November 2nd, 2022 × #webdev#debugging#horror
Spooky Web Dev Stories Part 2
Discussion of spooky web development stories involving accidents, bugs, and things gone wrong submitted by listeners.
- First spooky story about using profane placeholder text
- Story about enabling compression and crashing site
- Sending same email hundreds of times to one user
- Using deprecated framework and lack of documentation
- Changing GitHub username brought down Docker and more
- Deleting Mongo records on user delete
- Deleting production database accidentally
- Accidentally streaming .env variables on Twitch
Transcript
Announcer
You're listening to Syntax, the podcast with the tastiest web development treats out there. Strap yourself in and get ready. Here is Scott Talinski and Wes Bos.
Scott Tolinski
Rid Welcome to the syntax spooky stories part 2.
First spooky story about using profane placeholder text
Scott Tolinski
That's so much better than mine. I don't know if it is, but I went for it. You know what? It it's funny, Wes. We we've been, we got some Bluey books for the kids. You know, kids love Bluey. Rid Yeah. I've been trying to read all of the the bluey books in an Australian accent just because, you know, it's more fun for the kids if you try I'm trying to do all the voices of all the characters. I've gotten pretty good at it, but there was a a book last night I was reading to my daughter that Jean Luc was in, and he he's, like, French. So I was, like, trying to go back and forth between French and Australian, and it was a total nightmare. That was, like, a spooky story. My wife is just sitting there, like, oh my god. What are you doing? Rid Oh, that's great. Though. Kids absolutely love it. They're like that. That's the voice. Gotta get all the Australian slang up and and running too. I've just I follow a bunch of Australians on TikTok, and their slang is just next level, man. Yeah. I gotta tell you, I think The majority of podcasts I listen to these days are all Australian, which is totally bizarre. I listen to 2 Australian comedy podcasts and then, like, A couple of Australian movie podcasts. So, Aussies out there, I'm I'm I'm, like, kinda I'm in the zone right now with all of your I I know all of the different cities. I know all, you know, the Gold Coast and all that stuff. They're all talking about where they're doing their comedy shows. Alright. Enough Australian talk. Let's get into, the spooky stories. But rid. Let's introduce 3 of our amazing sponsors today, which is Linode, the perfect place to host your stuff. Whatever it may be, you get access To all kinds of hosting services from Linode at great prices. Also, LogRocket, which is gives you scribble video replay rid. To really understand how your users are using your stuff and then off 0, the effortless solution to add read. And authorization to your website. So let's get going. Let's get ready to rumble with some spooky stories here. First one Is high. Not that scary of a story. Well, you're kinda low selling us here on the start.
Scott Tolinski
Not that scary of a story, but I was building an admin panel for my company's product. It was on staging and supposed to be internal, at least for the time being.
Scott Tolinski
I used lorem as a text generator for placeholder text. Rid This sounds familiar like we all do. But being an internal tool, I used Slipsum, which generates Sentences used by Samuel L. Jackson in his movies, all profanity. Yeah. I could imagine there's a lot of mother f'ers in there.
Story about enabling compression and crashing site
Scott Tolinski
Couple of days later, I get a call from my manager saying some senior managers from a big US from a big US corporate Went inside the panel, and I need to change that text.
Scott Tolinski
Thanks.
Scott Tolinski
Rid. This is this is great. We just had one of these on the last spooky stories episode, but rid. I I don't know how many times we've we've read stories on the spooky stories episodes that involved a lorem ipsum text generator that's not lorem ipsum.
Scott Tolinski
That is something, you know, like, I think even hipster Ipsum is fine.
Scott Tolinski
But if you're getting anything with profanity, like, I get it.
Scott Tolinski
I revealed that I, at one time, used the Wu Tang Ipsum generator and also bit me in the ass, but, like, come on. Yeah. You gotta
Wes Bos
Gotta use it. Laura moved in or something nice. Yeah. Just don't do it. Next one do it. Just a short one. I once blew up $300,000,000 website because I forgot to adequately do load testing.
Wes Bos
We tried enabling Brotli, Which is, it's a compression. I just brought broccoli. Yeah. It's like a it's kind of like gzip where you'd like you turn it on on your server, and it It will compress it and send it to the browser, and the browser knows how to unpack that.
Wes Bos
For dynamic content, and I assumed it was Just like Jeezet performance, set, and forget.
Wes Bos
So in Devon staging, we just hit it a couple times, and it looked decent. In production, rid. Response times went from 300 milliseconds to 10 seconds as scaling exploded. Luckily oh, yeah. So that's that's just kind of a scary thing. So scaling exploded. It's probably in some sort of auto scale up environment, whether it's serverless or you have, rid. Container load balancing installed, so that can get expensive very quickly.
Wes Bos
Luckily, we had solid rollback procedure. So good.
Wes Bos
That could have been much, much worse. $300,000,000 website. What does that mean? You know? Yeah.
Scott Tolinski
Yeah. It's a it's a big website. It's, it's bringing in the bacon, as they say.
