AboutMagical processor fairy; part-time misanthropic bane of idiots. 🧚♀️🏹
SkillsRuby ❤, js/es6, css, react, sql. VB and PHP can die in a fire.
LocationSlaving away for retards
Joined devRant on 2/25/2017
Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
I’m getting really tired of all these junior-turn-senior devs who can’t write simple code asking ChatGPT to solve everything for them.
I’m having to untangle everything from bizarre organization/flow to obvious gotchas / missed edge cases to ridiculously long math chains (that could be 1/10th the length), or — and I feel so dirty for this — resorting to asking ChatGPT wtf it was thinking when it obviously wrote some of these monstrosities. Which it gets wrong much of the time.
“ALL HAIL CHATGPT!” Proclaims the head of Engineering. “IT’S OUR PRODUCTIVITY SAVIOR! LEVERAGING AI WILL LET US OUTPERFORM THE ENTIRE INDUSTRY!”
Jesus fucking christ.27
Here’s to a hopefully better 2024!
Let’s all tell our bitchface thundercunt micromanagers to fuck off, find better employ elsewhere, and finally make progress on that side project that was our world several months ago.
And if the world continues going absolutely mental, may all of you find a peaceful meadow away from everyone and build yourselves wonderful little cottages.4
Fuck Cypress. It’s a fucking goddamn pile of diseased garbage. Its design decisions actively fight against you, its methods don’t work, it’s unreliable as fuck, and it intentionally keeps stale state so your tests fuck with one another — and that even fucks up its own interface so nothing fucking works.
It’s like stepping into the shower and expecting clean water, but instead it’s just some obese guy with diarrhea shitting in your hair, and then getting all indignant that you’re upset about it.
If you consider using Cypress for something, find another project.18
DEI QA: “For step 2 should the checkbox be checked? Or uncheck ?”
… Step 2 of my testing steps reads: “Check it [the checkbox], save it, reload it. The box should still be checked. Repeat to uncheck it, just to be pedantic, then leave it off so we can test the existing behavior.”
DEI QA: “The payment_method_identifier will be in api callback logs if `Return payment method identifier in auth/confirmation callbacks` is checked?”
Me: it does what it says on the tin.
DEI QA: “BTW its a `tin`.”
DEI QA: “In Canada its `Taxpayer Identification Number`”
Boss: Hey! I know you just got everything working on that new project. But good news: I have a repo you can clone and we can work together. So just clone that and look at my changes, find something that’s broken, and work away. Oh, I also modified everything to use HTTPS locally. HTTP won’t work anymore. Alright, I’m off on vacation! Ciao!
… and that’s the story of how I spent a day and a half fighting with NPM, Brew, setting up a new CA and self-signed cert, and getting passenger to work with it. The good news is that I can connect locally via 443. The bad news is all assets use http and are thus blocked for being mixed-content. And idk how to fix it. Joy!
Not mentioned: npx removing a required package every time I run it, version mismatches, and the usual NPM problems.11
Thoughts on Session as a secure messenger? It looks fine at a glance, especially not using PII like a phone number, but I haven’t delved into it — and honestly don’t have the mental energy to.
What’s everyone’s thoughts on it?7
Risk engine for payment processing, with support for custom rules and third party integrations like IDology. Deadline was one week.2
Ticket: This API param doesn’t work.
Ticket Size: 1 story point / extra small baby fries
Found the issue almost immediately: some fucked up date math. Or at least backwards as hell. I don’t know. I don’t care.
There’s no spec for it, and writing it is a bitch. None of the API test helpers are designed for end-to-end tests. Why? I don’t care. They’re stupid. They all just break. And the API does weird shit like fucking redirects to an HTML page. Which is… i don’t know. They mix up API and embedded sessions a bunch, so who knows if this is right or broken as fuck.
I can’t deal with this shit anymore.
It’s just mountains of fucking garbage. Every time I dig into anything, anywhere in this codebase, or, let’s be honest: the entire goddamn company, it’s just more fucking garbage. The code is garbage. The specs are garbage. The people are garbage. The woke crap they love so much is garbage. The industry is garbage. The macs we’re required to use are garbage. The strongly-encouraged editor is garbage. The new hires are garbage. The legendary devs are garbage. The VPN is garbage — still haven’t gotten it to fucking work outside of fucking Safari, which is also garbage. The meetings are garbage. The “culture” is garbage. The “raises” are garbage. The thirty-step dance ceremony for each ticket is garbage. The literal fucking garbage at the office is the best part of the entire goddamn landfill.
And yeah, over half of the code that’s been giving me problems on this ticket was written by the same dev: The legendary golden garbage boy himself.
