Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API

From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "injection"
-
i understand some developers like to write wrapper functions to handle tedious things, I even understand how to write dynamic SQL queries, but for the love of fucking god and sanity, NEVER FUCKING DO THIS!!!!
Yes its PHP, but its not even bad PHP, its a fucking abomination from hell of PHP.rant mysql legacy code gone wrong bourbon lots of bourbon why the fuck god no php sql injection ftw what in the flying fuck33 -
Dependency Injection Frameworks are absolute shit. I have yet to encounter one that doesn't make code take hours to understand or debug, and usually requires a debugger to even begin to unravel it. Not to mention the "context" god objects that just are glorified versions of passing an array from function to function. You guys aren't avoiding global state you're just making it a clusterfuck. Stop being stupid for 2 minutes software development "progress" challenge. Level: impossible.19
-
developer: *deploying spaghetti code to production*
hacker: *alters the code with an injection*
developer:2 -
Security!
Offensive and defensive at both code and infrastructure levels.
So many times I see devs not give a flying pancake about security. Whether it be rolling integers for sql injection or permission guarding to prevent someone executing something they shouldn't.
Why is security in this industry always the last thing to be concerned about when it's the first thing that's going to kill your business.
😓7 -
An enormous government project that leaves the tax office's database along with all backups exposed to SQL injection.
I know for a fact that the tax office database in at least one country only got a cold backup a few years ago, so it's more likely than you think.
Although around that time someone hacked the public transport company and bought a 12 month ticket for free as PoC and he got jail for it so the risk is quite high.5 -
When I was in college OOP was emerging. A lot of the professors were against teaching it as the core. Some younger professors were adamant about it, and also Java fanatics. So after the bell rang, they'd sometimes teach people that wanted to learn it. I stayed after and the professor said that object oriented programming treated things like reality.
My first thought to this was hold up, modeling reality is hard and complicated, why would you want to add that to your programming that's utter madness.
Then he started with a ball example and how some balls in reality are blue, and they can have a bounce action we can express with a method.
My first thought was that this seems a very niche example. It has very little to do with any problems I have yet solved and I felt thinking about it this way would complicate my programs rather than make them simpler.
I looked around the at remnants of my classmates and saw several sitting forward, their eyes lit up and I felt like I was in a cult meeting where the head is trying to make everyone enamored of their personality. Except he wasn't selling himself, he was selling an idea.
I patiently waited it out, wanting there to be something of value in the after the bell lesson. Something I could use to better my own programming ability. It never came.
This same professor would tell us all to read and buy gang of four it would change our lives. It was an expensive hard cover book with a ribbon attached for a bookmark. It was made to look important. I didn't have much money in college but I gave it a shot I bought the book. I remember wrinkling my nose often, reading at it. Feeling like I was still being sold something. But where was the proof. It was all an argument from authority and I didn't think the argument was very good.
I left college thinking the whole thing was silly and would surely go away with time. And then it grew, and grew. It started to be impossible to avoid it. So I'd just use it when I had to and that became more and more often.
I began to doubt myself. Perhaps I was wrong, surely all these people using and loving this paradigm could not be wrong. I took on a 3 year project to dive deep into OOP later in my career. I was already intimately aware of OOP having to have done so much of it. But I caught up on all the latest ideas and practiced them for a the first year. I thought if OOP is so good I should be able to be more productive in years 2 and 3.
It was the most miserable I had ever been as a programmer. Everything took forever to do. There was boilerplate code everywhere. You didn't so much solve problems as stuff abstract ideas that had nothing to do with the problem everywhere and THEN code the actual part of the code that does a task. Even though I was working with an interpreted language they had added a need to compile, for dependency injection. What's next taking the benefit of dynamic typing and forcing typing into it? Oh I see they managed to do that too. At this point why not just use C or C++. It's going to do everything you wanted if you add compiling and typing and do it way faster at run time.
I talked to the client extensively about everything. We both agreed the project was untenable. We moved everything over another 3 years. His business is doing better than ever before now by several metrics. And I can be productive again. My self doubt was over. OOP is a complicated mess that drags down the software industry, little better than snake oil and full of empty promises. Unfortunately it is all some people know.
Now there is a functional movement, a data oriented movement, and things are looking a little brighter. However, no one seems to care for procedural. Functional and procedural are not that different. Functional just tries to put more constraints on the developer. Data oriented is also a lot more sensible, and again pretty close to procedural a lot of the time. It's just odd to me this need to separate from procedural at all. Procedural was very honest. If you're a bad programmer you make bad code. If you're a good programmer you make good code. It seems a lot of this was meant to enforce bad programmers to make good code. I'll tell you what I think though. I think that has never worked. It's just hidden it away in some abstraction and made identifying it harder. Much like the code methodologies themselves do to the code.
Now I'm left with a choice, keep my own business going to work on what I love, shift gears and do what I hate for more money, or pivot careers entirely. I decided after all this to go into data science because what you all are doing to the software industry sickens me. And that's my story. It's one that makes a lot of people defensive or even passive aggressive, to those people I say, try more things. At least then you can be less defensive about your opinion.53 -
Microsoft Manager: "We need to slap ChatGPT onto Bing....STAT!"
