I absolutely HATE "web developers" who call you in to fix their FooBar'd mess, yet can't stop themselves from dictating what you should and shouldn't do, especially when they have no idea what they're doing.

So I get called in to a job improving the performance of a Magento site (and let's just say I have no love for Magento for a number of reasons) because this "developer" enabled Redis and expected everything to be lightning fast. Maybe he thought "Redis" was the name of a magical sorcerer living in the server. A master conjurer capable of weaving mystical time-altering spells to inexplicably improve the performance. Who knows?

This guy claims he spent "months" trying to figure out why the website couldn't load faster than 7 seconds at best, and his employer is demanding a resolution so he stops losing conversions. I usually try to avoid Magento because of all the headaches that come with it, but I figured "sure, why not?" I mean, he built the website less than a year ago, so how bad can it really be? Well...let's see how fast you all can facepalm:

1.) The website was built brand new on Magento 1.9.2.4...what? I mean, if this were built a few years back, that would be a different story, but building a fresh Magento website in 2017 in 1.x? I asked him why he did that...his answer absolutely floored me: "because PHP 5.5 was the best choice at the time for speed and performance..." What?!

2.) The ONLY optimization done on the website was Redis cache being enabled. No merged CSS/JS, no use of a CDN, no image optimization, no gzip, no expires rules. Just Redis...

3.) Now to say the website was poorly coded was an understatement. This wasn't the worst coding I've seen, but it was far from acceptable. There was no organization whatsoever. Templates and skin assets are being called from across 12 different locations on the server, making tracking down and finding a snippet to fix downright annoying.

But not only that, the home page itself had 83 custom database queries to load the products on the page. He said this was so he could load products from several different categories and custom tables to show on the page. I asked him why he didn't just call a few join queries, and he had no idea what I was talking about.

4.) Almost every image on the website was a .PNG file, 2000x2000 px and lossless. The home page alone was 22MB just from images.

There were several other issues, but those 4 should be enough to paint a good picture. The client wanted this all done in a week for less than $500. We laughed. But we agreed on the price only because of a long relationship and because they have some referrals they got us in the door with. But we told them it would get done on our time, not theirs. So I copied the website to our server as a test bed and got to work.

After numerous hours of bug fixes, recoding queries, disabling Redis and opting for higher innodb cache (more on that later), image optimization, js/css/html combining, render-unblocking and minification, lazyloading images tweaking Magento to work with PHP7, installing OpCache and setting up basic htaccess optimizations, we smash the loading time down to 1.2 seconds total, and most of that time was for external JavaScript plugins deemed "necessary". Time to First Byte went from a staggering 2.2 seconds to about 45ms. Needless to say, we kicked its ass.

So I show their developer the changes and he's stunned. He says he'll tell the hosting provider create a new server set up to migrate the optimized site over and cut over to, because taking the live website down for maintenance for even an hour or two in the middle of the night is "unacceptable".

So trying to be cool about it, I tell him I'd be happy to configure the server to the exact specifications needed. He says "we can't do that". I look at him confused. "What do you mean we 'can't'?" He tells me that even though this is a dedicated server, the provider doesn't allow any access other than a jailed shell account and cPanel access. What?! This is a company averaging 3 million+ per year in revenue. Why don't they have an IT manager overseeing everything? Apparently for them, they're too cheap for that, so they went with a "managed dedicated server", "managed" apparently meaning "you only get to use it like a shared host".

So after countless phone calls arguing with the hosting provider, they agree to make our changes. Then the client's developer starts getting nasty out of nowhere. He says my optimizations are not acceptable because I'm not using Redis cache, and now the client is threatening to walk away without paying us.

So I guess the overall message from this rant is not so much about the situation, but the developer and countless others like him that are clueless, but try to speak from a position of authority.

If we as developers don't stop challenging each other in a measuring contest and learn to let go when we need help, we can get a lot more done and prevent losing clients. </rant>

Client: We're gonna be hosting our site on [Overly popular shit host] via a shared hosting account.

