So, some time ago, I was working for a complete puckered anus of a cosmetics company on their ecommerce product. Won't name names, but they're shitty and known for MLM. If you're clever, go you ;)

Anyways, over the course of years they brought in a competent firm to implement their service layer. I'd even worked with them in the past and it was designed to handle a frankly ridiculous-scale load. After they got the 1.0 released, the manager was replaced with some absolutely talentless, chauvinist cuntrag from a phone company that is well known for having 99% indian devs and not being able to heard now. He of course brought in his number two, worked on making life miserable and running everyone on the team off; inside of a year the entire team was ex-said-phone-company.

Watching the decay of this product was a sheer joy. They cratered the database numerous times during peak-load periods, caused $20M in redis-cluster cost overrun, ended up submitting hundreds of erroneous and duplicate orders, and mailed almost $40K worth of product to a random guy in outer mongolia who is , we can only hope, now enjoying his new life as an instagram influencer. They even terminally broke the automatic metadata, and hired THIRTY PEOPLE to sit there and do nothing but edit swagger. And it was still both wrong and unusable.

Over the course of two years, I ended up rewriting large portions of their infra surrounding the centralized service cancer to do things like, "implement security," as well as cut memory usage and runtimes down by quite literally 100x in the worst cases.

It was during this time I discovered a rather critical flaw. This is the story of what, how and how can you fucking even be that stupid. The issue relates to users and their reports and their ability to order.

I first found this issue looking at some erroneous data for a low value order and went, "There's no fucking way, they're fucking stupid, but this is borderline criminal." It was easy to miss, but someone in a top down reporting chain had submitted an order for someone else in a different org. Shouldn't be possible, but here was that order staring me in the face.

So I set to work seeing if we'd pwned ourselves as an org. I spend a few hours poring over logs from the log service and dynatrace trying to recreate what happened. I first tested to see if I could get a user, not something that was usually done because auth identity was pervasive. I discover the users are INCREMENTAL int values they used for ids in the database when requesting from the API, so naturally I have a full list of users and their title and relative position, as well as reports and descendants in about 10 minutes.

I try the happy path of setting values for random, known payment methods and org structures similar to the impossible order, and submitting as a normal user, no dice. Several more tries and I'm confident this isn't the vector.

Exhausting that option, I look at the protocol for a type of order in the system that allowed higher level people to impersonate people below them and use their own payment info for descendant report orders. I see that all of the data for this transaction is stored in a cookie. Few tests later, I discover the UI has no forgery checks, hashing, etc, and just fucking trusts whatever is present in that cookie.

An hour of tweaking later, I'm impersonating a director as a bottom rung employee. Score. So I fill a cart with a bunch of test items and proceed to checkout. There, in all its glory are the director's payment options. I select one and am presented with:

"please reenter card number to validate."

Bupkiss. Dead end.

OR SO YOU WOULD THINK.

One unimportant detail I noticed during my log investigations that the shit slinging GUI monkeys who butchered the system didn't was, on a failed attempt to submit payment in the DB, the logs were filled with messages like:

"Failed to submit order for [userid] with credit card id [id], number [FULL CREDIT CARD NUMBER]"

One submit click later and the user's credit card number drops into lnav like a gatcha prize. I dutifully rerun the checkout and got an email send notification in the logs for successful transfer to fulfillment. Order placed. Some continued experimentation later and the truth is evident:

With an authenticated user or any privilege, you could place any order, as anyone, using anyon's payment methods and have it sent anywhere.

So naturally, I pack the crucifixion-worthy body of evidence up and walk it into the IT director's office. I show him the defect, and he turns sheet fucking white. He knows there's no recovering from it, and there's no way his shitstick service team can handle fixing it. Somewhere in his tiny little grinchly manager's heart he knew they'd caused it, and he was to blame for being a shit captain to the SS Failboat. He replies quietly, "You will never speak of this to anyone, fix this discretely." Straight up hitler's bunker meme rage.

