Bluntly telling management that they're wrong, full of shit, and need to quit doing stupid things instead of just smiling and nodding and taking the paycheck. SPOILER ALERT: After 20 years in industry, they're NEVER going to change. They're just going to keep doing stupid shit. The best you can do is smile and politely point out that it's a problem. Then, look out for your own concerns and make sure you don't have to suffer with their bullshit decision as best as you can.

So, you start with a PHP website.

Nah, no hating on PHP here, this is not about language design or performance or strict type systems...

This is about architecture.

No backend web framework, just "plain PHP".

Well, I can deal with that. As long as there is some consistency, I wouldn't even mind maintaining a PHP4 site with Y2K-era HTML4 and zero Javascript.

That sounds like fucking paradise to me right now. 😍

But no, of course it was updated to PHP7, using Laravel, and a main.js file was created. GREAT.... right? Yes. Sure. Totally cool. Gotta stay with the times. But there's still remnants of that ancient framework-less website underneath. So we enter an era of Laravel + Blade templates, with a little sprinkle of raw imported PHP files here and there.

Fine. Ancient PHP + Laravel + Blade + main.js + bootstrap.css. Whatever. I can still handle this. 🤨

But then the Frontend hipsters swoosh back their shawls, sip from their caramel lattes, and start whining: "We want React! We want SPA! No more BootstrapCSS, we're going to launch our own suite of SASS styles! IT'S BETTER".

OK, so we create REST endpoints, and the little monkeys who spend their time animating spinners to cover up all the XHR fuckups are satisfied. But they only care about the top most visited pages, so we ALSO need to keep our Blade templated HTML. We now have about 200 SPA/REST routes, and about 350 classic PHP/Blade pages.

So we enter the Era of Ancient PHP + Laravel + Blade + main.js + bootstrap.css + hipster.sass + REST + React + SPA 😑

Now the Backend grizzlies wake from their hibernation, growling: We have nearly 25 million lines of PHP! Monoliths are evil! Did you know Netflix uses microservices? If we break everything into tiny chunks of code, all our problems will be solved! Let's use DDD! Let's use messaging pipelines! Let's use caching! Let's use big data! Let's use search indexes!... Good right? Sure. Whatever.

OK, so we enter the Era of Ancient PHP + Laravel + Blade + main.js + bootstrap.css + hipster.sass + REST + React + SPA + Redis + RabbitMQ + Cassandra + Elastic 😫

Our monolith starts pooping out little microservices. Some polished pieces turn into pretty little gems... but the obese monolith keeps swelling as well, while simultaneously pooping out more and more little ugly turds at an ever faster rate.

Management rushes in: "Forget about frontend and microservices! We need a desktop app! We need mobile apps! I read in a magazine that the era of the web is over!"

OK, so we enter the Era of Ancient PHP + Laravel + Blade + main.js + bootstrap.css + hipster.sass + REST + GraphQL + React + SPA + Redis + RabbitMQ + Google pub/sub + Neo4J + Cassandra + Elastic + UWP + Android + iOS 😠

"Do you have a monolith or microservices" -- "Yes"

"Which database do you use" -- "Yes"

"Which API standard do you follow" -- "Yes"

"Do you use a CI/building service?" -- "Yes, 3"

"Which Laravel version do you use?" -- "Nine" -- "What, Laravel 9, that isn't even out yet?" -- "No, nine different versions, depends on the services"

"Besides PHP, do you use any Python, Ruby, NodeJS, C#, Golang, or Java?" -- "Not OR, AND. So that's a yes. And bash. Oh and Perl. Oh... and a bit of LUA I think?"

2% of pages are still served by raw, framework-less PHP.

I just released a tiny game for iPhone!

It's basically an attempt to mix 'Heroes of Might & Magic' and mtg.

In the screenshot my terminal says 'helloworld.cpp'. That's right, this is my first c++ program and I don't care how crappy you think this game is, I'm super proud of myself!

I've always worked in data science where managers assume I know how to code because there's text on my screen and I can query and wrangle data, but I actually didn't know what a class was until like 3 years into my job.

Making this game was my attempt to really evolve myself away from just statistics / data transforms into actual programming. It took me forever but I'm really happy I did it

It was brutal at first using C++ instead of R/Python that data science people usually use, but now I start to wonder why it isn't more popular. Everything is so insanely fast. You really get a better idea of what your computer is actually doing instead of just standing on engineers' shoulders. It's great.

After the game was 90% finished (LOL) I started using Swift and Spritekit to get the visuals on the screen and working on iPhone. That was less fun. I didn't understand how to use xCode at all or how to keep writing tests, so I stopped doing TDD because I was '90% done anyway' and 'surely I'll figure out how to do basic debugging'. I'll know better next time...

