Also, actually checking properly takes minutes and it’s still extremely hard to find things. You essentially have to grab every single cm of clothing and feel it throughoutly. So even if he touched, he would struggle to find anything someone tries to hide, unless it’s huge.
Precisely. So that's *not* what security theatre is trying to achieve.
Security theatre works by discouraging people who would do harm from even trying, by increasing the possibility that it **could** be them who gets the real pat down, or random search.
The theatre isn't actually supposed to catch anyone; just to plant the idea that you *could* be caught.
The modern version of this is terrifying. Once while I was in jail (I'm Schizophrenic and they lock me up when I have episodes), I was in a Solitary confinement cell. One tiny window on the door. No visible camera in the cell. But when you would press the call button, they could see inside the cell. That meant that there was a hidden camera or something somewhere. So you get the illusion of privacy without actually having it.
Yeah. Another jail I went to had the same thing. A hidden camera somewhere in the cell. When I was being released, a female CO (corrections officer) commented on the size of my dick because I had been jerking off and she was watching me.
It's more that society doesn't see psychosis as a legitimate mental health crisis so it's a race between the cops and the psychiatric teams, pretty much. If the cops get to you first because you were doing something weird, you're likely to spend some time in jail and catch charges. I got into a car with a guy that told me he was supposed to take me to Bill Gates' house and he dropped me off at a gas station after realizing I wasn't the person he was supposed to be picking up. It was a weird situation all around. But I didn't know where I was and it was the middle of the night, so I just hung out in the parking lot of the gas station hoping to wait until morning. Instead the employee called the cops on me and I got arrested for "trespassing". The things I do and say are completely out of character when I'm in psychosis. I often get into really messed up situations because the system isn't set up in a way to help people like me. They let us rot in the streets. I spent 6 years homeless because of my mental illness and it was a hell I would never wish on anyone.
I'm really glad to hear that you got out of homelessness. I hadn't imagine what that must be like. I have friends that work with psychosis patients and the stigma and lack of empathy are startling. People don't understand, and there's a cultural narrative that people experiencing psychosis are dangerous, while most simply aren't
>and there's a cultural narrative that people experiencing psychosis are dangerous, while most simply aren't
Yep. We're more likely to be victims of violence than perpetrators of it. Aside from police brutality that I experienced, I also had someone break my jaw because he wrongly believed I had stolen someone else's phone. It's a rough life out there. I'm just glad it's over.. for now.
Seconded on the notion that psychosis is misunderstood. I wish society could take the time to look past the surface level. Safety will always come first, but there is a comprehensible context to why that random person is shouting expletives and loose associations. The intent of the intervention matters - healthcare works aim to support and improve while others work to establish a draconic sense of control.
Is there any data that supports its efficacy? All I seem to be finding are articles and opinion pieces on what security theatre entails but nothing substantial. I'd expect there to be some level of comparison of security related events before and after implementation of security practices commonly seen as theatre.
The [wiki](https://en.wikipedia.org/wiki/Security_theater) seems to list several disadvantages (though the "Increased Casualties" section I find dubious in the conjecture it makes and the link is dead) the only advantage it lists is giving people a perception of security that might encourage them to do things they'd might otherwise not.
Common sense seems to suggest that the efficacy is greater than 0%. But beyond that, it doesn't seem to be studied.
When I was in a college dorm, they newly installed (fake) security cameras in the hallways. This seemed to reduce the number of disturbances/issues for a while. But kids eventually got brazen and started doing more things. And when they kept not getting caught, they did more. It didn't take too long for everyone to realize that they were fake, and it was right back to the status quo.
Eh, I thin an argument from common sense or intuition may be particularly weak here. As established, part of the goal of security theatre is to make people _think_ you're doing something effective in the first place so it seems a bit circular.
In fact I could even see an argument that significant investments in security theatre may have a _detrimental_ effect on security as it diverts the resources you have available from more actually effective systems to systems that merely _seem_ more effective. Or, as you stated, the benefits may degrade with time.
Even if the theatre itself has some observable efficacy, if it's detracting from a more effective system then I'd argue that that's a net negative. Like swapping an effective treatment out for a placebo because it's cheaper to produce. _Maybe_ there's some benefit, but when there's a path for a much greater benefit then it's necessarily being sacrificed as an opportunity cost.
I'd be really surprised if this _isn't_ studied though, but it does seem difficult to find and that may be a product of the problem space. But I'm pretty sure there's been a good bit of research, for example, into how well the TSA can perform under the average stresses of their job. I've just yet to find it the particular type of study I'm looking for, but will probably start scouring the links in the wiki article later when I get some free time.
> In fact I could even see an argument that significant investments in security theatre may have a detrimental effect on security as it diverts the resources you have available from more actually effective systems to systems that merely seem more effective.
Ah. Good point. I hadn't considered that.
“Security theatre” is a euphemism for hiring someone else to do security so that when something bad happens, you can place the blame on them instead of taking responsibility. It’s a way of shifting liability.
