So...Today I found an SQLI (sql injection , google if you're not aware) in one of our products , I start exploring it , I get my trusty Kali on me workstation . sqlmap etc. Tell my manager it's a true positive... I start exploring the db , half the devs at my manager's place start staring at his screen as I proper fuck a QA db server... I hear a qa guy mention triangulation as sqlmap dumps a uid table in his face . I hear my manager's manager saying 'this has been in our app for so long and we found it just now ? Who found it ?' *manager proudly saying me name* 'He's still working this late ?' ...apparently now my trip to england is getting covered for both me and me gf by the company...

Guy called in:

Guy: hello, i can't seem to login to the sql database, could you check if the ip whitelist went right? It's on the *names server* server.
Me: *checks if guy is calling from an authorized number* - nope.
Me: I'm sorry but you're not calling from an authorized number so I can't check that for you!
Guy: no you don't understand. I don't want any of this not-authorized bullshit, I just want a solution for this right now.
Me: and I just want you to call from an authorized number.

Yeah, I actually said that. He wasn't very happy 😅

I'm still employed by the way 🤣

So a few days ago I felt pretty h*ckin professional.

I'm an intern and my job was to get the last 2003 server off the racks (It's a government job, so it's a wonder we only have one 2003 server left). The problem being that the service running on that server cannot just be placed on a new OS. It's some custom engineering document server that was built in 2003 on a 1995 tech stack and it had been abandoned for so long that it was apparently lost to time with no hope of recovery.

"Please redesign the system. Use a modern tech stack. Have at it, she's your project, do as you wish."

Music to my ears.

First challenge is getting the data off the old server. It's a 1995 .mdb file, so the most recent version of Access that would be able to open it is 2010.

Option two: There's an "export" button that literally just vomits all 16,644 records into a tab-delimited text file. Since this option didn't require scavenging up an old version of Access, I wrote a Python script to just read the export file.

And something like 30% of the records were invalid. Why? Well, one of the fields allowed for newline characters. This was an issue because records were separated by newline. So any record with a field containing newline became invalid.

Although, this did not stop me. Not even close. I figured it out and fixed it in about 10 minutes. All records read into the program without issue.

Next for designing the database. My stack is MySQL and NodeJS, which my supervisors approved of. There was a lot of data that looked like it would fit into an integer, but one or two odd records would have something like "1050b" which mean that just a few items prevented me from having as slick of a database design as I wanted. I designed the tables, about 18 columns per record, mostly varchar(64).

Next challenge was putting the exported data into the database. At first I thought of doing it record by record from my python script. Connect to the MySQL server and just iterate over all the data I had. But what I ended up actually doing was generating a .sql file and running that on the server. This took a few tries thanks to a lot of inconsistencies in the data, but eventually, I got all 16k records in the new database and I had never been so happy.

The next two hours were very productive, designing a front end which was very clean. I had just enough time to design a rough prototype that works totally off ajax requests. I want to keep it that way so that other services can contact this data, as it may be useful to have an engineering data API.

Anyways, that was my win story of the week. I was handed a challenge; an old, decaying server full of important data, and despite the hitches one might expect from archaic data, I was able to rescue every byte. I will probably be presenting my prototype to the higher ups in Engineering sometime this week.

Happy Algo!

Boss: Hey we got a new outsourcing project coming up, you know anything about python, sql server and php?

Me: Never worked with sql server nor python but i can learn

Boss: Good, next week you go to the client's place and you start

Me: aight

(week later me at the client)

Client: Ok, your job here will be to fill excel spreadsheets with those fancy functions

Me: :) wut :)

Client: Also our printer died yesterday, can ya fix it?

I think i need a new job..

"Amazon EC2 now offers Microsoft SQL Server 2017 with Red Hat Enterprise Linux 7.4"

Maintain your LinkedIn, write little articles about implementations on a tech blog, check issues on popular github projects and make PRs, create a portfolio website. Register as a company and do some freelance work, even if it's just a cheap website for your grandma's knitting club.

Do the tour/tutorial of every popular language/framework. Learn the basics of react/vue as a backend dev, learn some sql as a frontend dev. Set up a vps server at DO or AWS, host a few small services. Fullstack is bullshit, but communication is key in development, which means you need to know about the whole playing field.

Recruiters can be useful, but knowing developers in your area is even more valuable. So especially if you're unemployed, go to hackathons, conferences and meetups.

I had just started my new job and deleted 3 years of data that the client had spent over £450,000 collecting 😱

another developer used my PC to quickly access the clients database while I was out the room as I had sql management studio open. I went back to my PC thinking I was connected to my local database, did a few truncate tables to test my software and :0 minutes later I get a call asking why there was no data on the server!

Thank god for backups 😓

Company: "We'd like to use SQL Server Enterprise" MS: "That'll be a quarter million dollars + $20K/month" Company: "Ok!" ... Company: "We'd like to use Babel" Babel: "Ok! npm i babel --save" Company: "Cool" Babel: "Would you like to help contribute financially?" Company: "lol no"

I worked on a greenfield project a couple of years ago. The company had an old solution written in Omnis (heard of it? Yeah, me neither) with an SQL database. My team was to create a completely new web based system... on top of the old database, so the customers could keep their existing stuff.

The dba was an intelligent man, one of the nicest people I've met, and over the course of fifteen years he had made a remarkably terrifying monstrosity of a database. Some years before me they wanted to "future proof" the system and make it "easier to switch to new technologies". So they moved the entire business logic into the database...

I used a tool to create a visualization of said database when we started. It had no views, only tables and sprocs. Look at it! Tables and sprocs are rectangles (well, dots) and any connections are drawn in grey lines. There were no foreign keys, so a tables only visualization only yielded a collection of independent rectangles without a single line.

Now, the stored procedures were bloody MASSIVE. A single procedure that only registered a new interested party and attached them to a property had 2500+ lines and over 150 parameters.

Also, this dba added features and fixed bugs by logging into the respective customers production server and writing SQL.

That database is the stupidest thing I've ever seen a developer do.

There’s a SQL joke in there somewhere

What my experience was like learning SQL and server side stuff at my University

My biggest dev blunder. I haven't told a single soul about this, until now.

👻👻👻👻👻👻

So, I was working as a full stack dev at a small consulting company. By this time I had about 3 years of experience and started to get pretty comfortable with my tools and the systems I worked with.

I was the person in charge of a system dealing with interactions between people in different roles. Some of this data could be sensitive in nature and users had a legal right to have data permanently removed from our system. In this case it meant remoting into the production database server and manually issuing DELETE statements against the db. Ugh.

As soon as my brain finishes processing the request to venture into that binary minefield and perform rocket surgery on that cursed database my sympathetic nervous system goes into high alert, palms sweaty. Mom's spaghetti.

Alright. Let's do this the safe way. I write the statements needed and do a test run on my machine. Works like a charm 😎

Time to get this over with. I remote into the server. I paste the code into Microsoft SQL Server Management Studio. I read through the code again and again and again. It's solid. I hit run.

....

Wait. I ran it?

....

With the IDs from my local run?

...

I stare at the confirmation message: "Nice job dude, you just deleted some stuff. Cool. See ya. - Your old pal SQL Server".

What did I just delete? What ramifications will this have? Am I sweating? My life is over. Fuck! Think, think, think.

You're a professional. Handle it like one, goddammit.

I think about doing a rollback but the server dudes are even more incompetent than me and we'd lose all the transactions that occurred after my little slip. No, that won't fly.

I do the only sensible thing: I run the statements again with the correct IDs, disconnect my remote session, and BOTTLE THAT SHIT UP FOREVER.

I tell no one. The next few days I await some kind of bug report or maybe a SWAT team. Days pass. Nothing. My anxiety slowly dissipates. That fateful day fades into oblivion and I feel confident my secret will die with me. Cool ¯\_(ツ)_/¯

I worked at a place where the help desk guys did the good ol' "I'll send an email from your laptop if you walk away without locking it and tell everyone lunch is on you" routine. After it happened to me about 3 times I was like, "I gotta get this help desk prick back!" So after several failed attempts at walking by his pc when he walked away it instantly hit me how I can punk him back.....SO, I logged onto SQL Server, clicked open a new query window and typed up a dbmail command and on the @from parameter I set it to the help desk guy's email address. His face was PRICELESS when I was shooting off emails to the entire IT dept on behalf of him WHILE he was sitting in front of his PC. Lesson is: don't fuck with dev help desk dude! 😎😜

Developer: Can you upgrade my machine to Windows 10? I need it for SQL server 2019.

IT Guy: Sure.

Some time later...

IT Guy: Good news, Windows 10 is loaded. Bad news, I need to update TPM to enable Bitlocker but the firewall is blocking me from downloading the update. I will need to download it from home tonight.

Developer: But you're the IT administrator...

IT Guy: Yes...

Developer: ...

Just saw a microsoft ad saying:

“Six reasons for switching to SQL Server on Linux“

Well done microsoft...

Biggest scaling challenge I've faced?

Around 2006~2007 the business was in double-digit growth thanks to the eCommerce boom and we were struggling to keep up with the demand.