I’m going back to looking for work again. I can’t do this anymore.10
Let me explain a tiny corner of some awful code I read earlier today, in layman’s terms.
It’s a method to see if the user is in a secure session — not to set up the session, just to see if it exists. The method ends with a question mark, so it’s basically a question. It should look up the info (without changing anything) and should always give a clear yes/no answer. Makes sense, right?
Let’s say the question is “am I in school right now?”
The code… well.
If there isn’t a student, the answer it gives is null, not yes or no. Null is a fancy word for no, pretty much, so that’s kinda fine, but it really should be a simple no.
It then checks to see if the school is open today. If it is open, it then checks to see if I made my lunch, if I took my backpack, and if I rode the bus — and makes these things happen if they didn’t. Forgot my backpack? Just ask “am I in school today?” And poof! There’s my backpack! … but only if the school is open.
It then, finally, checks to see if I’m actually in the school, and gives that answer.
It could just see if I’m in the school — I mean, I could be in school without a backpack, or walked there on the weekend, right? Ha! You and your silly logic have no place here.
So, by asking if the user is in a secure session, we change the answer: they weren’t before, but the act of asking makes it so. This isn’t profound or anything: I don’t work with Schrödinger. My coworkers are just idiots.
And no, the rest of the code isn’t any better…7
Moving away from technology and becoming self-sufficient. A cottage with a stream on the edge of a forest, a large garden, some chickens and other animals, and no smart devices, managers, tickets, KPAs, performance reviews, legendary devs shitting out an endless stream of bugs, etc.
Peace and quiet.
And freedom at last.
That’s the ultimate success: escape.13
My home feels like $work owns a corner of it, and I can’t walk near there without feeling this this intense psychological dread.
Lack of time boundaries is pretty awful, too.6
I have a project at work that involves learning a bunch of AWS stuff and rewriting a couple credential-generating scripts. I don't even know what the ask is, apart from some high-level "make this SSO" so ... idfk.
I am so incredibly bored of it (and burned out in general) that I can't even look at it.
I would rather see how many times it takes to beat my head against the wall to make a hole than think about this ticket again.
"Oh, I thought you would find that fun" No. No I do not. I can't even bring myself to look at it anymore. "Well, try to push through it and get it outta here!" Ughhhhh
I hope Russia nukes the bloody company.10
Highlights from my week:
Prod access: Needed it for my last four tickets; just got it approved this week. No longer need it (urgently, anyway). During setup, sysops didn’t sync accounts, and didn’t know how. Left me to figure out the urls on my own. MFA not working.
Work phone: Discovered its MFA is tied to another coworker’s prod credentials. Security just made it work for both instead of fixing it.
My merchant communication ticket: I discovered sysops typo’d my cronjob so my feature hasn’t run since its release, and therefore never alerted merchants. They didn’t want to fix it outside of a standard release. Some yelling convinced them to do it anyway.
AWS ticket: wow I seriously don’t give a crap. Most boring ticket I have ever worked on. Also, the AWS guy said the project might not even be possible, so. Weee, great use of my time.
“Tiny, easy-peasy ticket”: Sounds easy (change a link based on record type). Impossible to test locally, or even view; requires environments I can’t access or deploy to. Specs don’t cover the record type, nor support creating them. Found and patched it anyway.
Completed work: Four of my tickets (two high-priority) have been sitting in code review for over a month now.
Prod release: Release team #2 didn’t release and didn’t bother telling anyone; Release team #1 tried releasing tickets that relied upon it. Good times were had.
QA: Begs for service status page; VP of engineering scoffs at it and says its practically impossible to build. I volunteered. QA cheered; VP ignored me.
Retro: Oops! Scrum master didn’t show up.
Coworker demo: dogshit code that works 1 out of 15 times; didn’t consider UX or user preferences. Today is code-freeze too, so it’s getting released like this. (Feature is using an AI service to rearrange menu options by usage and time of day…)
Micromanager response: “The UX doesn’t matter; our consumers want AI-driven models, and we can say we have delivered on that. It works, and that’s what matters. Good job on delivering!”
So, how’s your week going?2
When managers look at my code, it’s shit, it’s over complicated, it’s overly difficult to read, it took too long, it’s too much for a simple ticket, i handled too many edge cases, we’ll never need most of it, why did I bother making it extensible when it’ll never need to change, how dare I use “unless”, why did I bother writing all these comments, why did I update the documentation that nobody reads because it’s outdated, etc. They say I should be more like the legendary devs and push janky code quickly, and complain that I don’t have any flops (problems in prod) like those are a good thing.
