Good Morning!, its time for practiseSafeHex's most incompetent co-worker!

Todays contestant is a very special one.

*sitcom audience: WHY?*

Glad you asked, you see if you were to look at his linkedin profile, you would see a job title unlike any you've seen before.

*sitcom audience oooooooohhhhhh*

were not talking software developer, engineer, tech lead, designer, CTO, CEO or anything like that, No No our new entrant "G" surpasses all of those with the title ..... "Software extraordinaire".

*sitcom audience laughs hysterically*

I KNOW!, wtf does that even mean! as a previous dev-ranter pointed out does this mean he IS quality code? I'd say he's more like a trash can ... where his code belongs

*ba dum tsssss*

Ok ok, lets get on with the show, heres some reasons why "G" is on the show:

One of G's tasks was to build an analytics gathering library for iOS, similar to google analytics where you track pages and events (we couldn't use google's). G was SO good at this job he implemented 2 features we didn't even ask for:

- If the library was unable to load its config file (for any reason) it would throw an uncatchable system integrity error, crashing the app.
- If anything was passed into any of the functions that wasn't expected (null, empty array etc.) it would crash the app as it was "more efficient" to not do any sanity checks inside the library.

This caused a lot of issues as some of the data needed to come from the clients server. The day we launched the app, within the first 3 hours we had over 40k crash logs and a VERY angry client.

Now, what makes this story important is not the bugs themselves, come on how many times have we all done something stupid? No the issue here was G defended all of this as the right thing to do!

.. and no he wasn't stoned or drunk!

G claimed if he couldn't get the right settings / params he wouldn't be able to track the event and then our CEO wouldn't have our usage data. To which I replied:

"So your solution was to not give the client an app instead? ... which also doesn't give the CEO his data".

He got very angry and asked me "what would you do then?". I offered a solution something like why not have a default tag for "error" or "unknown" where if theres an issue, we send up whatever we have, plus the file name and store it somewhere else. I was told I was being ridiculous as it wasn't built to track anything like that and that would never work ... his solution? ... pull the library out of the app and forget it.

... once again giving everyone no data.

G later moved onto another cross-platform style project. Backend team were particularly unhappy as they got no spec of what needed to be done. All they knew was it was a single endpoint dealing with very complex model. There was no Java classes, super classes, abstract classes or even interfaces, just this huge chunk of mocked data. So myself and the lead sat down with him, and asked where the interfaces for the backend where, or designs / architecture for them etc.

His response, to this day frightens me ... not makes me angry, not bewilders me ... scares the living shit out of me that people like this exist in the world and have successful careers.

G: "hhhmmm, I know how to build an interface, but i've never understood them ... Like lets say I have an interface, what now? how does that help me in any way? I can't physically use it, does it not just use up time building it for no reason?"

us: "... ... how are the backend team suppose to understand the model, its types, integrate it into the other systems?"

G: "Can I not just tell them and they can write it down?"

**
I'll just pause here for a moment, as you'll likely need to read that again out of sheer disbelief
**

I've never seen someone die inside the way the lead did. He started a syllable and his face just dropped, eyes glazed over and he instantly lost all the will to live. He replied:

" wel ............... it doesn't matter ... its not important ... I have to go, good luck with the project"

*killed the screen share and left the room*

now I know you are all dying in suspense to know what happened to that project, I can drop the shocking bombshell that it was in fact cancelled. Thankfully only ~350 man hours were spent on it

... yep, not a typo.

G's crowning achievement however will go down in history. VERY long story short, backend got deployed to the server and EVERYTHING broke. Lead investigated, found mistakes and config issues on every second line, load balancer wasn't even starting up. When asked had this been tested before it was deployed:

G: "Yeah I tested it on my machine, it worked fine"

lead: "... and on the server?"

G: "no, my machine will do the same thing"

lead: "do you have a load balancer and multiple VM's?"

G: "no, but Java is Java"

... and with that its time to end todays episode. Will G be our most incompetent? ... maybe.

Tune in later for more practiceSafeHex's most incompetent co-worker!!!

"there's a problem with your API"
Me: "why?"
"I get no data"
Me: "what response code are you getting?"
"405 - Method not allowed. But only on the /version endpoint"
Me: "Soo... What request are you sending?"
"POST"

WHY THE FUCK WOULD YOU SEND A POST REQUEST TO AN ENDPOINT THAT **GETS** THE VERSION OF MY API???!!!!

Me: "Read the documentation. It's there for a reason"

The GET /users endpoint will return a page of the first 13 users by default.

To request other pages, add |-separated querystring with the limit and offset, as roman numerals enclosed in double quotation marks. Response status is always equal to 200, plus the total count of the resource, or zero when there's an error.

You can include an array of friends of the user in the result by setting the request header "friends" to the base64-encoded value of the single white pixel png.

Other metadata is not included by default in responses, but can be requested by appending ?meta.json to any endpoint, which will return an xml response.

If you want to update the user's profile picture, you can request an OAuth token per fax machine, followed by a pigeon POST capsule containing a filename and a rolled up Polaroid picture. The status code attached to the return postal dove will be the decimal ASCII code for a happy smiley on success, and a sad smiley if any field fails form validation.

-- Every single external REST API I've ever worked with.

Me when viewing a line of PHP where the previous developer add "sleep(5)" to an Ajax endpoint with the comment "Sleep for 5 seconds so the ajax loading icon is visible to users".

FML.

Sorry if I make a typo, my hands a still a little shaky, just had to stop myself from crying.

This morning I came in, opened my email, saw an automated response from Jira saying .... saying ..... saying the backend team provided details about their new endpoint.

After a year of screaming, they finally did it. It was so beautiful I fell to the floor and wept like a baby.

Thank you all for your support through this difficult time. Together we can accomplish anything!!!

Storytime!

Manager: Hey fullstackchris, the maps widget on our app stopped working recently...

Dev: (Skeptical, little did he know) Sigh... probably didn't raise quota or something stupid... Logs on to google cloud console to check it out...

Google Dashboard: Your bill.... $5,197 (!!!!!!) Payment method declined (you think?!)

Dev: 😱 WTF!?!?!! (Calls managers) Uh, we have HUGE problem, charges for $5000+ in our google account, did you guys remove the quota limits or not see any limit reached warnings!?

Managers: Uh, we didn't even know that an API could cost money, besides, we never check that email account!

Dev: 🤦‍♂️ yeah obviously you get charged, especially when there have literally been millions of requests. Anyway, the bigger question is where or how our key got leaked. Somewhat started hammering one of the google APIs with one of our keys (Proceeds to hunt for usages of said API key in the codebase)

Dev: (sweating 😰) did I expose an API key somewhere? Man, I hope it's not my fault...

Terminal: grep results in, CMS codebase!

Dev: ah, what do we have here, app.config, seems fine.... wait, why did they expose it to a PUBLIC endpoint?!

Long story short:

The previous consulting goons put our Angular CMS JSON config on a publicly accessible endpoint.

WITH A GOOGLE MAPS API KEY.

JUST CHILLING IN PLAINTEXT.

Though I'm relieved it wasn't my fault, my faith in humanity is still somewhat diminished. 🤷‍♂️

Oh, and it's only Monday. 😎

Cheers!

It's official, I am quitting...

Boss walks in today while we busy discussing how to write up the new endpoint we need from the api and tells us there is too much discussion and as only woman can multitask, Dumi is the only person that can be productive...

Security decided to update our PCs with endpoint protection. It's blocking all connections to and from localhost.

It's been a productive day.

Such enterprise. Much security.

Guys i guess i did it.. more than a year ago i started developing an API.. every admin of it could create new endpoints through the webui.. for rach endpoint you can create an own auth system.. a local company just fucking bought my shit.. a fucking simple API for 12k€.. im kinda proud now because i am only 18

It's maddening how few people working with the internet don't know anything about the protocols that make it work. Web work, especially, I spend far too much time explaining how status codes, methods, content-types etc work, how they're used and basic fundamental shit about how to do the job of someone building internet applications and consumable services.

