When your coffee supplier won't let you order < 5. Client side validation wins again.

*Client calles me at 7Am*

Client: why did you make everything smaller on my website ?

Me: look at the right side of your URL bar, do you see a minus sign ?

Client: yah, so ?

Me: click on it and set it back to default.

Client: oh ok this is working for me now, will this fix apply globally across the internet

Me: ...

Client: oh I think I asked a stupid question, thanks mate have a good day.

Me: you're welcome...

A client who I freelance for just asked if they could invest in one of my side projects.

This is the best day of my programming career 😊

Client side validation be like:

My manager started a company and I was his first employee, he literally started it because he wanted to make use of my talent.

So one day I finished my project on Friday and took in advance Monday and Tuesday off. Went back Wednesday to find my manager angry like "you didn't finish your project, you costed us money with our client company (a big ass famous one) I am putting you on probation and you could probably get fired if you don't get yourself together" and he said that my colleague had to do my whole work that I supposedly didn't do.
So I went to the code and checked. And I found that what my colleague did was re write my code in a different structure and pretended like he did everything and did do anything.
Got passed off so I wrote an email to my manager with the commits and links to them and their builds and made sure it's well explained, and titled the email "resignation letter" with me expressing at the end how angry I am and informing about my resignation.
Later on he replied saying it was a misunderstanding and there was lack of communication and he could give me I raise.
I insisted.
One week later I got hired by the client company and suddenly I was sitting on the other side of the meeting table. And it felt so damn good.

client side validation ?

CS teacher tip of the day:

server side input checks and sanitization are always useless. because nowdays all browsers have javascript enabled by default and nobody disables it. so client-side checks are safe.

me: ***WTF!?!***

So they were having trouble with the server always being slow and maxed to 100%, so the boss told me when wait times were hitting 5+mins due to server trying to catch up, he complained at me, said if I could get the wait time to 30sec to instant he would raise my pay to 90k a year, then walked away after I agreed, I was quite serious but I don't think he thought I was, so I decided to look over the system, IDK who but they put all the calculations and processing server-side for the CA's on floor then sent the completed view to the CA, so I spent months recreating the entire system except the server only pulled the data needed then the new client would do all the processing on their computer since they weren't doing anything anyways, I did a practice run today as its one of our peak days, wait times went to barely 5secs or "instant" according to CA's, I walked into the office, slapped that hourly report down after just two hours and showed the massive increase in employees production times.

That look on his face...
That look on my face...
That look on my next check...

Bliss

Was irritated and annoyed because of a client.

Someone called the support line and I was ready for some temper-holding practice.

A very sweet lady was at the other side and she couldn't figure something out and was overwhelmed by all the options she had in her new hosting package.

Very calmly helped her and guided her to the right place, step by step. She did exactly what I said instead of playing a smartass.

She finally found it and said that she appreciated it and a ton of thanks 😊.

Now that's a good way to end a work day!

A client called today because their email wasn't arriving at the receipants inbox but bouncing back with a 'poor MTA rating' error.

Checked about every blacklist I know and our server was definitely not blacklisted. Must be the receipants host which for some reason was blacklisting his specific email address.

Told the client that it wasn't a problem on our side and that he had to request a whitelist himself (we'd do it but it wasn't a specific server problem so we're not going to spend time on that).

Fair enough, he'd do that.

Calls back. "Well, the other party says that your server definitely has a poor rating, it's on your side!!"

Alright, this is getting annoying. Gave him a few blacklist checking sites links and told him to run his domain AND our server IP through it. Indeed came back completely clean.

"But the other party said it's poor rating on your side so I'd think tha........"

YEAH WHY DON'T YOU SHOVE THAT OTHER PARTY UP YOUR FUCKING ASS. I'VE SHOWN YOU PROOF THAT IT'S DEFINITELY NOT ON OUR FUCKING SIDE, EXPLAINED IT TO YOU AND SO ON. MAYBE, FOR ONE FUCKING SECOND, TAKE INTO CONSIDERATION THAT THE OTHER PARTY IS FUCKING LYING?!?!?

FUCK OFF.

"full stack" means "you'll be doing everything from gathering client requirements through data architecture up to the UI design and of course implementing all of it"

"backend" means "you'll be coding everything from database through server-side code and client-side code including html and css"

"we need you on-site all day every day" means "we have no idea how and why we should use repositories with remote access despite being a company developing an internet app, and we don't trust that you would be working anyway"

"interesting challenging projects" means "the same boring crap as every other company, running on an incredibly botched and dezorganized codebase".

"competitive pay" means "actual pay is around 1.5 times the minimum allowed pay, and everything else is being siphoned off into (stupid and useless) 'benefits' like massage and fitness discount coupons"

"friendly collective having fun at numerous company events each years" means "it is mandatory for you to participate on our weekend drinking retreats but you'll only find out when we fire you because you're 'not a team player' after you refused to participate on those"

Client-Side Form Validation only be like...

In my previous company, I used to work for a client company which had a terrible website. It was about financial data and people would have to wait too long before the page loaded because there was a freaking 1.2 megs of minified, compressed JS file that needed to load before you could do anything.

Everyone knew that was a pain in the ass and nobody wanted to touch spaghetti code and mess up something they didn't know.

I wanted to however take a shot at it. So an architect from client side and I discussed how we were gonna go about it and how we were gonna find the stuff that needed to load on page load and stuff that could be loaded later.

So we plan for it. We broke everything down from a globals polluting JS, found out the variables and functions that needed to run during first load by literally putting a console statement for each function and finally came up with two bundles.

The primary bundle was 120kb and would during first load and then every module would call it's own secondary bundle when the user interacted with it.

In the process, we removed half a meg of JS and the site became blazing fast.

I did it with a team of two members who, my manager thought were useless, learned a ton of stuff, setup proper process for the transition.

When the client didn't appreciate the amount of brain and effort we had put into it, these two members came forward to tell the client to acknowledge my effort and attributed the success of it to me.

I was totally moved. There was so much respect that I didnt care what anybody else thought. I was just so happy to work with those two humans.

When i left the company, i gifted them stuff they always talked about or wanted. :) Feels good.

There once approached me a client, with a request to be done. Here is a recap, with emphasis on time limits.

C: Ok, so we need this and this thing to be done that and that way...
*short talk about technical side of the project, unimportant to the rant*
C: Can it be done by 25th, this month? (It was 4th of the month)
M: No way, it'll take at least a week more, so realistically I'd say around 7th next month.
C (Had no option but to agree on the date)
*we arrange the price as well (was not a bad one at all)*

So I started working on the thing and one night, about a week or so in, I probably had a cup of tea too much, I suddenly have a breakthrough. I sat behind a computer from 22:00 till 17:00 next day, nonstop. I didn't even eat anything in the meantime. The project was far from done, but I did quite a lot of work. Anyhow, when I have completed the project, not only was I not over the deadline, it was 22nd of the month, so even before the wanted time! When I contacted the client and told him that I am done, he was ... let's just say very happy. The deployment went fine, but when I checked my bank account, for the payment, there was a surprise waiting for me. The number was 25% more than what we have arranged! Me, believing that it was a mistake, immediately messaged him about it and he responded:

No, this is just a small gift for you, because you finished that quickly.

(and not to forget, I have coded things for way less than those 25% and was completely fine with the price, so it was not a small amount)

The first time I decided to hack around a bit:D

One of my teachers made a quiz software, which is only used by him(his lectures are about databases), and it is highly unsecure. When I heard that it is written in C# I decided to look in it's source code. The biggest problem I ran into: this program is only available on the computers in his classroom, and he monitors the computers display. However, I successfully put it into my pendrive without getting caught.

So when I got home, I just had to use a .NET decompiler(in this case: dotPeek) to get the fully functional source code. The basic function of the program was to download a quiz from his database server, and when it was finished, grade it client-side. Than, I realized how bad it was: It contains the number of questions, the number of correct and incorrect answers.
I've just made a modified .exe, which contained really little modification(like correctAnswers=maxQuestions, incorrectAnswers=0). Everything looks the same, you just have to click over it, and everytime it will return with 100%.

And the bonus: The program connects to the database as a user with root access, and without password. I was able to log in, download(dropping was available too, but didn't try) databases(with all the answers) and so on.

Never had to use it though, it was just a sort-of experience gaining.:)

Way to many...

- Passwords stored in plain text on the year 2014
- Not supporting HTTPS because to expensive
- Hidden admin URLS
- Databases available all over the internet
- Client Side validation
- IoT

Motherfucker.

After about six hours of debugging I finally figured out that the error I'm getting is happening CLIENT SIDE AND NOT FUCKING SERVER SIDE. Yes, I've been debugging everything on the SERVER SIDE.

MOTHERFUCKING FUCK.FML.

One of our clients deploy their own server app. So this happened after a prod deployment. (4am)

*Cellphone rings while sleeping*

Client : we need you on the conference call now. URGENT!

*Gets on conference call*
*Client explain the problem*
*Explaining to the client that the problem is in their side (https connection not working, either network or certificate problem)*
*Client doesn't believe it and pushes me for a fix that I have no control on*
*4 hours later in a heated conversation*

Client : ok problem is on our side. We used our SSL certificate from staging with production and thought it would work.

Me :

We had the most fucking retarded client today. No, seriously, if you ever beat their level you have a serious mental issue.

They had a mail problem for which they'd need to check at the side of another company since we don't have those fucking logs.

Their statements:
- they entered an email address In the text field of mail-tester.com and were furious that they didn't get the results sent.
Note: it says right on that page that YOU JUST NEED TO SEND THE EMAIL ADDRESS WHICH IS PRE-ENTRRED IN THAT TEXT FIELD AN EMAIL.
- their company has been a reputable 'conservative' company which hasn't done anything wrong since 19xx so the fact that they'd end up on a blacklist was FUCKING OUTRAGEOUS and bullshit.
- our support wasn't willing to help and only willing to tell them outrageous lies.
- the other it company was only reachable at a premium number and thus expensive to call.

Emails back and forth and finally they CC'd the other company. They're reply was fucking priceless:

"we never had a premium number. Feel free to call us on *number* any time during the week between *time* and *time*.

Then he told us that we should just go back to sleep.

It was way worse than that but due to privacy and my own memory this is all I can tell.

Just wow.

First rant, so here goes:
def initialize
@rant = 'when the contractor your boss brought in to help, whose weekly rate exceeds your monthly salary, doesn't know the difference between server side and client side technologies.'
end

People who say something isn't working and ask us to investigate.

Alright, it's not on our side, go ask support at {differentcompany}.

*presents actual proof*

Client replies: oh but I asked the other side and they send over this proof *shows proof saying that its not on our side but very technical so the client doesn't understand* so it's definitely on your side!!!!!!

This annoys the living fucking hell out of me, FUCKING FUCK.

😡

I realize I've ranted about this before, but...

Fuck APIs.

First the fact that external services can throw back 500 errors or timeouts when their maintainer did a drunk deploy (but you properly handled that using caching, workers, retry handlers, etc, right? RIGHT?)...

Then the fact that they all speak a variety of languages and dialects (Oh fuck why does that endpoint return a JSON object with int keys instead of a simple array... wait the params are separated with pipe characters? And the other endpoint uses SOAP? Fuck I need to write another wrapper class around the client...)

But the worst thing: It makes developers live in this happy imaginary universe where "malicious" is not a word.

"I found this cloud service which checks our code style" — hmm ok, they seem trustworthy. Hope they don't sell our code, but whatever.

"And look at this thing, it automatically makes database backups, just have to connect to it to DigitalOcean" — uhhh wait...

"And I just built this API client which sends these forms to be OCR processed" — Fuck... stop it... there are bank accounts numbers on those forms... Where's that API even located? What company?

* read their privacy policy *

"We can not guarantee the safety of your personal data, use at your own risk [...] we are located in Russia".

I fucking hate these millennial devs who literally fail to get their head out of the cloud.

Somehow they think it's easier to write all these NodeJS handlers and layers around some API, which probably just calls ImageMagick + Tesseract on the other side.

If I wasn't so fucking exhausted, I'd chop of their heads... but they're like hydra, you seal one privacy breach and another is waiting to be merged, these kids just keep spewing their crap into easy packages, they keep deploying shitty heroku apps... ugh.

😖

"I should really make better offsite backups"

"Right, this service doesn't do client side encryption"

"Oh this one doesn't have a Linux client"

"OK this one only sets up a single directory you can dump shit into"

"Wtf this one charges more than a high class escort girl"

Whatever... I'm sure my house won't burn down.

