[Thursday afternoon on a call...]

Client: Before we get started, can you create a sitescape outlining all of the pages and sections of the new website?

Me: Sure! I'll go through the website and shoot you a full layout in xls format as soon as possible, that way you can easily make notes on what you want added, modified or removed.

[Two hours later...]

Client: Hey, did you build that sitescape yet?

Me: Actually, I've been on back-to-back calls with other clients.

Client: So when are you going to get it done?

Me: Well, I have to go through the current website in it's entirety, which I'm guessing is about 1,000 pages. I have to determine which pages work fine on their own, which need to be combined for better presentation and which should be removed due to redundancy. That's something that is tedious and takes some time to complete. That, in combination with having an existing work queue that I need to fit you within and being at the end of the work week, we're looking at Tuesday morning to have it ready.

Client: "Existing work queue"? This is ridiculous. We're paying you good money to make our project your only priority. If we wanted to wait days for work, we would have saved money and paid for a cheaper service. You're already gouging us as it is! If we don't get the sitescape by end of day Friday, we're going with another company.

Me: I would tell you that I'm sorry for the inconvenience, but I'm not. I'm not going to feed you a line to make you happy. I'm also not going to work on my days off just to rush something out to you. You hired us because you wanted things done right, not quickly. Your current website is the result of not focusing on quality, but by how fast you can deliver it. We don't work that way. We only build quality products.

By rushing your project, not only do we alienate our current clients, affecting our reputation, but we build product of less than the highest quality. That will upset you because it isn't perfect, and it reflects poorly on us to use it in our portfolio.

If you want to hire someone to pump out this project to your unrealistic deadlines, be our guest. But you paid a 50% non-refundable deposit, so not only will you lose money, but your end product will suffer.

I'm going to let you sleep on this. If you decide tomorrow that another direction is the way to go, we wish you luck. But please understand that if we conclude our business, we will no longer make ourselves available for your needs.

Please find the attached contracts you have signed, acknowledging the non-refundable deposit, as well as the project timeline and scope, of which a "sitescape" was never originally mentioned or blocked out for time.

I hope that tomorrow we can move forward in a more professional manner.

[Next morning...]

Client: My apologies for yesterday. We're just very anxious to get this started.

-----

Don't let clients push you around. Make them sign a contract and enforce it whenever necessary.

I don't want to write clean code anymore :(

I read Clean Code, Clean Coder, and watched many uncle bob's videos, and I was able to apply best practices and design patterns
I created many systems that really stood the test of time...

Management was kind enough to introduce me to uncle bob clean code in the first place, letting us watch it during work hours. after like one year, my code improved 400% minimum because I am new and I needed guidance from veterans...

That said, to management I am very slow, compared to this other guy, they ask me for a feature and my answer would be like "sure, we need to update the system because it just doesn't support that right now, it is easy though it would take 2 days tops"

they ask the same thing for the other guy : "ok let me see what I can do", 1 hour later, on slack, he writes : done. he slaps bunch of if-statement and make special case that will serve the thing they asked for.

oh 'cool' they say -> but it doesn't do this -> it needs to do that -> ok there is a new bug,-> it doesn't work in build mode-> it doesn't work if you are logged in as a guest, now its perfect ! -> it doesn't work on Android -> ok it works on android but now its not perfect anymore.

and they feel like he is fast (and to be fair he is), this feature? done. ok new bugs? solved. Android compatibility ? just one day ... it looks like he is doing doing doing.

it ends up taking double the time I asked for, and that is not to mention the other system affected during this entire process, extra clean up that I have to do, even my systems that stood the test of time are now ruined and cannot be extracted to other projects. because he just slaps whatever bools and if statements he needs inside any system, uses nothing but Singleton pattern on everything. our app will never be ready-for-business, this I can swear. its very buggy. and to fix it, it needs a change in mentality, not in code.
---------------

uncle bob said : write your code the right way, and the management will see that your code generates less errors, with time, you will earn respect even though they will feel you are slow at first.

well sorry uncle, I've been doing it for a year, my image got bad, you are absolutely right, only when there is no one else allowed to drop a giant shit inside your clean code.

note: we don't really have a technical lead.
-------------------
its been only two days since my new "hack n' slash" meta, the management is already kind of "impressed" ... so I'll keep hacking and slashing until I find a better job.

I’ve started the process of setting up the new network at work. We got a 1Gbit fibre connection.

Plan was simple, move all cables from old switch to new switch. I wish it was that easy.

The imbecile of an IT Guy at work has setup everything so complex and unnecessary stupid that I’m baffled.
We got 5 older MacPros, all running MacOS Server, but they only have one service running on them.