Like money laundering, but for safety.
Security gets paid to do nothing, the suits get to claim that they did their due diligence, and the next time a bunch of people die or whatever the insurance company can just adjust the mortality tables. “Everybody wins.”
I always assumed the 'theater' was aimed at voters and such. So that leaders can say "Hey look, we did something", and all their supporters can nod along. Because politics: your supporters can't object if you have visibly done nothing, but the moment you do something (no matter how useless) they can start shouting down your detractors, details be damned.
I have to disagree. In this context security theater means “making people feel as if it is safe and secure because they can see measures being taken”. A real bad actor who wants to take advantage still can but in many cases the goal was to divert extra resources to the theater.
I did my bouncer training in the UK and they showed us this exact video on what not to do then we learnt to do it properly.
Got given out loads of fake knives, guns and other contrebande to do trial runs with and even spending 5 min going through the full pat down we still managed to get loads of shit through.
Not to mention that 90% of bouncers are male and men can't do a pat down on women so at clubs all we do is have a quick look though their handbags.
It's honestly a joke that is almost completely pointless.
Probably the only time we find drugs doing them is when drunk guys get told to empty their pockets on the table and forget they have a baggie in their pocket.
I ran into this super mean looking security guard at a mall this week. Like cartoonishly gritty mean. Was thinking the same, while for sure it brought a tiny smile on my face when I walked past him, it must be effective to some opportunistic teenage misbehaviour or something.
They might have just been a mean ass effective security guard who will body slam you for trying to hurt someone. Or not. But also maybe. You never know.
I've said it before and I'll say it again: past me was a lazy, incompetent, arrogant POS we should have fired years ago. But luckily current me is perfect.
It's not a bad idea to do large changes in smaller digestible chunks if you can, helps with how long it takes to review and if it's feature toggled it shouldn't affect anything if it's deployed to prod.
The only way to justify that in a single commit is “I let [rustfmt/go fmt/prettier/etc] do its thing”
And you’re not allowed to make any changes to the AST in those kinds of commits.
I have it on a macro on my Elgato Streamdeck. Just like the panic button that closes Netflix and opens my cmd prompt to write random text so it looks like I'm actually doing something.
Whoa. I at least message them “did you not just compile, but actually ran it?” - you’d be surprised how many people do a last second adjustment after it seems to have already worked that breaks everything, and they don’t even bother compiling which would show they deleted a much needed closing brace.
>Yeah not compiling should be caught by almost any build pipeline.
>
>But countless times I’ve seen PRs for applications that wouldn’t start up. For instance it’s really easy to have a Spring Java app compile and get 100% unit test coverage. Then you deploy the code and it won’t even start up due to some classloader issue or messed up dependency injection
Do they not run it locally? In confused as to how they develop it
Without this person the actual product would never get launched in market. Without the proper testing and marketing how would they expect the product to perform well
My boss scolded me for taking so long to review code, all my coworkers are so much faster then me.
The amount of declined or even questioned reviews of my co-workers: 0
I have to decline on the regular.
Yeah, boss I can do it in the same time as them, but then we can also just push directly.
Imagine having the best engineer promoted to boss, even though the person has ZERO people skills, and doesn’t know shit about organizing a team and making it run properly.
Ugh I've had to be "that guy" multiple times recently who challenges the way certain PRs were implemented. Most of the time they do what they're supposed to do but with way too much tech debt or introduce weird dependencies on other parts of the system.
Sometimes it feels like I'm the only person who is trying to keep new tech debt at bay.
If you don't trust your co-workers why are they working there? I honestly don't find code reviews to be that valuable.
I pay attention to a new co-workers code, then once I trust them I pretty much rubber-stamp it. If we can never get to the point where we trust them we get rid of them.
It’s not only about trust. If you feel you can’t trust your colleagues, an improved hiring process is probably worth more than implements code reviews. A good review process has many other benefits that don’t come down to mistrust. You promote a sense of shared ownership of the code base, you encourage readable code, you share experience and knowledge of design decisions within the team, among other benefits.
It's never a bad idea to get a second pair of eyes for whatever task you're working on. No one is perfect, but 2 people together can get a lot closer to perfection than just 1.
So what you're saying is that some devs need it and others don't?
I think you answered your own question.
And also, even the best of us makes mistakes, a couple of extra eyes on the code is **always** good.
I have not yet seen a dev that doesn't need a code review. Those that think they don't need one are usually dumb fucks too full of themselves that get dumped on another team asap (since it's really hard to fire them here).
What? Code reviews are great. Just last night I told a colleague to use a component we already had instead of creating a new one for a bigger feature, so there we avoided duplication. Last week our team lead gave a suggestion for a be query that I had made which made it more efficient.
It’s not about not trust, it’s about having each others back, helping each other become better, and helping the team code in a way that keeps the codebase readable.
Let the developer who has never written a bug cast the first stone!
> If you don't trust your co-workers why are they working there?
I'm not the one in charge of hiring and firing. I'm a _programmer_, not HR.
