So, you start with a PHP website.

Nah, no hating on PHP here, this is not about language design or performance or strict type systems...

This is about architecture.

No backend web framework, just "plain PHP".

Well, I can deal with that. As long as there is some consistency, I wouldn't even mind maintaining a PHP4 site with Y2K-era HTML4 and zero Javascript.

That sounds like fucking paradise to me right now. 😍

But no, of course it was updated to PHP7, using Laravel, and a main.js file was created. GREAT.... right? Yes. Sure. Totally cool. Gotta stay with the times. But there's still remnants of that ancient framework-less website underneath. So we enter an era of Laravel + Blade templates, with a little sprinkle of raw imported PHP files here and there.

Fine. Ancient PHP + Laravel + Blade + main.js + bootstrap.css. Whatever. I can still handle this. 🤨

But then the Frontend hipsters swoosh back their shawls, sip from their caramel lattes, and start whining: "We want React! We want SPA! No more BootstrapCSS, we're going to launch our own suite of SASS styles! IT'S BETTER".

OK, so we create REST endpoints, and the little monkeys who spend their time animating spinners to cover up all the XHR fuckups are satisfied. But they only care about the top most visited pages, so we ALSO need to keep our Blade templated HTML. We now have about 200 SPA/REST routes, and about 350 classic PHP/Blade pages.

So we enter the Era of Ancient PHP + Laravel + Blade + main.js + bootstrap.css + hipster.sass + REST + React + SPA 😑

Now the Backend grizzlies wake from their hibernation, growling: We have nearly 25 million lines of PHP! Monoliths are evil! Did you know Netflix uses microservices? If we break everything into tiny chunks of code, all our problems will be solved! Let's use DDD! Let's use messaging pipelines! Let's use caching! Let's use big data! Let's use search indexes!... Good right? Sure. Whatever.

OK, so we enter the Era of Ancient PHP + Laravel + Blade + main.js + bootstrap.css + hipster.sass + REST + React + SPA + Redis + RabbitMQ + Cassandra + Elastic 😫

Our monolith starts pooping out little microservices. Some polished pieces turn into pretty little gems... but the obese monolith keeps swelling as well, while simultaneously pooping out more and more little ugly turds at an ever faster rate.

Management rushes in: "Forget about frontend and microservices! We need a desktop app! We need mobile apps! I read in a magazine that the era of the web is over!"

OK, so we enter the Era of Ancient PHP + Laravel + Blade + main.js + bootstrap.css + hipster.sass + REST + GraphQL + React + SPA + Redis + RabbitMQ + Google pub/sub + Neo4J + Cassandra + Elastic + UWP + Android + iOS 😠

"Do you have a monolith or microservices" -- "Yes"

"Which database do you use" -- "Yes"

"Which API standard do you follow" -- "Yes"

"Do you use a CI/building service?" -- "Yes, 3"

"Which Laravel version do you use?" -- "Nine" -- "What, Laravel 9, that isn't even out yet?" -- "No, nine different versions, depends on the services"

"Besides PHP, do you use any Python, Ruby, NodeJS, C#, Golang, or Java?" -- "Not OR, AND. So that's a yes. And bash. Oh and Perl. Oh... and a bit of LUA I think?"

2% of pages are still served by raw, framework-less PHP.

Hacking/attack experiences...
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜

Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.

First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.

Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.

Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.

Dealing with attacks and getting hacked.

Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.

linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)

How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!

One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)

Dealing with different kinds of attacks:

Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.

So yah, hereby :P

Every day.

I am a PHP developer.

Yeah, "another PHP is awful" rant... no, not really.

It's just unsuitable for some ambitious projects, just like Ruby and Python are.

First of all, DO NOT EVER use Laravel for large enterprise applications. The same goes for RoR, Django, and other ActiveRecord MVCs.

They are all neat frameworks for writing a todo app, as a better-than-wordpress flexible blogging solution, even as a custom webshop.

Beyond 50k daily users, Active Record becomes hell due to it's lazy fat querying habits. At more than a million users... *depressed sigh*.

PHP is also completely unsuitable for projects beyond 5M lines of code in my opinion. At more than 25M lines... *another depressed sigh*.

You can let your devs read Clean Code and books about architecture patterns, you can teach them about SOLID & DRY, you can write thousands of tests... it doesn't matter.

PHP is scaffolding, it's made of bamboo and rope. It's not brick or concrete. You can build quickly, but it only scales up to a certain point before it breaks in multiple places.

Eventually you run into patterns where even 100% test coverage still doesn't guarantee shit, because the real-life edge cases are just too complex and numerous.

When you're working on a multi-party invoicing system with adapters for various tax codes, or an availability/planning system working across timezones, or systems which implement geographical routefinding coupled to traffic, event & weather prediction...

PHP, Python, Ruby, etc are just missing types.

Every day I run into bugs which could have been prevented if you could use ADTs in a generic way in PHP. PHP7 has pretty good typehints, and they prevent a lot of messy behavior, but they aren't composable. There is no way to tell PHP "this method accepts a Collection of Users", or "this methods returns maybe either an Apple or a Pear, and I want to force the caller to handle both Apple/Pear and null".

