Some guy my girlfriend knows, heard I'm a software developer. He had this 'great' idea on how he wanted to start a new revolutionary way of paying on the internet. He wanted to create a service like paypal but without having the hassle of logging in first and going through a transaction. He wanted a literal "buy now" button on every major webshop on the internet. When I asked him how he thought that would work legally and security wise, he became a bit defensive and implied that since I'm the tech guy I should work out that kind of stuff. When the software was ready, he would have clients lined up for the service and his work would start.

I politely declined this great opportunity

Today I discovered that we have a CSV export button for an order transaction system, on a page which is completely disconnected from the rest of the website.

It is only being called by an internal server, used by our Data department.

They run selenium to click the button.

Then they import the CSV into a database.

That database is accessed by an admin panel.

That admin panel has an excel export button.

Which is clicked by our CFO. But he got bored of clicking, so he uses IFTTT to schedule a download of the XLS and import it in Google Sheets.

That sheet uses a Salesforce data connector.

Marketing then sends email campaigns based on that Salesforce data...

😒

Fucking Axis Bank ATM

Card swipe
--> Slow GIF
--> Select your transaction
--> Slow GIF
--> Select your account type
--> Slow GIF
--> Enter your amount
--> Slow GIF
--> Enter your pin
--> Slow GIF
--> Slow GIF
--> Slow GIF
--> Unable to dispense money

I was messaged on LinkedIn by a recruiter while I was in the UK for my honeymoon. When we got back home to Colorado I called him back and everything went well enough that a tech screen call was set up between four or five guys on the team, and me.

I was expecting to be grilled about various Linux, networking, video transcoding, database, and transaction handling questions and problems, as that was the bulk of the job's description. But instead they just gushed that they'd used software I'd written at previous jobs and loved it.

It was very friendly and they never challenged me (not being arrogant here-- they literally never tested me) and we wound up just talking about, "the job," and about how the work sucked without the tools and apps I'd written.

I got an offer for $30k more than what I asked, the next day.

CHILD: But how can Santa deliver toys to every little boy and girl on his list in one night?
MEH: (laughs) It's quite simple. The items on Santa's list are called blocks, and each block in his "blockchain" typically contains a hash pointer, a timestamp, and transaction data...

So, some time ago, I was working for a complete puckered anus of a cosmetics company on their ecommerce product. Won't name names, but they're shitty and known for MLM. If you're clever, go you ;)

Anyways, over the course of years they brought in a competent firm to implement their service layer. I'd even worked with them in the past and it was designed to handle a frankly ridiculous-scale load. After they got the 1.0 released, the manager was replaced with some absolutely talentless, chauvinist cuntrag from a phone company that is well known for having 99% indian devs and not being able to heard now. He of course brought in his number two, worked on making life miserable and running everyone on the team off; inside of a year the entire team was ex-said-phone-company.

Watching the decay of this product was a sheer joy. They cratered the database numerous times during peak-load periods, caused $20M in redis-cluster cost overrun, ended up submitting hundreds of erroneous and duplicate orders, and mailed almost $40K worth of product to a random guy in outer mongolia who is , we can only hope, now enjoying his new life as an instagram influencer. They even terminally broke the automatic metadata, and hired THIRTY PEOPLE to sit there and do nothing but edit swagger. And it was still both wrong and unusable.

Over the course of two years, I ended up rewriting large portions of their infra surrounding the centralized service cancer to do things like, "implement security," as well as cut memory usage and runtimes down by quite literally 100x in the worst cases.

It was during this time I discovered a rather critical flaw. This is the story of what, how and how can you fucking even be that stupid. The issue relates to users and their reports and their ability to order.

I first found this issue looking at some erroneous data for a low value order and went, "There's no fucking way, they're fucking stupid, but this is borderline criminal." It was easy to miss, but someone in a top down reporting chain had submitted an order for someone else in a different org. Shouldn't be possible, but here was that order staring me in the face.

So I set to work seeing if we'd pwned ourselves as an org. I spend a few hours poring over logs from the log service and dynatrace trying to recreate what happened. I first tested to see if I could get a user, not something that was usually done because auth identity was pervasive. I discover the users are INCREMENTAL int values they used for ids in the database when requesting from the API, so naturally I have a full list of users and their title and relative position, as well as reports and descendants in about 10 minutes.

I try the happy path of setting values for random, known payment methods and org structures similar to the impossible order, and submitting as a normal user, no dice. Several more tries and I'm confident this isn't the vector.

Exhausting that option, I look at the protocol for a type of order in the system that allowed higher level people to impersonate people below them and use their own payment info for descendant report orders. I see that all of the data for this transaction is stored in a cookie. Few tests later, I discover the UI has no forgery checks, hashing, etc, and just fucking trusts whatever is present in that cookie.

An hour of tweaking later, I'm impersonating a director as a bottom rung employee. Score. So I fill a cart with a bunch of test items and proceed to checkout. There, in all its glory are the director's payment options. I select one and am presented with:

"please reenter card number to validate."

Bupkiss. Dead end.

OR SO YOU WOULD THINK.

One unimportant detail I noticed during my log investigations that the shit slinging GUI monkeys who butchered the system didn't was, on a failed attempt to submit payment in the DB, the logs were filled with messages like:

"Failed to submit order for [userid] with credit card id [id], number [FULL CREDIT CARD NUMBER]"

One submit click later and the user's credit card number drops into lnav like a gatcha prize. I dutifully rerun the checkout and got an email send notification in the logs for successful transfer to fulfillment. Order placed. Some continued experimentation later and the truth is evident:

With an authenticated user or any privilege, you could place any order, as anyone, using anyon's payment methods and have it sent anywhere.

So naturally, I pack the crucifixion-worthy body of evidence up and walk it into the IT director's office. I show him the defect, and he turns sheet fucking white. He knows there's no recovering from it, and there's no way his shitstick service team can handle fixing it. Somewhere in his tiny little grinchly manager's heart he knew they'd caused it, and he was to blame for being a shit captain to the SS Failboat. He replies quietly, "You will never speak of this to anyone, fix this discretely." Straight up hitler's bunker meme rage.

> Root struggles with her ticket
> Boss struggles too
> Also: random thoughts about this job

I've been sick lately, and it's the kind of sick where I'm exhausted all day, every day (infuriatingly, except at night). While tired, I can't think, so I can't really work, but I'm during my probationary period at work, so I've still been doing my best -- which, honestly, is pretty shit right now.

My current project involves legal agreements, and changing agent authorization methods (written, telephone recording, or letting the user click a link). Each of these, and depending on the type of transaction, requires a different legal agreement. And the logic and structure surrounding these is intricate and confusing to follow. I've been struggling through this and the project's ever-expanding scope for weeks, and specifically the agreements logic for the past few days. I've felt embarrassed and guilty for making so little progress, and that (and a bunch of other things) are making me depressed.

Today, I finally gave up and asked my boss for help. We had an hour and a half call where we worked through it together (at 6pm...). Despite having written quite a bit of the code and tests, he was often saying things like "How is this not working? This doesn't make any sense." So I don't feel quite so bad now.

I knew the code was complex and sprawling and unintuitive, but seeing one of its authors struggling too was really cathartic.

On an unrelated note, I asked the most senior dev (a Macintosh Lisa dev) why everything was using strings instead of symbols (in Rails) since symbols are much faster. That got him looking into the benchmarks, and he found that symbols are about twice as fast (for his minimal test, anyway), and he suggested we switch to those. His word is gold; mine is ignorable. kind of annoying. but anyway, he further went into optimizing the lookup of a giant array of strings, and discovered bsearch. (it's a divide-and-conquer lookup). and here I am wondering why they didn't implement it that way to begin with. 🙄

I don't think I'm learning much here, except how to work with a "mature" codebase. To take a page from @Rutee07, I think "mature" here means the same as in porn: not something you ever want ot see or think about.

I mean, I'm learning other things, too, like how to delegate methods from one model to another, but I have yet to see why you would want to. Every use of it I've explored thus far has just complicated things, like delegating methods on a child of a 1:n relation to the parent. Which child? How does that work? No bloody clue! but it does, somehow, after I copy/pasted a bunch of esoteric legacy bs and fussed with it enough.

I feel like once I get a good grasp of the various payment wrappers, verification/anti-fraud integration, and per-business fraud rules I'll have learned most of what they can offer. Specifically those because I had written a baby version of them at a previous job (Hell), and was trying to architect exactly what this company already has built.

I like a few things about this company. I like my boss. I like the remote work. I like the code reviews. I like the pay. I like the office and some socializing twice a year.

But I don't like the codebase. at all. and I don't have any friends here. My boss is friendly, but he's not a friend. I feel like my last boss (both bosses) were, or could have been if I was more social. But here? I feel alone. I'm assigned work, and my boss is friendly when talking about work, but that's all he's there for. Out of the two female devs I work with, one basically just ignores me, and the other only ever talks about work in ways I can barely understand, and she's a little pushy, and just... really irritating. The "senior" devs (in quotes because they're honestly not amazing) just don't have time, which i understand. but at the same time... i don't have *anyone* to talk to. It really sucks.

I'm not happy here.
I miss my last job.

But the reason I left that one is because this job allows me to move and work remotely. I got a counter-offer from them exactly matching my current job, sans the code reviews. but we haven't moved yet. and if I leave and go back there without having moved, it'll look like i just abandoned them. and that's the last thing I want them to think.