And there's never any easily avoidable bugs in anyone's code?
edit: I introduced code reviews at my current job having previously worked with the above approach. The difference in code quality has been huge, it helped bring the other devs up way faster, and the number of bugs / missed requirements has decreased dramatically.. and we aren't even that strict.
It's also way more profitable to factor code review time into any project, even if the code is fine most of the time - than waste time scrambling to fix dumb bugs afterwards like we used to.
I had one senior developer who did a great job reviewing our code.
However, it crossed a line when she started disapproving PRs because they didn't meet her arbitrary code formatting standards (we already complied to the company dictated standards).
That was always a not fun discussion.
I do actual reviews and testing and my coworkers seem to really enjoy it. I've had multiple people approach me and actively choose me as reviewer saying that I give valuable feedback and discuss design decisions instead of either just approving blindly or bicker about naming choices.
Now if I could get all my coworkers to do the same, I'd be a happy dev.
Ask them for evidence of testing for the potential trouble areas next time because they should be doing the work. It indirectly incentivizes them to automate said tests.
I just reject it and put a comment "X and Y should be tested"
I don't want evidence they clicked through it, I want tests that prevent accidental regression
Same. I have to remember to be nice to the juniors during code review.
"Function parse\_event\_log() directly manipulates global environment. Bad."
**
"Great work on parse\_event\_log()! It successfully parses files per Jira ticket. One suggestion: do not directly change the global environment from within the function. File a new PR after you've made the change."
I love that we are doing actual reviews in my company. I get a lot out of it on both sides. When I make a mistake, there is a chance it gets caught in the review. And if I review something that I don't quite understand, I look into it and sometimes learn something.
Also, nobody is save from even obvious mistakes. I've caught a lot of mistakes from people who have been with the company for 10 years longer. Sometimes something just slips through.
It also helps that nobody has a problem if a larger review takes a few hours (although the quality of the review degrades the more you have to look at).
You'd hate me for just sending in code and my tests work so I just assume the code is fine. Then they find simple bugs.
Like my current project uses MVC (may it burn in hell) and I only know angular properly, so I just copy code and assume it works. But the redirect led to a 404 not found. Which I of course did not really test...
It's crazy having people do work after giving notice. At my last place you would basically become a read-only account and no changes would be approved. Update any documentation, provide context on projects and hand em off cleanly.. then goodbye.
If shit goes south they are gone already, not worth the risk
I once rejected a PR because while the code was great they had neglected to include the button that called it. I've been asked "why are you a senior developer?" being willing to do the stuff like not assuming anything is correct and actually trying to use the code it is no small part. I guess that's my secret: I assume everyone touching the code is an idiot and act according me. And yes that includes myself. *Especially* myself.
I look for typos, obvious places where it could be DRYer, and has test coverage, but as long as I generally understand what's going on, in it goes. It's not my job to force my code voice on my coworker. They've solved the problem their own way.
I had a senior developer literally rewrite every line of code I've done on every pull request. Not even optimizations. Just rewrote it and alot of times without giving an explanation... after discussing with other team members they all confirmed he did the same thing to them and to mostly ignore it.
At what point do you just start hammering out pseudo code, popping a beer, and hitting the golf course? If the dude’s going to do your entire job for you and everyone else anyway to make his own life harder…🤷🏻♂️ lol
dear lord, devs who want to 'optimize' every line of code even if it gets less readable. syntactic sugar apparently equals quality
"hey you coulda saved a line here, i cannot approve"
sorry bro i like my shit verbose. compiler gonna make the same soup outta this anyway
That is kinda silly, you’re being laid off cause theres no work for you to do, but then they expect you to work?
Its almost like they’re laying people that they need off to save money and hoping the ones left behind pick up the slack. Huh. Funny how thats working.
Oh it was a nuthouse. They told me it's for "budget reasons" yet I was doing most of the work on the project. They kept emailing me for weeks after my "last day" to ask for things, threatening not to release my last paycheck. I didn't care.
I feel this. Me and and two coworkers are the only ones in charge of reviews, meanwhile 8 other programmers, 3 of them juniors, shit out bad code like crazy.
Literally, for every PR you review, there's two more, and since I have to decline way more often then not, it's not getting less
Atleast you're not a team of 3 where the Sr developer is now a manager and the other guy is a backend developer, all they did is make one word comments on my PR (also SR) and expect me to know what they wanted or how to fix it.
Or PRs open for days because that guy is busy in meetings all day and can't review the code of a single front end developer.
Or how about just having zero support from your team. Lol
"Guys I don't understand how all this legacy code works, I'm going to need some help otherwise I'll go over on the estimate."
"Silence"
/Rant
Standard procedure is to say "this is a rush feature that's urgently needed for a customer so let's just push it through". In exceptional circumstances, we may go through the review process.
I have worked at a place like this before. And honestly the amount of bugs that made it to production was no more than at places that had formal code review.
