TLDR : I left a company which doesn't understand the concept of email id and passwords.

Me (trying to login to the alumni website) *no register user option*

Customer support - you've to click on forgot password to create an account.
Me - Wonderful

*clicks on reset password*
*enters employee id, name, email, father's name, DOB, date of joining , date of leaving, current city because apparently if I just enter my employee id it is as if they never knew me. Sigh*
*your password will be sent to your email id*

Me - okay. *waits for two weeks because I assumed someone will manually go and create my account and email me, considering the state of system. *

After two weeks,

Me - I still haven't received my password on email after I created my account. Can you please check?

After one week,

Customer support - you need to click on forget password if you forgot your password.

Me - *inventing new curse words* I have not forgot my password, I never received it in the first place!

After one week,
Customer support - yes you'll receive your password on your email id.

Me - *runs out of curse words* seriously dude?
* proceeds to reset password*
System - your password has been reset. Your new password will be sent to your email id. *apparently anyone can reset passwords if you have the employee id, which is an integer*

After a week

Me - Am I going to ever receive the password? I've tried generating passwords, resetting my password. I never get my passwords. What should I do!!

Customer support - yes you need to click on Forgot password.

Me - are you fucking kidding me!!!
You fuckers need to be fired and replaced by a FAQ page which has no question and just a single answer, because a peanut has higher IQ than you. For any questions you may have, just reset password. Goddammit idiots!
Also, which email id are you sending my passwords to?

Customer support - myname@oldcompany.com

Me - you do realize that this is the alumni website for the company. Alumni means ex members.
Being ex members, you can assume we don't have access to our company email ids obviously?

Customer support - yes.

Me - how am I supposed to get the password using my old email id then?

Customer support - you need to click on forgot password option.

I think I should probably move to the Himalayas for my anger management issues. Plus it'll be probably easier to throw idiots off a mountain.

Ex-coworker of mine fixed this bug a week after the site was launched and has gathered several thousand users in database.

Yep its exactly what you think it is, each time one user would update its infos, it would update his infos to all the users in the database.

Luckily I was not in charge of the project in that time, so it was really fun to watch how everyone's name was changing every couple of minutes for a whole week :D

Productive day!

Rewrote an intern's feature and briefly explained how/why
Gave intern a choice of projects, and explained them
Removed two unused models, one unused route
Dried up two views into a partial
Redesigned said partial
Tested validation edge cases (ex: Jan 10nd, 101bc)
Fixed an api
Simplified three models
Added scheduling and platform restriction to a feature
Le wild bug appears: a user with negative xp!?
Wrote a migration to expand players' max xp to 2^64-1 because a certain legacy game gives it away like my ex-boss makes promises. Chewed at devs, but they're all long gone so :/
Won two games of pool
Browsed devRant

Busy day, and all of this while falling asleep! 😊
I'm quite proud of myself today.

aslkfjasf. i've spent 12 hours today (and lots more over the past two days) trying to reproduce a bug that my [sort of] coworker insists is present. I haven't seen any proof of it anywhere, let alone steps to reproduce it.

I've poured through the code, following all of its tangled noodles of madness from start to fuck-this-shit. I've read and reread the pile of demon excrement so many times i can still read the code when i close my eyes. so. not. kidding.

anyway, the coworker person is getting mad because i haven't fixed the bug after days, and haven't even reproduced it yet. This feature is already taking way too fucking long so I totally don't blame him. but urghh it's like trying to unwind a string someone tied into a tight little ball of knots because they were bored.

but i just figured out why I haven't been able to reproduce it.

the stupid fucking unreliable dipshit ex-"i'm a rockstar and my code rocks"-CTO buffoon (aka API Guy, aka the `a=b if a!=b`loody pointless waste of mixed spaces and tabs) that wrote the original APIs ... 'kay, i need to stop for breath.

The dumbfuck wrote the APIs (which I based the new ones on mostly wholesale because wtf messy?), but he never implemented a very fucking important feature for a specific merchant type. It works for literally every type except the (soon-to-be) most common one. and it just so happens that i need that very specific feature to reproduce this bug.