So, I'm stuck here for awhile.
not that it's a bad thing, but i'm feeling overwhelmed and stressed. and it's just not a good fit. but maybe I'll actually start learning things. and I suppose that's also why I took the job.

So, ever onward, I guess.
It would just be nice if I could take some of the happy along with me.

Short version:

Dear devRantdairy,
today I was stupid.

The End.

Full version:

I am working on some messaging system, trying to use less as possible overhead sending data. Therefore there of course are asynchronous calls and some templating. But that's just the setting of the rant: I designed an architecture to save conversations in a database. Working with transactions in pdo I wrote a query wich in my eyes should have worked well. But the result just didn't appear in the table. So I started debugging data. Recreated the table. Rewrote the query. Went to bed. Woke up. Further tryed to make this work. And in the end I realized I just forgot to commit the transaction.

How dumb can you be? There's way too much time gone for that mistake. Is there a hole? I want do dig myself.

Any code I make for clients is under a strict license unless specified otherwise. It's a straight forward license pretty much stating that they can't sell it or claim it as their own. I've had a few clients break that license but one stood out. I had made a piece of software that cost her over $2,500 due to the amount of hours that went into it. The transaction went along smoothly so there was nothing to be alarmed about. She came back for more work about 6 months later and I decided to do some checking up on her to see how her business was going. Immediately smack bang on the home page was my software being sold for $30/month. Needless to say I was outraged. She said there was no talk of a license which I responded with pulling out the contract that she signed where it explained that signing the contract meant she was in agreement with the specified license. 2 months after this started, I'm being awarded any profits made from said software along with her closing down the website. As much of a bitch as she was, it wasn't worth my time trying to get more out of her.

All bankers are fuckers, fuckin assholes.

I went to bank today.
Gave my card to swipe and he gave me the machine to enter my pin
I entered it
But then it wasn't the actual PIN
Transaction failed

He retried it, but now he didn't give me the machine to enter the PIN, he asked me (whaaat...)
I denied to reveal my PIN
He asked me again and again I still denied.
At last that asshole cancelled the transaction.
And told me to write the deposit slip
Why should I write the slip when I have the card.
Whats wrong with that guy
Why should I give my PIN to him

These assholes come to work at 10 and leave at 3 and their pride is at the peak. They live on our money and showing superiority on us.

I hate them.

For a week+ I've been listening to a senior dev ("Bob") continually make fun of another not-quite-a-senior dev ("Tom") over a performance bug in his code. "If he did it right the first time...", "Tom refuses to write tests...that's his problem", "I would have wrote the code correctly ..." all kinds of passive-aggressive put downs. Bob then brags how without him helping Tom, the application would have been a failure (really building himself up).
Bob is out of town and Tom asked me a question about logging performance data in his code. I look and see Bob has done nothing..nothing at all to help Tom. Tom wrote his own JSON and XML parser (data is coming from two different sources) and all kinds of IO stream plumbing code.
I use Visual Studio's feature create classes from JSON/XML, used the XML Serialzier and Newtonsoft.Json to handling the conversion plumbing.
With several hundred of lines gone (down to one line each for the XML/JSON-> object), I wrote unit tests around the business transaction, integration test for the service and database access. Maybe couple of hours worth of work.
I'm 100% sure Bob knew Tom was going in a bad direction (maybe even pushing him that direction), just to swoop in and "save the day" in front of Tom's manager at some future point in time.

This morning's standup ..
Boss: "You're helping Tom since Bob is on vacation? What are you helping with?"
Me: "I refactored the JSON and XML data access, wrote initial unit and integration tests. Tom will have to verify, but I believe any performance problem will now be isolated to the database integration. The problem Bob was talking about on Monday is gone. I thought spending time helping Tom was better than making fun of him."
<couple seconds of silence>
Boss:"Yea...want to let you know, I really, really appreciate that."

Bob, put people first, everyone wins.

Going through Master Card API docs to see how to integrate it, saw that they have sample code, checked Java sample code and found this:

String data = MessageFormat.format(
"'{'\"apiOperation\":{0},"
+ "\"sourceOfFunds\":'{'\"type\":{1},\"provided\":'{'\"card\":'{'\"numbe\":{2},"
+ "\"expiry\":'{'\"month\":{3}, \"year\":{4}'}',\"securityCode\":{5}'}}}',"
+ "\"order\":'{'\"reference\":{6}'}',"
+ "\"transaction\":'{'\"amount\":{7},\"currency\":{8},\"reference\":{9},\"targetTransactionId\":{10}'}'," + "\"customer\":'{'\"ipAddress\":{11}'}}'",
apiOperation,
sourceOfFundsType,
cardNumber,
cardExpiryMonth,
cardExpiryYear,
cardSecurityCode,
orderReference,
transactionAmount,
transactionCurrency,
transactionReference,
targetTransactionId,
customerIpAddress );

FOR FUCK SAKE what happened to JSONObject (for Android) class, I'm sure it is a waaaay better solution than that mess ...
And from Oracle:
JsonObject value = Json.createObjectBuilder()
.add("firstName", "John")
.add("lastName", "Smith")
.add("age", 25)
.build();

I guess that is a cleaner understandable solution than what master card has.

Worst fight I've had with a co-worker?

Had my share of 'disagreements', but one that seemed like it could have gone to blows was a developer, 'T', that tried to man-splain me how ADO.Net worked with SQLServer.

<T walks into our work area>
T: "Your solution is going to cause a lot of problems in SQLServer"
Me: "No, its not, your solution is worse. For performance, its better to use ADO.Net connection pooling."
T: "NO! Every single transaction is atomic! SQLServer will prioritize the operation thread, making the whole transaction faster than what you're trying to do."
<T goes on and on about threads, made up nonsense about priority queues, on and on>
Me: "No it won't, unless you change something in the connection string, ADO.Net will utilize connection pooling and use the same SPID, even if you explicitly call Close() on the connection. You are just wasting code thinking that works."

T walks over, stands over me (he's about 6.5", 300+ pounds), maybe 6 inches away

T: "I've been doing .net development for over 10 years. I know what I'm doing!"

I turn my chair to face him, look up, cross my arms.

Me: "I know I'm kinda new to this, but let me show you something ..."

<I threw together a C# console app, simple connect, get some data, close the connection>

Me: "I'll fire up SQLProfiler and we can see the actual connection SPID and when sql server closes the SPID....see....the connection to SQLServer is still has an active SPID after I called Close. When I exit the application, SQLServer will drop the SPD....tada...see?"
T: "Wha...what is that...SQLProfiler? Is that some kind of hacking tool? DBAs should know about that!"
Me: "It's part of the SQLServer client tools, its on everyone's machine, including yours."
T: "Doesn't prove a damn thing! I'm going to do my own experiment and prove my solution works."
Me: "Look forward to seeing what you come up with ... and you haven't been doing .net for 10 years. I was part of the team that reviewed your resume when you were hired. You're going to have to try that on someone else."

About 10 seconds later I hear him from across the room slam his keyboard on his desk.

100% sure he would have kicked my ass, but that day I let him know his bully tactics worked on some, but wouldn't work on me.

When I was in school I had some guys walk up to me and asked:

G: Are you Feeno?
Me: Yes, what's up?
G: We need our FY project on school management system done.
Me: Okay?
G: How much will that cost us?
Me: *confused because I was still a freshman. At that point the only programming language I knew was elementary qbasic. I couldn't even write a hello world program without the help of Google*
So played along because yes we're talking about money here.

Me: It will cost you guys N amount of money (*improvised deep voice*).
G: Okay. Fair price.
* Right there they transferred half the requested amount to me. *
Holy moly! This guys aren't joking around. I don't know shit! They clearly mistook me for a senior student whose first name is Feeno, to me that was a nick referred to me by my friends.

I'm in this one for sure and it's a do or die transaction cus I'm returning no fucking money. I told my friends what had happened and they insisted I return back the money to the students and admit I can't deliver the project they were requesting.
Fuck all of yah! I'm keeping this money. Same afternoon I visited the school library with the intension of writing the code using the help of YouTube tutorials. I didn't find anything useful for qbasic as I thought I could write a full fledged school management system using qbasic.

I was lucky enough to find an existing source code on Codeproject, God bless that Indian guy. The source was in PHP and the tutor gave a step by step guide to setup XAMP and MySQL. I really don't know PHP but I guess source code modification is a natural skill to all programmers as I was able to modify the code to meet the requirements of the students (i.e school name, logo and other minor changes).

Most of what I learnt in programming came from modifying the source of that project. I learnt how to connect a PHP source to a MySQL database, I learnt about functions and their usage, I learnt the basics of HTML, I really learnt a lot and I would say that the speed at which I learnt was proportional to the amount of pressure I received to deliver.

That was how my journey as a full stack developer started. By chance maybe.