Well, you could do that, but it requires a lot of custom classes and trickery, and you have to rewrite the same logic if you want to typehint a "Collection of Departments" instead of "Collection of Users" -- i.e., it's not composable.

Probably the biggest issue is that languages with a (mostly) structural type system (Haskell, Rust, even C#/JVM languages to some degree, etc) are much slower to develop in for the "startup" era of a project, so you grab a weak, quick prototyping language to get started.

Then, when you reach a more grown up phase, you wish you had a better type system at your disposal...

My company wants to start using Node.JS.

JavaScript.
They wanna use JavaScript.
For everything.

JAVASCRIPT.
FOR EVERYTHING.

Scene;

**Asshat enters break room after meeting**

**Asshat turns to Asshole**

Asshat: “Oh here in a year or two we’ll just be rewriting all of this is Node.JS.”

Asshole: “JavaScript. You’ll be rewriting it in JavaScript. And fucking WHY?”

Asshat: “It’s better”

Asshole: “It’s not really a general use language. Why wouldn’t you guys choose Python if you wanted to write EVERYTHING in a goddamn scripting language?”

Asshat: “Google uses Node.JS”

Asshole: “For back-end web development type stuff. I doubt their accounting systems are written in fucking JavaScript...”

Asshat: “Python is oooooold.”

Asshole (to himself): No you’re old, you stupid, ancient fuck.

**Asshole rolls his eyes and walks away**

**Asshat continues his ignorant chuckling**

End Scene;

Clearly years of fixed format RPG programming has killed too many of Asshat’s brain cells.

Working with a client...the resident """sysadmin""" hasn't actually been a sysadmin since the early 90s, the last OS he _actually_ managed was SunOS 5 or something. I can't remember what he said. He hasn't kept up AT ALL with modern technologies/terminologies. He's convinced SELinux is a security hardened kernel. We've explained to him several times that it's not but he sees Linux and thinks Linux 1.0 from the 90s. It's downright embarrassing.

Now this would all be well if I didn't have to interface with him often, but the client WILL NOT give me access to their systems. So I have to go through him to get anything done. Which is over webex. So I get to watch this guy type (and mess up) basic commands over and over (he isn't aware of tab completion of any of the bash features that are super useful). So I'm telling him what to type and the delay is always just enough for him to get too far in the command to back out, so its like SSH-over-incompetence with a 500ms ping. It's truly infuriating.

Every once in a while he'll get frustrated enough to hand me control of his webex session, which isn't as painful but once again the delay is bad enough it's still a pain.

Best part is that he looks EXACTLY like Milton from Office Space. So thats one plus to this whole situation!

Insecure... My laptop disk is encrypted, but I'm using a fairly weak password. 🤔

Oh, you mean psychological.

Working at a startup in crisis time. Might lose my job if the company goes under.

I'm a Tech lead, Senior Backender, DB admin, Debugger, Solutions Architect, PR reviewer.

In practice, that means zero portfolio. Truth be told, I can sniff out issues with your code, but can't code features for shit. I really just don't have the patience to actually BUILD things.

I'm pretty much the town fool who angrily yells at managers for being dumb, rolls his eyes when he finds hacky code, then disappears into his cave to repair and refactor the mess other people made.

I totally suck at interviews, unless the interviewer really loves comparing Haskell's & Rust's type systems, or something equally useless.

I'm grumpy, hedonistic and brutally straight forward. Some coworkers call me "refreshing" and "direct but reasonable", others "barely tolerable" or even "fundamentally unlikable".

I'm not sure if they actually mean it, or are just messing with me, but by noon I'm either too deep into code, or too much under influence of cognac & LSD, wearing too little clothing, having interesting conversations WITH instead of AT the coffee machine, to still care about what other humans think.

There have been moments where I coded for 72 hours straight to fix a severe issue, and I would take a bullet to save this company from going under... But there have also been days where I called my boss a "A malicious tumor, slowly infecting all departments and draining the life out of the company with his cancerous ideas" — to his face.

I count myself lucky to still have a very well paying job, where many others are struggling to pay bills or have lost their income completely.

But I realize I'm really not that easy to work with... Over time, I've recruited a team of compatible psychopaths and misfits, from a Ukranian ex-military explosives expert & brilliant DB admin to a Nigerian crossfitting gay autist devops weeb, to a tiny alcoholic French machine learning fanatic, to the paranoid "how much keef is there in my beard" architecture lead who is convinced covid-19 is linked to the disappearance of MH370 and looks like he bathes in pig manure.

So... I would really hate to ever have to look for a new employer.

I would really hate to ever lose my protective human meat shield... I mean, my "team".

I feel like, despite having worked to get my Karma deep into the red by calling people all kinds of rude things, things are really quite sweet for me.

I'm fucking terrified that this peak could be temporary, that there's a giant ravine waiting for me, to remind me that life is a ruthless bitch and that all the good things were totally undeserved.

Ah well, might as well stay in character...

*taunts fate with a raised middlefinger*

Nope, definitely not going to work for that customer anymore. Fuck this shit. At least for this week.

