Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "that one piece of documentation"
-
Finally did it. Quit my job.
The full story:
Just came back from vacation to find out that pretty much all the work I put at place has been either destroyed by "temporary fixes" or wiped clean in favour of buggy older versions. The reason, and this is a direct quote "Ari left the code riddled with bugs prior to leaving".
Oh no. Oh no I did not you fucker.
Some background:
My boss wrote a piece of major software with another coder (over the course of month and a balf). This software was very fragile as its intention was to demo specific features we want to adopt for a version 2 of it.
I was then handed over this software (which was vanilajs with angular) and was told to "clean it up" introduce a typing system, introduce a build system, add webpack for better module and dependency management, learn cordova (because its essential and I had no idea of how it works). As well as fix the billion of issues with data storage in the software. Add a webgui and setup multiple databses for data exports from the app. Ensure that transmission of the data is clean and valid.
What else. This software had ZERO documentation. And I had to sit my boss for a solid 3hrs plus some occasional questions as I was developing to get a clear idea of whats going on.
Took a bit over 3 weeks. But I had the damn thing ported over. Cleaned up. And partially documented.
During this period, I was suppose to work with another 2 other coders "my team". But they were always pulled into other things by my Boss.
During this period, I kept asking for code reviews (as I was handling a very large code base on my own).
During this period, I was asking for help from my boss to make sure that the visual aspect of the software meets the requirements (there are LOTS of windows, screens, panels etc, which I just could not possibly get to checking on my own).
At the end of this period. I went on vacation (booked by my brothers for my bday <3 ).
I come back. My work is null. The Boss only looked at it on the friday night leading up to my return. And decided to go back to v1 and fix whatever he didnt like there.
So this guy calls me. Calls me on a friggin SUNDAY. I like just got off the plane. Was heading to dinner with my family.
He and another coder have basically nuked my work. And in an extremely hacky way tied some things together to sort of work. Moreever, the webguis that I setup for the database viewing. They were EDITED ON THE PRODUCTION SERVER without git tracking!!
So monday. I get bombarded with over 20 emails. Claiming that I left things in an usuable state with no documentation. As well as I get yelled at by my boss for introducing "unnecessary complicated shit".
For fuck sakes. I was the one to bring the word documentation into the vocabulary of this company. There are literally ZERO documentated projects here. While all of mine are at least partially documented (due to lack of time).
For fuck sakes, during my time here I have been basically begging to pull the coder who made the admin views for our software and clean up some of the views so that no one will ever have to touch any database directly.
To say this story is the only reason I am done is so not true.
I dedicated over a year to this company. During this time I saw aspects of this behaviour attacking other coders as well as me. But never to this level.
I am so friggin happy that I quit. Never gonna look back.14 -
Things have been a little too quiet on my side here, so its time for an exciting new series:
practiseSafeHex's new life as a manager.
Episode 1: Dealing with the new backend team
It's great to be back folks. Since our last series where we delved into the mind numbing idiocy of former colleagues, a lot has changed. I've moved to a new company and taken a step up as a Dev manager / Tech lead. Now I know what you are all thinking, sounds more dull and boring right? Well it wouldn't be a practiseSafeHex series if we weren't ...
<audience-shouting>
DEALING! ... WITH! ... IDIOTS!
</audience-shouting>
Bingo! so lets jump right in and kick us off with a good one.
So for the past few months i've been on an on-boarding / fact finding / figuring out this shit-storm, mission to understand more about what it is i'm suppose to do and how to do it. Last week, as part of this, I had the esteemed pleasure of meeting face to face with the remote backend team i've been working with. Lets rattle off a few facts to catch us all up:
- 8 hour time difference to me
- No documentation other than a non-maintained swagger doc
- Swagger is reporting errors and several of the input models are just `Type: String`
- The one model that seems accurate, has every property listed as optional, including what must be the primary key
- Properties go missing and get removed at the drop of a hat and we are never told.
- First email I sent them took 27 days to reply, my response to that hasn't been answered so far 31 days later (new record! way to go team, I knew we could do it!!!)