The following has played out at more than one company:

App: "Hey api, I need some data"
API: "200 (plain text response message, content-type application/json, 'internal server error')"
App: *blows the fuck up

*msg service team*

Me: "Getting a 200 with a plaintext response containing an internal server exception"
Team: "Yeah, what's the problem?"
Me: "...200 means success, the message suggests 500. Either way, it should be one of the error codes. We use the status code to determine how the application processes the request. What do the logs say?"
Team: "Log says that the user wasn't signed in. Can you not read the response message and make a decision?"
Me: "That status for that is 401. And no, that would require us to know every message you have verbatim, in this case, it doesn't even deserialize and causes an exception because it's not actually json."
Team: "Why 401?"
Me: "It's the code for unauthorized. It tells us to redirect the user to the sign in experience"
Team: "We can't authorize until the user signs in"
Me: *angermatopoeia* "Just, trust me. If a user isn't logged in, return 401, if they don't have permissions you send 403"
Team: *googles SO* "Internet says we can use 500"
Me: "That's server error, it says something blew up with an unhandled exception on your end. You've already established it was an auth issue in the logs."
Team: "But there's an error, why doesn't that work?"
Me: "It's generic. It's like me messaging you and saying, "your service is broken". It doesn't give us any insight into what went wrong or *how* we should attempt to troubleshoot the error or where it occurred. You already know what's wrong, so just tell me with the status code."
Team: "But it's ok, right, 500? It's an error?"
Me: "It puts all the troubleshooting responsibility on your consumer to investigate the error at every level. A precise error code could potentially prevent us from bothering you at all."
Team: "How so?"
Me: "Send 401, we know that it's a login issue, 403, something is wrong with the request, 404 we're hitting an endpoint that doesn't exist, 503 we know that the service can't be reached for some reason, 504 means the service exists, but timed out at the gateway or service. In the worst case we're able to triage who needs to be involved to solve the issue, make sense?"
Team: "Oh, sounds cool, so how do we do that?"
Me: "That's down to your technology, your team will need to implement it. Most frameworks handle it out of the box for many cases."
Team: "Ah, ok. We'll send a 500, that sound easiest"
Me: *..l.. -__- ..l..* "Ok, let's get into the other 5 problems with this situation..."

Moral of the story: If this is you: learn the protocol you're utilizing, provide metadata, and stop treating your customers like shit.

I realize I've ranted about this before, but...

Fuck APIs.

First the fact that external services can throw back 500 errors or timeouts when their maintainer did a drunk deploy (but you properly handled that using caching, workers, retry handlers, etc, right? RIGHT?)...

Then the fact that they all speak a variety of languages and dialects (Oh fuck why does that endpoint return a JSON object with int keys instead of a simple array... wait the params are separated with pipe characters? And the other endpoint uses SOAP? Fuck I need to write another wrapper class around the client...)

But the worst thing: It makes developers live in this happy imaginary universe where "malicious" is not a word.

"I found this cloud service which checks our code style" — hmm ok, they seem trustworthy. Hope they don't sell our code, but whatever.

"And look at this thing, it automatically makes database backups, just have to connect to it to DigitalOcean" — uhhh wait...

"And I just built this API client which sends these forms to be OCR processed" — Fuck... stop it... there are bank accounts numbers on those forms... Where's that API even located? What company?

* read their privacy policy *

"We can not guarantee the safety of your personal data, use at your own risk [...] we are located in Russia".

I fucking hate these millennial devs who literally fail to get their head out of the cloud.

Somehow they think it's easier to write all these NodeJS handlers and layers around some API, which probably just calls ImageMagick + Tesseract on the other side.

If I wasn't so fucking exhausted, I'd chop of their heads... but they're like hydra, you seal one privacy breach and another is waiting to be merged, these kids just keep spewing their crap into easy packages, they keep deploying shitty heroku apps... ugh.

😖

Client: "Hey we want you to integrate your product with our system."
Me: "Oh, OK. Where's your API?"
Client: "Here! We even have an outdated .Net SDK, we use XML."
Me: "Ok.. how do we authenticate? What's your OAuth 2.0 endpoint?"
Client: "O auth what?"
Me: " You know, the current standard for REST API authentication and authorisation"
Client: " What's REST?"
*Hungs up*

So this guy is supposed to do the frontend.
I do the backend.
I offer an endpoint.
He does his HTML+CSS magic.
Me: Cool but data is hardcoded. Could you get the data from the endpoint I sent you?
Him: "I'd prefer you do that, I can make a git repo so you download the front."

... So you don't do frontend, you just write pretty layouts. And I have to actually write the frontend logic? Go f yourself.

Had a job interview recently that went well besides one little disagreement... and it has made me question my sanity. Tell me if I'm wrong.

They asked the difference between a GET and POST request.

Wow, that's an easy one, they're giving me a break, I thought to myself.

I said "GET is used to retrieve data from a server, whereas POST is used to add data to a server, via it's body, which a GET lacks" or something like that.

They were like "ya mostly, but GET can be used to enter data into the server too. We were just looking for the body thing."

And I'm like.... yeah, you could do that, but that's not what it's meant for.

They mention stuff about query parameters and I hold steady that GET and POST are different because GET has a specific purpose. Otherwise, we wouldn't need the "method" part of an HTTP request at all. We could just either include a body or not include a body.

I ended it with "Well, POST implies that you are adding data to a server, and GET implies you are querying data from the server. When I'm reading documentation, that's how I quickly determine what an endpoint does."

My confidence was a little shaken at this point. Crazy what two people with (I assume at least) 10+ years of experience telling you you're wrong will do to your confidence.

Long story short, I'm unofficially the hacker at our office... Story time!

So I was hired three months ago to work for my current company, and after the three weeks of training I got assigned a project with an architect (who only works on the project very occasionally). I was tasked with revamping and implementing new features for an existing API, some of the code dated back to 2013. (important, keep this in mind)

So at one point I was testing the existing endpoints, because part of the project was automating tests using postman, and I saw something sketchy. So very sketchy. The method I was looking at took a POJO as an argument, extracted the ID of the user from it, looked the user up, and then updated the info of the looked up user with the POJO. So I tried sending a JSON with the info of my user, but the ID of another user. And voila, I overwrote his data.

Once I reported this (which took a while to be taken seriously because I was so new) I found out that this might be useful for sysadmins to have, so it wasn't completely horrible. However, the endpoint required no Auth to use. An anonymous curl request could overwrite any users data.

As this mess unfolded and we notified the higher ups, another architect jumped in to fix the mess and we found that you could also fetch the data of any user by knowing his ID, and overwrite his credit/debit cards. And well, the ID of the users were alphanumerical strings, which I thought would make it harder to abuse, but then realized all the IDs were sequentially generated... Again, these endpoints required no authentication.

So anyways. Panic ensued, systems people at HQ had to work that weekend, two hot fixes had to be delivered, and now they think I'm a hacker... I did go on to discover some other vulnerabilities, but nothing major.

It still amsues me they think I'm a hacker 😂😂 when I know about as much about hacking as the next guy at the office, but anyways, makes for a good story and I laugh every time I hear them call me a hacker. The whole thing was pretty amusing, they supposedly have security audits and QA, but for five years, these massive security holes went undetected... And our client is a massive company in my country... So, let's hope no one found it before I did.

Writing more infrastructure than product.

Look, my application requests and transforms data from a single external API endpoint, it's just one GET request...

But I made an intelligent response caching middleware to prevent downtime when the parent API goes down, I made mocks and tests for everything, the documentation is directly generated from the code and automatically hosted for every git branch using hooks, responses are translated into JSONschema notation which automatically generate integration tests on commit, and the transformations are set up as a modular collection of composable higher order lenses!

Boss: Please use less amphetamine.

Somebody asked me my API doc.
I don't have any API at all.

I will lie, and I'll write a swagger specification in few hours and I'll send them.

They will try to read it and understand, and after maybe a week, when they will ask for testing and endpoint I'll pretend to be on holiday for 2 weeks.

3-4 weeks gone already, I checked they should be on holiday by then. Only then, I'll answer with a fake endpoint with fake data.

I'll get another 2 weeks if I'm lucky.
When they discover about fake data, I'll say there is a bug.

In total if I play well, I have 2/2.5 months to implement some kind of API server with some more or less true implementation.

Thanks to Swagger. Swag

Once I had to do a 'hands on' pair programming session for a position I applied for... Together with the lead dev we would switch coding every 15 minutes It was somewhat of a horror story...

The assignment was to implement an password reset flow, connecting it to the api and then handling the entire password reset flow, in Angular becahs ye know has to be Angular...

After drafting the ui and setting up the click events, I wanted to hookup the api calls, but then it was time to switch around...

The fucktard dev first started to adjust my classmappings to be more in line with his preference, without touching the css classnames... Ok... Micro managing ... Check...

So after breaking the styles, he wrote the fetches to the api endpoints and that was his 15 minutes of shame...

I continued only to find out the endpoints we were using had errors in them and would not return anything workable...

