Our website once had it’s config file (“old” .cgi app) open and available if you knew the file name. It was ‘obfuscated’ with the file name “Name of the cgi executable”.txt. So browsing, browsing.cgi, config file was browsing.txt.
After discovering the sql server admin password in plain text and reporting it to the VP, he called a meeting.
VP: “I have a report that you are storing the server admin password in plain text.”
WebMgr: “No, that is not correct.”
Me: “Um, yes it is, or we wouldn’t be here.”
WebMgr: “It’s not a network server administrator, it’s SQL Server’s SA account. Completely secure since that login has no access to the network.”
<VP looks over at me>
VP: “Oh..I was not told *that* detail.”
Me: “Um, that doesn’t matter, we shouldn’t have any login password in plain text, anywhere. Besides, the SA account has full access to the entire database. Someone could drop tables, get customer data, even access credit card data.”
WebMgr: “You are blowing all this out of proportion. There is no way anyone could do that.”
Me: “Uh, two weeks ago I discovered the catalog page was sending raw SQL from javascript. All anyone had to do was inject a semicolon and add whatever they wanted.”
WebMgr: “Who would do that? They would have to know a lot about our systems in order to do any real damage.”
VP: “Yes, it would have to be someone in our department looking to do some damage.”
<both the VP and WebMgr look at me>
Me: “Open your browser and search on SQL Injection.”
<VP searches on SQL Injection..few seconds pass>
VP: “Oh my, this is disturbing. I did not know SQL injection was such a problem. I want all SQL removed from javascript and passwords removed from the text files.”
WebMgr: “Our team is already removing the SQL, but our apps need to read the SQL server login and password from a config file. I don’t know why this is such a big deal. The file is read-only and protected by IIS. You can’t even read it from a browser.”
VP: “Well, if it’s secured, I suppose it is OK.”
Me: “Open your browser and navigate to … browse.txt”
VP: “Oh my, there it is.”
WebMgr: “You can only see it because your laptop had administrative privileges. Anyone outside our network cannot access the file.”
VP: “OK, that makes sense. As long as IIS is securing the file …”
Me: “No..no..no.. I can’t believe this. The screen shot I sent yesterday was from my home laptop showing the file is publicly available.”
WebMgr: “But you are probably an admin on the laptop.”
<couple of awkward seconds of silence…then the light comes on>
VP: “OK, I’m stopping this meeting. I want all admin users and passwords removed from the site by the end of the day.”

Took a little longer than a day, but after reviewing what the web team changed:
- They did remove the SQL Server SA account, but replaced it with another account with full admin privileges.
- Replaced the “App Name”.txt with centrally located config file at C:\Inetpub\wwwroot\config.txt (hard-coded in the app)
When I brought this up again with my manager..
Mgr: “Yea, I know, it sucks. WebMgr showed the VP the config file was not accessible by the web site and it wasn’t using the SA password. He was satisfied by that. Web site is looking to beat projections again by 15%, so WebMgr told the other VPs that another disruption from a developer could jeopardize the quarterly numbers. I’d keep my head down for a while.”

Hello there, just couple of words about PHP. I've been develop on PHP more than 10 years, I've seen it all 3,4,5,{6},7. Yes PHP was not good in terms of engineering and patterns, but it was simple, it was the most simple language for web to start those days. It was simple as you put code into file, upload it via FTP and it works. No java servlets, no unix consoles, no nothing, just shared hosting account was enough to host site, or even application with database. As database everybody used to have mysql, again because its simple to start and easy to maintain. So PHP+MySQL became industry standard on Web during 00-2012, and continues in some way.
You can write HTML and logic inside single file, within php code, even more single file may content few pages, or even kind of framework. That simplicity and agility sticks everybody who wants to develop sites with PHP.
This is pretty much about why it is so popular.

Each good or wannabe PHP developer in an early days write its own framework or library (like in javascript this days because of nodejs)

Imagine that PHP has hadn't have package manager, developers used to have host packages on their own sites, then various packages catalog sites created, and then finally composer. A gazillions of php code had spread over internet, without any kind of dependency control. To include libraries to your projects you have to just write include, or require. Some developers do it better than others.

So what we have ? A lots of code, no repositories, zip archives with libraries, no dependency control.
Project that uses that kind of code are still alive even today, they are solid hose of cards, and unmaintainable of course.