- I deal directly with 2 of them, the manager and the tech lead. Based on how things have gone so far, i've nick named them:
1) Ass
2) Hole
So lets look at some example of their work:
- I was trying to test the new backend, I saw no data in QA. They said it wouldn't show up until mid day their time, which is middle of the night for us. I said we need data in our timezone and I was told: a) "You don't understand how big this system is" (which is their new catch phrase) b) "Your timezone is not my concern"
- The whole org started testing 2 days later. The next day a member from each team was on a call and I was asked to give an update of how the testing was going on the mobile side. I said I was completely blocked because I can't get test data. Backend were asked to respond. They acknowledged they were aware, but that mobile don't understand how big the system is, and that the mobile team need to come up with ideas for the backend team, as to how mobile can test it. I said we can't do anything without test data, they said ... can you guess what? ... correct "you don't understand how big the system is"
- We eventually got something going and I noticed that only 1 of the 5 API changes due on their side was done. Opened tickets. 2 days later asked them for progress and was told that "new findings" always go to the bottom of the backlog, and they are busy with other things. I said these were suppose to be done days ago. They said you can't give us 2 days notice and expect everything done. I said the original ticket was opened a month a go *sends link* ......... *long silence* ...... "ok, but you don't understand how big the system is, this is a lot of work"
- We were on a call. Product was asking the backend manager (aka "Ass") a question about a slight upgrade to the new feature. While trying to talk, the tech lead (aka "Hole") kept cutting everyone off by saying loudly "but thats not in scope". The question was "is this possible in the future" and "how long would it take", coming from management and product development. Hole just kept saying "its not in scope", until he was told to be quiet by several people.
- An API was sending down JSON with a string containing a message for the user with 2 bits of data inside it. We asked for one of those pieces to also come down as a property as the string can change and we needed it client side. We got that. A few days later we found an edge case and asked for the second piece of data to be a property too. Now keep in mind, they clearly already have access to them in order to make the string. We were told "If you keep requesting changes like this, you are going to delay the release of the backend by up to 2 weeks"
Yes folks, there you have it, the most minuscule JSON modifications, can delay your release by up to 2 weeks ........ maybe I should just tell product, that they don't understand how big the app is, and claim we can't build it on our side? Seems to work for them
Thats all the time we have for today,
Tune in for more, where we'll be looking into such topics as:
- If god himself was an iOS developer ... not
- Why automate when you can spend all day doing it by hand
- Its more time-efficient to just give everything a story point of 5
- Why waste time replying to emails ... when you can do nothing instead
See you all next week,
practiseSafeHex13 -
The world makes no fucking sense.
In 2013 I had a manager approve a couple days' leave coz my son was having medical issues.
He was super nice about it and told me I could take as much time as I needed. I said, a couple days is enough. I took Thursday and Friday off. I took two days.
On Monday, an emergency meeting was held with the CTO (it was a small company, it went me -> manager -> C suite). I was told that a production deployment happened on Friday that fucked up a few clients' systems and that it had cost said clients hundreds of thousands dollars and are now suing the company.
Turns out on Friday, lead developer was also given the day off for whatever reason and I was being scolded because as the next senior developer, it was my responsibility to review code and make sure shit like this doesn't happen.
I agreed (and still agree) but also explained I had already filed leave weeks prior and I wasn't informed about dev lead's absence. Sure I could've checked my messages but my kid was in the hospital and I was busy. Still I couldn't help but feel a little guilty.
Manager holds a separate meeting with me and talks me into just writing an apology note in the email chain and he'll do the rest of the talking for me and make sure I get minimal punishment. I trusted him, he was the one who found me and brought me into the company (I know, I was naive).
So I wrote the email. It was a small note. I apologized for not checking messages and explained my situation again and mentioned I would've definitely checked if I was informed that the lead dev would be away.
Another meeting was held the next day and after pleasantries the Manager started with this, "Ok so we've all seen the email and understand that this was all Angry's fault right?".
Now, we're not native English speakers and Manager doesn't really do well with grammar. I was alarmed by what he said but wasn't angry because I was pretty sure that's not what he meant. I'm sure he meant to say that "Angry feel's guilty but his actions were understandable given the circumstance" or that he forgot a "not" in there and really meant "not Angry's fault". Surely this is what he meant to say. Right?
But then the rest of the meeting went on and I was unceremoniously let go. Immediately for "failing to accomplish my tasks and costing the client 100Ks of dollars". I wasn't even given a chance to say anything else.
The meeting ended and since we were both in the office, Manager approached me with exit papers and a check (~1200 USD)--it was my month's pay. I was asked to leave that day and was told I didn't need to come back. No handovers, no knowledge transfers, not a even a documentation of open projects I was handling.
I realized I just was made the scapegoat by a management screwup that costed our clients a lot of money.
Of course, I wrote the CEO multiple emails the next couple days. I also cc'd the CTO. No response.
A couple of weeks pass, I get another job at a cool company and i promptly move on.
I write this story now because I just found out today that in 2016, Manager was let go by the company for **sexual harassment**. Apparently, he actually did it too according to friends I still had within the company.
Here's where it gets fucked up. He turns and sues the company for unlawful termination and I guess to avoid a long legal battle? the company settled. They fucking settled and handed this man 2 Million PHP (at the time about 40k USD).
2 fucking million. Life changing money around here. And he got it by being a slimy piece of shit.
The world makes no fucking sense.10 -
TLDR: Small family owned finance business woes as the “you-do-everything-now” network/sysadmin intern
Friday my boss, who is currently traveling in Vegas (hmmm), sends me an email asking me to punch a hole in our firewall so he can access our locally hosted Jira server that we use for time logging/task management.