I see many people being irritated when it comes to StackOverflow and If I were to be honest I thought the same a while ago. But I noticed that I was misjudging the main point of Stackoverflow. It's not a forum to help people with their programming problems. It's a huge self writing document to gather every programming related questions and answers under a single platform if possible. That's why they won't down vote you even if you ask a question that was obvious in a language's official document as long as it wasn't in Stackoverflow. That's why questions should also be formatted accordingly which is clear and also informative in itself. I understand why stackoverflow is such a harsh place to ask questions and most of the time I prefer looking things for my self instead of asking a question. And I edit and review most questions on stackoverflow because I enjoy it. That also made me realize that stackoverflow needs to be elitist to preserve it's current quality. Who would want to see unclear duplicate questions that veteran stackoverflow users need to answer over and over again right ?

Asking the right question is hard because we humans most of the time don't know what we don't know. And it makes it really tiring to format your question the way that is fitting for a document. In those times I prefer to ask my questions on a more relaxed and chat focused platform before writing my main question on stackoverflow.

So that was my opinion on stackoverflow and it's harsh environment. It's definetly a hard to get into community which I can't even say I'm really a part of it. But looking at stackoverflow as a document that's being written by ut's users, it's easier to understand it's elitist approach. I hope you had some enjoyment from reading it.

Stackoverflow is an awesome way to find answers to programming problems. It can also be a toxic place in my opinion. I quit posting questions a few years ago. Whenever I posted a question after searching everywhere for hours and trying to be as constructive and everything as possible and making sure it wasn't a duplicate question, it would still be closed as non constructive or down voted or something else. This is why I also dislike stackoverflow next to it being really helpful very often.

Ok, so when I inherit a Wordpress site I've really stopped expecting anything sane. Examples: evidence that the Wordpress "developer" (that term is used in the loosest sense possible) has thought about his/her code or even evidence that they're not complete idiots who wish to make my life hell going forwards.

Have a look at the screen shot below - this is from the theme footer, so loaded on every page. The screenshot only shows a small part of the file. IT LITERALLY HAS 3696 lines.

Firstly, lets excuse the frankly eye watering if statement to check for the post ID. That made me face palm myself immediately.

The insanity comes for the thousands of lines of JQuery code, duplicated to hell and back that changes the color of various dividers - that are scattered throughout the site.

To make things thousands of times worse, they are ALL HANDED CODED.

Even if JavaScript was the only way I could format these particular elements I certainly wouldn't duplicate the same code for every element. After copy and pasting that JQuery a couple of times and normal developer would think one word, pretty quickly - repetition.

When a good developer notes repetition ways to abstract crap away is the first thought that comes to mind.

Hell, when I was first learning to code god knows how long ago I always used functions to avoid repetition.

In this case, with a few seconds though this "developer" could have created a single JQuery handler and use data attributes within the HTML. Hell, as bad as that is, it's better than the monstrosity I'm looking at now.

I'm aware Wordpress is associated with bad developers due to it's low barrier to entry, but this site is something else.

The scary thing is that I know the agency that produced this. They are very large, use Wordpress exclusively and have some stupidly huge clients that would be know nationally.

Wordpress truly does attract some of the most awful "developers" and deserves it's reputation.

If you're a good developer and use Wordpress I feel sorry for you, as you're in small numbers from my experience.

Rant over, have vented a bit and feel better. Thanks Devrant.

I'd say one of the best advice a dev gave me, was that, I should not write duplicate code, but rewrite these parts to a single function.

And another one: If you use specific values in the code, instead of putting it in multiple places, assign it to a variable at one place and use the variable later on.

These advices sound quite trivial, but I think every beginner should learn these as eary as possible.
Boiiii have I seen shitty code from people who don't give a hobo's ass about maintainable code.

Be a good coder.
Write for quality, not quantity.
Care about your successor.

Thank you.
If not, I will fucking find you, fill your guts with napalm and light you up alive on a rusty pole while laughing hysterically.

probably we need "possible duplicate rant" on devrant ^^

So ok here it is, as asked in the comments.

Setting: customer (huge electronics chain) wants a huge migration from custom software to SAP erp, hybris commere for b2b and ... azure cloud
Timeframe: ~10 months….

My colleague and me had the glorious task to make the evaluation result of the B2B approval process (like you can only buy up till € 1000, then someone has to approve) available in the cart view, not just the end of the checkout. Well I though, easy, we have the results, just put them in the cart … hmm :-\
The whole thing is that the the storefront - called accelerator (although it should rather be called decelerator) is a 10-year old (looking) buggy interface, that promises to the customers, that it solves all their problems and just needs some minor customization. Fact is, it’s an abomination, which makes us spend 2 months in every project to „ripp it apart“ and fix/repair/rebuild major functionality (which changes every 6 months because of „updates“.