Upper IT management being more hardware focused and always threw more hardware at the problem. At its worst, we had over 25 web servers (back then, those physical tall-rectangle boxes..no rack system yet) and corresponding SQL server for each (replicated from our main sql server)

Then business boomed again and projected the need for 40 servers (20 web servers, 20 sql servers) over the next 5 years. Hardware+software costs (they were going to have to tear down a wall in order to expand the server room) were going to be in the $$ millions.

Even though we were making money, the folks spending it didn't seem to care, but I knew this trajectory was not sustainable, so I started utilizing (this was 2007) WCF services and Microsoft's caching framework Velocity. Started out small, product lookup data (description, price, the simple stuff) and within a month, I was able to demonstrate the web site could scale with less than half of our current hardware infrastructure.

After many political battles (I've ranted about a few of those), the $$ won and even with the current load, we were able to scale back to 5 web servers and 2 sql servers. When the business increased in the double-digits again, and again...we were still the same hardware for almost 5 years. We only had to add another service server when the international side of the business started taking off.

Challenge wasn't the scaling issue, the challenge was dealing with individuals who resisted change.

What an awful day :(

The server where I host my 4 clients websites crashed.

Unable to reboot from the console.

I contact the support. 15 minutes later: "we'll look at this"

No news for 1 week despite my messages.

Then... 1st ticket escalation... 2nd ticket escalation... 3rd ticket escalation...

Answer: "Sorry, your server is down and cannot be repaired."

Fuck.

I ask "is there any way to get my data back?". Answer: "No, because we would shutdown the whole bay and all our clients would be impacted".

Fuck.

I subscribe to another server, at another provider.

I look at my backups... shit, the last one is 4 month ago!!

I restore the first website: OK

I restore the second website: OK

I restore the third website: My new server is "too recent" and not compatible. with this old Wordpress. Fuck! I'll look at this later...

I restore the fourth website: database is empty!! What??? I look at the SQL backup for this site... it failed...

I lost ALL my 4th client data!!!

I'm sooooo piece of crap!

I worked in the same building as another division in my organization, and they found out I had created a website for my group. They said, “We have this database that was never finished. Do you think you could fix it?”

I asked, “What was it developed in?”
He replied, “Well what do you know?”
I said, “LAMP stack: PHP, MySQL, etc.” [this was over a decade ago]

He excitedly exclaimed, “Yeah, that’s it! It’s that S-Q-L stuff.”

I’m a little nervous at this point but I was younger than 20 with no degree, entirely self-taught from a book, and figured I’d check it out - no actual job offer here yet or anything.

They logged me on to a Windows 2000 Server and I become aware it’s a web application written in VB / ASP.NET 2.0 with a SQL Server backend. But most of the fixes they wanted were aesthetic (spelling errors in aspx pages, etc.) so I proceeded to fix those. They hired me on the spot and asked when I could start. I was a wizard to them and most of what they needed was quite simple (at first). I kept my mouth shut and immediately went to a bookstore after work that day and bought an ASP.NET book.

I worked there several years and ended up rewriting that app in C# and upgrading the server and ASP.NET framework, etc. It stored passwords in plaintext when I started and much more horrific stuff. It was in much better shape when I left.

That job was pivotal in my career and set the stage for me to be where I am today. I got the job because I used the word “SQL” in a sentence.

Attended one of the best meetups ever. To give you an idea how awesome it was..

Speaker took the first ~20 minutes introducing himself.
His intro card deck kept referring to himself in the third person (he is the only employee in consulting 'company'). Ex. "Mr. Smith began his humble career .."

The powerpoint presentation began with him clicking each page, not executing the slideshow (ex. pressing F5).
Finally someone asked "Can you make slide bigger?"

S:"You can't read that?..um..sure...I guess .."
Starts fumbling around the zoom ...
Dev: "No, can you start the slideshow?"
S: "I don't know what you mean...there...I zoomed it, is that better? Now I can't see my notes..just sec.."
<fumbles again with the zoom>
Dev: "No, not zoom, start the slide show, press F5"
S: "Oh...you want me to F5 it...OK..."
<he *clicks* the slide show button>

Finally getting into code, trying to get out of powerpoint ...
S: "How do I get out of this fullscreen?.."
Dev: "Hit escape"
S:"No..um.."
<keeps trying to click on 'something'>
S:"I see visual studio, but its not on the big screen... "
<keeps click on 'something', no one is sure whats going on>
Dev: "Hit Escape to stop the slideshow"
<finally hits escape, then able to put Visual Studio on the big screen>
S: "Ahh...there, I figured it out."

Speaker had no end of making wild/random statements like:
".Net Core is the future of Microsoft, if you're using .Net 4.5...forget it, its not even supported anymore."
"When I was at Microsoft Build, I asked them why not put all the required .Net assemblies in one directory. Looks like with .Net Core, they listened to me" (he was serious)
"I don't use SQL Server Mgmt Studio. Its free and it sucks. I use <insert a very expensive SSMS clone>, its great, you guys should check it out", then proceeds to struggle to open a query window to write some SQL.
"When you use .Net Core and EntityFramework, you have to write your own stored procedures. If a developer can't write stored procedures, he shouldn't be in this business."

I was on the edge of my seat, hungry for the next crazy bat-shit thing to come out of his mouth. He did not disappoint. BEST MEETUP EVER!

People complaining "oh I always have trouble figuring out if the clock goes forwards or backwards in October"

Bitch please, I'm dealing with 12 databases, with SQL dates as local timezone timestamps, and an influxDB in UTC. I'm dealing with a backend server configured in CEST and a middleware layer configured in Pacific time, and a hundred functions which try to keep everything straight because no one dares to migrate it all to UTC at this point.

In the whole argument about DST you hear about sleep psychology, electricity bills and farmers.

But what about me, the poor database administrator? What about all these ugly legacy systems, what about all the UX designers trying to fix time input pickers?

I spend 2 months a year in agony having nightmares of rips and folds in the flow of time. DAYLIGHT SAVING DOESN'T FUCKING MAKE SENSE HOW CAN TIME EXIST TWICE?

MSFT has a good sense of humour :p
What a time to be a .NET dev :')

Laravel is the worst framework ever.

Everything has to be made convenient and easy. That sounds amazing, because developers want to save time, worry less about boilerplate code, right? No more constructors, no more dependency injection, fuck all the tedious OOP shit... RIGHT?

It does one thing well: Make PHP syntax uniform and concise through easily integrated libraries such as Collection and Carbon. But those are actually not really part of the framework... just commonly integrated and associated with Laravel.

The framework itself is completely derailed: You can define code in a callback in the routes file. You can define a controller in the routes file. You can define middleware as a parameter to the route, as a fluent method to the route, you can stack them up in a service provider. Validators can be made in controllers, Request objects, service providers, etc. You can send mail inline, through Mailable objects, through Notification objects, etc.

Everything is macroable, injectable, and definable in a million different places. Ultimate freedom!

Guess what happens when you give 50 developers of various seniority a swiss army knife?

One hammers in a screw with a nail file, the other clips the head from the screw using scissors, and you end up with an unworkable mess and blunt tools.

And don't get me started about Eloquent, the Active Record ORM. It's cute for the simple blog/article/author/comment queries, but starts choking when you want more selective and performant queries or more complex aggregates, and provides such an opaque apple-esque interface which lets people think everything is OK, when in reality it's forcing the SQL server to slowly commit suicide.

1. Connect your laptop to prod-vpn
2. Open SQL Server Management Studio for debugging
3. Walk away
4. Find your 3 year old at your laptop
5. Panic.
6. Thank Microsoft for locking the screen when the laptop sleeps.

One day my boss called me in to his office. "I need you to sort Bernie out".
Bernie? "Oh, you don't know about Bernie!"
Turns out Bernie was a Windows 2000 server running SQL 2000 that had all sorts of antique applications and SSIS packages running on it. Nobody was sure what it did, or if it was even still alive, but nobody was game to just switch it off.
So, after 2 months of chasing down source code, analysing it, looking for non-existent documentation, I was finally able to say.
Bernie's dead. You can bury him.

Our website once had it’s config file (“old” .cgi app) open and available if you knew the file name. It was ‘obfuscated’ with the file name “Name of the cgi executable”.txt. So browsing, browsing.cgi, config file was browsing.txt.
After discovering the sql server admin password in plain text and reporting it to the VP, he called a meeting.
VP: “I have a report that you are storing the server admin password in plain text.”
WebMgr: “No, that is not correct.”
Me: “Um, yes it is, or we wouldn’t be here.”
WebMgr: “It’s not a network server administrator, it’s SQL Server’s SA account. Completely secure since that login has no access to the network.”
<VP looks over at me>
VP: “Oh..I was not told *that* detail.”
Me: “Um, that doesn’t matter, we shouldn’t have any login password in plain text, anywhere. Besides, the SA account has full access to the entire database. Someone could drop tables, get customer data, even access credit card data.”
WebMgr: “You are blowing all this out of proportion. There is no way anyone could do that.”
Me: “Uh, two weeks ago I discovered the catalog page was sending raw SQL from javascript. All anyone had to do was inject a semicolon and add whatever they wanted.”
WebMgr: “Who would do that? They would have to know a lot about our systems in order to do any real damage.”
VP: “Yes, it would have to be someone in our department looking to do some damage.”
<both the VP and WebMgr look at me>
Me: “Open your browser and search on SQL Injection.”
<VP searches on SQL Injection..few seconds pass>
VP: “Oh my, this is disturbing. I did not know SQL injection was such a problem. I want all SQL removed from javascript and passwords removed from the text files.”
WebMgr: “Our team is already removing the SQL, but our apps need to read the SQL server login and password from a config file. I don’t know why this is such a big deal. The file is read-only and protected by IIS. You can’t even read it from a browser.”
VP: “Well, if it’s secured, I suppose it is OK.”
Me: “Open your browser and navigate to … browse.txt”
VP: “Oh my, there it is.”
WebMgr: “You can only see it because your laptop had administrative privileges. Anyone outside our network cannot access the file.”
VP: “OK, that makes sense. As long as IIS is securing the file …”
Me: “No..no..no.. I can’t believe this. The screen shot I sent yesterday was from my home laptop showing the file is publicly available.”
WebMgr: “But you are probably an admin on the laptop.”
<couple of awkward seconds of silence…then the light comes on>
VP: “OK, I’m stopping this meeting. I want all admin users and passwords removed from the site by the end of the day.”