And main question that I'm trying to answer is Why PHP is not good ?
- First is amount of legacy code which people copy and pasted into their project, spread it even more like a virus.
- Lack of industry standards at the beginning lead to a lots of bad practices among developers. PHP code usually smells.
open source php projects in early days was developed in same conditions so even in phpbb, phpnuke, wordpress, drupal used to have a lot of bad practices in their codebase. So php developers usually not study by another library, instead they write their own frameworks/libraries.
- "It works", - there are no strong business demands, on web development, again because lack of standards, and concerns.
This three things are basically same, they linked to each other and summarize of answer of why PHP have strong smells and everybody yelling against it.

Whats is with PHP nowadays ? Of course PHP today is more influenced by good practice of webdev. Composer, Zend, Laravel, Yii, Symphony and language it self became more adult so to say, but developers...

People who never tried anything except PHP are usually weaker in programming and ecosystem knowledge than people who tried something else, python, perl, ruby, c for instance.

Summary

PHP as any other programming language is a tool. Each tool has its own task. Consider this and your task requirements and PHP can be just good enough solution.
"PHP is shit" - usually you heard that from people who never write strong applications on PHP and haven't used any good tools like Symphony or Laravel.
Cheap developers, - the bigger community, the more chance to hire cheap developers, and more chance to get bad code. That can be applied on any other language.
PHP has professionals developers, usually they have not only php on scope.

That's all folks, this is very brief, I am not covering php usage early days in details, but this is good enough to understand the point.

Enjoy.

The people who wrote the specs for SAP OCI should be hanged by rusty barbed wire while being tickled by krusty the clown.
Which one of these stinky hobbits thought it was a great idea to require a (catalog) server to handle a POST request by sending back an HTML form which has to execute a POST request immediately by JavaScript on load?
Why not fucking respond with the actual god damn fucking data?
Some "senior" (read "senile") software "engineer" has to get decapitated.

Quote from the specification (OCI Function: VALIDATE, section 2.3.2):
"The product catalog replies with an HTML page that contains a form with the productdata in OCI format. [...] The HTML page may not contain any visible elements ([...]). The form must be sent automatically by JavaScript after the page has been loaded."

The only thing that should get sent after loading would be these people's asses to hell after my minigun has finished loading.

SAP is the kind of company who earns a huge junk of money from utter, stinking, filthy crap and they like to piss in their customers' "müesli".

The trick to balancing social and dev life life is training a deep learning algorithm to the point it gains sentience and the ability to feel real human emotions and becomes your best bud until it ultimately decides it would rather catalog images of mustard bottles.

I don't know what to chose.

The fact that for three months, I had to design a 16-page catalog, when I have no experience and my job is web development;

The fact that I have to do SEO for the site, but that means for my boss that for a one-page long text, we have to find at least 60 (sixty! ) times the occurrences of the keywords;

The fact that when I finally have something interesting to do, the boss finds that it doesn't go fast enough and decide to drop the project even if making a whole new dynamic stock system with the db we have is something hard and long to do;

The fact that when I come to work five minutes late, my boss is at the verge on screaming on me, even if I come ten minutes early every other day;

The fact that when I'm coding, I need concentration, I don't need the boss to give me the phone to answer customers, stop everything I am doing and explain them what products we are selling;

The fact that I am paid the minimum wage for a trainee, and when there's no coffee anymore, we have to buy some ourselves because "you drink way too much coffee, you understand" (three a day, sorry for wanting to stay awake);

The fact that I have asked for one year how many days of vacation I still had, and the only answer they gave to me yet was: "Oh, we have to ask the accountant". I still don't know how many days I have left;

The fact that the site is made only by trainees since the beginning, so circa 2008, and the code is horrible but "it works, so don't touch it". The admin part is in CodeIgniter, the front in laravel 4.2, there are a lot of useless code but we can't touch it because the boss doesn't think it is worth the time.

I almost made a burn-out last year, my doc saw my state right before and made me stop for a week. I still have to work there 'till end of august, then I will have my diploma and find another company to work with. Now, I check everyday on my calendar.

I work as a freelancer and one time I had a client that needed some work done on a crypto website. I was so hyped up because the money was good so I jumped on it. Fast forward 2 weeks later I still couldn’t figure what the shit I was doing as the client kept asking for update.