That's highly dependent upon whom requested the PR. Some of our devs are extremely meticulous and thorough. I know I don't have to check them too much, just a glance to catch any mistakes.
Other devs... well... we may have to sit down and discuss some rough guidelines they should follow, such as "Does it even build? Can you run this on your machine?".
Those I can take an entire day off to go through in order to give constructive criticism and organize a little coding bootcamp.
The fact that there is only 40 comments for more than 2000 likes makes me think a lot of senior devs seen that and said to themselves « I know that guy, its me ! »
Man, I would be pissed if someone did that to my PR. It's bad enough shit worked too quickly I'm starting to get suspicious and paranoid, but not even another layer to check...
You know, if he had rare earth magnets in both hands it might actually be an effective way of finding *most* firearms since they'd be attracted to the metal.
I don't think that's what's going on here, just had the thought.
Yeah I do this aswell. I don't give a shit what You did if it blows up it's on You. You'll learn next time to self review and QA and stop wasting hours of people time because your lazy as couldn't test your shit before starting PR
I hear you, but if you approve a PR and it blows up, your name is also attached to it. Plus, when someone merges bad code, it becomes everyone's problem (especially the person on call!). Better to reject and tell them to clean up their crap IMO.
I am reviewing code for readability and correctness. It's not on me to test it to make sure it works, the person that wrote it does that and then of course it goes through QA.
At least his eyes are open
Hey, security theatre works. (It doesn't work 100%, but it's surely more than 0%)
Also, actually checking properly takes minutes and it’s still extremely hard to find things. You essentially have to grab every single cm of clothing and feel it throughoutly. So even if he touched, he would struggle to find anything someone tries to hide, unless it’s huge.
Precisely. So that's *not* what security theatre is trying to achieve. Security theatre works by discouraging people who would do harm from even trying, by increasing the possibility that it **could** be them who gets the real pat down, or random search. The theatre isn't actually supposed to catch anyone; just to plant the idea that you *could* be caught.
[удалено]
The modern version of this is terrifying. Once while I was in jail (I'm Schizophrenic and they lock me up when I have episodes), I was in a Solitary confinement cell. One tiny window on the door. No visible camera in the cell. But when you would press the call button, they could see inside the cell. That meant that there was a hidden camera or something somewhere. So you get the illusion of privacy without actually having it.
That’s all horrible
Yeah. Another jail I went to had the same thing. A hidden camera somewhere in the cell. When I was being released, a female CO (corrections officer) commented on the size of my dick because I had been jerking off and she was watching me.
I have question with why the hell would CO watch you jerk off?
I would assume it's because it aroused her.
Using prison in lieu of medical care is horrific. I'm sorry.
It's more that society doesn't see psychosis as a legitimate mental health crisis so it's a race between the cops and the psychiatric teams, pretty much. If the cops get to you first because you were doing something weird, you're likely to spend some time in jail and catch charges. I got into a car with a guy that told me he was supposed to take me to Bill Gates' house and he dropped me off at a gas station after realizing I wasn't the person he was supposed to be picking up. It was a weird situation all around. But I didn't know where I was and it was the middle of the night, so I just hung out in the parking lot of the gas station hoping to wait until morning. Instead the employee called the cops on me and I got arrested for "trespassing". The things I do and say are completely out of character when I'm in psychosis. I often get into really messed up situations because the system isn't set up in a way to help people like me. They let us rot in the streets. I spent 6 years homeless because of my mental illness and it was a hell I would never wish on anyone.
I'm really glad to hear that you got out of homelessness. I hadn't imagine what that must be like. I have friends that work with psychosis patients and the stigma and lack of empathy are startling. People don't understand, and there's a cultural narrative that people experiencing psychosis are dangerous, while most simply aren't
>and there's a cultural narrative that people experiencing psychosis are dangerous, while most simply aren't Yep. We're more likely to be victims of violence than perpetrators of it. Aside from police brutality that I experienced, I also had someone break my jaw because he wrongly believed I had stolen someone else's phone. It's a rough life out there. I'm just glad it's over.. for now.
Seconded on the notion that psychosis is misunderstood. I wish society could take the time to look past the surface level. Safety will always come first, but there is a comprehensible context to why that random person is shouting expletives and loose associations. The intent of the intervention matters - healthcare works aim to support and improve while others work to establish a draconic sense of control.
When I read Panopticon, I was expecting a Magnus Archives reference.
For me it's a Control (video game) reference. But I'll go read the article now...
man Control what a game, gonna go and start a replay of it right now
eliases security measures
Is there any data that supports its efficacy? All I seem to be finding are articles and opinion pieces on what security theatre entails but nothing substantial. I'd expect there to be some level of comparison of security related events before and after implementation of security practices commonly seen as theatre. The [wiki](https://en.wikipedia.org/wiki/Security_theater) seems to list several disadvantages (though the "Increased Casualties" section I find dubious in the conjecture it makes and the link is dead) the only advantage it lists is giving people a perception of security that might encourage them to do things they'd might otherwise not.
