Fucking crunchyroll hardcodes their access tokens in a Constants Class in their APK, technically that is a security issue.

What the actual fuck Crunchyroll!? No fucking wonder you got DNS Hijacked so quick, security is literally your second priority you dumbed down twats, get some real devs and some real QAs for fucking god sakes, you're tearing down your own system by inviting exploits.

I'm editing the sidebar on one of our websites, and shuffling some entries. It involves moving some entries in/out of a dropdown and contextual sidebars, in/out of submenus, etc. It sounds a little tedious but overall pretty trivial, right?

This is day three.
I learned React+Redux from scratch (and rebuilt the latter for fun) in twice that long.

In my defense, I've been working on other tasks (see: Alerts), but mostly because I'd rather gouge my freaking eyes out than continue on this one.

Everything that could be wrong about this is. Everything that could be over-engineered is. Everything that could be written worse... can't, actually; it's awful.

Major grievances:
1) The sidebars (yes, there are several) are spread across a ridiculous number of folders. I stopped counting at 20.
2) Instead of icon fonts, this uses multiple images for entry states.
3) The image filenames don't match the menu entry names. at all. ("sb_gifts.png" -> orders); active filenames are e.g. "sb_giftsactive.png"
4) The actions don't match the menu entry names.
5) Menu state is handled within the root application controller, and doesn't use bools, but strings. (and these state flags never seem to get reset anywhere...)
6) These strings are used to construct the image filenames within the sidebar views/partials.
7) Sometimes access restrictions (employee, manager, etc.) are around the individual menu entries, sometimes they're around a partial include, meaning it's extremely difficult to determine which menu entries/sections/subsections are permission-locked without digging through everything.
8) Within different conditionals there are duplicate blocks markup, with duplicate includes, that end up render different partials/markup due to different state.
9) There are parent tags outside of includes, such as `<ul>#{render 'horrific-eye-stabbing'}</ul>`
10) The markup differs per location: sometimes it's a huge blob of non-semantic filthiness, sometimes it's a simple div+span. Example filth: section->p->a->(img,span) ... per menu entry.
11) In some places, the markup is broken, e.g. `<li><u>...</li></u>`
12) In other places, markup is used for layout adjustments, such as an single &nbsp; nested within several divs adorned with lots of styles/classes.
13) Per-device layouts are handled, not within separate views, but by conditionally enabling/disabling swaths of markup, e.g. (if is_cordova_session?).
14) `is_cordova_session` in particular is stored within a cookie that does not expire, and within your user session. disabling it is annoying and very non-obvious. It can get set whether or not you're using cordova.
15) There are virtually no stylesheets; almost everything is inline (but of course not actually everything), which makes for fun layout debugging.
16) Some of the markup (with inline styling, no less) is generated within a goddamn controller.
17) The markup does use css classes, but it's predominately not for actual styling: they're used to pick out elements within unit tests. An example class name: "hide-for-medium-down"; and no, I can't figure out what it means, even when looking at the tests that use it. There are no styles attached to that particular class.
18) The tests have not been updated for three years, and that last update was an rspec version bump.
19) Mixed tabs and spaces, with mixed indentation level (given spaces, it's sometimes 2, 4, 4, 5, or 6, and sometimes one of those levels consistently, plus an extra space thereafter.)
20) Intentional assignment within conditionals (`if var=possibly_nil_return_value()`)
21) hardcoded (and occasionally incorrect) values/urls.

... and last but not least:
22) Adding a new "menu sections unit" (I still haven't determined what the crap that means) requires changing two constants and writing a goddamn database migration.

I'm not even including minor annoyances like non-enclosed ternaries, poor naming conventions, commented out code, highly inefficient code, a 512-character regex (at least it's even, right?), etc.

just.

what the _fuck_

Who knew a sidebar could be so utterly convoluted?

ARGH. I wrote a long rant containing a bunch of gems from the codebase at @work, and lost it.

I'll summarize the few I remember.

First, the cliche:
if (x == true) { return true; } else { return false; };
Seriously written (more than once) by the "legendary" devs themselves.