Why is that one specific merchant type handled so differently? No fucking idea.

But exactly how they're handled differently is why I'm so fking pissed off. It's his error checking. (Some) of his functions return different object types (hash, database object, string, nullable bool, ...) depending on what happened. like, when creating a new gift, it (eventually...) either returns a new Gift object or a string error basically saying "ahhh everything's broken again!" -- which is never displayed, compared against, or recorded anywhere, ofc. Here, the API expects a Hash. That particular function call *always* returns a Hash, no matter what happens in the myriad, twisting, and interwoven branches the code could take. So the check is completely pointless.

EXCEPT. if an object associated with another object associated with the passed object (yep) has a type of 8. in which case, one of the methods in the chain returns a PrintQueue that gets passed back up the call stack. implicitly, and nested three levels in. ofc.

And if the API doesn't get its precious Hash, it exclaims that the merchant itself is broken, and tells the user to contact support. despite, you know, the PrintQueue showing that everything worked perfectly. In fact, that merchant's printer will be happily printing away in the background.

All because type checking is this guy's preferred method of detecting errors. (Raise? what's that? OOP? Nah, let's do diverging splintered-monolithic with some Ruby objects thrown in.)

just.
what the crap.

people should keep their mental diarrhea away from their keyboards.

Anyway. the summary of this long-winded, exhaustion-fueled tirade is that our second-most-loved feature doesn't work on our second-most-common merchant type.

and ofc that was the type of merchant i've been testing on. for days. while having both a [semi] coworker and my boss growing increasingly angry at me for my lack of progress.

It's also a huge feature, and the boss doesn't understand that. (can't or won't, idk)

So.
yep.
that's been my week.

...... WHAT A FUCKING BUFFOON!

So, some time ago, I was working for a complete puckered anus of a cosmetics company on their ecommerce product. Won't name names, but they're shitty and known for MLM. If you're clever, go you ;)

Anyways, over the course of years they brought in a competent firm to implement their service layer. I'd even worked with them in the past and it was designed to handle a frankly ridiculous-scale load. After they got the 1.0 released, the manager was replaced with some absolutely talentless, chauvinist cuntrag from a phone company that is well known for having 99% indian devs and not being able to heard now. He of course brought in his number two, worked on making life miserable and running everyone on the team off; inside of a year the entire team was ex-said-phone-company.

Watching the decay of this product was a sheer joy. They cratered the database numerous times during peak-load periods, caused $20M in redis-cluster cost overrun, ended up submitting hundreds of erroneous and duplicate orders, and mailed almost $40K worth of product to a random guy in outer mongolia who is , we can only hope, now enjoying his new life as an instagram influencer. They even terminally broke the automatic metadata, and hired THIRTY PEOPLE to sit there and do nothing but edit swagger. And it was still both wrong and unusable.

Over the course of two years, I ended up rewriting large portions of their infra surrounding the centralized service cancer to do things like, "implement security," as well as cut memory usage and runtimes down by quite literally 100x in the worst cases.

It was during this time I discovered a rather critical flaw. This is the story of what, how and how can you fucking even be that stupid. The issue relates to users and their reports and their ability to order.

I first found this issue looking at some erroneous data for a low value order and went, "There's no fucking way, they're fucking stupid, but this is borderline criminal." It was easy to miss, but someone in a top down reporting chain had submitted an order for someone else in a different org. Shouldn't be possible, but here was that order staring me in the face.

So I set to work seeing if we'd pwned ourselves as an org. I spend a few hours poring over logs from the log service and dynatrace trying to recreate what happened. I first tested to see if I could get a user, not something that was usually done because auth identity was pervasive. I discover the users are INCREMENTAL int values they used for ids in the database when requesting from the API, so naturally I have a full list of users and their title and relative position, as well as reports and descendants in about 10 minutes.