Devs: "There won't be enough time to test security."
Microsoft Manager: *Throws hands in the air* "Who cares!!?? Just get it done!"
Devs: "Ok, boss."
https://arstechnica.com/information...5 -
I quietly refactored an entire NodeJS express in-house framework that was written in Java style (dependency injection, inheritance, inversion of control) and split it into typed, composable, parameterized, testable middlewares in 2 weeks (including some complicated ones like a custom Openid Connect flow)
Now comes the hard part: convincing the Java-devs who wrote it that it is useful3 -
A sweaty furry sodomizing a dead dog would still be less disgusting than the codebase on which I have to work, some highlights are:
- The same class repeated 40 times with little variations instead of using some decent parametrization
- Inexistent encapsulation and separation of concerns, most changes requires to modify and recompile 2-3 indipendent Maven projects
- Abuse of inheritance which instead of being used to create "is-a" relationship as it should be it's used to reuse some methods of a class in another instead of using Spring dependency injection as we should be
It would be understandable in a 20 years old legacy projects but in something which started 2 months ago it drives me mad, I tried to fight to change it but in the big enterprise to which I'm "body-rented" it's impossible1 -
So I inherited this buggy application my company developed to process state rosters for health care. The daily process fails often and I haven’t been able to figure out why. Then I notice one little thing... it’s essentially using SQL injection as a method of updating records from a file that we receive from outside... there’s no checking for validity of the statements or making sure they’re safe to execute. Just a for in loop and calling a sp to execute the query text under elevated permissions.
-
At first i was told to go to college BY PEOPLE WITH NO COLLEGE because i wouldnt be able to find a job without degree
Like a sucker i fell for it and believed in those LIES so i sacrificed my life for school
Then later i found out PEOPLE WHO FINISHED COLLEGE told me i just need knowledge in order to be hired, and turns out degree is unimportant
Like a sucker i fell for it and believed in those LIES so i studied and worked on practical projects and gained knowledge
Now when I try to get hired, they admitted that i am able to complete complex projects and i know how to solve the problems even if i see them for the first time. But they rejected me because "im not sure why the car leaks oil".
I have to understand and know what the whole framework is doing under the hood, how everything works, how dependency injection works under the hood, SOLID principles under the hood, decorators how they work under the hood etc.
So now it turns out
- sacrificing life for school is not enough
- sacrificing life for degree is not enough
- sacrificing life for learning and gaining knowledge is not enough
- now the new trend is i have to know not only how to drive a car like a professional formula F1 driver, i also have to be a mechanic and know how to fix the car if it breaks.
MATRIX IS A BIG FAT BULLSHIT AND A LIE.
I feel like they're looking for a senior developer knowledge to pay him junior developer salary
WTF IS THIS BULLSHIT?
I sacrificed 10 days of my life for their bullshit to build this project from scratch as a technical interview. They never said congrats on all the parts that were built right, but only complained about the small portion of bugs i didnt have time to fix.
ALL OF THIS FOR A SALARY OF $1500/MONTH THAT I ASKED. THATS LESS THAN 20,000$ A YEAR. THEY EITHER GAVE ME AN OPTION TO WORK FOR WAY LESS (500-600$/month) OR CALL THEM BACK IN A FEW MONTHS.
I JUST FINISHED COLLEGE AND THEY EXPECT ME TO HAVE 20 YEARS OF SENIOR DEVELOPER EXPERIENCE.
WTF IS THIS SLAVERY BULLSHIT?
HAVING A 500$/MONTH AS ENGINEERING SALARY WITH A DEGREE IS BELITTLING OF THIS JOB.
NO I DONT LIVE IN INDIA I LIVE IN SERBIA. MY DOG IS SICK AND IT COSTS 100$ A DAY JUST FOR HIS TREATMENT. HOW AM I SUPPOSED TO SURVIVE WITH A SLAVE SALARY IN THIS ECONOMIC CRISIS.
I DON'T UNDERSTAND2 -
> As a developer in the Go world, I would recommend you to embrace idiomatic Go patterns and avoid dependency injection.
google literally created a DI lib for go.4 -
Am I the only one to think companies asking questions such as those for technical interviews don’t understand what software engineering/development is about ?
- How many layers does a webservice have?
- What framework do you use for unit testing ?
- How do you do dependency injection ?
Essentially questions that they deem black and white but really aren’t. Besides isn’t the core of the work to just adapt and learn while being smart about what things you implement ? I don’t get these questions for me it’s a sign that a company doesn’t understand the work I’ll be doing.
I think for a technical interview I’d much rather spend my time on a difficult algo question in the language of my choice for 30mins - 1h than 20mins answering close minded questions that don’t have to be.
This rant is mostly due to the fact I’ve done a few interviews with two companies and both behaved like that, I’m 100% certain I had the skills to do the jobs they were offering me (they both contacted me first) but both ended up denying me because my knowledge on their specific questions wasn’t detailed enough. I could have learnt their stack in about a week so I don’t know why that mentality exists.
I might be wrong about the core of the work though… what do you think?3