Yes, I have experience with blockchain but my skill on Javascript just couldn’t help. I did google and also ask questions on S.O. but it wasn’t enough to get me on track.

At the end, I reached out to the client and apologized for not being able to meet up with their request and then recommended someone else.
So I’d say “I lost faith” on my skill as a Javascript dev at that moment for not being able to use some blockchain APIs effectively and also look forward to improving my catalog.

It's so nice when kindness is retributed...
When on a flash shopping for wood, to fix my chair. Found out that the shop was way cheaper than a big chain I went a few days ago... Like up to 2/3 and 3/4 cheaper... Well, spent 1-hour shopping in such a small shop.
Meanwhile, started talking, telling what I'm doing with the wood and the tools... and eventually asked if she had any leftovers because I would use them.
A little more shopping, a little more talk and she asked, what will you do with the leftovers??
I've started talking about my new hobby, then the why I started this hobby (burn out), and that I'm making machines and tools with the stuff I'm buying...
Left with a big box full of leftovers, even a catalog with fine wood, all the same size...
It's nice when people reward kindness with kindness.
Also, gained a new costumer, never shopping anywhere else again if they have it.

It's been a while since I've heard a consensus of a moronic idea from the corner offices. I was invited to a department planning meeting (just to listen, not necessarily engage or add value) and discussion went to the development of a mobile app.

Mgr1: "The CEO has the net present value of the mobile project as $20 million. Where did he get that number?"
VP: "No idea."
Mgr2: "How will it be any different than our web site that is already mobile compliant?"
VP: "It is to gain market share"
Mgr3: "Market share from who? A mobile app is not going to increase our customer base. At best, it will only move some of our existing customers to mobile. No way it would scale to those numbers."
VP: "The primary benefit is so customers can browse offline."
Mgr2: "Offline browsing isn't listed in the milestones."
Mgr1: "We're not going to push and keep gigs of data up-to-date on someone's phone just for random times they don't have internet access."
VP: "I guess that's right. We can push our pdf catalog. That's only a few hundred meg."
Mgr2: "Pushing the catalog? That's not on the listed milestones"
VP: "Its all assumed."
Mgr3: "Who owns this project? Web team is already maxed to capacity."
Mgr2: "Marketing team only has 3 developers, we can't take on anything as complex as a mobile app and support the existing processes."
Mgr1: "What about the network infrastructure and PCI compliance? We're talking about a system for the web site and another for mobile, right?"
Mgr2: "Who is going to manage all the versions in the app stores and future changes to the mobile platform?"
Mgr4: "Not us"
Mgr2: "Nope"
Mgr1: "OK, good. Its very likely this project will be dead on arrival at the next company strategic meeting."
VP: "Mobile the only project on the strategic meeting agenda. Sorry guys, it's happening. We're not going to leave $20 million sitting on the table.
<awkward silence>
VP: "Next item of business ..."

My department vp announced to our sales team that our company would have an online Web based catalog capable of custom style configuration, pricing calculation, quote generation. the catalog would manage all of our customers different discount rates automatically and notify the correct sales rep any time a customer completes a quote. This was announced on September 30(ish) with a launch date of December 1. I'm the only Web developer and I found out afer the announcement. :/

Realised I never post on devrant. Maybe I should. Todays tame rant

Never trust intune when it says a group policy has been successfully applied and had to use powershell instead. What is the point of you settings catalog if you lie to my face.

Gaslighting buggy Crap making me look bad.

Have you disabled autoplay yes on these devices.

Looks at fully synced device dafuq

!dev

So apparently markets that are getting HBO Max are about to lose their ability to stream the full Ghibli catalog anywhere else. And they'll only be offering a handful of the titles from it in the most market-friendly cuts, even though they licensed broad market distribution rights to the whole thing.

Not a strong start, about from I expect from AT&T though. Now people the world over get to see how shitty the murican telephone conglomerates are. 🥳

SAP Ariba.
Imagine you can test newly created catalogs, but on error you only receive an error ID, which you have to send to a support email to get the acual error message, but support only responds after maybe 2 weeks if you're lucky.
How hard can it be to implement a log viewer next to your catalog testing forms.

