Well, it happened. The stupidest request, no demand, I have ever, and most likely will ever receive...

Me: So what is it you're looking to do with your website.

Client: We're not showing up Facebook's home page. We need you to fix that. We have a budget of $10,000 to make this happen right now.

Me: As much as I'd love to take your money, that isn't something I can control. Every "home page" is profile-based, which technically isn't a homepage, but a "feed" that changes constantly. So say you create a profile on Facebook, only those you follow, and paid posts show up on your feed. What I can do however is use your budget to create and promote posts from your company page to show on users' feeds. If you're serious about marketing, we can start slow at $250/week, then work our way up or down based on results until your budget is exhausted, then re-evaluate the budget at that time. I can tailor a retainer for you based on the number of ads per week that you'd like to make.

Client: No, this is not what we're asking for at all.

Me: Okay...what is it you're looking for exactly? Run through this in as much detail as possible so I can get on the same page.

Client: We want to be on the main home page of facebook.com. We want our logo on that page when people sign up to make an account, linking to our website.

Me: That's simply not possible. That's Facebook's own home page. Nobody has a right to edit that other than Facebook itself.

Client: Bullshit. There's a Facebook developers section with APIs to edit and view Facebook's entire website. We would do it ourselves, but we signed up and don't understand how to change it in Chrome. That's why we need you and [referring client] said you were the best guy for our needs.

Me: That API has no control over Facebook's corporate data, including their own home page. That API designed ONLY for sections in which you are authorized to access or modify, such as your personal profile or created page for your business.

Client: We know that it can be done. If you don't do it, we'll find someone else who can.

Me: Well good luck with that, because the only way it would be remotely possible to do that WILL involve prison time, since that would be illegal. The only legal way to do it would be to buy Facebook, and they'll laugh you out of the building with that offer. But I'm done with this conversation because I have work to complete from clients that aren't delusional. Have a nice day! [hang up]

----

What. The. Fuck.

So a few days ago I felt pretty h*ckin professional.

I'm an intern and my job was to get the last 2003 server off the racks (It's a government job, so it's a wonder we only have one 2003 server left). The problem being that the service running on that server cannot just be placed on a new OS. It's some custom engineering document server that was built in 2003 on a 1995 tech stack and it had been abandoned for so long that it was apparently lost to time with no hope of recovery.

"Please redesign the system. Use a modern tech stack. Have at it, she's your project, do as you wish."

Music to my ears.

First challenge is getting the data off the old server. It's a 1995 .mdb file, so the most recent version of Access that would be able to open it is 2010.

Option two: There's an "export" button that literally just vomits all 16,644 records into a tab-delimited text file. Since this option didn't require scavenging up an old version of Access, I wrote a Python script to just read the export file.

And something like 30% of the records were invalid. Why? Well, one of the fields allowed for newline characters. This was an issue because records were separated by newline. So any record with a field containing newline became invalid.

Although, this did not stop me. Not even close. I figured it out and fixed it in about 10 minutes. All records read into the program without issue.

Next for designing the database. My stack is MySQL and NodeJS, which my supervisors approved of. There was a lot of data that looked like it would fit into an integer, but one or two odd records would have something like "1050b" which mean that just a few items prevented me from having as slick of a database design as I wanted. I designed the tables, about 18 columns per record, mostly varchar(64).

Next challenge was putting the exported data into the database. At first I thought of doing it record by record from my python script. Connect to the MySQL server and just iterate over all the data I had. But what I ended up actually doing was generating a .sql file and running that on the server. This took a few tries thanks to a lot of inconsistencies in the data, but eventually, I got all 16k records in the new database and I had never been so happy.

The next two hours were very productive, designing a front end which was very clean. I had just enough time to design a rough prototype that works totally off ajax requests. I want to keep it that way so that other services can contact this data, as it may be useful to have an engineering data API.

Anyways, that was my win story of the week. I was handed a challenge; an old, decaying server full of important data, and despite the hitches one might expect from archaic data, I was able to rescue every byte. I will probably be presenting my prototype to the higher ups in Engineering sometime this week.

Happy Algo!

!rant

This was over a year ago now, but my first PR at my current job was +6,249/-1,545,334 loc. Here is how that happened... When I joined the company and saw the code I was supposed to work on I kind of freaked out. The project was set up in the most ass-backward way with some sort of bootstrap boilerplate sample app thing with its own build process inside a subfolder of the main angular project. The angular app used all the CSS, fonts, icons, etc. from the boilerplate app and referenced the assets directly. If you needed to make changes to the CSS, fonts, icons, etc you would need to cd into the boilerplate app directory, make the changes, run a Gulp build that compiled things there, then cd back to the main directory and run Grunt build (thats right, both grunt and gulp) that then built the angular app and referenced the compiled assets inside the boilerplate directory. One simple CSS change would take 2 minutes to test at minimum.

I told them I needed at least a week to overhaul the app before I felt like I could do any real work. Here were the horrors I found along the way.

- All compiled (unminified) assets (both CSS and JS) were committed to git, including vendor code such as jQuery and Bootstrap.
- All bower components were committed to git (ALL their source code, documentation, etc, not just the one dist/minified JS file we referenced).
- The Grunt build was set up by someone who had no idea what they were doing. Every SINGLE file or dependency that needed to be copied to the build folder was listed one by one in a HUGE config.json file instead of using pattern matching like `assets/images/*`.
- All the example code from the boilerplate and multiple jQuery spaghetti sample apps from the boilerplate were committed to git, as well as ALL the documentation too. There was literally a `git clone` of the boilerplate repo inside a folder in the app.
- There were two separate copies of Bootstrap 3 being compiled from source. One inside the boilerplate folder and one at the angular app level. They were both included on the page, so literally every single CSS rule was overridden by the second copy of bootstrap. Oh, and because bootstrap source was included and commited and built from source, the actual bootstrap source files had been edited by developers to change styles (instead of overriding them) so there was no replacing it with an OOTB minified version.
- It is an angular app but there were multiple jQuery libraries included and relied upon and used for actual in-app functionality behavior. And, beyond that, even though angular includes many native ways to do XHR requests (using $resource or $http), there were numerous places in the app where there were `XMLHttpRequest`s intermixed with angular code.
- There was no live reloading for local development, meaning if I wanted to make one CSS change I had to stop my server, run a build, start again (about 2 minutes total). They seemed to think this was fine.
- All this monstrosity was handled by a single massive Gruntfile that was over 2000loc. When all my hacking and slashing was done, I reduced this to ~140loc.
- There were developer's (I use that term loosely) *PERSONAL AWS ACCESS KEYS* hardcoded into the source code (remember, this is a web end app, so this was in every user's browser) in order to do file uploads. Of course when I checked in AWS, those keys had full admin access to absolutely everything in AWS.
- The entire unminified AWS Javascript SDK was included on the page and not used or referenced (~1.5mb)
- There was no error handling or reporting. An API error would just result in nothing happening on the front end, so the user would usually just click and click again, re-triggering the same error. There was also no error reporting software installed (NewRelic, Rollbar, etc) so we had no idea when our users encountered errors on the front end. The previous developers would literally guide users who were experiencing issues through opening their console in dev tools and have them screenshot the error and send it to them.
- I could go on and on...

This is why you hire a real front-end engineer to build your web app instead of the cheapest contractors you can find from Ukraine.

Things have been a little too quiet on my side here, so its time for an exciting new series:

practiseSafeHex's new life as a manager.

Episode 1: Dealing with the new backend team

It's great to be back folks. Since our last series where we delved into the mind numbing idiocy of former colleagues, a lot has changed. I've moved to a new company and taken a step up as a Dev manager / Tech lead. Now I know what you are all thinking, sounds more dull and boring right? Well it wouldn't be a practiseSafeHex series if we weren't ...

<audience-shouting>
DEALING! ... WITH! ... IDIOTS!
</audience-shouting>

Bingo! so lets jump right in and kick us off with a good one.

So for the past few months i've been on an on-boarding / fact finding / figuring out this shit-storm, mission to understand more about what it is i'm suppose to do and how to do it. Last week, as part of this, I had the esteemed pleasure of meeting face to face with the remote backend team i've been working with. Lets rattle off a few facts to catch us all up:

- 8 hour time difference to me
- No documentation other than a non-maintained swagger doc
- Swagger is reporting errors and several of the input models are just `Type: String`
- The one model that seems accurate, has every property listed as optional, including what must be the primary key
- Properties go missing and get removed at the drop of a hat and we are never told.
- First email I sent them took 27 days to reply, my response to that hasn't been answered so far 31 days later (new record! way to go team, I knew we could do it!!!)
- I deal directly with 2 of them, the manager and the tech lead. Based on how things have gone so far, i've nick named them:
1) Ass
2) Hole

So lets look at some example of their work:

- I was trying to test the new backend, I saw no data in QA. They said it wouldn't show up until mid day their time, which is middle of the night for us. I said we need data in our timezone and I was told: a) "You don't understand how big this system is" (which is their new catch phrase) b) "Your timezone is not my concern"

- The whole org started testing 2 days later. The next day a member from each team was on a call and I was asked to give an update of how the testing was going on the mobile side. I said I was completely blocked because I can't get test data. Backend were asked to respond. They acknowledged they were aware, but that mobile don't understand how big the system is, and that the mobile team need to come up with ideas for the backend team, as to how mobile can test it. I said we can't do anything without test data, they said ... can you guess what? ... correct "you don't understand how big the system is"

- We eventually got something going and I noticed that only 1 of the 5 API changes due on their side was done. Opened tickets. 2 days later asked them for progress and was told that "new findings" always go to the bottom of the backlog, and they are busy with other things. I said these were suppose to be done days ago. They said you can't give us 2 days notice and expect everything done. I said the original ticket was opened a month a go *sends link* ......... *long silence* ...... "ok, but you don't understand how big the system is, this is a lot of work"

- We were on a call. Product was asking the backend manager (aka "Ass") a question about a slight upgrade to the new feature. While trying to talk, the tech lead (aka "Hole") kept cutting everyone off by saying loudly "but thats not in scope". The question was "is this possible in the future" and "how long would it take", coming from management and product development. Hole just kept saying "its not in scope", until he was told to be quiet by several people.

- An API was sending down JSON with a string containing a message for the user with 2 bits of data inside it. We asked for one of those pieces to also come down as a property as the string can change and we needed it client side. We got that. A few days later we found an edge case and asked for the second piece of data to be a property too. Now keep in mind, they clearly already have access to them in order to make the string. We were told "If you keep requesting changes like this, you are going to delay the release of the backend by up to 2 weeks"

Yes folks, there you have it, the most minuscule JSON modifications, can delay your release by up to 2 weeks ........ maybe I should just tell product, that they don't understand how big the app is, and claim we can't build it on our side? Seems to work for them

Thats all the time we have for today,

Tune in for more, where we'll be looking into such topics as:

- If god himself was an iOS developer ... not
- Why automate when you can spend all day doing it by hand
- Its more time-efficient to just give everything a story point of 5
- Why waste time replying to emails ... when you can do nothing instead

See you all next week,
practiseSafeHex

An intern I was supposed to lead (as an intern) and work with. Which sounded kinda crazy to me, but also fun so I rolled with it. But when I met her I quickly found out she didn't even have a coding editor installed and when I advised one she was "scared of virusses". She had Microsoft Edge in her toolbar, and some picture of a cat as a background. We were given some project by our boss, and a freelance programmer helped us set it up on Trello. Great, lets start! Oke maybe first some R&D, she had to reaeach how to use the Twilio API. After catching her on WhatsApp a few times I realised this wasnt gonna go anywere. After a few weeks of coding and posting a initial project to git I asked her if she could show me the code of the API she made so far..

She told me she was using the quickstart guide (the last 3 FUCKING weeks) which contained some test project with specific use cases.

The one that I did 3 weeks ago that same fucking morning.

AND SHE WAS STILL NOT DONE...

A few days later I asked her about the progress (strangly, I wasn't allowed ti give her another task bcs the freelanc already did) and guess what... She got fking pissed at me

Her: "I will come to you when im done, ok?"
Me: "I just want to see how it is going so far and if you are running into any problems!"
Her: "I dont want to show you right now"

She then goes to my fucking boss to tell him I am bothering her.

And omg... Please dear god please kill me now...

Instead of him saying the she probably didn't do shit. He says to me that the girl thinks im looking down on her and she needs a stress free environment to work in. She will show me when its done. ITS A FUCKING QUICKSTART GUIDE YOU DUMB BITCH.

He then procceeded to whine to me about the email template (another project I do at the same time) which didn't look perfect in all of his clients.

Dont they understand that I am not a frontend developer? Can you stop please? I know nothing about email templates, I told you this!!!

Really... the whole fucking internship the only thing the girl did was ask people if they want more tea. Then she starts cleaning the windows, talk to people for an hour, or clean everyone's dask.

all this while I already made 50% of the fucking product and she just finished the quickstart tutorial 😭. Truly 2 months wasted, and the worse thing is I didn't get any apprication. They constantly blamed me and whined at me. Sometimes for being 3 minutes late, the other for smoking too much, or because I drink to much coffee, or that I dont eat healthy. They even forced me to play Ping Pong. While im just trying to do my job. One of the worst things they got mad at me for if when my laptop got hacked bcs it was infected with some virus. He had remote access and bought 5 iPhones 6's with my paypal while I was on break. I had to go home and quickly reset all my passwords and make sure the iPhones wouldnt get delivered. strange this was, this laptop I only used at the company. So it must have been software I had to download there. Probably phpstorm (torrent). Bcs nobody would give me a license. And the freelancer said I * have to *.

the monday after I still had to reinstall windows so I called them and said I would be late. when I came they were so disrepectfull and didn't understand anything. It went a little like this:

Boss: why u late?
Me: had to reinstall my laptop, sorry.
Boss: why didnt you do this in your own time?
Me: well, I didn't have any time.
Boss: cant you do this in the weekend or something? Because now we have to pay you several hours bcs you downloaded something at home.

Me: I am only using this laptop for work so thats not possible.

Boss: how can that even be possible? You are not doing anything at home with your laptop? Is that why you never do anything at home?

Me: uhm, I have desktop computer you know. Its much faster. And I also need to rest sometimes. Areeb (freelancer) told me to torrent the software. He gave me the link. 2 days later this happends

Boss: Ahh okeee I see.. Well dont let it happen again.

After that nobody at the compamy trusted me with anything computer related. Yes it was my own fault I downloaded a virus but it can happen to anyone. After that I never used Windows again btw, also no more auto login apps.

You know side projects? Well I took on one. An old customer asked to come and take over his latest startups companys tech. Why not, I tought. Idea is sound. Customer base is ripe and ready to pay.

I start digging and the Hardware part is awesome. The guys doing the soldering and imbedded are geniuses. I was impressed AF.

I commit and meet up with CEO. A guy with a vision and sales orientation/contacts. Nice! This shit is gonna sell. Production lines are also set.

Website? WTF is this shit. Owner made it. Gotta give him the credit. Dude doesn't do computers and still managed to online something. He is still better at sales so we agree that he's gonna stick with those and I'll handle the tech.

I bootstrap a new one in my own simplistic style and online it. I like it. The owner likes it. He made me to stick to a tacky logo. I love CSS and bootstrap. You can make shit look good quick.

But I still don't have access to the soul of the product. DBs millions rows of data and source for the app I still behind the guy that has been doing this for over a year.

He has been working on a new version for quite some time. He granted access to the new versions source, but back end and DB is still out of reach. Now for over month has passed and it's still no new version or access to data.

Source has no documentation and made in a flavor of JS frame I'm not familiar with. Weekend later of crazy cramming I get up to speed and it's clear I can't get further without the friggin data.

The V2 is a scramble of bleeding edge of Alpha tech that isn't ready for production and is clearly just a paid training period for the dev. And clearly it isn't going so well because release is a month late. I try to contact, but no reaction. The owner is clueless.

Disheartening. A good idea is going to waste because of some "dev" dropping a ball and stonewalling the backup.

I fucking give him till the end of the next week until I make the hardware team a new api to push the data and refactor the whole thing in proper technologies and cut him off.

Please. If you are a dev and don't have the time to concentrate on the solution don't take it on and kill off the idea. You guys are the key to making things happening and working. Demand your cut but also deserve it by delivering or at least have the balls to tell you are not up for it.

First rant here. Long, but please bear with me:

So after slogging my ass off in various early stage startups for over 4 years and keeping up with the almost non-existent development process, I joined an organisation which has some of the brightest and smartest minds I have had the pleasure to work with.

Mind you, this company is the market leader in it's field and has a 50+ people in it's tech team and the quality of work is pretty impressive.

Now for this week's sprint, I was asked to develop a feature which already exists on the Android app and they want to introduce in the iOS app too. The backend APIs are all in place and all I need to do is build it with virtually no dependency. My PM asks me to start with the UI and ask the backend dev for the API list whenever I need them.This is where the story turns.

