Bad practices Memes

Sharing Is Caring

2 hours ago 36.4K views 0 shares

Someone just casually dropped their entire API key collection in a WhatsApp chat like they're sharing a cookie recipe. Those red redaction bars are doing the heavy lifting here, but we all know someone who'd absolutely send this unredacted. The real chef's kiss is BugMochi's response below: a perfect three-step guide to accidentally committing your secrets to a public repo and pushing them to origin. Nothing says "team collaboration" quite like rotating all your API keys at 9 AM on a Monday because Gary from DevOps thought .env files were meant to be shared. Pro tip: Use environment variables, secret managers, or literally any method that doesn't involve screenshots of plaintext credentials. Your security team will thank you, and you won't have to explain to your boss why your AWS bill is suddenly $47,000.

I Was Very Focused

Git Devops Programming

3 days ago 283.3K views 0 shares

Ah yes, the classic "first commit" followed by radio silence for 10 days, then suddenly "literally forgot to commit in between, made the whole thing." Nothing says version control mastery like treating Git as a once-per-project backup system. The commit history archaeologists of the future will look at this and think you wrote 500 lines of code in a single afternoon of divine inspiration, when in reality you just kept forgetting that little git commit command exists. Your future self debugging this will absolutely love trying to figure out which of those 47 file changes introduced that bug.

Security By Obscurity

Security Webdev Programming Backend

5 days ago 162.9K views 0 shares

That cheeto doing absolutely nothing to stop anyone from breaking in is basically your entire security model if you're relying on "nobody will find my /api/v1/admin-panel-secret-dont-look endpoint." Security by obscurity is the digital equivalent of hiding your house key under a rock and thinking you're Fort Knox. Sure, it might stop the casual wanderer, but anyone with a directory scanner or five minutes of free time will waltz right through. The real kicker? Anthropic (the AI company behind Claude) named their security model after this exact fallacy, which makes this meme chef's kiss perfect. Your obscure URLs aren't authentication, they're just a speed bump for script kiddies.

Security As A Service

Security AI Git Programming Backend

11 days ago 211.5K views 0 shares

When you get 4 automated warnings screaming "DO NOT PUSH YOUR API KEYS TO PUBLIC REPOS" and your response is basically "yeah but what if I did tho?" That's not even a skill issue anymore, that's weaponized negligence. The code literally has a comment in ALL CAPS warning about replacing the placeholder, another comment about NOT pushing the actual key, and then... bro just hardcoded what looks like a real Google Gemini API key and shipped it. The skull emoji really ties it together—a perfect self-awareness of the disaster they just unleashed. Now some script kiddie is mining their API quota faster than you can say "incident report." This is why we can't have nice things. Or free API tiers.

Cannot Exploit If No Security Is Applied

Security Webdev Programming Backend

17 days ago 369.6K views 0 shares

Cannot Exploit If No Security Is Applied

When you skip OAuth, JWT validation, input sanitization, HTTPS, rate limiting, CORS policies, and basically treat security headers like optional dependencies, you've achieved what cryptographers call "security through obscurity" but what we call "security through nonexistence." The logic is flawless: hackers can't find vulnerabilities in security measures that were never implemented in the first place. It's like saying you can't have a memory leak if you never free any memory—technically correct, but also... completely wrong. Your vibe-coded app standing there confidently while Mythos (representing actual security threats) looms overhead is the energy of every developer who's ever shipped to prod with "TODO: add auth later" still in the codebase.

Pro Tip

Git Security Devops Programming Backend

21 days ago 525.8K views 0 shares

Nothing says "I passed the security audit" quite like committing your .env file with all your API keys, database passwords, and AWS credentials directly to the main branch. The security team will definitely appreciate having everything in one convenient location. Bonus points if it's a public repo. Your future self will thank you when those credentials show up on GitHub's secret scanning alerts approximately 0.3 seconds after pushing.