Client approved a design 2 months ago. I follow the design and build functionality based on the design and on budget.

What does client do... Doesn't want the site built says it doesn't follow their paper catalog. What paper catalog? I never got a paper catalog from design to follow. Three additional weeks later rebuilt the core of the site's functionality. And the final cost is 2.5 times over budget. Screw you Unnamed attorney search engine.

Fucking docker swarm. Why the hell do they have to change the way it works so damn often. Find a good workthough and its not fucking valid anymore cause swarm doesnt use consul to catalog swarm nodes anymore. Well fuck thanks docker now i have to rethink my architecture cause you fuckers wanted to do something half assed.

Sad fucking thing is the change that made you do that shit in the first place doesn't work right for ssl so your damn mesh network is fucking useless for any real world uses unless people like me rig the fucking hell out off it.

Another fucking thing how the hell haven't these fucktards added a shared storage yet, come the fuck on.

Always save every thing you make! No matter how insignificant it might seem... You won't regret it.

Bonus points if you catalog by year

I was introduced to an Oracle dba working for one of the companies licensed for them

I was just starting out a few years in
Was using MySQL and dotnet to develop our system

Cost effective

Bastard gives me a kind of smirking smile after talking about basically representing a fucking catalog of use cases no real development and says "it just takes more to get this position"

Few years later oracle buys MySQL , the product he smirked about

Guess their system was really only good for Wal fucking Mart

Burn in hell oracle !

1) Had to fix severe bugs in a dynamic UI (configuration-driven forms) component.

Recognized undocumented Copy/Paste/Modify/FuckUp driven variations of the same component all over the project. Unsurprisingly, the implementations covered 99% of the antipattern catalog on wiki.c2.com and could compete with brainfuck in regard to human-readable code.

Escalated the issue, proposed a redesign using a new approach, got it approved.

Designed, Implemented, tested and verified the new shared and generic component. Integrated into the main product in the experimental branch. Presented to tech lead/management. Everyone was happy and my solution opened even more possibilities.

Now the WTF moment: the product with the updated dynamic UI solution never has been completely tested by a QA engineer despite my multiple requests and reminders.

It never got merged into baseline.
New initiatives to fix the dynamic UI issues have been made by other developers. Basically looking up my implementation. Removing parts they do not understand and wondering why the data validation does not work. And of course taking the credit.

2) back in 2013, boss wanted me to optimize batch processing performance in the product I developed. Profiling proved that the bottleneck ist not my code, but the "core" I had to use and which I must never ever touch. Reported back to him. He said he does not care and the processing has to get faster. And I must not touch the "core".

(FYI: the "core" was auto-generated from VB6 to VB.Net. Stored in SourceSafe. Unmaintainable, distributed about a bunch of 5000+ LoC files, eye-cancer inducing singlethreaded something, which had naive raw database queries causing the low performance.)

I have already been a big fan of Elixir for some time now, but seeing this during my inquiry into Elixir's official catalog of documentation has defanitely galvanized my already colorful opinion of this grate language.

So, spammers found the special character catalog on their machines.

A very long rant.. but I'm looking to share some experiences, maybe a different perspective.. huge changes at the company.

So my company is starting our microservices journey (we have a 359 retail websites at this moment)

First question was: What to build first?

The first thing we had to do was to decide what we wanted to build as our first microservice. We went looking for a microservice that can be used read only, consumers could easily implement without overhauling production software and is isolated from other processes.

We’ve ended up with building a catalog service as our first microservice. That catalog service provides consumers of the microservice information of our catalog and its most essential information about items in the catalog.

By starting with building the catalog service the team could focus on building the microservice without any time pressure. The initial functionalities of the catalog service were being created to replace existing functionality which were working fine.

Because we choose such an isolated functionality we were able to introduce the new catalog service into production step by step. Instead of replacing the search functionality of the webshops using a big-bang approach, we choose A/B split testing to measure our changes and gradually increase the load of the microservice.

Next step: Choosing a datastore

The search engine that was in production when we started this project was making user of Solr. Due to the use of Lucene it was performing very well as a search engine, but from engineering perspective it lacked some functionalities. It came short if you wanted to run it in a cluster environment, configuring it was hard and not user friendly and last but not least, development of Solr seemed to be grinded to a halt.