The dev said he'd tested the endpoint before and it worked, but clearly it didn't...

After about an hour of going back and forth trying to get this to work he got a call from a client because server was down (surprise), he excused himself and had to prioritize on this, running out and leaving me there for the remaining morning ...

I just sat there waiting for the HR checkout talk, only to lean towards rejecting the position...

Fucking waste of time, and in the end the feedback was they doubted MY TECHNICAL SKILLS ... And wouldn't make me an offer 😂👍 nice story bro...

K THX BAI!

* How other sites charge for a domain name
- The domain (abc.com) is available
---- Price => $14

* How AWS charges
- Your domain (abc.com) is available
--- Domain name => $18.99
--- DNS resolution => $17.88
--- Hosted zone (1) => $10.97
--- Route53 Interface => $45.67
--- Network ACL => $63.90
--- Security Group => $199.78
--- NAT Gateway (1) => $78.99
--- IP linking => $120.89
--- Peer Connection => $67.00
--- Reverve Endpoint => $120.44
--- DNS Propagation => $87.00
--- Egress Gateway => $98.34
--- DNS Queries (1m) => $0.40
--------------------------------
---- TOTAL => $2903.99
(Pay for what you use... learn more)
--------------------------------

Series of events between me (Mi) and dude in office (DIO).

Instance 1
DIO: There is not psql installed on staging.
Mi: Install it.
DIO: YUM is not working.
Mi: *tries yum it works* It is
DIO: Oh. Didn't work earlier.
Mi: *blank* Make sure you install 9.6
DIO: Cannot find psql
Mi: *types psql, it is already installed*
DIO: Oh, didn't work earlier.

Instance 2
DIO: Made this change to the API, the endpoint is not returning the right value
Mi: *restarts server, shit starts working*
DIO: I am pretty sure I did that, don't know what happened.

Instance 3
DIO: Cannot alter role to give login to this db user.
MI: *runs alter role db_user with login* works
DIO: Don't know why it wasn't working before.

Instance 4
DIO: I have been stuck on this test for the past 1 day, cannot get the API to return the right data while the Rest Endpoint works fine.
Mi: You are hitting the wrong endpoint in the test.
DIO: Oh, I put an extra 's'
Mi: BTW you are testing Spring-Boot with that test and nothing else.
DIO: Yes but what if Spring Boot has a bug?
Mi: ok.

- WE NEED TO KNOW THE VERSION OF THE SYSTEM THIS INSTANT!
"what? version? wtf are you talking about"
- THE CLIENT HAS I.T. GUIDELINES TO STRICT CONTROL THE VERSION OF EACH SOFTWARE VENDOR'S SYSTEMS!
"We are not a 'software vendor', we provide them consulting on logistics!"
- THEY USE OUR WEBSITE! THIS MAKES US A SOFTWARE VENDOR!
"Wouldn't that make 'google' their vendor too?"
- IM SURE THEY STRICTLY CONTROL GOOGLE'S VERSION TOO!
"I'm pretty sure they don't. But, whatever, that do answers the question of what they want. Some paperwork jockey wants a meaningless number to fill a form, let's give'em one"

I just had someone make an API endpoint where they can ask "the version", and it is just the number of commits in our production branch. For lols, we even 0-fill and split every three magnitude orders with a dot, so we're in version 0.012.345 or something.
Major version upgrade every million commits!

Fuck those guideline-parrots who are unaware that words sometimes have meaning, and sometimes not.

Task:
- Replace a 4 year old PHP API.
Old API:
- PHP script writing PHP scripts to /var/www/ for every endpoint needed
- Answers everthing with 200 (not even 404)
DB:
- MySQL 5.6
- ~ 1000 Tables, NO FUCKING FK's
Documentation:
- "Wasn't worth the effort"
New API:
- Not allowed to behave any different
.
.
.
😭

The nightmare continues.

Currently dealing with a code review from a “principal” dev (one step above senior), who is unironically called a “legendary dev” by some coworkers. It’s painfully obvious he didn’t read the code, and just started complaining and nitpicking.

It’s full of requests to do things that make absolutely no sense, and would make the code an unmaintainable mess.
• Ex: moving the logic and data collection from the module’s many callers into the module instead of just passing in the data.
• Ex: hiding api endpoint declarations by placing them in the module itself, and using magic instance variables to pass data to it. Basically: using global functions and variables instead of explicit declarations and calls.
• Ex: moving the logic to determine which api endpoint to use, for all callers, into the view.

More comments about methods being “too complex” (barely holds water) right next to comments saying “why are these separate? merge them together!”

Incredulously asking how many times I’m checking permissions and how ridiculous it all is. (The answer? Twice.)

Conflating my “permissions” param and method names with a supposedly forthcoming permissions system overhaul, and saying I shouldn’t use permissions because my code will all have to get rewritten. Even if that were true, and it’s likely not, the ticket still needs to use the current permissions. I can’t just ignore them because they might be rewritten someday.

Requests to revert some code cleanup because the reviewer thought the previous heavily-nested and uncommented versions (with code duplication) were easier to read. Unsurprisingly, he wrote them.

On the same ticket, my boss wants me to remove all styling and clientside validation, debouncing, and error messages from a form. Says “success” and “connection failed” messages are good enough. The form in question sends SMS and email using arbitrary user input for addresses. He also says it shouldn’t be denounced on the server, and doesn’t want me to bother checking permissions. Hello, spam!

Related: the legendary dev reviewer says he can’t think of a reason why we would want to disable the feature for consumers, so I should remove the consumer feature flag.

You can’t make this stuff up.

Today's highlights include:

The offshore team has put code gems in production featuring the example code generated on project startup that you're supposed to delete or overwrite, an API endpoint that just returns the value 5, and various debugging console.logs. it's a delight reading their code.

My boss also forgot the meeting he called me in for so I've been sitting here waiting for 20 minutes when I could have gone home. I'm glad it's friday

API endpoint 1: needs dates in utc formatting

API endpoint 2: needs dates formatted yyyy-mm-dd

There was maybe one of the coolest methods of apply for a job. There was a company in Sydney on linkedin on the apply href for the job was pointing to localhost (might of been a accident) so you had to find their website and with the trailing url get to the page then they said to send OPTIONS request to a endpoint here you got a link to a api doc to where you send a POST to apply for a job they had a example body to use. So sending the Post request with with postman required headers so looking more into the doc it gave the headers needed. Now the example body for the post had some errors in it and once they are fixed you can then submit the request.

NOW thats the way to find competent developers shame I'm not one of the.

Pro Tip: if you're building a developer REST API, don't forget to add a sample response to each endpoint. I don't want to have to test each one when I'm building my integration, I'd rather build my model in one go with the documentation displayed on a second monitor.

Auth Endpoint:

user name and password correct:
- response 200: with session key and profile info
user name and password incorrect:
- response 200: blank

smh

Assigned to a new project team..

Using git, in a creative way. So.. "master" is "dev" branch, usually. Everyone can push their branch to dev server .. so it's "dynamic for us". Production branch is whatever, as long as the branch has the release version. Sometimes, the release comes from "master".. that mean "dev" in normal geek..

That's just Git. The source code is a saturated spagetti of Entity framework and Caliburn. It is littered with antipatterns, especially basebean. Holy Christmas and Easter that baseclass do a lot of stuff that has no place as a base class ..

Fucking frameworks, I'm gonna start to evangelize frameworks as the no1 antipattern.

MS SQL as the main DB, but is dumped to json FILES through a scheduled task to increase read performance on web.

There is a soap endpoint to expose the json files, fml..

I am assuming I was placed here to improve stuff, I have never in my life seen anything like this before.

There is a special place in hell for this repository

They've literally left me with nothing to do. I'm doing nothing. I can't be happy doing nothing.

To illustrate the chaos: Everyone on the team was trying to figure out some defect. No one knows what is going on in the code. It's unlike anything I've ever seen.

I found an API call with a misspelled endpoint. It was wrong since the code was written two months before. There's no way it ever worked. Obviously no one tested the code because they would have immediately seen that the call returned a 404 every time.

I fixed it. That was my only PR in about a month. It was literally one character.

The next week that PR got reverted. Apparently the app works better if the API call fails. No one said what goes wrong if the request is made, just that it "causes problems."

That's how bad it is. No one knows why anything does or doesn't work. People write code that doesn't work, never test it, and the application works better in some unspecified way if that code never gets executed.

The last straw for me was when an architect told us that if we want to improve our skills we need to learn how to read and debug stuff like this.