Hello again, everyone. I've been busy with all the paperwork at my ship (will make a post about it later) but for now, I'll bore you with another story (not navy one, fortunately) to justify my slacking off.
And this story... is the story on how I got into ITSec. And it is pretty damn embarrassing. It all began when I was 16. I was hooked on battleknight.gameforge.com, a browser game. My father had just had ADSL installed at our home, and the new opportunities before me were endless. Well...
After I've had my fill with the porn torrents and them opportunities dwindled to just a few dozens, I began searching for free games, and I stumbled on that game. I played a lot, but as a free-to-play game, it was also pay-to-win. I didn't have a credit card, so I paid for a few gems with SMS messages. Fast forward a couple of years, I got into the Naval Academy. A guy came in to advertise something (I think it was an encyclopaedia or something - yes, wikipedia wasn't a thing back then) and to pay for it, we could apply for a credit card. So I applied. And I resisted the temptation for a year.
Note: prepaid wasn't that known where I live, so using credit cards was the only way for online transactions.
So I made 1 transaction. Just one. After a couple of months my monthly report from the bank came, showing a 2.5$ (I think) transaction on Paypal. I paid no mind, thinking that it was some hidden fee. Oh boy, I shit you not, I was THAT much of an idiot. Six months later, BOOM!
600$ transaction to ebay via paypal. You can imagine all those nice things that came to my mind. In any case, the bank accepted my protest that I filed at their central offices and cancelled the transaction. I promptly cancelled my card, destroyed it right there for good measure, and got to thinking... what the fuck just happened?
As many people here, I am afflicted with a deadly virus, called curiosity. I started researching the matter, trying to figure out how. And, because I didn't like black boxes and "it is just like it is" explanations, I tumbled down the rabbit hole of ITSec. I soon found out that, not only it was possible, but also it was sometimes EXTREMELY easy to steal credit card info. There are sites, to this very day, that store user info (along with credit cards info) IN FUCKING CLEARTEXT. Sometimes your personal, financial and even medical info are just an SQLi away.
So, I got very disillusioned on many things. But I never regretted it. It may cause me to age prematurely and will kill me of stroke or heart attack one day, but as I still tumble down the ITSec rabbit hole, I can say with confidence that
I REGRET NOTHING
Plus, my 600$ were returned, so look on the bright side :)

> be me
> spend 0.02 Ether (about €5) on one of those old-school MUD-style games
> send to the same Ethereum wallet from a previous purchase
> realize that the destination wallet changes for each purchase (probably to mitigate the fact that transaction history and contents in Ethereum wallets is entirely public)

> send an email to the game dev asking to return the transaction or pass it on to my player account
> *cricket noises*

About a week later, i.e. now:
*checks that Ethereum account that I accidentally sent that transaction to*
> $0 on it, transaction has been withdrawn

Now I couldn't care less about the €5 - it's only 2 beers worth - but what I do care about is honesty. Dear Chat Wars admin, that money wasn't yours. Also, I am one of those players that plays very few games but tends to commit to those I do play. The last one I played, I spent several hundreds of euros on over the couple of years I played it. I could've probably paid for your servers, spare time development and then some. But obviously not anymore. Choosing a quick grab of €5 over a relatively steady source of income from someone that tends to financially support what he likes... Re-evaluate your life choices.

Just like that incident with the stolen flash drive that was worth only €10... I couldn't care less about the raw value of them, but I do feel very disappointed in humanity when people go for a quick grab of such worthless things.

I used to work for a Mexican bank in Mexico, as a developer I opened (and use) an account, since the bank was not famous(most of its business was with the government), going to the bank and see no waiting lines was an advantage, so I started using it as my only bank account even nowadays.

Now I live in NYC, and some years later I see on the news the bank merged(was absorbed) with another bank, 'sounds good, I don't care' I thought.

Well, I open my online account and the nightmare begins:

1) Redirection to the 2nd bank page
2) My credentials does not work
3) Call the original bank(no answers)
4) After several calls and days I got a phone contact
5) 'well, try all other passwords you have' (transaction passwords, operative passwords, login passwords, etc), among many other stupid answers, which by the way, were preceded by infinite question about the 2nd bank, like:

- when did you open the account with the 2nd bank?
- what is your 2nd bank account number

6) after 20 calls like that, they asked for documents, information and screenshots, and send all that to the 2nd bank tech help email.

7) After several days a person responded: 'Go to your bank(which fucking bank?)' and ask for a new user.

8) a ton of calls to know what bank I was assigned

9) called the bank: 'well, you have to come in person(no exceptions allowed) and request to close your 1st bank account and open a 2nd bank account' (I am not sure if that is gonna work)

All the technology nowadays and still I have to travel thousands of miles hoping this 'solution' works.

to be continue....

Transaction isolation levels can suck a dick.

Also,
serialization
doesn't
fucking
work.
(╯°□°）╯︵ ┻━┻

had an issue where our clients payment gateway would duplicate the charge (at the gateway...not at the application) before sending it to the bank officially - the bank would detect the duplication then void both charges.

the gateway service admitted this was a bug, the bank it was tied to admitted it was a bug - but they wouldnt fix it. so my solution was to send a special uid with the original transaction (put it in a special field) and had the bank track that one as the "known good"

the funny thing? next version of the gateway api included this as a feature, but i got no credit.

Dogecoin hit USD $0.40 recently, which means it's time for the Crypto Rant.

TL;DR: Dogecoin is shit and is logically guaranteed to eventually fall unless it is fundamentally changed.

===========================

If you know how Crypto works under the hood, you can skip to the next section. If you don't, here's the general xyz-coin formula:

Money is sent via transactions, which are validated by *anybody*.

Since transactions are validated by anybody, the system needs to make sure you're not fucking it up on purpose.

The current idea (that most coins use today) is called proof-of-work. In short, you're given an extremely difficult task, and the general idea is you wouldn't be willing to do that work if you were just going to fuck up the system.

For validating these transactions, you are rewarded twofold:

1) You are given a fixed-size prize of the currency from the system itself. This is how new currency is introduced, or "minted" if you prefer.
2) You are given variable-size and user-determined prize called "transaction fees", but it could be more accurately called a "bribe" since it's sole purpose is to entice miners to add YOUR transaction to their block.

This system of validation and reward is called mining.

===========================

This smaller section compares the design o f BTC to Dogecoin - which will lead to my final argument

In BTC, the time between blocks (chunks of data which record transactions and are added to the chain, hence blockchain) is ten minutes. Every ten minutes, BTC transactions are validated and new Bitcoins are born.

In Dogecoin, the time between blocks is only one minute. In Theory, this means that mining Dogecoin is about ten times easier, because the system expects you to be able to solve the proof of work in an average of one minute.

The huge difference between BTC and Doge is the block reward (Fixed amount; new coins minted). The block reward for BTC is somewhat complicated compared to Doge: It started as 50 BTC per block and every 4 years it is halved ("the great halving"). Right now it's 6.25 BTC per block. Soon, the block reward will be almost nothing until BTC hits it's max of 21 million bitcoins "minted".

Dogecoin reward is 10,000 coins per block. And it will be that way for the end of time - no maximum, no great halving. And remember, for every 1 BTC block mined, 10 Doge blocks are mined.

===========================

Bitcoin and Dogecoin are now the two most popular coins in pop culture. What makes me angry is the widespread misunderstanding of the differences between the two. It is likely that most investors buy Dogecoin thinking they're getting in "early" because it's so cheap. They think it's cheap because it isn't as popular as Bitcoin yet. They're wrong. It's cheap because of what's outlined in section two of this rant.

Dogecoin is actually not very far off Bitcoin. Do the math: there's a bit over 100 billion Dogecoin in circulation (130b). There's about 20 million BTC. Calculate their total CURRENT values:

130b * $0.40 = 52b
20m * $60k = 1.2t

...and Doge is rising much, much faster than BTC because of the aforementioned lack of understanding.

The most common thing I hear about Doge is that "nobody expects it to reach Bitcoin levels" (referring to being worth 60k a fucking coin). They don't realize that if Doge gets to be worth just $10 a coin, it will not just reach Bitcoin levels but overtake Bitcoin in value ($1.3T).

===========================

It's worth highlighting that Dogecoin is literally designed to fail. Since it lacks a cap on new coins being introduced, it's just simple math that no matter how much Doge rises, it will eventually be worthless. And it won't take centuries, remember that 100k new Doge are mined EVERY TEN MINUTES. 1,440 minutes in a day * 10K per minute is 14.4 million new coins per day. That's damn near every Bitcoin to ever exist mined every day in Dogecoin

The only serious, as in customer affecting, bug I never git fixed was an indexing bug that caused an exception requiring manual intervention by one of us.

Despite going at it for many years I never found the root cause before I left the company.

The reason it was so difficult was that it only occurred every second month or less and with different customers.
It was also not triggering directly when the error occurred but a while later once the error had caused accumulated errors until one value got negative.

Also, it was a combination SQL, backend code and frontend js and the time from initial error until an invalid value could be hours, days or even weeks.

And we never ever managed to replicate it our self and found no common pattern between occasions.

We think it was some kind of race condition when updating the db that caused duplicate values or a hole in the index series (db transaction or db index was not an option for various reason that would require a redesign of the central tables and most if the central code).

This then grew into multiple error on consecutive updates until one f them resulted in a negative number that then caused a regex in js to fail.

Went to the ATM to get some cash.. entered an amount of 800 INR and to my surprise got an error saying "Your account does not have sufficient funds for this transaction" .. Instantly thought that my account has somehow been compromised.. checked the bank app and found out that I everything was normal..

As it turns out the ATM machine did not have 500 or 100 INR notes, thus it could not dispense my requested amount..