Because of our lack of proper documentation I have to refer to my half completed network map and rely on some acrobatic cable tracing to discover that we use a SonicWall physical firewall. I then realize asking around that I don’t have access to the management interface because no one knows the password.
Using some lucky guesses and documentation I discover on a file share from four years ago, I piece together the username and password to log in only to discover that the enterprise support subscription is two years expired. The pretty and useful interface that I’m expecting has been deactivated and instead of a nice overview of firewall access rules the only thing I can access is an arcane table of network rules using abbreviated notation and five year old custom made objects representing our internal network.
An hour and a half later I have a solid understanding of SonicWallOS, its firewall rules, and our particular configuration and I’m able to direct external traffic from the right port to our internal server running Jira. I even configure a HIDS on the Jira server and throw up an iptables firewall quickly since the machine is now connected to the outside world.
After seeing how many access rules our firewall has, as a precaution I decide to run a quick nmap scan to see what our network looks like to an attacker.
The output doesn’t stop scrolling for a minute. Final count we have 38 ports wide open with a GOLDMINE of information from every web, DNS, and public server flooding my terminal. Our local domain controller has ports directly connected to the Internet. Several un-updated Windows Server 2008 machines with confidential business information have IIS 7.0 running connected directly to the internet (versions with confirmed remote code execution vulnerabilities). I’ve got my work cut out for me.
It looks like someone’s idea of allowing remote access to the office at some point was “port forward everything” instead of setting up a VPN. I learn the owners close personal friend did all their IT until 4 years ago, when the professional documentation stops. He retired and they’ve only invested in low cost students (like me!) to fill the gap. Some kid who port forwarded his home router for League at some point was like “let’s do that with production servers!”
At this point my boss emails me to see what I’ve done. I spit him back a link to use our Jira server. He sends me a reply “You haven’t logged any work in Jira, what have you been doing?”
Facepalm.4 -
Overheating The Javascript Ecosystem
Paranoid thought: You know, in the course of every day, being the corrupt piece of shit that I am, whenever I see a scandal or what looks like shenanigans-in-the-making, I ask myself
"Wisecrack, is this a fucking scam or con of some sort?"
I was recently asking myself this about javascript.
Not the language per se, but the ecosystem.
I noticed how there are a thousand CLIs for simple shit. Another four thousand for page long libraries, for simpleton level shit (because prototypes are designed after satans own aborted love-child of object models). I noticed another eight thousand guys imitating steve jobs, talking at conferences and 'change the world' high-on-huffing-my-own-shit TEDX talks like rubyists that don't realize the world has moved on, all to hawk books and inflate CVs for cushy positions at major tech firms and the herd of dicksuckers following the next fad off a cliff like lemmings. And another eight thousand 'tech journalists' pushing them off the cliff while begging for outrage and hype dollars and slowly circling like vultures above the drain that is the ad-based economy.
And I thought to myself.
"Wisecrack, who benefits from all this noisy self-indulgent horseshit? Where is all the money coming from for all these books, conferences, meetings, publications, media, bread, and circuses?"
"I don't know wisecrack. But if I were the CEO of a big company, threatened by the prospect of a universal language, or universal platform, like flash, but one I couldn't kill like flash, I would try to do the most corrupt thing I could think of."
"Whats that wisecrack?"
"I would try to 'overheat' the ecosystem by selectively hiring people from that ecosystem, pumping money into a boatload of similar products, all in the hopes of provoking the equivalent of an immune overreaction, imitators all flooding the ecosystem with the same shit in different packages, self promoting sycophants, aggrenadizing social media idiots, tools sold as tools, hyped as 'the next coming of steve jobs', overcooked shit that focuses on ceremony over functionality, ritual over productivity, documentation over innovation like some sort of amazonion infinite nesting doll hellscape of documents linking to documents linking to documents, each one a new circle of dantes inferno, where the definition of anything links to another document that says "see also xyz", and I would convince them that they had done it to themselves."
And then I would push typescript as their lord, savior, and master. "
"How do you know all this wisecrack?"
"Because I am a piece of shit, and, this is what I would do in any executive's shoes."10 -
We are a small size product based company. There was a change in management a year back and the new management decided to fire the entire engineering team one by one. I was hired as full time back-end developer (C++). Just after I joined they removed the last 2 engineers from the previous regime and handed over devops and Python API development to me as well.
There was no documentation for the main product which was a sophisticated piece of software. There were no comments in the code as well. I had to go through line by line (roughly 100,000 lines of code).
Then they decide to hire more devs.Turned out to be false hope. They hired interns who had no programming knowledge.
Now they got two clients who are interested in using the service. They lured them using empty promises. The product is not stable. The cloud infrastructure is not at all ready. The APIs are a mess. I don't know which one to work on.
