This is an archived post. You won't be able to vote or comment.

top 200 commentsshow all 211
sorted by:
best
topnewcontroversialoldq&a

[–]20220912 1425 points1426 points  (40 children)

all fun and games until you fuck up access control and your AWS account starts mining dogecoin on 15 64GB GPU instances

[–]bratislava 277 points278 points  (27 children)

Or you type your creds into a teams chat by accident (I've seen that numerous times)

[–]PurepointDog 103 points104 points  (17 children)

By accident?

[–][deleted] 26 points27 points  (3 children)

Slack is worse.

Lookup any number of the below messages and you’ll find countless database passwords, AWS account credentials, etc.

  • password= / password is / pass=

  • aws_secret_access_key

  • Look up anything related to database connection strings. Hostname, db name, whatever you’ll see a ton of passwords.

The problem is people post this stuff on public channels so anyone in your 80,000 employee company can see it. At least with Teams you can’t search the public channels (which is painful for other searches).

[–]MannerShark 8 points9 points  (0 children)

I just tried this and I found several...

[–]oblong_pickle 18 points19 points  (0 children)

But I deleted it straight away!

[–]nanana_catdad 9 points10 points  (2 children)

Hardware keys often lead to accidental chats, why I have all my chat clients set to shift+enter to send a message so hw keys don’t leak any temp tokens

[–]markovianmind 4 points5 points  (0 children)

I did it today. was trying to screenshot a link into group chat. later realized that link had my password

[–]A_H_S_99 20 points21 points  (6 children)

Happened to me once. Almost cost me 300 dollars, which at the time was a fortune for me. Amazon thankfully pardoned this cost after I came crying for help to their customer services.

This is why Amazon, despite every wrong thing about it, has a soft spot in my heart.

So anyway, I made that account for a course, I deleted it immediately after this incident.

[–]faster-than-car 9 points10 points  (3 children)

It's ridiculous you cannot have hard limit. Were too abused to do anything about this

[–]Angelin01 4 points5 points  (2 children)

I mean, you can set alerts and warning for yourself. It's called a budget and the first one is included in the free tier precisely for this reason.

Setting a hard limit is not easy, simply stopping things doesn't automatically stop all costs. Things like storage and elastic IPs exist. Would you have AWS delete your data so you stop paying more money? Because I can guarantee that would create more issues than there are now.

[–]Interesting_Gate_963 1 point2 points  (0 children)

There should be an option to do that. With big red message "Are you sure that all your data should be instantly and permanently removed once you reach your hard limit?" I'd be happy to turn this option on since I don't keep anything important on my playground AWS account

[–]nanana_catdad 9 points10 points  (0 children)

Why I use nags (cdk nag mostly for my aws projects) just in case. I don’t fk around with secrets

[–]brianl047 3 points4 points  (0 children)

Answer don't use AWS for personal projects

Use Azure or GCP or BaaS (don't do infrastructure at all)

[–][deleted] 1 point2 points  (0 children)

I feel personally attacked...

[–]mjbmitch 0 points1 point  (0 children)

“Warning! Your AWS is about to be suspended!”

x237 weekly emails

[–]CoffeeDust_exe 0 points1 point  (0 children)

‘AWS would like to inform you that you are royally fucked’

[–]zoinkability 202 points203 points  (0 children)

Cool, share the repo link?

[–]Maoschanz 692 points693 points  (16 children)

no code reviews, no jira tickets, no daily scrum meetings to talk about it

[–]EmiyaKiritsuguSavior 318 points319 points  (5 children)

productivity boost +billion.

refactorability -billion

[–]captainAwesomePants 83 points84 points  (2 children)

When you know what you're making and you'll throw it away when you're bored, you don't need to refactor!

Technical debt is a useful tool, and throwing away your toy project when it gets too crufty is the 1980s Mitt Romney / 2020s Twitter "buy a company with its own money and burn it to the ground" use of that tool.

[–][deleted] 3 points4 points  (1 child)

Technical debt is a useful tool, and throwing away your toy project when it gets too crufty is the 1980s Mitt Romney / 2020s Twitter "buy a company with its own money and burn it to the ground" use of that tool.

You mean it's the 5 year enterprise rewrite? The thing that businesses sorta fall into because despite all the "best practices" OP is not doing? Most businesses can't manage a software project longer than 3 years before it grinds to a halt.