Me: Well the performance isn't going to be stellar with WordPress on there, but if that's what you want, sure. I'll enable all the cache rules possible and make sure PHP 7 is running it, but there won't be any further optimizations I can do to make it faster with such limited hosting access.

[Next day after launching the website...]

Client: The website is super slow. I thought you were going to optimize it?

Me: That is the loading time with the optimizations I said I can apply. That host isn't great for performance unfortunately.

Client: Well you're going to need to find us a reputable host as a replacement, set up the account and move the website there so we aren't waiting forever for a page to load.

Me (in a reply via email):

Working on a (PHP based) monitoring system and currently writing rules/testing stuff.

I wrote some rules which check a few pages of a dutch site displaying if certain bigger services have disruptions and I am pulling the pages of a few ones I'd like to be notified about when they have issues.

Started the engine and received an alert about one big ISP over here from the monitoring system. Didn't believe that it would work right away so went to check that specific disruption page and...... they have a disruption right now!

IT FUCKING WORKS.

Good monitoring system 😊 *pats system*

Still trying to get good.

The requirements are forever shifting, and so do the applied paradigms.

I think the first layer is learning about each paradigm.

You learn 5-10 languages/technologies, get a feeling for procedural/functional/OOP programming. You mess around with some electronics engineering, write a bit of assembly. You write an ugly GTK program, an Android todo app, check how OpenGL works. You learn about relational models, about graph databases, time series storage and key value caches. You learn about networking and protocols. You void the warranty of all the devices in your house at some point. You develop preferences for languages and systems. For certain periods of time, you even become an insufferable fanboy who claims that all databases should be replaced by MongoDB, or all applications should be written in C# -- no exceptions in your mind are possible, because you found the Perfect Thing. Temporarily.

Eventually, you get to the second layer: Instead of being a champion for a single cause, you start to see patterns of applicability.

You might have grown to prefer serverless microservice architectures driven by pub/sub event busses, but realize that some MVC framework is probably more suitable for a 5-employee company. You realize that development is not just about picking the best language and best architecture -- It's about pros and cons for every situation. You start to value consistency over hard rules. You realize that even respected books about computer science can sometimes contain lies -- or represent solutions which are only applicable to "spherical cows in a vacuum".

Then you get to the third layer: Which is about orchestrating migrations between paradigms without creating a bigger mess.

Your company started with a tiny MVC webshop written in PHP. There are now 300 employees and a few million lines of code, the framework more often gets in the way than it helps, the database is terribly strained. Big rewrite? Gradual refactor? Introduce new languages within the company or stick with what people know? Educate people about paradigms which might be more suitable, but which will feel unfamiliar? What leads to a better product, someone who is experienced with PHP, or someone just learning to use Typescript?

All that theoretical knowledge about superior paradigms won't help you now -- No clean slates! You have to build a skyscraper city to replace a swamp village while keeping the economy running, together with builders who have no clue what concrete even looks like. You might think "I'll throw my superior engineering against this, no harm done if it doesn't stick", but 9 out of 10 times that will just end in a mix of concrete rubble, corpses and mud.

I think I'm somewhere between 2 and 3.

I think I have most of the important knowledge about a wide array of languages, technologies and architectures.

I think I know how to come to a conclusion about what to use in which scenario -- most of the time.

But dealing with a giant legacy mess, transforming things into something better, without creating an ugly amalgamation of old and new systems blended together into an even bigger abomination? Nah, I don't think I'm fully there yet.

Hi,
I'm not a ranty person so I never actually thought I'd post anything here but here it goes.

From the beginning.
We use ancient technologies. PHP 5.2, Symfony 1.2 and a non RFC complient SOAP with NO documentation.
A year ago We've been thrown a new temporary project. An VOIP app for every OS.
That being iOS, Android, MAC, PC, Linux, Windows mobile. With a 3 month deadline. All that thrown at 4 PHP developers. The idea being that They'll take it, sign the delivery protocol, everyone happy. No more updates for the app needed. They get their funds they needed the app for and we get paid.

