Diary of an insane lead dev: day 447

pdf thumbnails that the app generates are now in S3 instead of saved on disk.

when they were on disk, we would read them from disk into a stream and then create a stream response to the client that would then render the stream in the UI (hey, I didn't write it, I just had to support it)

one of my lazy ass junior devs jumps on modifying it before I can; his solution is to retrieve the file from the cloud now, convert the stream into a base64 encoded string, and then shove that string into an already bloated viewmodel coming from the server to be rendered in the UI.

i'm like "why on earth are you doing that? did you even test the result of this and notice that rendering those thumbnails now takes 3 times as long???"

jr: "I mean, it works doesn't it?"

seriously, if the image file is already hosted on the cloud, and you can programmatically determine its URL, why wouldn't you just throw that in the src attribute in your html tag and call it a day? why would you possibly think that the extra overhead of retrieving and converting the file before passing it off to the UI in an even larger payload than before would result in a good user experience for the client???

it took me all of 30 seconds to google and find out that AWS SDK has a method to GetPreSignedURL on a private file uploaded to s3 and you can set when it expires, and the application is dead at the end of the year.

JFC. I hate trying to reason with these fuckheads by saying "you are paid for you brain, fucking USE IT" because, clearly these code monkeys do not have brains.

Dev Diary Entry #56
Dear diary, the part of the website that allows users to post their own articles - based on an robust rights system - through a rich text editor, is done! It has a revision system and everything. Now to work on a secure way for them to upload images and use these in their articles, as I don't allow links to external images on the site.

Dev Diary Entry #57
Dear diary, today I finally finished the image uploading feature for my website, and I have secured it as well as I can.

First, I check filesize and filetype client-side (for user convenience), then I check the same things serverside, and only allow images in certain formats to be uploaded.

Next, I completely disregard the original filename (and extension) of the image and generate UUIDs for them instead, and use fileinfo/mimetype to determine extension. I then recreate the image serverside, either in original dimensions or downsized if too large, and store the new image (and its thumbnail) in a non-shared, private folder outside the webpage root, inaccessible to other users, and add an image entry in my database that contains the file path, user who uploaded it, all that jazz.

I then serve the image to the users through a server-side script instead of allowing them direct access to the image. Great success. What could possibly go horribly wrong?

Dev Diary Entry #58
Dear diary, I am contemplating scrapping the idea of allowing users to upload images, text, comments or any other contents to the website, since I do not have the capacity to implement the copyright-filter that will probably soon become a requirement in the EU... :(

Wat to do, wat to do...

1. Keep my job
2. Keep my side job
3. Revive blogging at least 1 post a month
4. Keep focus on what’s important and what are priorities
5. Finish my notes / diary application cause my text files / html pages are now taking up to much space and using cat/grep to search trough them is painful ( it can also help with point 3 )
6. Maybe just maybe start writing prototype of table top rpg game scenario, I have a concept in my mind for a long time but it’s also connected to point 5 and 7 and 8
7. Spend twice more time to practice drawing than in this year
8. Read / listen to more than 1 book a month
I think that’s it from dev stuff

I am going to start a random stuff from dev life diary just for your annoyance… cause I’m bored (and kind of want to see how long I can be bothered to keep shit like this going)

So, work day 1 for 2022. Wrote TS and YAML. Yay, IaC is fun. Also, no one has bothered me with dms or calls or any such shite today, which is the way I like it. Leave me be, mofos!

Should still bother to prepare all the shit for tomorrow’s PoC spec planning workshop… what a chore. Couldn’t be bothered, I’d much rather someone else did the specs and I could skip to design and implementation. But I guess this is yet another context where I have to do it all myself. Woo hoo…