Scott Tolinski
So I I'll I'll give that I'll give that, you know, five Five bacon with scary googly eyes on it. Is that a thing? Is that a spooky thing? Five uncooked bacons.
Scott Tolinski
5 uncooked bacon swimming with salmonella or something. That's spooky.
Scott Tolinski
Next one here is a couple of decades ago, I messed up a loop that sent the same email to the same customer hundreds of times in rapid suggestion.
Sending same email hundreds of times to one user
Scott Tolinski
Stay spooky. Yes. Same email to the same customer. Just a big f u to that 1 user particularly, you.
Wes Bos
Rid. That's great. It's good. Next one from Dev Oops.
Wes Bos
I work at a small a small startup where we run a Magneto store, and Every Friday, we do special store.
Wes Bos
Yeah.
Wes Bos
Magneto is still around. It's it's probably very popular, isn't it? Magneto is still around. Oh, Magento.
Wes Bos
Why call it Magneto? Magneto is flexing.
Scott Tolinski
Magneto is the villain from the X Men. He's the magnet guy. Oh, Magneto is like the
Wes Bos
rid. Magnet part that makes spark in a small engine.
Wes Bos
Oh. That's interesting. Anyways, that's not what Magneto is. It's Magento.
Wes Bos
Every rid Friday, we would do special deals on some products. 1 Friday, one of our team member accidentally deleted all the deals from the admin panel By clicking select all instead of select visible.
Wes Bos
No big deal. We have a daily backups, I I said. The CEOs proceeded to let our DevOps team rid know so they can restore the backups of all the single affected database table from early morning.
Wes Bos
Fast forward a few minutes, the team member who went to the orders page rid. And saw that the last order was around 5 AM.
Wes Bos
Oh, no.
Wes Bos
I thought I just I thought, and then I went to check the database, and the DevOps rid. Team had restored the backup of the whole database and not just the single table we requested. Oh, and now we are 6 rid. Hours back in time and all actions and orders that were created and shipped in that period were Gone. Oh, they shipped them. We spent the rest of the day recreating orders from email logs that we had. We later realized that it was Improper communication, but, nonetheless, it will remain in my mind as a big DevOps movement.
Scott Tolinski
At least you had that lot that that trail of rid. Emails. Because that I was thinking, like, how could you possibly recover that? You're looking for, you know, the merchant payments. You're you're looking for those types of things. But But, like, what if if you If you roll back a database,
Wes Bos
my first thing would be like, let's just take a copy of this one just in case.
Scott Tolinski
What? DevOps. No? That is that is the process. That's the standard process. In fact, I I remember, like, having remember back in, you know, PHP days, you have your WordPress site that's on local host or your Drupal site, and you have to do, like, a push up to that. You you make a copy of the database and push up. Rid. Like, literally step 1 of our checklist is make a copy of the current database.
Wes Bos
That's step 1 every single time. But, like, honestly, it might have been, like, a 8 gig database.
Scott Tolinski
You know? So, like, that's making a hog easy. Definitely. Yeah. Yeah. Yeah.
Scott Tolinski
Yikes. Woof.
Scott Tolinski
Rid I will give that 1 6,
Wes Bos
black widow spiders out of 10. I'm running out of spooky things to think about.
Scott Tolinski
Rid I don't know if I am running out of I could keep thinking out of spook. I could keep thinking. We we actually had real black widows at our house and that no. Thank you. Really? Oh, I don't even do we have black widows in Canada? Rid. Yeah. They don't I don't I don't know. We they they exist in Michigan.
Scott Tolinski
So I I don't know, like, how much further north they they stop existing, But we had a here here's a spooky noncode related story. We had a small infestation of black widows at our last house. They were underneath our patio furniture, and I tipped the patio furniture over and found, like, tons of them.
Scott Tolinski
And they are very scary.
Scott Tolinski
They're very scary.
Scott Tolinski
They're they're very poisonous. Right? Yeah. It'll mess you up. It's like a neurological thing, so it gives you, like, extreme muscle cramping.
Scott Tolinski
The it will there There hasn't been, like, a death from a black widow bite because they they don't really like to bite. There hasn't been one since, like, the eighties or something.
Scott Tolinski
But they can kill your dog, and they can kill your 2 year old. So, I was very, very adamant about getting rid of them. And so I had I had to become like a a black widow spider hunter, and I could identify their webs Just by, like, looking at it, and I would have flashlights. And and I had, like, little drop tinctures of, eucalyptus oil that I was sprinkling all over everywhere to try to get them to
Wes Bos
rid GTFO offering property. Putting some CBD on the, spiders.
Scott Tolinski
Yeah. I was just, you know, Yeah. Puffing some smoke under there trying to get them Get them up and uploaded. Yeah. They're woah. Where we at, man?
Wes Bos
Rid This isn't this is my web. My dog this morning oh, I got another story. Listen.
Wes Bos
This little thing about animal stories is you tell 1 Tell 1 animal story. Say, oh, you had a raccoon once. Everybody's got a story. So I found a what I thought was a mole, but now I think it is a shrew.