Now that's what we call a "Good" error handling..

Got an email from a stakeholder about a $0 transaction for an item that was not meant to be $0. Found someone put a condition in the code to set the price to $0 if it couldn’t be queried from the database. Wut…that is…not logical 😵‍💫😵

I am laughing and crying at the same time.

I did a high value transaction with Google Pay, and now I cannot see the transaction details in history for this specific transaction (The money was transferred correctly though). When I open the history entry, it says "Something went wrong, please try again".

So after waiting for a week, I went to report a bug with Google from within the app. And when I press submit, I get an error.

Wanna guess what's the error?

ITS FUCKING "SOMETHING WENT WRONG, PLEASE TRY AGAIN"!

It's 17:55... Did much work that day since I came in earlier than usual, so I could leave in time and do some shopping with the girlfriend.

A colleague comes in to my room, a tad distressed. He had accidentally ran a fixture script on a production environment database (processing a shipload of records per minute), truncating all tables...

Using AWS RDS to rollback the transaction log takes up about 20m. I had to do that about 5 times to estimate the date and time of when the fixture script ran... Since there was no clear point in time...

Finally I get to the best state of the data I could get. I log in remotely run some queries. All is well again... With minor losses in data.

I try to download a dump using pg_dump and apparently my version is mismatched with the server. I add the latest version to aptitudes source list of postgres repo and I am ready to remove and purge the current postgres client and extensions...

sudo apt-get remove post*
Are you sure? (Y/n) *presses enter and enters into a world of pain*

Apparently a lot of system critical applications start with post... T_T

me@termux $ su -c pm list packages
android.os.DeadObjectException: Transaction failed on small parcel; remote process probably died at [...]

Hmm, strange.. wasn't that the proper command? 🤔
Maybe it's SELinux that's at it again? It's giving permission errors with /sys/class/power_supply/battery/capacity as well, which can only be solved by disabling SELinux it seems.

me@termux $ su -c setenforce 0
me@termux $ su -c pm list packages
(Gives list)

So it was SELinux after all.. FUCKING PIECE OF SHIT!!!

1. our public transport added a free wifi to busses, some years ago already. it's got a "login" page, connect to wifi, get a phone notification, tap it, opens page with an ad and 10 second timer on a "click to continue to internet" button.
... okay.
recently, the geniuses decided to harvest mail addresses, which... *gritting teeth* if you must...
BUT... "please input your mail address". i input and submit.
"we have sent a mail with confirmation link to that address, please click the link to confirm to get access".

FUCKING BRAINZOMBIES, HOW DO YOU EXPECT ME TO ACCESS MY MAILBOX TO ACCESS INTERNET WITHOUT THE ACCESS TO INTERNET?

2. i had a second unrelated minirant, but i forgot what it was, so another one instead:
a long time ago, in a country where i live, the transaction slip the ATM gives you after withdrawing money used to contain info about remaining funds after withdrawal.
then, the info was removed from the slip, and a "feature" was added to atms where you "can" check the money on the account.
doing so costs you 0.50€

greedy asshole fuckers.

Spent the last days trying to reach paypal tech support, hung on the phone across the globe, with people at paypal CS, who weren't even familiar with their own terminology, read tons of VERY 'straightforward' documentation and it kept me up two nights straight.

ALL because I REFUSED to believe that it is like I understood it between the lines that I read.

Today I got my answer. You can create Billing Plans (rules on which you'll base your subscriptions, i.e. amount, intervals, duration..) ONLY over the rest api, and only when a customer purchases a first subscription, you're able to EDIT the plan on Paypal dashboard!

What fuckery is that!? You have a edit form, but you can not provide a create form?! TY paypal for making me build a whole billing plan manager for usually a one time transaction per website.

I AM SENDING YOU MY PHONE BILL.

Rant!

Been working on 'MVP' features of a new product for the past 14 months. Customer has no f**king clue on how to design for performance. An uncomfortable amount of faith was placed on the ORM (ORMs are not bad as long as you know what you are doing) and the magic that the current framework provides. (Again, magic is good so long as you understand what happens behind the smoke and mirrors - but f**k all that... coz hey, productivity, right?). Customer was so focussed on features that no one ever thought of giving any attention to subtler things like 'hey, my transaction is doing a gazillion joins across trizillion tables while making a million calls to the db - maybe I should put more f**king thought into my design.' We foresaw performance and concurrency issues and raised them way ahead of the release. How did the customer respond? By hiring a performance tester. Fair enough - but what did that translate into? Nothing. Nada. Zilch. Hiring a perf tester doesn't automagically fix issues. The perf tester did not have a stable environment, a stable build or anything that is required to do a test with meaningful results. As the release date approached, the customer launched a pilot and things started failing spectacularly with the system not able to support more than 15 concurrent users. WTF! (My 'I told you so' moment) Emails started flying in all directions and the hunt for the scapegoat was on (I'm a sucker for CYA so I was covered). People started pointing in all directions but no one bothered to take a step back and understand what was causing the issues. Numero uno reason for transaction failure was deadlocks. We were using a proprietary DB with kickass tooling. No one bothered to use the tooling to understand what was the resource in contention let alone how to fix the contention. Absolute panic - its like they just froze. Debugging shit and doing the same thing again and again just so that management knew they were upto something. Most of the indexes had a fragmentation of 99.8% - I shit you not. Anywho, we now have a 'war room' where the perf tester needs to script the entire project by tonight and come up with some numbers that will amount to nothing while we stay up and keep profiling the shit out of the application under load.

Lessons learnt - When you foresee a problem make a LOT of noise to get people to act upon it and not wait till it comes back and bites you in the ass. Better yet, try not to get into a team where people can't understand the implications of shitty design choices. War room my ass!

Boss: So what are your biggest achievements for this year?
Me: mmm, probably not killing myself
Boss: .....
Me: I meant I reduced the number of fraudulent transactions in our service by adding machine learning to flag suspicious transaction
Boss: Yeah, you should've start with that
Me: .....

A transaction level to match the rest of my code.

Sleeping the Thread for 1 sec, because the database had no real timestamp and a transaction on the same item within the same second would lead to a doubled primary key...

No real feature, but it is a bug and this makes it a feature I guess.

Client: i want payment integration without using any of those 3rd party gateways like 2checkout.

Me: uhmmm, any reason you cant use those gateways?

Client: its more professional

...

they also take percentages on every transaction !

Me: ... *closes chat*

Still dealing with the web department and their finger pointing after several thousand errors logged.

SeniorWebDev: “Looks like there were 250 database timeout errors at 11:02AM. DBAs might want to take a look.”

I look at the actual exceptions being logged (bulk of the over 1,600 logged errors)..

“Object reference not set to an instance of an object.”

Then I looked the email timestamp…11:00AM. We received the email notification *before* the database timeout errors occurred.

I gather some facts…when the exceptions started, when they ended, and used the stack trace to find the code not checking for null (maybe 10 minutes of junior dev detective work). Send the data to the ‘powers that be’ and carried on with my daily tasks.
I attached what I found (not the actual code, it was changed to protect the innocent)
Couple of hours later another WebDev replied…

WebDev: “These errors look like a database connectivity issue between the web site and the saleitem data service. Appears the logging framework doesn’t allow us to log any information about the database connection.”

FRACK!!...that Fracking lying piece of frack! Our team is responsible for the logging framework. I was typing up my response (having to calm down) then about a minute later the head DBA replies …

DBA: “Do you have any evidence of this? Our logs show no connectivity issues. The logging framework does have the ability to log an extensive amount of data regarding the database transaction. Database name, server, login, command text, and parameter values. Everything we need to troubleshoot. This is the link to the documentation …. If you implement the one line of code to gather the data, it will go a long way in helping us debug performance and connectivity issue. Thank you.”

DBA sends me a skype message “You’re welcome :)”

Ahh..nice to see someone else fed up with their lying bull...stuff.

UX quiz:
a) trim whitespace characters from credit card or bank account input
b) refuse transaction, show error message: "no spaces are allowed in the card number"

Most painful code error you've made?

More than I probably care to count.

One in particular where I was asked to integrate our code and converted the wrong value..ex

The correct code was supposed to be ...

var serviceBusMessage = new Message() {ID = dto.InvoiceId ...}

but I wrote ..

var serviceBusMessage = new Message() {ID = dto.OrderId ...}

At the time of the message bus event, the dto.OrderId is zero (it's set after a successful credit card transaction in another process)

Because of a 'true up' job that occurs at EOD, the issue went unnoticed for weeks. One day the credit card system went down and thousands of invoices needed to be re-processed, but seemed to be 'stuck', and 'John' was tasked to investigate, found the issue, and traced back to the code changes.