Worst part is that there is no other technical person in the office.
I'm thinking about quitting now. I don't know why I haven't already.😖😖4 -
I'm getting more and more triggered by my colleagues overusing words in seemingly random fashion.
The word 'perspective' comes up at least 6 times during a meeting, from an x perspective, from a y perspective. It would be fine in a design meeting but it's used _so fucking much_ I cringe every time I hear it.
Another one is 'standard', that gets put in front of every word nowadays, standard process, standard protocol, standard machine, standard pipeline. What does it mean? No clue, what does it add? Nothing.
'Please put this add the standard location.'
Where?
'The default one'
What?!
I remove it from documentation every chance I get.
Furthermore, some documentation changes make small pieces of information super long. A nice summary list of features? Make it at least 3 sentences for every bullet point. 1-sentence info with a reference link to more info? Scratch that let's include all information in that reference paragraph anyway. Sometimes they even expand English expressions for no reason, making them longer and harder to read.
WHYYYY
We always complain about shit documentation and yet we're oblivious to the fact that our own docs are so bloated. Stop repeating information, stop using useless adjectives, just put it all in 1 sentence and add dozens of code examples. One piece of code says more than a billion words.
I'm not innocent either. As a teen I was great at writing long pieces of text that seemed like a great read but were actually way too bloated for the information I needed to convey. It was great for reaching word limits.
Now I'm trying my absolute best to be as concise and to-the-point as possible because I know that nobody likes reading and people just want the information that they're looking for.
Even this rant is overly long, but thank god that it's just a rant and I can let off some steam.
Btw same thing goes for diagrams, too many icons, too much text, too many lines. When I try to submit a clean-as-fuck diagram I get asked to add more info/features to which I say No, we're already at the max.
I even got a PR for review that made some changes to add unnecessary information, I pointed it out and never heard anything from them again. I rejected the PR, and never saw a new one.
* Sigh *
It's just so strange to me, it's never clear to me why these things happen. I'm too much of a coward to point these things out unless they endanger the quality of the product. But maybe they just need somebody to tell it to them.6 -
Still dealing with the web department and their finger pointing after several thousand errors logged.
SeniorWebDev: “Looks like there were 250 database timeout errors at 11:02AM. DBAs might want to take a look.”
I look at the actual exceptions being logged (bulk of the over 1,600 logged errors)..
“Object reference not set to an instance of an object.”
Then I looked the email timestamp…11:00AM. We received the email notification *before* the database timeout errors occurred.
I gather some facts…when the exceptions started, when they ended, and used the stack trace to find the code not checking for null (maybe 10 minutes of junior dev detective work). Send the data to the ‘powers that be’ and carried on with my daily tasks.
I attached what I found (not the actual code, it was changed to protect the innocent)
Couple of hours later another WebDev replied…
WebDev: “These errors look like a database connectivity issue between the web site and the saleitem data service. Appears the logging framework doesn’t allow us to log any information about the database connection.”
FRACK!!...that Fracking lying piece of frack! Our team is responsible for the logging framework. I was typing up my response (having to calm down) then about a minute later the head DBA replies …
DBA: “Do you have any evidence of this? Our logs show no connectivity issues. The logging framework does have the ability to log an extensive amount of data regarding the database transaction. Database name, server, login, command text, and parameter values. Everything we need to troubleshoot. This is the link to the documentation …. If you implement the one line of code to gather the data, it will go a long way in helping us debug performance and connectivity issue. Thank you.”
DBA sends me a skype message “You’re welcome :)”
Ahh..nice to see someone else fed up with their lying bull...stuff. -
Scrum master asks how I'm doing and how I'm finding the project I'm working with.
I complain about the lack of documentation and that it kills me (well, kills my brain with increased migraines) due to my Asperger's as I need CLEAR instructions and not ~something~ I need to piece together from asking from 5-10 different people who all know some minor part of the final answer.
"*You* could do the documentation, lankku, while you're figuring it out!"
Just...FML.
And the reason I was trying to find out this one thing related to a completely different repo I have never worked on was because I was trying to write documentation for something totally different that just needs a login redirect from this different repo. <.<6 -
I'm so done with flutter.
I wanted to give it a little try by rewriting a small android project I wrote a few years back. It brings some nice concepts especially when it comes to UI related programming but that's all I can really compliment it for. It's nothing more than something to play with as it is right now.
Also I think this text will be hidden behind the read more. Did I successfully bait you with that cat?
The things I truly hate about it:
The ide integration makes me wanna use eclipse again. At least most nonsensical error messages disappear after saving the document on eclipse.
.