Took a little longer than a day, but after reviewing what the web team changed:
- They did remove the SQL Server SA account, but replaced it with another account with full admin privileges.
- Replaced the “App Name”.txt with centrally located config file at C:\Inetpub\wwwroot\config.txt (hard-coded in the app)
When I brought this up again with my manager..
Mgr: “Yea, I know, it sucks. WebMgr showed the VP the config file was not accessible by the web site and it wasn’t using the SA password. He was satisfied by that. Web site is looking to beat projections again by 15%, so WebMgr told the other VPs that another disruption from a developer could jeopardize the quarterly numbers. I’d keep my head down for a while.”

Worst legacy experience...

Called in by a client who had had a pen test on their website and it showed up many, many security holes. I was tasked with coming in and implementing the required fixes.

Site turned out to be Classic ASP built on an MS Access database. Due to the nature of the client, everything had to be done on their premises (kind of ironic but there you go). So I'm on-site trying to get access to code and server. My contact was *never* at her desk to approve anything. IT staff "worked" 11am to 3pm on a long day. The code itself was shite beyond belief.

The site was full of forms with no input validation, origin validation and no SQL injection checks. Sensitive data stored in plain text in cookies. Technical errors displayed on certain pages revealing site structure and even DB table names. Server configured to allow directory listing in file stores so that the public could see/access whatever they liked without any permission or authentication checks. I swear this was written by the child of some staff member. No company would have had the balls to charge for this.

Took me about 8 weeks to make and deploy the changes to client's satisfaction. Could have done it in 2 with some support from the actual people I was suppose to be helping!! But it was their money (well, my money as they were government funded!).

So you build a beautiful site; you spend good time on UX, refactoring, server optimisation, getting good page load speeds, SQL all optimised - life is good.
Commercial team comes in and slaps clickbait, generic advertising, tracking scrips over the lot.
Page loads go from a second to 30 seconds and even though you made sure all those crappy ad scripts are asynchronous pages still hang most times. PingdomTools lists your page scripts as going from 40 files to over 900... now users are ringing me up giving me grief about how slow this new company website is...

We had issues with lack of disk space on our production SQL server. Another developer decided to delete the databases he thought weren't in use to clear some space.

Ever think about checking first?!

Production chaos!

Four semesters in. As a class we’ve learned Java, SQL, HTML/CSS, JavaScript, C++, C#, and a small amount of PHP

We’ve built databases, websites, apps for phone and desktop, and we’ve toyed with game development in unity

We’ve used multiple IDE’s with differing pros and cons, virtual machines, server development stacks (XAMPP), data structures, and we’ve used multiple sorting algorithms to learn their differences.

Some things on here are immensely more difficult than others. If at 4 semesters in you still don’t know how to AT LEAST google your issues for 10 minutes or even READ THE DAMN BOOK, then please don’t bother asking TA’s for help we have our own assignments to do and can’t afford spend an hour working with you to fix your code while you just ignore our suggestions

Four semesters in you should know where to find help online and if that doesn’t work, how to ask for and accept help. If you can’t then I’m sorry. I’m going to spend my time helping others, before I waste my time trying to help you

Decompiled a .exe from a program that was written in Visual Basic 6.

Got a public server IP, username and Password that was hardcoded in the program.

Found out it was a SQL Server. I've now got full access to the server.

I want to tell the company about this, but I'm afraid I might get sued. Any advice?

Customer : c
Me : m

*Few weeks ago*
C: the server is slow, it sometimes takes 7 seconds before I see our data

(the project is 7+ years old and wasn't written by someone who is very good in SQL)

M: yeah I see that, our servers are busy with this one "process" (SQL query)
C: make it faster
M: well that's possible but it will take a few days (massive SQL spaghetti that I first have to untangle)
C: 😡 nvm then

*Yesterday*
C: server is down !
M: 🤔 *loads data from server and waits ~ 7 seconds*
M: Well what's the problem?
C: I need the data but it's so slow

WELL YOU MINDLESS IMBECILE... If something is slow it doesn't mean our god damn production server is down !
That just means that you have to give us a day or two so we can optimise the (ALSO BY YOUR REQUEST) rushed project... And save you YOUR money that YOU waste on the processing time on our server...

Years ago we deployed this system with a SQL DB on a separate windows server.
Every now and then we had error messages saying that the system could not connect to the db. It was going on for about 5 minutes or so and then the db was up again.
We built a bunch of fallback logic to handle it gracefully.
Then one day one of the guys was in the "server room". It was not a real server room but like a dedicated office in another building.
He saw how the cleaning lady came in, unplugged the server's cable from the wall socket and plugged in the vacuum cleaner...

SQL Server gives such descriptive errors after failing at 99% -_-

One step through the door my wife whips around, a look so disgusted she barely seems human. "What's that smell?" she cries. "It's you! You smell like...like bad code!"

Indeed, I am covered with the scent of the forbidden love child of a man who read half a chapter on if-then statements and then pushed out into the world, earthworm-like, a mangled misshapened gelatinous mass that my employer gave the title of line-of-business application purely out of pity.

For more days than I'd like to count I have been porting a ColdFusion 5 application to .NET. Initially written in 2000 and last touched in 2006, it has a data architecture comparable to Dresden after the second world war. It features a table solely comprised of seven columns of IDs so that joins can be made between other tables lacking a common key. Columns that should be contained within a single table spread out among multiple tables. Single columns containing data that should be multiple columns (with handy flags to separate the subsets). A view with 14 joins that playfully displays unintended results. And so much more spread out over almost 200 stored procedures, views, triggers, and tables on the SQL server, and dozens of additional ADO-like SQL statements within the ColdFusion itself. Fortunately, the application overcomes these issues by having absolutely no data validation while allowing nulls pretty much everywhere.

When I am done this will be a very nice ASP.NET MVC app with at least 150 less stored procs, views, and tables. Auto-generated duplicate entries will be a thing of the past. Pop-up windows that inexplicably refresh the underlying screen to display a different part of the program than the one the user wants will be eliminated. And a UI based on the colors of a Rubik's Cube with usability that Mr. Rubik would find challenging will disappear with only the trauma of using it left behind.

Sadly, this is not my worse legacy code experience. Just the most recent. Just the most recent stench added to a lifetime of bathing in code rot.

The gift that keeps on giving... the Custom CMS Of Doom™
I've finally seen enough evidence why PHP has such a bad reputation to the point where even recruiters recommended me to remove my years of PHP experience from the CV.

The completely custom CMS written by company <redacted>'s CEO and his slaves features the following:
- Open for SQL injection attacks
- Remote shell command execution through URL query params
- Page-specific strings in most core PHP files
- Constructors containing hundreds of lines of code (mostly used to initialize the hundreds of properties
- Class methods containing more than 1000 lines of code
- Completely free of namespaces or package managers (uber elite programmers use only the root namespace)
- Random includes in any place imaginable
- Methods containing 1 line: the include of the file which contains the method body
- SQL queries in literally every source file
- The entrypoint script is in the webroot folder where all the code resides
- Access to sensitive folders is "restricted" by robots.txt 🤣🤣🤣🤣
- The CMS has its own crawler which runs by CRONjob and requests ALL HTML links (yes, full content, including videos!) to fill a database of keywords (I found out because the server traffic was >500 GB/month for this small website)
- Hundreds of config settings are literally defined by "define(...)"
- LESS is transpiled into CSS by PHP on requests
- .......

I could go on, but yes, I've seen it all now.

Please Java and all java shit, take more memory I don't need it -_-
16GB doesn't seem to be enough to have a VM and Android Studio Open but it is more than enough to have
1. Visual Studio
2. SQL Server Management Studio
3. VM
4. FireFox
5. Visual Studio code

Fuck. This. Shit!

A recent project actually taught me how HORRIBLY STUPID it is to store large bodies of text in a SQL Server database. There were millions of records with pages of compressed text each.

More and more text records pile on every single day. Needless to say it was becoming super slow and backups were taking WAY too long.

After refactoring them out as compressed files to disk storage (I love you, micro-services) and dropping them completely from the database, the backup size went from 90gb to 3gb!