Following a conversation with a fellow devRanter this came to my mind ago, happened a year or two ago I think.

Was searching for an online note taking app which also provided open source end to end encryption.

After searching for a while I found something that looked alright (do not remember the URL/site too badly). They used pretty good open source JS crypto libraries so it seemed very good!

Then I noticed that the site itself did NOT ran SSL (putting the https:// in front of the site name resulted in site not found or something similar).

Went to the Q/A section because that's really weird.

Saw the answer to that question:

"Since the notes are end to end encrypted client side anyways, we don't see the point in adding SSL. It's secure enough this way".

😵

I emailed them right away explaing that any party inbetween their server(s) and the browser could do anything with the request (includingt the cryptographic JS code) so they should start going onto SSL very very fast.

Too badly I never received a reply.

People, if you ever work with client side crypto, ALWAYS use SSL. Also with valid certs!

The NSA for example has this thing known as the 'Quantum Insert' attack which they can deploy worldwide which basically is an attack where they detect requests being made to servers and reply quickly with their own version of that code which is very probably backdoored.

This attack cannot be performed if you use SSL! (of course only if they don't have your private keys but lets assume that for now)
Luckily Fox-IT (formerly Dutch cyber security company) wrote a Snort (Intrustion Detection System) module for detecting this attack.

Anyways, Always use SSL if you do anything at all with crypto/sensitive data! Actually, always use it but at the very LEAST really do it when you process the mentioned above!

!Story

The day I became the 400 pound Chinese hacker 4chan.

I built this front-end solution for a client (but behind a back end login), and we get on the line with some fancy European team who will handle penetration testing for the client as we are nearing dev completion.

They seem... pretty confident in themselves, and pretty disrespectful to the LAMP environment, and make the client worry even though it's behind a login the project is still vulnerable. No idea why the client hired an uppity .NET house to test a LAMP app. I don't even bother asking these questions anymore...

And worse, they insist we allow them to scrape for vulnerabilities BEHIND the server side login. As though a user was already compromised.

So, I know I want to fuck with them. and I sit around and smoke some weed and just let this issue marinate around in my crazy ass brain for a bit. Trying to think of a way I can obfuscate all this localStorage and what it's doing... And then, inspiration strikes.

I know this library for compressing JSON. I only use it when localStorage space gets tight, and this project was only storing a few k to localStorage... so compression was unnecessary, but what the hell. Problem: it would be obvious from exposed source that it was being called.

After a little more thought, I decide to override the addslashes and stripslashes functions and to do the compression/decompression from within those overrides.

I then minify the whole thing and stash it in the minified jquery file.

So, what LOOKS from exposed client side code to be a simple addslashes ends up compressing the JSON before putting it in localStorage. And what LOOKS like a stripslashes decompresses.

Now, the compression does some bit math that frankly is over my head, but the practical result is if you output the data compressed, it looks like mandarin and random characters. As a result, everything that can be seen in dev tools looks like the image.

So we GIVE the penetration team login credentials... they log in and start trying to crack it.

I sit and wait. Grinning as fuck.

Not even an hour goes by and they call an emergency meeting. I can barely contain laughter.

We get my PM and me and then several guys from their team on the line. They share screen and show the dev tools.

"We think you may have been compromised by a Chinese hacker!"

I mute and then die my ass off. Holy shit this is maybe the best thing I've ever done.

My PM, who has seen me use the JSON compression technique before and knows exactly whats up starts telling them about it so they don't freak out. And finally I unmute and manage a, "Guys... I'm standing right here." between gasped laughter.

If only it was more common to use video in these calls because I WISH I could have seen their faces.

Anyway, they calmed their attitude down, we told them how to decompress the localStorage, and then they still didn't find jack shit because i'm a fucking badass and even after we gave them keys to the login and gave them keys to my secret localStorage it only led to AWS Cognito protected async calls.

Anyway, that's the story of how I became a "Chinese hacker" and made a room full of penetration testers look like morons with a (reasonably) simple JS trick.

Scariest Web Page i Made:

So i was outside the hotel where my friend works, as he went away to submit work related papers and i sat in the car.

The car was parked in the middle of two others. To pass time i started working on my Web Page..
To me it was just a simple html,css,js source code..(wasn't even client side)...

To the other non-programmer hotel staff (Prying) eyes it was:

A shady guy, dressed in black in a car parked outside the server room. To top that off i had Dark theme on my editor.

So now two staff members are staring at me from outside the car...

I was well aware of what message this whole setup might be sending.

So i got a little anxious and did one thing that i should not have done i.e started looking at them with coy eyes as i typed.

Next minute i was being asked to step outside the car.
I was scared,not by the situation ... i was scared of their ignorance and how would i explain what those many colored lines on a black screen meant.

However it was solved..... but i knew this was the scariest page i ever made.

Teacher:"We're gonna write client side javascript, todays javascript is fast enough"
Me: "ok, cool, are we gonna use ECMA6 or Harmony?"
Teacher: "we need to keep it supportable for all platforms, so we are gonna use ECMA4"
Me:( internal screaming )

A client asked me to add a mobile phone field to a registration form and asked me explicitly to use their server side validation for it.
Apparently they need a valid provider prefix, but after that everything goes. This was passed as valid mobile phone number.

Being a client side developer in 2016

Recruiter: are you interested in a client side java role?

Me: yes, here is my client side resume please submit me

Recruiter: sorry the hiring manager said they are looking for more of a back-end engineer

Me: you told me it was a client side role, please resubmit me with my back-end geared resume

Recruiter: yes that's correct, it's client side, we'll keep you in mind for the future but you should know there is a difference between mobile devs and web devs

Me: what you just said is not relevant to this conversation. I would be happy to discuss the diff between front-end and back-end, client vs server, etc.

Recruiter: I'm just relaying what the hiring manager is saying to me

Me: your [lack of] ability to relay technical information is quite apparent :/

*lesson learned*: interview recruiters before they start interviewing me

Unbelievable waste of time, how do these people even make a living? FML!

Okay, y'all!
Thank you for being remotely interested in my post. It really cheered me up :-D
Here's the definition I submitted, also attached the proof of my humiliation.

devrant

It's the ray of fucking sunshine in a developer's perpetually annoying lifestyle. It is developer-made for developer-use.
An anonymous social platform where the app owners/founders/creators ACTUALLY LISTEN to user feedback!

Developers who have made up a million fucking ways to ask their fucktard co-worker/boss/client to go die, can exchange their creativity for ++s.
It's a platform to channel their rage into a creative rant and calm down a bit. It's like taking a long, deep, virtual breath.

Useless software/apps that behave like they were developed by 5 year olds, also take a hit sometime.

PS - Addiction is a common side effect.

Would the web be better off, if there was zero frontend scripting? There would be HTML5 video/audio, but zero client side JS.

Browsers wouldn't understand script tags, they wouldn't have javascript engines, and they wouldn't have to worry about new standards and deprecations.

Browsers would be MUCH more secure, and use way less memory and CPU resources.

What would we really be missing?

If you build less bloated pages, you would not really need ajax calls, page reloads would be cheap. Animated menus do not add anything functionally, and could be done using css as well. Complicated webapps... well maybe those should just be desktop/mobile apps.

Pages would contain less annoying elements, no tracking or crypto mining scripts, no mouse tracking, no exploitative spam alerts.

Why don't we just deprecate JS in the browser, completely?

I think it would be worth it.

Some years back I was working in a project that essentially dealt with all things related to foreigners and foreign affairs in Switzerland. You could manage entry visas, work permits, citizenship, international warrants, Interpol requests, etc.

One of the test managers (from client side - i.e. the government) was once manually "testing" and mixed up the production and test instance, to both of which he was logged in at the time.
The test case then ended up setting up an entry ban against himself, as he used his own name for testing...

Next time he returned from vacation the border control at the airport were like "Uhm, Sir, we can't let you into the country. Please come with us." :D :D

(He managed to clear that up in end, I dare say, though, that he learned his lesson.)

So you are telling me I can run tensorflow.js on the browser and use user's GPU to power my models!
Oh Yeaaaaaaaaaaah!

From my work -as an IT consultant in one of the big 4- I can now show you my masterpiece

INSIGHTS FROM THE DAILY LIFE OF A FUNCTIONAL ANALIST IN A BIG 4 -I'M NOT A FUNCTIONAL ANALYST BUT THAT'S WHAT THEY DO-

- 10:30, enter the office. By contract you should be there at 9:00 but nobody gives a shit
- First task of the day: prepare the power point for the client. DURATION: 15 minutes to actually make the powerpoint, 45 minutes to search all the possible synonyms of RESILIENCE BIG DATA AGILE INTELLIGENT AUTOMATION MACHINE LEARNING SHIT PISS CUM, 1 hour to actually present the document.
- 12:30: Sniff the powder left by the chalks on the blackboards. Duration: 30 minutes, that's a lot of chalk you need to snort.

13:00, LUNCH TIME. You get back to work not one minute sooner than 15.00

- 15:00, conference with the HR. You need to carefully analyze the quantity and quality of the farts emitted in the office for 2 hours at least
- 17:00 conference call, a project you were assigned to half a day ago has a server down.
The client sent two managers, three senior Java developers, the CEO, 5 employees -they know logs and mails from the last 5 months line by line-, 4 lawyers and a beheading teacher from ISIS.
On your side there are 3 external ucraininans for the maintenance, successors of the 3 (already dead) developers who put the process in place 4 years ago according to God knows which specifications. They don't understand a word of what is being said.
Then there's the assistant of the assistant of a manager from another project that has nothing to do with this one, a feces officer, a sys admin who is going to watch porn for the whole conference call and won't listen a word, two interns to make up a number and look like you're prepared. Current objective: survive. Duration: 2 hours and a half.
- 19:30, snort some more chalk for half an hour, preparing for the mail in which you explain the associate partner how because of the aforementioned conference call we're going to lose a maintenance contract worth 20 grands per month (and a law proceeding worth a number of dollars you can't even read) and you have no idea how could this happen
- 20:00, timesheet! Compile the weekly report, write what you did and how long did it take for each task. You are allowed to compile 8 hours per day, you worked at least 11 but nobody gives a shit. Duration: 30 minutes
- 20:30, update your consultant! Training course, "tasting cum and presenting its organoleptic properties to a client". Bearing with your job: none at all. Duration: 90 minutes, then there's half an hour of evaluating test where you'll copy the answers from a sheet given to you by a colleague who left 6 months ago.
- 22:30, CHANCE CARD! You have a new mail from the HR: you asked for a refund for a 3$ sandwich, but the receipt isn't there and they realized it with a 9 months delay. You need to find that wicked piece of paper. DURATION: 30 minutes. The receipt most likely doesn't even exist anymore and will be taken directly from your next salary.
- 23:00 you receive a message on Teams. It's the intern. It's very late but you're online and have to answer. There's an exception on a process which have been running for 6 years with no problems and nobody ever touches. The intern doesn't know what to do, but you wrote the specifications for the thing, 6 years ago, and everything MUST run tonight. You are not a technician and have no fucking clue about anyhing at all. 30 minutes to make sure it's something on our side and not on the client side, and in all that the intern is as useful as a confetto to wipe your ass. Once you're sure it's something on our side you need to search for the senior dev who received the maintenance of the project, call him and solve the problem.
It turns out a file in a shared folder nobody ever touches was unreachable 'cause one of your libraries left it open during the last run and Excel shown a warning modal while opening it; your project didn't like this last thing one bit. It takes 90 minutes to find the root of the problem, you solve it by rebooting one of your machines. It's 01:00.

You shower, watch yourself on the mirror and search for the line where your forehead ends and your hair starts. It got a little bit back from yesterday; the change can't be seen with the naked eye but you know it's there.

You cry yourself to sleep. Tomorrow is another day, but it's going to be exactly like today.

Note: our PM is new.
PM: can you help me?
Me: sure, what do you need?
PM: where do the folders with all the techie stuff come from?

I had no context and spent the next 20 minutes trying to work out what folders she was on about. Turned out she wanted to know where the client side folders on our development server come from, was going to explain 'Gulp' and 'Branch' to her but I think I'd be there for the rest of the day... Why do 'tech' companies hire non-tech-savie people.

Client side validation op xD

was finding bug on server all day long until I look at the client side code ._. I'm so stupid

Warning: long read....

I got a call this morning from a client who was panicking about not being able to login to his web panel.

So I went to the web panel and tried to login and was just redirected back to the login page. No errors or anything (at least visible on the page). Went looking for an error_log file and found it.