Then, lots of typos in constants (and methods, and comments, and ...) like:
SMD_AGENT_SHCEDULE_XYZ = '5-year-old-typo'

and gems like:

def hot_garbage
magic = [nil, '']
magic = [0, nil] if something_something
success = other_method_that_returns_nothing(magic)
if success == true
return true # signal success
end
end

^ That one is from our glorious self-proclaimed leader / "engineering director" / the junior dev thundercunt on a power trip. Good stuff.

Next up are a few of my personal favorites:

Report.run_every 4.hours # Every 6 hours
Daemon.run_at_hour 6 # Daily at 8am

LANG_ENGLISH = :en
LANG_SPANISH = :sp # because fuck standards, right?

And for design decisions...

The code was supposed to support multiple currencies, but just disregards them and sets a hardcoded 'usd' instead -- and the system stores that string on literally hundreds of millions of records, often multiple times too (e.g. for payment, display fees, etc). and! AND! IT'S ALWAYS A FUCKING VARCHAR(255)! So a single payment record uses 768 bytes to store 'usd' 'usd' 'usd'

I'd mention the design decisions that led to the 35 second minimum pay API response time (often 55 sec), but i don't remember the details well enough.

Also:
The senior devs can get pretty much anything through code review. So can the dev accountants. and ... well, pretty much everyone else. Seriously, i have absolutely no idea how all of this shit managed to get published.

But speaking of code reviews: Some security holes are allowed through because (and i quote) "they already exist elsewhere in the codebase." You can't make this up.

Oh, and another!
In a feature that merges two user objects and all their data, there's a method to generate a unique ID. It concatenates 12 random numbers (one at a time, ofc) then checks the database to see if that id already exists. It tries this 20 times, and uses the first unique one... or falls through and uses its last attempt. This ofc leads to collisions, and those collisions are messy and require a db rollback to fix. gg. This was written by the "legendary" dev himself, replete with his signature single-letter variable names. I brought it up and he laughed it off, saying the collisions have been rare enough it doesn't really matter so he won't fix it.

Yep, it's garbage all the way down.

Legacy code.

Honestly though, this is some of the better legacy code I've worked with at this company. It's a nifty alert system wherein you can trigger sending messages to subscribers of that alert via whatever means (phone/email) they've entered.

I'll save you the technical analysis of its internals, but suffice to say it's actually pretty nice, with good separation of concerns, internal logic hidden away, dead-simple public interface, etc. documentation is kinda crap, but it exists (!), so that's a nice change.

but.

For some unknown and bloody bizarre reason, the thing breaks when a user wants both sms AND email notifications. Either by themselves work totally fine, but both together? nonono. Email alerts give ArgumentErrors, so something internal isn't correct, and SMS alerts complain about uninitialized Twilio::Error constants.

but.
they both work fine otherwise?

also, the two notification preferences aren't stored on the same object anywhere. if a user wants both, the user creates two AlertContact objects with different info, and when performed, the Alert basically iterates over these and does its thing for each, so there is no knowledge shared between them. totally should work the same regardless.

idfgi.

ALSO.
AND THIS PART REALLY PISSES ME OFF.

WHEN THERE'S AN ERROR, THIS THING DOESN'T LOG IT. IT STRINGIFIES THE ERROR OBJECT (basically just extracting the message) AND INSERTS THAT INTO THE DATABASE INSTEAD. WHAT THE CRAP.

So, I don't get a stack trace, line number, or anything. just the basic error message. instead of my alert text. because of course that makes sense and totally helps debugging.

aklsjfak;sldfj.
legacy code.

Hey Root, remember that super high-priority ticket that we ignored for five months before demanding you rewrite it a specific way in one day?

Yeah, the new approach we made you use broke the expected usecases, and now the page is completely useless to the support team and they're freaking out. Drop everything you're doing and go fix it! Code-complete for this release is tonight! -- This right after "impacting our business flow" while being collapsed on the fucking floor.

Jesus FUCKING christ, what the fuck is wrong with these people?

If I dropped the ball on a high-priority ticket for two weeks, I'd get fired, let alone for five fucking months.

If I was a manager and demanded a one-day rewrite I can only imagine the amount of chewing out I'd receive, especially on something high-priority.

And let's not forget product ownership: imagine if I screwed up feature planning for someone so badly I made them break a support tool in production. I'd never hear the end of it.

