Adventures in security land.

The “legendary” lead dev authored a ticket that logs raw credentials for a third-party tool we’re using, and logs partially-obscured consumer passwords. His reasoning: “for debugging. And customer service!” And then argued with me over why that’s bad! Seriously?

Then in the release channel, he and the release manager are talking like I’m pestering them with my findings. Things like “I have some Root-induced changes coming” and “Fixed those, but she’ll probably have more...” etc.

Like come on.
I’m even being nice here, but you seriously need to stop screwing this up.

They also didn’t bother merging the fixes into the release branch, so I needed to re-review the entire (large) ticket on its own branch. Doubles the effort since I can’t easily see what changed.

The lead dev also only updated a few of the specs (despite me sending him a list), so there’s a bunch of failing ones now. Makes me unsure if he actually fixed everything.

Maybe I’m just being touchy, but ugh. Freaking annoying people.

At least he owned up to being the author this time instead of saying someone else (who wasn’t in the history...) wrote it. -.-

!!depression

I used to measure my performance in features per day (or week, depending on their scope), or tasks/day or loc/day for huge projects. My usual was two to three small features a day, and some progress on a larger one.

Now I’m so burned out and depressed that i measure my progress in the amount of days per week that aren’t “zeros” — as in days where i get literally nothing done. Now any day where i get _anything_ done, no matter how little, is a “good day.” I partially refactored about fifty lines of json builder spaghetti on Tuesday. That was a great day.

This week I’ve had two zeros, and it’s Thursday morning. I think it’s going to be a three zero week.

Worse: performance reviews were due weeks ago. I still haven’t written mine, and have no idea what i would even write. How can i make myself sound good when i can barely even force myself to eat or take a shower?

I need a vacation.
I’m horribly depressed and burned out, every day for months has been a little harder than the last, and really doing anything at all is a monumental challenge, work or otherwise. Let alone working on the fucking screwdriver.

I told my boss last night and requested time off.

His response?
> Oh no, but the new screwdriver! We were all really really hoping to get it out by the end of the month!

I’m a crumpled wreck and all you care about is the fucking screwdriver that PRACTICALLY NOBODY WILL FUCKING USE? Seriously dude, go to hell.

“How’s work?”

It’s killing me.

I just got a text from T-Mobile telling me about their updated privacy policy and that I can “opt out.” So, naturally I do exactly this.

After a little bit, I land on their “Do not sell my data” page and discover that, not only does it have 175+ trackers,
it doesn’t even fucking work. Also, on the desktop version of the site, the very control allowing the user to opt out of having their data shared/sold doesn’t even render.

These are all absolutely inexcusable.

Example #1 of ??? Explaining why I dislike my coworkers.

[Legend]
VP: VP of Engineering; my boss’s boss. Founded the company, picked the CEO, etc.
LD: Lead dev; literally wrote the first line of code at the company, and has been here ever since.
CISO: Chief Information Security Officer — my boss when I’m doing security work.

Three weeks ago (private zoom call):
> VP to me: I want you to know that anything you say, while wearing your security hat, goes. You can even override me. If you need to hold a release for whatever reason, you have that power. If I happen to disagree with a security issue you bring up, that’s okay. You are in charge of release security. I won’t be mad or hold it against you. I just want you to do your job well.

Last week (engineering-wide meeting):
> CISO: From now on we should only use external IDs in urls to prevent a malicious actor from scraping data or automating attacks.
> LD: That’s great, and we should only use normal IDs in logging so they differ. Sounds more secure, right?
> CISO: Absolutely. That way they’re orthogonal.
> VP: Good idea, I think we should do this going forward.

Last weekend (in the security channel):
> LD: We should ONLY use external IDs in urls, and ONLY normal IDs in logging — in other words, orthogonal.
> VP: I agree. It’s better in every way.

