Cutting corners just creates two new corners.

Likewise, cutting corners in code just creates more bugs.

TL;DR I'm fucking sick and tired of Devs cutting corners on security! Things can't be simply hidden a bit; security needs to be integral to your entire process and solution. Please learn from my story and be one of the good guys!

As I mentioned before my company used plain text passwords in a legacy app (was not allowed to fix it) and that we finally moved away from it. A big win! However not the end of our issues.

Those Idiot still use hardcoded passwords in code. A practice that almost resulted in a leak of the DB admin password when we had to publish a repo for deployment purposes. Luckily I didn't search and there is something like BFG repo cleaner.

I have tried to remedy this by providing a nice library to handle all kinds of config (easy config injection) and a default json file that is always ignored by git. Although this helped a lot they still remain idiots.
The first project in another language and boom hardcoded password. Dev said I'll just remove before going live. First of all I don't believe him. Second of all I asked from history? "No a commit will be good enough..."

Last week we had to fix a leak of copyrighted contend.
How did this happen you ask? Well the secure upload field was not used because they thought that the normal one was good enough. "It's fine as long the URL to the file is not published. Besides now we can also use it to upload files that need to be published here"
This is so fucking stupid on so many levels. NEVER MIX SECURE AND INSECURE CONTENT it is confusing and hard to maintain. Hiding behind a URL that thousands of people have access to is also not going to work. We have the proof now...
Will they learn? Maybe for a short while but I remain sceptic. I hope a few DevrRanters do!

Client:
"Ok,. so your saying that its gonna take you 63 hrs to create a simplified CRM with basic functionality and auto fill docs or automated work flow docs as an added feature?"

My response (after already under-quoting and planning on cutting some corners because he has a smaller budget than normally necessary):
"It sounds simpler than it is. There are a lot of things I need to take into account that you wouldn't even think about.

For instance:

Making sure your emails don't go to the client's spam folder. This requires the sending domain to be verified via DNS settings. I have to ensure your email content passes a spam test (link to text ratio needs to be good). I assumed you'd want an email that has your logo and looks good. This means testing the design in Outlook to make sure it's not broken.

What if the email doesn't send due to an invalid email address, or bounces back? You'll need to be notified.

What if the client list for the week contains duplicates? You need them merged or ignored.

Generating a PDF from HTML can be tricky because the conversion isn't apples to apples so there are things I need to adjust to make them as close as possible.

Making a site completely mobile friendly (the tier 3 option) can be very time consuming as well. It's not about whether or not it fits on a mobile phone, it's about whether or not it's intuitive and useful. You're essentially getting a mobile app without paying for separate development of an app.

If I took everything into consideration and built this to be 100% bullet proof, it would cost tens of thousands.

I'm doing my best to leverage your needs with the probability of running into an issue. I'm not going waste my time/your money on something that will likely never happen."

Put away the keyboard. Think about what you're going to do, chart it out, work through the logic and then, when the entire construct is before you, you start typing.

Yes it will take longer, you're a junior, enjoy that nobody expects you to do miracles (yet) and take the time, you'll get it back when you're so used to working through logical problems that it happens on its own as soon as you hear about the problem.

Cutting corners and "hacking a quick solution" without fucking over the entire system is an art form. Before you do art learn your damn craft.

Why do some developers cut corners and add 20 extra fields just in case the customer wants to add extra data? What happens when the customer needs 21 fields. Just spend slightly more time and implement a custom field system that can extend to any amount of data it's not that difficult and you won't have to add a new field every time a customer needs more then you expected.

My dad, the man who taught me cutting corners is less possible in the IT field than any other field and that you have to do it CORRECTLY unless you're deliberately asking for problems, is using the OEM recovery utility to reinstall the OEM copy of Win7 Starter onto a shitbook destined to be a diagnostics machine for smart cars *because he doesn't wanna go driver hunting.*

They're all literally right fucking here. On this one page.

My mentor has become the bad example he once steered me away from becoming.

Hmmmmm, the Web designer, that's designer not developer, for an ecommerce job I'm working on, just suggested we use WordPress or a html template, rather than create her own. (obvs I denied WordPress as a tool) She's not new to the game either, is she being lazy and cutting corners, or just utilising what's already available with templates?

I way under-quoted this custom CMS.

I thought ContentBuilder.js was going to be a better plugin. Documentation is lacking, I've run into a couple bugs, and the thing looks like it was built 10 years ago with iframes for image uploads...Ugh.

On top of that, I didn't realize how much work certain things would be like the drag and drop menu builder. Yea....it took 4 different plugins to find one that works well with nested items.

I'd say I'm 60% through and need to be 90%. I'll probably start cutting corners unfortunately :(

Does anybody know about to text from an iPhone on a Windows 10 PC? I doubt I'll ever get a Mac... and would like to write a texting client if there is not already one available. Apple's bullshit lack of compatibility and accessibility to developers off of their platform probably means cutting corners, but I figured if there was a way this community is the fastest way to find out..