I Don't Care Just Don't Be Sneaky About It

Git Programming

22 days ago 221.5K views 0 shares

I Don't Care Just Don't Be Sneaky About It

Finding *.md in your .gitignore is like discovering your teammate has been secretly ignoring all markdown files. README.md? Gone. CONTRIBUTING.md? Vanished. Documentation? What documentation? Someone on your team decided that markdown files were optional and just blanket-ignored them all. Not specific files. Not build artifacts. Just... all of them. The audacity is almost impressive. It's the git equivalent of "I don't believe in documentation" but making it everyone else's problem. The side-eye is justified. At least have the decency to ignore things properly, one file at a time like a civilized developer.

Http 200 Error

Backend Webdev Javascript Programming Debugging

29 days ago 447.9K views 0 shares

Nothing says "everything is fine" quite like an HTTP 200 OK response cheerfully delivering a 500 Internal Server Error in the body. It's the API equivalent of your house being on fire while the smoke detector plays calming jazz music. The server is basically gaslighting you—the status code says success, but the JSON is screaming disaster. That confused cat stare? That's every developer trying to debug this nonsense because their error handling only checks status codes. Bonus points if this breaks your entire monitoring system because technically it's a "successful" request. Pro tip: whoever designed this API architecture probably also thinks pineapple belongs on pizza and tabs are better than spaces.

Mock Frontend Newbie Jobs

Testing Webdev Javascript Programming Frontend

1 month ago 315.9K views 0 shares

Junior dev discovers Jest mocking and suddenly thinks they're a testing god because they made 2+3=5 pass by... mocking the math module. Yeah, let's just mock away the entire function we're supposed to be testing. What's next, mocking the test itself? This is peak "I wrote tests" energy without understanding that mocking add to return 5 when testing if add(2, 3) equals 5 is like bringing your own answer key to an exam. You're not testing your code, you're just... lying to yourself with extra steps. The hiring manager looking at this portfolio is having a Dipper Pines moment realizing this "100% test coverage" is completely worthless. But hey, at least the tests are green! 🎉

Turns Out, If You Want To Check Multiple Conditions, You Can Sugar It Like This:

Python Programming Debugging

1 month ago 274.5K views 0 shares

Turns Out, If You Want To Check Multiple Conditions, You Can Sugar It Like This:

Behold, the galaxy brain move of creating an array of boolean conditions just to check if ANY of them are false by using .has(false) ! Because apparently writing if (!condition1 || !condition2 || ...) was just TOO readable and maintainable. Someone really woke up and chose violence against code clarity. This is the programming equivalent of using a flamethrower to light a candle – technically it works, but literally everyone watching is horrified. The double negative with return not conditions.has(false) is just *chef's kiss* – maximum confusion achieved! Future developers debugging this will need therapy.

Finish Sprint Faster

Agile Programming Debugging

1 month ago 259.3K views 0 shares

Behold, the ancient art of sprint velocity optimization through strategic negligence! Someone just discovered the SECRET CHEAT CODE to finishing sprints at lightning speed: simply don't document ANYTHING and claim your variable names like "handleData()" and "doStuff()" are "self-explanatory." Sure, your future self will be sitting there six months later staring at a function called "processThings()" that somehow manipulates user permissions, sends emails, AND updates the database, wondering what demon possessed you. But hey, at least you hit that sprint goal and got your little green checkmark in Jira, right? RIGHT?! The sinister handshake says it all—two developers forming an unholy alliance to sacrifice code maintainability at the altar of velocity metrics. Your tech lead is gonna LOVE debugging this masterpiece at 3 AM when production breaks. 🔥

Peak Html

Webdev Frontend

1 month ago 305.6K views 0 shares

Someone really said "screw semantic HTML" and went straight for id="Head" and id="Body" like they're recreating the human anatomy in markup. The irony here is chef's kiss—you've got the actual <head> and <body> tags doing their job, but this developer decided to cosplay them with IDs. It's like naming your dog "Dog" and your cat "Cat" while they already have perfectly good names. Extra points for the redundancy—why use semantic HTML when you can just... label everything explicitly? This is what happens when you take "self-documenting code" way too literally.

Browse