1. You don't code to add a feature or whatever. You do it to solve Users' problems. It's a User-centric system.
2. You read more code than you write. So help yourself and write code intended to be read.
3. If people don't know you did something, you did nothing!
4. Never answer a call at 3 am if you're not paid to be on night call-duty. You'll become the guy who answers at 3 am.
5. Remember the big difference between you and me is that I failed to do stuff more times than you have tried to do.
6. When you start shaving the yak, stop!

A client drove 3 hours, for a urgent meeting with me that was solved by me adding CORS-headers

We spent 9 hours taking a vote, across all of the dev team (including junior devs), about how to design the backend architecture and which security measures we should take.

The CTO refused to listen to the person assigned to the design (me at the time) because he preferred fire-and-forget for EVERYTHING, ignoring all of the blatant drawbacks, and claimed that "there is no truly fault tolerant system", which is such a cop-out that my mind still cannot fathom it.

So therefore, since he couldn't have it his way, we took it to a vote (not my decision). Spent nine hours discussing the pros and cons of HTTP vs MQ systems to arrive at a vote.

I "won", and then left the company shortly after, because it was clear that even though the votes were in my favor, I was going to be "nickel and dimed" to death about the changes and how it's deployed, etc. to the point the system will end up like the previous systems they wrote.

Oh and the fact I was asked to help "improve morale" for the team that was working on the old, broken, overengineered project (I don't manage them nor did I write any of that code) by being assigned to arrange breakfast catering because it'd somehow mean more "coming from a senior dev".

I loved the people there - truly, some of the best people - but the company was broken from the ground to the ceiling.

CTO was let go a while after I left, I guess - most of the dev team has since left too and the majority of their work is being outsourced to Indian subcontractors.

I have a few of these so I'll do a series.
(1 of 3) Public privates

We had a content manager that created a content type called "news item" on a Drupal site. There where two file fields on there. One called "attachments" and the other called "private attachments". The "private attachments" are only for members to see and may contain sensitive data. It was set to go trough Drupals security (instead of being directly hosted by the webserver) but because the permissions on the news items type where completely public everybody had access. So basically it was a slow public file field.

This might be attibuted to ow well Drupal is confusing. Howerver weeks earlier that same CM created a "private article". This actually had permissions on the content type correctly but had a file field that was set to public. So when a member posted the URL to a sensitive file trough unsafe means it got indexed by google and for all to read. When that happend I explained in detail how the system worked and documented it. It was even a website checklist item.

We had two very embarrassing data leaks :-(

I have quite a few of these so I'm doing a series.
(2 of 3) Flexi Lexi

A backend developer was tired of building data for the templates. So he created a macro/filter for our in house template lexer. This filter allowed the web designers (didn't really call them frond end devs yet back then) could just at an SQL statement in the templates.

The macro had no safe argument parsing and the designers knew basic SQL but did not know about SQL Injection and used string concatination to insert all kinds of user and request data in the queries.
Two months after this novel feature was introduced we had SQL injections all over the place when some piece of input was missing but worse the whole product was riddled with SQLi vulnerabilities.

I made a thing.

A recent user threatened to "hack" me using "Tampermonkey"... and while that is silly, it did get me thinking about trying out some User Styles for the first time in a while.

So, I present to you rapscallions DarkTronRGB.

Three Dark Tron Style CSS User themes for devRant that work with Styler and Stylebot browser plug-ins.

Enjoy. Or don't. I don't care.

https://github.com/HiFiWiFiSciFi/...

!Story

The day I became the 400 pound Chinese hacker 4chan.

I built this front-end solution for a client (but behind a back end login), and we get on the line with some fancy European team who will handle penetration testing for the client as we are nearing dev completion.

They seem... pretty confident in themselves, and pretty disrespectful to the LAMP environment, and make the client worry even though it's behind a login the project is still vulnerable. No idea why the client hired an uppity .NET house to test a LAMP app. I don't even bother asking these questions anymore...

And worse, they insist we allow them to scrape for vulnerabilities BEHIND the server side login. As though a user was already compromised.

So, I know I want to fuck with them. and I sit around and smoke some weed and just let this issue marinate around in my crazy ass brain for a bit. Trying to think of a way I can obfuscate all this localStorage and what it's doing... And then, inspiration strikes.

I know this library for compressing JSON. I only use it when localStorage space gets tight, and this project was only storing a few k to localStorage... so compression was unnecessary, but what the hell. Problem: it would be obvious from exposed source that it was being called.

