What is the thing you've built that you regret the most?

I built a lighting system for to save energy by turning off hallway lights when not in use. The environmental aspect was great and saved hundreds of thousands in electricity. Someone eventually realized that the mesh network I built to connect all the lights together and report usage statistics could also be used to track employees moving throughout the building and catch them taking unauthorized breaks in the stairwell, so that's its main purpose now.

I'm a lot more paranoid about privacy these days.

When I was at Akamai about 5 years ago, I was involved in building the system for making their CDN compliant in China. There were two main features, and they were activated on all servers running inside mainland china (not HK, macau or Taiwan)

1. Logs of the CDN were sent in real time to the ministry of technology -- there was about a 15 minute delay if I remember correctly, and they could impose fines if they were delayed. The log included the url visited, the IP address of the visitor, and a few other things. Perhaps the user agent? I forget.

2. The ministry of technology had a special API to block URLs on the CDN. Basically, they provided a list of URLs that would return a 451, and of course those logs also went to the government.

No other country had this kind of access at the time, but it was considered critical for the business to continue to operate in China. As I understand it, these are required to comply with chinese government regulations, and other CDNs like Cloudflare and Cloudfront have also built similar capabilities. Perhaps jgrahamc can comment on what cloudflare did?

I feel quite guilty about being involved with that project, but the business was set on building it, so I did what I could to limit the blast radius. I would not be surprised if someone got arrested or was killed because of it.

I worked in an Ad-tech start-up in Berlin run by two of the most evil f*kers I've ever encountered. I built out their principal ad auction algorithm and a lot of the back-end to support it, and all they did with it was target vulnerable groups of people at particular times of the week when they thought they were at their lowest ebb.

One meeting in particular really stands out still, a social media giant that everyone knows was in town meeting the founders to sell additional personalization data. Before that meeting, I thought things the start-up were doing were a bit sketchy, maybe borderline unethical. During the meeting itself, it was more like sitting around a table with Dr. Evil and a few henchmen. They were actively, unambiguously picking vulnerable groups for ad re-targeting. And that's not even the worst of it, the meeting wraps up and one of the founders says "OK guys, let's go get some beers and bring some girls". Then this despicable excuse for a man promptly walked out into the office, points at a few female employees and says "You, you and you, come with us now".

Early in my career (late 90s) I worked at a big company that just loved getting patents, had a big patent wall and did plaque presentations, etc. I got swept up in this and patented some "novel" (:eyeroll:) uses of a device that a partner/supplier made. Yay... I got a plaque and a few bucks, but Big Corp was never going to commercialize these uses, that was clear. They just wanted to run up the patent count.

But the partner corp was just a startup, trying to break into some markets, and now had some of those opportunities encumbered by patents and rightfully viewed our partnership as not in good faith (we didn't tell them about the patent work). The engineers at the partner firm were fairly pissed off at me, since I knew them well on a personal level and my name was on those patents. And naturally Big Corp promptly forgot about that business, never doing anything with the "IP".

I've thought about chucking those patent plaques in a fire, but I keep them in a box as reminder of that little snippet of my career, which I'd otherwise probably block out.

I worked for a company that made deep packet inspection based network equipment. Western customers mostly used it for "security" and media streaming man in the middle attacks (actually a useful feature saving lots of bandwidth).

The boxes were also sold to Syria and Burma, and were used to facilitate censorship and human right abuses

I built a crypto invoice system that was originally targeted towards our freelance dev clients, which was soon overrun with drug sellers, weapons sellers, and when it reached a point where some of the invoice descriptions included words like "8yo.mp4" we realized it was time to put it down. We reported the IPs of the people involved and shut down the servers. Luckily I live in a third world country and not somewhere I could get in trouble for.

My first job at Microsoft was to build IronRuby, which was an implementation of Ruby on top of the Common Language Runtime. I got the job because I had built a bridge that connected MRI (Matz's Ruby Interpreter) to the CLR before I joined the company. This project ultimately failed because of a principle that we learned from the school of hard knocks: respect developers' existing code investments. Developers couldn't use it because many of Ruby's existing libraries were thin wrappers over native code, and we couldn't get them to work for many reasons.

It turns out that the project was more of a demonstration of our ability to get dynamic languages to run efficiently on the CLR. To that end, I think we were successful. But once we achieved that there was not much of a path forward so the project was eventually shuttered.

ever heard of ActiveX? you know, arbitrary code installing and running in your browser on Windows and available to be scripted by javascript? like, instead of Java? sorry. I'm not solely responsible, but sorry, pretty responsible. we were young. code-signing as a means of validating origin was a great idea. though it needed additional infrastructure to prevent abuse and allow global revocation, and that wasn't perfectly thought through or executed. live and learn. :grinning-emoji:

Moving Murfie to Pine Bluff has been a disaster. The entire situation has been bad for Murfie users and myself.