Scott Tolinski
Could it be a vole?
Wes Bos
Of I I thought it was a vole at first, but voles are like, it didn't look like it. Anyways, so we got these new windows rid installed at our house and they have these window wells. And one thing that happens, unfortunately, it was window wells. Animals fall in them. And my dog jumped in the window well this morning and rid Did it. And, like, he never catches anything, so I wasn't worried about it. He jumps right in there, picks it up. This thing starts screaming. So I give him a smack. I'm like, put that thing down. Oh. So I got it out. And it's just a tiny little tiny little shrew or mole or something. And somebody told me you should've killed that because rid. They can get into your house or into, like, the insulation, but I let them back go back into the forest.
Scott Tolinski
Rid. Yeah. We had, like, a major vole vole problem, and they were, like, causing all these tracks in our lawn. And we could just this is at our old, old house in Michigan, and we could not get rid of them. It was, like, the worst process, to try to get rid of those bad boys. Alright. Next next story here today, by the way, dev. Oops. That's very funny. That that's like a that seems like a great Twitter account, by the way, or like an Instagram account. That's a good deal.
Scott Tolinski
Alright. Next one here is One of our department's clients admitted that that the last straw for ditching their developers and switching to us was that they found out the developer named Their AI model Skynet.
Scott Tolinski
I guess they didn't have a sense of humor as the developer.
Scott Tolinski
I feel like We would have gotten along. Yeah. Could you imagine? Like, then that'd be a a rough way to get let go. Just like, oh, you named your thing, this this Scary thing from a scary well, you know, action movie, you're gone. You're toast. You're out of here. That sounds rough. I would I would hate that. But I guess if it's the last straw, it seems like they probably had other things going on before that. The next story has a Blog post associated with it. I'm not gonna go through the entire blog post, but,
Wes Bos
it looks like it was referred to the 2003 blackout. Were you affected by that? As you live in Michigan at the time? No? Oh, man. I don't remember anything about this. Oh, you would remember that the 2003 blackout was massive, like 10,000,000 people in southern Ontario, and 45,000,000 people in 8 of the US states.
Scott Tolinski
Like, a powerboat.
Wes Bos
Yeah.
Wes Bos
Just looking. No. Michigan.
Scott Tolinski
Yeah. All of Michigan was down, so that probably were. I was probably, like, I was probably, like, bummed out that my band's equipment couldn't turn on or something. That's what I would have been doing at that time. Anyways, so this is related to that Blackout.
Wes Bos
He linked us to a blog post so we can obviously talk about it. David trucksall.com.
Wes Bos
You can go to the URL there.
Wes Bos
But he says, my My code once sent 56,000 error in emails causing an email outage for an entire company.
Wes Bos
Details here.
Using deprecated framework and lack of documentation
Scott Tolinski
56 Those in emails.
Wes Bos
Taking out the entire email system.
Wes Bos
Rough. Rough. Rough. Yeah.
Scott Tolinski
I give this 1, 56,000 goalies out of 56,000.
Scott Tolinski
No one stinks. That's that's rough. Rid.
Scott Tolinski
Alright. Next is this is my story from my 1st job. To set the scene, I was a brand new developer who had spent 2 months learning c Sharpen JavaScript before being thrown into a team as a contracting senior developer.
Scott Tolinski
The company I was contracting for had a web app That after years of mismanagement had evolved into a big ball of mud.
Scott Tolinski
Yeah. We all been there. It was full of quirks that came from The the dictatorial rule of management.
Scott Tolinski
The boss had one day seen a lot of errors in the network tab, and because he didn't like Seeing that much red, he demanded that all of the network requests return at 200.
Scott Tolinski
Congratulations. You have yourself a GraphQL server With the failing ones containing an error object. Yep. That's literally GraphQL. That's how. Yeah. That's how GraphQL works. Now this company had gotten started years ago with a framework that was almost deprecated when they had started using it, ext.
Scott Tolinski
Js.
Wes Bos
I've not used that. I remember that one. That was that was very big in.
Wes Bos
What was the mobile framework that was like like it felt native.
Wes Bos
Jake Query UI? No, it was kind of like that, but I need to find it out now.
Wes Bos
Sentra
Scott Tolinski
Touch. Sentra. That was it. I think Sentra Touch uses EXT JS. Yeah. Interesting. Anyways, go ahead. It was from the bad old days before React and was heavily configuration based. The code had gone through a lot of breaking versions and had these scars to show it. If anything broke during the dev, the entire application would just show a blank screen and no console errors would show. I'm sure the boss had something to do with this one too.
Scott Tolinski
Unlike React, e x t j s had two way data binding. And as a new developer, I was tasked With writing, what should have been a simple enough form, the binding was a little strange in the fact that if you mistype the variable you were referencing in the binding, it would fail. The whole app would break, etcetera.
Scott Tolinski
What was more confusing was that the breaking seemed to go one way. I would try to write the code in the binding. It would break the app. I commented that the code I added, the app would stay broken.