My background: mid-30 years old, some kind of business & IT consultant / lead dev working for a mid sized CRM consulting company, with approx 15 years of experience in development and software architecture, most of the time "thinking" in C#, still learning new languages, being a cloud evangelist and team lead. We usually have customers with customers (B2B/B2C).
Personality type "campaigner" (ENFP-A).

Today the project lead of my client (a big corporation in the energy industry) told me that he still didn't order all the necessary resources for the cloud project. Just to be clear: He's on the client side. We (the architects, one internal and me) told him one month ago what we need for the beginning. Just a few things - an Azure subscription, a license for the CRM platform, and our dev tools.

And now let's guess when the project is planned to begin? Yeah, right: 1st of April. NO APRIL'S FOOL. And guess what? Next Tuesday we'll do the onboarding for the new (external) devs, and NOTHING will be ready. Yeah, just let us build stuff in our minds, and on the whiteboards, because it's an AGILE project, right? We don't need any systems and tools...

And now he sent me the questionnaires which need to be answered before any cloud service can be ordered by the corporate IT. And yes, he didn't answer a single thing, and just meant "Those are architecture questions" (they are not) and (of course) "please provide the answers until Monday morning, so we can FINALLY order the services."

Yeah, you fucktard. Of course it's MY FAULT now. Maybe I should write an email to your boss asking how we can speed things up a little bit...

So my brother went back to school today. Now, during the 5 years I was there they had the most shit security on their IT systems, but aparently now they have fucked up their ssl. If you try to load the https page it comes up with the warning saying its an invalid certificate, but once you click it, it doesn't even load the school website, it loads this random page. Clicking on the buttons then take you to a page under their domain provided by another school. Going to this schools website, the https seems to be broken in the exact same way. It wouldnt be so bad, but it can confuse the hell out of people who type https before a url, and thos who dont realise and end up on the insecure site will need to provide passwords over an insecure connection. I am so glad im out of that place, they had such crap IT and everything was so easy to break.

Don't use your senior software engineer title or years of experience as reasons in a debate or argument about software

My manager was asking me what steps needs to be done to perform a disaster recovery for our cluster( on production). I will be honest here, I have not maintained this type of cluster(kubernetes) in production before. However, I have enough understand of the system to answer my boss question. I basically told him there are A, B, C you have to do.

My senior developer jumped in and said "No you should do A,C, B because C is more critical than B. " I then replied to him: "I understand your point, I notice that too, but .." Before I can even finish my sentence, this dude has already rolled his eyes and interrupted me very loudly: "Have you worked with these systems on production before? I did". The asshole knows I haven't maintained Kubernetes on production yet of course.

I got super pissed at him and pretty much shouted back to him and my manager: "Just because I haven't worked on this system on production yet, does not mean my argument is wrong" .

I then dragged my managers, that asshole, and other engineers in a room and settle this out. In the end, people agreed with my steps over that asshole senior engineer dude because I gave them rational reasons.

The conclusion is: Your senior title is given by the company, It doesn't mean anything to me. Also, it doesn't make you more right than another person just because he has a "lower" title than you.

Trying to re-type a massive essay I lost because the app refreshed for some reason. I'll try to keep it short (spoiler: I lied).

Recently, I had a conversation with a couple of non-tech people about AI and the fear of computers making humans obsolete. I have some strong (borderline ranty) opinions about this, and thought I'd post here to see what reaction is get.

This is not a "machines will destroy us" post, it's more about the very legitimate great of losing jobs.

- AI is a tool. It's main use would to be help optimise the more complex routine tasks and free up people's time to be more creative in their jobs. Basically, it's the next step of automation.
- Human intuition can never be replaced. Sometimes, things just seem a bit off. Sure, an AI would avoid ever getting in that situation, but only if it had learnt it in the past. A human will always have to be at the helm of any such system.
- Achieving true intelligence and sentience is like trying to travel at the speed of light. The closer you get, the more challenges you face.
- Getting hyped by sensationalist news that claims the end is nigh because two computers optimised the language they used to communicate when trying to reach a goal is stupid. All this shows is that the tech is working as expected and the systems can optimise on the fly. To me, this was a pretty awesome moment.

Now, I'm not saying dystopia is impossible, neither am I saying that it is inevitable. Just like any tool presented to us, if we use it responsibly, we can make life and society a lot better.

It's been a while DevRant!

Straight back into it with a rant that no doubt many of us have experienced.

I've been in my current job for a year and a half & accepted the role on lower pay than I normally would as it's in my home town, and jobs in development are scarce.

My background is in Full Stack Development & have a wealth of AWS experience, secure SaaS stacks etc.

My current role is a PHP Systems Developer, a step down from a senior role I was in, but a much bigger company, closer to home, with seemingly a lot more career progression.

My job role/descriptions states the following as desired:

PHP, T-SQL, MySQL, HTML, CSS, JavaScript, Jquery, XML

I am also well versed in various JS frameworks, PHP Frameworks, JAVA, C# as well as other things such as:

Xamarin, Unity3D, Vue, React, Ionic, S3, Cognito, ECS, EBS, EC2, RDS, DynamoDB etc etc.