1) Not to be immodest, but I'm good at figuring out bad code.
2) Just because I can doesn't mean I want to do it all day instead of actually developing software
3) He trivialized the really important skill, not making a mess like this in the first place. If his idea of skill is to sling crap without tests at the wall and then debug it, how is he an architect?

I tried really hard but I can't keep a good attitude. I don't want to become toxic, but why would I consider working that way? I try my best to be good at this. Writing decent code means a lot to me. It should mean a lot to them. Their code is costing them hundreds of thousands of dollars. Maybe millions.

I can't write good code and add value if all I do is debug bad code.

So I'm out. I'm going to another project. Have a nice life.

Really just an average week.
Just feel I need a bit of venting. (:

@meet: (monday)
- mgr: we need video transcoding and VOD ASAP.
- dev: on what server? It's expensive, especially without a GPU.
- mgr: prod is beefy. Put it there.
- dev: everything else is gonna crawl then.
- mgr: you have till the end of this week.

@demo (Friday)
- dev: k, it's ready.
- mgr: Why is everything slow??!
- dev: transcoding. Expensive.
- mgr: Why do we transcode? Never said I wanted transcode!
Can't we upload to YT?
- dev: ...yes. But will then each customer that wants VOD will need to setup YT studio and provide an endpoint and stream key.
- mgr: OK. But we're now behind schedule because of this and the customers will not be pleased.
- dev: oh, didn't know we're into gaming.
- mgr: ???
- dev: nvm, see you Monday.

...
Later Friday evening
...
*ding* mgr has added 5 new tasks to your list.
*ding* mgr subtracted 30 points from you.
reason: deadline over due.

Ya ya, the usual shenanigans.
Time to mute for the weekend.

My own personal hell was a html page that had a script tag that called a rest endpoint that sent back a text block of JavaScript that was then dynamically executed to redirect the user to a php 3 page that was the exact same thing as the original page but with an extra bit of css to make the buttons blue and slightly rounded

You can’t make this shit up

"We use WSDL and SOAP to provide data APIs"
- Old-fashioned but ok, gimme the service def file
(The WSDL services definition file describes like 20 services)
- Cool, I see several services. In need those X data entities.
"Those will all be available through the Data service endpoint"
- What you mean "all entities in the same endpoint"? It is a WSDL, the whole point is having self-documented APIs for each entity format!
"No, you have a parameter to set the name of the data entity you want, and each entity will have its own format when the service return it"
- WTF you need the WSDL for if you will have a single service for everything?!?
"It is the way we have always done things"

Certain companies are some outdated-ass backwater tech wannabees.
Usually those that have dominated the market of an entire country since the fucking Perestroika.

The moment I turn on the data pipeline, those fuckers are gonna be overloaded into oblivion. I brought popcorn.

Fuck (some of) you backend developers who think regurgitating JSON makes for a good API.

"It's all in JSON. iOS can read JSON, right?"
A well-trained simian can read JSON, still doesn't mean it can do something with it. Your shitty API could be spitting out fucking ancient Egyptian for all I care, just make it be the same ancient Egyptian everywhere!

Don't create one endpoint that spits out the URL for the next endpoint (completely different domain, completely different path structure). Are you fucking kidding me?

As if that wasn't enough, endpoints receive data structured in one way, but return results in another!! "It's all JSON", but it's still dong.

How do I abstract that, you piece of shit? Now I have to write ever so slightly different code in multiple places instead of writing it only once.

How the fuck do I even model that in a database?

Have a crash course on implementing APIs on the client side and only come back when you're done.

Morons.

!rant
I'm an idiot. I freely admit this. I spent a solid 3 hours on a new endpoint in a WCF service, only to have it looked upon and told to fix it. I knew that the service I was calling didn't work like that. I did, I knew it. I didn't think about it while coding the endpoint, but I knew it. At least the changes only needed to happen in one file, and only took about 25 minutes with tests and all. But damn it, I knew better. I looked at my buddy, straight in the eye, and told him "Told you I was an idiot." He laughed, I laughed, the table laughed, we killed the table. It was a great time!

Isn't it just nice to throw away hours of work because you were given wrong requirements?

I worked late last night to finish a project with an incoming deadline, and for what? That's right, for fucking nothing. Hours wasted. Just because I was told the form was to be submitted to an endpoint that I would receive later on.

Turns out that what I actually need to do is embed some form from a third-party service. So the form that I already implemented (with styles and logic) isn't needed. What's worst, I have to redo all the styles to match this embed form.

Thank you so much for that. 🖕Never again will I work late. I should have known better by now...

Securing a php endpoint:

if($_GET['secret'] != "qwerty") {
die();
}

Partner of ours claimed they are going to update their api. No breakage. My hopes were low and they did not disappoint.

Soon after the new version of their api went live, of course, loads of breakage. And the email contact with them is really fun.

Me: "Hello, since your update we get the issue A. Here's the complete communication."

Them: "We did not change the existing behavior. You are doing X wrong. Repeat that one call during the step and you should be fine."

Me: "Thank you, if I repeat the call, it does indeed work, albeit slower, since we are now repeating calls. Furthermore, our application was consuming your api for years and we did not change anything. So why is that step necessary now? Only after your update do our logs show errors from your API. And by the way, we now also have a issue with B. Why is that?"

Them: "Oh that's because your query the endpoint with "Fnord", try "Baz".

Me: "Yes, I do know that we query it with "Fnord" as that is what a previous endpoint of yours is responding to us. Why are we getting "Fnord"? What request do I have to make to get a "Baz" back?"

It feels like a game of wackamole. Squash one issue, ten more will pop up. I am one step away from becoming active-aggressive.

Just released version 1 of my first API! For this project I did everything the way I wanted to, no shortcuts! I documented the shit out of every endpoint and parameter. Everything is throughly tested and it’s dockerized. I also have metrics for each endpoint (with Grafana in the frontend, which I love) as well as alerts in case it would go down for some reason.

I prepared all of this before deploying it out into the wild and damn, it feels so good. Probably no one will use it but I don’t care. It’s one of those projects where you have to force yourself to go to bed at 2 AM.

Just some thoughts. Don’t really have any techie friends so figured maybe someone here recognizes that feeling. Also I wrote it in Python, such a pleasant language.

So we have an API that my team is supposed send messages to in a fire and forget kind of style.

We are dependent on it. If it fails there is some annoying manual labor involved to clean that mess up. (If it even can be cleaned up, as sometimes it is also time-sensitive.)

Yet once in a while, that endpoint just crashes by letting the request vanish. No response, no error, nothing, it is just gone.

Digging through the log files of that API nothing pops up. Yet then I realize the size of the log files. About ~30GB on good old plain text log files.

It turns out that that API has taken the LOG EVERYTHING approach so much too heart that it logs to the point of its own death.

Is circular logging such a bleeding edge technology? It's not like there are external solutions for it like loggly or kibana. But oh, one might have to pay for them. Just dump it to the disk :/

This is again a combination of developers thinking "I don't need to care about space! It's cheap!" and managers thinking "100 GB should be enough for that server cluster. Let's restrict its HDD to 100GB, save some money!"

And then, here I stand trying to keep my sanity :/

Let’s see I suppose the most pissed off I’ve been at work would be....

Being blamed for a clients mistake when their newsletter email settings where being changed over to a new mailing system but during the change over they wanted to still send out mail using the old list. So a single endpoint was kept in place so they could send one last newsletter out after it was approved as part of the migration and they were to inform us when they were done so we could change that endpoint over.

Several months later when everyone had long forgotten about it, the client tried to send another mass mail out using the old endpoint and complained when no emails had been sent.

I was blamed for making this mistake even though management approved the fucking old endpoint to be left in place at the clients request against my concerns that someone’s going to forgot about this and I was never informed to swap it over.

I quit on the spot and walked out the door after that.

Not ONLY does the new code a coworker wrote straight up not work (and they somehow managed to merge it to master) but it also broke an entirely unrelated endpoint due to an abstraction they tried to make. Very clear they didn't even run their code at all.

Ok, so our team is responsible for writing an app that consumes an API written by the client's team (I refuse to call it a "REST" API, despite their claims). On one of the clarification meetings we are discussing an endpoint that accepts a (logically) unique field multiple times, even though an entity is already registered in the system with that unique identifier. Our proposal would be that this API of theirs should not happily accept duplicates as many times as there are bits on a 4TB hard drive, rather it should signal an error.