For my first API, I go to the backend dev and ask him to share the API documentation and he looks at me as if I have asked him to dance the fucking cha cha. With a straight face he tells me that, 'The organisation doesn't maintain any kind of documentation for it's APIs.' Now this really shocks me. Even in a 5 men tech teams I have worked on, we have always maintained a spec doc for the APIs and this is a company which is known for it's tech practices.

Being the new guy I compose myself and ask if they have anything for me here: Postman collection, a workflowy doc, a goddamn txt file; anything which might help me, and he laughs at my dilusion and says no.

Dejected, I ask for a way to get the APIs and I am told that there are only two ways: either I keep bothering the Android dev for the APIs(No, I don't have the access to the android repo and nor am I gonna get it) which he had worked on 4 months back or I install the prod app on my phone, and use Charles to get every fucking API which is really, really annoying.

I thought writing out this rant would make me feel better, turns out it just made me angrier. Why the fuck can't they document such an important thing!?

Friend of mine killed his MacBook with some Softdrink.

Just poured it all over his poor a1502.

He let it dry for a few days, it starts to work again.
Except the battery.

Goes on Amazon and buys a new battery.

New battery doesn't work either and so he tells me about it and I as stupid as I am couldn't resist the temptation to finally work on a MacBook like my "hero" Lois Rossmann does.

So turns out the board is good.
Cleaned it up and basically nothing happened to it.

So what's the deal with "los batlerias"?

The first got hit by liquid, the second had a broken connection to a cell.
That could have happened through my friend, installing it without testing it first, or at the seller, so it being a DOA battery.

Now away from the stupidity of my friend and the situation to the actual source for this rant.

Once something happens to a modern Managed battery, the Battery Management System (BMS) disconnects the voltage from the system and goes into an error state, staying there and not powering anything ever again.
For noobs, it's dead. Buy a new one.

But It can be reset, depending you know how to, and which passwords were set at the factory.
Yes, the common Texas instruments BQ20Zxx chips have default passwords, and apple seems to leav them at default.

The Usb to SMBus adaptors arrived a few days ago and I went to prod the BMS.

There is a very nice available for Windows called BE2works, that I used the demo of to go in and figure out stuff. The full version supports password cracking, the demo not.

After some time figuring out how Smart Battery Systems (SBS) "API" works, I got to actually enter the passwords into the battery to try get into manufacturer and full access mode.

Just to realise, they don't unlock the BMS.

So, to conclude, my friend bought a "new" battery that was most likely cut out of a used / dead macbook, which reports 3000mah as fully charged instead of the 6xxx mah that it should have, with 0 cycles and 0hours used.
And non default access.

This screams after those motherfuckers scaming the shit out of people on Amazon, with refurb, reset, and locked fucken batteries.

I could kill those people right now.

Last but not least,
My friend theoretically can't send it back because I opened the battery to fix the broken connection.
Though maybe, it'll get send back anyway, with some suprise in the package.

micromanager: "Quick and easy win! Please have this done in 2-3 days to start repairing your reputation"

ticket: "Scrap this gem, and implement your own external service wrapper using the new and vastly different Slack API!"

slack: "New API? Give me bearer tokens! Don't use that legacy url crap, wth"

prev dev: "Yeah idk what a bearer token is. Have the same url instead, and try writing it down so you don't forget it?"

Slack admin: "I can't give you access to the slack integration test app, even though it's for exactly this and three others have access already, including your (micro)manager."

Slack: "You can also <a>create a new slack app</a>!" -- link logs me into slack chat instead. After searching and finding a link elsewhere: doesn't let me.

Slack admin: "You want a new test slack app instead? Sure, build it the same as before so it isn't abuseable. No? Okay, plan a presentation for it and bring security along for a meeting on Friday and I'll think about it. I'm in some planning meetings until then."

asdfjkagel.

This job is endless delays, plus getting yelled at over the endless delays.

At least I can start on the code while I wait. Can't test anything for at least a week, though. =/

I had to open the desktop app to write this because I could never write a rant this long on the app.

This will be a well-informed rebuttal to the "arrays start at 1 in Lua" complaint. If you have ever said or thought that, I guarantee you will learn a lot from this rant and probably enjoy it quite a bit as well.

Just a tiny bit of background information on me: I have a very intimate understanding of Lua and its c API. I have used this language for years and love it dearly.

[START RANT]

"arrays start at 1 in Lua" is factually incorrect because Lua does not have arrays. From their documentation, section 11.1 ("Arrays"), "We implement arrays in Lua simply by indexing tables with integers."

From chapter 2 of the Lua docs, we know there are only 8 types of data in Lua: nil, boolean, number, string, userdata, function, thread, and table

The only unfamiliar thing here might be userdata. "A userdatum offers a raw memory area with no predefined operations in Lua" (section 26.1). Essentially, it's for the API to interact with Lua scripts. The point is, this isn't a fancy term for array.

The misinformation comes from the table type. Let's first explore, at a low level, what an array is. An array, in programming, is a collection of data items all in a line in memory (The OS may not actually put them in a line, but they act as if they are). In most syntaxes, you access an array element similar to:

array[index]

Let's look at c, so we have some solid reference. "array" would be the name of the array, but what it really does is keep track of the starting location in memory of the array. Memory in computers acts like a number. In a very basic sense, the first sector of your RAM is memory location (referred to as an address) 0. "array" would be, for example, address 543745. This is where your data starts. Arrays can only be made up of one type, this is so that each element in that array is EXACTLY the same size. So, this is how indexing an array works. If you know where your array starts, and you know how large each element is, you can find the 6th element by starting at the start of they array and adding 6 times the size of the data in that array.

Tables are incredibly different. The elements of a table are NOT in a line in memory; they're all over the place depending on when you created them (and a lot of other things). Therefore, an array-style index is useless, because you cannot apply the above formula. In the case of a table, you need to perform a lookup: search through all of the elements in the table to find the right one. In Lua, you can do:

a = {1, 5, 9};
a["hello_world"] = "whatever";

a is a table with the length of 4 (the 4th element is "hello_world" with value "whatever"), but a[4] is nil because even though there are 4 items in the table, it looks for something "named" 4, not the 4th element of the table.

This is the difference between indexing and lookups. But you may say,

"Algo! If I do this:

a = {"first", "second", "third"};
print(a[1]);

...then "first" appears in my console!"

Yes, that's correct, in terms of computer science. Lua, because it is a nice language, makes keys in tables optional by automatically giving them an integer value key. This starts at 1. Why? Lets look at that formula for arrays again:

Given array "arr", size of data type "sz", and index "i", find the desired element ("el"):

el = arr + (sz * i)

This NEEDS to start at 0 and not 1 because otherwise, "sz" would always be added to the start address of the array and the first element would ALWAYS be skipped. But in tables, this is not the case, because tables do not have a defined data type size, and this formula is never used. This is why actual arrays are incredibly performant no matter the size, and the larger a table gets, the slower it is.

That felt good to get off my chest. Yes, Lua could start the auto-key at 0, but that might confuse people into thinking tables are arrays... well, I guess there's no avoiding that either way.

We've built a web app and now a client wants a VPN acces to the database of web app. When asked why, they said they want to occasionally pull some data out. 😱

We said no, and this is what they wrote:
"We’ve got live VPN access to every other web database we work with – why is this different?"

Well because maybe we know that we can build you an export of whatever you want, prepare you API calls for getting data to your CRM, but hell I'm not giving you access to the production DB.

My colleagues broke down our AWS account by hard coding the AWS access API keys and pushing the same code to a public repository. This took down our system for nearly 3 days.

There is this service that I want to use (wont name it for privacy/legal reasons) and I have created a trial account which gives me a limited access to their apis. However the usage is where things are interesting.
The api access is restricted to some 1000 calls per trial account. But also they have a explorer option which lets to have the functionality as a web app like a dashboard and the explorer usage has unlimited access.

Now since I didnt want to exhaust my api limit, I let my service call the explorer apis instead. Is this ethically wrong or it is the fault of the service providers that they have such a big gaping hole in their licensing?

The bossman asked if our signup service sends an automated email after we successfully process someone's payment or when we promote them to full customer.

That sounds like a simple query, yeah?

Well.

Here's some background:

We have four applications; one in React, three in Rails. I'll replace their names to retain some anonymity.
1) "IceSkate" is the React app, and it's a glorified signup form. (I wrote this one.)
2) "Bogan" is the main application, and is API-only; its frontend has been long since deprecated by the following two:
3) "Bum" is a fork of "Bogan" that has long since diverged. It now contains admin-only tools.
4) "Kulkuri" is also a fork of "Bogan" that has long since diverged. It now contains tools specifically for customers, which they can access.

All but IceSkate (obv) share a database.

Here's how signups happen:

Signups come in from IceSkate, which hits a backend API on Bogan. Bogan writes the data to the database, charges the card immediately, and leaves the signup for moderation.

And here's how promotion from signup to customer happens:

Bum has a view allowing admins to validate, modify, and "promote" a signup to a full customer. Upon successful promotion, Bum calls "ServerWrap", a module which calls actions on the other applications; in this case: Bogan.

Bogan routes execution through three separate models before calling "ServerWrap" again, this time calling KulKuri.

Finally, KulKuri actually creates the customer!

After KulKuri finishes creating the customer, execution resumes on Bogan, which then returns, causing execution to resume on Bum. Bum then runs through several other models, references the newly-created customer object (as all three share a database), and ... updates the customer with its current data, and then updates the signup object. After all of this, it finally shows the admin the "new customer" view.

It took me 25 minutes to follow the chain of calls, and I still don't know quite what's going on. I have no idea if any of it sends an email or not -- I didn't see any signs of this, but I very easily could have overlooked something.

So, to answer bossman's question... I asked the accounting people if they send the email manually. If they don't, it's automatic, which means I missed something and get to burrow through that mess all over again!

I really hope I missed something; otherwise I need to figure out how and where (and when!) to send the email...

just...
errrrgghh

I spent an hour arguing with the CTO, pushing for having all our new products' data in the database (wow) with an API I could hit to fetch said data (wow) prior to displaying it on our order page.

He never actually agreed with me, but he finally acquiesced and wrote the migrations, API, and entered my (rather contrived) placeholder data. (I've been waiting on the boss for details and copy for three days.)

Anyway, it's now live on QA. but. I don't know where QA is for this app, and it's been long enough that i'm kind of afraid to ask.

Does that sound strange?
well.

We have seven (nine?) live applications (three of which share a database), and none of their repos match their URLs, nor even their Heroku app names. (In some of these Heroku names, "db" is short for the app's namesake, while in the rest it's short for "database").

So, I honestly have no idea where "dbappdev" points to, and I don't have access to the DNS records to check. -.-

What's more: I opened "dbappdev" on Heroku and tested out his new API -- lo and behold! it returns nada. Not a single byte. (Given his history I expected a 500, so this is an improvement, I think. Still totally useless, however.)

And furthermore: he didn't push the code to github, so I cannot test (or fix) it locally.

just. UGH.

every day with this guy, i swear.

Creating an API to access another API in order to secure your apikey feels... weird

A LOT of this article makes me fairly upset. (Second screenshot in comments). Sure, Java is difficult, especially as an introductory language, but fuck me, replace it with ANYTHING OTHER THAN JAVASCRIPT PLEASE. JavaScript is not a good language to learn from - it is cheaty and makes script kiddies, not programmers. Fuck, they went from a strong-typed, verbose language to a shit show where you can turn an integer into a function without so much as a peep from the interpreter.

And fUCK ME WHY NOT PYTHON?? It's a weak typed but dynamic language that FORCES good indentation and actually has ACCESS TO THE FILE SYSTEM instead of just the web APIs that don't let you do SHIT compared to what you SHOULD learn.

OH AND TO PUT THE ICING ON THE CAKE, the article was comparing hello worlds, and they did the whole Java thing right but used ALERT instead of CONSOLE.LOG for JavaScript??? Sure, you can communicate with the user that way too but if you're comparing the languages, write text to the console in both languages, don't write text to the console in Java and use the alert api in JavaScript.

Fuck you Stanford, I expected better you shitty cockmunchers.

My worst interview ever was my first interview fresh out of college. After the initial phone screen, they asked me to drive 2 hours to their office to give me a "code challenge."

The challenge was to spend 4 hours writing a simple rest API for a blog type thing, but the catch was to not use any existing libraries for data access and instead write an entirely database agnostic DAL. Then after I finished they sat me in a conference room with 3 of their engineers and the CEO to just tear apart my code.
For a JUNIOR position to someone fresh out of college.

I guess I defended it well, because they asked to continue the process l, but after that I found a different position.

Last week my company thought it would be a great idea to introduce a new sh*tty internal web portal that gives federated access to aws (instead of using our own accounts to assume dev roles like we used to do).

This broke a lot of sh*t that simply used to ask for an MFA token and used our practically permissionless accounts to assume a proper dev role. An MFA token that we'd enter directly into the terminal/tool. It was very seamless. But nooooooo we now have to go a webpage, login with sso (which also requires mfa), click "generate credentials," copy-paste those into terminal/creds file and _then_ continue our aws cli call. Every. Single. Day.

BUT TODAY I HAD ENOUGH.

I spent the entire day rewriting the auth part of our tools so they would basically read the cookie that's set by the web portal, and use it to call the internal api that generates the credentials, and just automatically save those. Now all we need to do is log into the portal, then return to the tool and voilà, the tool's also got access! Sure, it's not as passive as just entering an MFA token directly, but it's as passive as it gets. Still annoyed by this sh*tty and unnecessary portal, but I learned a thing or two about cookies.

i am fucking tired of companies that come to me expecting to magically fix their STEAMING PILE OF BULLSHIT AND TRASH CODE. how about when i ask "can i get a project brief", instead of saying "just fix it" or "it just needs to do this", GIVE ME A FUCKING COHERENT AND DESCRIPTIVE WRITEUP OF EXACTLY WHAT YOU NEED. i can't read your minds, let alone read the code the previous cock sucking developer wrote, so guess what? i'm left with no other option but to completely rewrite it. to top it off, instead of giving me god damn excuses as to why you can't get me the api key for your order processing, MAKE A NEW ACCOUNT AND GET IT TO ME. how the fuck do you expect me to test an application when i don't even have access to the fucking api the whole shit pile is based around? i swear to god if these people expect me to have this done by the end of the week but want to be little cunt nuggets they can go eat shit. fuck you, fuck your "contract", fuck your company, FUCK EVERYTHING. greedy, shit faced bastards

Production crashed literally 5 minutes after I went to bed. Collaborators couldn't fix the problem as they had to reset an API key only my account could access. They tried calling me but my phone was muted. Woke up 5 hours later only to realise it had been down all night.

Whoops.

Got pretty peeved with EU and my own bank today.

My bank was loudly advertising how "progressive" they were by having an Open API!

Well, it just so happened I got an inkling to write me a small app that would make statistics of the payments going in and out of my account, without relying on anything third-party. It should be possible, right? Right?

Wrong...

The bank's "Open API" can be used to fetch the locations of all the physical locations of the bank branches and ATMs, so, completely useless for me.

The API I was after was one apparently made obligatory (don't quote me on that) by EU called the PSD2 - Payment Services Directive 2.

It defines three independent APIs - AISP, CISP and PISP, each for a different set of actions one could perform.

I was only after AISP, or the Account Information Service Provider. It provides all the account and transactions information.

There was only one issue. I needed a client SSL certificate signed by a specific local CA to prove my identity to the API.

Okay, I could get that, it would cost like.. $15 - $50, but whatever. Cheap.

First issue - These certificates for the PSD2 are only issued to legal entities.

That was my first source of hate for politicians.

Then... As a cherry on top, I found out I'd also need a certification from the local capital bank which, you guessed it, is also only given to legal entities, while also being incredibly hard to get in and of itself, and so far, only one company in my country got it.

So here I am, reading through the documentation of something, that would completely satisfy all my needs, yet that is locked behind a stupid legal wall because politicians and laws gotta keep the technology back. And I can't help but seethe in anger towards both, the EU that made this regulation, and the fact that the bank even mentions this API anywhere.

Seriously, if 99.9% of programmers would never ever get access to that API, why bother mentioning it on your public main API page?!

It... It made me sad more than anything...

dear api author at my company pt. 2:

If you're gonna create an api method that takes some arguments.

And one of those arguments is an array.

THEN MAKE THE FUCKING ARGUMENT'S NAME PLURAL YOU FUCKING PIECE OF SHIT.

REPEAT WITH ME, MOTHERFUCKER.
ARRAY, PLURAL, NON-ARRAY, SINGULAR.

I need to pass a shitload of filters for the data for this table, and for every suckin fuckin filter I need to singularize this shit. Thank god for es6.

I know this sounds like nitpick, but I swear to fucking alpha omega this guy is inconsistent as fuck.

Every time it feels like he makes up a new rule.