A couple of months in, I took on all of the external web sites/apps, which historically sit with our Marketing department.

This was all over the place, and I brought it into some sort of control. The previous marketing developer hadn't left and AWS access key, so our GitLabs instance was buggered... that's one example of many many many that I had to work out and piece together, above and beyond my job role.

Done with a smile.

Did a handover to the new Marketing Dev, who still avoid certain work, meaning it gets put onto me. I have had a many a conversation with my line manager about how this is above and beyond what I was hired for and he agrees.

For the last 9 months, I have been working on a JAVA application with ML on the back end, completely separate from what the colleagues in my team do daily (tickets, reports, BI, MI etc.) and in a multi-threaded languages doing much more complicated work.

This is a prototype, been in development for 2 years before I go my hands on it. I needed to redo the entire UI, as well as add in soo many new features it was untrue (in 2 years there was no proper requirements gathering).

I was tasked initially with optimising the original code which utilised a single model & controller :o then after the first discussion with the product owner, it was clear they wanted a lot more features adding in, and that no requirement gathering had every been done effectively.

Throughout the last 9 month, arbitrary deadlines have been set, and I have pulled out all the stops, often doing work in my own time without compensation to meet deadlines set by our director (who is under the C-Suite, CEO, CTO etc.)

During this time, it became apparent that they want to take this product to market, and make it as a SaaS solution, so, given my experience, I was excited for this, and have developed quite a robust but high level view of the infrastructure we need, the Lambda / serverless functions/services we would want to set up, how we would use an API gateway and Cognito with custom claims etc etc etc.

Tomorrow, I go to London to speak with a major cloud company (one of the big ones) to discuss potential approaches & ways to stream the data we require etc.

I love this type of work, however, it is 100% so far above my current job role, and the current level (junior/mid level PHP dev at best) of pay we are given is no where near suitable for what I am doing, and have been doing for all this time, proven, consistent work.

Every conversation I have had with my line manager he tells me how I'm his best employee and how he doesn't want to lose me, and how I am worth the pay rise, (carrot dangling maybe?).

Generally I do believe him, as I too have lived in the culture of this company and there is ALOT of technical debt. Especially so with our Director who has no technical background at all.

Appraisal/review time comes around, I put in a request for a pay rise, along with market rates, lots of details, rates sources from multiple places.

As well that, I also had a job offer, and I rejected it despite it being on a lot more money for the same role as my job description (I rejected due to certain things that didn't sit well with me during the interview).

I used this in my review, and stated I had already rejected it as this is where I want to be, but wanted to use this offer as part of my research for market rates for the role I am employed to do, not the one I am doing.

My pay rise, which was only a small one really (5k, we bring in millions) to bring me in line with what is more suitable for my skills in the job I was employed to do alone.

This was rejected due to a period of sickness, despite, having made up ALL that time without compensation as mentioned.

I'm now unsure what to do, as this was rejected by my director, after my line manager agreed it, before it got to the COO etc.

Even though he sits behind me, sees all the work I put in, creates the arbitrary deadlines that I do work without compensation for, because I was sick, I'm not allowed a pay rise (doctors notes etc supplied).

What would you do in this situation?

Teach things properly, most teachers are confused and they start throwing keywords at even more confused students who then have no clue what they are doing and they then ask me to do their work for them showing me their unindented(well... kinda, they all seem to fight with the IDE, which is trying to properly indent their mess, for some reason), teachers think that Turbo Pascal is the way of life and that it is used everywhere(one teacher tried to tell me that Pascal is used in the stock market and in modern operating systems - U wot m8?! how high are you right now) and they don't teach user input sanitization and type checking, they stare at you like you are the fucking satan when you dare to use objects, collections and abstraction because they are scared to death of that stuff... and then they think 60 minutes is enough to teach HTML, CSS, JS and PHP in one go(which they even don't know properly - the teacher that made and maintains the school's website is probably stuck in 1998 judging by the design and functionality of the website and his clothes) and they then send absolutely clueless students to compete in a web design competition (and then they get angry at the judges for giving the students 0 points)

How do you get over the bad times? I keep having to work with shitty legacy systems that were written in perl and flash in the 90s, but my boss keeps telling me "No" on redoing some of the bigger stuff even though it is really needed. I mean, that is your goal here, right? Rebuilding this POS? FFS you still stored passwords in plain text twoo weeks ago! But no, you's rather dig around in Perl than upset some random user because his fucking interface looks different.

But then I also have to work with another system that I could redo in Cake/Laravel in two weeks (it's literally getting and writing data to one table, so two views and user auth), and the previous dev just... made a huge mess. I mean, why would you need to post data asynchronously when it's this one stupid form ? Just do a regular form submit? And the system is really not suitable for extending, because everything is in the database, EVERYTHING! Like, html form inputs? So to add a simple input to the template I have to create a new input type in the types table and then add that to the form structure table? Only to have the input checked by fucking regex? REGEX! Why? Seriously, this is not some high end CMS that needs this level of code reusability No. This is a simple fucking form.

And I can't get it to work. No documentation of course. No comments, either. All of this makes me feel like I'm just the shittiest dev ever. I feel dumb, and useless. Haven't turned on my private PC in weeks because I see no reason to work on any of my own stuff.