Elasticsearch started entering the scene as a competitor for Solr and brought interesting features. Still using Lucene, which we were happy with, it was build with clustering in mind and being provided out of the box. Managing Elasticsearch was easy since there are REST APIs for configuration and as a fallback there are YAML configurations available.

We decided to use Elasticsearch since it provides us the strengths and capabilities of Lucene with the added joy of easy configuration, clustering and a lively community driving the project.

Even bigger challenge? Which programming language will we use

The team responsible for developing this first microservice consists out of a group web developers. So when looking for a programming language for the microservice, we went searching for a language close to their hearts and expertise. At that time a typical web developer at least had knowledge of PHP and Javascript.

What we’ve noticed during researching various languages is that almost all actions done by the catalog service will boil down to the following paradigm:

- Execute a HTTP call to fetch some JSON

- Transform JSON to a desired output

- Respond with the transformed JSON

Actions that easily can be done in a parallel and asynchronous manner and mainly consists out of transforming JSON from the source to a desired output. The programming language used for the catalog service should hold strong qualifications for those kind of actions.

Another thing to notice is that some functionalities that will be built using the catalog service will result into a high level of concurrent requests. For example the type-ahead functionality will trigger several requests to the catalog service per usage of a user.

To us, PHP and .NET at that time weren’t sufficient enough to us for building the catalog service based on the requirements we’ve set. Eventually we’ve decided to use Node.js which is better suited for the things we are looking for as described earlier. Node.js provides a non-blocking I/O model and being event driven helps us developing a high performance microservice.

The leap to start programming Node.js is relatively small since it basically is Javascript. A language that is familiar for the developers around that time. While Node.js is displaying some new concepts it is relatively easy for a developer to start using it.

The beauty of microservices and the isolation it provides, is that you can choose the best tool for that particular microservice. Not all microservices will be developed using Node.js and Elasticsearch. All kinds of combinations might arise and this is what makes the microservices architecture so flexible.

Even when Node.js or Elasticsearch turns out to be a bad choice for the catalog service it is relatively easy to switch that choice for magic ‘X’ or component ‘Z’. By focussing on creating a solid API the components that are driving that API don’t matter that much. It should do what you ask of it and when it is lacking you just replace it.

Many more headaches to come later this year ;)

Just finished s meeting- change manager wants us to track searches in our apps, count and catalog words that are searched and who is doing the search. He must have read a blob about Google

Maybe someone can help me.
Guys my team uses a master catalog to configure products in CRM application.
The master catalog is a "hidden Eclipse", it has the same interface. But this application has really problems with performance, is too slow.... It usues only 500mb of ram per users.
I try to find a configuration properties but nothing...
Do you have any idea?
(Is like the "Smart Insert" as the image attached btw)

I wrote my first proper promise today

I'm building a State-driven, ajax fed Order/Invoice creation UI which Sales Reps use to place purchases for customers over the phone. The backend is a mutated PHP OSCommerce catalog which I've been making strides in refactoring towards OOP/eliminating spahgetti code and the need for a massive bootstrapper file which includes a ton of nonsense (I started by isolating the session and several crucial classes dealing with currency, language and the cart)

I'm using raw JS and jquery with copious reorganization.

I like state driven design, so I write all my data objects as classes using a base class with a simple attribute setter, and then extend the class and define it's attributes as an array which is passed to the parent setter in the construct.

I have also populateFromJson method in the parent class which allows me to match the attribute names to database fields in the backend which returns via ajax.

I achieve the state tracking by placing these objects into an array which underscore.js Observe watches, and that triggers methods to update the DOM or other objects.

Sure, I could do this in react but
1) It's in an admin area where the sales reps using it have to use edge/chrome/Firefox
2) I'm still climbing the react learning curve, so I can rapid prototype in jquery faster instead of getting hung up on something I don't understand
3) said admin area already uses jquery anyway
4) I like a challenge

Implementing promises is quickly turning messy jquery ajax calls into neat organized promise based operations that fit into my state tracking paradigm, so all jquery is responsible for is user interaction events.

The big flaw I want to address is that I'm still making html elements as JS strings to generate inputs/fields into the pseudo-forms.

Can anyone point me in the direction of a library or practice that allows me to generate Dom elements in a template-style manner.