Fast forward to today...

Our dev team started the year with great news that We'll most likely have to create a new project. Since the amount of new features would be far greater than current feature set, we managed to finally force our boss to use newer technologies (ie. seperate backend symfony4 PHP7+/frontend react, rest api and so on). So we were ecstatic to say the least. With preestimates aimed at a minimum 3 month development period. Since we're comfortable with everything that needs to be done.
Two days later our boss came to me that one of our most annoying clients needs a new feature. Said client uses ancient version written on a napkin because They changed half of the specification 2 weaks before deadline in a software made not by a developer but some sysadmin who didn't know anything. His MVC model was practically VVV model since he even had sql queries in some views. Feature will take 3 days - fixing everything that will break in the meantime - 1-2 months.
F*** it, fine. A little overtime won't kill me.
Yesterday boss comes again... Apparently someone lost a delivery protocol for a project we ended that half a year ago. Whats even better at the time when we asked for hardware to test we never got any. When we asked about any testing enviornment - nothing. The app being SEMI-stable on everything is an overstatement but it was working on the os'es available at the time. Since the client started testing now again, it turns out that both Android app does not work on 8.1/9 and the iOS app does not work on ios12. The client obviously does not want to pay and we can do little with it without the protocol, other than rewriting the apps.
It will take months at least since all of those apps were written by people that didn't know neither the OS'es nor the languages. For example I started writing the iOS one in swift. Only to learn after half of the development time, that swift doesn't like working by C Library rules and I had to use ObjC also. With some C thrown in due to the library. 3 unknown languages, on an unknown platform in 3 months. I never had any apple device in my hand at that time nor do I intend to now. I'm astonished it worked out then. It was a clusterf**k of bad design and sticking everything together with deprecated apis and a gum. So I'll have to basically fully rewrite it.

If boss decides we'll take all those at the same time I'll f***ing jump of a bridge.

Frustrated, tired and a bit lost.

I'm a "Senior PHP Backend Dev", which includes not the greatest tech stack nor the best job title, but it pays fine, and the company is awesome to work for.

I suck at writing features, but I'm great at bitching, and I easily put complex abstract concepts into usable models. So I'm also QA, tester, tech lead, database architect, whatever.

That makes writing PHP less annoying, because I create the rules, and whip devs around when they forget a return type definition or forget to handle an edge case. But I don't write a lot of code anymore, I mostly read (bad) code.

Lately I REALLY feel like doing something else... problem is that I know JS/ES6, but really dislike React/Vue and the whole crappy modern frontend toolchainchootrain of babelifyingwebpackingyarnballs. I know Python/Tensorflow/etc, but don't feel like I want to go into data science or AI. And then I'm awesome at the shit no one uses, like Haskell, Go and Rust (and worse).

I got a job offer which combines a very interesting PHP codebase with a Java infrastructure, where I could learn a lot... and I'm kind of tempted.

Problem is, everyone always shits on Java. I always made a bit of fun of Java myself. Don't even know exactly why, probably some really cruel instinct which causes kids to bully the least popular kid.

I know the basics, I've written the hello world, and a small backend app for a personal project. I know how strict and verbose it can be. I love the strictness in Haskell and Rust.... but those are both also quite terse.

Should I become a Java dev? I'm not talking about Android SDK, but an insane enterprise codebase at a life sciences corporation.

To the pro Java devs: What are the best and worst things about your job, about the weekly processes, about the toolchains? Have you ever considered other languages? Do you unconditionally love and believe in Java, or do you believe Swift, Kotlin, Scala or whatever will eventually make it completely obsolete?

Will Java hasten my decline into the cynical neckbeard I was always destined to be?

There are a lot more fun langauges, but looking at realistic demand and career value...