I used to have a job, working with Magento and Wordpress. And yeah, it was horrible, it was chaos, but it was fun and I was great at it. I bent that motherfucking system to fit my needs. People respected my opinion, they were convinced I could program this and that, and I proved them right. Did I make mistakes? Hell yeah. Did I give up? Fuck no!

But now, I just feel like I can't even write a simple fucking form any more. I'm just so close to giving up on development as a whole, even though I love it so much.

!rant

Every type of doctor is a different kind of debugger for the Human Operating System 🤔

They debug system services like "ear", "throat" and "poop".
Sometimes they even repair or take apart systems for different reasons!

Because of the amount of complaining I do at work concerning legacy php applications the HOD is trying to push for different technologies to use for backend services. We have met multiple times to discuss the proper way of handling the situation since there are a lot of very obvious things to consider regarding the push for a new tech stack. The typical names have come about, but my biggest issue will be training people for these stacks.

Testing environments with docker and so forth, push for CERTAIN applications to be more API centric and the use of better frontend frameworks that will remain standard for years to come(hard to bet on this one but I tend to orefer React) among other things are the topics of conversation.

Personally I would love to move the shop to something geared towards Golang, thing is, the lead dev is complaining about it saying that the training for a new language would just take time. After a couple of examples he is still not convinced.

I think its wrong of him to center himself on just PHP and JQUERY as the main development stack he uses and learning new things should be part of the job, I also have a case against the spaghetti code that results from just using vanilla php with no proper development practices(composer based systems, oop etc etc you get the gist)

In the end I am starting to think that it will become one of those "fuck off I am the boss" type of deal since I am going to be here after a long time and he has about 2 years before he medically retire.

So I figure since I straight up don't care about the Ada community anymore, and my programming focus is languages and language tooling, I'd rant a bit about some stupid things the language did. Necessary disclaimer though, I still really like the language, I just take issue with defense of things that are straight up bad. Just admit at the time it was good, but in hindsight it wasn't. That's okay.

For the many of you unfamiliar, Ada is a high security / mission critical focused language designed in the 80's. So you'd expect it to be pretty damn resilient.

Inheritance is implemented through "tagged records" rather than contained in classes, but dispatching basically works as you'd expect. Only problem is, there's no sealing of these types. So you, always, have to design everything with the assumption that someone can inherit from your type and manipulate it. There's also limited accessibility modifiers and it's not granular, so if you inherit from the type you have access to _everything_ as if they were all protected/friend.

Switch/case statements are only checked that all valid values are handled. Read that carefully. All _valid_ values are handled. You don't need a "default" (what Ada calls "when others" ). Unchecked conversions, view overlays, deserialization, and more can introduce invalid values. The default case is meant to handle this, but Ada just goes "nah you're good bro, you handled everything you said would be passed to me".

Like I alluded to earlier, there's limited accessibility modifiers. It uses sections, which is fine, but not my preference. But it also only has three options and it's bizarre. One is publicly in the specification, just like "public" normally. One is in the "private" part of the specification, but this is actually just "protected/friend". And one is in the implementation, which is the actual" private". Now Ada doesn't use classes, so the accessibility blocks are in the package (namespace). So guess what? Everything in your type has exactly the same visibility! Better hope people don't modify things you wanted to keep hidden.

That brings me to another bad decision. There is no "read-only" protection. Granted this is only a compiler check and can be bypassed, but it still helps prevent a lot of errors. There is const and it works well, better than in most languages I feel. But if you want a field within a record to not be changeable? Yeah too bad.

And if you think properties could fix this? Yeah no. Transparent functions that do validation on superficial fields? Nah.

The community loves to praise the language for being highly resilient and "for serious engineers", but oh my god. These are awful decisions.

Now again there's a lot of reasons why I still like the language, but holy shit does it scare me when I see things like an auto maker switching over to it.

The leading Ada compiler is literally the buggiest compiler I've ever used in my life. The leading Ada IDE is literally the buggiest IDE I've ever used in my life. And they are written in Ada.

Side note: good resilient systems are a byproduct of knowledge, diligence, and discipline, not the tool you used.

I don't know what to do because union and sum types both totally suck but I need them for my scripting language

Union types are fun and intuitive because they can be used with type refinement but they're not hierarchical thus bad for generics.

Sum types (or tagged unions) are great because they're hierarchical and can be nested properly but they need ugly type matching constructs.

The positive thing is I'm not making a systems language anymore so I only wanna jump of a bridge every second day

Storytime.....

So I have a friend who was part of a QA team in a large multinational company a few years back in, let's call it city X. There was this absolutely useless guy on the same team as him, didn't have a clue what was going on, gave everybody headaches, wrote sloppy buggy code, constantly fucking things up. You know the type, eventually he ended up getting fured/let go, whatever way you want to put it due to poor performance. All was well again.