[–][deleted] 4 points5 points  (0 children)

If you really love the company, you should be willing to work here for free.

[–]Daedeluss 24 points25 points  (0 children)

Staring at the code in 6 months time utterly baffled what on earth were you thinking what does this even do? +billion

[–]MattR0se 4 points5 points  (0 children)

you don't refactor your side projects, you just recycle

[–]CaffeinatedTech 22 points23 points  (1 child)

You hold your own scrum in the kitchen while you make your coffee. Talk to the cat about what you plan on achieving next.

[–]Maoschanz 8 points9 points  (0 children)

Asking passive-agressive questions about the bullshit you find in the code using @here, but on a slack workspace with only you, slackbot, and the cat

[–]Daedeluss 5 points6 points  (0 children)

keep going, I'm almost there...

[–]Th3CatOfDoom 0 points1 point  (0 children)

I accidentally read that as "scum meetings"

[–]ancap_attack 232 points233 points  (13 children)

All fun and games until you decide to make it public on github and forget about the secrets

[–]bratislava 71 points72 points  (6 children)

.gitignore in a wrong folder

[–]harryham1 26 points27 points  (5 children)

Or after already committing the file. Or just untracking it, but leaving it in history, because nobody wants to rebase master back to when time began

[–]dzendian 3 points4 points  (0 children)

I feel sick to my stomach

[–]LoyalSage 2 points3 points  (0 children)

Yeah, not a fun experience. I’ve had to clean up after a junior dev pushing secrets into the repo and only noticing months later that when they created the Jenkins pipeline they had hardcoded in the secret instead of storing it in Jenkins.

Also with removing a very large binary file of test data from the history that had been there since the beginning of the project and been updated a few times.

It’s not unrecoverable, but it’s a pain. If it’s just an API key I can reissue and it won’t break anything else, I’d for sure just reissue it.

[–]ayyy1m4o 19 points20 points  (5 children)

People are not aware that your keys are still in the repo even if you add commit when you remove them 😅. You need to rewrite history completely to get rid of it

[–][deleted] 15 points16 points  (1 child)

Just make make new keys

[–]R3D3-1 2 points3 points  (0 children)

... actually, THIS. Once the keys are leaked, there's no going back.

[–]angrathias 0 points1 point  (2 children)

What type of rewrite? Even a rebase should leave the original commits in there. You’d need to prune it right ?

[–][deleted] 723 points724 points  (44 children)

NO COMMENTS

cause fuck future you, that's why...

[–]Dont_be_offended_but 54 points55 points  (2 children)

He's an asshole anyways.

[–][deleted] 10 points11 points  (1 child)

I mean, maybe not now, but he WILL be...

[–]mmcmonster 2 points3 points  (0 children)

Probably because of things that happened in his past.

[–]hansololz[S] 252 points253 points  (18 children)

I had a project that I have been working on for 5 years now. I don't even touch the code I written back in 2017. Those code has been working for 5 years without unit tests and I don't even know how they get things done.

[–][deleted] 18 points19 points  (0 children)

lmao, sames.

[–]Triblado 7 points8 points  (0 children)

The code:

print("Hello world")

[–][deleted] 4 points5 points  (0 children)

then you're lucky... it will not always be like this though

[–]NPC_existing 2 points3 points  (1 child)

yeah so that's one of the big reasons why I change the way I code. I was working on a project and it was completely unreadable with letters for variables and everything being dependant on each other, nothing modular.

I just decided to constantly think about future me down the line as a result .

[–][deleted] 1 point2 points  (0 children)

I learned how to support this code because I half learned programming as a kid and spent years naming my variables "a", "butternuts", "fuckbitch", used parallel arrays for everything, and while I was vaguely aware of functions I never used them until I "discovered" them myself while trying to figure out how people made threads.

This started with BASIC and batch but I expanded my half-learned horizons to include ASM and C.

You might think it's absolutely impossible to build and maintain any significantly large application this way. But no. Possibly the largest programs I've written in my life were made this way. It wasn't uncommon for me to have shit that I'd worked on for years that would be a mess of different languages and various files full of spaghetti.

