Tag: Software Development

Slowness Complaints

There was a time where our software was becoming infamous for being slow. Some managers wanted to actively attempt to address user’s concerns. Some changes were made; some with improvements to all users, and some that were situational – such as only affecting calls when the returned data was large.

Soon, managers were boasting about a graph they put together which showed the number of complaints made from users containing the word “slow”; it generally showed a negative trend.

I wasn’t sure I understood the graph too well. How many users call Support multiple times for the same complaint? because if you have complained about it, then you might not call back. So that means; after a week, all the complaints might have already come in so you expect a drop off. 

So if no fixes were produced, I would expect a downward trend because everyone that was willing to complain about it will have done so.

There were some spikes in the graph, but managers did not explain the increases.

There have been times where figures have been manipulated like the times where we would log new bug tickets rather than re-open the closed one we knew had been incorrectly closed. There was even a time where bugs were closed then re-logged just to restart the SLA (Service Level Agreement) timer.

It would be funny if Support were told they would be monitored on the word “slow“, so they logged all new complaints under “not fast“.

“In other news, cases mentioning “snail’s pace” or “never loads” have risen by 300%”.

Fake quote

Self-inflicted problems

Instead of reinventing the wheel, Software Developers like reusing code. When using Javascript, a common place to use such code is NPM; Node Package Manager.

The recent NPM incident caused malware to be shared via many NPM packages. As far as I understood, I believe Github security tokens were stolen which allowed impersonation to check in malware and propagate to more packages.

As a precaution, we were told to cease development so you had hundreds of developers sitting idle.

We knew our teams didn’t use these packages directly but I suppose investigation was needed for transitive dependencies, and there was always the risk of packages we did use suddenly being infected, but we could just stop upgrading to new versions.

We thought it would only take a day or two, so I took the day off and would come back over the weekend to normality.

However more investigation was needed, then we had to switch over to a different internal NPM server with only approved packages being available.

I had no idea what the criteria is for approved packages. How do you know if something is secure other than the currently known, published security issues? Typically, bugs and fixes are added all the time. 

I think there was some kind lead time before new versions were accepted. I suppose it prevents this quick publication of malware if you just have a lead time of only taking packages more than a month old.

Since we had a new NPM server, we needed to publish packages to the new one, but we weren’t allowed to use the old ones. So new versions had to be published which then means you need to update all your software, and it’s a massive chain of dependencies involving all teams in the department.

I wasn’t personally involved but it sounded horrendous to coordinate and we were delayed by around 3.5 weeks.

We weren’t even affected by malware. We have loads of sub-companies in the overall group and no real incidents between them. Hundreds of developers were idle, and it was self-inflicted.

KM to miles

We had a form where the user can search for certain types of businesses in the area, and it displayed the distance from your location in miles.

One day, a user was posting all kinds of angry abuse because they said the distance was wildly inaccurate.

We were using a 3rd party API that was supposed to return the distances to the businesses in KM. It seemed that at some point, without us knowing, the API had changed to return the distance in miles, and our current code was expecting KM then we had code to convert it to miles. So now it was coming in as miles but we were manipulating the value to be wrong.

My reaction was that we should just inform the 3rd party to change it back. If their documentation says it is KM then they can’t change it without informing all the providers. If we changed our code, and the 3rd Party then reverted without informing us again, then the values would be wrong again.

A manager decided to go against my advice and told a team they needed to fix it. Soon, a Junior developer contacts me to say he is doing the fix and wants me to explain the situation and be available to review the code.

It’s a simple change, and he adds some unit tests. I pointed out a few more scenarios that he could add since our code was formatting to 2 decimal places. He could add tests for 3 or more decimal places in the data, and include larger values like >10 so you have 2 values before the decimal point.

So as far as I was concerned, if we HAVE TO make a change, then this is the simplest change and he has improved the codebase with the unit tests.

I approved the changes, and 2 other Senior Developers approved too.

When it was ready to go into the Main branch, another Senior flagged some duplicate code. He was correct, but it wasn’t a big deal because it’s one line of code. To “fix” it, you would need to create a new file for one method with one line of code which seemed overkill.

Then another Senior Developer questioned why one class called a method just to delegate to another method; when it could go direct. That scenario happens a lot, especially with design patterns where you want strict degrees of responsibility so the UI shouldn’t have logic. This was a very opinionated change, but since a Senior Developer had said it, then the Junior felt like they should do it.