My friend moved on to bigger and better things and moved cities, a few years after he was back in city X, out having a few drinks with friends, he just so happened to bump into the guy from his old company that got fired and started talking to him, as he was a nice guy, just a useless programmer/coworker. After a bit of small talk my friend asked where he was working now. He response: "oh I work with an air traffic control systems manufacturer as a developer"

Even if he's a younger guy than most other examples, my mention is:

Jordan Walke

He's the inventor of React, which probably changed the way to write (web-)apps for a lot of people and was based on a prototype written in StandardML.

He's also created ReasonML which is not only in many ways a more fitting language to write React, but also a good systems language (props to OCaml and it's unbreakable type system). Many React concepts/patterns have their origins in functional language concepts, including reducers and hooks.

It's a shame that people don't want to use F# but prise C# for how cool it became and continue becoming. At the same time, little do they know that many of the features were simply drawn from F#.

It's just rediculous how far this OO and C-Style syntax crap has progressed. They keep copying things from functional langugages, making the initial language to be a monstrocity like C++ is now, insted of just using languages like C#. I mean, it was right there before C#: async/task, immutablility, records, indexes, lambdas, non-null by default, who the hell knows what else.
Besides, many people (in my company at least) are just blindly overengineering with patterns and shit, where a simple function would be just enogh.

Watch some some NDC talks about F#, in particular those of Scott Wlaschin. It's just better in so many ways: less noice (I'm looking at you, brackets, commas and semicolons), the whole LOT of type inference and less duplication (just look at the C# signatures of linq methods - it's difficult to read them), immutability by default, non-nullable by default, ADTs and pattern matching, some neat features like type providers (how many times have used "paste special" or an online tool to create C# classes from a JSON/XML file, and how many times have your regenrated it because of schema changes?) and units of measure.

Of course, in some cases it's not optimal, in some cases mutable datastructures of C# are better for performance. But dude, how many performance critical systems have you wrote in C#? I mean, if it comes to performance you should use Rust or C++ or C after all.

*sighs*

My dad didn't actually know what it was I did. He wanted to get me into hardware and network security type things. Basically the kind of things network engineers or systems admins do. I am still not sure he knows what I actually do.

I missed this last week... so too bad ;)

My introduction into programming was rather slow. When I was a child, we had an Apple IIc, but there were no disks. When you'd boot it up, you got a prompt and I recall being able to type commands into it that someone told me was "Apple BASIC".

At the same time, our family computer was a 386 and it came with something called GWBasic. I was a huge Mortal Kombat fan as well, and I recall finding the moves for the game on an AOL usenet. I took them all and wrote a program in BASIC that let you search and find moves for your character. I distributed this on some floppies to friends.

After that I lost interest. My "Information Systems" shop in high school was more about how to use Office than it was about programming. A few years later I found out that you could run your own text-based games (MUDs) and I quickly jumped into that and the C language.

From there, I was in and out of programming - C, to C++. Java and PHP, then back to Java. It would be about 15 years later until I finally realized I wasn't bad at this and land a job doing it. :)

I am frustrated from myself. I mean working from four years, have build complex systems, created beautiful UI etc, But whenever I try to pass placement test or job test basically QUIZ type.. FAILED.

I am the responsible for the atlassian Suite at work, as I maintain the systems, set them up, and stuff.

One day, our crowd (the authentication and authorization application) just went crazy. At like lunch time it could not connect to the AD anymore. No reasons. Throwing XSRF errors (cross site scripting), because http would connect to https. "won't do it, fuck you" it told me. Out of the blue. Noone changed anything. And yea, seriously. Noone did.
It just refused to connect (as connecting to AD is connecting yourself with you own api. And refusing yourself talking to yourself). It runs behind a proxy. Therefore http/https. Well, this worked for years. But out of sudden not anymore.

Yea. Fuck you.

It was reported some hours later, at like 3pm, as people could not login to the applications using crowd as authentication and authorization server.

Tried to debug the system, where nothing was did, to make it work. At best time to fail.

First workaround: if you are logged into one of the other applications of atlassian, just refresh the site, so your SSO token gets a refresh and you are signed on again.

Then I searched more and more. And more.
But nothing worked, nothing helped.

So I addressed an emergency maintenance, take down the whole Suite, restart crowd, to apply some changes to it's settings, not knowing what happening then, because all connections of SSO will then be released. Sent out the mail like 30 minutes beforehands.

While waiting for the window, I just typed my credentials... And redid, and redid, so to type and being bored.
Three minutes before the window...

It just worked again.

Well. Wtf. Serioudl
Just came back.

No Intrusion, no changes at all. Just came back, as nothing has happened.

Kind of best part of this story... A headhunter messaged me on my way home to offer me a job as an Atlassian Suite SysAdmin for a company, at kinda the double of my salary.

At first I was thinking to go there, and when someone then asked me sth about Atlassian just start to laugh and then leave still laughing...

But then I very nicely respond that I dont want to cry at work. And wished him best luck.

I am doing some bad upgrades now on our Suite. Very painful.
And I looked into the start scripts. Some Look like the untalented intern tells another one to write scripts. Seriously wtf.

Today I followed the guide to Update a confluence and change database to Postgres. Didnt work, Postgres error.
Try it again, jquery won't load. Next try, tomcat not starting anymore. Did same thing. Every fucking time.