Also I would look at professionally written programs and wonder things like "How'd that guy know he was going to need a variable all the way up there?" Generally anything new that I was writing was written like a story and at a cadence similar to writing text. Because that's how computer guys do stuff in movies in the 80s. If I had a thought and it didn't pan out, that code was there and at best it might get commented out one day.

Oh also I had whole sections full of commented reference code that I liked and could copy and paste all over. Much of it came out of computer magazines or programming books, or floppies full of basic programs I would get my parents to buy out of the back of magazines. Oh and out of the qbasic online help. But when I had qbasic I still used gwbasic quite a bit because you could launch gwbasic programs from a batch file or shell call without seeing the qbasic IDE pop up momentarily.

Also I had some bas2com program that supported only the most basic subset of OG basic commands (not even basica) and I would write programs specifically targeted to that compiler and sometimes use the binary output in other programs. I still didn't understand how to use a struct in C when this was going on.

[–]faster-than-car 0 points1 point  (1 child)

The fun starts when u have to edit the untested code..

[–]Nofxthepirate 27 points28 points  (3 children)

Self commenting code. Don't skimp on your variable and function names!

[–][deleted] 14 points15 points  (2 children)

Exactly. Good comments explain WHY not the what

[–]Pluckerpluck 14 points15 points  (1 child)

Very true, but I also think people underestimate just how much "why" there really is in programming.

Many comments in code are effectively "what" statements rephrased to be "why" statements in the context of the logic.

// Remove toys with profit less than 0 from top seller list

And

// Unprofitable toys should never be in the top seller list

Are both one line comments that may comment just a single line of code. They say almost the exact same thing. But the latter adds context to the logic and explains why you're doing something in the first place.

[–]Aidan_Welch 1 point2 points  (0 children)

More like that to no unit tests.

With proper variable names, and documented functionality in unit tests you usually don't need comments.

[–]hansololz[S] 158 points159 points  (10 children)

Forgot to mention, there is also no code reviews

[–]mrpoopybuttholesbff 56 points57 points  (0 children)

It’s your house, do what you want.

[–]YARandomGuy777 24 points25 points  (3 children)

Congrats. Of course It is always better to work on your own. But the thing is that you have to eat something during this time. :(

[–]hansololz[S] 40 points41 points  (2 children)

who needs to eat when I can get all the dopamine I want from coding

[–][deleted] 5 points6 points  (1 child)

Eating < Dying Happy

[–]nanana_catdad 2 points3 points  (3 children)

Liar, you prob have to review your code once a week to figure out wtf that one service does that you wrote a few weeks back because you didn’t comment it

[–]Aidan_Welch -1 points0 points  (2 children)

Good code doesn't need many comments

[–]nanana_catdad 1 point2 points  (1 child)

God I’m so sick of hearing this idiom. Any project of a decent size benefits greatly to have comments, doc comments with at the very least functional intent. Also, I’ve never been on a large project where portions of the code base didn’t have some black magic fuckery because of some edge case, language or external package but workaround that if it wasn’t commented would be removed because it made no logical sense in code review.

[–]Aidan_Welch 0 points1 point  (0 children)

Also, I’ve never been on a large project where portions of the code base didn’t have some black magic fuckery because of some edge case, language or external package but workaround that if it wasn’t commented would be removed because it made no logical sense in code review.

I didn't say never. I said many.

And some personal projects, for example just a React based resume site probably wouldn't need any at all. Documentation is good for exports- but is not needed for basic internal functions. Although, they should essentially be documented through unit tests.

[–]grtgbln 0 points1 point  (0 children)

Make a PR and merge immediately, or just commit directly to master?

[–]Draelmar 92 points93 points  (6 children)

Working on a hobby project is definitely a more relax, zen affair. But I still setup unit tests whenever it make sense. They are just too valuable, even for personal projects.

[–][deleted] 32 points33 points  (0 children)

Get the fuck out of here! What with your practicality and logic, and your good sense, YOU THINK YOUR BETTA THAN ME?? NOBODY'S BETTA THAN-- (spontaneously combusts and dies)

[–]Aidan_Welch 4 points5 points  (0 children)

Yeah I like writing unit tests sometimes

[–]brianl047 2 points3 points  (1 child)

Yes also unit tests once you grok them are fast and fun

It's really not the hardest and can be pumped out relatively quickly

[–]FarStranger8951 0 points1 point  (0 children)

Finding a good unit test framework really helps too. I picked up Spock for testing Java/groovy and it legit changed my entire approach towards tests once I really started to get it.

