments in several places said adding a new section required a database migration. I never did figure out why.

Anyway, I discovered this because I had an innocuous-sounding ticket to rearrange the sidebar, group some sections/items under different permissions, move some items to another menu, and nest some others differently.

It took me two bloody weeks, and this was when I was extremely productive every day.

Afterward, I was so disgusted by it that I took a day and removed every trace of the sidebar I could find, and rewrote it. I defined the sidebar in a hash, and wrote a simple recursive builder to generate the markup. It supported optional icons, n-level nesting, automatic highlighting of the current item and all parent nodes, compound and inherited permissions, wrapping of long names, hover and unfurl animations, etc. Took me a couple hundred lines of Ruby at the most, plus about the same of css.

Felt so good to remove that blight.

Checks display on-screen.
The watched test gazes back
and threatens to break.

Back in Hell, we had a “company summit” where everyone flew in for an all hands meeting.

It was three days long in a tiny office with very lacking air conditioning in the middle of a Las Vegas summer. Basically the entire thing was the CEO / goblin salesman king chewing at us and expounding about / proselytizing his latest and greatest sales ideas and how they’ll change the world. And randomly asking “which of you are HUNGRY?! Which of you want to be FILTHY FUCKING RICH?!” etc.

One good thing came out of it, which was that any and all new endeavors needed a “co-signer” and a sign off from development before we (developers, or more accurate: just me) would work on it. It reduced the growth rate of my backlog by like 80%, which was nice.

While dreading the “summit,” I hated him more than I had in quite awhile.

During the summit, I hated him more and even flipped him off.

After the summit, I swore to leave the revolting wreckage that was the company.

(And months later, I did just that —after becoming the sole dev and the only person holding the damned company afloat. When I gave him my two weeks’ notice, I absolutely relished his terror. And my time spent writing my 43 page no-sugarcoat handoff document that was guaranteed to scare off any hapless dev he might find. 😇)

But I digress, three 10-hour days with him and the rest of the sales team, the sleazy lawyer, the CTO who mentally checked out years ago, the yes-man contractor, and me. The only good thing that came out of that meeting was one good idea that he dismissed, and the sign off idea that saved my backlog a bit.

One of the sales people quit shortly thereafter. So it was a huge expense that wasted everyone’s time and added absolutely nothing of value to the company. GG!

Oh, it was also in the “totally better” office — meaning… cheaper, unfinished (literally plywood floors), and was one room in another company’s office, who often locked the door leading to their offices because they trusted him so much. But it was in downtown Las Vegas, with no parking at all, where gang members were hanging out almost every day, and it was next to low-income housing and weird no-service restaurants with shockingly high prices.

Weird and scary.
Very scary.

Totally carried pepper spray every time Mr. Goblin asshole forced me to go into the office. Didn’t get raped, though, or my laptop or car stolen. So that was nice.

Best: the tool that works for the job.
Worst: the tool that doesn’t.

Example: Ruby is great for scripts and web dev, but simply doesn’t work for graphics engines.

Example: SQL is great for fetching data (etc.), but it is absolutely terrible for business logic.

Example: XSLT is great for lowering your faith and your will to live, but it is absolutely awful for literally every other purpose.

I could bitch about XSLT again, as that was certainly painful, but that’s less about learning a skill and more about understanding someone else’s mental diarrhea, so let me pick something else.

My most painful learning experience was probably pointers, but not pointers in the usual sense of `char *ptr` in C and how they’re totally confusing at first. I mean, it was that too, but in addition it was how I had absolutely none of the background needed to understand them, not having any learning material (nor guidance), nor even a typical compiler to tell me what i was doing wrong — and on top of all of that, only being able to run code on a device that would crash/halt/freak out whenever i made a mistake. It was an absolute nightmare.

Here’s the story:

Someone gave me the game RACE for my TI-83 calculator, but it turned out to be an unlocked version, which means I could edit it and see the code. I discovered this later on by accident while trying to play it during class, and when I looked at it, all I saw was incomprehensible garbage. I closed it, and the game no longer worked. Looking back I must have changed something, but then I thought it was just magic. It took me a long time to get curious enough to look at it again.