Sometimes I need to send arrays of ids, other times arrays of objects with an id property on each.

He uses synonyms too, sometimes it's remove, other times erase.

PICK ONE MOTHERFUCKER.

If you can't do the basic things well, then what is to expect of more advanced stuff?

Naming conventions you fucking idiot, follow them. It's programming 101.

You're already sending them as plural in the fucking response. Why change them for the request?

And that's just style, conventions.

This idiot asshole also RARELY DOES ANY FUCKING CHECK ON THE ARGUMENTS.

"Oh, you sent a required argument as null? 500"

We get exceptions on sentry UP THE ASS thanks to this useless bone container.

YOU'RE SEEING THE EXCEPTIONS TOO!!!!! 500'S ARE BUGS YOU NEED TO FIX, YOU CUMCHUGGER

And sometimes he does send 400, you know what the messages usually are?
"Validation failed".

WHYYYYYY YOU GODDAMN APATHETIC TASTELESS FUCK???
WHAT EXACTLY CAUSED THE FUCKING VALIDATION TO FAIL????

EXCEPTIONS HAPPEN AND THANKS TO YOU I HAVE NO IDEA WHY.

The worst of all... the worst of fucking all is that everytime I make a suggestion to change shit, every time, you act like you care.
You act like the api is the way it is because you designed it in a calculated manner.

MOTHERFUCKER. IF A USER HAS ONLY PRODUCT A, THEN HE SHOULDN'T BE ABLE TO ACCESS DATA FOR PRODUCT B. IT IS NOT ENOUGH TO JUST RESTRICT SHIT WITH ADMIN ROLES. IDIOT!!!!!

This is the work of someone who has no passion for programming.

Vendor: We are very professional and follow best practices, we know what we are doing. You should trust us.

Also Vendor 5 mins later: DB passwords, API keys and SSH keys in repo. AWS Access Keys shared in screenshots in email.

Me: 😭

Thank God the week 233 rants are over - was getting sick of elitist internet losers.

The worst security bug I saw was when I first started work as a dev in Angular almost year ago. Despite the code being a couple of years old, the links to the data on firebase had 0 rules concerning user access, all data basically publicly available, the API keys were uploaded on GitHub, and even the auth guard didn't work. A proper mess that still gives me the night spooks to this day.

Google just emailed me to tell me that I should, "take action against suspicious apps that can access your data"... but the app in question was a Google Drive API token I made for a thing I am personally developing .-.

Gave the marketing team access to JIRA and gave them permissions to create tickets. Don’t know if that was a management’s design or what. Tickets were poorly written and I had to make frequent follow ups to figure out what the heck was actually being requested. I did get accused of “questioning the request” at least once. It was a big WTF because I think marketing thought they managed dev team but they didn’t.

Marketing also didn’t give a damn about agile processes despite being told some simple rules, such as don’t change your ticket details after a dev has already begun work on it. I would pick up a ticket thinking it’s just html and css updates, then it would change to include an api update. No no no. You’ve just turned a 1 day ticket into a 1 week ticket. I don’t have time for these shenanigans.

I would also submit tickets for code review and marketing would say it’s not ready for review. Then why was that ticket in the to do column for the past two days?! They couldn’t make a decision and would submit revisions every single day.

And they would think devs could do everything. No, never assume the front end dev can pick up back end tasks.

No one on dev team really cared because we were all looking for new jobs anyway. The company was planning to lay us off in a year. Every month a dev gave notice and left.

I wrote a node + vue web app that consumes bing api and lets you block specific hosts with a click, and I have some thoughts I need to post somewhere.

My main motivation for this it is that the search results I've been getting with the big search engines are lacking a lot of quality. The SEO situation right now is very complex but the bottom line is that there is a lot of white hat SEO abuse.

Commercial companies are fucking up the internet very hard. Search results have become way too profit oriented thus unneutral. Personal blogs are becoming very rare. Information is losing quality and sites are losing identity. The internet is consollidating.

So, I decided to write something to help me give this situation the middle finger.

I wrote this because I consider the ability to block specific sites a basic universal right. If you were ripped off by a website or you just don't like it, then you should be able to block said site from your search results. It's not rocket science.

Google used to have this feature integrated but they removed it in 2013. They also had an extension that did this client side, but they removed it in 2018 too. We're years past the time where Google forgot their "Don't be evil" motto.

AFAIK, the only search engine on earth that lets you block sites is millionshort.com, but if you block too many sites, the performance degrades. And the company that runs it is a for profit too.

There is a third party extension that blocks sites called uBlacklist. The problem is that it only works on google. I wrote my app so as to escape google's tracking clutches, ads and their annoying products showing up in between my results.

But aside uBlacklist does the same thing as my app, including the limitation that this isn't an actual search engine, it's just filtering search results after they are generated.

This is far from ideal because filter results before the results are generated would be much more preferred.

But developing a search engine is prohibitively expensive to both index and rank pages for a single person. Which is sad, but can't do much about it.

I'm also thinking of implementing the ability promote certain sites, the opposite to blocking, so these promoted sites would get more priority within the results.

I guess I would have to move the promoted sites between all pages I fetched to the first page/s, but client side.

But this is suboptimal compared to having actual access to the rank algorithm, where you could promote sites in a smarter way, but again, I can't build a search engine by myself.

I'm using mongo to cache the results, so with a click of a button I can retrieve the results of a previous query without hitting bing. So far a couple of queries don't seem to bring much performance or space issues.

On using bing: bing is basically the only realiable API option I could find that was hobby cost worthy. Most microsoft products are usually my last choice.

Bing is giving me a 7 day free trial of their search API until I register a CC. They offer a free tier, but I'm not sure if that's only for these 7 days. Otherwise, I'm gonna need to pay like 5$.

Paying or not, having to use a CC to use this software I wrote sucks balls.

So far the usage of this app has resulted in me becoming more critical of sites and finding sites of better quality. I think overall it helps me to become a better programmer, all the while having better protection of my privacy.

One not upside is that I'm the only one curating myself, whereas I could benefit from other people that I trust own block/promote lists.

I will git push it somewhere at some point, but it does require some more work:
I would want to add a docker-compose script to make it easy to start, and I didn't write any tests unfortunately (I did use eslint for both apps, though).
The performance is not excellent (the app has not experienced blocks so far, but it does make the coolers spin after a bit) because the algorithms I wrote were very POC.
But it took me some time to write it, and I need to catch some breath.

There are other more open efforts that seem to be more ethical, but they are usually hard to use or just incomplete.

commoncrawl.org is a free index of the web. one problem I found is that it doesn't seem to index everything (for example, it doesn't seem to index the blog of a friend I know that has been writing for years and is indexed by google).

it also requires knowledge on reading warc files, which will surely require some time investment to learn.

it also seems kinda slow for responses,

it is also generated only once a month, and I would still have little idea on how to implement a pagerank algorithm, let alone code it.

Beta version... only devs have access

Screen for a not-ready-yet feature:

A nice image of a faded broken structure, underlined with a "Work in progress" text.

Primary button below "I want it now"

/clicks button

next to the button, a text fades in:
"Please, be patient"

You keep clicking "I want it now", after a few clicks you get "Plese, be **very** patient"

/Checks the source code

it bloody adds a "very" for every 5 clicks and calls an API to send you an email for every 5 clicks:

Thanks for very {n times very} much wanting {feature name}

11 clicks = 3 emails with very, very very and very very very

Yep, I am patient now, especially if I get my hands on you...

Alright so I have to create an API that communicates with a web interface and three different back end systems. And I think my customer might have thought that I am actually Jesus because they didn't have any docs for their systems and their policy did not allow me to gain access to their internal testing environment (which. Drove. Me. NUTS) and expected me to create this API by pure guesswork basically. After teaching the customer's internal IT guy how to capture requests between the systems I managed to somehow got the prototype working. I am proud and sleepy. ... Mainly sleepy

An undetectable ML-based aimbot that visually recognizes enemies and your crosshairs in images copied from the GPU head, and produces emulated mouse movements on the OS-level to aim for you.

Undetectable because it uses the same api to retrieve images as gameplay streaming software, whereas almost all existing aimbots must somehow directly access the memory of the running game.

The Instagram API sucks a Lot.

Why the fuck I've to login with my account using OAuth2 to get posts of a PUBLIC account, it's so hard to make an authentication endpoint that doesn't require the user to enter his credentials in order to access PUBLIC content?

Fucking piece of shit

Leaking an API access token to the web client... oh no no noooo...

We use jira at my company. It's great for me, because no ticketing system's UI is worth a shit, but jira's API is excellent. But we're switching to a new system that is an absolute piece of garbage. Every page is 100% Javascript, so no source can ever be viewed, and the URL never changes to reflect what's onscreen. If you know a ticket number, no URL will ever get you straight to it. You have to navigate multiple slow-loading 25MB piles of Javascript to reach what you're seeking. And most damning of all: the new system has an API, but our highest management is withholding access to it, claiming it breeds laziness.

Is amazing the kind of shit you have to swallow when your management has regular meetings with really really super extremely good-looking sales people.

Haven't had such joy as with developing the devrant client in a while. (when things work of course haha)

The js plugin system works now with barely any time added to just loading the rants and in proper order too! (thanks asyncjs) now just need to add a way for the user to download and manage external ones.

The screenshot shows the test plugin linkify, which fetches from the API if there's any links and linkifies them even on the feed (which devrant web doesn't do and always annoyed me) - though since html gets stripped by handlebars I'll have to find a way for them to properly render with other tags to still be stripped (maybe handlebars has that inbuilt already? didn't check yet), plugins currently have access to all values the template would get too, so one could fuck around with e.g. the usernames too lol.

btw: the app is fully responsive even on desktop, which will be handy for me personally, iirc all the other clients I've tried always had some sort of size limit, without which it'd also better fit all our i3 archers out there.

Oh dear Apple,

so you're telling me that for the camera API, the requestAuthorization() method returns a bool and for the PhotoLibrary it returns an enum. Why are you going with an enum when there are 2 states and the camera api doesn't use an enum?

(The 2 methods serve the same purpose, the enum exists in the camera api as well and has the exact same states)

And why do I need access to users photos, if I only want to write photos?

"One misstep from developers at Starbucks left exposed an API key that could be used by an attacker to access internal systems and manipulate the list of authorized users," according to the report of Bleeping Computer.

Vulnerability hunter Vinoth Kumar reported and later Starbucks responded it as "significant information disclosure" and qualified for a bug bounty. Along with identifying the GitHub repository and specifying the file hosting the API key, Kumar also provided proof-of-concept (PoC) code demonstrating what an attacker could do with the key. Apart from listing systems and users, adversaries could also take control of the Amazon Web Services (AWS) account, execute commands on systems and add or remove users with access to the internal systems.

The company paid Kumar a $4,000 bounty for the disclosure, which is the maximum reward for critical vulnerabilities.

18 commits later, the unofficial documentation has been ported over to GitBook.

The documentation now lives in a private repo on GitHub which is hooked up to a CI tool to build the book when a commit is pushed.

This will make maintaining the documentation much easier and also allow for collaboration which was previously not possible.

Because this documentation contains some endpoints some of you might not even know about, access is provided on a invite-only basis which is controlled by @dfox.

For new requests, contact @dfox with your name and what you are planning to build.

If you have already created something with the API email me at support@nblackburn.uk with your name and a link and I will send you a invite.

So I've been doing work for a big ass real estate firm. Managing work of their 12 websites. A month ago they sent a prototype built with React.js which their design agency did. What we did was creating a backend API and an administration area and hooked the prototype to make it dynamic.
Everything was working quite great but around 2-3 days ago their guy who had been looking over the work of this React.js website came up and said that it isn't working in Internet Explorer 11. Bastard didn't mention this earlier throughout the whole month when we had provided him access to a staging server. I coldly replied that the prototype was provided by their design agency. But today the fucker put it all on us and said that it is something we implemented that caused this issue. I had to do some research but I finally managed to run the website in IE11. Bastard tried to steal my weekend.
Fuck IE11, fuck such pig clients, fuck Microsoft. IE, just DIE already you syphilis infected piece of whore's ass!

My last company had a code base originating in the 90's and they still write most parts of the GUI with a library that is a thin layer on top of Win32 API, with a self-rolled "ORM" for DB access (with LOTS of enums) and all that with >2million lines of C++ code. The code includes at least two implementations of std vector and std:list. One of which is even *named* std::vector. Feels good remembering that I have left that behind

I've been using the Square REST API and I spent one hour thinking there was something wrong in my code until I f** found that THEY were not following OAuth 2 guidelines, which made their workflow incompatible with the OAuth lib I was using, so I had to mark an exception for Square's OAuth from the rest of my OAuths. Specifically, RFC 6749 Section 4.2.2 and 5.1.

However, after reading OAuth 2 guidelines, I became angry at THEM instead. The parameter `expires_in` should be the "lifetime in seconds" after the response. This will always be innevitably inaccurate, since we are not taking into account the latency of the response. This is, however, not a huge problem, since the shortest token lifetimes are of an hour (like f** Microsoft Active Directory, who my cron jobs have to check every ten minutes for new access tokens). Many workflows (like Microsoft, Square, and Python's oauthlib) have opted to add the `expires_at` parameter to be more precise, which marks the time in UTC. However, there's no convention about this. oauthlib and Microsoft send the time in Unix seconds, but Square does this in ISO 8601. At this point, ISO 8601 is less ambigious. Sending a raw integer seems ambiguous. For example, JavaScript interprets integer time as Unix _milliseconds_, but Python's time library interprets it as _seconds_. It's just a matter of convention, a convention that is not there yet.

Hope this all gets solved in OAuth 2.1 pleeeaasseee

Been getting a lot of troll / clown / clueless (?) comments on my posts recently. Select favorites include:

"Why do you have a login form on your website?" wut
"Why didn't you throw away that API key?" wut
"Why do you even need to access your apps' servers?" wut

There are just SO many amazing devs here who have NEVER had do any of those things, I'm quite literally an idiot and don't know what I'm doing, sorry for my ignorance. I'd forgotten that there is only exactly one way to build software, I wish I'd done it "that" way sooner! Foolish me.

Really not sure if trolls, clowns, or clueless. Don't care. 🤡🤡🤡

I had a wonderful run-in with corporate security at a credit card processing company last year (I won't name them this time).
I was asked design an application that allowed users in a secure room to receive instructions for putting gift cards into envelopes, print labels and send the envelopes to the post. There were all sorts of rules about what combinations of cards could go in which envelopes etc etc, but that wasn't the hard part.
These folks had a dedicated label printer for printing the address labels, in their secure room.
The address data was in a database in the server room.
On separate networks.
And there was absolutely no way that the corporate security folks would let an application that had access to a printer that was on a different network also have access to the address data.
So I took a look at the legacy application to see what they did, to hopefully use as a precedent.
They had an unsecured web page (no, not an API, a web page) that listed the addresses to be printed. And a Windows application running on the users' PC that was quietly scraping that page to print the labels.
Luckily, it ceased to be an issue for me, as the whole IT department suddenly got outsourced to India, so it became some Indian's problem to solve.

Ok, first rant, about my struggles getting reliable internet over the past 6 years. It's not too interesting of a topic, but here we go:

I'm living in a more rural part of Germany and internet here is shit. I pay more than 50 bucks a month for 700kb/s downstream (let's just not talk about upstream...), which is meh by itself but it gets worse. Before this I had roughly 230kb/s downstream using DSL. My provider came out with a new oh-so-fucking-fancy solution for giving people faster internet without upgrading their lame ass fucking backbone and POS infrastructure from 70 years ago: they sell you hybrid internet which combines your shit DSL and an LTE connection using TCP Multicast. Not only do I get only 6 of my promised (and payed for) 50 Mbit, no, It's also a fucking piece of nonworking shit!!!

Let me illustrate:
You constantly have problems with web content (or any remote content) not loading because the host server does not support TCP Multicast. It either refuses connection altogether or it takes about 30-50 seconds to establish a connection. Think about your live when it takes two or three fucking minutes to load 5 YouTube thumbnails or load new tweets at the bottom of the Twitter page! Also, you never know if you a) have an error in your implementation of a new API or if b) the remote host doesn't support TCPMC (there's never an error for that! Fuck you!), your SSH sessions ALWAYS drop in the most inopportune fucking moments because the LTE thing lost connection, you always have to turn on a VPN if you want to visit specific websites (for example your school's website) and so on....