Wanna generate a new function? Yeah, let me just place it RIGHT INSIDE THIS FUCKING IMPORT STATEMENT
Over at Google: Let's just rename everything from java slightly different and put it in nonsensical context so that you have to learn all of it again. Also why don't we make it so that the code suggestions only suggest things you already imported, so that you have to look up every little piece shit feature.
When it comes to databases, I must say, I had more fun working with PHP and mysql than with sqFUCKlite. Throwing away the Room components for that? What a joke...
I already said what i think about the syntax here an devrant but I'm more than happy to repeat it here:
The syntax looks like someone looked at C#, Java and JavaScript and then decided to vomit the worst parts of it into a programming language. I can't really classify anything original about it. There are clear inspirations, but they are confusingly mashed together with the other languages making this one nuts of a language.
Android SDK documentation is a blessing in comparison to whatever the fuck flutter tries to do.
I don't think I'll want top touch that Google side project again within the next few years, if it hasn't been replaced with a new side project like billiard by then.3 -
I used to think that I had matured. That I should stop letting my emotions get the better of me. Turns out there's only so much one can bottle up before it snaps.
Allow me to introduce you folks to this wonderful piece of software: PaddleOCR (https://github.com/PaddlePaddle/...). At this time I'll gladly take any free OCR library that isn't Tesseract. I saw the thing, thought: "Heh. 3 lines quick start. Cool.", and the accuracy is decent. I thought it was a treasure trove that I could shill to other people. That was before I found out how shit of a package it is.
First test, I found out that logging is enabled by default. Sure, logging is good. But I was already rocking my own logger, and I wanted it to shut the fuck up about its log because it was noise to the stuffs I actually wanted to log. Could not intercept its logging events, and somehow just importing it set the global logging level from INFO to DEBUG. Maybe it's Python's quirk, who knows. Check the source code, ah, the constructors gaves `show_log` arg to control logging. The fuck? Why? Why not let the user opt into your logs? Why is the logging on by default?
But sure, it's just logging. Surely, no big deal. SURELY, it's got decent documentation that is easily searchable. Oh, oh sweet summer child, there ain't. Docs are just some loosely bundled together Markdowns chucked into /doc. Hey, docs at least. Surely, surely there's something somewhere about all the args to the OCRer constructor somewhere. NOPE! Turns out, all the args, you gotta reference its `--help` switch on the command line. And like all "good" software from academia, unless you're part of academia, it's obtuse as fuck. Fine, fuck it, back to /doc, and it took me 10 minutes of rummaging to find the correct Markdown file that describes the params. And good-fucking-luck to you trying to translate all them command line args into Python constructor params.
"But PTH, you're overreacting!". No, fuck you, I'm not. Guess whose code broke today because of a 4th number version bump. Yes, you are reading correctly: My code broke, because of a 4th number version bump, from 2.6.0.1, to 2.6.0.2, introducing a breaking change. Why? Because apparently, upstream decided to nest the OCR result in another layer. Fuck knows why. They did change the doc. Guess what they didn't do. PROVIDING, A DAMN, RELEASE NOTE. Checked their repo, checked their tags, nothing marking any releases from the 3rd number. All releases goes straight to PyPI, quietly, silently, like a moron. And bless you if you tell me "Well you should have reviewed the docs". If you do that for your project, for all of your dependencies, my condolences.
Could I just fix it? Yes. Without ranting? Yes. But for fuck sake if you're writing software for a wide audience you're kinda expected to be even more sane in your software's structure and release conventions. Not this. And note: The people writing this, aren't random people without coding expertise. But man they feel like they are.5 -
Got one right now, no idea if it’s the “most” unrealistic, because I’ve been doing this for a while now.
Until recently, I was rewriting a very old, very brittle legacy codebase - we’re talking garbage code from two generations of complete dumbfucks, and hands down the most awful codebase I’ve ever seen. The code itself is quite difficult to describe without seeing it for yourself, but it was written over a period of about a decade by a certifiably insane person, and then maintained and arguably made much worse by a try-hard moron whose only success was making things exponentially harder for his successor to comprehend and maintain. No documentation whatsoever either. One small example of just how fucking stupid these guys were - every function is wrapped in a try catch with an empty catch, variables are declared and redeclared ten times, but never used. Hard coded credentials, hard coded widths and sizes, weird shit like the entire application 500ing if you move a button to another part of the page, or change its width by a pixel, unsanitized inputs, you name it, if it’s a textbook fuck up, it’s in there, and then some.
Because the code is so damn old as well (MySQL 8.0, C#4, and ASP.NET 3), and utterly eschews the vaguest tenets of structured, organized programming - I decided after a month of a disproportionate effort:success ratio, to just extract the SQL queries, sanitize them, and create a new back end and front end that would jointly get things where they need to be, and most importantly, make the application secure, stable, and maintainable. I’m the only developer, but one of the senior employees wrote most of the SQL queries, so I asked for his help in extracting them, to save time. He basically refused, and then told me to make my peace with God if I missed that deadline. Very helpful.