Fucking double standards.

And while I'm at it. Some of the code I've seen in this codebase is awful. Uncommented spaghetti, or an unreadable mess with single-letter variables, super-tightly coupled modules so updates are nearly impossible, typos in freaking constants added across sixty+ files, obviously-incorrect comments, ... . I'll have to start posting snippets to show them off. But could I get away with any of it? ha. Hell no. My code must be absolutely perfect. I hear about any and every flaw, doesn't matter how minor, and nothing can go out until everything is just so.

Hell, I even hear about flaws in other peoples' code during my code reviews. Why? Because I should have fixed it, that's why. But if I do, I get yelled at for "muddying the waters."

Just. JESUS FUCKING CHRIST.

It's like playing a shell game where no matter which shell I pick (or point to their goddamn sleeve where they're clearly hiding it), I get insulted for being so consistently useless, and god damn, how can I never find the fucking pea or follow the damned rules? I'm so terrible and this is why "nobody trusts me." Fuck you.

I'll tell you why I can't find your damned pea: IT'S RATTLING INSIDE YOUR FUCKING HEADS, you ASSHOLE FUCKING IMBECILES.

That's right: one pea among the lot of them.

goddamn I am fucking pissed off.

I think I want to quit my first applicantion developer job 6 months in because of just how bad the code and deployment and.. Just everything, is.

I'm a C#/.net developer. Currently I'm working on some asp.net and sql stuff for this company.

We have no code standards. Our project manager is somewhere between useless and determinental. Our clients are unreasonable (its the government, so im a bit stifled on what I can say.) and expect absurd things from us. We have 0 automated tests and before I arrived all our infrastructure wasn't correct to our documentation... And we barely had any documentation to begin with.

The code is another horror story. It's out sourced C# asp.net, js and SQL code.. And to very bad programmers in India, no offense to the good ones, I know you exist. Its all spagheti. And half of it isn't spelled correctly.

We have a single, massive constant class that probably has over 2000 constants, I don't care to count. Our SQL projects are a mess with tons of quick fix scripts to run pre and post publishing. Our folder structure makes no sense (We have root/js and root/js1 to make you cringe.) our javascript is majoritly on the asp.net pages themselves inline, so we don't even have minification most of the time.

It's... God awful. The result of a billion and one quick fixes that nobody documented. The configuration alone has to have the same value put multiple times. And now our senior developer is getting the outsourced department to work on moving every SINGLE NORMAL STRING INTO THE DATABASE. That's right. Rather then putting them into some local resource file or anything sane, our website will now be drawing every single standard string from the database. Our SENIOR DEVELOPER thinks this is a good idea. I don't need to go into detail about how slow this is. Want to do it on boot? Fine. But they do it every time the page loads. It's absurd.

Our sql database design is an absolute atrocity. You have to join several tables together just to get anything done. Half of our SP's are failing all the time because nobody really understands the design. Its gloriously awful its like.. The epitome of failed database designs.

But rather then taking a step back and dealing with all the issues, we keep adding new features and other ones get left in the dust. Hell, we don't even have complete browser support yet. There were things on the website that were still running SILVERLIGHT. In 2019. I don't even know how to feel about it.

I brought up our insane technical debt to our PM who told me that we don't have time to worry about things like technical debt. They also wouldn't spend the time to teach me anything, saying they would rather outsource everything then take the time to teach me. So i did. I learned a huge chunk of it myself.

But calling this a developer job was a sick, twisted joke. All our lives revolve around bugnet. Our work is our BN's. So every issue the client emails about becomes BN's. I haven't developed anything. All I've done is clean up others mess.

Except for the one time they did have me develop something. And I did it right and took my time. And then they told me it took too long, forced me to release before it was ready, even though I had never worked on what I was doing before. And it worked. I did it.

They then told me it likely wouldn't even be used anyway. I wasn't very happy at all.

I then discovered quickly the horrors of wanting to make changes on production. In order to make changes to it, we have to... Get this

Write a huge document explaining why. Not to our management. To the customer. The customer wants us to 'request' to fix our application.