Oh and also, my provider started throttling specific services again these days with Netflix and YouTube struggling to display 240p, fucking 240p video without buffering when I get 600kbit down on steam (ofc the steam download is paused when watching videos). When using a VPN, YouTube 720p and Netflix HD work like a charm again. Fucking Telekom bastards

Then there is the problem with VPNs. The good thing about them is that they solve all the TCP Multicast problems. Yay. Now for the bad things:
First of all, as soon as I use a VPN, access times to remote go up by like fucking 500%. A fucking DNS lookup takes 8-15 seconds!!! The bandwidth is there but it takes forever.. because reasons I guess. Then the speed drops to DSL speeds after a while because the router turns off my LTE connection when it is unused and it does not detect VPN traffic as traffic (again because... Reasons?) And also, the VPN just dies after an hour and you have to manually reconnect (with every VPN provider so far)

And as if that wasn't enough, now the lan is dying on me, too, with the router (the fucking expensive hybrid piece of shit, 230 bucks..) not providing DHCP service anymore or completely refusing all wifi connections or randomly dropping 5Ghz devices, or.....

You get the point.

The worst thing is, they recently layed down 400mbit fiber in my neighborhood. Guess where the FUCKING PIECE OF SHIT CABLE ENDS??? YEAH, RIGHT IN FRONT OF MY NEIGHBORS HOUSE. STREET NUMBER 19 IS SERVED WITH 400MBIT AND MY HOME, THE 20, IS NOT IN THEIR FUCKING SERVICE REGION. Even though there is a fucking cable with the cable companies name on it on my property, even leading up to my house! They still refuse to acknowledge it! FUCK YOU!!!!

Well anyways thanks for reading. Any of you got the same problems? :/

Since my first post was a success, here's another shameless hack-- in this case, ripping a "closed" database I don't usually have access to and making a copy in MySQL for productivity purposes. That was at a former job as an IT guy at a hardware store, think Lowes/Rona.

We had an old SCO Unix server hosting Informix SQL (curious, anyone here touched iSQL?), which has terminal only forms for the users to handle data, and has keybindings that are strangely vi based (ESC does commit changes. Mindfsck for the users!). To add new price changes to our products, this results to a lengthy procedure inside a terminal form (with ascii borders!) with a few required fields, which makes this rather long. Sadly, only I and a colleague had access to price changes.

Introducing a manager who asks a price change for a brand- not a single product, but the whole product line of a brand we sell. Oh and, those price changes ends later after the weekend (twice the work, back at regular price!)

The usual process is that they send me a price change request Excel document with all the item codes along with the new prices. However, being non technical, those managers write EVERYTHING at hand, cell by cell (code, product name, cost, new price, etc), sometimes just copy pasted from a terminal window

So when the manager asked me to change all those prices, I thought "That's the last time I manually enter all of this sh!t- and so does he". Since I already have a MySQL copy of the items & actual (live) price tables, I wrote a PHP backend to provide a basic API to be consumed to a now VBA enhanced Excel sheet.

This VBA Excel sheet had additional options like calculating a new price based on user provided choices ("Lower price by x $ or x %, but stay above cost by x $ or x %"), so the user could simply write back to back every item codes and the VBA Excel sheet will fetch & display automatically all relevant infos, and calculate a new price if it's a 20% price cut for example.

So when the managers started using that VBA sheet, I had also hidden a button which simply generate all SQL inserts for the prices written in the form, including a "back to regular price" if the user specified an end date, etc.

No more manual form entry for me, no more keyboard pecking for the managers with new prices calculated for them. It was a win/win :)

Client wants this "demo" LIVE by the end of the month... But still not got access to THEIR API yet!!! 😑

That's it, where do I send the bill, to Microsoft? Orange highlight in image is my own. As in ownly way to see that something wasn't right. Oh but - Wait, I am on Linux, so I guess I will assume that I need to be on internet explorer to use anything on microsoft.com - is that on the site somewhere maybe? Cause it looks like hell when rendered from Chrome on Ubuntu. Yes I use Ubuntu while developing, eat it haters. FUCK.

This is ridiculous - I actually WANT to use Bing Web Search API. I actually TRIED giving up my email address and phone number to MS. If you fail the I'm not a robot, or if you pass it, who knows, it disappears and says something about being human. I'm human. Give me free API Key. Or shit, I'll pay. Client wants to use Bing so I am using BING GODDAMN YOU.

Why am I so mad? BECAUSE THIS. Oauth through github, great alternative since apparently I am not human according to microsoft. Common theme w them, amiright?

So yeah. Let them see all my githubs. Whatever. Just GO so I can RELAX. Rate limit fuck shit workaround dumb client requirements google can eat me. Whats this, I need to show my email publicly? Verification? Sure just go. But really MS, this looks terrible. If I boot up IE will it look any better? I doubt it but who knows I am not looking at MS CSS. I am going into my github, making it public. Then trying again. Then waiting. Then verifying my email is shown. Great it is hello everyone. COME ON MS. Send me an email. Do something.

I am trying to be patient, but after a few minutes, I revoke access. Must have been a glitch. Go through it again, with public email. Same ugly almost invisible message. Approaching a billable hour in which I made 0 progress. So, lets just see, NO EMAIL from MS, Yes it appears in my GitHub, but I have no way to log into MS. Email doesnt work. OAuth isn't picking it up I guess, I don't even care to think this through.

The whole point is, the error message was hard to discover, seems to be inaccurate, and I can't believe the IRONY or the STUPIDITY (me, me stupid. Me stupid thinking I could get working doing same dumb thing over and over like caveman and rock).

Longer rant made shorter, I cant come up with a single fucking way to get a free BING API Key. So forget it MS. Maybe you'll email me tomorrow. Maybe Github was pretending to be Gitlab for a few minutes.

Maybe I will send this image to my client and tell him "If we use Bing, get used to seeing hard to read error messages like this one". I mean that's why this is so frustrating anyhow - I thought the Google CSE worked FINE for us :/

Welp, this made my night and sorta ruined my night at the same time.

He decided to work on a new gaming community but has limited programming knowledge, but has enough to patch and repair minor issues. He's waiting for an old friend of his to come back to start helping him again, so this leads to me. He needed a custom backend made for his server, which required pulling data from an SQL/API and syncing with the server, and he was falling behind pace and asked for my help. He's a good friend that I've known for a while, and I knew it wouldn't take to long to create this, so I decided to help him. Which lead to an interesting find, and sorta made my night.

It wasn't really difficult, got it done within an hour, took some time to test and fix any bugs with his SQL database. But this is where it get's interesting, at least for me. He had roughly a few hundred people that did beta testing of the server, anyways, once the new backend was hooked in and working, I realized that the other developer he works with had created a 'custom' script to make sure there are no leaks of the database. Well, that 'custom' script actually begins wiping rows/tables (Depends on the sub-table, some get wiped row by row, some just get completely dropped), I just couldn't comprehend what had happened, as rows/tables just slowly started disappearing. It took me a while of checking, before checking his SQL query logs (At least the custom script did that properly and logged every query), to realize it just basically wiped the database.

Welp, after that, it began to restrict the API I was using, and due to this it identified the server as foreign access (Since it wasn't using the same key as his plugin, even though I had an API key created just so it could only access ranks and such, to prevent abuse) and begin responding not with denied, but with a lovely "Fuck you hacker!" This really made my night, I don't know why, but I was genuinely laughing pretty hard at this response.

God, I love his developer. Luckily, I had created a backup earlier, so I patched it and just worked around the plugin/API to get it working. (Hopefully, it's not a clusterfuck to read, writing this at 2 am with less than an hour of sleep, bedtime! Goodnight everyone.)

We use a third party paid company to produce a service and give ongoing support for it, which all our revenue streams depend upon. They are shit and their service is shit. Here's how my conversation about testing went today.

Me: 'hey X wrote an integration test project for the service. It shows the service is broken 50% of the time. We should give their team access to it and have them run it as part of CI'

Colleague: 'They are too shit to setup CI'

PM: 'we are stuck with them so there is no point. It is what it is'

Boss: just ignores me. Not even a reply.

Some days later

Head of QA: 'Hey Dev and QA are broken'

Me: 'because their service is broken. I made so and so suggestion before but it was rejected. We will just have to accept Dev and QA are broken 50% of the time'

Head of QA: 'no we cant'

Me: 'ok so we should setup the tests to run by giving them access'

Head of QA: 'No we shouldn't. The tests can only be used by us and if they break it tells us so we can act on it, or choose not to'

Me: 'We would not want to act immediately on all our revenue streams breaking? Yes we can reverse engineer their client and fix errors as they occur, or we could just have them run the tests and a team our company pays for can stop adding breaking changes to their own API every other day. Right now it has been broken for 2 weeks.'

Head of QA: 'in an ideal world we would have an internal team so you're wrong'

Me: :)

I really don't understand how they can come to such a conclusion. Am I missing something or am I surrounded by total fucking idiots?

FUCKING HELL.

It's already enough that this FUCKING API I have to work with is a mess of JSON and XML responses mixed together.
With mixed german and english keys and attributes all sprinkled over it.
And API access locked to Austria only for some reason.

And then they even manage to fuck up the little bit of JSON they use.

It's just a fucking array of strings (where one could easily use integers).

They can stick this fucking steaming pile of shit that they call API up their PHP infested assholes.

I hate web development sometimes.

For all the hate that Java gets, this *not rant* is to appreciate the Spring Boot/Cloud & Netty for without them I would not be half as productive as I am at my job.

Just to highlight a few of these life savers:
- Spring security: many features but I will just mention robust authorization out of the box
- Netflix Feign & Hystrix: easy circuit breaking & fallback pattern.
- Spring Data: consistent data access patterns & out of the box functionality regardless of the data source: eg relational & document dbs, redis etc with managed offerings integrations as well. The abstraction here is something to marvel at.
- Spring Boot Actuator: Out of the box health checks that check all integrations: Db, Redis, Mail,Disk, RabbitMQ etc which are crucial for Kubernetes readiness/liveness health checks.
- Spring Cloud Stream: Another abstraction for the messaging layer that decouples application logic from the binder ie could be kafka, rabbitmq etc
- SpringFox Swagger - Fantastic swagger documentation integration that allows always up to date API docs via annotations that can be converted to a swagger.yml if need be.
- Last but not least - Netty: Implementing secure non-blocking network applications is not trivial. This framework has made it easier for us to implement a protocol server on top of UDP using Java & all the support that comes with Spring.

For these & many more am grateful for Java & the big big community of devs that love & support it.

¡rant|rant

Nice to do some refactoring of the whole data access layer of our core logistics software, let me tell an story.

The project is around 80k lines of code, with a lot of integrations with an ERP system and an sql database.

The ERP system is old, shitty api for it also, only static methods through an wrapper to an c++ library

imagine an order table.

To access an order, you would first need to open the database by calling Api.Open(...file paths) (yes, it's an fucking flat file type database)

Now the database is open, now you would open the orders table with method Api.Table(int tableId) and in return you would get an integer value, the pointer.

Now for the actual order. first you need to search for it by setting the search parameter to the column ID of the order number while checking all calls for some BS error code

Api.SetInt(int pointer, int column, int query Value)
Then call the find method.

Api.Find(int pointer)

Then to top this shitcake of an api of: if it doesn't find your shit it will use the "close enough" method of search.

And now to read a singe string 😑

First you will look in the outdated and incorrect documentation given to you from the devil himself and look for the column ID to find the length of the column.

Then you create a string variable with ALL FUCKING SPACES.

Now you call the Api.GetStr(int pointer, int column, ref string emptyString, int length)

Now you have passed your poor string to the api's demon orgy by reference.

Then some more BS error code checking.

Now you have read an string value 😀

Now keep in mind to repeat these steps for all 300+ columns in the order table.

News from the creators: SQL server? yes, sql is good so everything will be better?

Now imagine the poor developers that got tasked to convert this shitcake to use a MS SQL server, that they did.

Now I can honestly say that I found the best SQL server benchmark tool. This sucker creams out just above ~105K sql statements per second on peak and ~15K per second for 1.5 second to read an order. 1.5 second to read less than 4 fucking kilobytes!

Right at that moment I released that our software would grind to an fucking halt before even thinking about starting it. And that me & myself and I would be tasked to fix it.

4 months later and two weeks until functional beta, here I am. We created our own api with the SQL server 😀

And the outcome of all this...

Fixes bugs older than a year, Forces rewriting part of code base. Forces removal of dirty fixes. allows proper unit and integration testing and even database testing with snapshot feature.

The whole ERP system could be replaced with ~10 lines of code (provided same relational structure) on the application while adding it to our own API library.

Best part is probably the performance improvements 😀. Up to 4500 times faster and 60 times less memory usage also with only managed memory.

I hate this company so much. I was tasked to write a simple program wrapped in an API. They gave me freedom of choice to use any language and technology because I said it'll be deployed in docker anyway.

Now, when they gave me the server, it's Windows Server 2016, of course, without docker installed (or even supported in any way). The access is done via TeamViewer for which I receive ID and password by calling a guy.
Oh, and everything runs as admin. "It's easier that way and we always do it like this."

I inherited a nextjs project from an unknown guy and am fangirling the codebase

But the deeper I familiarise myself with it, the more the cracks begin to appear:

1) The dude Is incapable of grasping the basics of DRY concept. He actually setup a ton of stuff I may have done poorly if I'd started working straight out of the docs, so I feel like I owe him a shower of praise. I guess being new to nextjs makes it look more impressive than it actually is. He was paid off, yet getting the credit seems unearned to me. I'm just afraid reaching out to him might turn around to bite me in the ass
***

I had the above in my drafts, contemplating sending him a token to show some appreciation for unknowingly showing me the ropes. I was going to find him on LinkedIn using his commit names. But after doing everything I've done, undergoing the anxiety and severe pressure I faced at the hands of the project owners, I'm not sharing a farthing with anybody

Yes, I may not have known about zustand and persist middleware. Yes, he did all the ui. Yes, he created the base components and fancy wrappers around form and button html elements. For those, I'm grateful

But the amount of refactoring I had to do to, for an opportunity to implement my own target features, I'd say I can lay as much claim to the project as he does.

Side note #1: I have some newfound respect for front end devs. We used to discriminate against them for doing just css but that was only relevant in the jquery days. Now, they have to use cryptic css frameworks (sass, less, tailwind), they have to learn esoteric syntax of some js framework and write controllers/components as the case may be. They have to (the worst part), bind this data to an API, which would never make sense to me coming from a php ssr-natural world

Back rewarding the guy, some of the challenges I came back from were:

1) Next server outages: I still don't know the workaround this. The app terminates, browser giving an error about using up memory. I have to wait for about 10 minutes before I can access the app again

2) spring Webflux authentication not hydrating: I was unexpectedly asked to work on the back end too, where I got tortured with this horrifying condition. The most poorly documented framework for the Web has no upto date guide on how to implement jwt security measures. I opened a question on stackoverflow. A day later, both my question and the helpful answer got downvoted

3) Zustand not retrieving any data from localstorage once page reloads, until I miraculously stumbled on a hack: there's a config callback for reading state after rehydration or thereabout. So I interact with the state there. That's the only way content clearly in localstorage can get transmuted into dynamic format accessible by the code

4) Mongo database suddenly disconnecting: for no apparent reason, this bailed. Accessible on compass. This was even when I realised it was responsible for front end requests not going through. Eventually created a new database and requests surprisingly began connecting again. Thankfully, my laravel background taught me about seeders so I had them on standby from the onset. Wasn't difficult to just port to a fresh database after confirming the first one was inaccessible to the app

After this painful odyssey and the time constraints, threats of moving forward with someone else, I deserve every dime they deem me worthy of and more

After 337 Days, I am back again only to say:
Fuck you "Twitter For Developers". I would never ask you for API access anymore.
Fuck you and your fucking policy.
Fuck you and your fucking SMS Service that does not send the fucking SMS.
Fuck you and your fucking API.

Reducing API access to third party apps seems like a fucking short sighted move, Twitter.

Presumably given up on innovating on the platform and decided to milk what you have.

Doesn't excite me about your future.

It's been a while DevRant!

Straight back into it with a rant that no doubt many of us have experienced.

I've been in my current job for a year and a half & accepted the role on lower pay than I normally would as it's in my home town, and jobs in development are scarce.

My background is in Full Stack Development & have a wealth of AWS experience, secure SaaS stacks etc.

My current role is a PHP Systems Developer, a step down from a senior role I was in, but a much bigger company, closer to home, with seemingly a lot more career progression.

My job role/descriptions states the following as desired:

PHP, T-SQL, MySQL, HTML, CSS, JavaScript, Jquery, XML

I am also well versed in various JS frameworks, PHP Frameworks, JAVA, C# as well as other things such as:

Xamarin, Unity3D, Vue, React, Ionic, S3, Cognito, ECS, EBS, EC2, RDS, DynamoDB etc etc.

A couple of months in, I took on all of the external web sites/apps, which historically sit with our Marketing department.

This was all over the place, and I brought it into some sort of control. The previous marketing developer hadn't left and AWS access key, so our GitLabs instance was buggered... that's one example of many many many that I had to work out and piece together, above and beyond my job role.

Done with a smile.

Did a handover to the new Marketing Dev, who still avoid certain work, meaning it gets put onto me. I have had a many a conversation with my line manager about how this is above and beyond what I was hired for and he agrees.