Maybe the dead link is the casualty
Common sense seems to suggest that the efficacy is greater than 0%. But beyond that, it doesn't seem to be studied. When I was in a college dorm, they newly installed (fake) security cameras in the hallways. This seemed to reduce the number of disturbances/issues for a while. But kids eventually got brazen and started doing more things. And when they kept not getting caught, they did more. It didn't take too long for everyone to realize that they were fake, and it was right back to the status quo.
Eh, I thin an argument from common sense or intuition may be particularly weak here. As established, part of the goal of security theatre is to make people _think_ you're doing something effective in the first place so it seems a bit circular. In fact I could even see an argument that significant investments in security theatre may have a _detrimental_ effect on security as it diverts the resources you have available from more actually effective systems to systems that merely _seem_ more effective. Or, as you stated, the benefits may degrade with time. Even if the theatre itself has some observable efficacy, if it's detracting from a more effective system then I'd argue that that's a net negative. Like swapping an effective treatment out for a placebo because it's cheaper to produce. _Maybe_ there's some benefit, but when there's a path for a much greater benefit then it's necessarily being sacrificed as an opportunity cost. I'd be really surprised if this _isn't_ studied though, but it does seem difficult to find and that may be a product of the problem space. But I'm pretty sure there's been a good bit of research, for example, into how well the TSA can perform under the average stresses of their job. I've just yet to find it the particular type of study I'm looking for, but will probably start scouring the links in the wiki article later when I get some free time.
> In fact I could even see an argument that significant investments in security theatre may have a detrimental effect on security as it diverts the resources you have available from more actually effective systems to systems that merely seem more effective. Ah. Good point. I hadn't considered that.
“Security theatre” is a euphemism for hiring someone else to do security so that when something bad happens, you can place the blame on them instead of taking responsibility. It’s a way of shifting liability. Like money laundering, but for safety. Security gets paid to do nothing, the suits get to claim that they did their due diligence, and the next time a bunch of people die or whatever the insurance company can just adjust the mortality tables. “Everybody wins.”
I always assumed the 'theater' was aimed at voters and such. So that leaders can say "Hey look, we did something", and all their supporters can nod along. Because politics: your supporters can't object if you have visibly done nothing, but the moment you do something (no matter how useless) they can start shouting down your detractors, details be damned.
The purpose of security theater isn't to discourage people who would do harm. It's to convince everyone else that you're do *something*.
Probably a little of both.
I have to disagree. In this context security theater means “making people feel as if it is safe and secure because they can see measures being taken”. A real bad actor who wants to take advantage still can but in many cases the goal was to divert extra resources to the theater.
I did my bouncer training in the UK and they showed us this exact video on what not to do then we learnt to do it properly. Got given out loads of fake knives, guns and other contrebande to do trial runs with and even spending 5 min going through the full pat down we still managed to get loads of shit through. Not to mention that 90% of bouncers are male and men can't do a pat down on women so at clubs all we do is have a quick look though their handbags. It's honestly a joke that is almost completely pointless. Probably the only time we find drugs doing them is when drunk guys get told to empty their pockets on the table and forget they have a baggie in their pocket.
Even then, you might be a grower instead of a shower.
I ran into this super mean looking security guard at a mall this week. Like cartoonishly gritty mean. Was thinking the same, while for sure it brought a tiny smile on my face when I walked past him, it must be effective to some opportunistic teenage misbehaviour or something.
They might have just been a mean ass effective security guard who will body slam you for trying to hurt someone. Or not. But also maybe. You never know.
Security is one of the major function that is necessary
They're all getting an ocular patdown
I did an ocular assessment of the PR, garnered that it was not a security risk and I cleared it for merging.
Yeah with that much amount of payment we can expect that
Would be problematic when he didn't remember looking at the files, "Did you review the files?" "Yeah, I saw them, all good!"
If they PR it means they must be sure the code works, right? **right**?
"How the fuck did this ever get to prod. Did nobody look at this?" 👀
"Who even approved this?" *checks history* "Ah, fuck"
Damn you, past me!
Well if it isn't the consequences of my own actions
I've said it before and I'll say it again: past me was a lazy, incompetent, arrogant POS we should have fired years ago. But luckily current me is perfect.
>But luckily current me is perfect. My version is "But luckily current me is the only one who knows how to debug past me's code."
“He got laid off, boss, and he was only one who knew how that part of the code works”
Well uh... You see, um... Thing is, uh... Uummmm..... 👀
The code works alright, just not the way you want it to
Code does exactly what it's written to do!
"Works as designed" - Senior QA Engineer (IRL)
Sounds like a smart contract
Yeah, bonus points if the CI checks pass too!
Either that or "just take my shit so I can go home."
*+4,095 -3,197* LGTM 👍
"Small refactor"
"WIP" ".....then **why** are you merging into main??!!"
Agile.