Scott Tolinski
Interesting. I I ended up having to reset all of my work with version control, and that was the only way to fix things. Now a fresh faced newbie, I had no idea what was going on. Was the app Storing some sort of internal state that was keeping broken? Was it the breaking cache? I had no idea, and it took me over A day to realize what was going on. It turns out EXTJS implemented its own parser to take What you write in the binding code and extract the variables it finds. Funnily enough, it just doesn't handle Comments and ignores the fact that some variables are commented out.
Scott Tolinski
Can't find variable app breaks.
Scott Tolinski
Okay. Woah. This behavior was totally undocumented, and I had to find in on the wayback machine Just like a lot of other documentation e x t j s needed each day. So this person had to use the way back machine to find documentation.
Wes Bos
That's that's rid. It's kind of a bummer thing about working on older stuff is that all the docs are gone, and you can't search anything
Scott Tolinski
because you can't how do you And if the docs were in versioned correctly yeah. Yeah.
Scott Tolinski
Yeah.
Scott Tolinski
Yeah.
Scott Tolinski
That stinks. That job taught me a lot about debugging and working in a legacy code, but I'm not keen to go back to it anytime soon. Hope you enjoy this as much as it caused me pain at Time love the pod. Yeah.
Scott Tolinski
That that that hits in a very real spot for me where, like, you're using some old thing. It's broken. It's undocumented.
Scott Tolinski
And, sure, you learn something out of it, but let's just be glad you're no longer there anymore. Let's take a quick break To talk about one of our sponsors today, which I'm gonna say not spooky. Not a spooky sponsor. Just to save you some not spooky time here. I'm talking about Linode. Linode being a great place to host your stuff. Yeah. Linode, the cloud computing developers
Wes Bos
Trust. They provide the simple and accessible Linux cloud solutions and services. What does that mean? Well, you're gonna host something. You need to run some compute.
Wes Bos
Rid. You need to put your database somewhere. They provide solutions for all of that kind of stuff. If you rid. You're the developer. You probably wanna host a Node. Js application, spin up a Linux server.
Wes Bos
You can do that with Linode. You're gonna check it out at linode.comforward/ rid Syntax, they're gonna give you $100 in free credit to try it on out. That's pretty sweet. So check it out. Linode.comforward/ syntax. Thank you, rid Linode for sponsoring. Next one. I got a horror story for you, kind of secondhand, but still my fault. My dev and I were testing a lead gen form for rid a global technology company. We are testing their free Captcha V3 to see if our filters were working.
Wes Bos
We have a test rid Distro list and a prod distro list that is selected in on the environment.
Wes Bos
I asked my dev to test our filters to get the highest reCAPTCHA v 3 score. And in my request, I mentioned something like, you will probably get a pretty high score if you had something like f@udot com in the email field. Sure enough.
Wes Bos
Just keep in mind, that's the full word there. Yeah. Sure sure enough, I rid. I see an email from a website form with f@u.com in the email field, our company name in the company field, and it was sent To everybody on the project over the entire world.
Wes Bos
As added insult, the message says says, I hope this doesn't go to the client. Thanks. Oh my god. Love seeing the pics of your studio build.
Wes Bos
Don't do that. Always even rid. Always use example.com.
Wes Bos
Example.com is literally set up for exactly that. You shouldn't even be rid. Spamming what you think are fake email addresses because, a, it might be a real email address, and, b, You're running it through an actual email thing on purpose or by accident. You hurt your email sending score by sending to places that get bounced. So don't do that. Example.com is set up exactly for that. It's literally and it's not some company set it up. Like example.com is from well, I can. Yeah. Owner.
Scott Tolinski
Internet assigned numbers authority. Yeah. I a n a or ICANN. Interesting. I didn't know that. You learn something new every day. Yeah. There you go. Sick. Alright. Next, next is Scarlet Letter.
Changing GitHub username brought down Docker and more
Scott Tolinski
This is a tale that gets told at my current work about an old employee's open source contribution, Which went unexpectedly frightening.
Scott Tolinski
This dev decided to make an issue on a popular Golang logging package.
Scott Tolinski
The issue was to ask the owner of the package to change their username from starting with an uppercase character to being all lowercase.
Scott Tolinski
The reason being imports in Golang are done with URLs in the Git repo, And the convention in Golang apparently is to use all lowercase for package names.
Scott Tolinski
After some discussion, the maintainers agreed that the repo And the repo owner changed his name on GitHub to have all lowercase letters.
Scott Tolinski
Little did they know that Golang imports are case rid sensitive. And this change and this change means lots of services went down and lots of builds failed. And by a lot, I mean, a lot. As one of the bigger services taken down by this change was docker.
Scott Tolinski
Rid.
Scott Tolinski
Taking down Docker. Yeah. That's a you must be Godzilla taking down Docker. Needless to say, the maintainers added This too, a list of lessons to be learned, and I hope the dev has always thought twice before making similar issues. Here is a link to the initial issue, and they follow-up. Oh, that's great. They even provided they they provided receipts. Gotta love that. Just more rid. We're, chained to the fire there.