Today (in the same security channel):
> Me: I found an instance of using a plain ID in a url that cancels a payment. A malicious user with or who gained access to <user_role> could very easily abuse this to cause substantial damage. Please change this instance and others to using external IDs.
> LD: Whoa, that goes way beyond <user_role>
> VP: You can’t make that decision, that’s engineering-wide!

Not only is this sane security practice, you literally. just. agreed. with this on three separate occasions in the past week, and your own head of security also posed this before I brought it up! And need I remind you that it is still standard security practice!?

But nooo, I’m overstepping my boundaries by doing my job.

Fucking hell I hate dealing with these people.

I’m going to fucking kill my boss.

He’s known about how I’ve been writing this fucking ticket (screwdriver followup) for four fucking weeks, and on the last fucking day (yesterday) he tells me it’s not the correct fucking architecture and to rewrite basically all of it using <unknown bullshit> instead, and that i must have it done by today — by this fucking morning — so it can make the release.

WHY THE FUCK DIDN’T YOU TELL ME ABOUT THIS AT ANY POINT IN THE LAST FUCKING MONTH WHILE YOU WERE BUSY NITPICKING MY FUCKING CODE YOU FUCKING CUNT?!

Hey, you know that screwdriver followup ticket you’ve been working on for several weeks? Yeah, I want it to use <feature> that I’ve never told you about and I know you’ve never used, and it looks like that means rewriting most of it! Also, I still want it done by tonight.

ASDFJ;katharevousa;hsh;klasdf

Soo not happening.

Finally finished the screwdriver followup ticket. I think.

I spent almost two full days (14 hours) on a seemingly simple bug on Friday, and then another four hours yesterday. Worse yet: I can’t test this locally due to how Apple notifications work, so I can only debug this on one particular server that lives outside of our VPN — which is ofc in high demand. And the servers are unreliable, often have incorrect configuration, missing data, random 504s, and ssh likes to disconnect. Especially while running setup scripts, hence the above. So it’s difficult to know if things are failing because there’s a bug or the server is just a piece of shit, or just doesn’t like you that day.

But the worst fucking part of all? The bug appeared different on Monday than it did on Friday. Like, significantly different.

On Friday, a particular event killed all notifications for all subsequent events thereafter, even unrelated ones, and nothing would cause them to work again. This had me diving through the bowels of several systems, scouring the application logs, replicating the issue across multiple devices, etc. I verified the exact same behavior several times over, and it made absolutely no sense. I wrote specs to verify the screwdriver code worked as expected, and it always did. But an integration test that used consumer-facing controller actions exhibited the behavior, so it wasn’t in my code.

On Monday while someone else was watching: That particular event killed all notifications but ONLY FOR RELATED EVENTS, AND THEY RESUMED AFTER ANOTHER EVENT. All other events and their notifications worked perfectly.

AKL;SJF;LSF

I think I fixed it — waiting on verification — and if it is indeed fixed, it was because two fucking push event records were treated as unique and silently failing to save, run callbacks, etc.

BUT THIS DOESN’T MATCH WHAT I VERIFIED MULTIPLE TIMES! ASDFJ;AKLSDF

I’m so fucking done with this bs.

When I was in 7th grade, my neighbor (a DoD programmer) challenged me to write a sorting algorithm for a hypothetical super limited environment (he said a satellite). It didn’t have any built-in sorting methods, had very limited memory, slow processor, etc. so I needed to be clever about it.

It took me a few nights before i found a solution he liked. The method I came up with counted the number of occurrences of each number in the array and put them in the appropriate spots in a new array. This way it only required O(2n) running time and 2n memory.

I just learned today that this is called the “counting sort” 😄

I’m proud of little 11 year old me.

So this chick has been super nice to me for the past few months, and has been trying to push me towards a role in security. She said nothing but wonderful things about it. It’s easy, it’s not much work, it’s relaxing, etc.

I eventually decided I’m burned out enough that something, anything different would be good, and went for it. I’m now officially doing both dev and security. The day I started, she announced that she was leaving the security team and wouldn’t join any other calls. Just flat-out left.