It turns out there was an error was showing: Disk quota exceeded.

So I went into the cPanel and checked, he used about 16GB out of 100GB and that got me confused. So I looked around and found out he was using about 510000/500000 inodes.

Went looking trough FTP to see where he has so many files and try and remove some.

Well it turns out that there were about 7 injected websites (warez, online casino, affiliate one etc) and a full hacking web panel on his FTP. After detailed analysis some who actually built the site (I just maintain some parts) made an upload form available to public with any checks on it. Meaning anyone could upload whatever they wanted and the form would allow it.

The worst part is that the client is not allowing us to secure the form with some sort of login or remove it completely (the best option) as it is not really needed but he uses it to upload some pdf catalogs or something.

TL; DR;
Old programmer created an upload form that was accessible to anyone on the web without adding any security or check as to see what kind of files was getting uploaded. Which lead to having maximum number on inodes used on server and client being unable to login.

Side note:
And ofc I had to go and fix the mess behind him again, even though he stopped working a long time ago and I started just recently and have been having nightmares of this project.

Being a developer has it's advantages: I wanted to apply for a internet subscription for my home but my home adress wasn't recognized by the provider. So i wanted to send a complain form but this was only possible by providing it with a client number, which I obviously didn't have.
So this was my solution 🎉

So I made an android app for a client. It's a newspaper type of app for the clients webpage, as he has a lot of traffic on it and about 50-51% is from mobile. Which is all good an everything.

And so I've been working on it for a while now as it wasn't a primary focus, more of a like side project.

I was able to make full working build (publish ready) and sent it to the client for a review.

After about an hour I received an email saying that the app is requesting too many permissions from the user. So I started looking trough my manifest file and all of the 3rd party libs to see what were those permissions.

Well, when I finally installed the app on a physical device and looked trough the permissions in the settings all I found were permissions for the internet and prevent the phone from sleeping.

After asking the client to tell me in detail which permissions raised concerns he told me it were those 2 and if they could be removed.

So I just wasted an hour of my life trying to explain why the app that is losing content from the internet needs internet permissions.

Fml and ignorant people who think they know everything and won't accept anything else.

And all of this because he read on some click bait website how a "real" app doesn't need any permissions and every other is just trying to steal all of your data and money.

>> this === rant
<< true

At beginning of this year, I only knew HTML, JS, and CSS so I just applied for offers like "Jr Apprentice Dev in Front-End"
In a interview call, the woman told me that they will send me a test asking about my JS and HTML5 knowledge.
When I look in my inbox, the mail subject says "Back-end Test".

Then I call the woman:

Me: "Hello, I have received the test mail, but maybe it's wrong. I applied for a Front-End position and the test is about backend! "

She: "Do you have skills in JS and HTML5?"

Me: "Yes!, and CSS3"

She: "Well, the test is about that. JS, jQuery, and HTML5"

Me: "..."

Me: "Sorry, that languages are Front-End. In the subject say 'Back-End' and Back-End is PHP, SQL, MySQL, Java, .Net... I don't know nothing about that. I only know HTML, JS, CSS."

She: "It's the same"

Me: "I sorry but it's not the same. Fron-End is client-side, what users sees. Animation, colors, FXs, buttons, forms... And Back-End is server-side, what users doesn't see."

She: "Well, JS, HTML, and CSS is backend for us. We call it that way too"

Me: "Sorry but that is wrong. I invite you to read some basic info. Now I am confused"

Of course that I am not confused. That idi0t was wrong.
Perhaps recruiters should take some info about areas where they are recruiting... (:T)

I work as a freelancer on *****.com also I have published a theme on theme***.com
Yesterday a indian client message
Client: wii you be able to help me to install a wp theme and customize it to my liking?
Me: sure why not, send me the link to that theme.
Client: here's the link (link to my theme)
Me: (oh i will make money from both side :D ) do yoy bought a license ?
Client: (shocked) who need license , download it from *****.com
Me: (crying in background)

Client-side router entirely in CSS

It fucking staggers me how many backend/devops-y people don't understand what a client side "request timeout" is, versus a server side one.

What does it mean:

The client was fed up with the servers bullshit, and decided to piss off and not wait around for the server to take forever to respond, because life's too short.

How not to solve/debug this issue:

- "I've checked the API request in tool xyz, and it works fine for me"

Congratulations, you've figured out how to call an API once, in isolation to the rest of the application, and without any excessive load. And using a different client to me, with a different configuration. Lets get back to actually looking at the issue shall we?

- "I only see HTTP 200's in the logs"

Yep, you probably will in most circumstances, because its the client complaining about it taking too long, not the server. If the server was telepathetic and knew what the client was thinking/doing at all times, we wouldn't have half of the errors we do.

- "Ah ok, I understand ... so how do I solve this?"

Your asking me? I don't fucking know, I didn't build the server! Put better logging in place and figure out why sometimes it takes forever.

Jesus fucking christ

When the client asks why you billed them for something that was supposedlly your fault and takes a defense when you turn around with the emails and documentation to support that the code is working like it should and was requested by them... Awkward silence... And they still come back with well could you knock off half the hours. Client==fired

Side note.......have been having issues with this clent for a year so it was their time coming.

Fucking bruteforce man. Was supposed to go sleep when got few messages from my gameserver players that their accounts have been hacked.

Checked their logs, all of their accounts have been accessed from Russia. Told them to change their passwords and they told me their previous passwords which were easy af to guess.

Digged deeper and found hundreds of thousands failed logins in the last few hours and all of them from different ips.

Since I cant modify gamefiles on client side, the solution for now was to disable in-game registration and force player registration through the website form with captcha and also where each players login name gets appended with a random suffix chosen by player from a random list..

Fuck you bruteforce scriptkiddies, good luck guessing accounts now. At least I can sleep now.

When you bypass server side sanitization while trying to bypass client side

Never heard of a so terribly designed online game.

For starters: the client-server model is process everything on the client, then save it on the server, and due to the nature of the site design, simply changing a tag will give you another of money.

The PayPal processing system doesn't read any headers or anything of that sort. So if you cancel your payment, this game thinks you've paid anyways.

Also, the trading system is based off of what buttons you can see so if you can see the cancel button it must be yours. So if you copy the cancel button to someones trade offering (FYI this is all done locally), and you click it you have gotten said item(s).

It gets worse, but I don't remember much more than that. The one thing they actually do is make session IDs expire.

Favorite/most hated language? (I love a good flame war)

Why did you quit your previous job / Moment you've considered quitting your current job?

Why do you think Linux is so much better than OSX? (Ahh yes I feed on apple flavored hipster tears)

What side project are you currently working on?

If you had the best teams and unlimited funds, to be used only on a serious project using both Blockchain, IoT and AI, what would you create?

If you forgot how to code, what other career would you pursue?

What is your "I was so busy wondering if I could, that I forgot whether I should" concept/idea/project?

How many chicken eggs would fit inside the moon if it was hollow? (I like retarded interview questions)

If you started a startup, what unique perk would you offer your developer employees?

Do you under- or overengineer?

Most unnecessary feature you ever had to create?

Most necessary feature your boss/client denied to approve?

Back in my sysadmin days we had an IT zoo to look after. And I mean it... Linux side was allright, but unix.... Most unices were no longer supported. Some of their vendors' companies were already long gone.

There was a distant corner in our estate known to like 2 people only, both have left the company long ago. And one server in that corner went down. It took 2 days to find any info about the device. And connecting to it looked like:

1 ssh to a jumpbox #1
2 ssh to a jumpbox #2
3 ssh to a dmz jumpbox
4 ssh to an aix workload
5 fire up a vnc server
6 open up a vnc client on my workstation, connect to than vnc server [forgot to mention, all ssh connections had to forward a vnc port to my pc]
7 in vnc viewer, open up a terminal
8 ssh to hp-uxes' jumpbox
9 ssh to the problematic hp-ux

.....

I work for healthcare client project in a start up, worked two years straight without a break.

Client is very inconsiderate about developers work-life balance, he always wants to release every features yesterday.

Never had a reasonable deadline, worked late nights most of the time. No one had backbone to control this client from our side.

Its only developers team, no project management, scrum masters or anything, everything has to be taken care by Dev's.

I decided to take a week break from work.

The first day of my leave he pinged me 3 times to change an "from email" address for notification email which no one give a damn about.

I never replied or did anything. But the part of myself is dying of guilt.

Now I can't relax myself completely.

Re-thinking of my life choices atm.

I loved programming since high school, I can work on computers 24/7 without tired. That's how much I love it. Now I'm just tired of it.

If anyone who read this till here. Thank you.

Wants the AngularJS code hidden from any kind of client side viewing.
*A month long facepalm*

Tl;Dr: Client-side validated online test

Some stupid questions in an online test.
Not all of them were coding questions, but all (yes ALL) were client-side validated and to solve the tasks all I had to do was to copy one array into another and set the time I needed for that task to a legit number.

Well at least it was an online test that doesn't required 3hours.

I seriously do not understand the rants against Windows.

I love Windows 10 (got as free upgrade from MS), and have no issues with MacOS or Linux OS. I use them as well but do all serious work on Windows.

All my life, I have worked on business / commercial side and picked up Web development in last couple of years. I started using computers on DOS in 1992, and shifted to Windows 3.0 in 1995. There was no Mac or MacOS back then.

For serious work, I purchased a old Dell Precision M4700 workstation grade laptop with quad-core i7, at throwaway price, got 32GB RAM, 2.4TB (1x2 TB + 400gb) of SSD on super sale online, and installed it myself. It easily supports dual 4k monitors.

Git-bash on windows allows all the necessary linux command line on windows. Though not tried, Windows 10 allows embedded Ubunutu with linux terminal. Web development tools like - VSCode, git, github / bitbucket clients, NVM/Node, React / Redux / Webpack / Gatsby / Jest, REST clients, GraphQL client and server, Graph Server, Chrome PWA / Chrome Dev Tools, http/Websocket/WebRTC interception, Google Firebase SDKs, AWS sdks, cloud utilities, CI/CD tools work flawlessly. Windows even has its own package manager for applications.

Feel free to scroll by if you feel like it.

I am just very excited this evening because with today's commit I have reached a very important milestone in my side-project development. As of today all the [so far] 12 components are all working together and processing the main flow themselves.
No special functions, no test data in the code, nothing like that. A client is able to do its thing now as it should.

I know it doesn't sound like much, but as I'm working on this gigantic beast for 3 years now this milestone is hell of a reward for me!

Just wanted to share :)

edit: f* it! I'm getting a cake!

Listening to professor tell stories about when he used to develop, is like listening old war stories.

Back when I was in university, this teacher would tell us different stories about his days as a developer. This was one of the last ones, and I think it has not changed much since then.

*Phone rings*
Professor: Hello?

Client: I don't know what the fuck you take me for!

Professor: Oh, hello Client_Name. What seems to be the problem.

Client: This doesn't work! There's nothing here!

Professor: Ok, do you see the program file?

Client: No. I just said that there's nothing here.

They proceed to go over the issue and how to get the program to run. Or at least show up on the PC. This goes on for about 30 minutes.

Suddenly my professor has a thought.

Professor: Have you tried inserting the Floppy disk from the other side? Try flipping it.

Client: ...

> IHateForALiving: I have added markdown on the client! Now the sys admin can use markdown and it's going to be rendered as HTML
> Team leader: ok, I've seen you also included some pics of the tests you made. It's nice, there's no XSS vulnerabilities, now I want you to make sure you didn't introduce any SQL injection too. Post the results of the tests in the tickets, for everybody to see.

I've been trying to extract from him for 15 minutes how sending a text through a markdown renderer on the client is supposed to create a SQL injection on the server, I've been trying to extract from him how showing all of this to the world would improve our reputation.
I miserably failed, I don't know how the fuck am I supposed to test this thing and if I a colleague wasted time to make sure some client-side rendering didn't create a SQL injection I'd make sure to point and laugh at them every time they open their mouth.

Worst one I’ve seen so far is when I was working for my previous community another developer joined to help me, without the permission of me or the other lead developer he pushed a client-side update. We didn’t think it was a big deal, but once we began reviewing the code it became a big deal... he had placed our SQL credentials into that file that every client downloads. All the person had to do was open the file and could connect to our SQL which contained 50k+ players info, primarily all in-game stuff except IPs which we want to protect at all costs.

Issue becomes, what he was trying to do required the games local database on the client-side, but instead he tried connecting to it as an external database so he decided to copy server-side code and used on the client.