When my coworkers look at my code, they say it’s clean, amazingly easy to read, a monster feature that’s somehow still a joy to review and work on, it makes their lives easier, that it does exactly what it should in all cases, that they learned something from reading it, and thank me for the comments and documentation. And marvel that I finished it so well in so little time.
Am I bragging? Not intentionally; I’ve heard these things repeatedly since I started here, and the contrast between the above is so stark.
In reality, the managers are just idiots who were promoted far above their competence, and make everything worse. (Gee, who woulda thought?) It’s just so frustrating.19
I closed my work laptop yesterday around noon and dumped water on it. I was just so fed up.
Some spilled off onto my desk, though, so i gently moved (read: threw) the offending piece of plastic frustration onto the floor and carefully dried my desk.
On my way to the trash can, i stepped on the laptop. I stepped on it again on the way back, and later, on my way out the door.
I came in to get something half an hour later, and stepped on it again. It remained a stepping stone for the rest of the day, and accrued considerable foot traffic.
I spent the day drinking peach whiskey and playing with my children instead of working on reports. It was a good day.
Don't worry: my laptop still worked this morning, though I declined to.25
Hey Root, we have a high priority ticket for you! It's adding some columns to a report. Should be simple. Details are in the ticket.
First: reports are some of the most boring, drool-inducing drudgery i have ever worked on.
Second: Specs for these reports are a nightmare since everything is ... very indirectly tested, and the specs are everywhere but where you'd expect them to be, so it's a lot of spelunking and trial/error. It's also slow as beans.
Anyway. The ticket's details are in ... not the worst engrish i've ever seen, but it's bad enough that i have no idea what they're asking despite (thus far) five attempts at deciphering it. There's also a numbered list of "fields" to add, so you'd think it would be straightforward. It is not. Half the list is crossed out, and half of the remaining items are feature requests (in yet more engrish), not columns to add. Also, one of the actual fields is impossible as the data it's asking for is not recorded anywhere.
I cringe every time I see this person's name as the reporter because it's always the same. and honestly, there are more of these engrish people every month, and believe me: it isn't just a language barrier...3
Fuck long covid / ME/CFS.
This is day two of being bedridden.
I want to have energy again. And be able to move and do even simple things without collapsing for hours or days at a time.
Boss: <Commits odd and breaking changes to my specs>
Boss: How did these specs of yours ever pass!?
Boss: That's not how this gem works!
Boss: <Doesn't mention that the gem was updated well after I finished the ticket>
Boss: Go fix your specs!
I'm fixing a security exploit, and it's a goddamn mountain of fuckups.
First, some idiot (read: the legendary dev himself) decided to use a gem to do some basic fucking searching instead of writing a simple fucking query.
Second, security ... didn't just drop the ball, they shit on it and flushed it down the toilet. The gem in question allows users to search by FUCKING EVERYTHING on EVERY FUCKING TABLE IN THE DB using really nice tools, actually, that let you do fancy things like traverse all the internal associations to find the users table, then list all users whose password reset hashes begin with "a" then "ab" then "abc" ... Want to steal an account? Hell, want to automate stealing all accounts? Only takes a few hundred requests apiece! Oooh, there's CC data, too, and its encryption keys!
Third, the gem does actually allow whitelisting associations, methods, etc. but ... well, the documentation actually recommends against it for whatever fucking reason, and that whitelisting is about as fine-grained as a club. You wanna restrict it to accessing the "name" column, but it needs to access both the "site" and "user" tables? Cool, users can now access site.name AND user.name... which is PII and totally leads to hefty fines. Thanks!
Fourth. If the gem can't access something thanks to the whitelist, it doesn't catch the exception and give you a useful error message or anything, no way. It just throws NoMethodErrors because fuck you. Good luck figuring out what they mean, especially if you have no idea you're even using the fucking thing.
Fifth. Thanks to the follower mentality prevalent in this hellhole, this shit is now used in a lot of places (and all indirectly!) so there's no searching for uses. Once I banhammer everything... well, loads of shit is going to break, and I won't have a fucking clue where because very few of these brainless sheep write decent test coverage (or even fucking write view tests), so I'll be doing tons of manual fucking testing. Oh, and I only have a week to finish everything, because fucking of course.
So, in summary. The stupid and lazy (and legendary!) dev fucked up. The stupid gem's author fucked up, and kept fucking up. The stupid devs followed the first fuckup's lead and repeated his fuck up, and fucked up on their own some more. It's fuckups all the fucking way down.20
The park, under a tree. Preferably beside a lake or stream.
There can be people present, so long as they’re not too loud and don’t ask what I’m doing, hit on me, or try to chitchat.10
No matter what I try, I cannot get sharp text on my work macbook. When I use my external display for my editor, all of the text is slightly blurry and a pain to read, especially the tiny text in the status bar, which is just a fuzzy mess.