The response we got is this: Due to the Separation of Concerns principle they thought that it should be our app's responsibility to not send a request if an entity with said field is already in the system. Thus there's no need for the backend to validate this.

I didn't hear the next part, because I had to collect my headphones from the other side of the room where they were flung in rage.

What kind of fucktard thought it was a good idea to include html in their API endpoint? 3€ per 1000 requests? YOU should be the one paying me to deal with this shit. Even enforcing class classnames...

Sometimes I wished people had a REST endpoint to query their (mental) status ....

"It works on our end", the sentence that made me lose my shit.

I've been working on a project were we're supposed to integrate an API into our system.

When trying to get some user id's (UUID) from said API, we got a type-error in the response (???), so I called their integration support and asked what the fuck they were doing (not really, i was kinda calm at this point).

The answer I got was following:

Integration guy: "Uh, bro, like, I don't even know, it's probably on your end"

Me: "We literally used this endpoint with the same parameters yesterday, and got a result we expected. I noticed you updated your API this morning, did you make any major changes?"

Integration guy: "Yeah we changed the type of user id from string to number"

Me: "So, you changed the type of a UUID (uuid4) from string to number? How did you not think that would be an issue? I can see in your forums that everyone else is having the same issue."

Integration guy: "Nah, it's probably a bug in your code, it works on our end"

Me in my mind: *IT WORKS ON YOUR END?!? IT DOESN'T FUCKING MATTER IF IT WORKS ON YOUR END, FUCKTARD.*

What I actually said: "Uhm, I'm not sure if works on your end either, I'm not even sure how this change made it to production. But hey, thanks I guess, bye."

WHY AM I NOT ABLE TO YELL AT PEOPLE WHEN THEY ARE BEING RETARDED???

But really though, when you're maintaining an API, you shouldn't fucking care if things work on your end in your dev environment. What matters is how it works in production, for the end user/users.

And I know that 99% of cases it's the users fault by entering the wrong parameters or trying to request with wrongly setup auth and what not, but still.

Don't ASSUME nothing's wrong on your end. It's your fucking job to fix the issues.

And guess what? The problem was on their side.
I'm going fucking bald.

Really loving the instant legacy code being added to our new project by devs who think they are too good to follow our peer review process, yum... today I found out that there are two different implementations of an API endpoint that does the same thing running in prod, in two different places, because the guy who wrote the second one wasn't aware that the first one existed and didn't let a second developer look at it before he pushed it to master.

Facebook API...

Facebooks "graph" or API's in general fucking stink donkey dick.

Their implementation of oAuth is horrible.. 3 different tokens, which can be either short or long lived, for fetching a facebook page feed (the clients own facebook page)
To that you add a clientID and a ClientSecret.

Great... after painstakingly reading confusing documentation and itching your head... You get it to work.

Then they, without notice, makes a breaking change of deprecate an endpoint you were using.. Jesus..

And all the support you can get comes from a "community group" which may or may not reply with a generic link to their documentation...

To all the data engineers in here: WTF is going on in your field?

I've worked closely with a dozen data engineers in the last 5 years (and talked to friends and internet strangers about this and get similiar responses), mine if them seem to know how to use a computer!

They don't understand git, ORMs, best practices, how to use a terminal, DAGs (important for using modern ETL scheduling tools like airflow and prefext), etc

Guys with 10 years of experience on their resume and they can't wrap a model into a flask app with 1 endpoint. They'll reference local files on their machine in w jupyter notebook and are shocked it won't work on other computers!

I feel like Coronavirus related API endpoints should only be made available using SOAP

So ok here it is, as asked in the comments.

Setting: customer (huge electronics chain) wants a huge migration from custom software to SAP erp, hybris commere for b2b and ... azure cloud
Timeframe: ~10 months….

My colleague and me had the glorious task to make the evaluation result of the B2B approval process (like you can only buy up till € 1000, then someone has to approve) available in the cart view, not just the end of the checkout. Well I though, easy, we have the results, just put them in the cart … hmm :-\
The whole thing is that the the storefront - called accelerator (although it should rather be called decelerator) is a 10-year old (looking) buggy interface, that promises to the customers, that it solves all their problems and just needs some minor customization. Fact is, it’s an abomination, which makes us spend 2 months in every project to „ripp it apart“ and fix/repair/rebuild major functionality (which changes every 6 months because of „updates“.

After a week of reading the scarce (aka non-existing) docs and decompiling and debugging hybris code, we found out (besides dozends of bugs) that this is not going to be easy. The domain model is fucked up - both CartModel and OrderModel extend AbstractOrderModel. Though we only need functionality that is in the AbstractOrderModel, the hybris guys decided (for an unknown reason) to use OrderModel in every single fucking method (about 30 nested calls ….). So what shall we do, we don’t have an order yet, only a cart. Fuck lets fake an order, push it through use the results and dismiss the order … good idea!? BAD IDEA (don’t ask …). So after a week or two we changed our strategy: create duplicate interface for nearly all (spring) services with changed method signatures that override the hybris beans and allow to use CartModels (which is possible, because within the super methods, they actually „cast" it to AbstractOrderModel *facepalm*).
After about 2 months (2 people full time) we have a working „prototype“. It works with the default-sample-accelerator data. Unfortunately the customer wanted to have it’s own dateset in the system (what a shock). Well you guess it … everything collapsed. The way the customer wanted to "have it working“ was just incompatible with the way hybris wants it (yeah yeah SAP, hybris is sooo customizable …). Well we basically had to rewrite everything again.
Just in case your wondering … the requirements were clear in the beginning (stick to the standard! [configuration/functinonality]). Well, then the customer found out that this is shit … and well …

So some months later, next big thing. I was appointed technical sublead (is that a word)/sub pm for the topics‚delivery service‘ (cart, delivery time calculation, u name it) and customerregistration - a reward for my great work with the b2b approval process???

Customer's office: 20+ people, mostly SAP related, a few c# guys, and drumrole .... the main (external) overall superhero ‚im the greates and ur shit‘ architect.
Aberage age 45+, me - the ‚hybris guy’ (he really just called me that all the time), age 32.
He powerpoints his „ tables" and other weird out of this world stuff on the wall, talks and talks. Everyone is in awe (or fear?). Everything he says is just bullshit and I see it in the eyes of the others. Finally the hybris guy interrups him, as he explains the overall architecture (which is just wrong) and points out how it should be (according to my docs which very more up to date. From now on he didn't just "not like" me anymore. (good first day)
I remember the looks of the other guys - they were releaved that someone pointed that out - saved the weeks of useless work ...

Instead of talking the customer's tongue he just spoke gibberish SAP … arg (common in SAP land as I had to learn the hard way).
Outcome of about (useless) 5 meetings later: we are going to blow out data from informatica to sap to azure to datahub to hybris ... hmpf needless to say its fucking super slow.
But who cares, I‘ll get my own rest endpoint that‘ll do all I need.

First try: error 500, 2. try: 20 seconds later, error message in html, content type json, a few days later the c# guy manages to deliver a kinda working still slow service, only the results are wrong, customer blames the hybris team, hmm we r just using their fucking results ...
The sap guys (customer service) just don't seem to be able to activate/configure the OOTB odata service, so I was told)
Several email rounds, meetings later, about 2 months, still no working hybris integration (all my emails with detailed checklists for every participent and deadlines were unanswered/ignored or answered with unrelated stuff). Customer pissed at us (god knows why, I tried, I really did!). So I decide to fly up there to handle it all by myself

The Instagram API sucks a Lot.

Why the fuck I've to login with my account using OAuth2 to get posts of a PUBLIC account, it's so hard to make an authentication endpoint that doesn't require the user to enter his credentials in order to access PUBLIC content?

Fucking piece of shit

ME: Here's an endpoint to get all the textual info about the entity. And this one fine endpoint is to fetch entity's files

FrontEnd: This is no good. I need all entity info in a single JSON

ME: but files could be quite heavy, are you sure you wan...

FE: Yes, Just give me all the info in a single JSON

ME: okay... I hope you know what you're doing..

ME: <implemented as requested>

ME: <opens a webpage with 2 files attached>
Browser: <takes 30 seconds to open a page and downloads 30MB of data in the JSON>

ME: As mentioned before, your approach is a performance killer

FE: No worries, we'll fix that in the next version. First let's see if anyone will be using this feature at all - maybe it's not even worth working on

ME: <thinking> I know I would NOT be using an app if it takes over half a minute to open up a chat channel. FFS I wouldn't even be using Slack if it took 30 seconds to open some other conversation, because for some reason it wanted to fetch all the uploaded files along with all the messages each time a channel is clicked on.....