John: "There is a bug in the event bus, looks like you used the wrong key and all the keys are zero."
Me: "Oh crap, I made that change weeks ago. No one noticed?"
John: "Nah, its not a big deal. The true-up job cleans up anything we missed and in the rare event the credit card system goes down, like now. No worries, I can fix the data and the code."
<about an hour later I'm called into a meeting>
Mgr1: "We're following up on the credit card outage earlier. You made the code changes that prevented the cards from reprocessing?"
Me: "Yes, it was my screw up."
Mgr1: "Why wasn't there a code review? It should have caught this mistake."
Mgr2: "All code that is deployed is reviewed. 'Tom' performed the review."
Mgr1: "Tom, why didn't you catch that mistake."
Tom: "I don't know, that code is over 5 years old written by someone else. I assumed it was correct."
Mgr1: "Aren't there unit tests? Integration tests?"
Tom: "Oh yea, and passed them all. In the scenario, the original developers probably never thought the wrong ID would be passed."
Mgr1: "What are you going to do so this never happens again?"
Tom: "Its an easy addition to the tests. Should only take 5 minutes."
Mgr1: "No, what are *you* going to do so this never happens again?"
Me: "It was my mistake, I need to do a better job in paying attention. I knew what value was supposed to passed, but I screwed up."
Mgr2: "No harm no foul. We didn't lose any money and no customer was negativity affected. Credit card system may go down once, or twice a year? Nothing to lose sleep over. Thanks guys."

A week later Mgr1 fires Tom.

I feel/felt like a total d-bag.

Talking to 'John' later about it, turns out Tom's attention to detail and 'passion' was lacking in other areas. Understandable since he has 2 kids + one with special-needs, and in the middle of a divorce, taking most/all of his vacation+sick time (which 'Mgr1' dislikes people taking more than a few days off, that's another story) and 'Mgr1' didn't like Tom's lack of work ethic (felt he needed to leave his problems at home). The outage and the 'lack of due diligence' was the last straw.

Blizzard.

I’ve been a huge fan of pretty much every blizzard franchise for a long long time.

However recently the companies attitude towards its customers has reached breaking point, insert “you think you do but you don’t “ & “don’t you guys have phones?”.

They’re unfortunately driving many of their franchises into the ground at the moment and at their current trajectory I can see a really bad fall coming.

A lot of gaming companies need to really listen to their communities and stop this micro transaction Armageddon that’s happening just now.

Too lazy to implement DB Transaction. I hope I won't get fired for this.

Oh boy I got a few. I could tell you stories about very stupid xss vectors like tracking IDs that get properly sanitized when they come through the url but as soon as you go to the next page and the backend returns them they are trusted and put into the Dom unsanitized or an error page for a wrong token / transaction id combo that accidentally set the same auth cookie as the valid combination but I guess the title "dumbest" would go to another one, if only for the management response to it.

Without being to precise let's just say our website contained a service to send a formally correct email or fax to your provider to cancel your mobile contract, nice thing really. You put in all your personal information and then you could hit a button to send your cancelation and get redirected to a page that also allows you to download a pdf with the sent cancelation (including all your personal data). That page was secured by a cancelation id and a (totally save) 16 characters long security token.

Now, a few months ago I tested a small change on the cancelation service and noticed a rather interesting detail : The same email always results in the same (totally save) security token...
So I tried again and sure, the token seemed to be generated from the email, well so much about "totally save". Of course this was a minor problem since our cancelation ids were strong uuids that would be incredibly hard to brute force, right? Well of course they weren't, they counted up. So at that point you could take an email, send a cancelation, get the token and just count down from your id until you hit a 200 and download the pdf with all that juicy user data, nice.

Well, of course now I raised a critical ticket and the issue was fixed as soon as possible, right?
Of course not. Well I raised the ticket, I made it critical and personally went to the ceo to make sure its prioritized. The next day I get an email from jira that the issue now was minor because "its in the code since 2017 and wasn't exploited".

Well, long story short, I argued a lot and in the end it came to the point where I, as QA, wrote a fix to create a proper token because management just "didn't see the need" to secure such a "hard to find problem". Well, before that I sent them a zip file containing 84 pdfs I scrapped in a night and the message that they can be happy I signed an NDA.

just my useless opinion - I don't think bitcoin will every see a big drop

at least, not for ten years

in reality, every bitcoin transaction you make is just a number in the blockchain, just like any other coin. but unlike other coins, bitcoin is #1, has hype in the media, etc.

bitcoin is essentially the name brand of coins. when people think crypocurrency no other name comes to mind.

ethureum, litecoin, dogecoin? nope. nada. null. nil. None. the rate at which bitcoin will increase will become even more astounding. people can now profit of it more and more mining will happen because more people want to buy.

unfortunately I didn't buy it and 5¢, nor $4000, but I don't think we'll see another >$3000 drop for a while.

as the enthusiasm around it decreases, the price will increase at a slower rate, but nevertheless, growing.

my recommendation: buy now. and even if it does go down $2000 after you buy it, it'll probably come back up. so when it's work $110,000 in 2020, I don't think the $2000 will mean as much.

just my two cents.

I'd love to head some other opinions.

So, I work in a game development studio, right?
We're trying to launch the title on as many platforms as reasonable, because as a social VR app we're kinda rowing upstream.
So far, Steam and Oculus have been fairly reasonable, if oddly broken and inconsistent.
Enter store 3.
Basically no in-game transaction support (our asking prompted them to *start* developing it. No, it's not very complete). No patch-update system (You want an update? Gotta download the whole fsckin' thing!). No beta-testing functionality for most of their stuff ("Just write the code like the example, it will work, trust us!"). No tools besides the buggy SDK (Wanna upload that new build? Say hello to this page in your web browser!).
So, in other words: Fun.

We've been trying to get actively launched for two months now. Keep in mind that the build has been up on Steam and Oculus for over a year and half a year (respectively), so the actual binary functionality is, presumably fine.

The best feedback we get back tends to be "Well, when we click the Launch button it crashes, so fail."
Meanwhile we're going back and forth, dealing with other-side-of-the-world timezone lag, trying to figure out what is so different from their machines as ours. Eventually we get them to start sending logs (and no, Windows Event logs are not sufficient for GAMES, where did you even get that idea????) except the logs indicate that the program is getting killed so terribly that the engine's built-in crash handler can't even kick in to generate memory dumps or even know it died.

All this boils down to today, where I get a screenshot of their latest attempt.

I just can't even right now.

!Dev

In Malaysia for some reason Chinese and Indians are considered as outsider. Some Malays are considering themselves are native (actually the Orang Asli are the native). Many politicians attempt to even startled a racial fight against the non- Malays. My country is operated by a closed system. Most Dutch , US companies are leaving Malaysia due to the unfairness.

Before this I worked in a Dutch company in Malaysia , where lately the company declare bankruptcy as my respectable boss told me what happened. Later I learnt, in order for a foreigner to start a company in Malaysia , a transaction of transfering have of the company assets and name under an assigned Malay man by the government.

The racism here is real and crazy. It is no surprise most Malaysian migrating to Taiwan, China Singapore , Thailand and some western countries.

I hate racism. Recently I heard news about western countries still have the hatred against Asians which I abort the idea of migrating there. But in my country Asians are hating other kind of Asians before for being different Asian.

May be I should just get my arse back to Mongolia (where my ancestors will be )

Why won't you just approve my PR???

Whats wrong with you?!

I don't understand your cryptic one-sentence feedback. I'm not even sure you understand what you're asking yourself.

What the hell does "make it a transaction" mean? Don't give me pseudo-code examples that don't even work fucking asshole!

Its a small change that does NOT need a canary build dammit. Don't go testing the ORM, its a goddamn standard library. Why does working with you make everything so complicated?!?!

The code fucking works! There is no need to make it comply to your specific tastes goddamn it. Working with you is like pulling teeth!

/endrant

Yo @dfox @trogus, I know I’ve been a pain in the ass lately with my connectivity issues etc, 🤪 but on the auto renewal for devRant++, the transaction (to my knowledge) has successfully went through (can provide screen shot) but I haven’t received it. Not rant, just curious if it’s something in my end, I want to continually support this amazing community.

I am learning java at school and my teacher asked me to make a work on JTA (java transaction API). There's not a lot of tutos on it on the web so I say to myself "go on, give it a try, you'll only learn by trying."
I finally find how to make the @TransactionType, where to put the @Stateless, my test works, nice. Finally I want to try a case where it shouldn't work, just to be sure the rollback works well. The test goes and... NullPointerException. Wtf ! Normally, my catch is supposed to, well, catch the error !

And finally, I was just stupid. My catch worked great. But I put a "throw e" inside.

Now I wanna hides under blankets, cry, eat cake and never see my coworkers again.

# Retrospective as Backend engineer

Once upon a time, I was rejected by a startup who tries to snag me from another company that I was working with.
They are looking for Senior / Supervisor level backend engineer and my profile looks like a fit for them.
So they contacted me, arranged a technical test, system design test, and interview with their lead backend engineer who also happens to be co-founder of the startup.

## The Interview

As usual, they asked me what are my contribution to previous workplace.
I answered them with achievements that I think are the best for each company that I worked with, and how to technologically achieve them.

One of it includes designing and implementing a `CQRS+ES` system in the backend.
With complete capability of what I `brag` as `Time Machine` through replaying event.

## The Rejection

And of course I was rejected by the startup, maybe specifically by the co-founder. As I asked around on the reason of rejection from an insider.

They insisted I am a guy who overengineer thing that are not needed, by doing `CQRS+ES`, and only suitable for RND, non-production stuffs.

Nobody needs that kind of `Time Machine`.

## Ironically

After switching jobs (to another company), becoming fullstack developer, learning about react and redux.
I can reflect back on this past experience and say this:

The same company that says `CQRS+ES` is an over engineering, also uses `React+Redux`.
Never did they realize the concept behind `React+Redux` is very similar to `CQRS+ES`.