For the last 9 months, I have been working on a JAVA application with ML on the back end, completely separate from what the colleagues in my team do daily (tickets, reports, BI, MI etc.) and in a multi-threaded languages doing much more complicated work.

This is a prototype, been in development for 2 years before I go my hands on it. I needed to redo the entire UI, as well as add in soo many new features it was untrue (in 2 years there was no proper requirements gathering).

I was tasked initially with optimising the original code which utilised a single model & controller :o then after the first discussion with the product owner, it was clear they wanted a lot more features adding in, and that no requirement gathering had every been done effectively.

Throughout the last 9 month, arbitrary deadlines have been set, and I have pulled out all the stops, often doing work in my own time without compensation to meet deadlines set by our director (who is under the C-Suite, CEO, CTO etc.)

During this time, it became apparent that they want to take this product to market, and make it as a SaaS solution, so, given my experience, I was excited for this, and have developed quite a robust but high level view of the infrastructure we need, the Lambda / serverless functions/services we would want to set up, how we would use an API gateway and Cognito with custom claims etc etc etc.

Tomorrow, I go to London to speak with a major cloud company (one of the big ones) to discuss potential approaches & ways to stream the data we require etc.

I love this type of work, however, it is 100% so far above my current job role, and the current level (junior/mid level PHP dev at best) of pay we are given is no where near suitable for what I am doing, and have been doing for all this time, proven, consistent work.

Every conversation I have had with my line manager he tells me how I'm his best employee and how he doesn't want to lose me, and how I am worth the pay rise, (carrot dangling maybe?).

Generally I do believe him, as I too have lived in the culture of this company and there is ALOT of technical debt. Especially so with our Director who has no technical background at all.

Appraisal/review time comes around, I put in a request for a pay rise, along with market rates, lots of details, rates sources from multiple places.

As well that, I also had a job offer, and I rejected it despite it being on a lot more money for the same role as my job description (I rejected due to certain things that didn't sit well with me during the interview).

I used this in my review, and stated I had already rejected it as this is where I want to be, but wanted to use this offer as part of my research for market rates for the role I am employed to do, not the one I am doing.

My pay rise, which was only a small one really (5k, we bring in millions) to bring me in line with what is more suitable for my skills in the job I was employed to do alone.

This was rejected due to a period of sickness, despite, having made up ALL that time without compensation as mentioned.

I'm now unsure what to do, as this was rejected by my director, after my line manager agreed it, before it got to the COO etc.

Even though he sits behind me, sees all the work I put in, creates the arbitrary deadlines that I do work without compensation for, because I was sick, I'm not allowed a pay rise (doctors notes etc supplied).

What would you do in this situation?

What is the fucking point of creating an amazing device with amazing software, which has a very nice API BUT USELESS FUCKING DOCS.

The thing has features that are only visible in their software, it is mentioned nowhere in the api docs and I have no fucking idea how to access those important features. Fuck you

In a time where a web dev is expected to know, well.. everything... Backend -JAVA, python, nodejs and C++ would be great.
Front- angular, react, other 10 libs
DBs -sql, mongo, redis, elastic, kafka, rebbitmq
Also be devops on the side with AWS and docker kubernetis and more stuff

How the f is that possible?

In my real job for the last couple of years and different companies, I usually use 1 language/framework & 1 main DB.. and although it's possible in some companies, but in mine, ppl dont get access to AWS etc..

So let's say there's me.. a server side dev for years.
So I decide to be better and learn Golang.. cool lang, never needed in my job, after few days of not using it I forgot all I learned and that was it.

Then I realized I gotta know some frontend cause everyone want a fullstack ninja nowadays.. so I tried Vuejs.. it was amazing .. never got to use it at work, cause i was a backend, and we didnt use frameworks on our products back then..
Also forgotten.

Then I decided to learned nodejs, because this is the coolest thing ever.. hated it, but whatever... Never got to use it at work, cause everything was written in other lang which the whole team knew... Forgot the little i knew.

Then I decided, its time to see what Angular is, cause everyone started using it... similar idea to vuejs which i barely remembered, but wow it's a lot of code to remember, or I'll have to google everything.. so I went over it, but can't say i even learned it.

Now Im trying to move on to python, which, I really am learning in depth.. however, since I dont have real experience with it, no one gives me a shot at being a python dev, so again i feel like I'm trying to memorize syntax and wasting my time..

Tired of seeing React in all job ads, i decided to have a look what's that all about.. and whadoyaknow... It's fucking the same idea as vue/angular with again different syntax..

THIS IS CRAZY!

in how many syntaxes do i need to know how to make a fucking crud api, and a page with same fucking post form, TO BE A GOOD PROGRAMMER?!?

I hate dependencies... I'm stuck on a project because I need to wait for some one else to provide specs and access to their API.... And well I was also given a deadline...

We use at our company one of the largest Python ORM and dont code ourselfs on it, event tough I can code. Its some special contract which our General Manager made, before we as Devs where in the Project and everything is provided from the external Company as Service. The Servers are in our own Datacenter, but we dont have access.

We have our Consultants (Project Manager) as payd hires and they got their own Devs.

Im in lead of Code Reviews and Interfaces. Also Im in the "Run" Team, which observes, debuggs and keeps the System alive as 3rd-Level (Application Managers).

What Im trying to achieve is going away from legacy .csv/sftp connections to RestAPI and on large Datasets GraphQL. Before I was on the Project, they build really crappy Interfaces.

Before I joined the Project in my Company, I was a Dev for a couple of Finance Applications and Webservices, where I also did coding on Business critical Applications with high demand Scaling.

So forth, I was moved by my Boss over to the Project because it wasn't doing so well and they needed our own Devs on it.

Alot of Issues/Mistakes I identified in the Software:
- Lots of Code Bugs
- Missing Process Logic
- No Lifecycle
- Very fast growing Database
- A lot of Bad Practices

Since my switch I fixed alot of bugs, was the man of the hour for fixing major Incidents and so on so forth. A lot of improvements have been made. Also the Team Spirit of 15+ People inside the Project became better, because they could consult me for solutions/problems.

But damn I hate our Consultants. We pay them and I need to sketch the concepts, they are to dumb for it. They dont understand Rest or APIs in general, I need to teach them alot about Best Practices and how to Code an API. Then they question everything and bring out a crooked flawed prototype back to me.

WE F* PAY THEM FOR BULLCRAP! THEY DONT EVEN WRITE DOCUMENTATION, THEY ARE SO LAZY!

I even had a Meeting with the main Consultant about Performance Problems and how we should approach it from a technical side and Process side. The Software is Core Business relevant and its running over 3 Years. He just argumented around the Problem and didnt provide solutions.

I confronted our General Manager a couple of times with this, but since 3 Years its going on and on.

Im happy with my Team and Boss, they have my back and I love my Job, but dealing with these Nutjobs of Consultants is draining my nerves/energy.

Im really am at my wits end how to deal with this anymore? Been pulling trough since 1 year. I wanna stay at my company because everything else besides the Nutjob Consultants is great.

I told my Boss about it a couple of times and she agrees with me, but the General Manager doesnt let go of these Consultants.

Even when they fuck up hard and crash production, they fucking Bill us... It's their fault :(

Asked to implement a feature in a mobile app that wasn't actually supported by the backend. Feature had 3 possible values in the backend, only 1 and 2 were properly implemented. Below was the backend teams solution to support the third option.

- If the key is missing in API response A, means the user is not allowed access this feature.
- If the key is present in API response A, and missing from API response B, that means it hasn't been set.
- If both are the same value, user has that value.
- It will never be the case that both return option 3.
- If both are different values, one of them being option 3, display option 3.

this ... monstrosity, is in production to this very day.

My client (not an engineer) has asked me access to production database and keeps asking an intern to directly query data from it instead of using the API.

I remember my colleague who was DevOps guy (15+ years exp) in our one very good project about kids' edutainment.

He always breaks things & blames others when only he had admin access of the tool.

When client was very much interested in Android app, our that DevOps focusing totally on REST API & ignored Android app related DevOps tasks.

Our Android CI/CD was not complete till project ended. Due to his stubborn nature we couldn't take benifit of automation testing.

You can't tell him how to do any task, if you tell then it will be taken by him as an insult to his intelligence.

He would waste his 2 business weeks to find a way to do that task, then he would do some frugal trick half heartedly then he will leave it. Still he wouldn't accept your help due to his ego & he would work on tasks which he likes even though they are of low priority.

He was hellbent on cost cutting so he reduced caching availability to save extra billing, now we couldn't had enough speed for even 10 users to show recommendation feed by API.

Due to this our client couldn't show demo to angel investors properly & didn't get funding.

I don't how with such a bad attitude, he could survive so long.

He had plenty of training certificates (Salesforce etc.) with very little practical knowledge.

God save people of his current & future projects.

REST apis. More than you think it is.

Just because you can access a resource by a uri, doesn't mean you have a good api.

Hypermedia that shit and let websites reuse your links from api responses, then we are getting somewhere.

Also, Fucking api versioning.. Learned the hard way that /v1/ doesn't mean Shit in most cases

Here in my country banks doesn't have a public API to access your bank account extract, 3 years later we make some bots to extract these data to an API

Yesterday was a horrible day...
First of all, as we are short of few devs, I was assigned production bugs... Few applications from mobile app were getting fucked up. All fields in db were empty, no customer name, email, mobile number, etc.
I started investigating, took dump from db, analyzed the created_at time stamps. Installed app, tried to reproduce bug, everything worked. Tried API calls from postman, again worked. There were no error emails too.
So I asked for server access logs, devops took 4 hrs just to give me the log. Went through 4 million lines and found 500 errors on mobile apis. Went to the file, no error handling in place.
So I have a bug to fix which occurs 1 in 100 case, no stack trace, no idea what is failing. Fuck my job.

A simple object mapper for CosmosDB SQL API

Cosmonaut is an object mapper that enables .NET developers to work with a CosmosDB using .NET objects. It eliminates the need for most of the data-access code that developers usually need to write.

How can a shitty student information system that already costs $20k/yr have an optional shitty SOAP API module, that only allows read access to records, that has an initial setup fee of $5k plus $5k/yr?!

We are researching enhancing our current alerting system (we use Splunk) to be 'smarter' about who is emailed/texted/whatever when there are problems in our applications.

Currently, if there are over 50 errors logged within a 15 minute period, a email/phone/text blast to nearly 100 individuals ranging from developers, network admins, DBAs, and vice presidents.

Our plan is to group errors by team and let each team manage their own applications. Alert on 1 error, 5, 500...we don't care, let the team work out the particulars.

The trick was interfacing with Splunk's API (that's a long rant by itself)

In about a day or so I was able to use Splunk's WebHook feature to notify a WebAPI service I threw together to send myself an email with details about the underlying data (simulating the kind of alert we would send to the team)

I thought ...cool... it worked. Show it off to the team, most thought it was a good start, except one:

Dev: "The errors are not grouped by team."
Me: "No, I threw the webapi service together to demonstrate how we can extract the splunk bits to get access to the teams"
Dev: "Well...this won't work at all."
Me: "Um..what?"
Dev: "The specification c l e a r l y states the email will be team based. This email was only sent to you and has all the teams and their applications"
Me: "Um...uh...the service can, if we want to go using a service route. Grouping by team name is easy using a LINQ query. I just through this service together yesterday."
Dev: "I don't know. Sounds like I need to schedule a meeting to discuss what you are proposing. I don't think emailing all that to everyone is a good idea."

WTF! Did you not listen to what I said?!!!

Oh well..the dev's proposal is to use splunk's email notification and custom Exchange rules with callbacks into splunk that resend...oh good lord ...a fracking rube goldberg of a config nightmare ...

I suspect we'll go the service route once I finish the service before the meeting.

A tale of silos, pivots, and mismanagement.

Background: Our consultancy has been working with this client for over a year now. It started with some of our back-end devs working on the API.

We are in Canada. The client is located in the US. There are two other teams in Canada. The client has an overseas company contracted to do the front-end of the app. And at the time we started, there was a 'UX consultancy' also in the US.

I joined the project several months in to replace the then-defunct UX company. I was the only UX consultant on the project at that time. I was also to build out a functional front-end 'prototype' (Vue/Scss) ahead of the other teams so that we could begin tying the fractured arms of the product together.

At this point there was a partial spec for the back-end, a somewhat architected API, a loose idea of a basic front-end, and a smattering of ideas, concepts, sketches, and horrific wireframes scattered about various places online.

At this point we had:
One back-end
One front-end
One functional prototype
One back-end Jira board
One front-end Jira board
No task-management for UX

You might get where this is going...

None of the teams had shared meetings. None of the team leads spoke to each other. Each team had their own terms, their own trajectory, and their own goals.

Just as our team started pushing for more alignment, and we began having shared meetings, the client decided to pivot the product in another direction.

Now we had:
One back-end
One original front-end
One first-pivot front-end
Two functional prototypes
One front-end Jira board
One back-end Jira board

No worries. We're professionals. We do this all the time. We rolled with it and we shifted focus to a new direction, with the same goals in mind internally to keep things aligned and moving along.

Slowly, the client hired managers to start leading everything in the same direction. Things started to look up. The back-end team and the product and UX teams started aligning goals and working toward the same objectives.

Then the client shifted directions again. This time bigger. More 'verticals'. I was to leave the previous 'prototypes' behind, and feature-freeze them to work on the new direction.

One back-end
One conceptual 'new' back-end
One original front-end
One first-pivot front-end
One 'all verticals' front-end
One functional prototype
One back-end Jira board
One front-end Jira board
One product Jira board
One UX Jira board

Meanwhile, the back-end team, the front-end team overseas, all kept moving in the previously agreed-upon direction.

At this stage, probably 6 months in, the 'prototypes' were much less proper 'prototypes' but actually just full apps (with a stubbed back-end since I was never given permission or support to access the actual back-end).

The state of things today:
Back to one back-end
One original front-end
One first-pivot front-end
One 'all verticals' front-end
One 'working' front-end
One 'QA' front-end
One 'demo' front-end
One functional prototype
One back-end Jira board
Two front-end Jira boards
One current product Jira board
One future product Jira board
One current UX Jira board
One future UX Jira board
One QA Jira board

I report to approximately 4 people remotely (depending on the task or the week).

There are three representatives from 'product' who dictate features and priorities (they often do not align).

I still maintain the 'prototype' to this day. The front-end team does not have access to the code of this 'prototype' (the clients' request). The client's QA team does not test against the 'prototype'.

The demos of the front-end version of the product include peanut-gallery design-by-committee 'bug call-outs', feature requests, and scope creep by attendees in the dozens from all manner of teams and directors.

VirusTotal's API could do with a make over.

Though it is quite nice actually, you're able to provide them with a hash of a file and (provided they've scanned it) VT is able to tell you what up to 60 different virus scanners thinks about the file (and how many scanners that has an opinion about it). Now if there's an error, like the file not having been scanned or the hash being incomplete, it give you some JSON back where there will be an error message that tells you the error and an error code of 0.. wait wh

Although since it's an API they also need give us plebs whose only got access to an API key that limits us to 4 requests pr minutes. Naturally when you try to do another request within a minute of your limit the response you get is absolutely nothing what so ever. "" Naturally.

And of course the same response should be given when the API key you provide isn't valid. Who needs errors amiright?

No wonder JSON.parse kept throwing exceptions

Google, please explain to me: Why the fuck would you create a hardcoded requirement in your libraries to use a plaintext json file with credentials to your API?

Credentials which give full access to all of the company email, addresses, cloud services, etc?

And why would you accompany this in your docs with example implementations which read as if they were an intern's first coding project — non psr compliant PHP, snippets of Go which won't compile due to type errors...

I'm starting to become convinced that the whole of the Google Cloud API was actually written by thirteen year old who found their parent's liquor cabinet.

Fuck this I'll build my own Google.

When you finally have some servers racked and configured in VMware to build a lab environment for the team....

But to access VMware you need to run citrix receiver from a mac to launch Chrome on Windows to access the VMware ESX Web UI but only on the HTML5 version as Flash doesn't work....

Now to spin up virtual machines that you can only upload via ova images but not locally cos that tries to show you the Windows citrix local files....

Do I even dare ask if I can access this via API so I can actually provision this with Ansible like I want too?!

Just as an extension of last rant to explain how much fun it is to keep up with Apple's security through obscurity bullshit.
AFAIK this full disk access (FDA) feature was touted to protect a user's data on macOS. Programs that want to access those files need to request the user's permissions to do so. Now to the fun part: Apple is not providing any API. A staff member suggested, that you should only try to access the files your app needs and if you can't as for the user's allowance. One should not use some fixed files and try to access them, because their locations might change, as well as their (UNIX file) access rights (ACL), or if they fall under FDA. Not to speak about the other security features that might hinder you accessing files (you might be sandboxed, or the files might be subject to SIP/rootless).
Honestly, you should be starting to take drugs, if you want to stay sane. I mean UNIX ACL are weird enough: e.g. you can make a directory only readable for root such that a user cannot list the files inside, but you can place files inside that the user can read (if she knows about their existence). On macOS you'll never know. You may have all the rights to access a file,.. but Apple will only give you the finger.
As they always do to us developers.