But in the meantime, I ended up played with these “programs” a little, and made some really simple ones, and later some somewhat complex ones. So the next time I opened RACE again I kind of understood what it was doing.

Moving on, I spent a year learning TI-Basic, and eventually reached the limit of what it could do. Along the way, I learned that all of the really amazing games/utilities that were incredibly fast, had greyscale graphics, lowercase text, no runtime indicator, etc. were written in “Assembly,” so naturally I wanted to use that, too.

I had no idea what it was, but it was the obvious next step for me, so I started teaching myself. It was z80 Assembly, and there was practically no documents, resources, nothing helpful online.

I found the specs, and a few terrible docs and other sources, but with only one year of programming experience, I didn’t really understand what they were telling me. This was before stackoverflow, etc., too, so what little help I found was mostly from forum posts, IRC (mostly got ignored or made fun of), and reading other people’s source when I could find it. And usually that was less than clear.

And here’s where we dive into the specifics. Starting with so little experience, and in TI-Basic of all things, meant I had zero understanding of pointers, memory and addresses, the stack, heap, data structures, interrupts, clocks, etc. I had mastered everything TI-Basic offered, which astoundingly included arrays and matrices (six of each), but it hid everything else except basic logic and flow control. (No, there weren’t even functions; it has labels and goto.) It has 27 numeric variables (A-Z and theta, can store either float or complex numbers), 8 Lists (numeric arrays), 6 matricies (2d numeric arrays), 10 strings, and a few other things like “equations” and literal bitmap pictures.

Soo… I went from knowing only that to learning pointers. And pointer math. And data structures. And pointers to pointers, and the stack, and function calls, and all that goodness. And remember, I was learning and writing all of this in plain Assembly, in notepad (or on paper at school), not in C or C++ with a teacher, a textbook, SO, and an intelligent compiler with its incredibly helpful type checking and warnings. Just raw trial and error. I learned what I could from whatever cryptic sources I could find (and understand) online, and applied it.

But actually using what I learned? If a pointer was wrong, it resulted in unexpected behavior, memory corruption, freezes, etc. I didn’t have a debugger, an emulator, etc. I had notepad, the barebones compiler, and my calculator.

Also, iterating meant changing my code, recompiling, factory resetting my calculator (removing the battery for 30+ sec) because bugs usually froze it or corrupted something, then transferring the new program over, and finally running it. It was soo slowwwww. But I made steady progress.

Painful learning experience? Check.
Pointer hell? Absolutely.

Wholesome anti-rant.

There’s this Indian chick at work that I really, really do not get along with. Fortunately she’s on a different team so we have practically zero interactions. Her code was always decent, maybe upper junior level? but I went away fuming almost every time we talked.

However, I did a release security review today (I’m down from five/six per month to one) and read through quite a bit of her code. It was clean and easy to read with good separation, clear naming and intentions, nothing was confusing, etc. It was almost beautiful. Had I any emotions I might have shed a tear. I sent her a message and let her know :) I actually learned a better way of doing a couple of things from it.

She has grown so much as a dev.

!dev

Tired, went to bed early. Took two melatonin because I haven’t been sleeping well. Layed down at 9:30pm, tried to sleep for hours, couldn’t, and ended up feeling wide awake at like 11:30. Memories of my parents and their endless shit resurfaced and flooded into my mind, and made me various combinations of livid and sad and distraught. Got up and sat in the closet at 2am to try and clear my head, and eventually gave up and started my work day at 2:45. Got quite a bit done, and it cleared my head. Yay!

But it’s now 6:25am and I have standup at 10:30, and a day full of meetings. :<

… and plenty of memories I would very much rather not remember.

Adventures in security land, part II:

I’m getting pulled off the security review team and instead relegated to part-time security tickets alongside my usual dev work. (So, someone else finds them, i fix them.)

Guess I found and debated too many problems with the lead dev’s code. 🙄

Adventures in security land.

The “legendary” lead dev authored a ticket that logs raw credentials for a third-party tool we’re using, and logs partially-obscured consumer passwords. His reasoning: “for debugging. And customer service!” And then argued with me over why that’s bad! Seriously?