I try the happy path of setting values for random, known payment methods and org structures similar to the impossible order, and submitting as a normal user, no dice. Several more tries and I'm confident this isn't the vector.

Exhausting that option, I look at the protocol for a type of order in the system that allowed higher level people to impersonate people below them and use their own payment info for descendant report orders. I see that all of the data for this transaction is stored in a cookie. Few tests later, I discover the UI has no forgery checks, hashing, etc, and just fucking trusts whatever is present in that cookie.

An hour of tweaking later, I'm impersonating a director as a bottom rung employee. Score. So I fill a cart with a bunch of test items and proceed to checkout. There, in all its glory are the director's payment options. I select one and am presented with:

"please reenter card number to validate."

Bupkiss. Dead end.

OR SO YOU WOULD THINK.

One unimportant detail I noticed during my log investigations that the shit slinging GUI monkeys who butchered the system didn't was, on a failed attempt to submit payment in the DB, the logs were filled with messages like:

"Failed to submit order for [userid] with credit card id [id], number [FULL CREDIT CARD NUMBER]"

One submit click later and the user's credit card number drops into lnav like a gatcha prize. I dutifully rerun the checkout and got an email send notification in the logs for successful transfer to fulfillment. Order placed. Some continued experimentation later and the truth is evident:

With an authenticated user or any privilege, you could place any order, as anyone, using anyon's payment methods and have it sent anywhere.

So naturally, I pack the crucifixion-worthy body of evidence up and walk it into the IT director's office. I show him the defect, and he turns sheet fucking white. He knows there's no recovering from it, and there's no way his shitstick service team can handle fixing it. Somewhere in his tiny little grinchly manager's heart he knew they'd caused it, and he was to blame for being a shit captain to the SS Failboat. He replies quietly, "You will never speak of this to anyone, fix this discretely." Straight up hitler's bunker meme rage.

The nightmare continues.

Currently dealing with a code review from a “principal” dev (one step above senior), who is unironically called a “legendary dev” by some coworkers. It’s painfully obvious he didn’t read the code, and just started complaining and nitpicking.

It’s full of requests to do things that make absolutely no sense, and would make the code an unmaintainable mess.
• Ex: moving the logic and data collection from the module’s many callers into the module instead of just passing in the data.
• Ex: hiding api endpoint declarations by placing them in the module itself, and using magic instance variables to pass data to it. Basically: using global functions and variables instead of explicit declarations and calls.
• Ex: moving the logic to determine which api endpoint to use, for all callers, into the view.

More comments about methods being “too complex” (barely holds water) right next to comments saying “why are these separate? merge them together!”

Incredulously asking how many times I’m checking permissions and how ridiculous it all is. (The answer? Twice.)

Conflating my “permissions” param and method names with a supposedly forthcoming permissions system overhaul, and saying I shouldn’t use permissions because my code will all have to get rewritten. Even if that were true, and it’s likely not, the ticket still needs to use the current permissions. I can’t just ignore them because they might be rewritten someday.

Requests to revert some code cleanup because the reviewer thought the previous heavily-nested and uncommented versions (with code duplication) were easier to read. Unsurprisingly, he wrote them.

On the same ticket, my boss wants me to remove all styling and clientside validation, debouncing, and error messages from a form. Says “success” and “connection failed” messages are good enough. The form in question sends SMS and email using arbitrary user input for addresses. He also says it shouldn’t be denounced on the server, and doesn’t want me to bother checking permissions. Hello, spam!

Related: the legendary dev reviewer says he can’t think of a reason why we would want to disable the feature for consumers, so I should remove the consumer feature flag.

You can’t make this stuff up.

Just found old logs I had with an ex-client, pre-devrant:

"What if we add the newsletter checkbox to the login, so each time a user logs in, he has to uncheck it, or else he will be subscribed to our newsletter?"

Not sure if that even needs a comment, I am speechless that was an actual suggestion, ever.

I don't understand why people are making a fuss about Facebook.