Then we got 2x xserve raid where there’s mounted some external NAS enclosures and another mac. Both xserve raid has to be running and connected to the main macpro who’s combining all this to a few different volumes.

Everything got a static public IP (we got a /24 block), even the workstations. Only thing that doesn’t get one ip pr machine is the guest network.
The firewall is basically set to have all ports open, allowing for easy sniffing of what services we’re running.

The “dmz” is just a /29 of our ip range, no firewall rules so the servers in the dmz can access everything in our network.

Back to the xserve, it’s accessible from the outside so employees can work from home, even though no one does it. I asked our IT guy why he hadn’t setup a VPN, his explanation was first that he didn’t manage to set it up, then he said vpn is something hackers use to hide who they are.

I’m baffled by this imbecile of an IT guy, one problem is he only works there 25% of the time because of some health issues. So when one of the NAS enclosures didn’t mount after a power outage, he wasn’t at work, and took the whole day to reply to my messages about logins to the xserve.

I can’t wait till I get my order from fs.com with new patching equipment and tonnes of cables, and once I can merge all storage devices into one large SAN. It’ll be such a good work experience.

Microsoft Teams can burn.

Who the fuck thought it would be an excellent workflow, when you want to COLLABORATE IN TEAMS between users in different domains, that each sorry bastard needs to manually log in to a second Teams tenant and loose all the context from their main Teams tenant !?

On random occasions the fucking authentication token expires. I send messages to my team mate in another domain. Three days later I am pissed off because they don't answer. It turns out their authentication token has expired so when they are on their main tenant they don't get any notifications before they manually log in to our tenant as a guest. HOW FUCKING GREAT IS THAT AS A NOTIFICATION SYSTEM ??!

Would it be that fucking difficult to maintain a notification bar with all tenants and note with an exclamation mark or something REALLY FUCKING SIMPLE to hint about an expired token ? It's not like this is magic, Slack does it already.

FUCK !

Product Manager: We’re assigning you to the Guest Checkout project.

I look at the Guest Checkout epic in JIRA and see it only includes frontend scope. Nothing about backend implementation.

I also find an older ticket about guest checkout. It was written by the former Product Manager. It explicitly says our admin switch for guest checkout no longer works because rebuilt checkout to use react. Why does no one bother to check the backlog??? I found this just by searching “guest checkout.”

Me: Um, our website doesn’t support guest checkout.

PM: What?! But the admin has a guest checkout option that can be turned on and off.

Me: Those admin options only apply if you’re still using the out-of-the-box solution for the e-commerce platform. Remember how we rebuilt checkout using React? We didn’t build it to support guest checkout. That admin switch doesn’t work anymore. We can ask a backend dev to confirm.

I check the code. The code that relates to the admin switch for guest checkout no longer exists. It’s a dead switch.

BE Dev: We made a lot of customizations since we purchased the e-commerce solution. So yeah, that guest checkout switch doesn’t work.

PM: [to me] …Our BE devs are busy with other projects. Can you do the backend for guest checkout?

😳

Me: You realize I’m just a frontend dev with only some backend knowledge, right? I’m not even close to fullstack. And you want me to architect an entire guest checkout flow? That will work with our current checkout experience? And that is HIPPA compliant? On top of doing the frontend?

In today's episode of kidding on SystemD, we have a surprise guest star appearance - Apache Foundation HTTPD server, or as we in the Debian ecosystem call it, the Apache webserver!

So, imagine a situation like this - Its friday afternoon, you have just migrated a bunch of web domains under a new, up to date, system. Everything works just fine, until... You try to generate SSL certificates from Lets Encrypt.

Such a mundane task, done more than a thousand times already... Yet... No matter what you do, nothing works. Apache just returns a HTTP status code 403 - Forbidden.

Of course, what many folk would think of first when it came to a 403 error is - Ooooh, a permission issue somewhere in the directory structure!

So you check it... And re-check it to make sure... And even switch over to the user the webserver runs under, yet... You can access the challenge just fine, what the hell!

So you go deeper... And enable the most verbose level of logging apache is capable of - Trace8. That tells you... Not a whole lot more... Apparently, the webserver was unable to find file specified? But... Its right there, you can see it!

So you go another step deeper and start tracing the process' system calls to see exactly where it calls stat/lstat on the file, and you see that it... Calls lstat and... It... Returns -1? What the hell#2!

So, you compile a custom binary that calls lstat on the first argument given and prints out everything it returns... And... It works fine!

Until now, I chose to omit one important detail that might have given away the issue to the more knowledgeable right away. Our webservers have the URL /.well-known/acme-challenge/, used for ACME challenges, aliased somewhere else on the filesystem - To /tmp/challenges.