ME: <thinking> this project is doomed :(

Making an API REST endpoint in laravel, adding this just for the fun XD

New Avatar item and no update? Are the items in the avatar builder fetched from the api? Would be an interesting endpoint for my api docs.
Will do research.

The company considers the project manager I work with to be the best. After working with him, I consider him to be everything that is wrong with project management.

This PM injects himself into everything and has a way of completely over-complicating the smallest of things. I will give an example:

We needed to receive around 1000 rows of data from our vendor, process each row, and host an endpoint with the data in json. This was a pretty simple task until the PM got involved and over complicated the shit out of it. He asks me what file format I need to receive the data. I say it doesnt really matter, if the vendor has the data in Excel, I can use that. After an hour long conversation about his concerns using Excel he decides CSV is better. I tell him not a problem for me, CSV works just as good. The PM then has multiple conversations with the Vendor about the specific format he wants it in. Everything seems good. The he calls me and asks how am I going to host the JSON endpoints. I tell him because its static data, I was probably going to simply convert each record into its own file and use `nginx`. He is concerned about how I would process each record into its own file. I then suggest I could use a database that stores the data and have an API endpoint that will retrieve and convert into JSON. He is concerned about the complexities of adding a database and unnecessary overhead of re-processing records every time someone hits the endpoint. No decision is made and two hours are wasted. Next day he tells me he figured out a solution, we should process each record into its own JSON file and host with `nginx`. Literally the first thing I said. I tell him great, I will do that.

Fast forward a few days and its time to receive the payload of 1000 records from the Vendor. I receive the file open it up. While they sent it in CSV format the headers and column order are different. I quietly without telling the PM, adjust my code to fit what I received, ran my unit test to make sure it processed correctly, and outputted each record into its own json file. Job is now done and the project manager gets credit for getting everything to work on the first try.

This is absolutely ridiculous, the PM has an absurd 120 hours to this task! Because of all the meetings, constant interruptions, and changing of his mind, I have 35 hours to this task. In reality the actual time I spent writing code was probably 2-3 hours and all the rest was dealing with this PM's meetings and questions and indecisiveness. From a higher level, he appears to be a great PM because of all the hours he logs but in reality he takes the easiest of tasks and turns them into a nightmare. This project could have easily been worked out between me and vendor in a 30 min conversation but this PM makes it his business to insert himself into everything. And then he has the nerve to complain that he is so overwhelmed with all the stuff going on. It drives me crazy because this inefficacy and unwanted help makes everything he touches turn into a logistical nightmare but yet he is viewed as one of the companies top Project Managers.

Instructions on how to become suicidal:

- Create an API controller for the /file/ path
- Add an empty endpoint for POST /file/upload (will write it later!)
- Forget about this endpoint at some point
- Later, create a page for /file/upload
- GET /file/upload returns page
- POST /file/upload returns empty 200

Pure psychological horror for like an hour Googling why the fuck my razor page is returning empty responses and my breakpoint on OnPost is not fucking hitting even if I copy and paste example code from the ms website

Oh yeah, that controller.

One of my first projects involved a python server. This was before I even knew about CD/CI, so we were updating by ssh-ing in, pulling, and killing the process.

My solution? Make an endpoint that pulls the repo and intentionally crashes the server to restart it. We used it for two years.

This is the last part of the series
(3 of 3) Credentials everywhere; like literally.

I worked for a company that made an authentication system. In a way it was ahead of it's time as it was an attempt at single sign on before we had industry standards but it was not something that had not been done before.

This security system targeted 3rd party websites. Here is where it went wrong. There was a "save" implementation where users where redirected to the authentication system and back.

However for fear of being to hard to implement they made a second method that simply required the third party site to put up a login form on their site and push the input on to the endpoint of the authentication system. This method was provided with sample code and the only solution that was ever pushed.

So users where trained to leave their credentials wherever they saw the products logo; awesome candidates for phishing. Most of the sites didn't have TLS/SSL. And the system stored the password as pain text right next to the email and birth date making the incompetence complete.

The reason for plain text password was so people could recover there password. Like just call the company convincingly frustrated and you can get them to send you the password.

Neat! Someone made a JSON endpoint for COVD19 numbers.

Today I told 3 devs that they either get their shit together or they can pack their things and look for a job.

I can get easily pissed, but it's rather rare for me to get to that point easily.

Now my dear friends, can you guess what they did?

I give you a hint...

They made a test suite validating a network library.

So we have roughly 200 plus lovely splitted tests, neatly put in a directory structure - lovely organization.

(I might have written in the ticket that as a requirement... Cause I know my lil hellspawns)

But as I started looking at some tests, there was always something missing...

Network library...

So we needed to create an endpoint... And handle of course the tests communication with the endpoint *somewhere*.

I'd guess you know already what these mofos did...

Yeah. We have one class.... That handles all tests endpoints... Via different methods... Plus additional methods like utility functions....

The ticket was easy they said.

Me chewing their heads off was easy too.

Jesus Christ, I really doubt sometimes that some devs are able to go to a toilet.

Maybe thats the reason some wear baggy pants - easier to hide the pampers.

*rolls eyes*

Be me

Have a company wide incident happen during on call

Say you're rolling back a change in a service that might have been the cause

Have someone laugh and say that change was just a new endpoint and completely unrelated

Be embarrassed

Have a senior director point out the code change that was the issue

Embarrass yourself in front of the entire company (it impacted everyone)

But hey atleast it wasn't my change

Companies that create APIs and then update them but fail to update the documentation, to a point where the syntax doesn't even remotely resemble how it originally was, or even give the location of where the new endpoint is.
WHY MUST YOU MAKE MY LIFE HELL

Received feedback on a task I made for a job interview (I didn't get a technical interview).

The task was easy with nothing special about it that made me think if that's what the job is like, I don't want to work there. It was a simple web page with search functionality. I did the task anyway.

The feedback I got was useless. It said that I made a complex and an over-engineered solution.
What I made, mind you, was a one endpoint API and a single Vue.js component instead of using jQuery to update the results. That's it. OVER-ENGINEERED!

Complete waste of time.

The world: we found a cure for AIDS.
Hacker news: I don't see a RESTful api endpoint for that, so it's useless.

// My First Rant

We have a developer that almost everyone adjust to what he want to avoid talking or working with him.

I have office mates that doesn't want to give tasks to him just to avoid working with him.

Even our devOps guy just did what he want so he would stop talking.

One bad experience of our devOps guy with him is that his infrastructure or other AWS stuff was blame why his APIs is not working. It turns our that his url for the database has FUCKING SPACES.

Not sure if a good practice but he wants the base url of our Endpoint to be set in environment variables instead of having DEV/PROD/TESTING and base the endpoint from there.

He said that he was given permission to study a language but he doesn't even ask for permission.

Few years ago as a junior android dev with couple years of self taught experience of working in startups I submitted a simple android app assignment for a junior android dev role. Assignment had only like 8 requirements so I followed them to the letter. That didn't end well.

App was simple just 3 screens. Login screen with username and password input fields, login button.

Had to call a login endpoint after login button was clicked, redirecting to home screen, calling items endpoint, displaying a list of items and when an item was clicked passing item data and redirect to item details screen.

Needless to say big swinging dick senior was not impressed. UI was not perfect, I forgot to display a loading animation when fetching data, didnt handle back button properly.

I agreed with some points but other comments were clearly just nitpicking: his preferred variable naming conventions, his opinions on architecture that was not up to his standard (official google arch at the time was not up to his standard).

He also was mad that app wasn't prepared for release to googleplay (another out of the ass requirement). Like I would prepare a 3 screen app for prod release that he will forget ever existed after 20min of his review.

Lots more of nitpicking, encapsulation this encapsulation that, omg now hes shocked that there are a few warnings after the project is built.

Regardless my self confidence was destroyed at that point and after few more negative experiences I dropped android dev alltogether for a couple years and switched to game dev.

After game dev ran its course I went back to android dev and found a supportive place where I could grow.

Looking back, they were actually hiring atleast a mid level for a junior position but I was grilled as a senior. The guy literally didnt wrote any single positive thing in that review about my code even tho my senior peers said my project was decent back then, its just that I didnt handle a few edge cases and that's all.

I looked up the guy in linkedin, turns out hes a uni dropout who posts all books that he red about software dev in his education section of his linkedin profile. Found a bunch of other narcissistic stuff on his profile. Guy was a fucking idiot. Even if I worked under him it would have probably sucked.