I feel like I am literally against a wall. A huge massive wall. I can't get constent from my PM to fix the shitty code they have as a result of outsourcing. I can't make changes without the customer asking why I would work on something that doesn't add something new for them. And I can't ask for any sort of help, and half of the people I have to ask help from don't even speak english very well so it makes it double hard to understand anything.

But what can I do? If I leave my job it leaves a lasting stain on my record that I am unsure if I can shake off.

... Well, thats my tl;dr rant. Im a junior, so maybe idk what the hell im talking about.

I've told the same story multiple times but the subject of "painfully incompetent co-worker" just comes up so often.

I have one coworker who never really grew out of the mindset of a college student who just took "Intro to Programming". If a problem couldn't be solved with a textbook solution, then he would waste several weeks struggling with it until eventually someone else would pick up the ticket and finish it in a couple days. And if he found a janky workaround for a problem, he'd consider that problem "solved" and never think about it again.

He lasted less than a year before he quit and went off to get a job somewhere else, leaving the rest of our team to comb through his messy code and fix it. Unfortunately, our team is mostly split across multiple projects and our processes were kind of a mess until recently, so his work was a black box of code that had never been reviewed.

I opened the box and found only despair and regret. He was using deprecated features from older versions of the language to work around language bugs that no longer existed. He overused constants to a ridiculous degree (hundreds of constants, all of which are used exactly once in the entire codebase, stored in a single mutable map variable named "values" because why not). He didn't really seem to understand DRY at all. His code threw warnings in the IDE and had weird errors that were difficult to reproduce because there was just a whole pile of race conditions.

I ended up having to take a figurative hacksaw to it, ripping out huge sections of unnecessary crap and modernizing it to use recent language features to get rid of the deprecation warnings and intermittent errors. And then I went through the same process again for every other project he'd touched.

Good riddance.

> Last year wrote a unittest - I was asked to delete it
> no design patterns. Not a single one
> no encapsulation
> fucked up inheritance [I had no idea it was possible at all...]
> generics every-fucking-where
> I could go on...

this month the lead dev was not in and I had to make a new feature. Guess what I did :)

tdd [coverage >90%], a couple of builders, a factory or two, two composites, one decorator, only a few generics - only where really needed. Private fields, not a single @Autowired field [they were fucking my tdd], nicely abstracted integrations, and so on. Everything is writen according to clean code: max 10loc methods, <140col lines, reusable constants and utils, SOLID as a rock, etc.

Due date is next week. Took me 3 weeks to craft it.

Guess who's gonna be piiiiiiiiiiiiisssedd 😁

the best part - I don't even work there, our company was hired for xx hours as helping hands 😁

that's not all. They have like 6 envs and their deployment is all-fucking-manual. Will try to learn how to dockerize that app and deploy it on docker. Gosh I wish I could see his face when he's back 😁

p.S. From ethical point of view, he's the only dev who believes his code is perfect. No other dev in the team agrees. AND he once said: 'it's gonna be my way or no way at all'. So I don't think I did wrong... Did I? :)

So python does not have constants and the only way to create one is to create a class with a getter but no setter.

WHAT.THE.FUCK or am I just wrong?

!rant

What are people thinking when they are building datepickers (or any type of angular/jQuery plugin for that matter)?

Lets put all of the code in one file, place everything that should be dynamic and optimizable in constants, provide no localization support, finish it all up, publish it to bower and npm (so poor devs won't have to struggle) and last but not least don't accept pull requests with useful features for months!

Proudest bug squash? Probably the time I fixed a few bugs by accident when I was just trying to clean up an ex-coworker's messy code.

So I used to work with a guy who was not a very good programmer. It's hard to explain exactly why other than to say that he never really grew out of the college mindset. He never really learned the importance of critical thinking and problem-solving. He did everything "by the book" to a point where if he ran into an issue that had no textbook solution, he would spin his wheels for weeks while constantly lying to us about his progress until one of us would finally notice and take the problem off his plate. His code was technically functional, but still very bad.

Quick Background: Our team is responsible for deploying and maintaining cloud resources in AWS and Azure. We do this with Terraform, a domain-specific language that lets us define all our infrastructure as code and automate everything.