Yea. Maintenance window to get a nice new export soon. Will only take an hour.

To switch database in confluence, you need to set it up very fresh. And then Import your export.
Export takes an hour at our system.
Importing maybe the same time. Hope it will work (hint: Nope).

Oh, can be nice also. Just tell the Bitbucket to migrate databases, there is a fucking setting for it. Enter new database, ready, go, finished.

At least they don't raise costs very much every kinda year.
Oh sorry, yes, they do.

!rant

Well not really a CS teacher but it did happen to me during my uni days.

I had joined a marketing class as an elective since my Information Systems degree did have some business related stuff thrown in there.

One day the lecturer strutted in all smug and told us to take out a sheet of paper and we were gonna have a surprise test.

He has the test on a pen drive , apparently it was just 2 open ended type questions he was gonna plug into the class pc and send it to the projector screen.

To this day i have no clue what the hell he did, but that smug bastard managed to delete the test permanently 😂

He popped it in and we saw a few files there he selected them and was about to either drag to desktop or open them , the cursor changed to the wait hourglass , he right clicked and refreshed as if it would
Do anything but .... PooF.... Bye test 👋

He took the pen drive out and plugged it in again, but couldn't find the test file

He scowled then checked the desktop and recycle bin, nope 👎

He took his pen drive and silently walked out....

The other IT students and I were in stitches 😂

This *is* a question you silly wrong tagging mother fucker, how dare you doubt me?

Alright, no more disclaimer: I like dungeons and dragons, but it's too fucking much in terms of rules and systems and shit, as in just *making* a character can take a long ass while.

And if that's the highest level of all your ANAL preferences then OK, but I'm not you and things only come OUT of my ass, not inwards, I swear.

Anyhoo, I got fed up with it and wrote my own ruleset and setting as a last fuck you to everyone. It's very simple: if you want to be some kinky magical alien hermaphrodite royal prostitute half sewer dragon princess and three quarters bearded female incest child of demons and fairies then FINE, but you get no bonuses for that shit.

Get it? No complex racial level scaling bullshit, FUCK YOU, race and background is just for vibes, end of story.

You get no attribute or skills or shit to distribute on level one. All you get is a prompt: pick three actions, that's it. You wanna be sexy? Pick "seduce". You wanna set turds on fire? Pick "ignite". Are you an edge lord? Pick "summon". Would you be my wife? Pick "heal", "buff" and "smite".

The game is turn based, and each action you can take is effectively a spell. Everyone can cast a basic spell like walk, attack, talk, crouch, etcetera -- that costs no mana. Special crap like flying and firing fucking electricity costs mana, and you can only do those if you either picked the spell on level one or learnt it later from a book/tutor/demonic bargain/whatever.

Which spells are valid for taking at level one is up to the game master; I just tell people to pick three verbs or short sentences, and if they choose something that's too broken like "split the Red Sea" I'm like nah you're not Moses, try again.

Still with me? Good. You get eight points of health, four points of mana, and one point of stamina. They're all energy, and you can use it to power your magery, but spending all your health means you fucking die.

Stamina recharges fully every turn, and is used for the aforementioned basic actions. All of these cost one point of stamina each. If you run out of stamina, you can use mana. Or your BLOOD.

Level one spells cost one mana, level two cost two and so on. You get back one point of mana each turn, and you can fire all the spells you want during it, long as you have mana. Or BLOOD.

That's good and all, but if you spend anywhere over eleven combined points of energy in one go, you spontaneously combust and die, erasing all signs of life in a twenty-meter radius. This is called incineration, and it *will* leave behind a blackened crater from which the dark servants of the Horror Immemorial may or may not crawl out of.

In case you didn't guess by now, your blood doesn't fucking come back unless you eat, sleep or see a healer.

But anyway, the more points you spend into casting a spell -- and remember, basic attack counts as a spell -- the more powerful it is, so the bigger your diceroll can get. My rule is I add one dice for every fourth point of energy spent, so (1d4), (1d4 + 1d6), (1d4 + 1d6 + 1d8), incineration.

Additionally, for every three points of energy spent, your spell can hit one more target. That's right, you like AoE? Then spend more mana, bitch. Oh, and if you're using shit like poison it lasts one more turn for every two points of energy spent.

How do we calculate damage? Diceroll over two and fuck your mother. Armor class? Resistances? Out of my face with that shit. Damage reduction is called "tyranny" and is for dungeon bosses only.

If you live long enough to get to level two, you *do* get attributes. Pick:
- Grit: +2 health, +1 to fighter shit type rolls.
- Cunning: +2 mana, +1 to rogue shit type rolls.
- Allure: +1 stamina, +2 to wizard shit type rolls.
- Spirit: +1 to elemental shit type spells.
- Faith: +1 to benefactor paragon asshole shit type spells.
- Hatred: +1 to demonic murder hobo destructive shit type spells.

On second level, you can pick one of the spells you know to get +1 to it, specifically. Eh, "+1" just means you get a bonus to some diceroll, no time to explain I'm running out of characters what the fuck.

On level three, the cycle repeats. Pick attr, pick spell. DONE.