I was making really good time on it too, nearly complete after 60 days of working on it, along with supporting and maintaining the dumpster fire that is the legacy application. Suddenly my phone rings, and I’m told that management wants me to implement a payment processing feature on the site, and because I’ve been so effective at fixing problems thus far, they want to see it inside of a week. I am surprised, because I’ve been regularly communicating my progress and immediate focus to management, so I explain that I might be able to ship the feature by end of Q1, because rather than shoehorn the processor onto the decrepit piece of shit legacy app, it would be far better to just include it in the replacement. I add that PCI compliance is another matter that we must account for, and so there’s not a great chance of shipping this in a week. They tell me that I have a month to do it…and then the Marketing person asks to see my progress and ends up bitching about everything, despite the front end being a pixel perfect reproduction. Despite my making everything mobile responsive, iframe free, secure and encrypted, fast, and void of unpredictable behaviors. I tell her that this is what I was asked to do, and that there should have been no surprises at all, especially since I’ve been sending out weekly updates via email. I guess it needed more suck? But either way, fuck me and my two months of hard work. I mean really, no ego, I made a true enterprise grade app for them.
Short version, I stopped working on the rebuild, and I’m nearly done writing the payment processor as a microservice that I’ll just embed as an iframe, since the legacy build is full of those anyway, and I’m being asked to make bricks without straw. I’m probably glossing over a lot of finer points here too, just because it’s been such an epic of disappointment. The deadline is coming up, and I’m definitely going to make it, now that I have accordingly reduced the scope of work, but this whole thing has just totally pissed me off, and left a bad taste about the organization.9 -
The dangers of PHP eval()
Yup. "Scary, you better make use of include instead" — I read all the time everywhere. I want to hear good case scenarios and feel safe with it.
I use the eval() method as a good resource to build custom website modules written in PHP which are stored and retrieved back from a database. I ENSURED IS SAFE AND CAN ONLY BE ALTERED THROUGH PRIVILEGED USERS. THERE. I SAID IT. You could as well develop a malicious module and share it to be used on the same application, but this application is just for my use at the moment so I don't wanna worry more or I'll become bald.
I had to take out my fear and confront it in front of you guys. If i had to count every single time somebody mentions on Stack Overflow or the comments over PHP documentation about the dangers of using eval I'd quit already.
Tell me if I'm wrong: in a safe environment and trustworthy piece of code is it OK to execute eval('?>'.$pieceOfCode); ... Right?
The reason I store code on the database is because I create/edit modules on the web editor itself.
I use my own coded layers to authenticate a privileged user: A single way to grant access to admin functions through a unique authentication tunnel granting so privileged user to access the editor or send API requests, custom htaccess rules to protect all filesystem behind the domain root path, a custom URI controller + SSL. All this should do the trick to safely use the damn eval(), is that right?!
Unless malicious code is found on the code stored prior to its evaluation.
But FFS, in such scenario, why not better fuck up the framework filesystem instead? Is one password closer than the database.
I will need therapy after this. I swear.
If 'eval is evil' (as it appears in the suggested tags for this post) how can we ensure that third party code is ever trustworthy without even looking at it? This happens already with chrome extensions, or even phone apps a long time after reaching to millions of devices.11 -
The worst technology i had to deal with was probably a piece of hardware. It was a mini-pc combined with sensors and digital IOs and thus, it should have been able to do process control all by itself.
At that time, there was hardware that did that, but this one had an intel cpu, windows embedded and some powerful libraries pre-installed.
Sounds good, didn't work. The thing was so unstable and buggy and crashed on everything. The sensor part had lots of parameters and the right order was trial and error, documentation didn't match behavior, fixes promised but never delivered.
Lucky for us: it was just a demokit, no real project.
I still remember it with a smile. We got in contact to that company at a trade fair and they had most impressive booth. I also remember their companies image movie from their homepage with developers in dark labs with holographic monitors and the boss in his shiny bright office as he looked out of the window and quoted a famous german author.
Hilarious and sad. :-)2 -
When you find that one critical piece of documentation that you need causally mentioned in a github comment somewhere. They'll never know how happy they made me :D
-
Being victim of an arbitrary worplace's culture on dev experience and documentation makes me a very frustrated dev.
Often I do want to document, and by that, I don't mean laying an inline comment that is exactly the function's name, I mean going full technical writer on steroids. I can and WILL get very verbose, yes, explaining every single way you can use a service - no matter how self explanatory the code might look.
I know developers (and me included) can, and sometimes will, write the best variable and function names at the time, wondering if they reached the peak of clean, DRY code that would make Robert Martin have a seizure and piss himself, only to find weeks later after working on something else that their work is unreadable. Of course.
I know the doc's public, it's me, and I've done this.