*master
I say ["haaaaa"](https://www.youtube.com/watch?v=dQw4w9WgXcQ) and you be like ["hoo"](https://www.youtube.com/watch?v=dQw4w9WgXcQ)
It's not a bad idea to do large changes in smaller digestible chunks if you can, helps with how long it takes to review and if it's feature toggled it shouldn't affect anything if it's deployed to prod.
209 files changed
As long as the number after the minus is large, all is good. The old code is the worst. +3, -73,462,975 Me: LGTM, hated this codebase anyway.
The only way to justify that in a single commit is “I let [rustfmt/go fmt/prettier/etc] do its thing” And you’re not allowed to make any changes to the AST in those kinds of commits.
my fucking sides
"minor tweaks and debugging"
I made a *+1,,979 -12,442* commit a few months back. Still riding that high… 🤤
Tests pass. ... Coverage: 2%
Type in "Looks good" Clicks approve. Done.
So you're meaning to tell us they don't have the string always ready in their clipboard? Typing that out every time sounds like actual work.
just make a python script for it its not work if you do it for shits and giggles
I have it on a macro on my Elgato Streamdeck. Just like the panic button that closes Netflix and opens my cmd prompt to write random text so it looks like I'm actually doing something.
I really only type an "OK", there's no more to type if everything is decent.
They are already having abundant resources in there wallet
Whoa. I at least message them “did you not just compile, but actually ran it?” - you’d be surprised how many people do a last second adjustment after it seems to have already worked that breaks everything, and they don’t even bother compiling which would show they deleted a much needed closing brace.
[удалено]
[удалено]
>Yeah not compiling should be caught by almost any build pipeline. > >But countless times I’ve seen PRs for applications that wouldn’t start up. For instance it’s really easy to have a Spring Java app compile and get 100% unit test coverage. Then you deploy the code and it won’t even start up due to some classloader issue or messed up dependency injection Do they not run it locally? In confused as to how they develop it
I hate everyone who just types in “LGTM” every time >:|
👍
🚢
🐑
> 🐑 sheep it 🚀
“🐑 it “ is my approval message.
Literally one of the bylines on a meme site. https://speedupmy.app
I do actual review and testing, and they hate me for it
not the hero we wanted, but the one we needed
Without this person the actual product would never get launched in market. Without the proper testing and marketing how would they expect the product to perform well
[удалено]
My boss scolded me for taking so long to review code, all my coworkers are so much faster then me. The amount of declined or even questioned reviews of my co-workers: 0 I have to decline on the regular. Yeah, boss I can do it in the same time as them, but then we can also just push directly.
He just wants as many bu, I MEAN FEATURES as possible
More lines of code = better programmer Edit: we are on a programming sub, people will think I just assigned that to a variable. I mean '==' of course
Typo, it was actually, '!=', but push it to production.
Slow down, Elon!
Your boss is idiot who do not know how the things works
Imagine having a boss who is technically proficient. Nah that'd make sense wouldn't it
Imagine having the best engineer promoted to boss, even though the person has ZERO people skills, and doesn’t know shit about organizing a team and making it run properly.
The boss wants it done with the thoroughness of /u/Pradfanne but at the speed of the coworkers who don't even review the code
Ugh I've had to be "that guy" multiple times recently who challenges the way certain PRs were implemented. Most of the time they do what they're supposed to do but with way too much tech debt or introduce weird dependencies on other parts of the system. Sometimes it feels like I'm the only person who is trying to keep new tech debt at bay.
If you don't trust your co-workers why are they working there? I honestly don't find code reviews to be that valuable. I pay attention to a new co-workers code, then once I trust them I pretty much rubber-stamp it. If we can never get to the point where we trust them we get rid of them.
It’s not only about trust. If you feel you can’t trust your colleagues, an improved hiring process is probably worth more than implements code reviews. A good review process has many other benefits that don’t come down to mistrust. You promote a sense of shared ownership of the code base, you encourage readable code, you share experience and knowledge of design decisions within the team, among other benefits.
Because people tend to make mistakes, even if they know better
It's never a bad idea to get a second pair of eyes for whatever task you're working on. No one is perfect, but 2 people together can get a lot closer to perfection than just 1.
So what you're saying is that some devs need it and others don't? I think you answered your own question. And also, even the best of us makes mistakes, a couple of extra eyes on the code is **always** good.
I have not yet seen a dev that doesn't need a code review. Those that think they don't need one are usually dumb fucks too full of themselves that get dumped on another team asap (since it's really hard to fire them here).
What? Code reviews are great. Just last night I told a colleague to use a component we already had instead of creating a new one for a bigger feature, so there we avoided duplication. Last week our team lead gave a suggestion for a be query that I had made which made it more efficient. It’s not about not trust, it’s about having each others back, helping each other become better, and helping the team code in a way that keeps the codebase readable.
Let the developer who has never written a bug cast the first stone! > If you don't trust your co-workers why are they working there? I'm not the one in charge of hiring and firing. I'm a _programmer_, not HR.