Anyways, the database had a firewall that blocked all connections except the server and the other lead dev and myself. We managed to change the credentials and pull the file away before any harm was done to it, about 300 people had downloaded the file within an hours period, but nothing happened luckily. IP to the DB, username, password, etc, were all changed just to keep it protected.

So far this is the worst, hopefully it doesn’t get worse than this :/

Fuck (some of) you backend developers who think regurgitating JSON makes for a good API.

"It's all in JSON. iOS can read JSON, right?"
A well-trained simian can read JSON, still doesn't mean it can do something with it. Your shitty API could be spitting out fucking ancient Egyptian for all I care, just make it be the same ancient Egyptian everywhere!

Don't create one endpoint that spits out the URL for the next endpoint (completely different domain, completely different path structure). Are you fucking kidding me?

As if that wasn't enough, endpoints receive data structured in one way, but return results in another!! "It's all JSON", but it's still dong.

How do I abstract that, you piece of shit? Now I have to write ever so slightly different code in multiple places instead of writing it only once.

How the fuck do I even model that in a database?

Have a crash course on implementing APIs on the client side and only come back when you're done.

Morons.

Client support ticket: we printed the ID cards without leading 0’s can you fix it with software?
Me: unfortunately we cannot because the ID number can be any length. ID 123, 0123 and 00123 can exist. What barcode would 123 go to?
Client: this is ridiculous we will cancel our contract.
Me: i’m sorry we can’t correct for a mistake on your end.
(Side note: I know allowing 0123 and 00123 is dumb but my team didn’t design the business logic)

When a shitty website does a bad job at preventing behavior by disabling client-side items (such as right click), I take it as a challenge, and usually do everything they don't want me to, simply out of spite.

Shitty-Clent-side: Onclick of submit button, send request to server
Server: Responds with a 500 error.
Shitty-Client-Side: change "Submit" to "Submitted" and backgroumd color to green(because UX is important and error handling can go to hell)

While this wasn't technically a real client, it's still one of the most insane requests I've ever had.

I chose to specialize in software engineering for the last year and a half of my degree, which meant a lot of subjects were based around teamwork, proper engineering practises, accessibility, agile methods, basically a lot of stuff to get us ready to work in a proper corporate dev environment. One of our subjects was all about project management, and the semester-long coursework project (that was in lieu of a final exam) was to develop a real project for a real client. And, very very smartly, the professors set up a meeting with the clients so that the clients could tell us what they wanted with sixty-odd students providing enough questions. They basically wanted a management service for their day-center along with an app for the people there. One of the optional requirements was a text chat. Personally not something I'm super interested in doing but whatever, it's a group project, I'll do my part.

The actual development of the project was an absolute nightmare, but that's a story for another day. All I'll say is that seven juniors with zero experience in the framework we chose does not make a balanced dev team.

Anyway, like three months into the four-month project we've got a somewhat functional program, we just need to get the server side part running and are working our asses off (some more than others) when the client comes in and says that 'hey, nice app, nobody else has added the chat yet, but could you do voice recognition okay thanks?'.

Fucking.
Voice.
Recognition.

This was a fucking basic-ass management app with the most complicated task being 'make it look pretty' and 'hook up a DB to an API' and they want us to add voice recognition after sitting on their ass for three months??? The entire team collectively flipped its shit the second they were out of earshot. The client would not take no for an answer, the professor simply told us that they asked for it and it was up to us whether we delivered or not. Someone working on the frontend had the genius idea of 'just get them to use google voice recognition' so we added the how-to in the manual and ticked the requirement box.

What amazes me about all that is how the client probably had no idea that their new last-minute request was even a problem for us, let alone it being in a completely different ballpark in terms of implementing from scratch.

Embedding private encryption key in production javascript file and fetching third party session token client side.

You utter &@£#s. You give rediclious promises to clients without consulting Devs how long items will take, when issues with project are clarified with client months in advance you turn around week before last and do a massive U turn. Expect junior developers to be masters of Photoshop, flash, server side technologies and to get around and code the front end. Then developers who are putting in the over time already you demand a massive load of overtime extra and threaten us if we don't meet the deadline?! Sat here blood boiling. last guy here litrually rage quit because of issues like this and #&## I think I'm going to too, so hard to try stay professional! ##&##&# I have had it!

As a side project, I've been helping out a friend build a website for free.

friend: I need more of your commitment for this project. We're about to get a huge client!

Me: Yeah you've been saying that for a year. Dude, I just don't have time to waste in projects that are not givine me any money.

friend: HOW DARE YOU! ARE YOU BLACKMAILING ME?!?!

ugh... not my friend anymore

When I cost the company half a million.

We recently got incubated and signed up for an accelerator programme, it was a life changing moment for me especially after having worked with my startup unpaid for almost a year. So naturally, it meant a lot to me.

But my friends / colleagues had to leave for a trip leaving me to work along side this other startup in the same batch. They needed a front end guy for their web stuff so we naturally offered our services except they needed me to work on Angular and I didn't know jack shit about it but pretended I did.

I couldn't reach out to my friends for help because I felt bad and wanted to prove my worth, and I pressured myself to the point where I called the client our batch mate brought on board making him leave.

I lost credibility as a professional, trust as a friend and my place at the office because it's gotten extremely awkward to go back there.

I fucked up my one way ticket out of my current certain household circumstances and realized I'm just a shitty developer who's all talk and no show.

So, at the start of November last year I completed a big system for a client. It took me months to complete.

Most frustrating was the sheer amount of pressure the client applied to get it completed. Emails every day, phone calls where the client was "checking" on my progress etc etc. All the annoying stuff.

Only plus side was the fact they paid in full a few after is was completed.

I've just released the system is still on a test AWS account and I haven't heard from the client for well over a month now.

I've just logged into the system and took a look at the logs. The client logged in once the day it was completed and hasn't done anything since.

I mean what was the point of all the pressure if they were just going to let the thing gather dust?

I'm pretty annoyed to be honest as I experienced a few fairly borderline stressful months due to that project.

Ah well, the image below was me after looking at the system logs :)

Last I started my new job, and I got 2 new laptops (one from my job, amd a separate from the client, as I'll be there full time for at least a year). The work one was pricy af imo (P50, ~2500$ ex. VAT), then I got the client one... wtf is wrong with these people, the laptop cost fucking 6000$ (again, ex. VAT).

Now on the personal side I'm cheap as fuck, and the current laptop I use is one that was meant to be scrapped at my old job that I took home to fix. While it's fun getting those laptops, my brain cannot stop thinking "why the fuck do I need 64 gb ram, 2tb storage and 500gb NVME ssd to basically write text?"

I miss old times rants...So i guess, here it goes mine:

Tomorrow is the day of the first demo to our client of a "forward-looking project" which is totally fucked up, because our "Technical Quality Assurance" - basically a developer from the '90-s, who gained the position by "he is a good guy from my last company where we worked together on sum old legacy project...".
He fucked up our marvellous, loose coupling, publish/subscribe microservice architecture, which was meant to replace an old, un-maintainable enormous monolitch app. Basically we have to replace some old-ass db stored functions.
Everyone was on our side, even the sysadmins were on our side, and he just walked in the conversation, and said: No, i don't like it, 'cause it's not clear how it would even work... Make it an RPC without loose coupling with the good-old common lib pattern, which made it now (it's the 4th 2 week/sprint, and it is a dependency hell). I could go on day and night about his "awesome ideas", and all the lovely e-mails and pull request comments... But back to business

So tomorrow is the demo. The client side project manager accidentally invited EVERYONE to this, even fucking CIO, legal department, all the designers... so yeah... pretty nice couple of swallowed company...

Today was a day, when my lead colleague just simply stayed home, to be more productive, our companys project manager had to work on other prjects, and can't help, and all the 3 other prject members were thinking it is important to interrupt me frequently...

I have to install our projects which is not even had a heart beat... not even on developer machines. Ok it is not a reeeeaaally big thing, but it is 6 MS from which 2 not even building because of tight coupling fucktard bitch..., But ok, i mean, i do my best, and make it work for the first time ever... I worked like 10 ours, just on the first fucking app to build, and deploy, run on the server, connect to db and rabbit mq... 10 FUCKING HOURS!!! (sorry, i mean) and it all was about 1, i mean ONE FUCKING LINE!

Let me explain: spring boot amqp with SSL was never tested before this time. I searched everything i could tought about, what could cause "Connection reset"... Yeah... not so helpful error message... I even have to "hack" into the demo server to test the keystore-truststore at localhost... and all the fucking configs, user names, urls, everything was correct... But one fucking line was missing...
EXCEPT ONE FUCKING LINE:
spring.rabbitmq.ssl.enabled=false # Whether to enable SSL support.

This little bitch took me 6 hours to figure out...so please guys, learn from my fault and check the spring boot appendix for default application properties, if everything is correct, but it is not working...

And of course, if you want SSL then ENABLE it...
spring.rabbitmq.ssl.enabled=true

BTW i really miss those old rants from angry devs, and i hope someone will smile on my fucking torture

My client's using some legacy server side software. I set it all up nice and isolated with proxmox, tunneled it through cloudflare, got the folks to do their install on a windows vm, passthrough their licensing usb. Hosted GLPI on it too (system inventory) and so on.

Wait for it. Windows Server refuses to accept local or domain passwords. WTF. Even went ahead and did a Utilman reset on it which lets you use an admin cmd prompt to the login screen where you could reset the password. Insane that it was even possible, but no good.

Client blamed linux for it, I switched over to Windows Server on baremetal. I setup Hyper-V thinking it should be just as capable as KVM.

Nope.

Guess what, you can't pass through usb for licensing (the legacy software). MOFOS DECIDED TO install it baremetal. I couldn't even get hyper-v to create a decent virtual network. It keeps changing all my network adapter settings. I COULDN'T EVEN PASSTHROUGH PCIE NETWORK CARDS.

This feels like an eternally stagnated, mossy soup of abandonware.

FUCK YOU WINDOWS. You've been sore pain the ass for EVERYONE.

2020

Dotnet Core and dotnet framework are now one (november).

Blazor has an official release for client side webassembly.

I fucked again...
This is second time I've accidentally executed sudo poweroff on test server via ssh assuming it was my machine :(

It's all because my mind was not stable as we were testing few issues on test server and at the same time from client side someone was doing the changes from Admin side(Wordpress) and we saw menu and few text got disappeared.
Such a bad day. smh

I am participating in a project i called "Game of Thrones"

We pretend that we are a team, but in reality everyone hate one another.
It took only 3 weeks for Team Leader to turn everyone against him.
He is constantly fighting for power with Architect who is terrible at his job, and doesn't listen to his advice even if they are good.
We hate Team Leader because he is an tyrant, who is ruling from high tower his peasants. His favorite task is to create various rules that everyone has to accept. You have to write "I accept" in a chat but this is the only choice. You cannot disagree.

Moreover there are developers from client side. They "committed" current project which is full of bugs and generally doesn't work. I don't know why they are still working there, but I presume every of them is working for 5+ years, so they are the only ones able to dig thru the spaghetti they made.
They constantly fight with us about the how code should be written, they commits are garbage but they are very peaky when it comes to ours PR.
They always drag our PR as long as they can. Even sometimes pointing they mistakes as ours.

Working on a side gig - an online clothing store - just finished implementing the cart logic, need to set up both PayPal and mobile money payments plus make sure the whole UI is responsive - fucking images! This is all needed by tomorrow... I haven't slept since Monday, just getting back home from a long day at work and did I mention that the client is also expecting to see a custom blog that I haven't even begun working on...

Fuck

I spent two weeks writing a WordPress plugin to take some form data, process it through another website, and take the result to Salesforce. the client had a "Salesforce specialist" doing everything on the Salesforce side and refused to give me access to see if the data was properly pushed through.

Finally I got it in working condition when suddenly it stopped working, I hadn't changed anything since it worked so I asked if he could have possibly changed something. We argued for over 4 hours about who changed something, the whole time I was looking for the error in my code. At 6pm I finally told him I would need to take a look at it tomorrow.

Overnight he sent me an email:
"Hey, sorry about the confusion yesterday, I set Salesforce to deny duplicate email entries, looks like once I removed that everything is working."

I'm not much a fan of JavaScript. In fact, I am not very fond of any dynamic language, but JavaScript is one of my least favorites.

But this isn't about that. I use NodeJS for all of my web serving. Why would I do that? Am I a masochist? Yes.