- Separation of concern
- CQRS: `Command` is separated from `Query`
- Redux: Side effect / `Action` in `Thunk` separated from the presentation
- Managing State of Application
- ES: Through sequence of `Event` produced by `Command`
- Redux: Through action data produced / dispatched by `Action`
- Replayability
- ES: Through replaying `Event` into the `Applier`
- Redux: Through replay `Action` which trigger dispatch to `Reducer`

---

The same company that says `CQRS` is an over engineering also uses `ElasticSearch+MySQL`.
Never did they realize they are separating `WRITE` database into `MySQL` as their `Single Source Of Truth`, and `READ` database into `ElasticSearch` is also inline with `CQRS` principle.

## Value as Backend Engineer

It's a sad days as Backend Engineer these days. At least in the country I live in.
Seems like being a backend engineer is often under-appreciated.
Company (or people) seems to think of backend engineer is the guy who ONLY makes `CRUD` API endpoint to database.

- I've heard from Fullstack engineer who comes from React background complains about Backend engineers have it easy by only doing CRUD without having to worry about application.
- The same guy fails when given task in Backend to make a simple round-robin ticketing system.
- I've seen company who only hires Fullstack engineer with strong Frontend experience, fails to have basic understanding of how SQL Transaction and Connection Pool works.
- I've seen company Fullstack engineer relies on ORM to do super complex query instead of writing proper SQL, and prefer to translate SQL into ORM query language.
- I've seen company Fullstack engineer with strong React background brags about Uncle Bob clean code but fail to know on how to do basic dependency injection.
- I've heard company who made webapp criticize my way of handling `session` through http secure cookie. Saying it's a bad practice and better to use local storage. Despite my argument of `secure` in the cookie and ability to control cookie via backend.

The largest ISP in my country, a government backed service, hijacks URLs randomly and injects pop up into web browser!

Imagine if getting hijacked during an online transaction... Glad it never happened yet.

But Fuck them for doing this.

Card *************, transaction amount: 32.08 USD, 2024-02-09, MICROSOFT#G038912911 MSBILL.I. Available: XXX EUR XXX USD

Tell me RIGHT FUCKING NOW WHAT JUST FUCKING CHARGED ME 32$??????? I'M NOT FUCKING USING AZURE. HOW TO FUCKING SHUT THIS FUCKING BULLSHIT DOWN???

HELP

Customer: the user summary report does not show all the transaction data I want to see

Me: there is a report called "transaction log report" that will show all the transactions

Customer: is that the user summary report?

Looks like copying large file e.g. 1GB from Remote Desktop Connection will also affect SQL Server performance and somehow slowing down the SQL transaction 100000x times

What a new thing to experience😆

I used a test user account to make live payment transaction with test wallet money on production, accounting department just called... I think I'm in hot waters!

So I was leaving feedback on eBay for a fountain pen I bought, and learned that "pen is" triggers the profanity filter. I assume there are legitimate reasons for this (people making it so we can't have nice things) but still. It wasn't profanity or an attempt around the filter in the context of my transaction!

I wanted to talk about the pen I bought without sounding stilted or unnatural. That's difficult in 80 characters or less. Don't make it harder for me, please.

Head of IT: kindly check what the issue with the following transaction

Me: Is this on production or on staging?

Head of IT: YES

Me: 🖕🏾 🖕🏾

My first simplistic wallet to create raw Bitcoin transactions. The best part was that the transaction was mined succesfully and is now part of history.

I wasn't hired to do a dev's job (handled sales) but they asked me to help the non-HQ end with sorting transaction records (a country's worth) for an audit.

Asked HQ if they could send the data they took so I wouldn't need to request the data. We get told sure, you can have it. Waits for a month. Nothing. Apparently, they've forgotten.

Asks for data again. They churn it out in 24 hours. Badly Parsed. Apparently they just put a mask of a UI and stored all fields as one entire string (with no separators). The horror!

Ended up wasting most of a week simply fixing the parsing by brute force since we had no time.

Good news(?): We ended up training the front desk people to ending their fields with semi-colons to force backend into a possibly parsed state.

Developer just emailed our team a complaint that our logging assembly was resulting in their poor test coverage and they sent a change request to give them the ability to mock the underlying log provider (ex. from the event log to ‘something else’).

Looked at their tests, and they are testing whether or not the .Log was executed (on an exception, if the .Log method was not executed, the test failed), which seemed a bit worthless because we’ve already got coverage in our unit tests.
We had a meeting to discuss the issue.
Me: “I’m OK with changing the logging code if it’s necessary, but I want to understand why.”
DevA: “Logging errors is crucial to the database transaction. If someone removes the logging, the tests should fail.”
Me: “If someone removes the error logging on purpose, then they likely have an agenda and will remove the test validation too. It wouldn’t be an accident.”
DevA: “That’s not my problem. They will have to deal with HR.”
Me: “We purposely prevented someone from intercepting the logging just for that purpose. Your test code already covers the business rule, testing the logging seems out of place. That would like writing a test to make sure the System.IO.File.ReadAllText actually reads all the text from a file. You kinda assume a few smart Microsoft engineers already wrote tests for that.”
DevA: “Yea, I guess that would be silly.”

Got cc’ed an email a little bit ago from DevA to his boss..
“We’re not going to be able to change logging assembly. This may have some impact on our overall test coverage as those lines of code will not get testing coverage. You will have to let the DevMgr know we will not meet our test coverage goals.”

WTF!

So, we (I'm the backend guy and work with a UI dev) are building this product portfolio management tool for our client and they have a set of 250 users. The team has two point of contacts for the 250 users who maintain the master data, help users with data quality, tool guidance, reporting and other stuff. So one day one of these two support users come to me and say : Hey I'm not able to add new transactions coz a customer is missing.

We have the provision to create / maintain customers.

I check the production DB, application code, try creating the customer and then the transaction, everything works perfectly fine.

I ask the user for a screen sharing session, the user starts reproducing the error like this :

We have a 3 system landscape - Dev / Test and Prod

U : Logs into the test system url, creates the customer.

U : Points out the toast saying customer creation is successful.

U : opens a new tab, opens the production system, tries creating the transaction, searches for the customer and says " see !! cant find the customer here ! the master data management apps never work !! "

FML?.

I would like to murder postgres and the awful requirements of this damn project... Plus, I practically didn't sleep more than a blink last night so either postgres fucks off and gets its shit together with its transaction handling shit, or imma about to stab a bitch! 🗡 ⚔️

When a data scientist thinks that if his algorithm is o(n) then it's really o(n) and it doesn't matter that he placed synchronized everywhere , connected to the db multiple time with huge in memory ops inside the transaction , wrote a file and downloaded something with http client . After all it's o(n) right mister I'm a scientist genius ?!?!?

!dev
Fucking hell, my phone (Nexus 5X) just died: I was browsing the web in Chrome, it suddenly hung, after a few seconds it turned off, and will not turn on at all now, it's just completely dead. FUCK!
I was going to pick up a used printer this afternoon, now I may not be able to because I can't contact the person to get their address. And if I could, I don't have Maps to find the way. FUCK!
On top of that, yesterday I got a call from the bank that my credit card was used in a fraudulent transaction so they had to cancel it, and send out a new one, which I will not have until Friday or Monday next. FUCK!

Have anyone ever tried making an NFT of a crypto coin?
Like, you have an NFT of a link to an specific state of the blockchain - "own the highest value transaction ever!"
And try buying it using some other cryptocoin.
And make an NFT of the first time someone used a cryptocoin to buy the NFT of another coin.
And buy THAT NFT with another coin. And so on and so on...
Just trying to cause a too-many-recursions error in reality here.

I updated my hosting packages, purchasing a new VPS. Half way through my download of all the hosted sites, I wondered why it had stopped. Yeaaaaah... I'd updated the DNS to point to the new server mid transaction. Hodor.

So I recently finished a rewrite of a website that processes donations for nonprofits. Once it was complete, I would migrate all the data from the old system to the new system. This involved iterating through every transaction in the database and making a cURL request to the new system's API. A rough calculation yielded 16 hours of migration time.

The first hour or two of the migration (where it was creating users) was fine, no issues. But once it got to the transaction part, the API server would start using more and more RAM. Eventually (30 minutes), it would start doing OOMs and the such. For a while, I just assumed the issue was a lack of RAM so I upgraded the server to 16 GB of RAM.

Running the script again, it would approach the 7 GiB mark and be maxing out all 8 CPUs. At this point, I assumed there was a memory leak somewhere and the garbage collector was doing it's best to free up anything it could find. I scanned my code time and time again, but there was no place I was storing any strong references to anything!

At this point, I just sort of gave up. Every 30 minutes, I would restart the server to fix the RAM and CPU issue. And all was fine. But then there was this one time where I tried to kill it, but I go the error: "fork failed: resource temporarily unavailable". Up until this point, I believed this was simply a lack of memory...but none of my SWAP was in use! And I had 4 GiB of cached stuff!

Now this made me really confused. So I did one search on the Internet and apparently this can be caused by many things: a lack of file descriptors or even too many threads. So I did some digging, and apparently my app was using over 31 thousands threads!!!!! WTF!