After a little more thought, I decide to override the addslashes and stripslashes functions and to do the compression/decompression from within those overrides.

I then minify the whole thing and stash it in the minified jquery file.

So, what LOOKS from exposed client side code to be a simple addslashes ends up compressing the JSON before putting it in localStorage. And what LOOKS like a stripslashes decompresses.

Now, the compression does some bit math that frankly is over my head, but the practical result is if you output the data compressed, it looks like mandarin and random characters. As a result, everything that can be seen in dev tools looks like the image.

So we GIVE the penetration team login credentials... they log in and start trying to crack it.

I sit and wait. Grinning as fuck.

Not even an hour goes by and they call an emergency meeting. I can barely contain laughter.

We get my PM and me and then several guys from their team on the line. They share screen and show the dev tools.

"We think you may have been compromised by a Chinese hacker!"

I mute and then die my ass off. Holy shit this is maybe the best thing I've ever done.

My PM, who has seen me use the JSON compression technique before and knows exactly whats up starts telling them about it so they don't freak out. And finally I unmute and manage a, "Guys... I'm standing right here." between gasped laughter.

If only it was more common to use video in these calls because I WISH I could have seen their faces.

Anyway, they calmed their attitude down, we told them how to decompress the localStorage, and then they still didn't find jack shit because i'm a fucking badass and even after we gave them keys to the login and gave them keys to my secret localStorage it only led to AWS Cognito protected async calls.

Anyway, that's the story of how I became a "Chinese hacker" and made a room full of penetration testers look like morons with a (reasonably) simple JS trick.

Dear external developer dumbass from hell.
We bought your company under the assumption you had a borderline functioning product and/or dev team. Ideally both

For future reference expect "file path" arguments can contain backslashes and perhaps even the '.' character. It ain't that hard. Maybe try using the damn built in path parsing capabilities every halfway decent programming environment has had since before you figured out how to smash your head against the keyboard hard enough for your shitty excuse of a compiler stops arguing and gives in.

I am fixing your shit by completely removing it with one line of code calling the framework and you better not reject this.
This is not a pull request ITS A GOD DAMN PULL COMMAND.

- Is what i would _like_ to say right now... you know if i wouldn't be promptly fired for doing so :p
How's you guys friday going?

GraphQL people: REST sucks because it causes unnecessary data fetching and extra requests.

Also GraphQL people: "PicoLooper - A <200 LOC 🤏 ninja-grade 🥷 bulletproof 🔫 solution for the n+1 request problem 🙅 made with love ❤️"

Self documenting code is a fucking myth you bloody sheep.

Write “self documenting code” then add a fucking comment or two explaining why the fuck the code deserves should be there because nobody can see what the fuck it is doing or understands how the whole collection of microservices works. I’m sick of spaghetti code bullshit full of accidental redundancy because it is impossible for anyone to realize why something is there at a glance.

I renamed different “Contract” classes today by adding numbers before code review.
Contract
Contract1
Contract2
Contract3
All of these classes are supposed to be the same but somehow they aren’t and you self documenting dumbasses missed it. Don’t gripe about the numbered classes in the repo… fix the fucking code and collapse the classes so we don’t have four sections of code describing the same fucking structure from a http get with different interfaces because four people couldn’t read the whole like some fucking computer.

One year ago, I quit my job in order to "make life easier". And by that I mean work+home in the same city. I went from 40 minutes commute - to 3 minutes. I had a blast the first week.

Then I realized that it was actually a mistake. I did not like working with "that kind of systems" and "that kind of tasks". It was tedious, stupid, and I was angry every, single day because the previous ones had built a system on 10-15 year old hardware because "it is cheaper".

That continued for a year. I discovered new stupid "solutions" every week that was potentially dangerous for the company. It built up a huge pile of shit and I started to feel that my mental health was disappearing, fast.

And equipment such as servers, switches, routers, storage started to fail because of age. Despite my warnings from day 0 to the CEO who only kinda laughed it off and said "you can to solve that", but I never got the approval to actually buy the equipment that was needed. Because "the company did'nt have the money for it". Somehow, the company had the money to buy expensive cars for the CEO - I can't really figure out that equation.

So today, one VERY old UPS died at our office. It caused some powerspike that killed off some switches and a NAS.
"Whatever" I thought, I just have to find the backup of the files and get a new one.

Then I discovered, that the NAS that acted as a iSCSI target for VM's and document storage was backed up using VEEAM on another server - that was configured to backup everything to the same NAS. I just wanted to cry, because I could not take anymore shit.