So after the initial simple change, and 3 developers requesting some very simple changes, he was finally ready to commit the changes. Then a Principal Developer saw the change and said it was definitely the wrong thing to do since we need to get the 3rd party to revert their change. 

That was exactly what I said initially.

Code Review Argument: “Why are you reviewing!?”

There was a code review submitted in a project branch. I had no reason to review it because I wasn’t assigned to the project, but I often like to be nosey and see what is going into the releases.

I noticed a few classic mistakes like server-only code placed in “common that gets installed to both client and server when deployed. There was also a caching problem where the first call will store the data in the cache, then a call from a different user will then go into the cache and grab the other user’s data! It’s the classic mistake of forgetting about how the app servers are shared between many users and many organisations.

For years I have flagged these problems up. Maybe we should have it as part of an induction process to go through common misunderstandings. Anyway, I send them on to some developers (Dean and Mark) that I have discussed issues with or joked about them in the past. Each developer then decided to also leave comments on the review even though they also weren’t assigned to it.

In a private chat, Dean said “why isn’t the lead developer spotting these mistakes and teaching them?“.

I assumed he might have actually then put an official complaint in, because Gary, the Senior Developer assigned to the project; then left an angry comment.

“why are you commenting on a project level change? I thought you were struggling for time and this is a project branch that I haven’t yet reviewed”

The thing is, he hadn’t said that to Dean and I, but to the other developer Mark. It’s like maybe they had some kind of previous arguments and now it’s flared up.

Mark rightly responded:

“You’d added comments. This isn’t the place to debate such things, please contact me by message if you have a problem”

I think it could be the case that Gary hadn’t fully reviewed it, just glanced at it, left some trivial comments, and meant to come back. In my opinion, if someone does the review for you, then doesn’t that save you a job? Many developers seem to hate code reviews since they would rather be writing code, not reading it. So really he should be grateful. But he has taken it like a personal attack like we didn’t trust Gary to point out these major flaws in the code.

It’s also beneficial to spot problems as early as possible. There’s nothing worse than aiming to get the project in a release, then when you want to merge it in, then the experts then look at the code and tell you that it has major flaws and cannot be released. At least we have flagged it early in the project and they have plenty of time to address it.

Secrets in code 

Recently, we received the following message sent to the entire Software Development department from a manager:

Over the last couple of days, we have witnessed multiple instances of sensitive credentials committed into GitHub. This has been noticed by chance whilst supporting teams / reviewing PRs. Instances have included an individual’s GitHub PAT & test user account password. 

The security team are likely to enable a secret scanning tool in GitHub to help identify instances of this in future. However, this isn’t guaranteed to spot all issues and by the time it does; we are already potentially at risk. 

Please ensure that you are vigilant in reviewing your own / other’s code before committing / merging code. If a sensitive credential is identified; please ensure that this is removed and revoked immediately to prevent misuse of the secret. 

I’m really surprised if multiple people have done this, because we keep talking about improving security, and improving processes. Adding private keys/credentials etc to your repository sounds like a common cliché and is like Security Lesson 1. From the very start of the project, we have talked about having security scanners on our code from the very start.

I thought GitHub automatically scanned for credentials but it might just be for public repositories, and ours are private.

Security keys/tokens can often easily be regenerated so it’s easily fixed. However, your mistake of committing them is in the history of the file. I suppose there’s technically ways to modify the history but at a massive inconvenience.

Remember when people used to know what they were doing?

Remember when people used to know what they were doing? those were the days.

“what concerns me the most is that there was a time where everything almost worked like clockwork and now it seems like more ruins every day”

Software Architect

“I am more surprised when something works”

Me

We used to be a company full of smart people, working effectively. Now we work slowly and people just cut corners and do incredibly dumb things. In more recent times, people now don’t think for themselves because they ask AI what code to write. Sometimes it’s absolute rubbish but they never reviewed it themselves; so it really is zero thought. You point it out to them that it’s not going to work, and they respond back with an overly polite message, clearly written by ChatGPT; which just adds insult to injury.

So it’s like developers don’t even develop because AI does it. Then they don’t do any dev-testing. Then the Testers don’t know what they are doing either.

Recently Testers have been installing our software on the application servers.

Even though one of the Lead Testers has been posting angry rants about it; it keeps on happening. The Lead Tester’s points were that it’s not representative of live, and how it takes up the RAM/processing time and lags out the app server for everyone else.