After he left, I took on the work to modify some of the Terraform code he'd written. In the process, I discovered what I like to call "The Übervariable", a map of at least 80 items, many of them completely unrelated to each other, which were all referenced exactly once in his code and never modified. Basically it was a dynamic collection variable holding 80+ constants. Some of these constants were only used in mathematical expressions with multiple other constants from the same data structure, resulting in a new value that would also be a constant. Some of the constants were identical values that could never possibly differ, but were still stored as separate values in the map.

After I made the modification I was supposed to make, I decided I was so bothered by his shitty code that I would spend some extra time fixing and optimizing it. The end result: one week of work, 800 lines of code deleted, 30 lines added, and a massive increase in efficiency. I deleted the Übervariable and hardcoded most of the values it contained since there was no possible reason for any of them to change in the future. In the process, I accidentally fixed three bugs that had been printing ominous-sounding warnings to the console whenever the code was run.

I have a lot of stories about this guy. I should post some more of them eventually.

For robotics I decided to write a program that would automatically tune a PID loop (a loop with three magic constants that tells you how much power to give the motors).

Being a high school student who hasn't been taught anything about the theory of PID loops or the right way to tune them, I had no clue what I was doing. So instead of actually learning the calculus to do it, I just made an evolutionary tuner that keeps guessing slight variations of the last-best three constants.

Basically, you press start and the robot spins in circles until you come back in 15 minutes.

I've been working on an Emscripten emulation layer for a fledgling startup, and it's just a huge bitch. Seriously, Emscripten is the worst designed project I've ever seen. It embeds constants into a js file that it spits out. It turns out you can't fucking run the wasm that Emscripten emits without these magic constants from the js file.

Additionally, all the wasm imports that emscripten specifies are weirdly cased, with apparently no naming convention. They also use some weird, shitty vararg implementation when it already fucking knows exactly how many arguments are going to get passed to an import.

Also, there are a ton of broken things left over from when emscripten compiled to asm.js that they never bothered to replace with features from wasm. God knows how it even works.

One of the constants in my live is that I cannot type in dreams, no touchpad or keyboard will ever output more than three coherent logically keys before it turns into gibberish. Other interaction works, but no input for computers or phones.

Today I dreamed of assisting a guy to shutdown the Linux Server I set up, via remote. The dream totally derailed and was a bit boring. My dream characters realized that something is up and used a different keyboard. No dice. Visually it looked like Thai or so without the appropriate fonts.

Sometimes I am really wondering what my dream director is thinking.

Allright, so now I have to extend a brand new application, released to LIVE just weeks ago by devs at out client's company. This application is advertised as very well structured, easy to work on, µservices-based masterpiece.

Well either I lack a loooot of xp to understand the "µservices", "easy to work on" and "well structured" parts in this app or I'm really underpaid to deal with all of this...

- part of business logic is implemented in controllers. Good luck reusing it w/o bringing up all the mappings...
- magic numbers every-fucking-where... I tried adding some constants to make it at least a tiny bit more configurable... I was yelled at by the lead dev of the app for this later.
- crud-only subservices (wrapped by facade-like services, but still.. CRUD (sub)services? Then what's a repository for...?). As a result devs didn't have a place where they could write business logic. So business logic is now in: controllers (also responsible for mapping), helpers (also application layer; used by controllers; using services).
- no transactions wrapping several actions, like removing item from CURRENT table first and then recreating it in HISTORY table. No rollback/recovery mechanism in service layers if things go South.
- no clean-code. One can easily find lines (streams) 400+ cols long.
- no encapsulation. Object fields are accessed directly
- Controllers, once get result from Services (i.e. Facade), must have a tree of: if (result instanceof SomeService.SomeSubservice1.Item1) {...} else if (result instanceof SomeService.SomeSubservice2.Item4) {...} etc. to build a proper DTO. IMO this is not a way to make abstraction - application should NOT know services' internals.
- µservices use different tables (hats off for this one!) but their records must have the same IDs. E.g. if I order a burger and coke - there are 2 order items in my order #442. When I make a payment I create an invoice which must have an id #442. And I'm talking about data layer, not service or application (dto)! Shouldn't µservices be loosely coupled and be able to serve independently...? What happens if I reuse InvoiceµService in some other app?

What are your thoughts?