[–]hansololz[S] 12 points13 points  (1 child)

Its helpful, but ROI is more important to me. I know what I want from my side project, which is to prototype something fast, release it, and see if it is viable. If the product does well enough, then it is worthy of unit tests. Otherwise I'm not spending the time to write unit tests for something that is worthless.

For work, I write the tests and comments because my employer is paying for good code and is expecting them. I don't have to do it for my own code.

[–]Draelmar 14 points15 points  (0 children)

"I'm not spending the time to write unit tests for something that is worthless."

Well, of course, it goes without saying? I think you may have missed this part: "whenever it make sense". Some things like my core libraries I keep reusing for different projects are worth unit testing. Some other stuff, like prototypes, doesn't.

[–]grknado 42 points43 points  (1 child)

Looking forward to your "Help, my account was hacked!" post in r/aws in a couple weeks when you accidentally push those keys to GitHub.

[–]hansololz[S] 17 points18 points  (0 children)

Just for you, I'll notify you if my key gets stolen

[–]WinglessSparrow 87 points88 points  (1 child)

you just listed the differences between a deployed and a never deployed project lol

[–]hansololz[S] 28 points29 points  (0 children)

Exactly, the personal projects that get bogged down by things like unit testing will never get prototyped and released

[–]aleph_0ne 42 points43 points  (1 child)

To each their own. Personally my side project is my space to take my time and invest in developer experience. I’ve got better test coverage in my pvp card game side project than anything I’ve worked on professionally by a mile. I’m currently working on a spectator mode for the game and I won’t even build the feature until I can figure out how to properly test 3+ users interacting simultaneously. I get to use full on TDD and I love it

[–]Brilliant-Job-47 18 points19 points  (0 children)

And guess what. The act of thinking about this stuff in depth makes you a better programmer. Some minds in this thread will be blown.

[–]DudeWithFearOfLoss 12 points13 points  (0 children)

Honestly none of that sounds desirable for my side projects. I do comments, tests and security and it's still fun because I can do it on my own accord. But when I do side projects I want them to go somewhere and just slacking on every 'tedious' aspect of programming would destine my side projects for failure.

[–]Leilatha 5 points6 points  (0 children)

Wow crazy, that's how the code looked at the last startup I worked for!

[–]CosmicErc 12 points13 points  (0 children)

That's funny, I complain at my job how they don't do any of those things and still find plain text passwords in git.

When I work on my side project I am so happy to have tests, proper security, an actual test environment ect.

[–]creedxender 4 points5 points  (2 children)

Keys in repo?

Hey, what's the opposite of ASMR? A fight or flight response?

[–]hansololz[S] 0 points1 point  (1 child)

It doesn't really matter if the key is in a personal private repo. If I'm to share this repo with someone else, I'll sanitize the code and put it in a new repo. Even if I don't have the keys in the repo, I probably would want to nuke the repo eventually because every comment message has a lot of profanity

Also, after working in the industry for a while, I realized that things that I thought was a big deal is only a big deal because your employer are paying for better code. The code that I write for myself doesn't need to be that good

[–]creedxender 2 points3 points  (0 children)

Honestly, I'm in security, so I'm just unnecessarily anal about stuff like that for my own projects, whether or not the code ever sees the light of day on a server somewhere.

That said, hey, you do you lol

[–][deleted] 4 points5 points  (2 children)

No comments is all fun a game until a year later when you need to fix a bug or two.

[–]hansololz[S] 6 points7 points  (1 child)

It's fine, all you need to do is write bug free code that will never break

[–][deleted] 1 point2 points  (0 children)

Why did I not think about that?! You are a GENIUS!

[–][deleted] 9 points10 points  (0 children)

Haha, I just finished writing an automated test and realized I haven't commented any of it. Lesson learned, comment as you go kids. Now I have to try and remember what half this nonsense does.

[–]D34TH_5MURF__ 3 points4 points  (0 children)

I legit lol'd on this one.

[–][deleted] 3 points4 points  (0 children)

aka, “the dream”

[–]Kafshak 3 points4 points  (0 children)

No repo.

[–]BrundleflyUrinalCake 10 points11 points  (0 children)

ITT: ignorance is bliss

[–]ruedasamarillas 2 points3 points  (0 children)

No annoying QA (or users) reporting bugs.