But this isn't about that. I use NodeJS because having the same language on client and server side is something that web has never really seen before, not in this scale. Something I really really love with NodeJS is socket connections. There's no JSON parsing, no annoying conversion of data types. You can get network data and use it AS IS. If you transmit over socket using JSON, as soon as that data arrives on the server, it is available to use. It gets me so hard.

JavaScript is built to be single-threaded, and this is rooted deep into the language. NodeJS knows this isn't gonna work. And while there's still no way to multi-thread, they still try their best and allow certain operations (Usually IO) to run async as if you were using ajax.

With modern versions of the language, the server and client side can share scripts! With the inclusion of the import keyword, for the first time I have ever seen, client and server can use the same fucking code. That is mindblowing.

Syntax is still fluffy and data types are still mushy but the ability to use the same language on both sides is respectable. Can't wait for WebASM to go mainstream and open this opportunity up to more languages!

I guess that's what they call "Client side processing"

As a freelancer I get side requests from bigger development companies from time to time that don't have the time or capacity to deal with it themselves.

So usually the employees are pretty friendly but they do not like to read any of the documentation I send with the code. They call me up with stupid questions that are usually answered in the documentation.

I had sent them everything they had requested last Thursday so they called me on Friday to ask the usual stupid question. However, this time I had beforehand decided to have some fun! I told them I had to leave for the weekend and to call me back on Monday. Of course they called me during the weekend, but I didn't answer. So they called me today.

What I had done before handing it all in was I had named the methods that I wrote illogically, while stating and explaining the whole situation in the documentation extra clearly.

So I answered the call today and the first thing they did was apologize. Since I didn't answer their calls during the weekend they finally realized that the best way to go is reading the documentation instead of calling me all the time. They were freaked out at first because they thought there was something completely wrong with the code and they had to tell their client that the deadline had to be pushed back.

We are all good now :)

our university results are out
the webpage to check the results has only 3 input fields
roll number
date of birth
captcha
after checking the source code turnsout it doesn't need the date of birth and the most FUCKEDUP part is the captcha it uses is generated using javascript on the client side and literary checked using string1 == string2
I captured the post request its sending..
it only sends the roll number with some headers to the url
I wrote a quick python script to emulate the post request and got back the results of my entire college
note - the university I'm referring to has literally more than hundred thousand students under it, each and every student uses that interface to get his results

I feel so guilty.
I had to make a hotfix today. It is the ugliest piece of shit code I ever intentionally created. But there was no other way. I swear there was no other fucking way!

My boss just assigned this to me. But because she thinks this needs to be a hotfix and can't wait for the next release we just have to change the server and not the client side of our application.
So I had to add a memory to our server so that it knows from which high level method from the client the multiple low level calls to it are coming from.
It just doesn't make sense logically.

I mean I feel like I killed someone. And just so that we get less writes to our DB. I mean yes in some edge cases it is a huge speed-up...
But nothing this fix solves is a new bug.

I'm gonna take a shower now. For like an hour

ÆÃÅĀÀÁÂÄ!!!
I'm so thrilled!! I am not a GUI person & I am rly rly slow & bad when it comes to minor changes on that part..
But today I finally finished GUI, client logic, server side logic & db shiiit for some audit interface I was making.. ..from scratch, meaning it wasn't some changese here & there, no copy pasta no nothin.. I did the whole thing by myself..did a lot of things for the first time & it didn't take me ages!! Wiiiiii!!! Having a total 'I iz so proud of myself' moment!! // I usually am not the boasting/confident/happy with myself type..

I got my first appointment with my first freelance client today as I'm trying to earn some money on the side. She contacted me after the guy before me hasn't delivered in more than 2 months.

Her: So how much do you think its gonna cost me.

Me: Well the minimum rate for a site like this is like €1000. But since you are my first client, I'm willing to do it for €700.

Her: The guy before you only charged €250...

Me: I'm sorry I can't do that. I might get to 500 if I cut some corners, but I can't make any promises.
Inner me: Look where you're 250 has got you... You haven't seen anything in return...

Her: Proceeds to whine about how it's still waaay to much ... And how she will get me more clients etc. (Yeah right...)

a client i was doing a side project for recently hired another dev to finish my project apparently i wasn't fast enough for them; despite their late submition of asserts.now their "dev" fucked up everything i was building and they want me to take the project over the weekend..

The client in my previous rant asked me to overhaul their whole internet radio system in three days.

So I went on and install RadioDJ, which needs MySQL, which also needs .NET framework. And an encoder is needed to convert the RadioDJ's output and port it to the streaming host, ShoutCast.

Oh, and every software install needs the network admin's permission.....which won't be here until end of next week.

And here I am, in their broadcasting room on a Sunday, trying to download everything that I can so the admin can install it.

On the bright side, that stupid icon is finally vertically centered.

A server application pulled off some sort of listings as table. Problem was, it crashed with some thousand data files after one and a half hours. I looked into that, and couldn't stop WTFing.

A stupid server side script fetched the data in XML (WTF!) and then inserted shit node-wise (WTF!!), which was O(n^2) - in PHP and on XML! Then it converted the whole shebang into HTML for browser display although users would finally copy/paste the result into Excel anyway.

The original developer even had written a note on the application page that pulling the data "could take long". Yeah because it's so fucking STUPID that Clippy is an Einstein in comparison, that's why!

So I pulled the raw data via batch file without XML wrapping and wrote a little C program for merging the dumped stuff client-side in O(n), spitting out a final CSV for Excel import.

Instead of fucking the server for 1.5 hours and then crashing, shit is done after 7 seconds, out of which the actual data processing takes 40 bloody milliseconds!

Spent 2 hours last night (leaving an hour late) with the IT guy hunting down a problem that affected at least 12 other teams. It didn't crash the app, but did prevent MANY scripts from working, and thus nothing could be committed.
I found the culprit, made a solution, and posted in the email chain my solution. (it required a code review and a client-side update)
Someone responded asking for another dev to confirm my report. That dev did and them dumbed it down for those who can't understand programming talk. Then EVERY EMAIL after that thanked that dev for "fixing the root problem" and "solving their scripts".
And just now, the PO for the bug was replaced to that dev's team. (previously was my team's PO)

Nope, definitely not going to work for that customer anymore. Fuck this shit. At least for this week.

My background: mid-30 years old, some kind of business & IT consultant / lead dev working for a mid sized CRM consulting company, with approx 15 years of experience in development and software architecture, most of the time "thinking" in C#, still learning new languages, being a cloud evangelist and team lead. We usually have customers with customers (B2B/B2C).
Personality type "campaigner" (ENFP-A).

Today the project lead of my client (a big corporation in the energy industry) told me that he still didn't order all the necessary resources for the cloud project. Just to be clear: He's on the client side. We (the architects, one internal and me) told him one month ago what we need for the beginning. Just a few things - an Azure subscription, a license for the CRM platform, and our dev tools.

And now let's guess when the project is planned to begin? Yeah, right: 1st of April. NO APRIL'S FOOL. And guess what? Next Tuesday we'll do the onboarding for the new (external) devs, and NOTHING will be ready. Yeah, just let us build stuff in our minds, and on the whiteboards, because it's an AGILE project, right? We don't need any systems and tools...

And now he sent me the questionnaires which need to be answered before any cloud service can be ordered by the corporate IT. And yes, he didn't answer a single thing, and just meant "Those are architecture questions" (they are not) and (of course) "please provide the answers until Monday morning, so we can FINALLY order the services."

Yeah, you fucktard. Of course it's MY FAULT now. Maybe I should write an email to your boss asking how we can speed things up a little bit...

So... About a month ago 2 interns started a project from scratch at my company. My boss gave them a project to follow as an example (more for the api and database side).

Wednesday they ended the internship and I've began to help fix the rest of the kinks that were left to be fixed. Friday we were finishing up the app and api to send to the client for tests. The database was created with 4 tables that were equal in structure... Imagine that you need a table for orders and they have status like pending, cancelled, finished and accepted. What they've done was they created 4 tables, one for each status....

Why the hell would you do this???

You realize that the ERP software you use at your company is shit when:
- there is no service-side ERP backend handling requests
- the whole permission system is client-side (!)
- every client directly connects to the MSSQL database with a supervisor user (stored in plain text in a local config file)
- the MSSQL database contains tables with:
- typos
- names like "contract" but then also "contracts"
- mixed german and english words
- the multiple-business-unit implementation uses 4 columns named "Layer 1, Layer 2, Layer 3, Layer 4" in EACH table
- you find out that the ERP software is created with a fucking "software creation tool"
- there is no API, so you have to program one yourself to use for services

Yet, they charge us shit ton of money for their broken ass software.

I love refactoring :) just finished going through implementing accrued knowledge from the last 6 months into all my client side code and just doing that opened all kinds of doors for new features and niceties.

For the last 20 years, there's one thing I've not been able to do reliably:

Share a folder on a windows computer.

Why the fuck can I write /etc/smb.conf from scratch with a blindfold on and make it securely work from all client devices including auth & acl, but when I rightclick and share on windows it's either playing hide and seek on the network (is it hiding behind //hostname/share? No? Maybe in the bushes behind the IP addresses?), or it's protected by mysterious logins requiring you to sacrifice two kittens a day.

Yes, finally it works! One windows update later... aaaand it's gone.

JUST GIVE ME A FUCKING CONF AND A MAN PAGE, MICROSOFT. I DON'T CARE THAT YOU'RE ORALLY PLEASING ALL THESE MALWARE RIDDEN GUISLUTS ON THE SIDE, JUST GIVE ME A FUCKING TEXT FILE TO STORE AND EDIT.

When you spend an entire day debugging the client side halfway losing your mind, then you realize the 3rd party service API is to blame.

UUUggh!

Client asked us to modify site made in some obscure CMS. Authentication on AJAX request is done by sending email and password as plaintext in header and then it would do md5 on server side

Not really a hack but still worth telling:

I was working in the QA team for a big project. I tried to do some automation when I realized some radio button behaved weird... out of curiosity I checked the source and saw that there was a hidden option for a unimplemented payment option.

I was like: Let’s see how the system behaves if I just submit that form with that hidden value...

Well I was very surprised when I received the email that my order has been processed successfully.

During the investigation we found out that this bug was in prod for over two years. And it requires a one liner executed in the browsers console to skip the payment.

It was kind of a big deal and although I was (and am) still a trainee (in apprenticeship) I got invited to meet up with the client and the bosses.

It was kind of a door opener! After that they trusted me more. I have more responsibility, more interesting tasks and more client contact ever since.

To make a long story short:
Validate everything on the server side ;-)

Too many to count, but this one useless meeting stands out the most.

I was working as an outside dev for software corporation. I was hired as an UI dev although my skill set was UI/engineer/devops at the time.

we wrote a big chunk of 'documentation' (read word files explaining features) before the project even started, I had 2 sprints of just meetings. Everybody does nothing, while I set up the project, tuned configs, added testing libraries, linters, environments, instances, CI/CD etc.

When we started actual project we had at least 2 meetings that were 2-3 hours long on a daily basis, then I said : look guys, you are paying me just to sit here and listen to you, I would rather be working as we are behind the schedule and long meetings don't help us at all.

ok, but there is that one more meeting i have to be on.

So some senior architect(just a senior backend engineer as I found out later) who is really some kind of manager and didn't wrote code for like 10 years starts to roast devs from the team about documentation and architectural decisions. I was like second one that he attacked.

I explained why I think his opinion doesn't matter to me as he is explaining server side related issues and I'm on the client-side and if he wants to argue we can argue on actual client-side decisions I made.

He tried to discuss thinking that he is far superior to some noob UI developer (Which I wasn't, but he didn't know that).

I started asking some questions and soon he felt lost and offended. We ended that discussion with conclusion that I made my own decisions on the client-side. That lasted less than 10 minutes.

So I just sit there and eat popcorn for next 4 and half hours listening to their unnecessary discussions where some angry manager that did programing decades ago wanted to show that we are all noobs and stupid.

what a sad human being.
what a waste of time, but hey I got payed for this 5 hour meeting.

So we had this legacy Objective-C codebase for a mobile app that was actually pretty good: I'd inherited the codebase and spent the past several years gradually improving it and I was actually quite proud of the work I put into it. So of course management decides to scrap it (with NO consultation from the engineers) and outsource a complete rewrite of the app in C# for Windows Universal.