It's not every day you get to see a dramatic result like that from a refactor.

Lesson learned, and yes it was quite cool.

At work for a bank, I changed the target SQL Server in my SSIS project and arbitrarily, all my custom-coded scripts were erased!!

I didn't take backups and I spent a week coding them! Fuuuuuuuuuckkkkk 😠

Ended up rewriting them.

I learned my lesson... 😥

So we have this long term contractor that EVERY FUCKING TIME says MySQL meaning SQL Server... Like wtf dude? Shut the fuck up...

This happend to me around 2 weeks ago. For some reason, I decied to post this now.

I won the lottery, yey! I mean, bot really, but I am <19yo student, "less than junior dev" in my office, but sonce I am the only one who is capable of working with hardware, I was working month back as a sysadmin for a few days. Our last sysadmin was really good working but really, really toxic guy, so he got fired on a spot after argument with some manager or whatever, no big deal, we could have another guy hired in a week. But, our backup server literally was on fire, all data probably dead because bad capacitor or whatever. This was our only backup of everything at the time. Everyone in full fucking panic mode, we had literally no other working HW we could use for backup, but then comes me, intern employed on his first dev job for 3 months. That day I bought some HW for my own personal server at home (Intel NUC with some Celeron, 4GB DDR4 RAM and two 240GB SSDs for RAID 1. My manager asked everyone in the office for sollution how to survive next 4 days before new server arrives. People there had no idea what tk do and no knowedgle about HW, I just came from a break and offered my components for a week, since there was noone else who can work with HW, servers and stuff like this, manager offered me $500+HW cost if I, random intern, can make it work. I installed Debian on that little PC, created RAID1 from both SSDs, installed MySQL server and mirrored GIT server from our last standing server (we had two before one of them went lit 🔥), made simple Python script to copy all data on that RAID, with some help of our database guy copied whole DB from production to this little computer and edited some PHP so every SQL request made on our server will run on that NUC too. Everything after ±2 hours worked perfectly. Untill a fucking PSU burned in our server and took RAID controller with him in sillicon heaven next night, so we could not access any data unltill we got a new one. Thanks to every god out there, I was able to create software RAID from survived HDDs on our production server and copy all data from that NUC on the servers software RAID and make it working at 3 AM in the night before an exam 😂. Without this, we would be next ±40 hours without aerver running and we might loose soke of our data and customers. So my little skill with Linux, Python, MySQL and most importantly my NUC hardware I got that day running as a backup server saved maybe whole company 😂.
Btw, guess who is now employee of the year with $2500 bonus? 😀
Sorry for bragging and log post, but I was so lucky an so happy when everything worked out, good luck to all sysadmins out there! 👍

TL:DR: Random intern saved company and made some money 😂

I know a lot of you already know/do this, but to those of you who don't - I know it has saved me more than once:

If you use SSMS (SQL Server Management Studio) - when connecting to a server, before you hit the "connect" button, under options, choose a color to represent which server you are connecting to. I personally use stoplight colors: red = prod, yellow = QA, green = dev....this way, it helps you realize what server you are connected to, minimizing our dreaded "oh shit" moments....lol

Hopefully this helps someone ☺

So ehm, tl;dr: KEEP DAILY BACKUPS. EVEN IF SOMEONE SAYS NOT TO.

7:48
Manager: Hey Tom, is the server down?
Me: Nah, should be ok, I just did some maintenance this sunday.
Manager: But I can't get [some work data from SQL server]
*Nervous giggle*

9:14: Some random off-site cunt they hired didn't read the notes that said "DO NOT REMOVE DATABASE [xyz]"
9:20-ish: Web don't even have the DB. And you said that we'll figure out what to do with backups later
*Suddenly manager starts to panic*
11:47: Found backup of the entire server on and old server that we had for spare parts, still running tho.
12:something: Everything back up and working.

Really glad I kept the old server running and doing daily backups. Saved our ass for the second time. And finally, new off-site backup is planned this week.

Setup Slack integration with SQL Server to feed realtime reports to channels....the company estimated this would take 1 week, I did it in 1 hour. Boom. Suck it.

Unaware that this had been occurring for while, DBA manager walks into our cube area:

DBAMgr-Scott: "DBA-Kelly told me you still having problems connecting to the new staging servers?"
Dev-Carl: "Yea, still getting access denied. Same problem we've been having for a couple of weeks"
DBAMgr-Scott: "Damn it, I hate you. I got to have Kelly working with data warehouse project. I guess I've got to start working on fixing this problem."
Dev-Carl: "Ha ha..sorry. I've checked everything. Its definitely something on the sql server side."
DBAMgr-Scott: "I guess my day is shot. I've got to talk to the network admin, when I get back, lets put our heads together and figure this out."
<Scott leaves>
Me: "A permissions issue on staging? All my stuff is working fine and been working fine for a long while."
Dev-Carl: "Yea, there is nothing different about any of the other environments."
Me: "That doesn't sound right. What's the error?"
Dev-Carl: "Permissions"
Me: "No, the actual exception, never mind, I'll look it up in Splunk."
<in about 30 seconds, I find the actual exception, Win32Exception: Access is denied in OpenSqlFileStream, a little google-fu and .. >
Me: "Is the service using Windows authentication or SQL authentication?"
Dev-Carl: "SQL authentication."
Me: "Switch it to windows authentication"
<Dev-Carl changes authentication...service works like a charm>
Dev-Carl: "OMG, it worked! We've been working on this problem for almost two weeks and it only took you 30 seconds."
Me: "Now that it works, and the service had been working, what changed?"
Dev-Carl: "Oh..look at that, Dev-Jake changed the connection string two weeks ago. Weird. Thanks for your help."
<My brain is screaming "YOU NEVER THOUGHT TO LOOK FOR WHAT CHANGED!!!"
Me: "I'm happy I could help."

>> this === rant
<< true

At beginning of this year, I only knew HTML, JS, and CSS so I just applied for offers like "Jr Apprentice Dev in Front-End"
In a interview call, the woman told me that they will send me a test asking about my JS and HTML5 knowledge.
When I look in my inbox, the mail subject says "Back-end Test".

Then I call the woman:

Me: "Hello, I have received the test mail, but maybe it's wrong. I applied for a Front-End position and the test is about backend! "

She: "Do you have skills in JS and HTML5?"

Me: "Yes!, and CSS3"

She: "Well, the test is about that. JS, jQuery, and HTML5"

Me: "..."

Me: "Sorry, that languages are Front-End. In the subject say 'Back-End' and Back-End is PHP, SQL, MySQL, Java, .Net... I don't know nothing about that. I only know HTML, JS, CSS."

She: "It's the same"

Me: "I sorry but it's not the same. Fron-End is client-side, what users sees. Animation, colors, FXs, buttons, forms... And Back-End is server-side, what users doesn't see."

She: "Well, JS, HTML, and CSS is backend for us. We call it that way too"

Me: "Sorry but that is wrong. I invite you to read some basic info. Now I am confused"

Of course that I am not confused. That idi0t was wrong.
Perhaps recruiters should take some info about areas where they are recruiting... (:T)

Before 10 years, a WordPress site hacked with sql injection. They had access to site, they modified many php files and installed commands to download random malwares from over the internet.

At first I didn't know that it hacked and I was trying to remove any new file from the server. That was happening every 1-2 days for a week.

Then I decided to compare every WordPress file with the official, it was too many files, and I did it manually notepad side notepad!! :/

Then I found about over 50 infected files with the malware code.

Cleaned and finished my job.

No one else knows that I did a lot of hard job.

I interviewed to this small company. It was a position requiring a lot of experience they said. They did Microsoft SQL server and their technical interview questions were so easy it took me a lot of time to answer them because I was looking for traps, like for real. Think I might've answered too complex for them as well.

In the non-technical interview they joked about how they'd need to reserve two saunas in team events (Finnish thing) as they were all male and I would've been the first female.

Then they asked questions about my *children*. "Who takes care of them when they're sick?" Ummm, yeah, illegal much.

In the end they didn't hire me but they took two interns from the vocational school (or applied sciences). Yeah, so hard a job a Master of Science in Software Engineering with (at that point) three years of full-stack experience couldn't handle but some not even graduate interns could do?

Oh, and fun thing was. A couple months later a recruiter called me about the same company. I told *her* the story and she said she's gonna drop that company from her list and said no wonder they complain about not getting people for them. xD

I also send a tip to my unions discrimination department. They used my case as an example in presentations so suppose this experience served a purpose. ¯\_(ツ)_/¯

Omg GuyZ I am looking tp CreAte the NeXt fb!! whAt shOulD I Use? (not php lol fuck php amirite) AnD use machiNe leArninG with nodE tO drive flying cArZ

btw I am from <completely isolated and technology ignored country> but i am l337 af! I don't know about html, css, server administration or even basic sql

WHERE SHOULD I START!!

Signed: account user with -5 points, not that it matters at all.

Y'all wanna know what is more fucking annoying than those morons? you dickwads trying to teach them shit or having arguments with them.

I've found and fixed any kind of "bad bug" I can think of over my career from allowing negative financial transfers to weird platform specific behaviour, here are a few of the more interesting ones that come to mind...