Then in the release channel, he and the release manager are talking like I’m pestering them with my findings. Things like “I have some Root-induced changes coming” and “Fixed those, but she’ll probably have more...” etc.

Like come on.
I’m even being nice here, but you seriously need to stop screwing this up.

They also didn’t bother merging the fixes into the release branch, so I needed to re-review the entire (large) ticket on its own branch. Doubles the effort since I can’t easily see what changed.

The lead dev also only updated a few of the specs (despite me sending him a list), so there’s a bunch of failing ones now. Makes me unsure if he actually fixed everything.

Maybe I’m just being touchy, but ugh. Freaking annoying people.

At least he owned up to being the author this time instead of saying someone else (who wasn’t in the history...) wrote it. -.-

!!depression

I used to measure my performance in features per day (or week, depending on their scope), or tasks/day or loc/day for huge projects. My usual was two to three small features a day, and some progress on a larger one.

Now I’m so burned out and depressed that i measure my progress in the amount of days per week that aren’t “zeros” — as in days where i get literally nothing done. Now any day where i get _anything_ done, no matter how little, is a “good day.” I partially refactored about fifty lines of json builder spaghetti on Tuesday. That was a great day.

This week I’ve had two zeros, and it’s Thursday morning. I think it’s going to be a three zero week.

Worse: performance reviews were due weeks ago. I still haven’t written mine, and have no idea what i would even write. How can i make myself sound good when i can barely even force myself to eat or take a shower?

I need a vacation.
I’m horribly depressed and burned out, every day for months has been a little harder than the last, and really doing anything at all is a monumental challenge, work or otherwise. Let alone working on the fucking screwdriver.

I told my boss last night and requested time off.

His response?
> Oh no, but the new screwdriver! We were all really really hoping to get it out by the end of the month!

I’m a crumpled wreck and all you care about is the fucking screwdriver that PRACTICALLY NOBODY WILL FUCKING USE? Seriously dude, go to hell.

“How’s work?”

It’s killing me.

I just got a text from T-Mobile telling me about their updated privacy policy and that I can “opt out.” So, naturally I do exactly this.

After a little bit, I land on their “Do not sell my data” page and discover that, not only does it have 175+ trackers,
it doesn’t even fucking work. Also, on the desktop version of the site, the very control allowing the user to opt out of having their data shared/sold doesn’t even render.

These are all absolutely inexcusable.

Example #1 of ??? Explaining why I dislike my coworkers.

[Legend]
VP: VP of Engineering; my boss’s boss. Founded the company, picked the CEO, etc.
LD: Lead dev; literally wrote the first line of code at the company, and has been here ever since.
CISO: Chief Information Security Officer — my boss when I’m doing security work.

Three weeks ago (private zoom call):
> VP to me: I want you to know that anything you say, while wearing your security hat, goes. You can even override me. If you need to hold a release for whatever reason, you have that power. If I happen to disagree with a security issue you bring up, that’s okay. You are in charge of release security. I won’t be mad or hold it against you. I just want you to do your job well.

Last week (engineering-wide meeting):
> CISO: From now on we should only use external IDs in urls to prevent a malicious actor from scraping data or automating attacks.
> LD: That’s great, and we should only use normal IDs in logging so they differ. Sounds more secure, right?
> CISO: Absolutely. That way they’re orthogonal.
> VP: Good idea, I think we should do this going forward.

Last weekend (in the security channel):
> LD: We should ONLY use external IDs in urls, and ONLY normal IDs in logging — in other words, orthogonal.
> VP: I agree. It’s better in every way.

Today (in the same security channel):
> Me: I found an instance of using a plain ID in a url that cancels a payment. A malicious user with or who gained access to <user_role> could very easily abuse this to cause substantial damage. Please change this instance and others to using external IDs.
> LD: Whoa, that goes way beyond <user_role>
> VP: You can’t make that decision, that’s engineering-wide!

Not only is this sane security practice, you literally. just. agreed. with this on three separate occasions in the past week, and your own head of security also posed this before I brought it up! And need I remind you that it is still standard security practice!?

But nooo, I’m overstepping my boundaries by doing my job.

Fucking hell I hate dealing with these people.