Learned some important lessons I guess. Always get a second, 3rd and 4th opinion and dont take criticism too seriously. Always check what kind of person is providing feedback.

Boss: Where should i put this piece of code so the android app will work correctly?
Me: Maybe here and we run some tests.
Boss: What? You built the app so you have to know where I should write the code for the endpoint and your app will work. No time for tests. And no update.

Fuck you boss.

Can someone help me settle an argument with a coworker?

So let's say there is a REST interface that returns a PDF representation of an resource...but it requires the authorization header in order to authorize that you have access to the document in question.

And let's say there is a link on the page that redirects to this endpoint to serve up the document. He thinks you can add a header to the HTTP request that goes out when you click on the link (a regular old anchor tag) with onclick without making an xhr call.

I told him that you would have to use an xhr call to add headers, and that even then you would receive a byte stream back, which without using a blob and an object url or a data uri you wouldn't be able to display it in a new tab or start a download.

Regardless he went on to tell me I was wrong. The next day he said he had done it. I asked him to show me, and he said "oh it's at home", and then proceeded to ridicule me in front of my architect. He always pulls this one up's man ship bullshit and I hate it. And I am pretty sure he's wrong.

I'm working on a laptop in the shop and Explorer crashes. I try restarting it, and get RPC endpoint call errors. On reboot, I get this.

Russian roulette but 3 will probably crash instead of 1.

Was writing a functional test in AdonisJS that queries an API endpoint with data and my test stays red with a dainty `expected 500 to equal 200` assertion failure.

In frustration, I yelled "What must I fuchen do to get my 500 to become a 200". Then my dev friend, an absolute fuchen genius tells me, "Subtract 300." I hope the prat stays debugging his code for a week!!

Strap in...

- Previous employer
- 3rd party partner firm
- integration link between both over SOAP
- Both sides riddled with poor code and messed up political structures (partner firm CEO is an investor in my employer)
- Doing a deployment to update to https (I know)
- Keep http endpoint live
- Other side starts shitting itself
- Diagnose
- Not us
- feelsgoodman.tiff
- Get angry email
- Explain not us
- Back and forth
- Tell client it’s “irrelevant” on https issue, it’s their side that’s gone wrong
- Get angry reply with boss cc’d about how nothing is “irrelevant” for the client
- We all had to have a make up meeting and meal
- Client was calm and reasonable, all agreed we just snapped and it wouldn’t happen again
- 2 weeks later
- Their system shits itself again and suddenly we’re on the hook
- BA on my team (smarmy little bastard) constantly fucking me off
- Get so close to actually screaming and hitting him

So yeah. I don’t tend to hold that a job is more important to me than my dignity.

I have and will never hold my tongue for the sake of a job, I’m not gonna put up with people shouting / belittling / backstabbing etc.

When I was really new to JavaScript, I wanted to create an image gallery with images which I stored in a MySQL database. Well, I did not really had a clue how to load all the image sources into my JavaScript to load the images. I also didn't know much about fetching an endpoint of my website to get the data asynchronously.

I also wasn't a good database architect at that time and my database had an image table wich was for the gallery. Within this table there were multiple columns for one image slider (there should be multiple sliders on one page in the gallery (I know... 🤢)).

So I ended up writing an PHP loop wich printed Javascript loops for each row in my images table. Within my JavaScript loop I created the sliders and set the images.

In my defense I can say: It worked. 😅

It hurts to remember this. And I hope you won't judge me.

We have a new hire, and he doesn't know much so he is receptive when given feedback on better ways to handle a situation...Or at least, he appears that way. Until the next time and he didn't listen at all.

Today I'm working on the front end to match his API calls. I ask him about a list of options for one of the fields, as he didn't provide that info initially. No worries, there was a lot, easy to miss. He responds with a list of ~100 options, which he copied and pasted from, I'm assuming, their documentation. I tell him that's too many options to hard code, as there is an easy chance to have an error or for there to be one added or deleted, and ask if there is an API endpoint to get the list.

He then asks if I need the key and value, or just key. I tell him if he needs the value(human readable) then he can send me just the value, otherwise both. He says he just needs the key, so I let him know that I need both then, as the value is human readable. He says okay.

He proceeds to make the endpoint, I test it. Then I look at the code he wrote. Not only did he not send me both, he just sent the keys, but he hard coded all 100 keys as opposed to making the call to the external API.

Being the only dev in charge of the project, makes you the one to be blamed for.

The God saviour, shiny armoured back end developer that joined the "team" (only me) to help into this new project Just Said in a meeting:

- "I wont code anything for this new project, I can't get the point of It"

So every meeting was
- "why feature X is not ready?"
- "I'm waiting the endpoint for It"
- "well, then mock It"

Now I fucking give up.
One month mocking things and "presenting" features that don't even exist.

Me: The dev agency didn’t follow best practices. They only implemented front end validation on the form. The form submits to a public endpoint, so bots don’t have to go through our site to submit the form. That’s why our database is still filled with $1 donation transactions. I honestly recommend telling this to the dev agency and request that you not be charged for the extra work needed to do this right.

Manager: They charge $95/hr and they’re billing for 8 hours already.

[Aside: The agency’s task was to implement a $10 minimum on the form, do some text changes, and deploy.]

Me: I would expect work to be done according to accepted best practices. It’s really a half done job.

Manager: But they were very helpful when we had that payment processing emergency. They stayed late to help us. We shouldn’t push this in case we need their help again. Can you do the backend validation? [We are in US and agency is in Lithuania.]

Me: 🤬😩😑🤐[To myself: This wouldn’t have happened if the fundraising team hadn’t panicked and would only wait until I came back from my one day of PTO.]

This is the story of the API documentation.
Which btw I couldn't find on the producent's website anywhere. I had the pdf shared with me by a coworker.

I knew the api was fucked up the moment I looked at endpoint documentation.

GET params? WHERE, ORDERBY etc. Literally make a SQL select in a GET request.

Returned stuff? The whole thing. Not some DTO, you literally get everything you can get.
Eg if you get IP in your response, you get it in several formats: dotted form, as hex, and as int. In 3 different json fields.

Oh, and regarding IP - one would imagine you can use masks or prefixes for subnets, right? Nope. The only param you can use there is the subnet size. So you have to calculate the power of 2 every time you want to make a request.

That's from the endpoint documentation. But what about some general info on the API, before all that?

As I was looking for something, I decided to read that intro and general info about the API.

Okay, so there was a change log between API versions. "removed [endpoint which sounds like correct REST design], please use [this generic thing with SQL-like GETs]"... Several of them.

And there was also this sentence which said that the API is not restful, "it's REST-like". <facepalm>

If it was a bad attempt at REST API, I would let it go. But this sentence clearly showed they knew they did everything wrong. And the changelog showed they didn't stop there, they were actively making it worse.

Kinde messed up my first contract.

I am a senior frontend dev who until now worked only on full time gigs. For the first time I picked up a short term gig of 1 week that consisted of 2 packages and I wanted to share my mistake that I made so hopefuly its useful to you.

So last week I started working on this gig. First package went through fine, I delivered in 2 days and collected the first half of the payment.

However I messed up with the second package. Not messed up the implementation per say, but I didnt manage the communication well.

Before implementing it I raised a discussion about a missing backend endpoint that is required to implement the perfect solution. Client got cold feet, had a discussion with his manager and now decided to postpone the second package and even got mad at me that I already did and pushed half of the work of the second package without waiting for his decision from his manager. So now obviously Im not getting paid for half of the work of the second package (I dont mind, I should have waited for clients response), anyways it took me like 20min to implement so thats fine.

My takeaways:

1. As a short term contractor you are hired to solve a concrete problem. Scope out what you can, agree on a task list and stick to it. Anything out of scope will cost the client extra.

2. Your priority is to get paid. Not to deliver the perfect solution that confuses the client and potentially can impact your delivery. If he wants something and you see its only a half of what he really needs, deliver it anyways. Keep that idea of improvement for the future. More work for future = more invoices = more money. I know its not ethical but your priority should be to get paid and in order to do that you need to deliver. Dont shoot yourself in the foot with unnecesseraly overcomplicating things.

fuck u aws

all that money and u can't read idiot proof documentation for me to have SQS connect to a VPC endpoint to read a message

also fuck u search algorithms for not handing me an easy bake solution to what is a not a novel situation

also fuck me for being unable to git gud

How far off can you implement a feature?