#1 - Most expensive lesson learned

Almost 10 years ago (while learning to code) I wrote a loyalty card system that ended up going national. Fast forward 2 years and by some miracle the system still worked and had services running on 500+ POS servers in large retail stores uploading thousands of transactions each second - due to this increased traffic to stay ahead of any trouble we decided to add a loadbalancer to our backend.

This was simply a matter of re-assigning the IP and would cause 10-15 minutes of downtime (for the first time ever), we made the switch and everything seemed perfect. Too perfect...

After 10 minutes every phone in the office started going beserk - calls where coming in about store servers irreparably crashing all over the country taking all the tills offline and forcing them to close doors midday. It was bad and we couldn't conceive how it could possibly be us or our software to blame.

Turns out we made the local service write any web service errors to a log file upon failure for debugging purposes before retrying - a perfectly sensible thing to do if I hadn't forgotten to check the size of or clear the log file. In about 15 minutes of downtime each stores error log proceeded to grow and consume every available byte of HD space before crashing windows.

#2 - Hardest to find

This was a true "Nessie" bug.. We had a single codebase powering a few hundred sites. Every now and then at some point the web server would spontaneously die and vommit a bunch of sql statements and sensitive data back to the user causing huge concern but I could never remotely replicate the behaviour - until 4 years later it happened to one of our support staff and I could pull out their network & session info.

Turns out years back when the server was first setup each domain was added as an individual "Site" on IIS but shared the same root directory and hence the same session path. It would have remained unnoticed if we had not grown but as our traffic increased ever so often 2 users of different sites would end up sharing a session id causing the server to promptly implode on itself.

#3 - Most elegant fix

Same bastard IIS server as #2. Codebase was the most unsecure unstable travesty I've ever worked with - sql injection vuns in EVERY URL, sql statements stored in COOKIES... this thing was irreparably fucked up but had to stay online until it could be replaced. Basically every other day it got hit by bots ended up sending bluepill spam or mining shitcoin and I would simply delete the instance and recreate it in a semi un-compromised state which was an acceptable solution for the business for uptime... until we we're DDOS'ed for 5 days straight.

My hands were tied and there was no way to mitigate it except for stopping individual sites as they came under attack and starting them after it subsided... (for some reason they seemed to be targeting by domain instead of ip). After 3 days of doing this manually I was given the go ahead to use any resources necessary to make it stop and especially since it was IIS6 I had no fucking clue where to start.

So I stuck to what I knew and deployed a $5 vm running an Nginx reverse proxy with heavy caching and rate limiting linked to a custom fail2ban plugin in in front of the insecure server. The attacks died instantly, the server sped up 10x and was never compromised by bots again (presumably since they got back a linux user agent). To this day I marvel at this miracle $5 fix.

Assigned to a new project team..

Using git, in a creative way. So.. "master" is "dev" branch, usually. Everyone can push their branch to dev server .. so it's "dynamic for us". Production branch is whatever, as long as the branch has the release version. Sometimes, the release comes from "master".. that mean "dev" in normal geek..

That's just Git. The source code is a saturated spagetti of Entity framework and Caliburn. It is littered with antipatterns, especially basebean. Holy Christmas and Easter that baseclass do a lot of stuff that has no place as a base class ..

Fucking frameworks, I'm gonna start to evangelize frameworks as the no1 antipattern.

MS SQL as the main DB, but is dumped to json FILES through a scheduled task to increase read performance on web.

There is a soap endpoint to expose the json files, fml..

I am assuming I was placed here to improve stuff, I have never in my life seen anything like this before.

There is a special place in hell for this repository

When people say SQL, when they really mean MS SQL Server.

Guys guys guys. Conversation had right just now. A PM from the company I’m freelancing for just said

“We need to move away from SQL server and shift all the data to MongoDB. I don’t want it to take more than a month tops”

Verbatim. No context. Nothing. The website is for a small time supply chain software that’s been chugging along for a decade now with spaghetti code everywhere.

How do I even respond? The other guy who works with me sent 😂😂😂 to me privately and now is offline lol wtf

Just installed Visual Studio and Sql Server for a project on a Windows VM. Thought I'd feel comfortable as I started proper development in .NET.

I fucking hate Visual Studio and SQL Server now. The whole setup, Windows, VS, everything just feels horrible, slow, and takes ages to set up to the point you can use it.

> IHateForALiving: I have added markdown on the client! Now the sys admin can use markdown and it's going to be rendered as HTML
> Team leader: ok, I've seen you also included some pics of the tests you made. It's nice, there's no XSS vulnerabilities, now I want you to make sure you didn't introduce any SQL injection too. Post the results of the tests in the tickets, for everybody to see.

I've been trying to extract from him for 15 minutes how sending a text through a markdown renderer on the client is supposed to create a SQL injection on the server, I've been trying to extract from him how showing all of this to the world would improve our reputation.
I miserably failed, I don't know how the fuck am I supposed to test this thing and if I a colleague wasted time to make sure some client-side rendering didn't create a SQL injection I'd make sure to point and laugh at them every time they open their mouth.

Haha..

Currently, I am going through a legacy application built in microsoft access back in 90s.

* No Comments
* No Relationships between tables
* Random code that does nothing
* Weird form layouts
* Weird naming conventions

I need to copy this functionality into modern version using SQL Server Management studio and asp.net core, I also need to kill myself because none of this fucking shit fucking fuck makes sense.

I do my best to write clean and concise code along with comments but after this ordeal I am going to up my game because nobody should need to suffer through spaghetti code and stupid logic that is uncommented.

😶

Time to rant about JavaScript tutorials.

If you don't know the 'jQuery basic arithmetic' joke, Google it now. It'll make you laugh, promised.

In that manner i just remembered a JavaScript tutorial my fiancee tried to follow when she did an internship at the company i work for last year.

She was tasked to create a temperature interface for our server rack, which she wanted to do via an Arduino and a webserver aswell as an SQL database.

The Arduino part wasn't really a problem, but since she had no experience with js she very closely clinged to a chart visualisation tutorial.

All of that worked very well, but beeing the person i am i looked at the code and found something off.

The chart library had no dependencies to external libraries or any local files for any of them. Though the tutorial used a jQuery import.

So why did it use jQuery?
Well...
To load the chart initialization after the page has loaded.

So they pulled the entirety of jQuery in just to do what fucking window.addEventListener('DOMContentLoaded',function(){...}); could have done.

I wonder how many people who just want something to work did this shit. I hate it that so many tutorials do not adhere any kinds of standards, override behavior because they don't like it, even though it may have a very good reason to exist, pull entire libraries in for something vanilla <language> can do in 3 lines, etc.

Fuck.

Worst one I’ve seen so far is when I was working for my previous community another developer joined to help me, without the permission of me or the other lead developer he pushed a client-side update. We didn’t think it was a big deal, but once we began reviewing the code it became a big deal... he had placed our SQL credentials into that file that every client downloads. All the person had to do was open the file and could connect to our SQL which contained 50k+ players info, primarily all in-game stuff except IPs which we want to protect at all costs.

Issue becomes, what he was trying to do required the games local database on the client-side, but instead he tried connecting to it as an external database so he decided to copy server-side code and used on the client.

Anyways, the database had a firewall that blocked all connections except the server and the other lead dev and myself. We managed to change the credentials and pull the file away before any harm was done to it, about 300 people had downloaded the file within an hours period, but nothing happened luckily. IP to the DB, username, password, etc, were all changed just to keep it protected.

So far this is the worst, hopefully it doesn’t get worse than this :/

update of after i got fired: after the fuck developers company llc was left with no developers, there was a girl there that i didn't mention earlier because as i said: the story is more complex. she came there with good intentions but after she knew the cruel nature of fuck and shit she became notoriously mad, we're still in contact with her so it's nice to hear from her some of the gags that happen there, one of which my really intelligent ex-boss the wordpress DEVELOPER himself told her to finish one of the projects i was working on, and a friend of mine who is infamous of his coding shenanigans left it in my hands before he left as well a couple of months prior (well he was fed up before us, and when i told him to stay with us he said "dude just listen to the motherfucker's voice, i can't do this anymore", my lovely ex-boss has this equally lovely screechy high pitched voice that caused me tinnitus), it's an asp.net project, uses web forms, and a lot of apis, the database is sql server, standard shit but there's no original creation script and i fucked up the only existing database which was in a local computer he used to like calling a SERVER, now to the point: this girl is not a developer, she was however working as a reporter?? kind of like jaspersoft the human or sap crystal woman and she claims that she's pretty good at it, and she's a genuinely good person who was dragged to hell just because she wanted to be close to her daddy (she was working in a different city with more than double the salary she's given now), but she's rich and her dada convinced her to come. she's currently learning java ee on her own so she'd probably leave in the next two months, in her resume she wrote that she know php, well i know php you know php we all know php (the syntax) kind of like mr. shit who passed the sololearn php CERTIFICATE and couldn't stop telling his boss and his boss a.k.a my ex-boss goes "sweet!". going back to the punchline of this rant: she told us that he came to her and asked her to finish the project with php.

Today I come across something interresting in SQL Server.

I was optimizing a report query and in the SSMS windows runned in 10 seconds for 3000 rows.