But then again explain for the people in the back how the FUUUUCK are we meant to suggest improvements, when we are not the ones who are prioritising features and shit WITH the business?
Just email me when the fucking team recycles, and no new team member knows how to even setup the IDEs because this huge piece of monumental shit called CompanyTM is also run by VPN. Fuck, no one wants to access that garbage, you have no docs.
I once tried setting up a culture for documentation. I did an herculean amount of work studying what solutions were internally homologated, how steep the learning curve would be from what we had at the moment (NOTHING, WE HAD FUCKING NOTHING, jesus christ, I even interviewed SEVENTEEN other squads to PROVE they FUCKING NEED
DOCS
TO WORK
You know what happened to that effort?
It had a few "clap" reactions on a Teams meeting and it never reached the kanban.
It didn't even made it to backlog.
I honestly hope that, someday, an alien fenomenon affects the whole company, making their memories completely reset, only to have the first one - after the whole public ordeal on why our brains became milkshake -, to say: "oh, boy, I wish we had documented this".
Then I will bring them to the back and shoot them. -
Bugs are good in code. It shows that you're Human. You make mistakes. And you're willing to correct them.
But when they're someone else's bugs in a piece of code they didn't give a flying fuck about documentation, bugs can tick one off. The bigger the project, the better the documentation needs to be. And I'm not taking about java docs. Put proper comments in your code. Especially when it's not a personal project and you fully intend to leave the company. -
!rant
finally after months and months of just planning and doing boring stuff a piece of code that was really just fun to code and plan for some days:
i just wrote my first "real" parser for a simple DSL. so much fun! i just really can recommend that to everybody.
i've use a parser combinator. the concept of this parser combinator ist to combine simple parsers (like when it starts with a number or a "-" and continues with numbers then its an integer etc) into a big one. i've written it in c# and used "Sprache" first and after some time i switch to "Superpower". a really great lib, but lacks a bit of documentation. anyway, i've your're interested in these things and want learn how your "daily code" gets parsed i would recommend that to you! :)
greetings to all fellow devRanters and happy coding / parsing! :)1 -
Today I realized that compilers are children, and must be treated as such. Generally, you might tend to expect a language to follow the same rules consistently, but oh how wrong you are, my sweet summer child.
I have a framework that I've been reusing across several personal Unity3d projects for a while, and all was well. This week, I was tasked with creating a PoC that combines a web app with Unity WebGL for data visualization. My framework has a ton of useful stuff helped me create the PoC very quickly, and all was well.
Come 3 days ago and there's one last piece that isn't working for some reason. It almost appears that this one bit of code isn't executing at all. Today, after countless hours of swearing at the computer and banging my head against the wall, I realized that the WebGL compiler has a different implementation for the method that checks assignability of types. An implementation that has different rules than everything else. An implementation that has no documentation about this discrepancy anywhere. I have no words.
tl;dr: The language changed the rules on me. Fuck me right?1 -
So, the story starts with me getting a job. Full-time job for the first time in my 21 years old life. After short conversation about how amazing this company is, after countless lies and stood questions they decided to hire me. I had to get come on Monday a week later with everything prepared.
So of course I did that and got to my workplace on designated time. Turned out nobody was expecting me, nothing was prepared for a new programmer and everyone seemed angry at me for no apparent reason.
After long talk with my new boss I got some less than 100$ pc with CPU that couldn't handle virtualization and expected me to work on software that needed extensive use of virtual machine.
PC is of course filled with all kinds of spying software that uses most of the resources. IT teams only job is to check if programmers are working their assess off for at least 8 hours a day.
I've filled a ticket about granting me access to Debian machine on the mainframe so I could work. No response for two weeks. I've lost hope already.
I have to work on open space with more than 30 engineers. Screams, phone calls, alarms, all at once, all the time. My colleagues seem to not care and I can't understand how.
I was tasked with rewriting major application because old developer did some half assed piece of burning shit. It took him more than one year, I'm finishing it in less than two weeks.
Of course nobody except for me is preparing any kinds of documentation. I had to reverse-engineer whole API for alarm system.
Salary is less than a junior programmer should earn.
But I'm stuck here for at least a year because nobody's here wants a guy whose only experience is as a freelancer. -
#Suphle Rant 9: a tsunami on authenticators
I was approaching the finish line, slowly but surely. I had a rare ecstatic day after finding a long forgotten netlify app where I'd linked docs deployment to the repository. I didn't realise it was weighing down on me, the thought of how to do that. I just corrected some deprecated settings and saw the 93% finished work online. Everything suddenly made me happier that day
With half an appendix chapter to go, I decided to review an important class I stole from my old company for clues when I need to illustrate something involved using a semblance of a real world example (in the appendix, not abstract foo-bar passable for the docs)
It turns out, I hadn't implemented a functionality for restricting access to resources to only verified accounts. It just hasn't been required in the scheme of things. No matter, should be a piece of cake. I create a new middleware and it's done before I get to 50 lines. Then I try to update the documentation but to my surprise, user verification status turns out to be a subset of authentication locking. Instead of duplicating bindings for both authentication and verification, dev might as well use one middleware that checks for both and throws exceptions where appropriate.