Task: Update add one feature to this endpoint and add test(s) for the new feature

What happened
* Correct endpoint
* Add 2 wrong features
* Remove one important feature
* Do not the requested feature
* Write a test that doesn't actually test the feature for the wrong endpoint

Intern be like: looks fine to me. Pls review and merge

Can't get over how many big companies get away with poor/no documentation for their own APIs. The past week i have been working with a large insurance company that only via email threads explained what endpoint to send files to and what username I could use to get this to work.

I also worked with a major courier service last month that only had a two page document for all their methods and one of the pages was explaining the transportation of data via imagery haha.

Okay, one after another. They like to piss me off, apparently.

Coleague knows something isn't possible with current state of some api and pushes phone to me so I can maybe figure out what to reply to client. I dry-typed in "Its not possible" gave him phone and said "boom done, you know it aint possible"

Okay, TL;DR she got pissed that I am pissed that this BS is thrown at me and I dont want to participate in promissing something I know is undeliverable.

So she told me to go to PM/PO *kind of guy but not rly* with that problem. He aint technical by any mean. We are small company and for some reason this guy has more bearoucratic approach than I thought is possible to fit in one human.

Anyway. Well, apparently we will have meeting what are our options.
It all beginned that one guy promissed other guy undeliverable feature....

And becouse someone couldn't use his fucking brain it's pushed onto me, or I need to figure out how to do it. You cant without introducing safety flaw, period, it's that fuckin' simple.

But nooo, we will have god-knows-how-long meeting, that will bring exacly 0 value, as fking allways, and all I want now is just fucking focus on my fucking code becouse, ya know, I have timeline to follow, I dont have time to all that BS.

And to give you context, while keeping the stuff I cant share secret, imagine you have an API, that is just 'facade' of backend API, and layer of security. And they want to add authoritative endpoint to the facade API. Kind of endpoint "yes, you got paid".

Bravo, big brain, it will not work without like huge-as-fuck vunrability...

IDIOTS

How to not get pissed? Any protips?

TLDR; I was editing the wrong file, let's go to bed.

We have this huge system that receives data from an API endpoint, does a whole bunch of stuff, going through three other servers, and then via some calculation based on the data received from the UI, and data received from the endpoint, it finally sends the calculated fields to the UI via websocket.

Poor me sitting for over 4 hours debugging and changing values in the logic file trying to understand why one of the fields ends up being null.

Of course every change needs a reboot to all the 4 servers involved, and a hard refresh of the UI.

I even tried to search for the word null in that file, but to no avail.

After scattering hundreds of console logs, and pulling my hair out, I found out that I am editing the wrong file.

I guess it's time for some sleep.

IoT device endpoint: public fixed IP, raw TCP socket, no auth at all

Once i worked on an application which has very long form and submit to a soap endpoint (post). I felt my life was so pointless when testing after i made changes. So I automated the testing by generating post request so i can just run it.

I filled the user name with Brandon Boyd, Alan Turing or Ryan Gosling. And it increments like Boyd1, Boyd2.

Once my colleague found a bug, the data never get saved but all the boyds persists. He knew it was me, who uses that kind of name

My barbaric manager (was involved) kind of pointed his finger at me. I sweat a bit though i couldn't find logical explanation why Boyds stay. but turned out someone changed the sqlscript.

When you're trying to find out from what API endpoint a page gets it's data from, put breakpoints on every endpoint, but none hit a breakpoint when the page loads.

# Retrospective as Backend engineer

Once upon a time, I was rejected by a startup who tries to snag me from another company that I was working with.
They are looking for Senior / Supervisor level backend engineer and my profile looks like a fit for them.
So they contacted me, arranged a technical test, system design test, and interview with their lead backend engineer who also happens to be co-founder of the startup.

## The Interview

As usual, they asked me what are my contribution to previous workplace.
I answered them with achievements that I think are the best for each company that I worked with, and how to technologically achieve them.

One of it includes designing and implementing a `CQRS+ES` system in the backend.
With complete capability of what I `brag` as `Time Machine` through replaying event.

## The Rejection

And of course I was rejected by the startup, maybe specifically by the co-founder. As I asked around on the reason of rejection from an insider.

They insisted I am a guy who overengineer thing that are not needed, by doing `CQRS+ES`, and only suitable for RND, non-production stuffs.

Nobody needs that kind of `Time Machine`.

## Ironically

After switching jobs (to another company), becoming fullstack developer, learning about react and redux.
I can reflect back on this past experience and say this:

The same company that says `CQRS+ES` is an over engineering, also uses `React+Redux`.
Never did they realize the concept behind `React+Redux` is very similar to `CQRS+ES`.

- Separation of concern
- CQRS: `Command` is separated from `Query`
- Redux: Side effect / `Action` in `Thunk` separated from the presentation
- Managing State of Application
- ES: Through sequence of `Event` produced by `Command`
- Redux: Through action data produced / dispatched by `Action`
- Replayability
- ES: Through replaying `Event` into the `Applier`
- Redux: Through replay `Action` which trigger dispatch to `Reducer`

---

The same company that says `CQRS` is an over engineering also uses `ElasticSearch+MySQL`.
Never did they realize they are separating `WRITE` database into `MySQL` as their `Single Source Of Truth`, and `READ` database into `ElasticSearch` is also inline with `CQRS` principle.

## Value as Backend Engineer

It's a sad days as Backend Engineer these days. At least in the country I live in.
Seems like being a backend engineer is often under-appreciated.
Company (or people) seems to think of backend engineer is the guy who ONLY makes `CRUD` API endpoint to database.

- I've heard from Fullstack engineer who comes from React background complains about Backend engineers have it easy by only doing CRUD without having to worry about application.
- The same guy fails when given task in Backend to make a simple round-robin ticketing system.
- I've seen company who only hires Fullstack engineer with strong Frontend experience, fails to have basic understanding of how SQL Transaction and Connection Pool works.
- I've seen company Fullstack engineer relies on ORM to do super complex query instead of writing proper SQL, and prefer to translate SQL into ORM query language.
- I've seen company Fullstack engineer with strong React background brags about Uncle Bob clean code but fail to know on how to do basic dependency injection.
- I've heard company who made webapp criticize my way of handling `session` through http secure cookie. Saying it's a bad practice and better to use local storage. Despite my argument of `secure` in the cookie and ability to control cookie via backend.

in 2017 i published my first website. it was basically a remake of google's translation telephone, because google shut it down. unfortunately, the translation api costs money, so rather than pay, i set up a gscript api endpoint that translates it for me.

apparently when you use gscript, translation is free. this was back when i was 14, which is crazy to think about.

Working on an Android app for a client who has a dev team that is developing a web app in with ember js / rails. These folks are "in charge" of the endpoints our app needs to function. Now as a native developer, I'm not a hater of a web apps way of doing things but with this particular app their dev teams seems to think that all programming languages can parse json as dynamically as javascript...

Exhibit A:

- Sample Endpoint Documentation
* GetImportantInfo
* Params: $id // id of info to get details of
* Endpoint: get-info/$id
* Method: GET
* Entity Return {SampleInfoModel}

- Example API calls in desktop REST client
* get-info/1
- response
{
"a" : 0,
"b" : false,
"c" : null
}
* get-info/2
- response
{
"a" : [null, "random date stamp"],
"b" : 3.14,
"c" : {
"z" : false,
"y" : 0.5
}
}
* get-info/3
- response
{
"a" : "false" // yes as a string
"b" : "yellow"
"c" : 1.75
}

Look, I get that js and ruby have dynamic types and a string can become a float can become a Boolean can become a cat can become an anvil. But that mess is very difficult to parse and make sense of in a stack that relies on static types.

After writing a million switch statements with cases like "is Float" or "is String" from kotlin's Any type // alias for java.Object, I throw my hands in the air and tell my boss we need to get on the phone with these folks. He agrees and we schedules a day that their main developer can come to our shop to "show us the ropes".

So the day comes and this guy shows up with his mac book pro and skinny jeans. We begin showing him the different data types coming back and explain how its bad for performance and can lead to bugs in the future if the model structure changes between different call params. He matter of factually has an epiphany and exclaims "OHHHHHH! I got you covered dawg!" and begins click clacking on his laptop to make sense of it all. We decide not to disturb him any more so he can keep working.

3 hours goes by...

He burst out of our conference room shouting "I am the greatest coder in the world! There's no problem I can't solve! Test it now!"

Weary, we begin testing the endpoints in our REST clients....

His magic fix, every single response is a quoted string of json:

example:
- old response
{
"foo" : "bar"
}
- new "improved" response
"{ \"foo\" : \"bar\" }"