Like, I know why mac fonts are "fuzzy" -- it uses subpixel rendering to attempt to stay true to the font's curves, whereas e.g. windows tries to snap those curves to the pixel grid. So, on macs, fonts look amazing when they're normal to large, but small font sizes are just yuck. Windows is the opposite: small fonts look crisp and clear, and normal-sized fonts look.. okay.
but why can't OSX just switch between subpixel and snapping based on font size? i'm tired of reading blurs! it makes my eyes blur!12
CR: "Add x here (to y) so it fits our code standards"
> No other Y has an X. None.
CR: "Don't ever use .html_safe"
> ... Can't render html without it. Also, it's already been sanitized, literally by sanitize(), written by the security team.
CR: "Haven't seen the code yet; does X change when resetting the password?"
> The feature doesn't have or reference passwords. It doesn't touch anything even tangentially related to passwords.
> Also: GO READ THE CODE! THAT'S YOUR BLOODY JOB!
CR: "Add an 'expired?' method that returns '!active'?"
> Inactive doesn't mean expired. Yellow doesn't mean sour. There's already an 'is_expired?' method.
CR: "For logging, always use json so we can parse it. Doesn't matter if we can't read it; tools can."
CR: "For logging, never link log entries to user-readable code references; it's a security concern."
CR: "Make sure logging is human-readable and text-searchable and points back to the code."
> Confused asian guy, his hands raised.
CR: "Move this data formatting from the view into the model."
> No. Views are for formatting.
CR: "Use .html() here since you're working with html"
> .html() does not support html. It converts arrays into html.
NONE OF THIS IS USEFUL! WHY ARE YOU WASTING MY TIME IF YOU HAVEN'T EVEN READ MY CODE!?
Most tedious part of my day...
While meetings are boring and awful and all, it's probably spinup times for me. Each and every change requires a minimum of 35 seconds of spinup to test. If i'm testing something with mailers or other daemons, that increases to easily 90+ seconds (plus the worker thread pickup times).
It's not enough time to do anything useful, and more than enough time to lose my focus. It turns every task into boring, tedious struggle. It's awful.
Apart from my coworkers, this is the single worst part about my job. (Okay, the awful code quality totally pushes this to third place.)4
So at work, there is this class/model thing that's for storing translated strings. It also supports n-level nested macros, cascading lookup (e->d->c->b->a->blank), and I've added transforms too. The code is a bloody mess and very inefficient (legendary dev's code), but it's useful.
You call methods with a symbol representing one of the strings, and it does... whatever you ask, like return text, booleans, expand macros and submacros, pass in data to interpolate, etc.
But I just learned something today.
Its `.html` method... doesn't support html. In fact, calling it strips out all html, takes whatever is left, and attempts to convert that back into html. Because that makes so much sense. So, if you have an html string? Don't call html on it.
Also, macros use the same <angle brackets> as html tags, and macro expansion eats unknown macros, so... you can't mix html and macros, meaning you cannot inject values into your markup. That's a freaking joy to work around. (You end up writing a parser every time.)
So no, if you have an html string, you need to get the raw data out and handle it yourself. Don't reach for that shiny .html method; it'll just ruin your day.
It's the little things that make my day so terribly long.8
$work: Ey @Root, make this super simple thing.
$work: No, not like that.
$work: It also needs to do A, B, and C.
$work: No, not there. You should build it somewhere else, but I won't tell you where.
$work: You need to build out F and G, too.
$work: What do you mean you don't have the data? Just ask support drone #3. (who directs me to #2, and that one to #8 who doesn't know, and that one to #12 who won't answer)
$work: Why can't I do K, Y, or S? You should be able to infer these from the mind of whoever wrote the ticket by its wording, despite no mention of them whatsoever.
$work: Are you done yet? It's a super simple ask!7
@Root has a code review.
CR comment: “Why would you do it this way? It’s awful. Clean it up!”
Totally fair. I had copied the legendary dev’s code, and it was ick. Cleaning it was easy and enjoyable. I cleaned the source, too.
CR comment: “Why would you touch this? It’s outside the scope of the ticket. You could get it working without changing all this.”
CR comment: “The interfaces don’t match. Now it’s confusing, and that makes it harder to maintain.”
(Forgot to post this a few days ago. Was just too tired.)
Finally finished the code review from hell.
The patch on top of the PR is +1448 -1114, and nearly all of it is rearchitecting, not moving.
I think I spent six days on it, 4-5 productive hours a day? Seems like a lot. This codebase is a bitch to work in.