I did some more digging, and as it turns out, I never called close() on my network objects. Thus leaving ~30 new "worker" threads per iteration of the migration script. Thanks Java, if only finalize() was utilized properly.

everyone glorifies ethereum and its smart contracts, but the actual build tools and overall development environment around it sucks balls.

when testing a contract locally with truffle develop and metamask, you have to reinstall metamask after every transaction because it gets out of sync with your local chain... people are seriously okay with working with this shit?

Today I noticed how incredibly insecure IBANs are.

You give it to anyone who wants to transfer money to your bank account, and all you need to perform a transaction is an IBAN, the account holders name and his signature.

So anyone who has your IBAN, your name and your signature (which all can occur in a single mail) can just send himself money from your account, cash out and move away. Noone can prove that it wasn't you who did the transaction and you couldnt find the guy.

And this is what all the banks in Europe use? What am I missing here?... how can a system this important be this insecure?

Fuckers didn't even give my account access to the fucking soap action I was calling after 3 weeks of email chains and other back and forth.

First the credentials I was given "we're fully set up" and now this BS??

Fucking test your live and sandbox environments work BEFORE you let your clients start their integrations.

And if they have issues, try to emulate the e-2-e test and prove you can complete the transaction yourself BEFORE emailing back 🤦

Talking about stupidity, my friend on whatsapp even share his bank online transaction on his stories, I told him to be careful with those sensitive information, but he's ignoring it.
I think he more care to show off his "bulge-wallet" than protect his own money.
Find anything stupid than that?

After brute forced access to her hardware I spotted huge memory leak spreading on my key logger I just installed. She couldn’t resist right after my data reached her database so I inserted it once more to duplicate her primary key, she instantly locked my transaction and screamed so loud that all neighborhood was broadcasted with a message that exception is being raised. Right after she grabbed back of my stick just to push my exploit harder to it’s limits and make sure all stack trace is being logged into her security kernel log.
Fortunately my spyware was obfuscated and my metadata was hidden so despite she wanted to copy my code into her newly established kernel and clone it into new deadly weapon all my data went into temporary file I could flush right after my stick was unloaded.
Right after deeply scanning her localhost I removed my stick from her desktop and left the building, she was left alone again, loudly complaining about her security hole being exploited.
My work was done and I was preparing to break into another corporate security system.
- penetration tester diaries

Do you guys know of any banks that offer an API to their customers? I'm looking for a way to get bank account balance and transaction history for a small personal project I'm working on (meaning, plad is not really an option)

An project I was working on was required to always identify users who took part in certain transactions (think of financial processing regulations).

Because some of the contacts on your phone might only contain a mobile phone number (and no name) a mandatory 'recipient' field was thus created to be filled for each transaction. This name was then checked against some international UN sanctions blacklists (you know, so Bin Ladens cousin can't use the thing...).

Only thing was... you could simply enter whatever name you wanted to. Like '%#^@/}(#' or 'John Doe', or 'Micky Mouse'... Everyone was well aware of this - but because ITS' THEM RULES we had to do it anyway.

Hope Bin Ladens cousin doesn't figure it out. :P

Alright, my very first post here was about this project and I am thinking it out loud again.

I see a problem and I am struggling to find a solution.

Now what I am thinking of is to articulate the problem well and state WHY I believe it needs to be solved. There are some reasons which must be presented in a capitalist way.

Furthermore, I am thinking of doing a market research to understand various demographics, validate the idea, and figure out the product-market fit.

Now, this qualitative research and quantitative data will help me decide whether it is worth putting in the efforts to solve the problem or not.

And since, we have an MVP already (funnily yes, we built it before all of the above), that will help me validate the tangible solution.

Once we get a confidence boost, then it will be time to get that single transaction which has net positive cash flow.

Start scaling to 'next billion users', so a billion transaction with net positive cash flow.

I won't be branching out into multiple verticals before be able to sustainably scale the core USP.

And while the second half sounds like, 'I have a million dollar idea', I am trying to be more and more realistic and rationale instead of falling in love with my idea.

I don't even have an idea (read solution) to fall in love with. Rather I have a problem that is bothering me.

So, yes, I am continuing this journey to solve the problem which started in second year of my hostel room and has evolved over 10 years.

Solidity and web3, still finding it hard to figure out the main classes

!dev

Why the FUCK do bank waiting lines have to be so fucking long? And why do these old cunts have to spend 30+ minutes in the booth each? If this goes on, I'll have to wait in line for THREE FUCKING HOURS just to raise my fucking daily transaction limit! And all I fucking wanted was to order the parts for my new goddamn rig! If you have too many cocking clients to handle, hire an extra worker or five!

!dev !tech

it's 2 am, nd just out of curiosity i put on earphones and tried to dance on a romantic couple song . interestingly, my life has been so single and restrictive that I can't even imagine holding hands of someone , nd that feels a bit sad.

after being burdened with the family ethics, relgions, family fights and financial crisis for so long, i feel i have lost a personality that i should have had.

1. i have lost the sense of random naughtiness and unnecessary bravery/arrogance. from what i know, the best way to reach your path is to remain focused on it. unnecessary acts of curiousity or nuisance leads to fights, frauds or worse.
however, people enjoy life by doing unnecessary banter, gossips, nuisance and having fun with unknown things, people and surroundings.
i guess this makes people a likeable/interesting character in social scenarios as me being an alert dog trying to focus on resching the party place, have a safe party and come home at time becomes a less interesting character than the guy entertaining everyone by his stupid talks in the car.

2. i have lost sense of compassion or showing love , expressing love or doing things out of love and not just for transaction.
From what i heard, people in relationship are clumsy to the max level. messages every 5 seconds, random acts of flirting, teasing, playing hard to get, what not.
i ... am simple. if i like someone, they are gonna know in 5 seconds (which is followed by a lifetime of awkwardness, so i have stopped even letting this thing to be known). physically nd financially i have enough resources and plans to be a good person to be with : i can be helpful in situations, am always up for doing anything interesting and have reputable personna. but expressing via those sugary baby talks is not my ☕

3. I haven't gained any passion for anything. i see people having deep thoughts on their passions for poetry, music, dance , guitar, travel, political alignment, causes, or whatnot.
i am not that much passionate towards anything because life doesn't give everyone the chance to choose passions.
i sat with my father in a flea market selling stuff. that wasn't passion, that was a necessity. for me, money>>study>>>anything
i am only passionate about having food on my plate and a roof over my head

-------

so all these things makes jack a boring person. i jave been chasing money so much that i question everyday of its worth it, as it's currently just being used to battle with the financial crisis while having a little bit in savjngs to enjoy life. but am so much worn out by this pressure of earning money that I don't even know how to enjoy life or have someone to enjoy life with , so its even more pointless to increase that limit.

i do try to explore the things i like : dance, singing, traveling, working out but not at the level that those attributes define me

#awkward_loney_life

paypal, a company that literally makes BILLIONS per year, is going to make mit SIT and WAIT for a meager 1 year CSV transaction report printout

knowing the pile of shit that is corporate america, theyre probably running on some garbage circa 2002 IBM SQL server or some shit

god it truly is a 🤡🌎

Got fed up with my bank. Scheduled five daily payments to transfer $0.01 from my transaction account to my credit card every day each. Is it considered spamming their DBs?

Sent a CV for a full-stack C# role. The CV is mainly a mix of working in ASMX/WCF, SQL, SSRS, SSIS, Distributed transaction architectures then with about 40% ASP.NET focusing on server side but also with some client side technologies and that I sometimes use Illustrator for creating/manipulating SVGs.
Was told I am too "front-end"

I almost completed the transaction on prod instead of dev. Testing is dangerous.

Today I made my first crypto transaction! Donated $100 to Z-library which is around 0.41 ETH.

Screw our credit card processor so hard. The powers that be decided to sign with them because their rates were better. That's it. Never mind the fact that they don't make/work with mobile readers, which we need. Never mind the fact that their app is trash and is lacking basic features. Never mind the fact that their support is non-existent. Never mind the fact that when I request a new POS machine, I don't hear back for 6 months, and have to follow up again only to find they forgot about it. Never mind the fact that their POS machines can't handle 2 merchants like our ancient, "out-dated" one could, and so we need to spend double the money and have 2 POS machines sitting on the counter. Never mind the fact that their website is trash and lacks basic functionality. Never mind the fact that I cannot manage our user list (which changes CONSTANTLY), or even VIEW IT. I need to email them for all of this, and they may or may not respond. Never mind the fact that I'm going to spend my entire Friday scrolling through thousands of transactions, looking for one specific one, because their website doesn't even allow me to search for a specific transaction amount. Never mind all of that. Slightly lower rates, baby!

I have to build a database migration that generates user handles. The user handles are unique within an organization. The user can change them. The auto generated handles are either the first name + last name, or the business name depending on which user type it is. Unless it would be a duplicate. Duplicates auto increment if the handle is taken. The character limit for a user handle is the same length as first name plus last name so I have to check for possible overflow if I add digits. I also have to see if the generated name is in the DB already because a user could have custom entered the result of the auto generation.

This has to be programmed async. The DB driver is using a transaction but multiple calls have to be made to check if the generated handle exists for that organization. Also I have to check the migration script itself for possible duplicates. 3/4 of the users have a handle and with the scale there will definitely be duplicate names.