It's free to use, the amount of users kept increasing (thus the cost of maintenance) yet the company kept getting bigger and bigger. Obviously they're not making all their money off the advertisements on Facebook's own website.

So why are people so surprised that they're "selling" user information?

This is really funny to me. Especially the media joining in saying that it makes all your information available to everybody when they're actually talking about the fact that the majority of Facebook users have their profile set to public and they can be easily found with a simple Google search.

People are so fucking hypocritical it makes me want to puke. If you don't want anybody to know what you posted, just don't fucking post it on a SOCIAL MEDIA in the first place.

Don't get me wrong, I'm not saying that facebook is all flowers and love, they clearly didn't handle this situation well. They could have done something about this whole situation when it started instead of waiting for things to blow out of proportion.

However, people are just being assholes now. I highly doubt that they're reading all chats nor are they sending it over, they're probably just sending out some words you mention often so that it is pertinent for advertisers (ex. If you use the word computer next to buy, then maybe that triggers something). I could talk extensively about it but I'm way too lazy, the point is, they most likely aren't sending the nudes you sent to advertisers because that does not provide any benefits.

If you don't like Facebook, don't fucking use it. Delete your account and shut the fuck up. When you screw up in real life, there's no takesies backsies, why the fuck do people think it doesn't apply online? The government gathers up quite a lot of information on you yet I don't see you crying your eyes out.

Why the fuck do you care so much if an advertisement is tailored to specifically? Yeah, you talked about dildos and now you see dildo ads from Amazon, not happy? Just download adblock and shut up. If you're gullible and the moment you see an ad about single women in your area you click on the ad because you want to get laid right now, that's your problem.

Don't want people knowing about some aspects of your private life? Don't share it online.

Stop acting like people are any better at keeping secrets, I'm sure you had some people leak your secrets at least once, yet I doubt you sued them and you brought them to court.

===========

I'm sorry about this, it's just that Facebook is all over the news and I'm getting sick of it.

Also, I hate facebook, I'm not necessarily defending it, I'm more pissed at the medias for blowing this situation out of proportion.

Some fucking users request for something irrelevant, that's just not the way it designed for

Worst architecture I've seen?

The worst (working here) follow the academic pattern of trying to be perfect when the only measure of 'perfect' should be the user saying "Thank you" or one that no one knows about (the 'it just works' architectural pattern).

A senior developer with a masters degree in software engineering developed a class/object architecture for representing an Invoice in our system. Took almost 3 months to come up with ..

- Contained over 50 interfaces (IInvoice, IOrder, IProduct, etc. mostly just data bags)
- Abstract classes that implemented the interfaces
- Concrete classes that injected behavior via the abstract classes (constructors, Copy methods, converter functions, etc)
- Various data access (SQL server/WCF services) factories

During code reviews I kept saying this design was too complex and too brittle for the changes everyone knew were coming. The web team that would ultimately be using the framework had, at best, vague requirements. Because he had a masters degree, he knew best.

He was proud of nearly perfect academic design (almost 100% test code coverage, very nice class diagrams, lines and boxes, auto-generated documentation, etc), until the DBAs changed table relationships (1:1 turned into 1:M and M:M), field names, etc, and users changed business requirements (ex. concept of an invoice fee changed the total amount due calculation, which broke nearly everything).

That change caused a ripple affect that resulted in a major delay in the web site feature release.

By the time the developer fixed all the issues, the web team wrote their framework and hit the database directly (Dapper+simple DTOs) and his library was never used.

Is there a thing like getting shadowbanned from downvoting on devrant or people just running bots that automatically upvote them if they hit negative upvotes?

Whenever I downvote anything thats at 0 upvotes (for ex. even spam that just didnt get noticed, where I cant report it on desktop), it instantly gets nulled, even on the most hidden and old rants.

I dont think theres always a registered user per every single rant out there at any given time that upvotes somebody. (often very deep down the comments)

Okay then, ex-android user there.