So I picked up my phone, called my old employer and asked if I could start working for them again. My old boss got insanely happy and gave me a great offer which I immediately accepted.

So tomorrow, is the day that I am going to walk into my current boss and say that I will quit. My last day will be on Christmas day. And I will start my new year with a few weeks off, and then back to the job that I actually loved.

Life is to short to work with something you hate.

Swimwear was mandatory for using computers in 1982

Really unfortunate that we all just accept people being assholes because they're good at their job. I guess it's just the way the world is but personally I don't think you get a free pass to be rude just because you're a key player.

Life is short and whatever bullshit project for whatever dumbass company you work for is ultimately not that important in the grand scheme of things. Don't let your hyperinflated ego misguide you. Be nice to people.

Flutter is basically how my poor soul trying to get compatible with my 6 different personalities and ends up being a disappointment from time to time.

Never worked for this guy, just saw it someone else's feed and thought it would be appropriate here. This is not leadership. This is bullying and stomping on people in a vulnerable situation which most likely has very little to do with their work ethic and more to do with company health. Yea, definitely elevate yourself and be that A+ person for you. Not for assholes like this. A good leader would empathize and provide resources for advancement and transformation to roles that are more aligned to the current environment.

After going through the painstaking process of getting automation scripts reviewed by the whole team, edits, commits, reverts and finally loosing sanity

and you see the team is still using the old automation scripts in testing.

(╯°□°)╯︵ ┻━┻

Month passed so I looked at job offers and I am tired again.

All of them look the same and all of them look like crap. Some require stupid online tests preparation ( cause everyone likes to traverse tree 10000 times a day ).

Seriously I think I will go to supermarket and work there.
It’s more pleasant then getting input and pushing it in some stupid places all over again.
Finding some shit in shit pile, then moving this shit pile back and forth between different shit holes.

AI should start writing this stupid code, robots should provide food and build shelter.
The sooner the better for all of us.

Most awkward video conference call?

Our department is in a 'virtual' book club, reading The Unicorn Project, and I asked..
Me: "So what similarities have you seen with the Phoenix project and projects we work on here?"
Dale: "Ha ha..sooo many. The biggest is the disconnect of managers with no clue of what goes on."
<Vice president of our department also in the book club>
VP: "Really? Dale, I'd like to know more about this."
<awkward silence with blank stares all around>
DBA: "Come on Dale...spill the beans. Got the VP right there."
Dale: "Um...nope...not going there...nope"
<Dale's screen goes black>
VP: "OK, so when Maxine asks ..."

My favorite kind of interview question/challenge is anything that is highly practical for the job. At the current company I work, the coding test/interview challenge was to design and implement an API very similar to the core functionality of the actual product. It’s fair, tests for skills relevant to the job, and is much better than irrelevant silly brain teasers and cs questions, I feel.

In terms of specific questions, one of my favorites is one that one of my colleagues suggested I ask to potential candidates: describe what you think your biggest failed project/task was in your engineering career, and what happened/what you learned. I think it’s a good reflective question that can tell a lot about someone.

Nice UTF-8, devRant.

haha😂😂😃😉

Was lead developer at a small startup, I was hiring and had a budget to add 3 new people to my team to develop a new product for the company.

Some context first and then the rant!

Candidate 1 - Amazing, a dev I worked with before who was under utilized at the previous company. Still a junior, but, she was a quick learner and eager to expand her knowledge, never an issue.

Candidate 2 - Kickass dev with back end skills and extras, he was always eager to work a bit more than what was expected. I use to send him home early to annoy him. haha!

Candidate 3 - Lets call him P.

In the interview he answers every question perfectly, he asks all the right questions and suggests some things I havent even thought of. CTO goes ahead and says we should skip the technical test and just hire the guy, his smart and knows what his talking about, I agree and we hire him. (We where a bit desperate at this stage as well.)

He comes in a week early to pick up his work laptop to get setup before he starts the next week, awesome! This guy is going to be an asset to the company, cant wait to have him join the team - The CTO at this stage is getting ready to leave the company and I will be taking over the division and need someone to take over lead position, he seems like the guys to do it.

The guys starts the next week, he comes in and the laptop we gave him is now a local server for testing and he will be working off his own laptop, no issue, we are small so needed a testing stack, but wasnt really needed since we had procedures in place for this already.

Here is where everything goes wrong!!! First day goes great... Next day he gets in early 6:30am (Nice! NO!), he absolutely smells, no stinks, of weed, not a light smell, the entire fucking office smells of weed! (I have no problem with weed, just dont make it my problem to deal with). I get called by boss and told to sort this out people are complaining! I drive to office and have a meeting with him, he says its all good he understands. (This was Friday).