See the issue already?

Some *bleep* over at the Debian Package Maintainer group decided that Apache could save very sensitive data into /tmp, so, it would be for the best if they changed something that worked for decades, and enabled a SystemD service unit option "PrivateTmp" for the webserver, by default.

What it does is that, anytime a process started with this option enabled writes to /tmp/*, the call gets hijacked or something, and actually makes the write to a private /tmp/something/tmp/ directory, where something... Appeared as a completely random name, with the "apache2.service" glued at the end.

That was also the only reason why I managed fix this issue - On the umpteenth time of checking the directory structure, I noticed a "systemd-private-foobarbas-apache2.service-cookie42" directory there... That contained nothing but a "tmp" directory with 777 as its permission, owned by the process' user and group.

Overriding that unit file option finally fixed the issue completely.

I have just one question - Why? Why change something that worked for decades? I understand that, in case you save something into /tmp, it may be read by 3rd parties or programs, but I am of the opinion that, if you did that, its only and only your fault if you wrote sensitive data into the temporary directory.

And as far as I am aware, by default, Apache does not actually write anything even remotely sensitive into /tmp, so...

Why. WHY!
I wasted 4 hours of my life debugging this! Only to find out its just another SystemD-enabled "feature" now!

And as much as I love kidding on SystemD, this time, I see it more as a fault of the package maintainers, because... I found no default apache2/httpd service file in the apache repo mirror... So...

You do too much web-engineering when you read / sing the wrong thing...

We run 20.04 Ubuntu at work with fucking Gnome. I thought to myself "by now I should be able to easily make a desktop/launcher icon". Nope, fucking dark ages. What a pos window manager.

At work we have 2 networks. One is guest and one is for our work computers. I was trying to put a computer on the guest network to limit access to a vendor. I noticed when I logged in I could see all the computers on the work network. Surely this isn't so? I check on another computer on guest network. Yep I can see all the same servers and machines. Guest network has easily guessable password. How the fuck do you mess that up? We have someone doing IT work now. People were unsure if we needed dedicated IT. This is just another example of yes we fucking do need a dedicated IT person. Laughing and shaking head. It is not like we ever have foreign nationals from tentatively adversarial nations here...

I got past the barrier in Avorion on a normal play through. Was harder than in the past. I had already befriended a civilization that existed behind the barrier. So getting higher tech levels just cost about 15M credits. Avorion is getting better as a game over time. I like the economy sim and building stuff to make passive income in game.

!rant from a support guy

I was tasked to migrate an Exchange 2003 server (yes, those are still used) for an upcoming Office 365 deployment. There are no direct upgrade path from one another, as far as we know

My task was to export PSTs from mailboxes. Great, a native tool exist for that in 2003 (exmerge). But only for less than 2 GB mailboxes because ANSI/Unicode! Half of our mailbox busts that limit. Oh, it seems Exchange 2007 has a PowerShell command for exporting to PST as well! But pre-SP3, that command relies on a local installation of Outlook on the server (DAFUQ), and has been superseded by another "standalone" powershell command. So I install a bogus Windows 2012 server only for that purpose, with Exchange Management Tools (which, by the way, is bundled with the Exchange installation setup and REQUIRES to have IIS installed on the target machine. Also, if you install ONLY the Exchange 2007 Management Tools and wish to uninstall them afterwards, you can't because the uninstaller wants me to select an Exchange Role to remove, which are all unchecked in my tools-only setup). Never worked, and Google-fu says that the newer Exchange 2007 New-MailboxExportRequest command seems to have removed Exchange 2003 support.

So i'm back to installing a pre-SP3 Exchange 2007. Then the older Export-Mailbox powershell command whines about 64bits and 32bit incompatiblity-- actually I ***HAVE*** to have the whole OS/software stack 32bit ONLY. Don't ask me why!

Some article I found says I could fire up an XP virtual machine for that, I go for Win 7 x86. "Sorry, Microsoft Exchange won't be installed on a workstation environment because reasons." All right then, let's go for an old Windows Server 2003 x86. Have you tried to boot this up in an Hyper-V environment where mouse and keyboard support for Windows Server 2003 are apparently optional? No keyboard AND mouse events sent to the guest machine at all.

* Sigh *, let's use a Windows Server 2008, but WATCH OUT! Microsoft has discontinued x86 support on their W2008 R2 release, so non-R2 for me. Even then, mouse event wasn't sent until I installed guest additions.

After all, export-mailbox ended up working, but that costed me two days of banging my head against the wall. (Oh, and I take internal calls inbetween as well...)

And that's why I aspire to be a programmer. Thank you for nothing, Microsoft!