Oh right, and weapons. Mostly just vibes, pick your fancy and fuck off. Normally, you can hit things one tile away; if you have a BIG melee weapon you can hit from *two* tiles away, and if you have a ranged weapon you can shoot anyone in sight, but you need to spend one point of energy to reload.

And there, all bases covered in less that 5000 characters with some flair to spare, now suck my fucking cock Hasbro.

What was the question? Oh yeah right, I'm gonna GPL this shit and put it in browsers. I think I'm going to write it in Kotlin but I'm open to suggestions. Would you guys like to play it/contribute to it's development for shits and giggles?

Is it easy to switch to a different type of development?

I.e. going from desktop to web development, or to game development or systems development etc?

Some background:

About 2 months ago, my company wanted to build a micro service that will be used to integrate 3 of our products with external ticketing systems.

So, I was asked to take on this task. Design the service, ensure extendability and universality between our products (all have very different use cases, data models and their own sets of services).

Two weeks of meetings with multiple stakeholders and tech leads. Got the okay by 4-6 people. Built the thing with one other guy in a manner of a week. Stress tested it against one ticketing service that is used in a product my team is developing.

Everyone is happy.

Fast forward to last Thursday night.

“Email from human X”: hey, I extended the shared micro service for ticketing to add support for one of clients ghetto ticketing systems. Review my PR please. P.S. release date is Monday and I am on a personal day on Friday.

I’m thinking. Cool I know this guy. He helped me design this API. He must’ve done good. . . *looks at code* . . . work..... it’s due... Monday? Huh? Personal day? Huh?

So not to shit on the day. He did add much needed support for bear tokens and generalized some of the environment variables. Cleaned up some code. But.... big no no no...

The original code was written with a factory pattern in mind. The solution is supposed to handle communication to multiple 3rd parties, but using the same interfaces.

What did this guy do wrong? Well other than the fact that he basically put me in a spot where if I reject his code, it will look like I’m blocking progress on his code...

His “implementation” is literally copy-paste the entire class. Add 3 be urls to his specific implementation of the API.

Now we have

POST /ticket
PUT /ticket
POST /ticket-scripted
PUT /ticket-scripted
POST /callback

The latter 3 are his additions... only the last one should have been added in reality... why not just add a type to the payload of the post/put? Is he expecting us to write new endpoints for every damn integration? At this rate we might as well not have this component...

But seriously this cheeses me... especially since Monday is my day off! So not only do I have to reject this code. I also have to have a call now with him on my fucking day off!!!!

Arghhhhhh

Orchid lesson #many:
Church tuples exist only to demonstrate how general substitution is. Just like Church numerals, they aren't meant to be used for real computation and cause a lot of problems. Few type systems and fewer optimizers can deal with them, they're a pain to pass through FFI boundaries, and they're much slower in an interpreted context than a native smart array. And in a lazy language the tuple is almost always lighter than the code that generates it, so you want to generate the tuple eagerly and thunk the actual elements, if thunk you must.

I'll go write a vector based tuple and end this madness tomorrow. New version soon, probably.

With dynamic dispatch.

What does devrant think about custom IDs?

Instead of:
- "d2ac9db1-3222-4e99-97cb-e14fb4240f43"

Something like this:
- "user-d2ac9db1-3222-4e99-97cb-e14fb4240f43"
- "document-34ea29ce-6022-40d4-821d-95b240633ba9"

They can be saved as binary in DB (like in the old days before native UUID support), have basic protection against being confused with IDs of another prefix and are pretty much self-documenting (better debugging/logging experience).

Plus, every ID would have their own value object (increased type safety) and if required, prefix can be omitted for 3rd party systems.

I think, it would be well worth it... 🤔

I did something really stupid and I need some help.

I was trying to use rvict1 to catch packets from my iPhone. I was high when I was doing it and my Mac asked for some type of permission. I pressed OK by accident instead of using the option to modify my system preferences to continue the process. Now I can’t get that systems preference window to show again. Anybody got any tips?

Say I wanted to characterize motion in a video and derive a frequency of that motion, and the extents of the motion?

For instance: walking, jumping, running, punching, dancing, etc. The view might vary and be further away or closer to where it is harder to make out features.

I am assuming I would use some sort of AI to identify objects and perhaps bone structure. Then compare against a model to determine motion type, and then attributes. I have seen cameras get bone structure, but I think it required 2 views. Such as the cheap motion capture systems.

Could this be done in real time of video playing? Or would this need to preprocess and use the info created during playback of the media?

I really don't know much about AI models. I have been curious about how it can be used with video.

What is the point of specifying whether one connected headphones or an external speaker to the computer or smartphone?

When attaching an audio device, some operating systems and smartphones ask the user about the type of audio device. For what purpose?

String good =
"I'll never give up type systems!!"
+ " Do you hear me?!"
+ " Never!";

bad =
"Can't believe it made it all the way into prod."
% NaN + 3 / '11'

In type systems without variadic generics, tuples should be defined as a type-level conslist:

Tuple<int, Tuple<string, Tuple<bool, TupleEnd>>>

Consider the possibilities, even just in a regular type system, then consider how much more is possible with dependent types!