She trained me on doing a security review of this release, which basically amounted to a zoom call where I did all of the work and she directed me on what to do next, ignored everything I said, and treated me like an idiot. It’s apparently an easy release. The work itself? Not difficult, but it’s very involved, very time consuming, and requires a lot of paper trail — copying the same crap to three different places, tagging lots of people, copying their responses and pasting them elsewhere, filing tickets, linking tickets, copying info back and forth to slack, signing off on things, tagging tickets in a specific way, writing up security notes in a very specific format etc. etc. etc. It’s apparently usually very hectic with lots of last-minute changes, devs who simply ignore security requests, etc.

I asked her at the end for a quick writeup because I’m not going to remember everything and we didn’t cover everything that might happen.

Her response: Just remember what you did here, and do it again!

I asked again for her to write up some notes. She said “I would recommend.. you watch the new release’s channel starting Thursday, and then review what we did here, and just do all that again. Oh, and if you have any questions, talk to <security boss> so you get in the habit of asking him instead of me. Okay, bye!”

Fucking what.
No handoff doc?
Not willing to answer questions after a day and a half of training?

A recap
• She was friendly.
• She pushed me towards security.
• She said the security role was easy and laid-back.
• I eventually accepted.
• She quit the same day.
• The “easy release” took a day and a half of work with her watching, and it has a two-day deadline.
• She treated (and still treats) me like a burden and ignores everything I said or asked.
• The work is anything but laid-back.
• She refuses to spend any extra time on this or write up any notes.
• She refuses to answer any further questions because (quote) “I should get in the habit of asking <security boss> instead of her”

So she smiled, lied, and stabbed me in the back. Now she’s treating me like an annoyance she just wants to go away.

I get that she’s burned out from this, but still, what a fucking bitch. I almost can’t believe she’s acting this way, but I’ve grown to expect it from everyone.

But hey, at least I’m doing something different now, which is what I wanted. The speed at which she showed her true colors, though, holy shit.

“I’m more of a personal motivator than anything,” she says, “and I’m first and foremost a supporter of women developers!” Exactly wrong, every single word of it.

God I hate people like this.

Ugh, it’s been a long week.

THREE FREAKING DAYS ON THIS SAME FREAKING SPEC AND I FINALLY GOT IT TO PASS!

That’s the most beautiful bit of green I’ve seen in months.

Eh ehe hehe he eh ehehe

On top of burnout, codebase issues, spec issues, burnout, the product butt that keeps on crapping, burnout, burnout, loathing for my employer... My local Apple SSL cert expired. I can’t finish this and push it anywhere for testing. I can’t even run my own specs anymore. And I don’t have permissions to make a new one. I can’t do anything at all.

Ehe he hehe

Deadline is in two days, and I’m just sitting here laughing quietly to myself. I might finally be going crazy

I found a loose bit of tangle, started to pull, and the world decided it was time to fall apart. Reality said it’s time to go. And I wasn’t even a good screwdriver dev. Byeee ~

Ruby’s fanciness bit me in the butt today. It’s pretty rare, but often confusing AF when it happens.

array = [1, 2, 3, 4, 5, 6, 7]
array.count +1 +2
# => 1
What the fuck?

array.count +1 +2 +3
# => 1
What the fuck?

+1 +2 +3
# => 6
Okay.

(array.count +1 +2 +3)
# => 1
What the fuck?

(7 +1 +2 +3)
# => 13
Okay...

array.count + 1 + 2 + 3
# => 13
Alright, so spaces matter here...?

((array.count) +1 +2 +3)
# => 13
But not here!? ... Oh. I think I know what’s going on.

Array#count
Returns the number of elements. If an argument is given, counts the number of elements which equal it using ==

Well fuck me.

Ruby is seeing `array.count(+1+2+3)` instead of `array.count()+1+2+3` since `+1` is a value, not an operator followed by a value as is the case with `+ 1`.