Monday comes around - Get a call from Boss at 7:30am. Whole office smells like weed, please talk to P again, this cannot happen again. I drive to office again, and he again says it wont happen again, he has some issues with back pain and the weed helps.

Tuesday - Same fucking thing! And now he doesnt want to sign for the laptop("server") that was given to him, and has moved to code in the boardroom, WHERE OUR FUCKING CLIENTS WILL BE VIEWING A DEMO THAT DAY OF THE PRODUCT!! Now that whole room smells like weed, FML!

Wednesday - We send P a formal letter that he is under probation, P calls me to have a meeting. In the meeting he blames me for not understanding "new age" medicine, I ask for his doctors prescription and ask why he didnt tell me this in the interview so I could make arrangements, we dont care if you are stoned, just do good work and be considerate to your co-workers. P cant provide these and keeps ranting, I suggest he takes pain killers, he has none of it only "new age" medicine for him.

Thursday - I ask him to rather "work" from home till we can get this sorted, he comes in for code reviews for 2 weeks. I can clearly see he has no idea how the system works but is trying, I thought I will dive deeper and look at all of his code. Its a mess, nothing makes sense and 50% of it is hard coded (We are building a decentralized API for huge data sets so this makes no sense).

Friday - In code review I confront him about this, he has excuses for everything, I start asking him harder questions about the project and to explain what we are building - he goes quiet and quits on the spot with a shitty apology.

From what I could make out he was really smart when it came to theory but interpreting the theory to actual practice wasnt possible for him, probably would have been easier if he wasnt high all the time.

I hate interview code tests, but learned a valuable lesson that day! Always test for some code knowledge as well even if you hate doing it, ask the right questions and be careful who you hire! You can only bullshit for so long in coding before someone figures out that you are a fraud.

Finally drinking again 😌

Ah, it just feels too good. Who needs friends anyway 💖

Me: Hi Guys, theres no docs on our custom push notification / deeplinking implementation. I've tried to work backwards from a QA testing doc to add new links. Can someone tell me if this is all ok? It seems to behave a little weird.

Dev: Looks ok, but we've moved to the braze platform for sending notifications. You'll need to trigger braze notifications now. Test that it works ok with that <confluence-link>

*hour later*

Me: I've tried the debugging tool, both with my payload and one of the samples from the link. It displays on the phone, but tapping it doesn't trigger the deeplinking.

Dev: No it works, try one of these <screenshot of samples I used>

*hour later*

Me: Tried it again on the real device to make sure, as well as on develop and master. Not working with those samples or mine.

Dev: No it does. It comes in here in this library <github link to line of code>

Me: ... Nope, debugged it, it doesn't get passed the next 'if' check on the next line as its missing a key/value. The whole function does nothing.

Dev: Oh do you want to send a braze notification?

Me: ..... you told me I had too .... yes I guess.

Dev: ok for a braze notification it works different, send this <entirely different sample no where on the link>

Me: ...... but ..... this is only for braze notifications ..... why .... all the samples have deeplink url's .... but they don't ....... are you ..... FFS!!!!! !@#?!

(╯°□°）╯︵ ┻━┻

┻━┻ ︵ヽ(`Д´)ﾉ︵ ┻━┻

(ノಠ益ಠ)ノ彡┻━┻

┌П┐(ಠ_ಠ)

So the job was for a web developer, specifically.
We needed a person who was very confident with PHP, JS, HTML, CSS.

This dude comes in, he says he's confident with all of them, we ask him how he would solve a problem we're having and he answers just like we answered the first time. Which is a good start.

By the end of the interview, he just says: "ok, but like I'm not here to work as a developer"
"WTF are you even here for, then?"
"To work on anything else than that"
"But we just need that"
"I won't do it"
"Ok, then, bye"

Neat: MongoDB. Fairly easy to use, intuitive-ish JSON API. Thinking about using it on a project. Excitement.

Neater: Data validation. You can have it drop writes that don't match a schema. Excitement intensifies.

Braindead: It absolutely will not tell you exactly *why* the write doesn't meet the schema, leaving you to figure that out on your own, smart guy. Mongo smugly crosses its arms and tells you to go back and do it right without actually telling you what the problem is.

Fucking braindead: This has been an open feature request since year of our lord two-thousand-and-fucking-fifteen. https://jira.mongodb.org/browse/...

Question: What tools/software do you use to write API documentation of applications with NodeJs back-end (assuming that you can not use tools like ex: sweager for weakly typed languages)?