TL;DR I'm fucking sick and tired of Devs cutting corners on security! Things can't be simply hidden a bit; security needs to be integral to your entire process and solution. Please learn from my story and be one of the good guys!

As I mentioned before my company used plain text passwords in a legacy app (was not allowed to fix it) and that we finally moved away from it. A big win! However not the end of our issues.

Those Idiot still use hardcoded passwords in code. A practice that almost resulted in a leak of the DB admin password when we had to publish a repo for deployment purposes. Luckily I didn't search and there is something like BFG repo cleaner.

I have tried to remedy this by providing a nice library to handle all kinds of config (easy config injection) and a default json file that is always ignored by git. Although this helped a lot they still remain idiots.
The first project in another language and boom hardcoded password. Dev said I'll just remove before going live. First of all I don't believe him. Second of all I asked from history? "No a commit will be good enough..."

Last week we had to fix a leak of copyrighted contend.
How did this happen you ask? Well the secure upload field was not used because they thought that the normal one was good enough. "It's fine as long the URL to the file is not published. Besides now we can also use it to upload files that need to be published here"
This is so fucking stupid on so many levels. NEVER MIX SECURE AND INSECURE CONTENT it is confusing and hard to maintain. Hiding behind a URL that thousands of people have access to is also not going to work. We have the proof now...
Will they learn? Maybe for a short while but I remain sceptic. I hope a few DevrRanters do!

20 minutes trying to convince my boss (lead dev) that dynamically create tables on DB based on file name to store uploaded json content isn't a good design approach and he is still convinced that 500 lines will really impact performance that much on one table and that this is the best design...

Based on this approach, he wants to create another table with the user who last modified and the "fk" (not sure if he even knows what this is cause none of the fks here point to anything...) would be the table name... now I know where those hideous tables we have here come from...

Don't know if I laugh or cry...

The other day I fucked up. I coded a safety measure that saves a file on crash, to keep data safe.
I added two lines of code before loading the file, and they crashed. There goes all my data.
(At least got to fix that bug)

RANT!
Had to do one of those at-home tasks instead of a technical interview as part of applying for a (junior) positon with this startup that is using a blockchain for medical records. The task is build the api to interface with the records. Both for searching and crud operations, (Using a json array of records in local file for mock db) in 2 hours.
Ok fine, doesnt sound totally unreasonable, so I did what I could (which is all but tests, it worked at least)
But thats like 2/3 of what their actual production system is, built in 2 hours, for free. Theres 6 hr + in a work day, and the position is a 24mos contract....
Maybe its just me cause this is the first one of these Ive ever done, but it seems unreasonable that in order to qualify I need to do in 2 hrs what an entire team did in weeks.

I get they want to see if an applicant wasn't lieing on their cv, but damn...
Thats like saying In order to show your good enough for an entry level poistion on the Facebook team, you need to build Facebook; before lunchtime, its 7am. GOGOGO! lol

I hate when programming books have shit code examples.

Just came across these, in a single example app in a Go book:

- inconsistent casing of names

- ignoring go doc conventions about how comments should look like

- failing to provide comments beyond captain obvious level ones

- some essential functionality delegated to a "utils" file, and they should not be there (the whole file should not exist in such a small project. If you already dump your code into a "utils" here, what will you do in a large project?)

- arbitrary project structure. Why are some things dumped in package main, while others are separated out?

- why is db connection string hardcoded, yet the IP and port for the app to listen on is configurable from a json file?

- why does the data access code contain random functions that format dates for templates? If anything, these should really be in "utils".

- failing to use gofmt

These are just at a first glance. Seriously man, wft!

I wanted to check what topics could be useful from the book, but I guess this one is a stinker. It's just a shame that beginners will work through stuff like this and think this is the way it should be done.

Disclaimer: I am a beginner and I used node just because my employer asked me to.
I needed to create 1400 random users for a platform and I needed to get all the usernames and passwords in a json file and my idea was to just add the object to other collection with all the creditals(passwords are hashed in the db so I couldnt just loop them). For some reason it wouldn't work (i am really bad with async functions) and I just threw the table and copy pasted it from the error screen.
this_shit = {[name1,pass1],[name2,pass2]...}
throw this_shit;
Worked like a charm ^_^