Edit: so im done with my preliminary research into this codebase.
Our corporate SSO provider is changing, so I’ve been updating our tools to take advantage of the new badges. I found this in a web application that I started on today. The original developer is long gone, and according to our PaaS, this app has been running for just under 3 years without an update.
There is no CI/CD, blue-green deployment, or back ups. The database is an H2 db with ddl-auto set to create-drop on startup, meaning that this database will delete itself if the app is restaged but thanks to this guys code, it won’t populate itself. 🤷
Dropping the database is not recoverable
This is the real problem
I sure hope they can recover from last night’s backup. Right?
Recovering a database from a backup is often possible but often a pain in the ass, and depending on the application you may not consider it acceptable to lose a day of data
Then you need more frequent backups and possibly even live failovers imo
Yeah, of course you want restoring from backups to be as easy as possible. It’s just sometimes not feasible, usually because someone can’t afford the time or equipment to set it up.
that’s assuming they tested the backup system
Ohh, valid point. So many organisations not testing their restore procedures.
At one of the businesses I worked at, the backup was very slow, and at some point the daily backup started taking more than 24 hours. You can probably guess what happened after that.
Hold on I have to go check something
👃👈
According to the documentation for the app, they got it classified as a shop aid tool, thereby circumventing production requirements.
The whole app is written like some college kids hello world mvc app
[mis-]classified as a shop aid tool
a college kids hello world app
This hits way too close to home.
This job pays sooo well though, so I just do what I can and try to speak up when appropriate. They never take my advice, but I have a long list of cya emails for when it all goes tits up 🤙
Found this in production while migrating SSO providers. Made me chuckle 🙃
DO NOT RUN IN PROD
Found this in production
Classic
When I sat down today I thought I was just going to be updating some properties file with oauth end points.
This is so blatantly stupid that I now have to pick through the code base and write up a change request and incident avoidance report 😕
Actually, this code is also used in their side business manufacturing cattle prods, that line must be excluded from the prods or else they may become sentient and form a cattle prod based skynet.
Only thing better is finding commented out code below that which would actually prevent it from running in Prod. Bonus if there’s a code comment next to it saying “disabled per email” with no further explanation.
You wonder why spaceships have self-destruct option?
Your comment is a blessing.
I’m stealing this. This is a fantastic way to say a comment was good.
Haha, feel free to! It’s actually a bit of a joke, since the person’s username is shukufuku, 祝福, meaning blessing or celebration.
Good Lord, this makes my hands sweaty. Why is your entire prod database leaning on one line of code that’s prone to human error? There should be 20 extra accidental steps taken to do something like this.
Look, if you hold the lever tight you can safely put the pin back in the grenade!
^C^C^C^C^C^C
what do you mean? there’s 20 lines of comments warning about it!
Turns out we were always one copy paste error from a major incident.
Don’t worry, I’m fixing it 🤷
Heh. That looks like it has decent odds of being a “company ending event” incident, to be specific.
But at least there’s lots of comments. And maybe someone already put a safety net in somewhere else and just forgot to update the 20 comments. It could happen.
Under different circumstances, sure. As it is, worst they could expect is a fine from our regulators for data retention hits. We could recreate the info easily enough if our suppliers played nicely.
I usually tend to leave “written by ChatGPT” so colleagues can feed it back and ask to explain lol.
This also implies that their only persistent environment is production. No dev. No QA.
👃👈 ding ding ding!
Dev pushed drop and recreate the dB each time.
And there is no QA, don’t be silly.
That would be silly. Why pay for QA staff when we can spend customer good-will instead?
Edit: Sorry, I’ve worked with this kind of stupid so long, I can hear the logic in my bones. The only target that matters is this upcoming quarterly report. The quarterly report after that happens to future me, and he’s never done anything for me.
The Tesla model.
deleted by creator
Its Happy Fun Function!
What’s with lemmy and beans? /s
How are you finding Spring?
I don’t hate it. The docs are good and it’s very opinionated, which I appreciate. Makes it easier to divy up the work into chunks management can digest.
I wouldn’t use it for a personal project though.
As someone who inherited a massive Spring project, I agree.
Underrated comment here lol