BUT!
These aspects of the framework aren't middleware, at all. Call it poor design but I didn't envisage a situation where the indicators (authentication, path based authorisation and a 3rd one I don't recall), would perform behaviour deviating from the default. They were directly connected to their handlers and executed after within the final middleware. So there's no way to replace that default authentication scheme with one that additionally checks for verification status.
Whew
You aren't going to believe this. It may seem like I'm not serious and will never finish. I shut my system down for that day, even unsure how those indicators now have to refactored to work as middleware, their binding and detachment, considering route collections are composed down a trie
I'm mysteriously stronger the following day, draw up designs, draft a bunch of notes, roll my sleeves, and the tsunami began. Was surprisingly able to get most of previous middleware tests passing again before bed, with the exception of reshuffled classes. So I guess we can be optimistic that those other indicators won't cause more suffering or take us additional days off course2 -
Today, me and my boss finally made an SDK work properly on power android and iOS project. This was one though week and a half.
Now the rant part. This took us 1 week and a half because the documentation wasn't entirely correct. The worst, and for me the most irritating part, is the fact that my boss had to be on the telephone with his contact of the other company (the one behind the SDK) only in the end to hear his contact talking to.one of their developers about the flow of the communication.
Long story short, after getting the result from the SDK, we should use that information in another service that's not specified the documentation!!!!
The most annoying is when my bosses contact said to the dev that the service wasn't in the docs, his response was
"One thing is the documentation, the other is real life"
Fuck you, you dev piece of shit, you've wasted over a week of my life trying to make something work following your shitty docs!!!! -
#Suphle Rant 6: Deptrac, phparkitect
This entry isn't necessarily a rant but a tale of victory. I'm no more as sad as I used to be. I don't work as hard as I used to, so lesser challenges to frustrate my life. On top of that, I'm not bitter about the pace of progress. I'm at a state of contentment regarding Suphle's release
An opportunity to gain publicity presented itself last month when cfp for a php event was announced last month. I submitted and reviewed a post introducing suphle to the community. In the post, I assured readers that I won't be changing anything soon ie the apis are cast in stone. Then php 7.4 officially "went out of circulation". It hit me that even though the code supports php 8 on paper, it's kind of a red herring that decorators don't use php 8 attributes. So I doubled down, suspending documentation.
The container won't support union and intersection types cuz I dislike the ambiguity. Enums can't be hydrated. So I refactored implementation and usages of decorators from interfaces to native attributes. Tried automating typing for all class properties but psalm is using docblocks instead of native typing. So I disabled it and am doing it by hand whenever something takes me to an unfixed class (difficulty: 1). But the good news is, we are php 8 compliant as anybody can ask for!
I decided to ride that wave and implement other things that have been bothering me:
1) 2 commands for automating project setup for collaborators and user facing developers (CHECK)
2) transferring some operations from runtime to compile/build TIME (CHECK)
3) re-attempt implementing container scopes
I tried automating Deptrac usage ie adding the newly created module to the list of regulated architectural layers but their config is in yaml, so I moved to phparkitect which uses php to set the rules. I still can't find a library for programmatically updating php filed/classes but this is more dynamic for me than yaml. I set out to implement their library, turns out the entire logic is dumped into the command class, so I can neither control it without the cli or automate tests to it. I take the command apart, connect it to suphle and run. Guess what, it detects class parents as violations to the rule. Wtflyingfuck?!
As if that's not bad enough, roadrunner (that old biatch!) server setup doesn't fail if an initialization script fails. If initialization script is moved to the application code itself, server setup crumbles and takes the your initialization stuff down with it. I ping the maintainer, rustacian (god bless his soul), who informs me point blank that what I'm trying to do is not possible. Fuck it. I have to write a wrapper command for sequentially starting the server (or not starting if initialization operations don't all succeed).
Legitimate case to reinvent the wheel. I restored my deleted decorators that did dependency sanitation for me at runtime. The remaining piece of the puzzle was a recursive film iterator to feed the decorators. I checked my file system reader for clues on how to implement one and boom! The one I'd written for two other features was compatible. All I had to do was refactor decorators into dependency rules, give them fancy interfaces for customising and filtering what classes each rule should actually evaluate. In a night's work (if you're discrediting how long writing the original sanitization decorators and directory iterator), I coupled the Deptrac/phparkitect library of my dreams. This is one of the those few times I feel like a supreme deity
Hope I can eat better and get some sleep. This meme is me after getting bounced by those three library rejections