Wes Bos
That's unreal.
Wes Bos
And it just goes to show the, rid. The fragility of every package management system out there that, like, simply changing one thing. And usually, like, stuff like GitHub, they provide redirects, and there's a lot of complexity there. But wow.
Wes Bos
Yeah. Taking down Docker. Good job. I'll give that five Zombies out of 10. Next one we have here, it says, I always love these episodes. Y'all read one of mine last time, but I have had a much worse one In the intervening months. So shout out to everybody who, continues to create content for us.
Deleting Mongo records on user delete
Wes Bos
Rid Your bad days Yes. Provide hilarious laughs for the rest of us.
Wes Bos
If you decide to stare the the story, you have permission to say it was sent by Adam.
Wes Bos
Rid Alright. I guess we'll say his name. His Twitter handle is coaster a d
Scott Tolinski
on Twitter. You'll follow him for more hilarious antics. For about a year, we were getting a rare sporadic reports from people who would suddenly be missing some of their achievements. Each time we got a report, I'd rid. Through the code for possible explanations and a few more tests and inevitable fail to find the cause. I was never quite sure why it was happening. I finally logged into the MongoDB database to look at the collection stirring achievement progress.
Scott Tolinski
Probably should have done that way before this.
Scott Tolinski
Yeah.
Scott Tolinski
But since only some achievements were missing, I didn't think I'd learn anything there. I was expecting to see millions of records. We have over a 1000000 users and a lot of achievements per user, but I only saw a1000.
Scott Tolinski
Can you just imagine that feeling, Wes? You have a 1000000 users. Oh. You look in your achievements, and you see a 1,000. The feeling to me, Yeah. They they they describe it very well in the next sentence. My soul flew out of my body.
Scott Tolinski
That's it. That's exactly how well I feel. I could just imagine the cold sweat coming about just like that that sheer terror feeling. Yeah. Oh. Oh. No. Thanks.
Scott Tolinski
There's normally no reason to delete achievement progress, so the only time that these records were getting deleted was when a user deleted their account. The problem had to be there.
Scott Tolinski
I looked at the code and saw what I expected to see, perk progress dot delete mini with a user ID.
Scott Tolinski
Okay. I even looked at the code every time we got one of these reports and thought, well, that can't be it. Even if the user ID is Undefined, then it should be fine since no records would match user ID is equal to undefined.
Scott Tolinski
But this was the only place in the entire Hoodbase were achievement records were being deleted.
Scott Tolinski
So this time, I thought I must have misunderstood something about Mongoose queries.
Scott Tolinski
After digging in the docs, I figured out Mongoose's default behavior was to simply delete keys in queries that don't match the schema.
Scott Tolinski
Rid Since my schema specifies that the user ID field is required and there is a string, Then if Mongoose got that user ID was undefined, it would convert it to empty brackets. As in instead of Running nothing, the re query would return everything.
Scott Tolinski
Delete many everything. Yes.
Scott Tolinski
Rid. The end result is that every time a user deleted their account, they would purge every single achievement for every single user, Every single user, y'all.
Scott Tolinski
The fix prevented future deletions the fix preventing future deletions was easy, but, alas, The data was gone forever. I had plenty of data snapshots. But since the data was being purged over and over again, There was no snapshot that contained enough data worth trying to recover.
Scott Tolinski
The only saving grace is that most Achievements are stored in game save data, so those can auto recover.
Scott Tolinski
In fact, that's why it was so hard to realize this problem was even happening.
Scott Tolinski
Rid. Even though the records were being completely purged, most records would automatically recreate themselves when players play. So it seems like they were storing this in, like, local storage like this.
Scott Tolinski
And so the user
Wes Bos
like, the the users are sorry. The achievements rid. Were deleted, but the achievements would regenerate themselves, thankfully.
Wes Bos
Gotcha.
Scott Tolinski
Woah. That's a that is the big saving grace here. Can you imagine? But deleting meaning, yeah, that's that's 10 10 Draculas out of 10 Oh. For me. 10 count Draculas. Definitely ten out of 10 for that one. That's a great one. That's a great one. Anytime you get I deleted everything instead of one thing that is, Yeah. That is definitely soul leaving your body territory.
Scott Tolinski
One way to prevent soul leaving your body issues is rid. To use a serve service for your authentication because let's face it, authentication is hard, And that's an area that many people screw up. And so if you use a service like Auth0, you very well may prevent yourself some of those rid. Spooky moments in your code, because, again, auth is hard. We don't want to we don't wanna have to end up, you know, writing something that breaks our entire authentication and authorization system. So why not let the pros handle it? So with Auth0, you get to do all sorts of great things like easily log in with your favorite social provider, Twitter, Google, Discord, etcetera.
Scott Tolinski
You can get a customizable login page, SDKs for your favorite frameworks and languages, so, you can easily drop in something that works directly with your Next. Js site and just have Just work hashtag just work X Node Express, even lots more than that as well. You get next level features like user management, including roles and permissions, And multifactor authentication.