Tired of chasing an elusive architecture and finding good community that helps promote it. Basically:

- Not CRUD
- Not MVC
- More like CQRS; commands and queries represent use cases
- Event Sourced; event log is source of truth, everything else is a cached projection
- Functional Domain Design; not DDD; focus on immutability and simplicity
- Functional in general; less OO
- More focus on domain concepts rather than tech concepts
- Domain can be used through CLI, API, or SDK
- UI is just another client to the API
- Authorization is ABAC, graph-based access control

I'm looking for a fucking unicorn.

For some reason I keep over engineering stuff to the point I spend 2 hours thinking the best way to do something. I'm making the backend for a project of mine and I wanted somewhat decent error handling and useful error responses. I won't go into detail here but let's say that in any other (oo) language it would be a no-brainer to do this with OOP inheritance, but Rust does OOP by composition (and there's no way to upcast traits and downcasting is hard). I ended up wasting so much time thinking of how to do something generic enough, easily extendable and that doesn't involve any boilerplate or repeated code with no success. What I didn't realize is that my API will not be public (in the sense that the API is not the service I offer), I'm the only one who needs to figure out why I got a 400 or a 403. There's no need to return a response stating exactly which field had a wrong value or exactly what resource had it's access denied to the user. I can just look at the error code, my documentation and the request I made to infer what caused the error. If that does not work I can always take a quick look at the source code of the server to see what went wrong. So In short I ended up thrashing all the refactoring I had done and stayed with my current solution for error-handling. I have found a few places that could use some improvement, but it's nothing compared to the whole revamp I was doing of the whole thing.

This is not the first time I over engineer stuff (and probably won't be the last). I think I do it in order to be future-proof. I make my code generic enough so in case any requirements change in the future I don't have to rewrite everything, but that adds no real value to my stuff since I'm always working solo, the projects aren't super big and a rewrite wouldn't take too long. In the end I just end up wasting time, sanity and keystrokes on stuff that will just slow down my development speed further down the road without generating any benefits.

Why am I like this? Oh well, I'm just glad I figured out this wasn't necessary before putting many hours of work into it.

I came across this german platform that provides rest api level access to database without the need of a backend. I’m a frontend developer and the possibilities like a wet dream. Saying bye-bye to Firestore.

Latest Yandex browser (Chromium based) throws an error if "document.hasStorageAccess()" is called (:
Ie the StorageAPI that allows cross-site cookie access on user-interaction

the iFrame sandbox flags that compliment it, ie "allow-storage-access-by-user-activation" also fails on execution.
Both of these work on Edge/Chrome/Firefox.

I thought Firefox and Chromium browsers are all ive to deal with and im done but NO.
Now within Chromium-based browsers theres differences of API as well?

Kill me.

Why is mobile development still a thing?
Hear me out. All these simple apps, like shopping centre discount, eshops, vinted, other kinds of webapi consumers. Many have a website and a phone app.

Why??? Why the phone app? What's wrong with just embedding your responsive webpage into a webview and call it a day ffs?

I mean, maintenance becomes trivial and there's no split brain. No? What am I missing?

Not talking about apps that rely on android/ios api, for like camera, calls, storage access, sensors etc

The dangers of PHP eval()

Yup. "Scary, you better make use of include instead" — I read all the time everywhere. I want to hear good case scenarios and feel safe with it.

I use the eval() method as a good resource to build custom website modules written in PHP which are stored and retrieved back from a database. I ENSURED IS SAFE AND CAN ONLY BE ALTERED THROUGH PRIVILEGED USERS. THERE. I SAID IT. You could as well develop a malicious module and share it to be used on the same application, but this application is just for my use at the moment so I don't wanna worry more or I'll become bald.

I had to take out my fear and confront it in front of you guys. If i had to count every single time somebody mentions on Stack Overflow or the comments over PHP documentation about the dangers of using eval I'd quit already.

Tell me if I'm wrong: in a safe environment and trustworthy piece of code is it OK to execute eval('?>'.$pieceOfCode); ... Right?

The reason I store code on the database is because I create/edit modules on the web editor itself.

I use my own coded layers to authenticate a privileged user: A single way to grant access to admin functions through a unique authentication tunnel granting so privileged user to access the editor or send API requests, custom htaccess rules to protect all filesystem behind the domain root path, a custom URI controller + SSL. All this should do the trick to safely use the damn eval(), is that right?!

Unless malicious code is found on the code stored prior to its evaluation.

But FFS, in such scenario, why not better fuck up the framework filesystem instead? Is one password closer than the database.

I will need therapy after this. I swear.

If 'eval is evil' (as it appears in the suggested tags for this post) how can we ensure that third party code is ever trustworthy without even looking at it? This happens already with chrome extensions, or even phone apps a long time after reaching to millions of devices.

APIs, APIs, APIs... I feel like building an API for everything which goes over the wire is a must-have today! Yes it makes sense for decoupling purpose, access control etc (all the things we learned from OOP design principle books when we were in school) but come on, REST API for internal database access when there is something like SQL over JDBC/ODBC/WhateverBC ?? So I have to study the REST API documentation for applying simple where-statements but in API manner...

I'm absolutely exhausted...
Just spent the past 2 days restructuring our SAAS products entire server network on AWS just so we can have a static IP address for all our server instances passing through an NAT....because we need to integrate with another service that only allows you to access their API if they whitelist your IP.

Fuck UPS and their API Documentation. Has anyone here ever integrated their API ?
Their API documentation doesn't mention any sandbox or testing accounts.
If I click on their create access key button, it takes me to a form which requires a real payment method and address which seems like it's meant for real stuff not testing.

When your IT VP starts speaking blasphemy:

"Team,
We all know what’s going on with the API. Next week we may see 6x order volumes.

We need to do everything possible to minimize the load on our prod database server.

Here are some guidelines we’re implementing immediately:

· I’m revoking most direct production SQL access. (even read only). You should be running analysis queries and data pulls out of the replication server anyway.
· No User Management activities are allowed between 9AM and 9PM EST. If you’re going to run a large amount of updates, please coordinate with a DBA to have someone monitoring.
· No checklist setup/maintenance activities are allowed at all. If this causes business impact please let me know.
· If you see are doing anything in [App Name] that’s running long, kill it and get a DBA involved.

Please keep the communication level high and stay vigilant in protecting our prod environment!"

RIP most of what I do at work.

I'd like to make an open source data registry, with an easy to access API. For example, perhaps I'd like to list all cities and postal codes in France, or perhaps get the number of dogs in Canada. Any ideas how to structure the open source part? How can people contribute? Should it use external APs?

The conversations that come across my DevOps desk on a monthly basis.... These have come into my care via Slack, Email, Jira Tickets, PagerDuty alerts, text messages, GitHub PR Reviews, and phone calls. I spend most of my day just trying to log the work I'm being asked to do.

From Random People:
* Employee <A> and Contractor <B> are starting today. Please provision all 19 of their required accounts.
* Oh, they actually started yesterday, please hurry on this request.

From Engineers:
* The database is failing. Why?
* The read-only replica isn't accepting writes. Can you fix this?
* We have this new project we're starting and we need you to set up continuous integration, deployment, write our unit tests, define an integration test strategy, tell us how to mock every call to everything. We'll need several thousand dollars in AWS resources that we've barely defined. Can you define what AWS resources we need?
* We didn't like your definition of AWS resources, so we came up with our own. We're also going to need you to rearchitect the networking to support our single typescript API.
* The VPN is down and nobody can do any work because you locked us all out of connecting directly over SSH from home. Please unblock my home IP.
* Oh, looks like my VPN password expired. How do I reset my VPN password?
* My GitHub account doesn't have access to this repo. Please make my PR for me.
* Can you tell me how to run this app's test suite?
* CI system failed a build. Why?
* App doesn't send logs to the logging platform. Please tell me why.
* How do I add logging statements to my app?
* Why would I need a logging library, can't you just understand why my app doesn't need to waste my time with logs?

From Various 3rd party vendors:
* <X> application changed their license terms. How much do you really want to pay us now?

From Management:
* <X> left the company, and he was working on these tasks that seem closely related to your work. Here are the 3 GitHub Repos you now own.
* Why is our AWS bill so high? I need you to lower our bill by tomorrow. Preferably by 10k-20k monthly. Thanks.
* Please send this month's plan for DevOps work.
* Please don't do anything on your plan.
* Here's your actual new plan for the month.
* Please also do these 10 interruptions-which-became-epic-projects

From AWS:
* Dear AWS Admin, 17 instances need to be rebooted. Please do so by tomorrow.
* Dear AWS Admin, 3 user accounts saw suspicious activity. Please confirm these were actually you.
* Dear AWS Admin, you need to relaunch every one of your instances into a new VPC within the next year.
* Dear AWS Admin, Your app was suspiciously accessing XYZ, which is a violation of our terms of service. You have 24 hours to address this before we delete your AWS account.

Finally, From Management:
* Please provide management with updates, nobody knows what you do.

From me:
Please pay me more. Please give me a team to assist so I'm not a team of one. Also, my wife is asking me to look for a new job, and she's not wrong. Just saying.

I think I may be someone's wk101soon given how things are going for me.

So I get shipped over to the new offices to do some work. Initially, I was supposed to be updating SQL stored procedures.

That I can handle, well my task is now to build the skeleton project for a web API in core 2.0 using domain driven design and onion architecture which the rest of the team will use.

Okay, I don't have any experience in any of that at all. And god bless the team lead explaining some stuff to me. But it's going to take more than a 20-minute chat here and there for this stuff to sink in.

And being told just to build it how you think it should be isn't great advice when I'm trying to figure out how the systems work.

Every other API project I look at is structured completely different from one another so looking for patterns has failed.

I'm fucking stressed out every bit of information I'm getting on whats potentially happening with my job im getting second hand from people. Because I can't access my emails while off-site something I'm repeatedly flagging.

Every job advert is painstakingly making it clear how out of date my skill set is (or lack of). Evidently, I've been way too lax, and this has been a kick in the bollocks I'm not likely to forget.

If we're being evaluated on performance to see who they'll keep, then I've failed at the first hurdle.

Life lesson for those in education, don't be this knob head here and get comfortable when you land a job. Just knowing about the tech that's commonly used in your field does jack all study it.

Not a structured/meaningful rant and shits probably not as bad as I see it. I've only chewed through one fingernail after all.

Bored at the office. Company is done for. I'm spending my last days here, doing nothing, waiting for my new position to start. There's only that much you can read on devRant, and SO MUCH MORE you could do writing code. But I just can't decide what to do and as a result sit here doing nothing. Help me out please! Answer with the most points will be the thing I'll start with on Monday, while today I think I'll just crack open a cold one.

My initial variants:
1. Learn Electron by playing with Electron React+Redux basic boilerplate, in order to make a simple personal blogging app.
2. Complete some of the 20 courses that I bought on Udemy 6 months ago.
3. Write the back-end logic for my Raspberry PI controlled systems at home (to control it remotely I'll make a hosted API that RPI will access to get input for it to decide what to do).
4. Solve problem 51 on projecteuler.net with an algorithm that runs less than 20 seconds.

Other suggestions are welcome.

So there is this project of my firm that is comepletly dependant on Facebook api, I've actually told it many times to managers at first but they've just waved their hands over it.

Now what didn't happen. Facebook data leak and the api being taking down ..juust a week before the project going public.

Our app is still not reviewed and not able to access the so vital api and there are actually many similar projects getting published (even Facebook Local greatly rivals to our app, actually killing it because they have native data... And we don't have any. )

I told them again. "Nah we will have this and this feature that makes it soo exceptionall."

And you are sitting here thinking if the salary you have asked for is still good enough to stay or to run away.

(Well, I am still getting some coding experience from this so that's why I stay, and oh yeah I have the backend repo only for myslef because except the frontend dev no managers knows what git is. This is how freedom feels. )

> Client: Could you check for me where did they[code authors] put logic for this and that
> Sure!

> okey, api endpoint here, hmm
> oh sure here is the database access
> where tf is some logic....
> fml, am I blind, lets check frontend
> FUCK
> it's there
> it's on frontend
> and backend just puts it into database, no checks
> FU0!@#% )(#*%)H )F+#+!!@!

> *to client* We need to talk about future of this project.

Sometimes in our personal projects we write crazy commit messages. I'll post mine because its a weekend and I hope someone has a well deserved start. Feel free to post yours, regex out your username, time and hash and paste chronologically. ISSA THREAD MY DUDES AND DUDETTES
--
Initialization of NDM in Kotlin
Small changes, wiping drive
Small changes, wiping drive
Lottie, Backdrop contrast and logging in implementation
Added Lotties, added Link variable to Database Manifest
Fixed menu engine, added Smart adapter, indexing, Extra menus on home and Calendar
b4 work
Added branch and few changes
really before work
Merge remote-tracking branch 'origin/master'
really before work 4 sho
Refined Search response
Added Swipe to menus and nested tabs
Added custom tab library
tabs and shh
MORE TIME WASTED ON just 3 files
api and rx
New models new handlers, new static leaky objects xd, a few icons
minor changes
minor changesqwqaweqweweqwe
db db dbbb
Added Reading display and delete function
tryin to add web socket...fail
tryin to add web socket...success
New robust content handler, linked to a web socket. :) happy data-ring lol
A lot of changes, no time to explain
minor fixes ehehhe
Added args and content builder to content id
Converted some fragments into NDMListFragments
dsa
MAjor BiG ChANgEs added Listable interface added refresh and online cache added many stuff
MAjor mAjOr BiG ChANgEs added multiClick block added in-fragment Menu (and handling) added in-fragment list irem click handling
Unformatted some code, added midi handler, new menus, added manifest
Update and Insert (upsert) extension to Listable ArrayList
Test for hymnbook offline changing
Changed menuId from int to key string :) added refresh ...global... :(
Added Scale Gesture Listener
Changed Font and size of titlebar, text selection arg. NEW NEW Readings layout.
minor fix on duplicate readings
added isUserDatabase attribute to hymn database file added markwon to stanza views
Home changes :)
Modular hymn Editing
Home changes :) part 2
Home changes :) part 3
Unified Stanza view
Perfected stanza sharing
Added Summernote!!
minor changes
Another change but from source tree :)))
Added Span Saving
Added Working Quick Access
Added a caption system, well text captions only
Added Stanza view modes...quite stable though
From work changes
JUST a [ush
Touch horizontal needs fix
Return api heruko
Added bible index
Added new settings file
Added settings and new icons
Minor changes to settings
Restored ping
Toggles and Pickers in settings
Added Section Title
Added Publishing Access Panel
Added Some new color changes on restart. When am I going to be tired of adding files :)
Before the confession
Theme Adaptation to views
Before Realm DB
Theme Activity :)
Changes to theme Activity
Changes to theme Activity part 2 mini
Some laptop changes, so you wont know what changed :)
Images...
Rush ourd
Added palette from images
Added lastModified filter
Problem with cache response
works work
Some Improvements, changed calendar recycle view
Tonic Sol-fa Screen Added
Merge Pull
Yes colors
Before leasing out to testers
Working but unformated table
Added Seperators but we have a glithchchchc
Tonic sol-fa nice, dots left, and some extras :)))
Just a nice commit on a good friday.
Just a quickie
I dont know what im committing...

Oh the joys of working with an Enterprise customer.

Background:
Discussion about service architecture with me, development architect (ArchDev) and integration architect (ArchInt). The topic arises of needing to access int. segment systems for a public facing cloud application.

Me: so we'll just need a s2s vpn and then we can just create a route and call the services normally.
ArchDev: sounds good to me, it will take a few months to get that set up
ArchInt: we done need that, we can just use the gateway and then route all the requests through the ESB.
Me: 😕 do you mean the service gateway?
ArchInt: (drops bomb) no, we decide that all API should be implement in ESB, so ESB will handle traffic
Me: *pauses, steps up to the whiteboard, does latency math* setting aside the fact that isn't how ESB's work, that will add at least 700ms latency to each request.
ArchInt: well that is fine for enterprise, things not usually as fast in enterprise you must expect slowdown to be safe
ArchDev: *starts updating resume on the ladders
Me: 💀🔫

Hey guys. I am in a situation where I need to decide wether to take on a new project or not. And if not, how to turn down that client so that I would not burn any bridges. So I need your opinions on this matter in order to make the final decision.