Put it to a stored procedure took me 5 minutes for getting 100 rows.

I was like WTF?

After some research I found out that the problem was that I was using the Stored Procedure parameters in the query.

Created local variables for the parameters and poof... 10 seconds again.

So if you are creating Stored Procedures in SQL Server DO NOT USE THE PARAMETERS FROM THE PROCEDURE. CREATE LOCAL VARIABLES.

Achievment unlocked : first time database delete clause where fuckup on a live database.

...and I just deleted 2 tables of client data 😮😭😭😭 😑

I messed up carelessly in production. Learnt how SQL queries bite you in the ass when it knows you are under pressure.

Was hosting an online quiz kinda thing during my college techfest. Tens of thousands of people participating.

Using MySQL as database and thousands of queries were being executed. Everyone were pretty excited as the event just opened up.

None of the teams could solve one particular level. Turns out the solution was wrong and was asked by the organisers to change the solution for that particular level. Usual stuff, right?

Was too lazy to open up the web UI for the back office and so, straight ahead logged in to the MySQL server and ran the UPDATE query on the table consisting of the solutions.

It had been a couple of hours and the organisers came to me with a weird problem. There were no changes in the scoreboard for the last two hours. Everyone were stuck wherever they were. Weird, right?

I then realized.

Fk.

In that dreaded query, I had only run

UPDATE 'qa' SET answer = 'something'

leaving out the where clause, specifying the question to update, like

WHERE qno=13

As a result, solutions to all the questions were updated to the same answer. After hastily fixing everything back, I had the dreaded conversation.

Org: What was the problem?

Me: It was the cache.

Org: Damn thing. Always messes up.

Me: *sheepishly* yeah

Probably the most embarrassing moment in my life, wrt coding 😑

Have you heard about the Embrace, Expand and Extinguish idealogy? lets think about it:

Javascript 5 (embrace) -> Typescript and Class syntax to Javascript 6 (extend) -> JS (extinguish) with WebASM.

Atom/Electron (embrace) -> Atom fork named "VSCode" (extend) -> Atom (extinguish) as it was developbed by Github company.

NodeJS (embrace) -> incompatible Node Windows fork with IE/Edge JS engine "Chakra" (extend) -> NodeJS (extinguish soon) with chaos of Typescript, Javascript 6 and Github.

"R" lang (embrace) -> incompatible SQL Server 2016 R lang extension (extend) -> R lang (extinguish soon).

Android -> CyanogenMod (embrace) -> CyanogenMod (extinguish) as M$ "sponsored" Cyanogen Inc to destroy CyanogenMod

Linux (prejudge) -> sponsors RedHat, Debian, SuSE, Alpine and Canonical/Ubuntu (embrace), forces unstable backdoored "systemd" -> Linux (extinguish soon)
Reusing the last image I did because I didnt wanted to make more OC stuff cos the few ++ gained arent worth it

Did some updates to an older Web Forms website built by a previous SENIOR developer who is a notoriously horrible developer.

Now before I start, you have to understand this guy studied at a University and had been working for at least two years before I even started working. He is supposed to know the basic shit mentioned below.

This also happened a couple of days ago, so I have calmed down since then so I apologise for the relaxed tone. My next rant will contain a lot more swearing.

This fucking guy did the stupidest shit imaginable.

On the details view of a post|page|article|product|anything that would require a details view this jackass would load the data from the DB.

Using an OleDbConnection, OleDbDataAdapter, DataTable and the poorest writter fucking sql statements you have ever seen. All of these declared in the Page_Load method.

There was literally no reason for him to use OleDb instead of Sql, but he simply did not know any better.

He especially liked: "select * from tbl where id = " & Request("T") & ""

ZERO fucking checks to see if the value is even passed or valid, nothing. He did not even check whether the DataTable had any rows.

He then proceeded to use only the Heading column of the returned row to change the page's title.

Stupidly I assumed the aspx page will be in a better state. Fuck NO!

This fucktard went, added server tags to the opening of the asp:Content tag, copied that shit he used to fetch the data and pasted it between the server tags.

He did not know how to access the DataTable mentioned above from the aspx page!

He did this on every fucking project he worked on. Any place that required <%= %> to display data instead of using asp server controls, this cunt copied whatever was written in the code behind and pasted everything between server tags.

Fuck I could go on forever, but I think this is enough for my first rant.

Is it weird to use Microsoft SQL on a linux server? Feels bad installing this thing.

You know you're in the wronk place, when the prod sql table have 473 columns, 0 index, 0 keys and the frontend is made in ms access. And the only possible way to connect to the (virtualized server) database is through citrix...

I hired 2 fresh out of school junior devs to work with me on my old web app.
They were brilliant, knew a lot of things, and were motivated.
They started complaining about how the code was shit, the db was shit, there were no best practices, the technology was old, bug fixing was boring, no comments in code.

I felt bad, very bad during 3 years, because they were absolutely right. I tried to work with them through better coding practices, rewriting, documenting etc.

Now they both have left.
I'm alone maintaining and evolving the application.
And I start to come across the code THEY developed.

What a bunch of shit. SQL queries bringing down the server. Duplicate code, because they didn't want even read the old one. Useless comments.
Performance killing functions. Exceptions swallowed without mercy. I have to clean up they poop.

I feel somewhat better, though. The application is still growing and holding the ground after many years and generating at least 800K$ per year in revenues.

Maybe better, but sad. I really wanted to share the project with somebody else but I failed, and I'm left alone....

Best code performance incr. I made?

Many, many years ago our scaling strategy was to throw hardware at performance problems. Hardware consisted of dedicated web server and backing SQL server box, so each site instance had two servers (and data replication processes in place)

Two servers turned into 4, 4 to 8, 8 to around 16 (don't remember exactly what we ended up with). With Window's server and SQL Server licenses getting into the hundreds of thousands of dollars, the 'powers-that-be' were becoming very concerned with our IT budget. With our IT-VP and other web mgrs being hardware-centric, they simply shrugged and told the company that's just the way it is.

Taking it upon myself, started looking into utilizing web services, caching data (Microsoft's Velocity at the time), and a service that returned product data, the bottleneck for most of the performance issues. Description, price, simple stuff. Testing the scaling with our dev environment, single web server and single backing sql server, the service was able to handle 10x the traffic with much better performance.

Since the majority of the IT mgmt were hardware centric, they blew off the results saying my tests were contrived and my solution wouldn't work in 'the real world'. Not 100% wrong, I had no idea what would happen when real traffic would hit the site.

With our other hardware guys concerned the web hardware budget was tearing into everything else, they helped convince the 'powers-that-be' to give my idea a shot.

Fast forward a couple of months (lots of web code changes), early one morning we started slowly turning on the new framework (3 load balanced web service servers, 3 web servers, one sql server). 5 minutes...no issues, 10 minutes...no issues,an hour...everything is looking great. Then (A is a network admin)...
A: "Umm...guys...hardly any of the other web servers are being hit. The new servers are handling almost 100% of the traffic."
VP: "That can't be right. Something must be wrong with the load balancers. Rollback!"
A:"No, everything is fine. Load balancer is working and the performance spikes are coming from the old servers, not the new ones. Wow!, this is awesome!"
<Web manager 'Stacey'>
Stacey: "We probably still need to rollback. We'll need to do a full analysis to why the performance improved and apply it the current hardware setup."
A: "Page load times are now under 100 milliseconds from almost 3 seconds. Lets not rollback and see what happens."
Stacey:"I don't know, customers aren't used to such fast load times. They'll think something is wrong and go to a competitor. Rollback."
VP: "Agreed. We don't why this so fast. We'll need to replicate what is going on to the current architecture. Good try guys."
<later that day>
VP: "We've received hundreds of emails complementing us on the web site performance this morning and upset that the site suddenly slowed down again. CEO got wind of these emails and instructed us to move forward with the new framework."

After full implementation, we were able to scale back to only a few web servers and a single sql server, saving an initial $300,000 and a potential future savings of over $500,000. Budget analysis considering other factors, over the next 7 years, this would save the company over a million dollars.

At the semi-annual company wide meeting, our VP made a speech.

VP: "I'd like to thank everyone for this hard fought journey to get our web site up to industry standards for the benefit of our customers and stakeholders. Most of all, I'd like to thank Stacey for all her effort in designing and implementation of the scaling solution. Great job Stacy!"
<hands her a blank white envelope, hmmm...wonder what was in it?>

A few devs who sat in front of me turn around, network guys to the right, all look at me with puzzled looks with one mouth-ing "WTF?"

The IT guy at client made a spaghetti code website to replace their time entry software. I come in to “finish it up in a week to two” (just me). I start by removing 1200+ lines of convoluted data access code that doesn’t work, SQL injection prone too. I quickly gave up and started from scratch; just copyied some of his actually decent HTML.

Friday, he proceeded to try to install node on the server and run main.JS. Now he’s all concerned my repo is too complex because he can’t deploy a static website 🙁

He didn’t ask me how it gets deployed nor did he listen when I said “node is NOT THE BACKEND we have .NET core for that”.🤦‍♂️

I’m gonna spend a week writing documentation at 5th grade level and hand holding him so he understands how this code works because he’s going to be the one maintaining it.