After a week of reading the scarce (aka non-existing) docs and decompiling and debugging hybris code, we found out (besides dozends of bugs) that this is not going to be easy. The domain model is fucked up - both CartModel and OrderModel extend AbstractOrderModel. Though we only need functionality that is in the AbstractOrderModel, the hybris guys decided (for an unknown reason) to use OrderModel in every single fucking method (about 30 nested calls ….). So what shall we do, we don’t have an order yet, only a cart. Fuck lets fake an order, push it through use the results and dismiss the order … good idea!? BAD IDEA (don’t ask …). So after a week or two we changed our strategy: create duplicate interface for nearly all (spring) services with changed method signatures that override the hybris beans and allow to use CartModels (which is possible, because within the super methods, they actually „cast" it to AbstractOrderModel *facepalm*).
After about 2 months (2 people full time) we have a working „prototype“. It works with the default-sample-accelerator data. Unfortunately the customer wanted to have it’s own dateset in the system (what a shock). Well you guess it … everything collapsed. The way the customer wanted to "have it working“ was just incompatible with the way hybris wants it (yeah yeah SAP, hybris is sooo customizable …). Well we basically had to rewrite everything again.
Just in case your wondering … the requirements were clear in the beginning (stick to the standard! [configuration/functinonality]). Well, then the customer found out that this is shit … and well …

So some months later, next big thing. I was appointed technical sublead (is that a word)/sub pm for the topics‚delivery service‘ (cart, delivery time calculation, u name it) and customerregistration - a reward for my great work with the b2b approval process???

Customer's office: 20+ people, mostly SAP related, a few c# guys, and drumrole .... the main (external) overall superhero ‚im the greates and ur shit‘ architect.
Aberage age 45+, me - the ‚hybris guy’ (he really just called me that all the time), age 32.
He powerpoints his „ tables" and other weird out of this world stuff on the wall, talks and talks. Everyone is in awe (or fear?). Everything he says is just bullshit and I see it in the eyes of the others. Finally the hybris guy interrups him, as he explains the overall architecture (which is just wrong) and points out how it should be (according to my docs which very more up to date. From now on he didn't just "not like" me anymore. (good first day)
I remember the looks of the other guys - they were releaved that someone pointed that out - saved the weeks of useless work ...

Instead of talking the customer's tongue he just spoke gibberish SAP … arg (common in SAP land as I had to learn the hard way).
Outcome of about (useless) 5 meetings later: we are going to blow out data from informatica to sap to azure to datahub to hybris ... hmpf needless to say its fucking super slow.
But who cares, I‘ll get my own rest endpoint that‘ll do all I need.

First try: error 500, 2. try: 20 seconds later, error message in html, content type json, a few days later the c# guy manages to deliver a kinda working still slow service, only the results are wrong, customer blames the hybris team, hmm we r just using their fucking results ...
The sap guys (customer service) just don't seem to be able to activate/configure the OOTB odata service, so I was told)
Several email rounds, meetings later, about 2 months, still no working hybris integration (all my emails with detailed checklists for every participent and deadlines were unanswered/ignored or answered with unrelated stuff). Customer pissed at us (god knows why, I tried, I really did!). So I decide to fly up there to handle it all by myself

What's worst than doing something you don't like?

Having to do it again.

So save.

*Reports bug on Firefox (bugzilla) 3 months ago*
*spend a lot of time being clear and descriptive as possible*
*gets literally no attention*
*someone else reports the exact same bug 5 days ago but with a picture and less words*
*everyone responds*
*mfw I didn’t know you could add pictures 😑*
*my bug gets closed for being a duplicate even though it’s the original*

Fuck you cunts

Ok now I'm gonna tell you about my "Databases 2" exam. This is gonna be long.

I'd like to know if DB designers actually have this workflow. I'm gonna "challenge" the reader, but I'm not playing smartass. The mistakes I point out here are MY mistakes.

So, in my uni there's this course, "Databases 2" ("Databases 1" is relational algebra and theoretical stuff), which consist in one exercise: design a SQL database.