Scott Tolinski
I I wrote my own user authentication with roles and multifactor authentication. And let me tell you firsthand, rid.
Scott Tolinski
It stinks. It's hard. I mean, mine doesn't stink, but it's hard to do, and then you have to maintain it. So it's much better to let the pros handle this kind of stuff because it lets you do it Effortlessly, who wants to write your your own multifactor authentication where you can just turn it on? That'd be great to just be able to turn that thing on. Right? You also get access to really fancy things like device biometrics.
Scott Tolinski
You can enable fingerprint login and make your users super psyched about having access to those advanced without having to, do a ton of work to get that going.
Scott Tolinski
So if you want to head on over, you can use the link in the show notes, Or you can use this awesome short link, which is a0.t0forward/ syntax.
Scott Tolinski
That's a great URL, by the way, Alt 0. What a great URL. You can sign up today and give it a try.
Scott Tolinski
Auth0, the easiest way for developers to add authentications and secure their applications. Thank you so much 2 Auth0 for sponsoring.
Wes Bos
Next one we have here says, I was the main developer in charge of running a Drupal sites for a media nonprofit And 2 blog and news sites that were very large sites with millions of views every single month. As with most Drupal sites, they all use MySQL databases.
Wes Bos
I was always working luckily when developing, and so frequently, I need to copy the production DB to my local MySQL instance even though rid. Drush is a, a tool that can be used with Drupal to do common things like that. Rid. Even though Drush had a tool that to do that, my preferred method was connect to the database using SQL Pro, which is a MySQL GUI. 2, rid. Dump the DB to a .SQL file on my hard drive. 3.
Wes Bos
Close the connection to the prod DB. Rid. 4, delete all the tables in my local DB. This is getting me sweaty already.
Deleting production database accidentally
Wes Bos
And 5, import SQL file into local DB. One time, I needed to update my local DB copy on the main organization site, so I went through my user process with one exception.
Wes Bos
I didn't close the prod connection. It end up deleting the entire DB for the live site. Oh, when I called the president to tell him why the main site was rid down. And what had happened, he was not happy because 5 minutes before he was sending a fundraising email, directing recipients to the site I had just ready. Fortunately, I had the SQL file from prod that I just copied down on my local machine, so I was able to import and get the rid site back up and running again. So, oh, thank goodness. He deleted downloaded at first before he deleted it, which would have been bad.
Wes Bos
Rid. Rough. Rough.
Wes Bos
Rough. So great
Scott Tolinski
great job there. Speaking of rough, I give this 1, 7 Hellhounds out of 10.
Accidentally streaming .env variables on Twitch
Scott Tolinski
I have a spooky story from a couple of weeks ago.
Scott Tolinski
It seems like I got All the spooky stories. Wes is, Wes doesn't do anything wrong, I suppose, so he doesn't have any spooky stories. I prob I probably have a couple I could think about. Yeah. Yeah. Here's a Spooky story from a couple weeks ago.
Scott Tolinski
We'll we'll call this nervous Twitch. I was Twitch streaming, and, You know, I'm I'm showing off some stuff, and I think it was, SvelteKit things. So new features in SvelteKit with form actions. This video is is very live in case you wanna go check out this video. Well, I was streaming, and I I was, I was just I was scrolling through my app. I'm I'm doing this. I'm doing that. And then all of a sudden, I I close a file, and, for a split second, I see what's on my screen, and what's on my screen is nothing other than my dotenv file Being live streamed out to the Internet.
Scott Tolinski
And, it's it's very funny because someone in the comments goes, rid you can tell by the look on Scott's face that he just realized what happened. Oh. Because I had, like, I had, like, I had, like, not seen it, and then I just I just like cold sweat. Like, oh, no.
Scott Tolinski
The saving grace here, though, if we wanna have a saving grace because, you would think that that would be a big, big problem for me considering this is my LevelUp Tutorials code base.
Scott Tolinski
You know, this this ended up not being a security leak. Thank goodness. Because I was very concerned about that. Reason being it wasn't a security leak is because, One, this is all my sandbox database things. This is all my sandbox stuff, which is fine. We don't really keep any secure anything in our sandbox URL. 2 Yeah. Our sandbox database is scoped to my IP address or any of our developers' IP addresses. So even if you would have the connection rid from my MongoDB, which is the only sensitive thing in there. Yeah. That's a good call. It would scope to that so you can connect.
Scott Tolinski
Regardless, So I did check the logs just to confirm that there was no other weird APIs trying to access it, and luckily, there wasn't. And 2, here's the here's the best part about all of this.
Scott Tolinski
About every single string value in the dotenv was cracked just so slightly that you were missing maybe a lot 6 or 7 characters off the end of it. The wall, my API keys were all on the screen for a brief moment. None of them were fully completely visible, and, was no risk of any sort of data. So I I I I set myself up for success with all of this, but at the same time, It was definitely, as the 1 user mentioned, a soul leaving my body moment. And it it was very funny to read the comment of the person saying, you can, like, pinpoint the exact moment that Scott realized what he did rid Because I you could just see it on my face.