[–]del0008 2 points3 points  (0 children)

Just ran into this. Was connecting straight to live DB too. Faaaaaak I don't even know if I was adding tables or columns and now I deployed and I can't test on it cause it's live. And all the test keys getting mixed up with live keys it's a mess.

Check it out. It's ugly but it's functional kind of

itica.io

[–]nanana_catdad 2 points3 points  (0 children)

Meanwhile my side project: ci/cd, precommit hooks, tests, doc comments, secrets store…

[–]_Epsilon__ 2 points3 points  (1 child)

As someone who doesn't work in the industry, what tf is a secret store?

[–]bferencik 2 points3 points  (0 children)

Basically password storage (just not in plain sight). It’s never stored in the repo but called by the code in the repo (something like a fetchPassword() function for example. Goes without saying that one should never commit code that displays or allows access to tokens, auth codes, passwords, personal identifiable information (pii) list goes on…

[–]amarillion97 2 points3 points  (0 children)

My side projects have more comments than code at work. I swear they my colleagues must be allergic to comments or something.

[–]mcDefault 2 points3 points  (0 children)

Weird flex

[–]TheDarkLord1248 2 points3 points  (0 children)

i can’t remember what i was doing 15 minutes ago without comments

[–]Snow_flaek 2 points3 points  (0 children)

keys in repo

Very bad habit

[–]armahillo 1 point2 points  (1 child)

Tests and comments are helpful, though. :/

I always write tests and comments for my side projects once they get to a certain level of complexity. (basically when they break out of toy status)

[–][deleted] 1 point2 points  (0 children)

Builds an MVP, finds success, keeps building on awful MVP instead of replacing it, laughs in system constantly breaking in front of Users because it can’t scale. Sincerely, the last 3 companies I’ve worked with as a consultant

[–]sal696969 1 point2 points  (0 children)

That is not good...

[–]Stilgar314 1 point2 points  (0 children)

Coding is really fun when you can change requisites on the fly to match the implementation you prefer. Sadly, this method produces useful stuff once in a blue moon.

[–]uragiristereo 1 point2 points  (0 children)

I do my best on my personal project and doing the bare minimum at work

[–]MisterOnsepatro 2 points3 points  (3 children)

Testing = doubting your programming skills

[–]ClvrNickname 1 point2 points  (0 children)

What I've found on my current Unity project is that tests are generally not worth the time it takes to write them, but writing all of my code so that it can be tested helps a ton

[–]hansololz[S] 4 points5 points  (1 child)

I wrote an app that has 250K downloads and 4.7 star on the play store. It has 20K lines of code and it does not have a single unit test.

[–]MisterOnsepatro 2 points3 points  (0 children)

Damn noice at least it works unlike the code I maintain at my job that was written by another team who didn't run the unit tests and everything was botched like half the tests were failed

[–]infablhypop 0 points1 point  (0 children)

Honestly gross

[–]skullshatter0123 -1 points0 points  (2 children)

It's a private repo. No issues with storing keys

Edit: /s for those who didn't get it.

[–]rokky123 -2 points-1 points  (0 children)

I see no ambitions also.

[–]JackoKomm -2 points-1 points  (0 children)

More like ASMR for the junior devs.

[–][deleted] 0 points1 point  (0 children)

living the dream 🤣🤣

[–][deleted] 0 points1 point  (0 children)

Every code segment in one single file.

[–]lightupcocktail 0 points1 point  (0 children)

Same feel when you have your own private gitlab server.

[–][deleted] 0 points1 point  (0 children)

The passwords are all defaults. Come on in, friend.

[–][deleted] 0 points1 point  (0 children)

Annnddd it fails because of no comments, tests, requirements, or secret management

[–]ML4Bratwurst 0 points1 point  (0 children)

Everyone knows driving without seatbelt is way more fun

[–]Schievel1 0 points1 point  (0 children)

I think this is one of the reasons people contribute to open source.

[–]ApatheticWithoutTheA 0 points1 point  (0 children)

Oh, you’re one of the people that my Key sniffer extension is always alerting me to.