I don’t get why people got the idea to install the client on the app server, and remote on. You can’t think that is official. The servers were always configured to only allow 2 people on at once, so it’s not like the entire department can log on to test if it was the official process.

I just hate what this company has become. I feel like it’s just gonna keep getting worse with managers constantly encouraging people to use AI.

Let’s read the words, the words, the words, of the developer

Introduction

When working with Indian developers, their English skills can vary. You also need to be aware of certain words exclusive to Indian English; some of which I actually like. For example they have the word “prepone” which is the opposite of “postpone”, but in UK English, we don’t seem to have a single word for that.

Some phrases seem more like poor grammar. An example of that is “Can able” or “Can’t able” when we would say “I’m able/unable”.

  • “i think you can able to see the second image is it?”
  • “I can’t able to find any relationship between those two codes” 
  • “still we can’t able to recreate the issue”

“For the same” is an interesting phrase because it just refers to something earlier in the sentence without having much meaning. It’s similar to when they say “do the needful” which just means “do whatever is required” but often doesn’t really add anything to the instruction; if they have requested something from you, then surely you will do it if you can.

There’s a few strange greetings like saying “good noon” which I’d assume is just a shortened version of “good afternoon” rather than being appropriate for a very specific time period. There’s a few people that have a strange greeting of “Ho!”

“Ho!! Is it please can you share those knowledge with me…”

To take time off, they like to “avail”. As a bonus, here’s a strange requests:

Morning Team,
I have picked up fever and heavy cold. Availing AL today.
 Please conduct stand up and end call.
Available over mobile for any urgent issues.
Thanks and Regards,
Jeeva

I’m glad you told me to end the call Jeeva, because I’d have stayed on it all day otherwise.

Indian Pull Requests

When it comes to the Code Review process aka Pull Requests (PRs), it can be hard to ask them why they are making certain changes. Sometimes asking questions can just lead to further confusion. Also, sometimes I’m sure some developers try to blag and hope you move on.

I was discussing this with a Lead Developer and he agreed that asking questions can either result in

  • Blagging
  • Revert the code and hope it works
  • Or you actually get a good answer. But then if it’s not clear why the code was written like that, then maybe it does need a code comment or some documentation so others don’t get confused in future.

Even though I often got frustrated with their comments, in recent times, a lot of them use AI like ChatGPT to rewrite their responses, or sometimes I get the impression they just put your question into the AI and hope it comes out with a good response. So instead of poorly written English, it’s all robotic and a blag of jargon. So you can’t win really.

Row

“Refresh on special while saving special note, row background, Radio button alignment based on include exclude” 

Blagging with Words on PRs

I questioned their pointless try/catch blocks which were catching an exception then rethrowing the exact same type of exception.

“Yes, as I couldnt use the dll in the resourcepicker project, so we can thrown the exception and catched it in resourcepicker class”

And

“The resources can be used due to filecahe, but no changes can be saved, when service is down. The above message is already used in Picker solution.”

Then when their project was being merged into the main branch, another developer questioned the same code. This time they said:

“To restrict that, have drilled up the ux tree and displayed the error message.”

Observation 

“Found an observation while testing 12602 in 9.3.6 branch”

what does that even mean? I assume “observation” means “bug” or “potential problem”.

Bad Refactoring

He refactors some existing codec but also changes the return type of the method, which means the caller’s logic will have to be changed so was causing cascading changes which weren’t really relevant to his main change. Also, the logic didn’t look equivalent so I wouldn’t call it refactoring:, more like introducing a bug. He then claims he hasn’t changed it…

Me: "is this equivalent? It was checking >1 not >=1"
Them: "Actually, I haven't attempted to modify that as the logic written working as per acceptance criteria, and it already tested"
Me: "I don't understand, this method has been changed in this PR"
Them: "Just used expression for methods as commented by Andy. Apart from that i haven't changed any logic around that."

Down Merge

Vignesh
Here after no comments fixed against assurance branch?
Just need information about down merge
 
Andy:
sorry I'm not sure what you mean?
 
Vignesh
Two comments pending for our side... if any one raise PR I will raise PR also. Because of down merge... Incase only I will raise PR again do down merge that's why I am asking

IsMobileEnabled 

IsMobileEnabled needs to return boolean value, so removed exception caused by null and also the GetResources during Trigger prompting needs to include Template also along with Protocols.

Didn’t Launch The Portal

me: “where is this used?”

developer: “This is used at TryLaunchPortal()…. At this point of time we never know the portal type to compare and verify the condition because the user didn’t launch any portal

walkie talkie comms going on here

This reminds me of walkie-talkies, stating “over” so you know it’s the end of the message.