Let me tell you. That code was without a doubt and without exaggeration the *worst* code I've seen in my close to 30 years of experience as a developer. I mean they broke every rule in the book, I'm talking rookie mistakes. Copypasta everywhere, no consistent separation of concerns, and yet way too many layers. Unnecessary layers. Layers for the sake of layers. There was en entire abstraction layer complete with a replicated version of every single data class *just* to map properties in pascal case to the same property in camel case. Adding a new field to a payload in the API amounted to hours of work and about eight different files that needed to be modified. It was a complete nightmare. This was supposed to be a thin client, yet it had a complete client-side Sqlite database with its own custom schema (oh and of course a layer for that!) completely unrelated to the serverside schema, just for kicks. The project was broken up into about eight or nine different subprojects, each having their own specific dependencies on various of the other subprojects in such a tightly-knit way that it made gradual refactoring almost impossible. This architecture was so impressively bad, it was actually self-preserving!

Suffice it to say it was a complete nightmare, and was one of the main reasons I ended up leaving that company. So just sayin', legacy code isn't always bad. :)

So I'm a freelancer celebrating my second year at this one client (yes, times are good). When I first got to my current (not customer-facing) project, lots of "externals" (other freelancers) had come and gone, "internals" had been assigned and reassigned to and from this project and nobody knew exactly what was in the (angularjs) codebase.

One of my first
"quick win" assignments was to see if load times could be reduced. After some looking around it turned out someone had used moment.js (with locales, 67k gzipped) for some feature that had since been abandoned... and then accidentally dropped it into the source folder, checked it into source control (svn!), from whence it was happily packaged by the CI job and released every month.

Removing it reduced the pre-render javascript by about 40%. (also yes, that said "nobody knew exactly what was in the client-side codebase")

Back in the day, I worked side by side with a designer that actually wanted to build things together, instead of having me answer the dreadful "can we build this?" question and him singlehandedly knowing what's best for the product, the client, the user, figuring out the UI/UX etc.

Strap in...

- Previous employer
- 3rd party partner firm
- integration link between both over SOAP
- Both sides riddled with poor code and messed up political structures (partner firm CEO is an investor in my employer)
- Doing a deployment to update to https (I know)
- Keep http endpoint live
- Other side starts shitting itself
- Diagnose
- Not us
- feelsgoodman.tiff
- Get angry email
- Explain not us
- Back and forth
- Tell client it’s “irrelevant” on https issue, it’s their side that’s gone wrong
- Get angry reply with boss cc’d about how nothing is “irrelevant” for the client
- We all had to have a make up meeting and meal
- Client was calm and reasonable, all agreed we just snapped and it wouldn’t happen again
- 2 weeks later
- Their system shits itself again and suddenly we’re on the hook
- BA on my team (smarmy little bastard) constantly fucking me off
- Get so close to actually screaming and hitting him

So yeah. I don’t tend to hold that a job is more important to me than my dignity.

I have and will never hold my tongue for the sake of a job, I’m not gonna put up with people shouting / belittling / backstabbing etc.

#confession

I don't know what you guys think but I freaking love programming my own Minecraft client. It sounds childish but I love to see server owners rage when they see their Servers dying because of my exploits. It's a good feeling.

But I got 3 DOS attacks afterwards so there is a high risk to make lifetime enemy's.

Let us all post our dark side of knowledge and the shit we have done to amuse ourselves!

I'm learning nginx and it's simplying the way I think about web projects.

I used to think that when I used a server side framework, then that should be the master and all should go through it. Noob me.

I used to put client side projects (like create-react-app of vue-cli projects) right inside the server side project.

But with nginx you can just route subpaths to different places, then instead of having, let's say, the react project inside rails, they would be in separate git projects.

In fact, I no longer need to restrict myself to a single server framework.

I love several aspects of rails. I love several others of node. And if I need multithreaded performance, I'd very much use something like phoenix or go.

Again, with nginx, you setup subpaths with the `location` directive in the same server and voila, a no CORS setup, cookies shared and homogenous versatile website.

Dev Diary Entry #56
Dear diary, the part of the website that allows users to post their own articles - based on an robust rights system - through a rich text editor, is done! It has a revision system and everything. Now to work on a secure way for them to upload images and use these in their articles, as I don't allow links to external images on the site.

Dev Diary Entry #57
Dear diary, today I finally finished the image uploading feature for my website, and I have secured it as well as I can.

First, I check filesize and filetype client-side (for user convenience), then I check the same things serverside, and only allow images in certain formats to be uploaded.

Next, I completely disregard the original filename (and extension) of the image and generate UUIDs for them instead, and use fileinfo/mimetype to determine extension. I then recreate the image serverside, either in original dimensions or downsized if too large, and store the new image (and its thumbnail) in a non-shared, private folder outside the webpage root, inaccessible to other users, and add an image entry in my database that contains the file path, user who uploaded it, all that jazz.

I then serve the image to the users through a server-side script instead of allowing them direct access to the image. Great success. What could possibly go horribly wrong?

Dev Diary Entry #58
Dear diary, I am contemplating scrapping the idea of allowing users to upload images, text, comments or any other contents to the website, since I do not have the capacity to implement the copyright-filter that will probably soon become a requirement in the EU... :(

Wat to do, wat to do...

Had to demo i18n working to client with 45m notice..

Google translate the whole page server side and pray CSS behaves.

I'm in a programming school that gives only projects in C and a method to learn quickly.
Then we don't have official web classes or anything so we have "Labs" or "Clubs" and last time I was at a web programming club, leaded by students (because it gives me some more credits).

I was very surprised because they began to try to learn us the Javascript without talking about DOM.

And their explications about server-side and client-side codes were not clear (and obviously not exhaustive).
I have some (not a lot neither) experience in web programming so I helped him to make his course more understandable but I can't believe that these courses are given by students who don't have any idea of what's web programming...

I’ve been out of steady work for almost 2 whole months now but things are starting to look up...

I’m super stoked for some potential client projects!!! I have one client that wants me to completely rebuild their businesses infrastructure, PC refresh, server upgrade, network overhaul for 3 sites, and more. This new client has a business partner with another side business and wants to discuss potential work/projects. And I’m going to be discussing a potential contract deal on Thursday to develop a custom software for another client.

Guys! My startup is starting woot!!!

We had 1 Android app to be developed for charity org for data collection for ground water level increase competition among villages.

Initial scope was very small & feasible. Around 10 forms with 3-4 fields in each to be developed in 2 months (1 for dev, 1 for testing). There was a prod version which had similar forms with no validations etc.

We had received prod source, which was total junk. No KT was given.

In existing source, spelling mistakes were there in the era of spell/grammar checking tools.

There were rural names of classes, variables in regional language in English letters & that regional language is somewhat known to some developers but even they don't know those rural names' meanings. This costed us at great length in visualizing data flow between entities. Even Google translate wasn't reliable for this language due to low Internet penetration in that language region.

OOP wasn't followed, so at 10 places exact same code exists. If error or bug needed to be fixed it had to be fixed at all those 10 places.

No foreign key relationships was there in database while actually there were logical relations among different entites.

No created, updated timestamps in records at app side to have audit trail.

Small part of that existing source was quite good with Fragments, MVP etc. while other part was ancient Activities with business logic.

We have to support Android 4.0 to 9.0 of many screen sizes & resolutions without any target devices issued to us by the client.

Then Corona lockdown happened & during that suddenly client side professionals became over efficient.

Client started adding requirements like very complex validation which has inter-entity dependencies. Then they started filing bugs from prod version on us.

Let's come to the developers' expertise,
2 developers with 8+ years of experience & they're not knowing how to resolve conflicts in git merge which were created by them only due to not following git best practice for coding like only appending new implementation in existing classes for easy auto merge etc.

They are thinking like handling click events is called development.

They don't want to think about OOP, well structured code. They don't want to re-use code mostly & when they copy paste, they think it's called re-use.

They wanted to follow old school Java development in memory scarce Android app life cycle in end user phone. They don't understand memory leaks, even though it's pin pointed by memory leak detection tools (Leak canary etc.).

Now 3.5 months are over, that competition was called off for this year due to Corona & development is still ongoing.

We are nowhere close to completion even for initial internal QA round.

On top of this, nothing is billable so it's like financial suicide.

Remember whatever said here is only 10% of what is faced.

- An Engineering lead in a half billion dollar company.

My project manager one time called me while I was waiting in the bank. He told me that the latest changes in the project I was working on were not deployed to production and they were having a meeting to demo those changes to the client later that day.

I had my laptop with me but it wasn't charged. I asked the security guys if I could use the socket used to power up the cleaning/sweeping machines and they didn't mind.

So it was me sitting on the floor in the bank hall using a side socket to power up my laptop holding my cellphone so I can use the hotspot and get internet connection deploying yesterday's changes to a production server.

Eventually, the client didn't attend the meeting that day!

I'm currently working on a feature that no one likes. Everyone knows that it will be removed soon because the users won't understand it, but it still has to be implemented due to client-side Management madness.

Good thing: the contract with this client expires in 3 weeks :)

One of the online education tools my high school used had client-side validation for test answers

As if that wasn't bad enough, the correct answers were literally marked by the CSS class 'correct', meaning that any idiot who could figure out how to open the devtools could see the correct answers

Thankfully, this program was ditched before it was used for anything major

I'm trying out blazor at the moment, building a couple of prototypes. I really need to brush up on my html/css for the view stuff, and of course there are a few gotchas. But other than that, I really think Microsoft has nailed browser apps with this!
Client side, server side, a mix of both, runs in all major browsers + as PWA or Electron.
Wow.
All logic and view manipulation in C#, no JS. And the performance is great.
Just.
Wow.

Spend literally two days trying to figure out why I have a 2 hour offset in my timezones for a lamp web app. This isn't even close to my first timezone rodeo.

Check logs, reset Apache/MySQL/PHP timezones in like 100 places. Use 3rd party server side and client side timezone libraries. Moment.js you say? Shit works like a charm... but is, of course, still two hours off.

MySQL is right. PHP is right. Apache is right. PHP libs are in place. Finally convert the entire damn project to use epoch time because I have a deadline, I have no more time to read backwater AWS docs and try to figure out why the hell this Ubuntu EC2 is fucked up, and I literally cannot figure out why in the hell the damn clock is off.

Several days later notice a variable in the main .config file... right in root... 2 hour timezone offset.

Fuuuuuuuuuuuuuuuuuuuuck.

This was originally a reply to a rant about the excessive complexity of webdev.

The complexity in webdev is mostly necessary to deal with Javascript and the browser APIs, coupled with the general difficulty of the task at hand, namely to let the user interact with amounts of data far beyond network capacity. The solution isn't to reject progress but to pick your libraries wisely and manage your complexity with tools like type safe languages, unit tests and good architecture.

When webdev was simple, it was normal to have the user redownload the whole page everytime you wanted to change something. It was also normal to have the server query the database everytime a new user requested the same page even though nothing could have changed. It was an inefficient sloppy mess that only passed because we had nothing better and because most webpages were built by amateurs.

Today webpages are built like actual programs, with executables downloaded from a static file server and variable data obtained through an API that's preferably stateless by design and has a clever stateful cache. Client side caches are programmable and invalidations can be delivered through any of three widely supported server-client message protocols. It's not to look smart, it's engineering. Although 5G gets a lot of media coverage, most mobile traffic still flows through slow and expensive connections to devices with tiny batteries, and the only reason our ever increasing traffic doesn't break everything is the insanely sophisticated infrastructure we designed to make things as efficient as humanly possible.

If you're experiencing the "can't scroll up on the profile page" bug, here's the solution:

Scroll up until the bug. Put (press and hold) your finger on the "tab bar" at the top. Move your finger up a little, then down to scroll.

This is worked for me.

Well... I can think of several bugs that I found on a previous project, but one of the worst (if not the worst, because the damage scope) it's one bug that only appears for a couple of days at the end of every month.

What happens is the following: this bug occurs in a submodule designed (heh) to control the monthly production according the client requirements (client says "I want 1000 thoot picks", that submodule calculates the daily production requirements in order to full fill the order).

Ideally, that programming need to be done once a week (for the current month), because the quantities are updated by client on the same schedule, and one of the edge cases is that when the current date is >= 16th of the month, the user can start programming the production of the following month.

So, according to this specific case, there's an unidentified, elusive, and nasty bug that only shows up on the two last days of every month, when it doesn't allow to modify/create anything for the following month. I mean, normally, whenever you try to edit/create new data, the application shows either an estimated of the quantities to produce, or the previous saved data. But on those specific days it doesn't show any information at all, disregarding of there's something saved or not.

The worst thing is that such process involves both a very overcomplicated stored procedure, and an overcomplicated functionality on the client side (did I mentioned that it dynamically generates a pseudo-spreadsheet with the procedure dataset? Cell by cell), that absolutely no one really fully understands, and the dude that made those artifacts is no longer available (and by now, I'm not so sure that he even remember what he done there).