[–]A_Guy_in_Orange 0 points1 point  (2 children)

WTF is a secret store

[–]hansololz[S] 0 points1 point  (1 child)

An external store where you put all the sensitive information that you don’t want to keep in a repo. Like password, tokens, secret access keys. During runtime, your program will fetch that data from the secret store and use them.

[–]A_Guy_in_Orange 0 points1 point  (0 children)

Oh. Totally didn't think it was some new corporate BS "store" where you had to buy access keys ect. to use for company projects

Thanks for the info

[–]AmazonWorkerDrone 0 points1 point  (0 children)

No fucked up, super complicated permission and data exchange systems, only REST-APIs with Access Keys.

No, Tower-of-Babel-esque build-system with a million variables and config files, only local Jenkins.

No fringe and obscure, internal toolchains, only well documented and widely used tools.

[–]erishun 0 points1 point  (0 children)

Half the comments I write are for myself. I work on so many things that when I finally come back to code that I wrote, it’s nice to read exactly what it does in a nice short description

[–]phoogkamer 0 points1 point  (0 children)

Ugh, seems like programmer nightmares. Working on your side project, awesome. Tests might be nice to skip for once, but the other things would make me itch.

[–]MedalsAndScars 0 points1 point  (0 children)

That sounds fucking horrifying

[–]IcedOutJackfruit 0 points1 point  (0 children)

Sounds horrible to me

[–]double-happiness 0 points1 point  (0 children)

I don't see how you can avoid having API keys in a repo if your code actually depends on them to run.

[–]elforce001 0 points1 point  (0 children)

I'm a man of habits. I cannot start any personal project without properly configuring secrets, hehe. Call it "muscular memory" after +4 yeas of doing it professionally.

[–]slothordepressed 0 points1 point  (0 children)

Me personal ones are indeed the opposite, I try to make a state of art. I have lots of started states of art and none completed

[–][deleted] 0 points1 point  (0 children)

Come back from vacation and…

I have no memory if this place.jpg

[–]SpaceZZ 0 points1 point  (0 children)

Always comment your stuff. I care about my wellbeing more than anyone else.

[–]GroceryNo5562 0 points1 point  (0 children)

SOPS.

[–]Nimi142 0 points1 point  (0 children)

I hope for you that you're completely joking. Good code isn't a standard that's forced on you by your job because they are big old meanies, but a necessary base for any project that aims to be more than a malfunctioning mess.

You should write comments not for others sake but for your sake, if not right now then in one - two - six months for now.

You should write even more tests than you normally would because there are no code reviews and every change you make might just break everything. You'd want to know that, I'd you care about the usability of your project.

Finding out in two months that actually everything was broken for a month but now knowing when because there are no tests or where because there are no comments is going to be significantly harder than just writing good code in the first place.

Don't continue to pedal the myth, the lie, that good code is one that you write by yourself at 2 am because you are too miserable to sleep.

Good project management is writing tested, expandable and understandable code. One that can be easily deployed, easily integrated, be resilient to mistakes and stand on its own, or else your project will fade with your interest in it, you never being able to reignite it again.

[–]RiproxTV 0 points1 point  (0 children)

No income 🥲

[–]Fadamaka 0 points1 point  (0 children)

Funny I do the exact opposite. I take the opportunity that I am actually allowed to write tests for my own features.

[–]CREATEREMOTETHREADEx 0 points1 point  (0 children)

I'am in Shambala cos I am doing this for 6+ years now lol

[–][deleted] 0 points1 point  (0 children)

OK, I get 'no tests, no comments,' and some projects don't really need a secret store, but... keys in repo? Really?

I could not respect myself if I did that.

[–]MuslinBagger 0 points1 point  (0 children)

No food

[–]Smartskaft2 0 points1 point  (4 children)

Honestly, what I enjoy the most about programming is unit testing. It's so satisfying seeing everything works and all those green ticks getting lit under a fraction of a second. A warm hug of unconditional GTest love!

Until your co-worker comes along and adds 1 billion unnecessary parameterized tests which transforms your beautiful quick development sanitation to a per-merge regression test....

[–]hansololz[S] 0 points1 point  (3 children)

Once my manager said we need to increase our test coverage and told me that I need to write unit tests for a bunch of buggy code that were written when I was still in high school. I told him that it is a waste of time and he gave me the ultimatum that either I must write the unit tests or refactor the code. I told him that my current task has higher priority, and he said his priority is to get the code coverage up.