Wes Bos
It was very obvious. So I tweeted about this exact problem years ago, rid and it got the attention of John Papa, who does a lot of Oh, yeah. I remember John. Versus Code stuff. And he made a There's a Versus Code extension called Cloak, which will literally, make your secrets see through Unless you click on them. And I even went into my own Versus code theme and said, when you are in a dotenv file Have it be the background color or something? Yes. Make Strings and numbers be the background color. And then he went a step further and, like, made an actual useful Versus code extension called cloak That does exactly that because, yeah, that's super common where you oh, I accidentally opened a dotenv file on
Scott Tolinski
Cam, now you're you're pooched. I'm, I'm gonna link to that extension in the show notes because that's a that's a pro tip right there. I don't know how I've never heard of this, And that's that's the kind of mistake you only, you only make once because I I had my butt saved by my own best practices. But at the end of rid the day, like yeah. I could have just as easily, flash flashed some, EMV variables that I didn't intend to. So Yeah. Things To consider when broadcasting to the Internet.
Wes Bos
Ready. I I once paid somebody to work on some code for me, and this was back in the WordPress days.
Wes Bos
Rid. And so he just I just gave him FTP access and he went in and just edited the file.
Wes Bos
But rid. I still had the file open as well.
Wes Bos
So he did, like, 2 hours worth of work, and I just saved my local file for some reason, and it overwrote all the work he had done, and I freaked out. Rid. So, thankfully, you still had it open, and sent it over. And that's why you don't add it live on the server, folks.
Scott Tolinski
I love that that, thankfully, like, the solution there was that he still had it open, which is like It would just would have been gone. Would have been I you know, I think that's Anybody who worked back in that era who who's I don't know if you're still working like that.
Scott Tolinski
Then, like, that's a concern that's concerning.
Scott Tolinski
But anybody who's worked like that has probably had that situation to some degree happen, and I've had it with really mine. Not, like, 2 hours worth of updates, but mine are, like, CSS overrides where you're like, why rid. Was working. Oh, so and so had it open on their other on their other computer. I remember utilizing Sublime SFTP, and, like, what you would do is you'd connect Sublime So that the files that you're editing when you save it are directly uploading.
Scott Tolinski
Yeah. Like, that's just how I used to code. That was coda.
Wes Bos
Rid. Coda was, like, the best. You just basically hit the sync button, or you could just, like, log in to it and just go live. You know? Rid. And that was a wild time that that we did that, and that was so common. And then when we moved to Sublime, a lot of people didn't move rid. From Coda because they're like, I I'm I this is how I work.
Wes Bos
FTP into the server and start working on stuff, and Control z is your old new version control. If you close it, you close the buffer. You're screwed.
Scott Tolinski
Yeah. I had I had that feature, like, I never really used Koda. I used, Textmate, and Textmate had SFTP, and then Sublime had SFTP.
Scott Tolinski
Before that, I had a hard time moving off of Dreamweaver because that was, like, really baked into Dreamweaver. And I really like, I didn't use any of the GUI tools, but I really liked having that FTP sync.
Scott Tolinski
I I remember thinking, like, using Git was such a nightmare because it's adding all these extra steps to this thing that was so easy. I usually edit the file. I save it. I refresh it there.
Scott Tolinski
And nowadays, I and and maybe it's just personal growth, but I'm like, I'm shocked that that was everything that I felt like was a good practice or, like, why would I why would I want to have All these extra steps to deploy code. I just want to save it and have it work. Yeah. Exactly. Exactly.
Wes Bos
Alright. Those are our spooky stories for today.
Wes Bos
Thank ready. Thank you everybody for sending them on in. If you have a spooky story of your own at any time, shoot them over. I asked this time I asked for people If anyone wanted to record it themselves, but nobody sent audio, audio version over. But just email wes@wesboss.com, Twitter d m, Literally send them to Scott. Any way you want, send them over. We'll put them online for next year, and we'll do this every single year.
Scott Tolinski
Yeah. But before we, hit to our sick picks, let's go ahead and talk about one of our last sponsors, which this one is really good. Like, Could could you imagine you have a you you have something in your house that's moving all the time, and you're thinking I got a a dang ghost. I got a ghost in the house. So then you set up a little Wyze Cam up or something like that, and then you look in the Wyze Cam and see, oh, it's not a ghost. It's just my dog doing it. Well, That's the type of service that you get with LogRocket.
Scott Tolinski
And it's not a physical service like that, but it's something that you get with a video session replay for your website.