My idea is if there is a collision, use a UUID and let the users pick something nicer next time they log in. Business says “Reeeeeee!!!! The users shouldn’t see a UUID!!! You can do this!!!” Absurd uniqueness requirements. Absurd backfill procedure. Absurd business rules.

I had to contact technical support for an API. I’m pretty sure I was emailing with a bot because I was getting all sorts of stupid replies.

Me: I’m using your SDK for language X. It’s returned null for some properties. In the user portal, I can see there are values for those properties for the transaction. I don’t know why I’m not receiving them on my end.

Tech Support: Hi! I see the following was sent in the API response. [Sends api response to me.] You can also go the the portal to see those values.

Me: Yeah, I know. You just repeated everything I wrote to you. I don’t want to go to the portal. I told you I want to figure out why your SDK doesn’t seem to map those properties correctly when I receive the api response.

TS: Let me look at the docs. I think you need to send the properties you want in your request in order to get them back in the reply from the api. Such as <property>value<property> in the xml message.

🤨 The docs do not say that. They don’t even imply that.

Me: What the fuck?! That makes absolutely no sense. We have already established that the api **is** returning values for those properties. I want to troubleshoot why your SDK is mapping them as NULL.

Am I in developer hell already? A shitty project is about to come to an end (hopefully), or should I rather say: It needs to come to an end. But I am still quite lost in how to deal with it, hence procrastinating on it - making the deadline come closer and with it the realization that I'll probably have to rewrite almost everything. I'm not sure how, but I do know that the current code is a dumpster fire.

Basically what I need to do is dealing with the APIs of different payment providers/gateways (like PayPal, AmazonPay). For most cases I'll get a payment ID from the shop and need to act on it later, e.g. capture the authorized money in the case of a credit card transaction or do refunds (without user interaction, unless there is an error). Now at first I put something together where I try to abstract the payment information into two tables:
orders{1}<->{0..n}payments
payments{1}<->{1..n}paymentDetails

Unfortunately trying to abstract the different payment methods and to squeeze them (and their different possible stati and functions) in these tables was not very successful, it's a total mess with magic numbers, half-broken behavior and without any consideration for partial payments/captures or unfinished requests (i.e. if there is an exception before the response is dealt with, there is no indication that anything has ever been sent). Also the current amount is calculated through the history of the paymentDetails table, which basically works differently for each payment type.

How to fix this mess in a way that I'll still have a job by next week?

I'm trying to improve the db schema first, as I think my biggest problems are lying there. Through some research I've come across a recommendation for making payment type specific subtables (with a magic number/string in the main table to prevent having to look up all subtables). That way I can record what I send and receive without having to abstract it too much, so I'll have an acceptable transaction log. The paymentDetails table can be removed (necessary fields go to the payments table). The payments table gets multiple fields for the amount (differentiating between open, authorized, captured, processing and refunded values) and always reflects the current status.

Tables:
payments
paymentRequestsPaypal
paymentRequestsAmazonpay
paymentRequestsXyz

I think I'm going in the right direction here. hm. Maybe there's some light at the end of this long, dark tunnel. Or a train. I'll have two days to find out.

Just spend two fucking days debugging a few methods in our program. I used unit tests to call those methods (don't want to navigate through the complete program workflow)...
Yeah, guess what: the test cleanup includes a fucking rollback transaction function. So NONE NADA ZERO FUCKING CHANGES WILL BE PERSISTED. Fuck me

Ebay is a huge pile of freshly juiced garbage.
Their settings menu looks like its from 2005. And when it looks halfway decent the CSS doesnt load cause you have do not track enabled.
If you go to write their support, it returns an unexpected error.
when you use the shopping cart the number of items you have in it is not the same as the number it says that you have in it. And when you want to checkout that cart, not all items show up on the payment screen. Despite the item being shippable.
And the worst thing of them all: IF YOU THEN CHECK OUT ALL THESE ITEMS IT MAKES AN INDIVIDUAL TRANSACTION FOR EACH ONE. THUS THE FRAUD DETECTION OF THE CARD BLOCKS THE CARD, CAUSE TOO MANY TRANSACTIONS HAPPEND AT ONCE!

Why the fuck do I have to wait more than 2 seconds to cancel a fucking FAILED PayPal transaction??? AND HAVE MY CREDIT BACK?!?! C'mon !!! ITS FUCKING 2016!!!

I dumped my database... now I'm single (transaction)

#TIL Hibernate won't allow you to insert multiple rows if a PK Column is auto incrementing in one transaction because ¯\_(ツ)_/¯

had a uni exam in databases (just closely didn't make it😒)
it didn't even have sql in it!?

questions about ER diagrams and draw a diagram, functional dependencies with given dependencies, find candidate key and what not, work on a b-tree (miserably failed😣), datalog (who the fuck cares about datalog? the least expected topic) and transaction management/serializability

whose idea was it to not include sql?? isn't it one the fundamental parts of relational databases?

"This module wraps around this genuinely awesome database and provides all the in-memory storing of the database so that nothing is persisted"

nice, just like I need it

Hudden truth:
"but in order to make it non-persistent you have to clear the database on every startup"

This shit cost me so much fucking time time, works needs it's sucked for every transaction, just for basic features not being implemented and performing even worse than standard choices because you can't leverage it's power for shit?

Fucking waste of time. I could have finished the Api with the standart module a long time ago, but I'm such and idiot and want to step outside my comfortzone too much.

I'm switxhing the fuxk back and maybe I get this done within 3 hours

Guys check out IOTA, get a light node wallet and buy some as long as it is still low. It is rising at a rising rate since some hours now.

IOTA is the solution to bitcoins speed and scalability problems. IOTA does not use the blockchain but instead a network called the tangle, which enables decentralized peer-to-peer transactions. There are no miners, no fees and the transaction validation speed depends on how many people are using the currency. One transaction requires your device to validate 2 other transactions through proof of work and therefore the system can never be overloaded by too many transaction requests.

Be warned though, the IOTA foundation is only currently building up the infrastructure, and people are just starting to trade since a few weeks so trasactions still may take a few hours.

Close my account for Free? I thought I was supposed to pay some fees like always.

Had a customer billing due today, spent 2 hours trying to figure out why the Billingservice kept failing. Had an uncommited transaction on another laptop. Somebody kill me 😑

How much of "unique" the string that is the current epoch in milliseconds converted to base 36 ?
I know it is not universal. But require such a bad luck to have collision no ?
I am gonna use it for "transaction" primary key. (Every time a user pay, it it a new trasantion).
Uuid are very long, i need to put this pk in qr-code later
Thoughts ?

I don't know if this counts but wrote a generator that replaced a shitty linq to sql dal to use our system so I didn't have to mess with a web app I'd written. In place replacement with a few methods that made the other transaction lock field updates and calls etc

Most risky I can think of

Everything else was data migrations but there were always backups

I'm creating an application where If I lose a bet I'm gonna pay $10 to my friend and he loses then he does the same also but I don't know how do I Implement this transaction using react and node, I mean which service should I use to do this?

I am setting 5 stores and need paypal to notify each store during a transaction and make an IPN callback. However paypal allows adding only one IPN URL. Can you advice some plugin/framework to handle this properly?

Question for the crypto users here:

Is paying someone/getting paid via a crypto transaction better than getting paid through Wire/Bank transfer, where you're dealing with overseas payments?

Do you recommend people having a crypto wallet so they can get paid overseas easily?

You know
When I first saw etherum talking about am distributed state machine i thought wow. Not very practical but NEAT. I envisioned being able to make a byte code that could be stored in transactions and run by individual clients in an async function and each step of the resulting execution and the values of managed ram would be stored at intervals so other clients could take over and execute a few more statements and compare what should always be expected results that are identical

A grand incredibly inefficient system however really neato from the theoretical computer nerd standpoint !

Boy was I disappointed lol all it is a basic contracts language but yet they state it could be like a word computer ! How ? I thought maybe if you had enough nodes participating maybe you could store registers and the like in transaction values ? Wouldn’t that be the way ?

Seems like as a word computer they’re stuck somewhere between very simplistic js and something prior to amptron in usability yet they advertised as a world computer
Am i missing something ? I mean you could create something that would translate higher level code into smal numeric statements and then send it additions values but what would it be useful for and how would you actually. Store anything ?

Is there a standard around checking the checksum of a bundled weapp to make sure it's the same as what the open source codebase would compile to?

I'm working on some opensource blockchain interface software and obviously blockchain passwords are pretty important, so we do all transaction signing client side and password storage client side, but there's no point doing that if the user can't verify that the password isn't being sent off to some server in secret, but the only way to ensure that is with open source software + a checksum check upon loading, because opensource software doesn't mean the deployed version is the exact opensource branch version.

Any ideas?

At the end of a request I want to ensure that both 1) persisting to the DB and 2) dispatching to the message queue is successful.

If one of these side effects fails, I want both to fail: this can be done with a distributed transaction (eg. 2PC or something similar).

My question is, how much overhead/complexity/latency does this introduce into the system? And is this even needed in the first place or am I overthinking this?

!dev but rant/q
How fucking hard can it be to create a BTC transaction to override an unconfirmed one. Tried two tools but the resulting transaction gets rejected by the network.
Does anyone know one that works and is maybe even automated by any chance? Maybe I can try it if its still unconfirmed when I get home.