We get the description of a system. Almost a two pages pdf. Of course it could be anything. Here I'm going to pretend the project is a YouTube clone (it's one of the practice exercises).

We start designing a ER diagram that describes the system. It must be fucking accurate: e.g. if we describe a "view" as a relationship between the entities User and Video, it MUST have at least another attribute, e.g. the datetime, even if the description doesn't say it. The official reason?

"The ER relationship describes a set of couples. You can not have two elements equal, thus if you don't put any attribute, it means that any user could watch a video only once. So you must put at least something else."

Do you get my point? In this phase we're not even talking about a "database", this is an analysis phase.

Then we describe the type dictionary. So far so good, we just have to specify the type of any attribute.

And now... Constraints.
Oh my god the constraints. We have to describe every fucking constraint of our system. In FIRST ORDER LOGIC. Every entity is a set, and Entity(e) means that an element e belongs to the set Entity. "A user must leave a feedback after he saw a video" becomes like

For all u,v,dv,df,f ( User(u) and Video(v) and View(u, v, dv) and feedback(u, v, f) ) ---> dv < df

provided that dv and df are the datetimes of the view and the feedback creation (it is clear in the exercise, here seems kinda cryptic)

Of course only some of the constraints are explicitly described. This one, for example, was not in the text. If you fail to mention any "hidden" constraint, you lose a lot of points. Same thing if you not describe it correctly.

Now it's time for use cases.
You start with the usual stickman diagram. So far so good.
Then you have to describe their main functions.

In first order logic. Yes.

So, if you got the point, you may think that the following is correct to get "the average amount of feedback values on a single video" (1 to 5, like the old YT).
(let's say that feedback is a relationship with attribute between User and Video

getAv(Video v): int
Let be F = { va | feedback(v, u, va) } for any User u
Let av = (sum forall f in F) / | F |
return av

But nope, there's an error here. Can you spot it (I didn't)?

F is a set. Sets do not have duplicates! So, the F set will lose some feedback values! I can not define that as a simple set!

It has to be a set of couples, like (v, u), where v is the value and u the user; this way we can have duplicate feedback values in our set.

This concludes the analysis phase. Now, the design.

Well we just refactor everything we have done until now. Is-a relations become relationships, many-to-many relationships get an "association entity" between them, nothing new.
We write down on paper every SQL statement to build any table, entity or not. We write down every possible primary key or foreign key. The constraint that are not natively satisfied by SQL and/or foreign keys become triggers, and so on.

This exam is considered the true nightmare at our department. I just love it.

Now my question is, do actually DB designers follow this workflow? Or is this just a bloody hard training in Pai Mei style?

Today, I got some crap on my desk with possible bug reports from the field. They have been lingering somewhere for fucking MONTHS, and suddenly, an immediate answer was due. I was the unlucky one who was the least clueless about the product involved. SHIT.

OK, sifted through the reports. Some of them were duplicate, others obviously not our problem. No idea where to even start for the rest. FUCK, it's Friday!

But here comes "senior dev secret knowledge"(tm). Instead of saying WTF-IDK, I proposed an "action plan"(tm) (that BS term alone...) detailing the steps that we would need to take, and since I had no idea how long we would need, I just added enough steps in the "action plan"(tm) to make two weeks of investigation believable.

PM was very happy and just took that as direct customer reply. Now it's weekend anyway. :-)

!rant

So I have bought a new laptop and this time instead of straight up booting linux I had an idea of giving micro$oft a try, so I have decided to use only their services for 2 weeks.

To be honest, I really did not expect windows to use do much cpu and hdd during updates and background tasks, but after a day it was ok and windows feels snappier than during my last encounrer (maybe cause the new hw?).

I was even so dedicated that I started to use cortana and I have to tell, that she is dumb as fuck, since she fails to understand even the basic tasks and if u want something advanced, she refers to the next update. But boy, tell her to open Visual Studio and she asks if you want VS Code or Visual Studio, which seems great. But my response was 'Code' then she insisted that I said Coke. Im like OK, Im not native english speaker, lets try Visual Studio Code, where she told me that there is no such thing and Spelling VS - Code ended me in bing search for Unesco :/

I really want to like Cortana, she has nice name, nice history, but she is like that A girl from class, who looks gorgeous, has great voice, but then u reallise that she just eats a book before exam and after that she is that dumb basic hoe.