To make things clear heres some background info. 10 months ago I quitted my fulltime position in another EU country and went back to my own home country. 10 months forward till today and I have my own ltd company which currently has 5 projects. Its doing pretty well money wise. All projects combined, I already earn more then I ever did and I need to work max 10 hours a week since all projects are remote projects so I dont waste time on useless meetings and etc. However I dont feel fulfilled or challenged anymore because surprise surprise doing well paid projects doesnt guarante your sense of fulfillment.

So I noticed that I have lots of spare time which I spend diving into rabbitholes with hobby projects. I decided that its time to scale my company and take on more projects and maybe even hire more people.

So I started searching for other projects I could work on (prefferibly remote projects or flexible ones where I could come in 2-3 days a week in office and work remotely rest of the week). Reason being that I am already out of sync with fulltime position lifestyle and I am totally result oriented, not punch in my hours and go home oriented.

For exampleIf i get my weekly tasks I prefer to do them in 1-2 days (even if it requires doing double shifts which rarely but happens) but then I want to have rest of the week off. Thats how my brain works and thats how Im wired. I cant stand fulltime positions especially in enterprise bigger companies where I come in and do maybe 2 hours of actual work everyday because of all useless meetings and blockers from backend/etc. Its soul crushing to me.

So I posted linkedin ads and started searching for new clients/projects. One month ago I went to an interview for an android project in a startup.

The project looked interesting enough. Main task was to rewrite their android app from java to kotlin. Apparently their current current app was built by a backend developer who wants to focus solely on backend.

So during the interview they showed me their app which was quite simple frontend wise but not so simple backend wise from what I was able to figure out.

Their project lead (also a backed guy) asked me my estimation of price and completion of task. I told them maybe 2-3 months to do everything properly.

Project lead was basically shocked because all other candidates told him they can rewrite the app from java to kotlin in 2-3 weeks. I told him that everything is possible but his app quality will suffer and for a better estimation he would we would need to sign an NDA so I could evaluate the costs. So we ended the interview.

After that we kept in touch for one month (it took them one month to google a generic NDA and sign it digitally with me).

So heres the redflags I noticed:

1. They dont respect my time. Wasted 1 month of my time and after signing NDA gave me 2days to estimate their project and go to a meeting and give them detailed info about what I can offer. I thats not a brain rape then I dont know what it is

2. They are changing initial conditions we talked about. We agreed on rewriting the codebase and be done with it. Now they prefer a fulltime worker who would be responsible for android app as his own product. So basically project lead was not able to find a fulltime dev so now hes trying to convert me (a company owner) to his fulltime worker.

3. Lack of respect. During the interview he started speaking in his own native language to me with some expression (he seemed pissed off at that moment when he switched languages).

4. Bad culture fit. As I said Im used to relaxed clients and projects where I dont need to be chained to a desk a monitored and be micromanaged. I mean lets sign a contract give me access to your codebase and tell me what to do, I will produce results and lets be done with it.

5. Project lead is a backend guy who doesnt understand how complicated android apps can be. No architecture and no unit tests are in his frontend app. He doesnt care about writing proper app since he ships it in his own device so he doesnt need to worry about supporting custom devices or different api levels of android and etc. But not having any architecture? Cmon.

So basically I am confused. Project lead needs a fulltime dev but hes in contact with me in hopes that I would sign a fulltime contract. But how I can work fulltime if all what I can see are redflags?

Basicaly I thinkthis was a misundersanding. Im searching for fulltime remote projects and hes offering fulltime inhouse projects. Project lead never outsourced so hes confused as well.

As you can see decision is already basically made to turn him down, I just need to know how to tell him to fck off in the most polite manner and thats it.

Today, after searching for 4~ hours for a solution to host a little script that would hide a private API key, I discovered Google Apps Script. What a fucking nice service. Seriously, check it out, you may need it some day.

Anyway I don't understand why Google wants to restrict network access from the Firebase functions when a shitty little script hosted on the same servers can run without any restriction in memory or data transfer. It also provides a cache service, I could save my whole photo gallery on it without them even noticing.

I've got a bit funny situation.
I wanted to make small application to speed up my dad's job, app is about duplicating models in X website (I don't want to say directly what website).
So I started by checking it has API, Yup, It has, but you need OAuth ID, to get it you need to write to support.
So I did it, my mail was something like that: "Hello, can I get access to your API, I want to make app to duplicate models with same settings, Thanks"
I've got an answer like that "Hello, our website doesn't have duplicating feature."
My reaction was: Wtf? I know it doesn't have that feature, That's why I want to make it. How did he get hired as technical support?
Maybe it's not the most exciting story, but I thought it could be intresting :)

"Just start ahead"

I am supposed to transform calls from one api to another one. Yet there's no documentation, ambiguous code statements, no examples of what values are contained -- but sure, let me just start assuming how the whole thing is supposed to work. That won't lead us more into a murky waters at all.

Even more frustrating: We own the api. We should be able to tell by the access logs how we are queried. Yet for some reason, access logs cannot be accessed and I shall "just work from the swagger defintion".

Well, that swagger definition is broken, its example are shit (somebody liked to use undefined in optional fields, making me wonder even more what the heck is going on here), and I have no idea of what I am doing. Fun times.

Hey all!
I'm looking for a thermostat for my home so that I can access them via API.
I want to integrate its control on a custom system.

I don't know if you guys know some avaliable to get them in europe?

Thanks!

Everyone excited discussing a new data access API to provide to the clients when, le boss:
"Just so you guys think out of the box a bit. What if you deployed the API on Swagger instead of AWS? It seems a nice and fresh approach, huh?"

Everyone on the room remained in silence and internally questioning why do we work here...

The new twitter developer stuff is SHIT.

I need to apply now for my small app I use wanted to build this evening as an automation site project. Can't you cunts just give me access to this api so I can finish my projects.

How the fuck should I describe in 300 characters THAT I WILL BE TWEETING ONE TWEET PER WEEK NOTIFYING ABOUT A NEW EPISODE.

Now I need to fill 80 more characters with some dumb stuff just to be able to apply.....

I'm starting to get sick of working with handed over projects that previous devs think they are masters of programming and their code is nothing but pure chaos ....

I'm given a project written in Java & Swift, API class is initiated a million times in same view, has access to android context, custom font is applied by creating custom text view instead of applying customization in styles file ....

Still haven't yet looked into iOS code but I'm not expecting much ...

Sometimes I wonder why I chose working with code

Question.. architecting a large system. I’ve broken it down to microservices for the DB and rest API / gateway

I want there to be some some processes that run continuously not event driven via rest. Say analytics for example what is the best way todo that? Just another service running on on a server? And said service has its own API? That when the other rest APIs are called could then hop and call the new service?

Or say we had a PDF upload via rest should that service then do the parsing before uploading to DB .. or should the rest api that does the uploading then call another rest api to another service dedicated todo the parsing and uploading to the db?

I think the bigger way to explain the question is the encapsulation between DAL.. data access layer which I have existing.. but then there’s the BLL .. buisness logic layer which I don’t know if it should have its own APIs via own microservices running in the background.

Ever given access to production data to correct a data entry that doesn't have a PATCH api ready?

Ever ran UPDATE table set COLUMN="value"; without WHERE condition?

Ever done both of these sequentially?

Yeah. DB snapshots cost a bomb to restore :(

Had to call an API with SOAP, convert an Access Database to MySQL, Coded some classic ASP and used Campaign Monitor for the first time in god knows when. That's a royal flush of retro right there!

I am finally getting to learn web api with mvc 6, core.net or whatever they call it. Why do all the example show the repository pattern data access layer? I have not used that for several years.

Seriously getting pissed off with Google. Why the fuck is it not clear or easy to link your app with a business listing to get access to the api. After searching I finally found it.

I just filled out a form to request access and it could take 2 weeks.

Noob question

I’m trying to deploy my front end web app (my personal website) to GitHub pages.

In my app, I used react environment variables to store a api key I need in my app.

When I deploy my app with GitHub pages, will the app still be able to access the react env variables?

Let me know if that doesn’t make sense. Thanks!

Question:
My application (web app & mobile app) needs to interface with a users email to read mails for further processing

Is there are library (py, js) or service that I can leverage that abstracts the access to the mail servers (IMAP, POP3, Exchange, Google API, Outlook API etc.) and provides a single interface (possibly REST API) to access the mails?

It feels redundant to implement each of the above methods of email access, as I see it being a feature in many applications out there, but I am not able to find a library or service that provides it.

Any advice or suggestions with implementing each of them is also welcomed

Thanks in advance

so some controversial opinions

Our company is moving most of our code style to snake_case, even the JavaScript. Here's our resoning:

Take the CustomerAccountMembership model. In our Python server, we would access it as obj.customer_account_membership, in JavaScript as obj.customerAccountMembership and our API endpoint as api/path/customer-account-membership. Thus we had several String utility functions such as `camelize`, `kebabChop` (which is ironically camelCased) and `snakeify`, and we would use them in translating from URL path to JS to Python, which was troublesome.

Now HTTP allows _underscores_ unescaped and do not pose any significant meaning. JavaScript also accepts it as a valid character in variable names. On the other hand, HTTP is strictly lower-cased, and all computer languages use the -dash- to signify subtraction. Sooo the _underscore_ is the only style that is compliant everywhere.

Unless, of course, we go with customeraccountmembership, which I refuse to do.

I'm not that deep into code character rules.
Opinions?

Hey where can I get access to the devrant API? GitHub readme said it isn't officially public yet but people are still using it. Just had a few for projects I wanted to try.

OK I need some help. I need to make sure I’m not losing my mind.

We are using an ERP which is hosted by another company. We are supposed to be able to access the data via a REST API. This works fine using Insomnia or Postman, but when I attempt to hit the API from my web application, CORS blocks the localhost origin.

I contacted the company’s technical team to request that they change the CORS configuration to allow localhost. They keep running me around in circles telling me that I don’t know what I’m talking about because localhost isn’t a DNS resolvable name and I’m doing something wrong and they don’t need to change any configuration.

They insist that if anything would need white listed, it would be my IP, not localhost.

I sent them screenshots and stack overflow posts and documentation links, showing them exactly what headers need to be set and where the configuration needs to be set in the ERP. They tell me I don’t know what I’m talking about.

They tell me that if I can hit the API from Postman, I can hit it from my browser.

Am I losing my mind? Have I fundamentally misunderstood CORS all these years? I’m sure I’m right. But I’m starting to feel like I’m crazy.

when i create a jwt access token and if im using a refresh token

this access token expires every 15 min

am i supposed to code a whole separate route in the backend api for the refresh token so i can make a request to the whole route to trigger the refresh token and generate a new access token?

or should the backend automatically trigger refresh token whenever it receives a request and realizes the access token has expired?

So, the story starts with me getting a job. Full-time job for the first time in my 21 years old life. After short conversation about how amazing this company is, after countless lies and stood questions they decided to hire me. I had to get come on Monday a week later with everything prepared.

So of course I did that and got to my workplace on designated time. Turned out nobody was expecting me, nothing was prepared for a new programmer and everyone seemed angry at me for no apparent reason.

After long talk with my new boss I got some less than 100$ pc with CPU that couldn't handle virtualization and expected me to work on software that needed extensive use of virtual machine.

PC is of course filled with all kinds of spying software that uses most of the resources. IT teams only job is to check if programmers are working their assess off for at least 8 hours a day.

I've filled a ticket about granting me access to Debian machine on the mainframe so I could work. No response for two weeks. I've lost hope already.

I have to work on open space with more than 30 engineers. Screams, phone calls, alarms, all at once, all the time. My colleagues seem to not care and I can't understand how.

I was tasked with rewriting major application because old developer did some half assed piece of burning shit. It took him more than one year, I'm finishing it in less than two weeks.

Of course nobody except for me is preparing any kinds of documentation. I had to reverse-engineer whole API for alarm system.

Salary is less than a junior programmer should earn.

But I'm stuck here for at least a year because nobody's here wants a guy whose only experience is as a freelancer.

So I´m still working on that Sync to get rid of this abomination called Wrike.

Now I have a problem.

To be able to sync mantis with our software I need to be able to create projects in mantis through the API.
No problem.
But then again, I need to link custom fields to that just created project.
The mantis API apparently doesn´t have that.

I now have two options:
1. I expose the custom field functions myself on the REST api.

2. I gain direct access to the mysql database and do it within my sync job in the database.

Well I´m not a web developer. Like, at all.
But I thought: Hey how hard can it be?
So I got an Apache server with php, mysql and XDebug running with VSCode.
Works better than expected.

But now that I have actually seen the mantis code, I´m seriously considering number 2 again...

Fucking php...

My DNS provider does not have an API. They do have one... That is wrong... But on the description page, they say we have to open a ticket to be given access. No requirements. Nothing...

And then I am told "they do no longer offer dns for private hosting". I don't even host with them, I only have a domain with them.

But the magical word is no longer. That means they did offer it. In the description of the API it still says "and for everyone who feels comfortable interacting with a REST API." Oh, and they asked anyone who works on it to be so nice and share any SDK's they might have coded up. Would have shared my SDK. Would have... If no Rust SDK was available yet.

So, what the fuck...
The problem with that is that I need a wildcard certificate for my homelab with DNS validation. So, I need to dynamically set a txt record. Now I wonder... Was this done on purpose? They are selling wild card certificates. Letsencrypt are giving them out for free. I bet they deactivated it, so they can sell more...

Anyway. Solution time.
Short term: I make my own API with black jack and hookers... And selenium.
Long term: I need to fucking move my domains to a different provider.

But what the fuck... What the fuck?

I was signing up for a new account on Magic. I wasn't paying attention so I accidentally didn't change my date of birth, so it didn't let me create an account because they thought I was just born today. I changed that field but nope, it remembered I had told it I was 1 day old and it didn't let me change my mind. Delete cookies, nothing. Reload page, nothing. So I go into Postman and re-create the request and BOOM! I even got an access token for their API. This is why I love being a dev.

One of the worst practices in programming is misusing exceptions to send messages.

This from the node manual for example:

> fsPromises.access(path[, mode])

> fsPromises.access('/etc/passwd', fs.constants.R_OK | fs.constants.W_OK)
> .then(() => console.log('can access'))
> .catch(() => console.error('cannot access'));

I keep seeing people doing this and it's exceptionally bad API design, excusing the pun.

This spec makes assumptions that not being able to access something is an error condition.

This is a mistaken assumption. It should return either true or false unless a genuine IO exception occurred.

It's using an exception to return a result. This is commonly seen with booleans and things that may or may not exist (using an exception instead of null or undefined).

If it returned a boolean then it would be up to me whether or not to throw an exception. They could also add a wrapper such as requireAccess for consistent error exceptions.

If I want to check that a file isn't accessible, for example for security then I need to wrap what would be a simple if statement with try catch all over the place. If I turn on my debugger and try to track any throw exception then they are false positives everywhere.

If I want to check ten files and only fail if none of them are accessible then again this function isn't suited.

I see this everywhere although it coming from a major library is a bit sad.

This may be because the underlying libraries are C which is a bit funky with error handling, there's at least a reason to sometimes squash errors and results together (IE, optimisation). I suspect the exception is being used because under the hood error codes are also used and it's trying to use throwing an exception to give the different codes but doesn't exist and bad permissions might not be an error condition or one requiring an exception.

Yet this is still the bane of my existence. Bad error handling everywhere including the other way around (things that should always be errors being warnings), in legacy code it's horrendous.

I've been freelancing lately with an agency to develop an android app for their client and at the same time another person is developing the website .

The story begins when I first contacted the web dev to give me access to the database (because he started before me ).It turns out that this guy purchased an almost ready cms template with a shitty data structure that has no relations between object .This database has no primary keys , no foreign keys , no indexes ... no nothing . Adding to that the web dev refused that I rewrite a new data structure claiming that he has done a good progress on the website .
Forward couple of weeks , I managed to create the api and develop an alpha for the app and sent it to the agency manager .
This bastard told me that the website and design have changed and the app shouldn't be like that .He told me to contact the other bastard the web dev to seen what the changes are . I'm waiting for the response about the new updates and I'm praying that they'll be just minor colors updates or something not a whole concept update .

My problem here is I'm stuck with this fucking agency cuz they paid half of the payment when I started .

Damn I must learn to say no to people .

So now you have to upload a government issued ID for access to the Pages API on Facebook?

What a fucking joke Facebook. Just because you screwed with customer's data, you're now making us do this.

(Question/0.5Rant)

So I am working on a mixed API (aka reachable from anywhere, but also only accessible by specific allowed devices) and I am struggling with the security of it, its not managing anything hardcore (this API is "is the coffe ready?" kind of level) or I would have just enforced per device registration for example already, but the app that goes with that API is deployed remotely and has to be "ready to go!!!" out of the box, so I can't add any registration, verifications of devices etc.

The main thing I am afraid of is, that one of those agent retards will get his spaghetti phone blasted from the inside, so all the https calls will be read out by some random attacker, which then will be able to "abuse" the API via read out api-key, is there any way for me to have a rescue plan if one of those retards does get hacked and the system then get spammed or something, like if I log all devices that use the API I could just deny access from that device (until resolved) and issue a new app update via new api key.