It started with Xperia TX - it was flagship Sony phone back then. It blew my mind when I touched it for the first time. You know, exploring android for the first time in my life was amazing.

It ran just well for about a year. Then it started to fall apart. I need to clarify that I kept it non-rooted, full stock. I'm not into that customization things.

At first, I noticed significant lags. They were everywhere. The longer I used smartphone, the more lags I encountered. I did factory reset, but lags haven't gone anywhere.

Year 2. Front camera stopped working. Battery became unreliable as fuck, going down to 40% and then instantly to zero. What?

Year 3. Camera broke. It refused to start, just giving me "Camera is not available" error.

I tried factory reset again. It helped at first, but month have passed and all that issues came back. And it also became sluggish as fuck.

Got Meizu m3s year ago. The exact same story. Long story short, in one year I got this:
1. Black spots on every picture I take. Much likely a matrix issue.
2. Camera also became slow as fuck, requiring about 10 seconds to even start.
3. Vertical stripes all along the screen. I never dropped my phone, it just appeared once and became brighter and brighter every day I used the phone.
4. Two huge yellow spots on screen. I think it happened because phone's cpu heat up the screen and it broke.

But the most important thing is that fucking lags chased me in every app, they were everywhere. Fucking tiny-ass lags. And they're not going anywhere, they're become more and more significant with time.

Don't say me about oneplus, samsungs and other top android phones. They are conceptually the same, the only different thing is hardware.

That's why I switched. IPhone has its downsides, but it's silky smooth. And my friend's iPhone 4 (not s) feels just as smooth as my brand new se.

I'm not going to jailbreak it. I don't need customizing the hell out of it.

I just needed quick and reliable phone, and SE seems to be exactly what I wanted.

Peace to android folks tho✌️

Anyone know private/encrypted p2p network drive app (best would be opensource) between devices in the internet, with multiple user support, invite only ?

It should work behind nat so need use some 3rd party hole punching server for handshakes.

Let’s say I got a movie I want to share with my friend but instead of him downloading it, I would stream it directly from my device and my friend would open it using ex vlc.

Same with other files, on computer can be mounted as network drive.
Or small app with drag drop or cli to add / remove shared directories.

Can be raspberry pi device.

Thinking more, it should work like vpn network but with tunnels between computers.

Can it be done using ipfs ?

*breath in*

FUUUUUUUUUUCCCCCKKKKK.

OK.
There are many things one can complain about when it comes to windows. But I swear, the worst thing ever invented is this motherfucking "Windows Credential Manager". Basically I have a private and a buissness git account. I worked on a buissness project and pushed my changes. And when I looked in the repo it did commit under my private account. Ex fucking cuse me? Wtf? When pushing I logged in with my buissness account, why on earth did it push with my private account??

*3h of investigation*

Turns out this cunt fuck credential manager stored my private credentials and used them even tho I explicitly pushed with my buissness account. What goatfucker of a developer decided its a good idea to store user credentials without the users permission/without asking, and then uses the stored credentials instead of the one explicitly given??

I swear to god, if this piece of software would be a person, I would have thrown it him of my window(s).

WTF WTF WTF
FUCK YOU SAMSUNG NOTE 8 NOTES APP

FYI : I was ex iPhone user.

I bought a new Samsung note 8 mobile. It has Easy Do app simillar to Notes.

So I had a meeting with business meetup with potential ideas and leads. And i was writing on this Notes app.

After the meetimg done, I closed the app.
And next day (today) I wanted to check what I have got from meetings. And fucking found that this app does not save it until you press save button.

Okay. I AGREE MAY BE MY FAULT, BUT THAT FUCKING APP SHOULD HAVE ASKED ME WHETHER I WANTED TO SAVE IT OR NOT THE SIMPLEST NOTEPAD WILL DO EVEN YOU TRY TO CLOSE IT.

FUCK IT THAT APP.

Developer vs. user experience: it's 2024, tech is used by the masses, and still, every day, I see messages that something "failed", an "error occurred" or that I did something wrong trying to use something supposedly simple like entering a phone number or a bank account IBAN into a web form.