Roshni 
give line break after method over
 
Shoban
Ok Roshni, Updated the changes
 
Shoban
Completed with the Changes
 
Roshni 
give line break after method over not before the method over
 
Shoban
Thanks Roshni, Got your point. Made Changes
 
Roshni 
and again please remove the empty line no 267
 
Shoban
Code changes completed as mentioned

Welsh 

PR: Updated the Walsh text

Description: Updated the resource file with Walesh text

Do you think the text is gonna be accurate if he can’t get the title correct in English? It should say “Welsh text” as in “the Welsh language”.

Customer

Merge from Curomer first branch to main

Accelerator Keys

To define an accelerator key (allows you to use Alt key to select it), you place an & character before the letter. So Export has E defined. Edit can’t use E because Export has taken it, so they have chosen D. Cancel seemed an odd choice of N.

btnBackup.Text = "&Export";
btnContinue.Text = "E&dit";
btnCancel.Text = "Ca&ncel";
btnBackup.DialogResult = DialogResult.None;


Me
can't C be used as an accelerator key?
 
Kalyanaraman
C for Continue
 
Me
what is the continue button? Isn't this it? btnContinue.Text = "E&dit"; that is using D

SQL is up to 10 times better

yes i have tried with mocked 10 lacks data in local
and while this query the data was well optimized.
For data, I ran sp thrice

I bet you can’t tell if this is from some old children’s folk tale or an Indian’s PR

Always Run SQL Code Analysis

Roshni has worked here several years, and when she started, I’m sure she made the same mistake several times. When making a database patch, we have a Patching Tool that not only applies the patch but runs some code analysis to make sure it conforms to coding standards.

Many times when developers have reviewed her code, Roshni has been told her patch would have been flagged by the tool if she had run it as part of her Developer Testing.

When I was a junior, once I was told by the Seniors; I never forgot to run it again. It’s like the embarrassment/shame makes you remember. Also I cared about quality and this was a simple process that ensured quality and standardisation of our SQL code.

Recently, she had merged her fix ready for release and a Tester, Mick pointed out there were patching errors so her SQL patch cannot have been run through the Patching Tool, or even tested.

She claimed it had been tested, and it was a problem between SQL versions. So her claim was that – both her local machine and the test server it was run on (by another tester in her team) was a different version to what was on the main test environment we use before releasing the software.

So Mick looked at the SQL patch and saw the error was about a missing namespace. The patch was inserting XML, and XML has a namespace attribute on the first line. So then he looked at what data is currently in the table, and saw that all the existing entries had a namespace declared, and this was missing from Roshni’s patch.

So Mick embarrassingly pointed this out. So she had lied about testing the patch locally, she must have lied about it being tested in her team, and lied that it was an SQL version issue.

She then submits a brand new patch which conditionally checks if the previous patch had created the entries. If it hasn’t then, this new patch would insert them, then if it had already added them, then her new patch would run an update statement instead.

Mick then points out that this is nonsense because the original patch had failed so would have just rolled back and stopped patching. What she needed to do was just to fix the original patch so it would run. So then she quickly deletes her new patch, and updates the original one.

Although it’s what we wanted, the speed that she did it makes me think she hadn’t run the Patching Tool because it can be very slow to run. So yet again, we have told her it is important to run it through the Patching Tool, and she hasn’t bothered.

Although I think nothing was actually wrong with her new change, another tester had pointed out that her changes were across two repositories and her changes in the other repository were also flagging errors in the Patching Tool. So it’s not like she just forgot to run it once, it’s just that no matter how many times in the past we have told her YOU MUST RUN PATCHING TOOL; she never does.

It’s just infuriating we keep employing people like that that don’t listen or care about the work they are doing.

Innovation shambles

Recently, managers decided that every few months we should have an Innovation Week. The idea is that you can work on ideas that can improve our work processes or even add a new feature to our products. However, the time limit of one week is a bit limited to actually get something complete in my opinion.

To be efficient, we really need to come up with a great list of ideas before the innovation starts, otherwise it cuts into the week. Some people did submit ideas before, and others on the day.

The initial meeting quickly became a bit of a shambles. Paul had created a Miro board under a different account that the attendees didn’t have write permissions for. Even when we clicked the link to request access, and Paul claimed he approved it; it still didn’t work.