This is a true story. We had this subject, called “Web Design” (really, “design”), where we studied HTML, CSS, JavaScript, PHP and MySQL (confusing, right?). And when we get the PHP (e-)book, it was this old PDF (probably downloaded illegally) teaching the legacy 4.0 version of PHP. Anyway, when we had to develop the final project, the sane professor allowed us to use a newer version of PHP — 5.2, released on 2008. I had to follow the rules, so I developed probably the less secure web application I will ever develop. That means no protection from SQL injection, XSS vulnerable and a bunch of other security holes… And that’s how they liked it developed!

So... I've been messing arround with my first VPS (with little knowledge of Linux).
First installed lxde to learn how to do it, then back to the terminal. then I started with Apache, watching online tuts ...
Then I changed for nginx... Looks way better.
Installed my sql, php and got stuck. Dropped it for a few days.
Today I restarted, deleted Apache, mysql, reinstalled nginx, my php (with lots of problems because of old instalations). Everything is working now except php.
After going round and arround I changed my focus to relax a bit, and remembered I still have Apache on the firewall...
OK Apache and other stuff that I installed.
Delete everything
New rules only for nginx and reset.
Cant ssh to the server... What?
Oh... Forgot to add rules to OpenSSH...
No matter, I can access the terminal directly on the website....
And it loads to ldxe, with no user set...
Fuckkkk.
Oh BTW I'm in a trial free period with no support...

Fave languages and frameworks, go!

As of now for me, loving these:

PHP8 and Laravel with Livewire*, Django5.1, MariaDB. PHP must stand for PrettyHeckinPCoolasFFFFFFFFFUUUUUUU

*after using React and Vue for quite a while, I've concluded that the best front end is back end. And I like Postgres, I just find that MySQL is fine for most things.

Ok, so I know that in PHP, psr2-4 are good for making sure your code meets a good standard, but I'm somebody who did most of that rules with minor differences without thinking 10 years before they were created and when somebody points out that my code isnt psr compliant because i wrote

if($something === 0){…}
Instead of
if ($something === 0) {…}

I get fucking angry....

The dangers of PHP eval()

Yup. "Scary, you better make use of include instead" — I read all the time everywhere. I want to hear good case scenarios and feel safe with it.

I use the eval() method as a good resource to build custom website modules written in PHP which are stored and retrieved back from a database. I ENSURED IS SAFE AND CAN ONLY BE ALTERED THROUGH PRIVILEGED USERS. THERE. I SAID IT. You could as well develop a malicious module and share it to be used on the same application, but this application is just for my use at the moment so I don't wanna worry more or I'll become bald.

I had to take out my fear and confront it in front of you guys. If i had to count every single time somebody mentions on Stack Overflow or the comments over PHP documentation about the dangers of using eval I'd quit already.

Tell me if I'm wrong: in a safe environment and trustworthy piece of code is it OK to execute eval('?>'.$pieceOfCode); ... Right?

The reason I store code on the database is because I create/edit modules on the web editor itself.

I use my own coded layers to authenticate a privileged user: A single way to grant access to admin functions through a unique authentication tunnel granting so privileged user to access the editor or send API requests, custom htaccess rules to protect all filesystem behind the domain root path, a custom URI controller + SSL. All this should do the trick to safely use the damn eval(), is that right?!

Unless malicious code is found on the code stored prior to its evaluation.

But FFS, in such scenario, why not better fuck up the framework filesystem instead? Is one password closer than the database.

I will need therapy after this. I swear.

If 'eval is evil' (as it appears in the suggested tags for this post) how can we ensure that third party code is ever trustworthy without even looking at it? This happens already with chrome extensions, or even phone apps a long time after reaching to millions of devices.

Calling any Python programmer here (especially package maintainers)

I run Gentoo, so am responsible for maintaining the dependency tree (to a degree). When it comes to Python I have 2.7, 3.4, 3.5, 3.6 available. I'm always running into some package needing one version or another, and I can't just set a single version and forget it (which is fine. I'm running Gentoo).

I know that this is because python changes rapidly and so different libraries need different versions. Fine.

Why does this happen with Python and not C++, JavaScript, php, ruby, or any other languages on my system? I don't have 3 different versions installed to cover any other languages, and I don't spend time adding installation rules to cover them.