I hate SQL Server so much, don't matter how Microsoft say they improve themselves at SQL Server.

There's a lot of fucking bloat, messes your system and your services, adds tons of crap in your system registry, while more advanced SQL engines such MariaDB/PostgreSQL are more contained, and its very small.

Why SQL Server has to mess with Windows' ACL and his own privilege systems?.

Uninstall it and a lot of components remain hidden and tons of registry entries, not even TotalUninstaller or CCleaner can help.

I hate it since my technical high school and my goddamn college is forcing us to use SQL Sever for EVERYTHING, instead of good alternatives, messed my computer entirely requiring to format.

I try always to convince my freelance clients to use open-source alternatives, and say how SQL Server is so crap, (i had variant degrees of success).

Most ignorant ask from a PM or client?

Migrated to SharePoint 2016 which included Reporting Services, and trying to fix a bug in the reporting services scheduler, I created a report (aka, copied an existing one) 'A Klingon Walks Into a Bar', so it would first in the list and distinct enough so the QA testers would (hopefully) leave it alone.

The PM for the project calls me.
PM: "What is this Klingon report? It looks like a copy of the daily inventory report"
Me: "It is. The reporting service job keeps crashing on certain reports that have daily execution schedules."
PM: "I need you to delete it"
Me: "What? Why? The report is on the dev sharepoint site. I named the report so it was unique and be at the top of the list so I can find it easily."
PM: "The name doesn't conform to our standards and it's confusing the testers."
Me: "The testers? You mean Dan, you, and Heather?"
PM: "Yes, smartass. Can you name the report something like daily inventory report 2, or something else?"
Me: "I could, but since this is in development, no. You've already proofed out the upgrade. You're waiting on me to fix this sharepoint bug. Why do you care what I do on this server? It's going away after the upgrade."
PM: "Yea, about that. We like having the server. It gives us a place to test reports. Would really appreciate it if you would rename or delete that report."
Me: "A test sharepoint reporting services server out of scope, so no, we're not keeping it."
PM: "Having a server just for us would be nice."
Me: "$10,000 nice? We're kinda fudging on the licensing now. If we're keeping it, we will be required to be in compliance. That's a server license, sharepoint license, sql server license, and the dedicated hardware. We talked about that, remember?"
PM: "Why is keeping that report so important to you? I don't want to explain to a VP what a Klingon is."
Me: "I'm not keeping the report or moving it to production. When I figure out the problem, I'll delete the report. OK?"
PM: "I would prefer you delete the report before a VP sees it."
Me: "Why would a VP be looking? They probably have better things to do."
PM: "Jeff wants to see our progress, I'll have to him the site, and he'll see the report."
Me: "OK? You tell Jeff it's a report I'm working on, I'll explain what a Klingon is, Jeff will call me a nerd, and we all move on."
PM: "I'm not comfortable with this upgrade."
Me: "What does that mean?"
PM: "I asked for something simple and I can't be responsible for the consequences. I'll be documenting this situation as a 'no-go' for deployment"
Me: "Oookaayyy?"

I figured out the bug, deleted the 'Klingon' report, and the PM couldn't do anything to delay the deployment.

.Net is masterrace.
C# gives me frequent orgasms.
Use SQL Server for DB, add to that parallel querying and NoSQL capabilities.
Incredible development speed with EF
Incredebly powerful web framework...check
AI and neural networks...check
App Development...Xeck

If you want to do some of that functional programming F# is the language for you.

And the best thing: .Net core runs on Linux too

Nothing like a SQL Script failing and fucking up an important Database right before my christmas vacation...

Taking a database class, prof insists on using Microsoft Sql server 2014. "Okay cool" said the Microsoft surface fan boy inside me as I installed it. "Holy shit this is using 6 fucking GBs?? Eh it's okay I trust" again said my Microsoft fanboy self. Finished installing, makes queries and it works. Cool.

Go to run Sql server again next day and get an error (nothing displayed, just a box pop up and then a crash) I use some Google skills. Change a bunch of shit and still it persists. "Just uninstall it and reinstall again" says my prof. I do so except random errors during installation saying Sql already exists even though I just uninstalled it. "Maybe it's some registry keys messing with it!" do some digging, remove unneeded registry keys and try again. Installation finished but a whack of features say failed to install.

I sit and try to work this shit out for the next four hours (not paying attention to my class) and still can't get Sql to completely uninstall itself. I try iobit uninstaller, command line uninstalling, fucking everything but still not working. Slowly my fanboy side is wishing that the windows symbol on the back of my machine was an apple.

I ended up having to backup all my files and reinstalling windows to get it working properly. Holy sweet fuck. The worst part is when this class is done ill probably need to reinstall yet again to save the 6gb it's sucking up. So if you're not sure whether you need something as heavy as Microsoft Sql server or not for your application, don't use it! It's a fucking virus that is super difficult to remove.

Tldr: life long Microsoft fanboy becomes apple convert in a day of using Microsoft Sql server.

declare @username varchar(255)
if @username is null
set @username = suser_name()

.........

WHAT DID YOU EXPECT @USERNAME TO BE RIGHT AFTER YOU DECLARED IT???

I try and try and try to teach my coworker critical thinking skills, proper programming techniques, and standard git etiquette. Then I add 4 booleans to solve one problem, use strings instead of ints to find unique SQL Server entities, and push right to the development branch.

I am a real asshole, but at least I am not fake.

I had spent the last year working on a online store power by woocommerce with over 100k products from various suppliers. This online store utilized a custom API that would take the various formats that suppliers offer their inventory in and made them consistent. Now everything was going swimmingly initially, but then I began adding more and more products using a plug-in called WP all import. I reached around 100k products and the site would take up to an entire minute to load sometimes timing out. I got desperate so I installed several caching plugins, but to no avail this did not help me. The site was originally only supposed to take three to four months but ended up taking an entire year. Then, just yesterday I found out what went wrong and why this woocommerce website with all of these optimizations was still taking anywhere from 60 to 90 seconds to load, or just timing out entirely. I had initially thought that I needed a beefier server so I moved it to a high CPU digitalocean VM. While this did help a little bit, the site was still very slow and now I had very high CPU usage RAM usage and high disk IO. I was seriously stumped the Apache process was using a high amount of CPU and IO along with MYSQL as well. It wasn't until I started digging deeper into the database that I actually found out what the issue was. As I was loading the site I would run 'show process list' in the SQL terminal, I began to notice a very significant load time for one of the tables, so I went to go and check it out. What I did was I ran a select all query on that particular table just to see how full it was and SQL returned a error saying that I had exceeded the maximum packet size. So I was like okay what the fuck...
So I exited my SQL and re-entered it this time with a higher packet size. I ran a query that would count how many rows were in this particular table and the number came out to being in the millions. I was surprised, and what's worse is that this table belong to a plugin that I had attempted to use early in the development process to cache the site. The plugin was deactivated but apparently it had left PHP files within the wp content directory outside of the actual plugin directory, so it's still executing scripts even though the plugin itself was disabled. Basically every time I would change anything on the site, it would recache the whole thing, and it didn't delete any old records. So 100k+ products caching on saves with no garbage collection... You do the math, it's gonna be a heavy ass database. Not only that but it was serialized data, so when it did pull this metric shit ton of spaghetti from the database, PHP then had to deserialize it. Hence the high ass CPU load. I had caching enabled on the MySQL end of things so that ate the ram. I was really desperate to get this thing running.
Honest to God the main reason why this website took so long was because the load times made it miserable to work on. I just thought that the hardware that I had the site on was inadequate. I had initially started the development on a small Linux VM which apparently wasn't enough, which is why I moved it to digitalocean which also seemed to not be enough, so from there I moved to a dedicated server which still didn't seem to be enough. I was probably a few more 60-second wait times or timeouts from recommending a server cluster to my client who I know would not be willing to purchase it. The client who I promised this site to have completed in 3 months and has waited a year. Seriously, I would tell people the struggles that I would go through with this particular site and they would just tell me to just drop the site; just take the money, just take the loss. I refused to, this was really the only thing that was kicking my ass. I present myself as this high-and-mighty developer like I'm just really good at what I do but then I have this WordPress site that's just beating the shit out of me for a year. It was a very big learning experience and it was also very humbling as well, it made me realize that I really don't know as much as I think I might. It was evidence that there is still so much more to learn out there, I did learn a lot from that experience especially about optimizing websites the different types of methods to do that particular lonely on the server side and I'll be able to utilize this knowledge in the future.
I guess the moral of the story is, never really give up. Ultimately things might get so bad that you're running on hopes and dreams. Those experiences are generally the most humbling. Now I can finally present the site that I am basically a year late on to the client who will be so happy that I did not give up on the project entirely. I'll have experienced this feeling of pure euphoria, and help the small business significantly grow their revenue. Helping others is very fulfilling for me, even at my own expense.

Anyways, gonna stop ranting. Running out of characters. If you're still here... Ty for reading :')

Got a job as a database manager, they wanted me to update their sql server and some of their .net apps. Turns out their sql server had no databases and all their data was stored in an ms access 2003 applications that was using windows for workgroups security!!! It also had no interface, hundreds of tables and queries and there were multiple access db it was connected to. To make things worse the person who built all this stuff used acronyms for everything he did, table names, variables, queries and even bloody window folders!!! It was hard as hell to figure out what anything ment. Oh and the .net apps were asp sites that heavily used dll for storing his code and no one knows where the original source code for them are. Did I also mention there were no comments for any of the code, no database dictionary, no notes or anything.