Scott Tolinski
Do you have ghosts in your websites? Do you have gremlins or creepy crawlies? Well, you can find out exactly what's going on with LogRocket because you get a session replay that only shows you the event happening as it happened, but you get access to all of the things and tools that you need to solve that error, whether that be the network request, the error logs so much more. You can also see How people are using your website. You know that, like, TikTok video where it's that, like, woman watching somebody put blocks into a like, you put the triangle block into the triangle hole, And the person's just putting all of them into the square or the circle hole because they all fit. And she's like, no. Don't don't do that. Go put it in the triangle. That rid. You can make sure that your users aren't putting the triangle block into the square hole just because it fixes, and you can then adjust how your site works to make sure by using something like LogRocket's video session replay. Stop guessing why things happen and start knowing why they happen and fix them. Thank you so much to LogRocket.
Scott Tolinski
Head on over to logrocket.comforward/ syntax. Sign up today, and you'll get 14 days for free.
Scott Tolinski
Alright.
Wes Bos
Sick picks. Wes, Do you have a sick pick? Sure do. Sure do. Let me take a look at my little list here.
Wes Bos
Alright. This is gonna be another tool pick, Coming off that building my office, I've got all kinds of tools that have been super helpful.
Wes Bos
And this one is called a tool picks. A tool pack, it's one that's a step drill bit.
Wes Bos
And if you just wanna Google what this looks like, basically, it kinda looks like a Christmas tree, and it allows you to drill progressively larger holes, which is really handy when you need to drill rid. A size of hole of you don't necessarily know where it is or you don't have a drill bit that is that large.
Wes Bos
Specifically, where I got to use this Recently is I replaced all the cords on my kids' headphones with removable cords because my kids, we've they break The headphone cords all the time, and then the the headphones don't work, right? So I replaced them all with, Female headphone jacks. And then we just have like removable cords. And I needed to drill like the perfect rid Size whole so I could put the female jack through the actual headphone.
Wes Bos
And a step bit is perfect for that because, rid. You just go right in and do do do. And I find these things super, super handy.
Wes Bos
You can find them at Home Depot. You can find them on Amazon. Again, I bought mine on this is one of those tools where very cheap ones work very, very well, especially because you don't need it every single day.
Wes Bos
Rid. And I got mine on AliExpress or Ebay, something like that maybe 6 or 6 years ago, and it was, like, $5 for a set of 3. Very, very good tool to have. I recommend you you grab a set for yourself. I'll link up the the AliExpress ones because those are the ones I have, and they are very good. Sick.
Scott Tolinski
I am going to sick pick something that I got for I have the AirPod AirPod Pros, and this isn't gonna work with the normal AirPods. But with the Pros and many other AirPod devices or not AirPod, like earbud, wireless earbud, or even non wireless phone. Anytime you got headphones that have, like, Removable tips on them. This is a good sick pick, and I use this brand. It's Comply. So Comply foam ear tips. And these things just pop right onto the end of the AirPod Pros or, like I said, any of any earbuds essentially that have ends on them. And what they are is essentially They're they're foam tips, and it's kind of like you ever have one of those, like, foam rocket ship style ear protection, earplugs. Right? You put in your ears, And it blocks all the sound maybe to go to a concert or something like that. Well, these things connect to your your headphones, and you squeeze them, and then you put them your AirPod in your ear, and then they rid band into your ear. And what it turns out is, like, blocks all extra sound coming into your headphones.
Scott Tolinski
And besides Just blocking out sound coming in, which is especially useful for, like, headphones with noise canceling features, especially earbuds with noise canceling features.
Scott Tolinski
It's extremely useful for fit. Right? Like, one of the biggest complaints people have is that the AirPods don't fit in their ear well. When you have the phone Tip. You squeeze it, and you push it in, and it expands.
Scott Tolinski
It fits really nicely into your ear, and it, like, really locks them in. So, it sounds like I'm doing an ad read for these things. But I I I truly love these tips. I've had them for every single pair of headphones I ever had. And when I had the old AirPods, I was, like, really bummed out that I couldn't have these. So Check out Comply foam ear tips. They're a wonderful upgrade to any headphone that you might have.
Wes Bos
So check them out. Rid. We I'm gonna shamelessly plug all my courses. Go to westboss.comforward/courses for a list of all the web development courses that I offer. If you do buy 1, use coupon code syntax rid For 10 books off. Sick. I'm going to shamelessly plug level up tutorials
Scott Tolinski
.com.
Scott Tolinski
We have a new course on WordPress one zero two and a new course coming from On the complete SvelteKit courses is, like, going to be the single greatest SvelteKit course in the whole world, but it's going to take care of all of the latest and greatest new things. It's gonna have of form actions, progressive enhancement, and anything that you could possibly want to know about building sites in SvelteKit, all prepped for the release of Sveltekit 1. It's not out yet, but it's going to be out very soon by the time you're listening to this, if not all already out. So level up tutorials .com.
Scott Tolinski
Sign up today and save 20, 2025%
Wes Bos
off your subscription. Thank you so much. Alright. Rid Thanks, everybody, for tuning in. Have a spooky day. Spooky day.
Wes Bos
Peace. Peace.
Scott Tolinski
Head on over to syntax.fm for a full archive of all of our shows.
Scott Tolinski
And don't forget to subscribe in your podcast player Or drop a review if you like this show.
Scott Tolinski
Rid.