What's the best way of handling this and is my idea really the only way to handle this? this shitfest is really causing shit ton of ideas in my head, which then I deny literally 20 seconds later, because there's a way to bypass it or once you have the old api key to get a new one by just monitoring it etc.

Still as a scholar who has had his intership I decided that I was finally confident enough in my ability to apply for a small part-time programming job. I had an internship at a cool exhausting place with tons of expertise and I've proven myselve over there. So now I wanted a job on the side. Nothing special, just something that would make a little money with programming instead of washing dishes at the restaurant.

So I started at this small internet based startup (2 or 3 progammers) as a backend-oriented programmer. The working hours were amazingly compatible with my school schedule.

The lead dev also sounded like a smart guy. He had worked as a backend guy for years and had code running on verry critical public infrastructure that if it were to fail we'd be evacuated from our homes.

As a first asignment I got an isolated task to make an importer for some kind of file format that needed integration. So I asked for access to the code. I didn't get it since they were going to re-do the entire backend based on the code I wrote. I just needed to parse the file in a usable object structure. So I found out that the file format was horrible and made a quite nice set of objects that were nice. At the end of the first week or so I asked if I could get access to the code again, so I could integrate it. Answer was no. The lead dev would do that. I could however get access to my private repository.

Next week a new intern was taken to build a multiplatform responsive app. Only downside was that all the stuff he had ever done was php based websites. It wasn't going anywhere anytime soon, but I figured that that was where internships were for. So I ended up helping him a lot and taught him some concepts of OOP and S.O.L.I.D. and the occasional 30 minute rants of IndexOutOfRangeException, ArgumentException and such.

So one day he asked me how to parse a json string and retrieve a specific field out of it.
I gave him something like the following to start with:
"
JObject json;
if(!JObject.TryParse(jsonString, out json))
{
//handle error
}
string value;
if(!json.tryget("foo", out value).../// code continues
"

but then the main dev stepped in and proposed the following since it wouldn't crash on an API change:
"
dynamic json = new JObject(jsonString);
string value = json.myJsonValue;
"

After me trying to explain to him that this was a bad choise for about 15 minutes because of all kinds of reasons I just gave up. I was verry mad that this young boy was forced to use bad programming pracises while he was clearly still learning. I know I shouldn't pick up certain practises. But that boy didn't.

Almost everytime the main dev was at the office I had such a mindboggling experience.

After that I got a new assignment.
I had to write another xml file format parser.
Of course I couldn't have any access to our current code because... it was unnecesary. We were going to use my code as a total replacement for the backend again.
And for some reason classes generated from XSD weren't clear enough so after carefull research I literally wrapped xsd generated code in equivalent classes.

At that moment, I realized I made some code that was totally useless since it wasn't compatible with any form of their API or any of the other backend code. (I haven't seen their API. I didn't have access to the source.) And since I could've just pushed them generated XSD's that would've produced thesame datastructure I felt like I was a cheat. I also didn't like that I wasn't allowed to install even the most basic tooling. (git client or, Ide refactoring plugins, spelling checker etc...)

Now I was also told that I couldn't discuss issues with the new guy anymore since it was a waste of my valuable time, and they were afraid that I taught him wrong concepts.

This was the time that my first paycheck came in so I quitted my job.
I haven't seen any of the features that I've worked on. :)

What did I do while down for the count with Covid?

* Setup a static React site
* Hosted the site at Cloudflare Pages
* Protected the page through CF access
* Extracted the JWT
* Setup a Rails API to validate the token

Now I have static React UIs with a nice rich API backend.

Hey guys, I'm looking for some feedback for a new website I launched socialfeedapi.com. It provides quick and easy API access to any Instagram media feed (for any public username or hashtag). Is this something that you guys think will be useful in the dev world? Is it just me, or has anyone here tried to gain access to an Instagram feed and was frustrated in doing so? Thanks in advance!

I spent 2-3 days on debugging code written in assembly script. Apparently, you need to initialise an array using new method otherwise it re-uses the previous array from the same scope and it has created infinitely large array. Just wtf.
And I got error like "wasm blah blah blah blah blah blah".Just give proper error.

Running the environment locally wasn't an option because well it doesn't fucking work locally. So, I have to forcibly test on CI and they have created a site that can show you logs because you can't access or query data directly from server and while debugging you try to log something it randomly works sometimes and sometimes you get output from god knows which deployment. Just create a fucking API for displaying log or build a proper docker so that we test it locally.

One of those debugging days where minutes feel like hours, and hours like days.

I had the bad luck of being asked to dive into a legacy project which was unmaintained for months, but of course it's still on prod. And very suddenly the urgent need arrises to change stuff.

Yet: the docker stack won't work. It builds fine but the stack crashes.

Long story short: some internal api URI were renamed and at some point one internal api started to always require an access token. Which we set for the stage, prod env yet somebody forgot to mention that to the devs of legacy-project.

That ain't too bad.

WHAT IS FUCKING BAD IS THAT YOUR SHITTY APP SWALLOWS THE ERROR MESSAGE!

I mean it's bad enough I have to `var_dump && die` your app since you never bothered to setup a xdebug that I could use out of the box, yet egregious fact that your app would catch a valid exception but transforms it into an "internal warning" is borderline insane!

It's ok to throw exceptions. It's ok to let your service die. That's how other will know what and where to fix it. (You may want to restrict the data visible to the outside, but that's a whole different conversation.)

So i am at an MNC as a summer internship, me along with 18 other students from my university cleared this hackathon and got selected for this internship,
Few things you should know
1. Amongst all the other candidates i had the most work experience
2. I had worked with a lot of python and JavaScript
3. I legit have more skills then almost everyone working in my team

So, I don't know how but the HR decided i should go to this team, where there are no developers and are people of age 30 who have no idea what django is,

I was fucking frustrated but i let it go, thinking i will just solve this problem and will change my team, calm down

They told me about the project. I said okay give me access i will just finish it.

5 days no signs of access anyhow, so, i sucked it up and tracked all the network request and made my own api,

Then I was happy i get rid of this project,
But then they had bigger plans they ask me to add features on this project but there is a catch you have no access to any accounts, do it on your own,

Like What the Fuck, before giving an intern any project don't you have the responsibility to check weather the fucking project is possible i am just wasting my summer internship. I thought I got a big company it will help me grow i will get job security, but noo wtf, i am hell of frustrated

!rant

Got a question since I've been working with ancient web technologies for the most part.
How should you handle web request authorization in a React app + Rest API?
Should you create a custom service returning to react app what the user authenticated with a token has access to and create GUI based on that kind of single pre other components response?
Should you just create the react app with components handling the requests and render based on access granted/denied from specific requests?
Or something else altogether? The app will be huge since It's a rewrite off already existing service with 2500 entities and a lot of different access levels and object ownerships. Some pages could easily reach double digits requests if done with per object authorization so I'm not quite sure how to proceed and would prefer not to fuck it up from the get go and everyone on the team has little to no experience with seperated frontend/backend logic.

So I'm sitting here trying to bodge my way through a member system. These fucknuts really made a bad system..

The task: Export a list of users and their info.

Is there an API available? No, who the fuck would need that shit, even tho the system is built upon Odoo, which has an API!
But it has an export function, you just have to log in and press the right sequence of buttons, because you need the running ID...
Here I discovered the first of many security flaws... "What happens if I post the wrong ID?"... Well, I get access to a file that has nothing to do with me or my users.... What?
Well after some fiddling It works, but holy fuck I found a lot of bugs. And this is a system that is launching in 7 days for us.. Some users have been on it for a year....

How can they ship this bad a product? There's absolute no documentation only a 15-page manual. Guess they don't want developers to develop shit that works in junction with theirs.

So, some of you know that I'm having struggle manipulating Youtube iframes with jquery or plain javascript, please note that the same thing can be done via YouTube API but I personally do not want to rely on API,

So after 2 days of struggling I've officially given up, I feel so fucking angry and sad at the moment I can't even describe.

For some solutions to work I need SSL certificates.

the closest I could get was $(iframe#youtubeiFrame)['content'];

This leads to the youtubeIframe root #document but I am unable to access that DOM

Next task, to configure another IDE except Eclipse for Demandware.

$options = array('Aptana'=>'IDE','IntelliJ=>'IDE','VSCode'=>'textEditor');

Hey ranters, I want to setup a centralised auth backend that assigns multiple logins/API keys to a single user account which is managed through a Frontend application.

Background is we use multiple services each with their own login system and not all support a unified login/auth method for their API.

My approach is to setup a simple API/Auth backend that stores the users credentials plus multiple API-Keys of other services or their logins. When auth is successful the Frontend app may receive the associated credentials for the other backends to call their respective API. So the user can login once but the Frontend may access all backend services without the user noticing that their are other auths.

This should be a really general problem today. I'm really just diving into the topic of auth and Frontend, so I hope to get some guidence/overview from you. My questions are:

- Is my approach totally stupid?
- Are there good frameworks you'd recommend for such a setup?
- Is there a best practice which I've overseen so far?
- Resources you think are a must-read?
- Any other recommendations regarding security here?

So, what do you ranters think?

Im going to shove their soapy WordPress plugin up their ass sideways.

Just had to reverse engineer a WordPress plugin communicating with a SOAP API.
Why? Because the stupid fucking retard company thinks "we do not support custom integrations at this time, only plugins for certain CMS and some external providers" IS IN ANY WAY AN OK THING? IT IS NOT.

And i am feeling ashamed for having purchased a WordPress plugin (100 bucks) just for reversing it. My server even has to Report to them as wordpress to get access.

So fucking typical for swiss companies

Edit: also, they state they DO support custom integrations on their main website :/

Here is the REST API design of my LEAD programmer
# Access the API
1. Get access token with out username and password (GET /token)
2. Sign in with username, password and add access token as query param (POST /user/auth?token=[access_token]
3. Call other resources by adding token as query param

# Create new objects
- He uses PUT method in every resources to create new objects

Ugh, retrieving specific data fields nested within several arrays and objects in Javascript/Json jacks me up every fucking time!!!

Anyone ever fuck with the MapQuest geolocation/geoqueries api??

I'm trying to retrieve the lat/lng values out of responses generated from submitted address strings, and it's nested about 8 json layers deep.

I feel like I'm overthinking this?
I can access the values in my web console, and can reach them after using the console to assign them to a temp var, but can't get to the values from my actual js code. Only when I run some business logic from the console.

Here's a shitty example of me explaining the tree:

[{...}]
0:
locations: Array(3)
0:
latLng:
lat: <data here>
lng: <data here)

Need some advise from all you clever devs out there.

When I finished uni I worked for a year at a good company but ultimately I was bored by the topic.

I got a new job at a place that was run by a Hitler wannabee that didn't want to do anything properly including writing tests and any time I improved an area or wrote a test would take me aside to have a go so I quit after 3 months.

Getti g a new job was not that hard but being at companies for short stints was a big issue.

My new job I've been here 3 months again but the code base is a shit hole, no standardisation, no one knows anything about industry standards, no tests again, pull requests that are in name only as clearly broken areas that you comment on get ignored so you might as well not bother, fake agile where all user stories are not user stories and we just lie every sprint about what we finished, no estimates and so forth, and a code base that is such a piece of shit that to add a new feature you have to hack every time. The project only started a few months back.

For instance we were implementing permissions and roles. My team lead does the table design. I spent 4 hours trying to convince him it was not fit for purpose and now we have spent a month on this area and we can't even enforce the permissions on the backend so basically they don't exist. This is the tip of the iceberg as this shit happens constantly and the worst thing is even though I say there is a problem we just ignore it so the app will always be insecure.

None of the team knows angular or wants to learn but all our apps use angular..

These are just examples, there is a lot more problems right from agile being run by people that don't understand agile to sending database entities instead of view models to client apps, but not all as some use view models so we just duplicate all the api controllers.

Our angular apps are a huge mess now because I have to keep hacking them since the backend is wrong.

We have a huge architectural problem that will set us back 1 month as we won't be able to actually access functionality and we need to release in 3 months, their solution even understanding my point fully is to ignore it. Legit.

The worst thing is that although my team is not dumb, if you try to explain this stuff to them they either just don't understand what you are saying or don't care.

With all that said I don't think they are even aware of these issues somehow so I dont think it's on purpose, and I do like the people and company, but I have reached the point that I don't give a shit anymore if something is wrong as its just so much easier to stay silent and makes no difference anyway.

I get paid very well, it's close to home and I actually learn a lot since their skill level is so low I have to pick up the slack and do all kinds of things I've never done much of like release management or database optimisation and I like that.

Would you leave and get a new job?

looking for suggestions for a self hosted CMS. I tried Ghost, and it looks real nice, but there's no option to have just 1 section be private, you can only make the whole thing private. I tried Drupal but honestly it's just way too complicated for what I need, and doesn't look very aesthetically pleasing.
basically, here's the features I'm looking for:
- ability to set privacy/access control on a per-page or per-section basis
- Markdown for content editing
- ability to use regular HTML when needed
- ability to upload content via an API (so that I can publish documentation via my gitlab CI)

OpenSource is fun they said. I being a bored teen thought, ah, another chance to experiment. Discover something new. Now I am into piracy, movies, music, software. If I can get it for free I ain't paying for it. So I went on to GitHub to see what exciting new Repos I could contribute to. I hate already implemented plenty of algorithms in GO for GitHub.com/TheAlgorithms so I was looking something more practical, more beneficial to society. Then I saw it, the perfect repo, not too complex and not amateur. SpotDL/spotify-downloader for downloading songs from Spotify, a grey area coz it's technically piracy. Well not from Spotify, we fetch the info from the Spotify API and search for the songs on YouTubeMusic. They were just about to release v3, a complete rewrite of the codebase stressing code readability and stuff. I spend about a day studying the codebase, trying to findout just where I could make my contribution. I can see outright that there's a huge problem with implementation.

First of all the script spawns 4 processes for downloading songs though you might be downloading only one song. Which means for everytime you run the script you have to wait for 4 other processes to be spawned before any downloading can happen. Sure this is faster when you are downloading more than like 4 songs, but it's actually slower when downloading a single song. But I ignored that coz I assumed that most users download playlists and albums. Anyway we talked with the like lead developer and he was all like, make those PRs anytime you feel like. So I made a really minor first contribution.

I introduced download from Spotify URI functionality, modified like 10 lines of code. I was half expecting that the PR would be merged within hours at most 24 hours coz of how minor of a contribution it was, 5 days in it was pending. So I tagged the lead Dev and he was all appreciative of the PR, calling it real 'clean code' and stuff. 3 more days, the PR is still not merged. I have now stacked 4 more commits to the same PR, I tag the dev and he's like he's waiting to see if my 'feature' will get atleast 10 upvotes so that it can be merged, he links an issue. I go to the issue and my feature is not there, So 11 days after I made my PR I have to write a comment explaining the 'feature' introduced in my PR and then wait for 10 upvotes.

I was like f**k this, I'll just develop on my fork if you want the features on my fork, you will make your own PR! I am so done with OpenSource, development is slow. I have no idea how you guys do it. I can't handle development where I don't have write access.

Many smartphone cameras lack the ability to turn off burst shot mode.

The burst shot feature on smartphone camera software is almost always not helpful, only annoying. All it does is spam the storage with useless near-duplicate photos.

"Then simply don't hold the camera shutter button!"

Sometimes, this happens by accident. Or the phone has an I/O lag in the moment of releasing the shutter button, so the release of the shutter button is not registered and burst mode is initiated after the I/O lag.

The only purpose of burst shot seems to be making many low light photos to find one that is not shaken. Even then, there must be an option to turn it off.

Also, the point-and-shoot intuition of holding the camera shutter button to set focus and exposure, and releasing to capture a photo is far more convenient. On newer phones, that has been replaced with highly annoying burst shots.

"Then use a third-party app that does allow turning off burst mode."

The problem with third-party applications is that they are awfully slow, since they can not be optimized for a specific device like pre-installed camera applications are. This slowness, as one might expect, leads to missed moments.
On some smartphones, third-party applications can not even access all camera features, such as 2160p video recording. Some phones use a proprietary API that can only be accessed with the pre-installed camera app.

Design Decision:
We have an API and a lot of microservices based on that API. Additionally we have a store of protobuf-templates (files to automate serializing certain events etc).
Currently for each service we have the API with general stuff (connection stuff etc) and then copy the 5 or 6 proto-files we need for that service, they update sometimes, so does the API, for each service, two things that need to stay updated. Which option would seem more logical to you?

a) Integrate all proto files into the API. The services then only need to update the API but they also have access to many proto files they don't need for that service (which are required for other services however)

or

b) Keep them seperated and keep manually updating the proto-files for affected services

Disclaimer: our proto files are always backwards compatible by design, both the API and protofiles change fairly frequently.

Ty