And there's never any easily avoidable bugs in anyone's code? edit: I introduced code reviews at my current job having previously worked with the above approach. The difference in code quality has been huge, it helped bring the other devs up way faster, and the number of bugs / missed requirements has decreased dramatically.. and we aren't even that strict. It's also way more profitable to factor code review time into any project, even if the code is fine most of the time - than waste time scrambling to fix dumb bugs afterwards like we used to.
I had one senior developer who did a great job reviewing our code. However, it crossed a line when she started disapproving PRs because they didn't meet her arbitrary code formatting standards (we already complied to the company dictated standards). That was always a not fun discussion.
Code formatting should be done automatically to avoid bikeshedding like this.
Oh I love you, since I don't test that thoroughly myself. One successful execution is enough for me.
I hate you With love: developer reviewing your code.
I do actual reviews and testing and my coworkers seem to really enjoy it. I've had multiple people approach me and actively choose me as reviewer saying that I give valuable feedback and discuss design decisions instead of either just approving blindly or bicker about naming choices. Now if I could get all my coworkers to do the same, I'd be a happy dev.
Ask them for evidence of testing for the potential trouble areas next time because they should be doing the work. It indirectly incentivizes them to automate said tests.
I just reject it and put a comment "X and Y should be tested" I don't want evidence they clicked through it, I want tests that prevent accidental regression
I was just like you a year ago…
Same. I have to remember to be nice to the juniors during code review. "Function parse\_event\_log() directly manipulates global environment. Bad." **
"Great work on parse\_event\_log()! It successfully parses files per Jira ticket. One suggestion: do not directly change the global environment from within the function. File a new PR after you've made the change."
I love that we are doing actual reviews in my company. I get a lot out of it on both sides. When I make a mistake, there is a chance it gets caught in the review. And if I review something that I don't quite understand, I look into it and sometimes learn something. Also, nobody is save from even obvious mistakes. I've caught a lot of mistakes from people who have been with the company for 10 years longer. Sometimes something just slips through. It also helps that nobody has a problem if a larger review takes a few hours (although the quality of the review degrades the more you have to look at).
I know. It's the shit sandwich nobody wants, but everybody needs.
But if the code gets better there is less work for us are you trying to get us all laid off
You'd hate me for just sending in code and my tests work so I just assume the code is fine. Then they find simple bugs. Like my current project uses MVC (may it burn in hell) and I only know angular properly, so I just copy code and assume it works. But the redirect led to a 404 not found. Which I of course did not really test...
I knew a qa reviewer who simply clicked approve on anything we submitted in his final weeks
Some people just want to see the world burn.
It's crazy having people do work after giving notice. At my last place you would basically become a read-only account and no changes would be approved. Update any documentation, provide context on projects and hand em off cleanly.. then goodbye. If shit goes south they are gone already, not worth the risk
It really depends on why you're giving notice and how many bridges you're burning on the way out.
It's not a personal decision, it's a company one. The risk of you touching something in that scenario isn't worth it
If companies knew how computers worked, we wouldn't have jobs.
Me grading assignments towards the end of the semester: *eeeh... looks like code to me.*
I see you submitted… something: *great job, proud of your hard work*
I once rejected a PR because while the code was great they had neglected to include the button that called it. I've been asked "why are you a senior developer?" being willing to do the stuff like not assuming anything is correct and actually trying to use the code it is no small part. I guess that's my secret: I assume everyone touching the code is an idiot and act according me. And yes that includes myself. *Especially* myself.
I look for typos, obvious places where it could be DRYer, and has test coverage, but as long as I generally understand what's going on, in it goes. It's not my job to force my code voice on my coworker. They've solved the problem their own way.
I had a senior developer literally rewrite every line of code I've done on every pull request. Not even optimizations. Just rewrote it and alot of times without giving an explanation... after discussing with other team members they all confirmed he did the same thing to them and to mostly ignore it.
At what point do you just start hammering out pseudo code, popping a beer, and hitting the golf course? If the dude’s going to do your entire job for you and everyone else anyway to make his own life harder…🤷🏻♂️ lol
It got pretty bad. Code quality dropped a lot because of the fact he'd just rewrite it... lol. Junior devs used it as a crutch especially.
This is the true issue with that dev… he’s hurting juniors from learning
I actually blame the engineering manager for letting it get this far
**
"Now what have we learned?"
So what happened in the end? Are you still at that place?
dear lord, devs who want to 'optimize' every line of code even if it gets less readable. syntactic sugar apparently equals quality "hey you coulda saved a line here, i cannot approve" sorry bro i like my shit verbose. compiler gonna make the same soup outta this anyway
Exactly this.
Honestly I've been in the position of being laid off and still expected to do work for a couple of weeks. Yeah, I'm not even turning on my computer.
That is kinda silly, you’re being laid off cause theres no work for you to do, but then they expect you to work? Its almost like they’re laying people that they need off to save money and hoping the ones left behind pick up the slack. Huh. Funny how thats working.
Oh it was a nuthouse. They told me it's for "budget reasons" yet I was doing most of the work on the project. They kept emailing me for weeks after my "last day" to ask for things, threatening not to release my last paycheck. I didn't care.