So apparently I'll be rebuilding everything from scratch and transferring over the data to sql server. AND NO MORE F**KING ACRONYMS!!!!!!!

Writing sql queries on production server makes me nervous.

Just saw a role advertised for a front end developer. Skills required amongst other things·
· Integrating with middle-tier microservices such as NodeJS

· .NET Core (2.1+), C# 7.0+ and JAVA

· SQL Server, T-SQL, MySQL

· Azure Dev-ops

There are other standard and expected front end requirements but want someone with 4+ years experience

Salary £19,000 - less than two thirds of the national average salary for non UK folks.

Applications: 0

Hmm I wonder why

You know that you're working too long with SQL Server when you enter your password somewhere and press F5

I taught an intro to programming class today, brought back memories of highschool...

I remember when I started my first IT class in grade 10, it was a 50/50 split between IT theory amd programming. Choices were java or delphi...I made the uninformed choice to do java (thank goodness) and really enjoyed it. For some reason the logic and OOP concepts really made sense to me and i was well ahead of the class. I was always top 5 for maths/physics/chem and english literature but never enjoyed them for a second. On the other hand programming was something i could do for hours and still enjoy. In my final year we had to do a project, most of my class was still struggling with very simple for loops and jframes. The projects were terrible drag and drop NetBeans UIs that would convert meters to feet.

I remember being upset with the quality and ended up writing an entire client/server chat system with file sharing, voice notes, voice streaming, server admin controls, usernames and passwords (plaintext sql of course 😂), admins/mods/guests etc...

Got 100% and a personal recognition from the headmaster...found out yesterday the staff at the college have actually been using it since the time I left.

I don't know why i typed this whole story, something about teaching the kids where i was myself made me feel warm and fuzzy inside

Yes, we use DATETIME to store a DATE without TIME.

Had an internet/network outage and the web site started logging thousands of errors and I see they purposely created a custom exception class just to avoid/get around our standard logging+data gathering (on SqlExceptions, we gather+log all the necessary details to Splunk so our DBAs can troubleshoot the problem).

If we didn't already know what the problem was, WTF would anyone do with 'There was a SQL exception, Query'? OK, what was the exception? A timeout? A syntax error? Value out of range? What was the target server? Which database? Our web developers live in a different world. I don't understand em.

Not really a bug so much as ridiculously poor practice, about 15 years ago I was working for a car park company on their booking engine. In the sql server dB, there was a table called CreditCard, easy to guess what was in there!

I JUST HAD ONE OF THOSE DAYS THAT MAKES ONE WANT TO BANG TWO BRICKS ON HEAD SND END THE PAIN THE STORY STARTS YESTETDAY WITH ISSUES AFTER A MIGRSTION AND THEY ASK ME TO HELP TROUBLESHOOT EVEN THOUGH I'M A DEV DBA AND THE ISSUE IS IN QA/SAT AND I HELP ANYWAY AND THEY CAN'T FIND A VIEW AND SO I LOOK EVERYWHERE AND CAN'T DOING IT EITHER AND IT DIDN'T EXIST IN PROD OR DEV SO I TELL THEM IT'S NOT THERE, AND THEY ARE LIKE, CAN YOU RETRIEVE IT FOR US AND I'M LIKE FROM WHERE? I DON'T KEEP VIEWS IN MY BUTT AND YOU GUYS ARE SMOKING CRACK AND THE GIVE ME THEIR QUERY WHICH CONTAIN THE VIEE ANYWAY AND THEY SAY CAN YOU RUN IT AND IT RUNS AND WORKS AND THEY CAN'T MAKE IT WORK AND IT WORKS BECAUSE IT DOESN'T CALL THE VIEW THEY HAVE ME SO NO PROBLEM THERE SO I FINALLY ASK THEM ARE YOU POINTING TO THE CORRECT DATABASE AND THEY'RE LIKE OH MAN WE TOLD YOU THE WRONG DATABASE AND SO I LOOK AT THE RIGHT DATABASE AND FIND THAT THE GRANTS ARE MISSING AND YEAH THANK YOU FOR TAKING EIGHT HOURS OF MY LIFE BECAUSE WE WERE IN THE WRONG DB YOU GAVE ME AND I HOPE THE FLAG OF A THOUSAND CAMELS INVEST YOUR ARMPITS AND THE CHIGGERS OF A THOUSAND SOUTHERN LAWNS INGEST YOUR SOCKS AND UNDERWEAR. YAAAAAA!!!!

rant & question

Last year I had to collaborate to a project written by an old man; let's call him Bob. Bob started working in the punch cards era, he worked as a sysadmin for ages and now he is being "recycled" as a web developer. He will retire in 2 years.

The boss (that is not a programmer) loves Bob and trusts him on everything he says.

Here my problems with Bob and his code:
- he refuses learning git (or any other kind of version control system);
- he knows only procedural PHP (not OO);
- he mixes the presentation layer with business logic;
- he writes layout using tables;
- he uses deprecated HTML tags;
- he uses a random indentation;
- most of the code is vulnerable to SQL injection;
- and, of course, there are no tests.
- Ah, yes, he develops directly on the server, through a SSH connection, using vi without syntax highlighting.

In the beginning I tried to be nice, pointing out just the vulnerabilities and insisting on using git, but he ignored all my suggestions.

So, since I would have managed the production server, I decided to cheat: I completely rewrote the whole application, keeping the same UI, and I said the boss that I created a little fork in order to adapt the code to our infrastructure. He doesn't imagine that the 95% of the code is completely different from the original.

Now it's time to do some changes and another colleague is helping. She noticed what I did and said that I've been disrespectful in throwing away the old man clusterfuck, because in any case the code was working. Moreover he will retire in 2 years and I shouldn't force him to learn new things [tbh, he missed at least last 15 years of web development].

What would you have done in my place?

Today in development: discovered that it's possible via combination of keys to rename a database in SQL Server Management Studio without as much as a dialog box to confirm.

Shout out to the 2000ish users in production that discovered this delightful nugget of info with me.

Lessons learned:

A) Don't trust Microsoft to create software that makes you confirm potentially catastrophic actions

B) Make sure your user hasn't been granted ALTER DATABASE permissions without your knowledge before you start using it.

Who knew SQL Server Report Manager didn’t have a log off / sign out button when you log in via the web browser?

I didn’t until I tried to test someone’s new credentials and realised I couldn’t log out of my administrator account. MS doesn’t ship it in the box apparently. Because that’s clearly not a useful piece of functionality to have. Except, some people have developed their own hacks to get around it......

Wtf.. mind blown

When you want only 10 rows of query result.
Mysql: Select top 10 * from foo.... 😁
Sql server: select top 10 * from foo.. 😁
PostgreSQL: select * from foo limit 10.. 😁

Oracle: select * from foo FETCH NEXT/FIRST 10 ROWS ONLY. 🌚

Oracle, are you trying to be more expressive/verbose because if that's the case then your understanding of verbosity is fucked up just like your understanding of clean-coding, user experience, open source, productivity...
Etc.

In our databases lesson, we are going to use Microsoft SQL Server throughout the year.

This shit's setup fails at random, doesn't even start (empty error box??????) on some machines, and when it, uh, works, kinda, it's a convoluted mess.

Help.

!rant

I've had a personal project (commercial idea) I've been meaning to get started on for a while, and today I started...

Kudos to the team at Microsoft, they've really gotten .net core and asp.net core to a fantastic place.

And the team at JetBrains have done an amazing job on Rider.

I've been able to get a docker container running SQL Server on linux, as well as Web API projects for an API and an identity server all running with local HTTPS and communicating quite happily, with barely an issue in sight.

Bodes well for the future I hope.

Now I just have to commit to the project and actually finish it 😂

Was running low on ssd space, so I decided to have a thorough look at what was occupying all of it. First I found out that I had about 5 gigs (!) of leftovers from microsoft sql server which I unfortunately had to use once (thanks microsoft for your shit uninstallers). Then I found I still had a .gradle folder (uninstalled a while ago, maven ftw) with another 5 gigs of cache. That should give me some room to breathe.

SQL Server - ISNUMERIC(',') returns 1. A COMMA IS NOT NUMERIC!!

Getting real tired of having to reteach the basics of relational databases to the same 2 people. You were brought in as the expert in databases and SQL Server, I shouldn’t have to teach you about effing primary keys, secondary keys, many-to-many relationships, and how to join the damn tables in a basic query. Your 5 years of experience are obviously a waste if all you did was select * from bullshit. This is the 2nd week and 22nd you’ve asked the same damn questions. Get your crap together and study your ass off if you don’t know. Google the error messages if you don’t remember how to solve it before coming to me with the same question a 23rd and 24th time. I’m not going to get any work done if all you do is ninja up behind me with your laptop in tow and just spout off the question that could be done over IM or a quick duckduckgo/google search. Headphones in = do not disturb ya rude mother duckers 🦆.