Worse, I remember being part of teams coding and releasing antipatterns like that, spending time in hour-long best practice discussions and still failing to deal with user "errors" in the end.

AI, the deus ex machina supposed to obsolete developers, does the exact opposite of development: fail and err, but always find some positive and polite words to gaslight its users and make them feel happy.

AI will replace developers just because it's better in being nice.

I have a system design question I was hoping u guys could help me with.

So I want to make a display that shows an animated wallpaper. I want to have a camera in the display that will recognize finger gestures and will change the wallpaper accordingly (shuffle to a new one, etc.)
EX: when the current wallpaper is displaying, when the user shows the camera the peace sign, it will switch the current wallpaper to a random wallpaper.

I used tensorflow and the mediapipe hands library to get the finger gesture recognition to work. I used tensorflow, python, and openCV.

Now that the finger gesture recognition is finished, I moved to the animated wallpapers and I made a couple with p5js.

How could I best combine the two? Should I switch from tensorflow in python to tensorflow.js? Or should I find a way to re-do my animated wallpapers in python?

My original plan was having the foundation of the whole system be python. This is so I can have the finger gesture recognition run on the main thread, and have another thread deal with the wallpapers.

Let me know if u guys have any ideas or if I’m not clear. Thanks!!!

#Suphle Rant 3: Road to PHP8, Flow travails

Some primer: Flows is a feature that causes the framework to bypass handling the request now but read it from cache. This cache entry is meant to be populated without warming, based on the preceding request. It's sort of like prefetching but done on the back end

While building Suphle, I made some notes on some chapters about caveats and gotchas I may forget while documenting. One such note was that when users make the Flow request, the framework will attempt to determine who user is, using authentication mechanism defined on the first module (of the modular monolith)

Now, I got to this point during documentation and started wondering whether it's impossible for the originating request to have used a different authentication mechanism, which would result in an empty entry for returning user. I *think* it's possible cuz I've got something else called "route mirroring", where web based routes can be converted to API routes. They'll then return JSON, get served under defined API path, use JWT, all automatically. But I just couldn't connect the dots for the life of me, regarding how any of this could impact authentication on the Flow request

While trying to figure out how to write the test for this or whether it was even necessary (since I had no use case), it struck me that since Flow requests are not triggered by an actual user, any code attempting to read authenticated user will see nothing!

I HATE it when I realize there's ambiguity or an oversight, after the amount of attention and suffering devoted. This, along with a chain of personal troubles set off despondency for a couple of days. No appetite for food or talk. Grudgingly refactored in this update over some days. Wrote some tests, not all passed. More pain. May have to convert them to unit tests

For clarity, my expectation is, I built this. Nothing should be impossible for me

Surprisingly, I caught a somewhat lucky break –an ex colleague referred me to the 1st gig I'm getting in 1+ year. It's about writing a plugin for some obscure forum software. I'm not too excited cuz it's poorly documented and I'll have to do a lot of groping, they use arrays instead of objects etc. There's no guarantee I'll find how to implement all client's requirements

While brooding last night, surfing the PHP subreddit, stumbled on a post about using Rector to downgrade a codebase. I've always been interested in the reverse but didn't have any incentive to fret over it. Randomly googled and saw a post promising a codebase can be upgraded with 3 commands in 5 minutes to PHP 8. Piqued my interest around 12:something AM. Stayed up all night upgrading it, replacing PHPSTAN with Psalm, initializing the guy's project, merging Flow auth with master etc. I think it may have taken 5 minutes without the challenge of getting local dev environment to PHP 8

My mood is much lighter than it was, although the battle is not won yet –image tests are failing. For some weird reason, PHP8 can't read generated test images. Hope I can ride on that newfound lease on life to study the forum and get the features working

I have some other rant but this is already a lot to digest in one sitting. See you in rant #4

Any MUDders or ex-MUDders here?
As in multi user dungeon, the text based RPG's