One of the worst thing is that at this point, it's easier to handle with that error rather to redesign all of that (not because technical limitations, but for bureaucratic and management issues).

The another worst thing (the most important none) is that this specific bug can create a HUGE mess as it prevents the programming of the production to be done the next day (you know, people tends to procrastinate and start doing things at the very end of the day/week/month)... And considering that the company could lose a huge amount of money by every minute without production, you can guess the damage scope of this single bug.

Anyway, this bug has existed since, I don't know, 2015 (Q4?) and we have tried so many things trying to solve it, but that spaghettis refuse to be understood (specially the stored procedure, as it has dynamically generated queries). During my tenure (that ended last year) I spent a good amount of time (considering what I mentioned on the last rant, about the toxic environment) trying to solve that, just giving up after the first couple of weeks.

Anyway... I'm guessing that this particular bug will survive another 4-ish years, or even outlive the current full development team... But, who knows ¯\_(ツ)_/¯ ?

!rant

TL;DR one year on as a react dev, I want to go at it self employed, humbly seeking advice as this community seems to have its fair share of knowledgeable freelancers.

I have 1 year professional experience now as a Meteor, React and Apollo developer

The dream is to become self employed. I figure a good market would be small businesses that want a website that are more featureful than a diy wix site.

Only I am more of a developer than a designer, so rely heavily on things like Bootstrap or Material ui. So I wonder if Upwork, Fiverr or simply my own freelance website would be better.

As you guessed javascript is my biggest strength, not sure if nodejs is the best backend for small businesses as hosting prices are more than eqv php stack.

Also want to build own projects on the side to monetize. Bigger dream would be to be client-less and develop and sell personal projects.

Seeking advice from those who are self employed. Am I dreaming too big?

Shall I keep the office job for a bit longer then take the plunge? Or do you think I can just go for it. Are there lucrative areas I am missing?

Thanks in advanced

...What a day ,
"CTO new priority need this project started and completed ASAP."
Me: "What about my current project you wanted me to work on that was a high priority which took over Another project I was supposed to be working on?"
CTO: "This one is a higher priority than both of them"
Me: "ok sure shall get onto it".
PM: "A client has come in with an issue on another project I need this fixed now".
Team leader assigns me a bunch of tasks that need to get done which is ok but 5 people need me to get it done so they can do the bulk of their work.

Later for a side project CTO asks me to get a list together of things that are missing for this side project, about 60 seconds later he asks me to send him the email now - bare in mind nearly 300 assets I need to go through which are not organised so what the heck I just send him it mid sentence.

End of day get told that CTO wants me on yet another different project...

Each of these projects takes 4 months to get done. But arggggg... oh and then I hear that our new PM has decided to cut all project deadlines by half....

I am but a single person,
I just want to sit back and watch everything burn around me... But the company has a history of Scape goating people on failed project deadlines... Never a dull day in the office but tbh kinda like it.

Ok so I have done some work with crypto currency mining pools and recently a client requested for me to make a splash page that showed data from multiple instances of these pools APIs. I went to find some documentation for this open source api and to my surprise there is none. I thought of querying the public API from the clients side and it worked, however it's so slow that the data shows up roughly 20 seconds after the page loads.

Easy fix right? Make a PHP server get the data every 5 seconds, cache it and serve the data with the page and use a websocket for live updates! Until I found out that there is no practical way in this garbage framework to get the damn API data without making an HTTP request or mutilating the original source code. I'm so done with this garbage framework. It literally loads pages based on a page and action parameter on the index.php. I quit.

I had so much fun working on my side projects this weekend that now I'm sad to spend next 5 days on client projects.

So, a few weeks ago I was asked by a client to add a cookie consent popup.

Specifically the site must not track the user via Google analytics until they consent.

All fine and I added the normal popup bar at the top the screen.

The client asked me make this smaller and place it into the bottom right hand corner, as to not "scare visitors". After some design hanged on his end the message ending up being 80px side. I.e. tiny.

Weeks later the client is now moaning about decreased traffic levels in analytics.

This is to be expected as cookie message can barely been seen.

Facepalm.

What the best database solution for web and smartphones dev?
Is mysql the good choice?
I’m an “old” dev with old usage, php-mysql-JavaScript.
Is it a 2018 solution or am i a dinosaur?
All data will be stored on server side. Web and smartphone app as client.
Thanks for your experience sharing.

Guys, what the fuck.

Today i was doing some consistancy checks accross the board after update made for one of our core systems that manages money. Yeah, real, live money.

I have hidden from public payment processor with simple API etc. So one of my checks, gate has same balances as gate's internal account on core blinked red. Okay well, fuck, thats really really shitty situation to be in. I guess my gate is fucked up some way.

Okay, debug mode on, maintainence mode on, quick look at DB, oh shit, client payed 4 times 15k eur without any txn on core system... SHIT! postman... Fuck, postman ofc wont start, quick google, fixing postman, tention in me grows, becouse its really rough and tough fuckup on my side, and got call. That moment when you know someone already knows is for me apogeum of stress that just skyrocketed from calm morning to mad morning.. Okay, i pick up phone, and I hear that one client payed (using core system app) and got strange message, YES I KNOW, im working on it.. Wait, you say that core system gave them odd message??? I will check it out. Finally fixed postman, 3 requests and I know its bug on core system.

Why, why in the motherfucking blody world anyone would push critically bugged update to system that just sends api callbacks "yes, he payed" when someone didnt pay...

Fuck im stressed and pissed, but at same time reliefed its not my personal fuckup (yeah, I solo wrote that gate, but externally audited code and all they had to say that some cosmetic linting should be done)

have been working on a small project in the last couple of months. a few client meetings we are discussing a timeline feature for orders and assignments. the calendars (yeah a few on one screen cuz ... yeah) the client keeps complaining that they should look differently and in the same time says "Design is not important *designer-guy-he-works-with* can change it once we are done"
me - :/

side note: the calendars are tightly coupled with the js code powering them, so yeah ... looking forward to it
..

I've realized that I was acting like an annoying asshole in the past on devRant and I apologize for that behavior.

Some people deserved it and some didn't. Some companies deserved it and some didn't.

I guess the time for a change has come. I will be more careful from now on.

On a side note: I have a different username now.

It was a very depressing experience with you, -ANGRY-CLIENT-. Have fun on the other side. :)

Update on my devRant client SwiftUIRant:

I’m experimenting with some UI changes compared to the official app.

* vote buttons are laid out horizontally and placed above the rant to not waste space on the left side.
* comments count shows 0 comments instead of disappearing.
* rants are not cut off but visible in full length (I plan to add a toggle setting for that)
* creation date/time is present in the feed
* date/time formatter uses the current system region and the language english. So no more awkward American dates for non American users.

What do you think?

Let's say you're working on a web application, and you notice that one of the pages is not displaying the correct data. You investigate further and realize that the data is being retrieved from an API endpoint, but for some reason, the API is returning the wrong data.

You start looking into the code that calls the API and notice that it's passing in the correct parameters, so you dig deeper into the API code itself. After hours of poring over the code, you finally discover that the bug is caused by a typo in the database query that the API is using to retrieve the data.

You fix the typo and think the problem is solved, but then you realize that the data is still not displaying correctly on the page. After even more investigation, you discover that the bug is actually being caused by a caching issue on the client side.

At this point, you're feeling incredibly frustrated and overwhelmed. You've spent hours trying to track down this bug, and it feels like every time you think you've found the root cause, another issue pops up. This is just one example of the many challenges that developers face on a daily basis.

Demo for client goes bad when we encounter a bug adding a new entry into the back end. Entry shows up in the admin but not the front side.

<thoughtbubble> "I can't believe this, we just tested it! How can this be? How? How?" </thoughtbubble>

Perhaps, the cache? Nope.

<thoughtbubble> "You gotta be fucking kidding me!" </thoughtbubble>

Perhaps the front side is pointing to dev? Nope.

<thoughtbubble> "Oh shit... make something up quick. Make it sound good." </thoughtbubble>

Tells client we'll have to look into it. (real smooth)

Looked into it and it turns out the bug was actually a feature. Apparently when you assign an "end date" to a date in the past... by design, it won't show.

However, was it bad UI? That's a different argument.

Ever heard the saying "there is no security client side"?

I've seen JavaScript client-side app that was connecting directly to DB using hardcoded (obfuscated, lol) DB password xD

And yes, there was no DB setting that this user is read-only and only from few tables. It was like GRANT * ON *.

Hearing "do this , do this like this, that like that" every day removes passion from programming I had before. Now I'm starting to get deeper into javascript and to learn backend, and I'm working on a CMS with NodeJS and MySql backend, and vanilla JS on the client side. I like the architecture I had, and really like how I started working on it. Passion is back!

I told you fucking moron clients doing that "little" change would be complicated and in the worst case it would end fucking up your whole spaghetti crap. A really HUGE spaghetti monster of that you aren't aware because you guys don't know a shit about coding conventions.

*Clients call me complaining about their software is broken*

-Hey, we're in serious trouble. Our users aren't being able to see the proper calculated values. Why that little change had so much side effects?
- I already told you why.
- Can you fix it asap? Our clients are complaining.
- No. Deploy an old copy of the affected modules while you give me a prudent time to refactorize that crap.
- Refactorize?
- ...

I used to work in their place, 3 years later I quit that crappy job and decided to make them my clients. I escaped from the micromanaging thing but I didn't from their ugly practices.

Anyways, I have to fix this shit asap. Money talks, at least until I can find a better client.

While i was still in college, i was an IT guy in a Staples.
I implemented an input form that must be filled so we (IT guys) take in charge. And for one month mostly say to EVERYONE that THEY MUST FILL IT.
So one day, after a really shitty morning, a cliznt come to take back his computer. And there where no side panel. I didn't find then so i asked my manager (who filled the fucking form), if he was there. And he start giving me shit.
After 30mins i go talk to the client to explain the problem and he said "But there was no left panel".
And the next day i wrote my forst anger filled resignation letter.
A week later a got a part time job as web dev (integration)

So one day I got an email from a client just before I'm about to go home saying she wanted to update some images on the homepage slider. "No big deal" I thought. So she sends me the images and two of them are squares and the other is a portrait. All of which have phone camera quality and are way too small for the desktop version of the slider. I trim and rearrange the two squares so that fit but the other one was hopeless. I cropped it poorly and hoped she didn't care about it too much.

Of course it was the most important picture she wanted.

I ask the client to send me a higher quality picture which would fit in the slider and she sends me a picture which is even taller and less wide.

"Great," obviously at this point I figure she must be checking on just her cell phone and that's why a tall picture makes more sense to her.

And of course now she needs this before tomorrow morning so now I'm staying late to edit images.

Since she's obviously only looking on her cell phone and she's made me stay so late to do this I just take the tall image and mirror it so that it looks like there are two products side by side and it fits well on mobile screens.

Ugh.

Coolest bug is less of a bug and more of a feature. I've been working on a medical app and I used an open source backend which had almost everything I needed. To be hipaa compliant you have to encrypt all sensitive data - full db encryption was not something this backend was capable of.

So my solution was to encrypt the data on the client side and create a secondary server - that can only be accessed on my app server - to store and retrieve the keys.

If anyone's thinking of working on a HIPAA project - you're welcome

How greedy can you get?

> boss takes half assed gdpr project : branch xyz
> branch xyz requires deprecated version of npm/node
> I re-install node this time with deprecated version
> Wow this node is configured with ant build
> ECMA 5, config but code is shit as fuck
> still I get the job done , cannot test it because code is shit as fuck and I will never any thing to fix that un healthy code
> code doesn't run on client side,
> no shit Sherlock
> get a call from boss, it urget look in it and fix it

A client is offering me just equity for their startup. I do like the idea and the research they've put behind it, but I'm also looking at a timeline of 3 months for just the MVP and almost 6 months to an year to get paid. Should I go for it?

I'm in a decent financial situation rn, so money isn't that big a thing and I'm pretty young, so that's on my side. But still, 6 months+ of my time without any renumeration is nothing to scoff at

Something I would like to finish :
- Learn server-side language so I can create more then front end. In my case I'm learning asp.net core.
- Finish a project called coffeeBreak. Users adds some web sites he likes to read and he reads them all in one page without opening multiple tabs.
- Finish a simple Reddit client for mobile, and make a desktop app out of it.
- Go through all the Pluralsight courses I have on my PC

From perfectly working scrum team to... Don't know what it is now...
Long story short - our SM left company and our team have ongoing "reorganization", our tester leaving at the end of this month, probably we will be out of tester for next month...