He then tried creating a different board, but that didn’t work. To not waste further time, we just posted ideas into the Microsoft Teams chat which then he transferred onto Miro.

Since the ideas were essentially just titles on the board, people were supposed to explain their ideas but I don’t think many explained too well. We probably needed some kind of formal process to:

  1. describe the problem, 
  2. ideas on how to solve,
  3. pros and cons, 
  4. any possible costs like software licences,
  5. prerequisites to be able to investigate or implement the idea.

Another thing was missed is that you have to have accounts to use many of the AI tools, and that was a focus of this month’s innovation. With a lot of software, it often needs a special licence for commercial use and we weren’t advised how to acquire licences. We had Github Copilot and Office Copilot but what about other AI tools?

One guy apologised for misunderstanding that the ideas should be process improvements and he had come up with an idea for our software that our users would use. Paul said he hadn’t misunderstood at all and we could suggest either process improvements or new features… but that’s not what the Miro board said. It was only for process improvements and so all but one idea was for process.

We needed to assign our names to them, so initially Paul tried to create a spreadsheet but couldn’t work out how to share it so we could all edit at the same time. He ended up pasting the ideas into a Microsoft Teams “Whiteboard” which I had never used before but it looked like the Miro boards.

There were loads of ideas, but many were of debatable value. However, like I stated, we never discussed them effectively. Without knowing the pros and cons or prioritised the business value; there were loads of ideas that definitely weren’t strong enough. So with a large list, it was hard to pick something to work on. Some of them would need more than one person, but what guarantee is there that the team will be full? Less likely when the list is so big.

So I asked the question if we should only put our name against 1 item, or vote for several so we can see which teams are full, then the full teams get approved. Paul said to only vote once otherwise it will look like teams are full, but you’d end up dropping out if another one of your votes were successful. I suppose that’s a good point, but only voting once will mean you could be the only person to vote on a team project, so would then have to choose something else anyway, or gamble and go by yourself.

With most people finally assigned (and many just disappearing, presumably to slack off), with many going solo, and some probably having more team members than required; we got told to communicate with our team members.

I was in a team of 3 but I thought the ideal team would just be a pair. I waited for 30 mins or so but the guy that came up with the idea hadn’t contacted me, and you would assume he would take the team leader position.

I then took initiative and added a group chat with my 2 team members, and after another 1.5 hours, I finally got a response from one person who asked how we should begin to plan. I responded with my notes I had created to set the scene. He suggested one extra point to my notes, then didn’t hear from him for the rest of the day. The other team member didn’t respond at all.

The next day, my manager contacted me and said I was assigned to help finish a project that was behind schedule so my “innovating” had come to an end.

Absolute shambles really.

The Chop

I was once contacted by my manager to review a particular code change, but with the instructions to actually select the Reject option if there was anything wrong with it.

Things seemed a little odd, so I was suspicious about the request. Usually you would only use the Reject option if it was completely the wrong approach, not just if one thing could be improved.

The change was an SQL data fix, but seemed for a bug that would rarely occur, so my instinct is that it should be run manually on the afflicted sites rather than sent out as part of the normal patching process. 

The normal process would mean the script would be run on all servers, and be subject to the usual slow “roll out” process; therefore delay its application to the affected site.

Looking at the comment from Support, it sounded like it was possibly just on one site.

There were 3 cases linked to it; 2 from the same site, 1 with a title of a completely different error number. Then the workaround is stated as “Re-add the Default Location to the Template” so they probably fixed it already. So maybe we didn’t even need to do anything.

Looking at the dates that it was logged, it seemed like it was classed as a minor bug so had a long time period to fix as per the Service Level agreement so I was sceptical it was still an issue after 2 years.

So my initial instinct says it should be applied as a manual patch, then reading the details from Support, it sounds like it was just on one site and they had already manually fixed it, presumably via the UI.

So I asked my manager if the site has been contacted to see if it is still a problem? Then we can just close it.

And that’s when my manager said

“His skills are currently being assessed so he’s been left to figure it out and told to ask for help if/when he needs it.”

Manager

So it seems like they have given him a bug to investigate then fix/close. Since he has struggled to resolve items before and been reluctant to ask for help, they have chosen this one to test if he is collaborating with the correct people. He didn’t, so they sacked him.

I haven’t encountered many sackings; everyone seems to imply it’s a lot of hassle, but certain managers are more willing to do it. Another approach is to declare that a “new opportunity” has come up and they will be placed in a new team to see if that causes an improvement.