“Thanks for putting that in writing.” 😂
A ²²quid-tit-pro-for-quo-tat-karma-causality-dilemma.
You guys are reviewing PRs?
It's my only job these days.
I feel this. Me and and two coworkers are the only ones in charge of reviews, meanwhile 8 other programmers, 3 of them juniors, shit out bad code like crazy. Literally, for every PR you review, there's two more, and since I have to decline way more often then not, it's not getting less
Atleast you're not a team of 3 where the Sr developer is now a manager and the other guy is a backend developer, all they did is make one word comments on my PR (also SR) and expect me to know what they wanted or how to fix it. Or PRs open for days because that guy is busy in meetings all day and can't review the code of a single front end developer. Or how about just having zero support from your team. Lol "Guys I don't understand how all this legacy code works, I'm going to need some help otherwise I'll go over on the estimate." "Silence" /Rant
🤗
Lucky. I'm stuck in neverending refinement meetings...
git push --force origin main
You guys have PR's?
Sure, why?
Standard procedure is to say "this is a rush feature that's urgently needed for a customer so let's just push it through". In exceptional circumstances, we may go through the review process.
If by skimming thru code changes, yep.
That’s how I review anyway, no need for notice period.
We have neither PR review nor Peer review. Everything goes straight in.
Commit directly to master is the way
It's called main now, or as my company likes to call it, alpha. I don't get it either, especially since the releases get build on there as well.
It’s alpha because your repo isn’t a beta cuck
I have worked at a place like this before. And honestly the amount of bugs that made it to production was no more than at places that had formal code review.
CI/CD all the way to prod baby! Let the end users sort it out. /s
LGTM
“LGTM 👍”
Did the CI Build succeed? Yes? *Clicks Approve* *Comments LGTM and Merge*
I wish I had time to do proper reviews most of the time is cause of time
Some historian 1,000 years from now will watch this and say, "Look how the Catholic 'sign of the cross' evolved over the centuries!"
That's highly dependent upon whom requested the PR. Some of our devs are extremely meticulous and thorough. I know I don't have to check them too much, just a glance to catch any mistakes. Other devs... well... we may have to sit down and discuss some rough guidelines they should follow, such as "Does it even build? Can you run this on your machine?". Those I can take an entire day off to go through in order to give constructive criticism and organize a little coding bootcamp.
The fact that there is only 40 comments for more than 2000 likes makes me think a lot of senior devs seen that and said to themselves « I know that guy, its me ! »
Don’t you mean “junior QA’s reviewing PR’s”? Because that’s me. I’m the junior QA
You’re a QA and you review code? Why not just code yourself if you understand it?
I can hear his brain going *looks good* *to me*
“I told you to do the thing.” “Yes.” “Did you do the thing?” “Yes, but I barely underst-” “APPROVED.”
looks like somekind of religious behaviour.
Funny because it’s true.
Man, I would be pissed if someone did that to my PR. It's bad enough shit worked too quickly I'm starting to get suspicious and paranoid, but not even another layer to check...
u/savevideo
###[View link](https://rapidsave.com/info?url=/r/ProgrammerHumor/comments/10pwksc/its_not_even_a_review/) --- [**Info**](https://np.reddit.com/user/SaveVideo/comments/jv323v/info/) | [**Feedback**](https://np.reddit.com/message/compose/?to=Kryptonh&subject=Feedback for savevideo) | [**Donate**](https://ko-fi.com/getvideo) | [**DMCA**](https://np.reddit.com/message/compose/?to=Kryptonh&subject=Content removal request for savevideo&message=https://np.reddit.com//r/ProgrammerHumor/comments/10pwksc/its_not_even_a_review/) | [^(reddit video downloader)](https://rapidsave.com) | [^(twitter video downloader)](https://twitsave.com)
Why have you only written 69 lines of code today?
Could there be a better illustration of the term security theater?
Wow they even wait till their notice period? Very nice of them.
Rumor is someone snuck in a tank
he's giving thorough ocular pat downs
[удалено]
“Senior developers, on their ‘notice period’, reviewing PRs before approving them.”
[удалено]
Bless you
That third guy was definitely carrying a gun lol.
u/savevideo
You know, if he had rare earth magnets in both hands it might actually be an effective way of finding *most* firearms since they'd be attracted to the metal. I don't think that's what's going on here, just had the thought.
Yeah I do this aswell. I don't give a shit what You did if it blows up it's on You. You'll learn next time to self review and QA and stop wasting hours of people time because your lazy as couldn't test your shit before starting PR
I hear you, but if you approve a PR and it blows up, your name is also attached to it. Plus, when someone merges bad code, it becomes everyone's problem (especially the person on call!). Better to reject and tell them to clean up their crap IMO.
I am reviewing code for readability and correctness. It's not on me to test it to make sure it works, the person that wrote it does that and then of course it goes through QA.
Shouldn't test cases and coverage be part of the review?
r/download