I don't mean reorganization, it's normal thing, but... It looks like it's slowly collapsing under bad head decisions (one of them is the reason why our tester is leaving)... Multiple "side" projects / tasks for ppl in team and problems with delivering sprint tasks on time because of it, context switching etc.

I fucking like this project, it gives me much opportunities to learn new things and design new features - it's up to us how we will implement it. Client is satisfied with our work and we worked for their trust for long time. But if things will be going same way as now, we will probably lose it.

How do you think, is it worth to try stay with this project? Or should I update CV just in case?

When in an application security talk put on by our cyber security department and one team (not mine) is being chastised for only doing client side validation, another dev asks so at what point can we trust the user? A few people nod and indicate they want an answer, and the speaker, said never, you never trust the user.

I can't believe people can graduate and get a job and keep a development job, especially in a highly government regulated company like where I work

Getting ready to start working a little something something on the side. Client (read as uncle-in-law) wants it in Wordpress because he
1) has heard of it
2) can buy themes. I told him I can make it look any way he wants and use something else, something that I'm actually familiar with. He wants Wordpress. At least it looks like writing my own plugins to do stuff will be really easy.

People keep asking me the reason why I am still using my 9 years old laptop which has Pentium b940 and 4 GB of ram. I should say Its enough for me!
All hard work is on the server side. I just need an SSH client, VS Code, Chromium, and Spotify, all running on a light weight Ubuntu. why should I buy one of those brand new laptops which has lights more than a UFO.

The front for a recruiting app with Primefaces (JSF)

Guys, please, don't use Java for client-side. It was a huge headache.

I hate how React is used almost everywhere nowadays. Especially when single-page applications are used for purposes that don't actually benefit from them.

Perhaps I'm just old-fashioned, but I want websites to work even with client-side JS disabled. At least sites like Amazon don't rely on it, and work just fine. Progressive enhancement is the way to go.

quote when asking what cleints budget is for a job....

"ah yeh hence the when your ready but it wont be paid at the start but should it pick up the will be some form of payment avalible to you"

needless to say this is the same client who is the original meeting states "wait so why is this costing me loads for a custom website can we not give me the rates for if this is a project im working in the side"

well only if im allowed to treat it as something that wont get done.

TL;DR Shit programer trying pass off stealing code as "Recycling"

Backstory:
Client hires senior dev. He lied and knows nothing. Has been causing havoc in production since day 1. My crusades to defend production have been without much success.

Since he wants to LITERALLY put his name on every big project, he finds any reason to make a new version of it (or make a slight astetic modification) to say he did something.

The client doesn't know or care about the programming side of things. Which means it is incredibly difficult to get him to understand the issues this brings. Not to mention that the "senior dev" is acting as a consultant to the client, altering the facts.

Story:
The piece of shit, is trying to make a new version of a big project. It was originally made by my mentor. Again, if you are using someone else's work to complete your own, I don't care. But if you take 99% of another person's work and then say...

"I took and existing project, which was similar to what I'm trying to make. Then I modified it to fit our needs."

Fuck you man!

You took someone else's work. Now you're trying to present it as your own. No references to our team. Again, there is literally nothing new about this project. It's exactly like the original. The client didn't even ask for this.

So I make websites on the side for small time clients for some additional income. And without fail every time I sit down to work on this one site something goes wrong. First there were problems with the hosting, and now the template that the client chose is no longer for sale. I hope I'm not going to lose them over this :( I've sent them a list of alternative templates and contacted the company behind the original template to ask what is up. Real shame because they picked what I considered the favourite too and now I regret waiting to fork over the money to make the purchase.

This happened about 2 years ago. My colleague at work, who's a kind and smart soul was actually yelling at the phone. Before that nobody had heard her yell at anyone, let alone a client.

The history was that she found out that the client sent her falsified official documents and she confronted him about that, so the idiot client started laughing then yelling that she had to be 'on his side' since he hired us as consultants. That's when she started yelling.

How can anyone be so cynical?
This is also our job to save your moron ass from your own stupidity.
If she didn't found out and the documents sent to the government there would be a lot of trouble for everyone especially the client.

After that we all comforted her and told her she did right. Unfortunately the client wasn't fired (a friend of the boss) but of course we all declined to work with that client again.

Trying to explain a game developer in a community, why its a bad idea to only make client side patches for equiptment to appear correctly..

me: because the server needs to be aware of the changes made to avoid faulty calculations, for instance if the client calculates a fatal but the server disagree..

dev: but it works...
me: yes, but not optimally.
dev: Working as intended (TM)
me: ... teh fuq?

not sure if he's a bad troll or wut..

Background: I am currently working with a DB that has websocket functionality ("notify a client on insert/etc."). However, you do have to whitelist tables in order to use them with sockets.

I wanted to optimize my code and didn't want to mess with my coworkers dev-data, therefore I duplicated the table. After improving some small things I noticed that the interface does not change with new socket data. I have spent the last hour or so trying to figure out where I broke it.

I just realized that I forgot to whitelist that duplicated table 😐 Most relieving moment today 😅

Bonus side effect: The code is much cleaner now since I refactored a lot of the realtime-logic in order to understand it/fix the bug.

I've decided to, as an educational exercise, implement DEFLATE compression / decompression and zip file format, and eventually tackling Excel format (which is just a .zip) so I can generate true excel spreadsheets (instead of .csv files) client-side using JavaScript.

Are there already libraries that do this? Yes, but then I don't get to try to implement these interesting algorithms. Is it currently 1 AM? Yes. Do I have work tomorrow? Also yes.

If I don't just fall flat on my face, I'll post updates!

I am trying to "invent" secure client-side authentication where all data are stored in browser encrypted and only accessible with the correct password. My question is, what is your opinion about my idea. If you think it is not secure or there is possible backdoor, let me know.

// INPUT:
- test string (hidden, random, random length)
- password
- password again
// THEN:
- hash test string with sha-512
- encrypt test string with password
- save hash of test string
// AUTH:
- decrypt test string
- hash decrypted string with sha-512
- compare hashes
- create password hash sha-512 (and delete password from memory, so you cannot get it somehow - possible hole here because hash is reversible with brute force)

// DATA PROCESSING
- encrypt/decrypt with password hash as secret (AES-256)

Thanks!

EDIT: Maybe some salt for test string would be nice

Worst argument/fight was on a game I was working on.

One of the other devs was waiting for me to write some server Code before calling the endpoints on the client.

After writing the server Code I added the client side Code and committed it to our repo.

They had a massive go at me for doing work for them and threatened to remove my Code and replace it with their own code.

8 months ago, me and my teammate developed an API and a web application for one of our client. The API was supposed to be consumed by mobile app which another team was working upon. Now my suggestion for the mobile team was to use something like ionic or react-native. This was purely to keep technical debt on lower side since hybrid apps don't deviate too far for both Android and iOS platforms. But mobile team went with the native apps and developed two separate apps which both have some differences.

The client didn't even use the iOS app since past 6 months. Now all of a sudden she reported several bugs and the person managing the mobile devs put that all on us. I tested some of the bugs and seems like the same feature is working on Android but not on iOS.
Came to know later that the iOS developer who was working on the app had resigned and left the company exactly 6 months ago. Right after the apps first launch. And since then mobile team hasn't put any replacement person for the project. That fucker was trying to buy some time by putting it all on us.
And now here I am, experimenting again with Flutter. So far it seems quite decent.

Html imports. Polyfil. Hey. Reading, this is awesome. <link rel=“import” href=“control.html”> what could be simpler? Deprecated front end. But only need it for developing. Will combine the files at the end.

Estimate converting php to pure html, couple of days.

Go to use it with polyfill (webcompnents.js htmlimport). Doesn’t work.

Try the light components. Doesn’t work.

Try server-side polymer. Doesn’t work.

So much documentation about it working. Then finally come across shadow dom and how html imports are associated with them.

Hell no they aren’t. They are completely different things. Oh. Google packaged them together? No one could agree on shadow dom, and its now going away? Taking the pure html way of combining files into one page with it???

Spent an entire freaking day. But got 8 lines of code and <link rel=“fetch” ...> to do the same thing.

Why hasn’t this been an html standard for say...years. Why can’t the server do a handshake with the client and serve one page (php-ish) if the feature isn’t supported. Otherwise multiple files asyc. I mean. This is a fundamental part of pwa’s.

Why are these obviously smart people so stupid??? Deploy you shitty shadow dom without this obviously useful feature...

Just merged the stuff that the other intern and I have been working on for the past couple weeks together. He didn't comment a single function; not the couple thousand lines of c# functions on the server side, nor the hundreds of lines of JavaScript on the client side. It's a mess of formatting... Ugh.

Many of you commented on my previous rant regarding my first ever freelance gig that I would definitely be back with even more to rant... here I am.

What was supposedly a 1 to 1.5 month long project became one that is stretching beyond 3, if lucky, else 4 months long. Requirements and scope evolving more complex and with variations more intense than pokemon evolutions.

I fucked up. I signed a contract that nobody would have. I didn't plan or protect my ass enough to prevent such shit from happening. I severely underestimated and hence under quoted. This is one of the nightmare situations a freelancer could be in (in my opinion). I mean it could only get better... Right? I'm preparing myself for one hell of a payment at the end of the project. Brace yourself, payment is hopefully coming as fast as the number of seasons it took for winter to come in GoT.

On the bright side, I'm currently working on a new project with a client that is indeed much much better than this first. I mean he is a nice person and communications thus far has been nothing short of great.

I guess it's good to start with your expectations rock bottom, that way nothing else can be worse, I hope.

when you spend more time in JIRA explaining the client that their bug is not a bug but misconfiguration on their side than actual programming. :-/

error between chair and keyboard.

I was discussing scope and budget with a potential client for a side project. It involved a good bit of complex postgresql and subsequent aggregations and creation of reports. He was hiring because the last guy's work was so poorly documented, they couldn't verify its accuracy.

Me: "So, what are your thoughts on a budget?"
Him: "We were thinking something like $15/hour."
Me: "Um...ok. If I can ask, where did you get that number?"
Him: "That's what we paid the last guy."
😑😑😑😑😑😑

Using Oracle ADF along with ADF Faces to build a simple learning management system. No JavaScript, no external stylesheets, all inline styles, no client side validation, doing form submit for every field's onblur event triggering a server-side validation, creating a VO for every damn page requiring data, creating an EO for every DB table or view, adding big-ass custom queries for most EOs to join on multiple tables, frequent N+1 queries, etc.,

Idont remember the rest of the problems

I am a fresher in web development. I have already learnt to use nodejs, react, angular, vanilla js and made many projects. Majority of the work I feel is just CRUD based, sure there are some exciting things but they are only of a small percentage.

All that innovation HAPPENING is just glorified way of making a CRUD APP ONLY.
Oh mvc worked great on server side let's bring it to client side
OH mvc is such a mess, who thought about doing this.
Oh react redux is so revolutionary let's remake our app using it,,
Oh es6 fuck yeah, Babel, webpack sure, now my crud app is super performant.
Oh graphql, motherfucking cutting edge CRUD APP......

I need to know what's next, is there any breaking of this cycle

Haven't even finished the wire frame prototypes and my client is asking if I can get the site complete mid-December because they want to advertise via radio.

Maybe if you stopped changing your mind about the layout and features then I could get this done a little faster. Glad I'm charging per hour!

On the plus side, at least they asked this time - last time they had purchased a load of radio time and then gave me a deadline.

this is a very Stupid idea so i wont put it to the dssue tracker. but. how about enabling people to host their own devRant servers with their very own rules? this way, the main server will have a bit more breathing room and common interests could have a shared server.

the client Would have the current buttons + empty buttons that can be given a special function from server side.

also, it would be possible to view rants from multiple servers (color coded so theres no mixup in button functions) in one feed.

the client would come with the main server on first start up. the most popular servers would be listed in the settings. also, rants with 50++ would automatically be put into the main server.

In a real-time multiplayer competitive game where you control a vehicle, is it feasible to simulate the whole thing on server side, such that the client only sends controls and receives sensor results? I mean like the client doesn't even know its own precise rotation, just the readings of a gyroscope and an accelerometer which are both susceptible to errors, and deduces the "down" direction from those two and approximate control forces. This would both solve hacking (writing a good robot is just as challenging) and lead to fun results like an attitude indicator going crazy from a gust of wind.