Why does Python need to be a pain in the ass about it?

is laravel app really enjoyable to write ?

i started as a laravel dev. the known story , all code in controllers etc. As i started to improve, fortunately i changed company, and worked with a symfony project. A symfony that looked like java. hundreds of classes, tests, yaml injections , objects for requests, for everything.

I thought that i missed the old laravel days, and i took an extra job on laravel again. I was soooo wrong.

It was not only that the code of the previous dev was inferior to what i am now used, it is that i have to be with an open documentation all the time. Even if the project is in the same version that i have used to earlier (an old one).

You have to check all the time the model settings, the migration, the magic tricks of model mass insert, the castings, the validation rules, why the tests are not finding some routes, why this, why that, how it is written this.

Excuse me, but i think the fun and easiness is far from what they say and what i thought it was. I start to change my mind and believe that inserting the request to a simple php object is more controllable than the gandalf tricks that laravel is doing, and you cannot know if it is worth your time to test it . And more importantly, you do not have to look at the cookbook, all the time@@@

#Suphle Rant 6: Deptrac, phparkitect

This entry isn't necessarily a rant but a tale of victory. I'm no more as sad as I used to be. I don't work as hard as I used to, so lesser challenges to frustrate my life. On top of that, I'm not bitter about the pace of progress. I'm at a state of contentment regarding Suphle's release

An opportunity to gain publicity presented itself last month when cfp for a php event was announced last month. I submitted and reviewed a post introducing suphle to the community. In the post, I assured readers that I won't be changing anything soon ie the apis are cast in stone. Then php 7.4 officially "went out of circulation". It hit me that even though the code supports php 8 on paper, it's kind of a red herring that decorators don't use php 8 attributes. So I doubled down, suspending documentation.

The container won't support union and intersection types cuz I dislike the ambiguity. Enums can't be hydrated. So I refactored implementation and usages of decorators from interfaces to native attributes. Tried automating typing for all class properties but psalm is using docblocks instead of native typing. So I disabled it and am doing it by hand whenever something takes me to an unfixed class (difficulty: 1). But the good news is, we are php 8 compliant as anybody can ask for!

I decided to ride that wave and implement other things that have been bothering me:
1) 2 commands for automating project setup for collaborators and user facing developers (CHECK)
2) transferring some operations from runtime to compile/build TIME (CHECK)
3) re-attempt implementing container scopes

I tried automating Deptrac usage ie adding the newly created module to the list of regulated architectural layers but their config is in yaml, so I moved to phparkitect which uses php to set the rules. I still can't find a library for programmatically updating php filed/classes but this is more dynamic for me than yaml. I set out to implement their library, turns out the entire logic is dumped into the command class, so I can neither control it without the cli or automate tests to it. I take the command apart, connect it to suphle and run. Guess what, it detects class parents as violations to the rule. Wtflyingfuck?!

As if that's not bad enough, roadrunner (that old biatch!) server setup doesn't fail if an initialization script fails. If initialization script is moved to the application code itself, server setup crumbles and takes the your initialization stuff down with it. I ping the maintainer, rustacian (god bless his soul), who informs me point blank that what I'm trying to do is not possible. Fuck it. I have to write a wrapper command for sequentially starting the server (or not starting if initialization operations don't all succeed).

Legitimate case to reinvent the wheel. I restored my deleted decorators that did dependency sanitation for me at runtime. The remaining piece of the puzzle was a recursive film iterator to feed the decorators. I checked my file system reader for clues on how to implement one and boom! The one I'd written for two other features was compatible. All I had to do was refactor decorators into dependency rules, give them fancy interfaces for customising and filtering what classes each rule should actually evaluate. In a night's work (if you're discrediting how long writing the original sanitization decorators and directory iterator), I coupled the Deptrac/phparkitect library of my dreams. This is one of the those few times I feel like a supreme deity

Hope I can eat better and get some sleep. This meme is me after getting bounced by those three library rejections