Swizec Teller - a geek with a hatswizec.com

    I learned two things today

    The first thing I learned is that dry erase markers don't work under the shower.

    Sherman DD (Duplex Drive) amphibious tank with...

    It gets too steamy and awesome ... I'm going to have to find a better solution for efficient shower brainstorming. Some sort of water resistant marker that works on tiles but can be erased without too big a hassle.

    tl;dr --> no matter what it seems like, the first price a client suggests is never fair.

    Another thing I learned is never again to take a job making a "simple extension to our existing website, it's pretty simple and easy".

    At least, I will never again take such a job without raising their suggested price at least 50%.

    Admittedly, that's my bad, they gave me an offer and I simply took it without thinking too much about it. Seemed like an easy enough job, the price seemed fair, something that would easily accomodate my normal hourly rate in the time I thought was needed to complete the job. And I like money, it lets me buy food.

    I still think I scheduled enough time.

    But I forgot to account for the annoyance of working on a legacy system I don't have the first clue about. What's worse, the website seems to have originally been developed in the time when everyone and their grandmother was making a custom CMS.

    Yeah, you can't even begin to imagine.

    Let me just share a couple cookies from the beautiful source:

    if ($admin_super == 1) $superuser = 1;
    if (($superuser == 1)) { ...
    // added by /../, 16/01/2006, modified 20/12/2007

    Yes. That bad.

    To make it more fun, the admin interface is made so every form can only handle a single database table.

    Naturally my extension requires a data model encompassing many interconnected tables.

    But ok, I get it, five years ago my code wasn't exactly perfect either. It still isn't. Maybe I could have done a little better, maybe I would have done worse.

    The thing that really gets me though is having to chloroform my coding standards, drag them to a dark alleyway and rape them, listening to their muffled sobs. I cry a little every time! But a choice had to be made, either rewrite this client's whole website, or rape my standards and complete the project within budget, then learn a good lesson and never do this again for cheap.

    Oh and I've found at least two possible/obvious security holes so far.

    Not to mention that user passwords are stored in plaintext in the database and the admin's password is stored in a config file in plaintext ... oh yeah. Gotta love that!

    Good lesson. Taking it to heart ... no matter what it seems like, the first price a client gives is never fair.

    PS: the main developer guy specifically warned me that this isn't opensource and I should treat the source with the respect and dignity it deserves

    Enhanced by Zemanta

    Did you enjoy this article?

    Published on July 18th, 2011 in Plaintext, Programming, Security, Superuser, Uncategorized, Whiteboard

    Learned something new?
    Want to become an expert?

    Here's how it works 👇

    Leave your email and I'll send you thoughtfully written emails every week about React, JavaScript, and your career. Lessons learned over 20 years in the industry working with companies ranging from tiny startups to Fortune5 behemoths.

    Join Swizec's Newsletter

    And get thoughtful letters 💌 on mindsets, tactics, and technical skills for your career. Real lessons from building production software. No bullshit.

    "Man, love your simple writing! Yours is the only newsletter I open and only blog that I give a fuck to read & scroll till the end. And wow always take away lessons with me. Inspiring! And very relatable. 👌"

    ~ Ashish Kumar

    Join over 14,000 engineers just like you already improving their careers with my letters, workshops, courses, and talks. ✌️

    Have a burning question that you think I can answer? I don't have all of the answers, but I have some! Hit me up on twitter or book a 30min ama for in-depth help.

    Ready to Stop copy pasting D3 examples and create data visualizations of your own?  Learn how to build scalable dataviz components your whole team can understand with React for Data Visualization

    Curious about Serverless and the modern backend? Check out Serverless Handbook, modern backend for the frontend engineer.

    Ready to learn how it all fits together and build a modern webapp from scratch? Learn how to launch a webapp and make your first 💰 on the side with ServerlessReact.Dev

    Want to brush up on your modern JavaScript syntax? Check out my interactive cheatsheet: es6cheatsheet.com

    By the way, just in case no one has told you it yet today: I love and appreciate you for who you are ❤️

    Created bySwizecwith ❤️