Now, why was I using +1 +2 instead of adding some spaces like I normally would? So they would match what was in the comment next to them for easier reference. Heh.

Future dev, I did this for you! So this is all your fault. :|

Becoming independently wealthy and telling my employer I no longer require their services.

My .pryrc and a Ruby script it loaded (in another directory) both disappeared seemingly without cause. I lost days of work including a bunch of debugging and performance utilities I wrote over the past year.

But I have no clue how this happened. Neither the .pryrc file nor the script’s folder are tracked by git, so it wouldn’t have been deleted, overwritten, stashed and dropped, etc. None of the other dot files are missing, and the folder is still present, albeit with one fewer files. I wouldn’t delete them, and commands that would delete them do not appear in my zsh history. So I’m at a loss. Figuratively and literally.

They’re just. Gone.

Is there any way to recover missing files on OSX?

I never thought I’d need a backup solution for local scripts.

Whiskey sours are amazing.
I am in love.

Had a great day yesterday. Productive, happy, felt great, and was focused despite a lot of cute distractions. Finished a third of my feature.

Today, I wanted to start work early because I had planned out what I wanted to work on next and how to approach it. I felt motivated. I’d jump out of bed, get ready, and start early. No breakfast but maybe some coffee.

Woke up to two hours of constant distractions, irritations, and time wasting instead. Anger. Everything sought to prevent me from starting.

When I finally got to work, the first thing I saw: political warmongering bullshit.

Guess I’m not getting much done today.

• Good night’s sleep (8-9 hours)
• Clearly defined requirements.
• A fun challenge to solve.
• An idea of how to begin.
• Music! Something fast paced and/or harsh. I find soft tunes, good lyrics, etc. are usually very distracting.
• Deadlines help, too, even if they make me stressed out and work too much.
• No political BS / hateful and intolerant political comments from my coworkers within the past day or two, as being called a horrible, racist nazi by association absolutely kills my desire to do any work for them. Going two days without something like this happening is exceedingly rare.
• Being left alone, *especially* in the morning before work! The more distractions, the harder it is focus, even if i have peace and quiet later on.

Cool, I found a bug in Ruby!
And it’s preventing my debugging from working!
Asjfkladfsj

It’s 2:30am and I want to finish this crap.

No, I’m not doing any work tomorrow. I’m taking the day off to sleep.

I want a KVM switch for sata cables. That way I could switch between ssd’s without having the other visible.

Win10 could no longer randomly rewrite the boot loader(s) or wipe my Linux drive.

I’m not a fan of win10, and don’t currently have it installed, but might cave for a few rare games that I can’t get working via proton.

I miss @FrodoSwaggins.

Screwdriver followup ticket, day three. No progress made, no fucks given.

I am tired.

Fifteen minutes of coding
Fifteen minutes of specs

Five minutes of debugging
Two minutes of specs (just failures)

Thirty seconds of tweaking
Two minutes of specs

Ten seconds of tweaking
Two minutes of specs

Realize I made a typo due to RubyMine input lag
Two minutes of specs

Ten seconds of fixing and tweaking
Two minutes of specs

And so it goes.
All. day. long.

Sometimes it repeats.
That’s sort of nice.

Is it any wonder I can’t focus?

!dev
!!politics (kinda)

Here’s a gem from our recent harassment and diversity training at work:

Speaker: “All of these things are protected from discrimination in California! Wow! It’s a huge list, isn’t it? Now let me ask you a question: is a single white male under 40 protected?”

Everyone: *crickets*

Fucking really?
After immediately jumping on all of the other speaker’s questions, you can’t answer this one?

And later, here’s another gem:

Speaker: “If you witness an employee harassing another employee outside of work and work hours, completely unrelated to work, should you report it? What if you ask the person being harassed and she says no?”