I also gave a shot to Bing and Edge. Bing is something between Google and DuckDuckGo, since it gives you a liiitle less results from search history, yet if you want to find something in different language its even possible to tell you that what are you trying to find does not exist.

But I have to tell, that I like Edge and I mean it. Like... Its fast and has some good features, like pushing all your open tavs away, so you can open them Later. It also does not have that stupid ass feature that lets you control tab from left to right, not by chronological order, so you wont end up in infinity loop of 2 tabs. And even if people make fun of M$ trying to convince you to use Edge by being too aggresive. God go on edge and try to use some Google Service(You still dont use chrome?!).

I also tried to play with .Net core and I have to tell that against java they are a bit further. I liked some small features, but what I just simply loved was rhe fucking documentation. You basically dont need google, sincw they give you examples and explain in a human way.

What I didnt quite get was the 'big' Visual Studio. Tje dark theme to me feels strange(personal and irrelevant). Why the hell I do need to press 2 shortcuts to duplicate line?! Why is it so hard to find a plugin to give me back my coloured brackets and why the fuck it takes like a second to Cut one line of code on a damn i7?!

Visual studio Code was something different. It shows how dark theme should be done, the plugin market is full of stuff and the damn shortcuts are not made for octopi. So I have to recommend it ^^.

I even gave a shot to word and office as a whole and fuck I never knew that there are so many templates. It really made my life easier, since all you need to do is find the right one in the app, instead of browsing templates online, where half of them are for another version of your text editor.

Android Launcher was fast, had a clever widget of notes and the sync was pretty handy to be honest so I liked that one as well.

What made me furious was using the CLI. Godfucking damn what the fuck is ipconfig?! :/

Last thing what made me superbhappy was using stuff without wine and all of the addional shit. Especially using stuff like Afinity Designer and having good looking apps in general. I mean Open source has great tools l sometimes with better functionality. But I found out, that what is pleasure to look at, is pleasure to work with.

To Summarize a bit.

It wasnt that bad as I expected. I see where they are heading with building yet another ecosystem of It just works and that they are aiming at professionals once again.

So I would rate it 6/10, would be 7 if that shit was Posix compatible.

I know that for Balmer is a special place in hell... But with that new CEO, Microsoft at the end may make it to purgatory..

People are usually better known for something special in their social circles, like a habit, or something they like, or a phrase they often use, like their catchphrase...
As a developer, do you think you have like a code leitmotif? A singular habit or a certain algorithm you like to use?

For example, I'm very mad about string quotes, so I tend to use strictly ' unless it's better / necessary to use ", ` or something else.

I'm interning at a mech eng company. Our products have many possible permutations that customers can choose from a spec sheet.

The backend for us mechanical designers is equivalent to copying and pasting the same code (with slight changes) into a massive switch statement depending on the program's options. So many near duplicate drawings. Each with individual settings that need to be tweaked and linked to other new duplicates every time a new order comes in.

As a programmer it drives me absolute bonkers! I've talked to them about automating it but "we've just always done it this way, so it probably won't change". Well, as soon as I'm done grinding this current project, I'm hoping to put together a practical demo to change their minds.

I have to build a database migration that generates user handles. The user handles are unique within an organization. The user can change them. The auto generated handles are either the first name + last name, or the business name depending on which user type it is. Unless it would be a duplicate. Duplicates auto increment if the handle is taken. The character limit for a user handle is the same length as first name plus last name so I have to check for possible overflow if I add digits. I also have to see if the generated name is in the DB already because a user could have custom entered the result of the auto generation.

This has to be programmed async. The DB driver is using a transaction but multiple calls have to be made to check if the generated handle exists for that organization. Also I have to check the migration script itself for possible duplicates. 3/4 of the users have a handle and with the scale there will definitely be duplicate names.

My idea is if there is a collision, use a UUID and let the users pick something nicer next time they log in. Business says “Reeeeeee!!!! The users shouldn’t see a UUID!!! You can do this!!!” Absurd uniqueness requirements. Absurd backfill procedure. Absurd business rules.

Getting sick of Amazon Interview Process in germany really... HR types do not read emails at all, do not answer questions, send duplicate mails... I already picked possible interview slots and still asked again to fill slot on another form...

Is Amazon Europe standards this low or is it shitty in the States also?