Speaker: “Always report it! While it’s not *technically* required by law, you must report it! Why? Because you have the same protections she would! And maybe it’s easier for you to say something than for her.” (Surprise gendering was her own addition)

Fair on that last point, but against the person’s wishes? Totally not cool. Maybe it wasn’t harassment, or you don’t know the situation. Heads up: you probably don’t. Or maybe it wasn’t a big deal at all, but you think it’s earth-shattering. But all that reporting it against someone’s wishes does is create drama and possibly legal trouble. And if it wasn’t harassment or the case goes poorly, you just created enemies for yourself, or for one or both of them if you’re reporting it anonymously, and possibly even ruined one or both of their jobs/careers by doing so. Good fucking job, asshole.

Snitches get stitches.

GUESS WHAT? HE WANTS ANOTHER FUCKING FEATURE!

AND WHEN I SAID I DIDN’T HAVE TIME BECAUSE CODE-COMPLETE IS TOMORROW, HE SAID HE’LL PUNT IT TO NEXT YEAR INSTEAD OF RELEASING IT THIS WEEK SO I CAN “BUILD IT RIGHT.” MAN, FUCK YOU AND YOUR ENDLESS CHANGES!

THIS WAS GOING TO BE A TWO WEEK TICKET UNTIL HE STARTED ADDING ENDLESS FEATURES AND CHANGES AND SURPRISES. IT’S BEEN FUCKING MONTHS! I AM SICK OF THIS SHIT!

ANSDFKAWHOALIKWEGJFADIO;UGJT;

There goes my Q4 performance review.
> “Accomplishments? Oh, there’s lots of room here. Accomplished: Basically nothing. How embarrassing.”

Hate hate hate hate hate hate hate

FUCK YOU AND YOUR FUCKING CUSTOMIZABLE, HALF-MODULAR, MULTILINGUAL, DYNAMICALLY-AUTOUPDATING PAINTBRUSH / CARPENTER / SANDWICH CUTTER / ALARM CLOCK DECEPTICON WITH OPTIONAL SCREWDRIVER ATTACHMENT!

IT WAS SUPPOSED TO BE A SIMPLE FUCKING SCREWDRIVER!

FUCK YOU AND YOUR ENTIRE FUCKING EXISTENCE YOU USELESS FUCK!

!!politics

My employer held a company wide zoom meeting today. It was officially optional, but like 90% of the company attended.

It started out interesting as they had invited a speaker, but it quickly degraded into a gigantic political circlejerk. It was an hour and a half of bashing everyone who doesn’t hold exactly their views, calling them evil, calling them nazis, radicals, militants, racists, etc. — and I don’t share their views, like, at all, so. That really lets me know how they feel!

As far as I can tell, everyone else at the company has the same ideology. Not only does this make me incredibly uncomfortable and require me to act and pretend at all times, it’s honestly kind of infuriating, too. The amount of insults they throw around and blatant lack of tolerance displayed by these “tolerant” people is just incredible.

To them, anyone that doesn’t hold exactly their beliefs is evil, and often a slew of other things, too. And it doesn’t seem to matter how far removed those views are; apparently libertarians are evil as well? Apparently “leave everyone alone” is evil and gets you branded as a militant far-righty? Like, how does that even work? They ascribe to “everyone who doesn’t agree with me is literally Hitler,” I guess.

Fucking hell I can’t stand these people and their politics. And when they all get going on it together? Just. Fucking toxic.

I’ve been so disgusted today after sitting in on that meeting I’ve gotten practically nothing done. And I was so hoping to finally finish this stupid ticket.

Oh, and Mr. PM wants that screwdriver to do even more things now — by next week, of course. Fucking hell.

Why did I switch jobs, again?
Right, to get away from the politics.
Fucking hell.

So, I set up my computer after moving and settling in.

Turns out all the jostling killed the pump on my water cooler 🙁 It now sounds like an unmaintained soviet train at full speed, and starts burning up. Poor thing.

Guess it’s time to build a new one. Though parts aren’t exactly available right now...

Bleh.