I'm coming up on 3 years now with very minimal progress on returning media to users and getting the site fully operational.

There are a lot of places where in hindsight I could have made better decisions. At every point the best course seemed to stand out, only to sour with unexpected obstacles.

At first I thought I could stay in the warehouse, but then the returns became too much to complete before I had to vacate. COVID struck, and delayed the container move. Then I couldn't use my warehouse, and couldn't unload the containers. This is delayed efforts to return media and restore files that would have been easy to replace if I could unload the containers. Meanwhile Murphy customers have been 3 years without their discs or access to their media. I feel terrible about it. Some have died without getting their media.

I'm still fighting to do the right thing. I've filed a lawsuit against the city for refusing to issue permits, and I'm constantly looking for solutions, but I feel like I've failed a lot of people.

At a previous employer I helped build an employee monitoring system that was essentially a keylogger and would also take screenshots periodically and on every click. All this data was piped into our cloud and could be used by middle management for granular monitoring and evaluation.

The whole product was positioned for process optimisation but I know for a fact that it was used to monitor and eventually reduce headcount at multiple customers. I still feel gross just thinking about it but the company is supposedly making good money off of it given that they just announced a new version.

The Qatar slave helmet.

My company built the smart helmet used to track Qatar’s army of abused workers. The claim is GPS and accelerometer where used to track if a worker stopped moving or fell due to an accident; the geo fencing was supposedly for tracking if they had enough workers in an area for the job.

The reality is the helmets where/are used as mass surveillance tech to ensure workers are continuously active and never leave their assigned areas for petty things like going to the bathroom or finding shade to prevent heat stroke.

I went to college for a number of years in electrical engineering technology. I started working even before I finished my degree. My first gig was PLC programming material handling systems for the pharmaceutical industry. It made sense, in order to maintain safety and a sterile environment it’s much better to have a stainless steel robot handle pails, jars, drums, etc of pills in a clean room instead of people touching them.

Next up was a table to help workers move large objects with hydraulic movement and pins to hold the material in place via compressed air activation, and all the associated limit switches electronic eyes etc. cool enough.

Then the big leagues, a 300k (17 years ago) A-B (Allen-Bradley) robotic arm in an auto parts plant. Day 3 inside / outside / on top of the cage, I become aware of a number of people standing behind the yellow line staring at me, later cursing me, one threw some crumpled paper at me… I’m asking the plant foreman wtf is with those guys. He says well as soon as your robot works they’re all laid off. I left that day and never went back. Someone finished programming and set up I’m sure, I could care less, I didn’t. I thought one day I’ll get stabbed in the parking lot.

I realize that my automation didn’t take jobs away from society, I didn’t do anything evil. Those jobs would just move and hopefully spawn better jobs in the community (medium to long term). But in that small short term microeconomic moment, there were real consequences, and I was the face of them. I was not happy, I changed careers that exact day.

My first job was for a sketchy knock off autoparts company that was a glorified drop shipper. I built a dozen websites and a database of a few million rows. I was proud of it at the time.

Then I started reading customer support emails, took a few phone calls from disgruntled customers, and it turns out the company was just cycling cash. Would charge 100 orders and float the cash as it trickled out refunds.

I ended up leaving, and the company sold for a couple million a year later. I was left with a bad taste for e-commerce that has only recently went away.

I decided to build my own kitchen cabinets from scratch. I only had my small townhouse in which to build them. They eventually came out great, but it took 2 years to complete them.

The lesson I learned is to make it easier to abort large projects. Even if it delayed me by 6 months, I should have found a rentable workshop.

I don't know for certain, but when I was an undergrad I was helping a PhD student with his thesis around text classification, mostly grunt work, speeding up some hastily thrown together algorithms, etc. He said it was for his company, which was good enough for me; I was getting experience, he was friendly and polite and we enjoyed each other's company and mutual learning.

I found out years later (this was in the mid 1980's), that his company was "The Company"; the US CIA.

So I don't think my shitty little pieces of C code written on a Windows box ever made it into any US Gov't system parsing Internet mails/chats/etc, but it could have.

Built an e-commerce site in partnership with a close friend and someone he partnered with that sold smoked fish. My friend had actually been paid by his partner in the past and partner claimed to have insider relationships with a Canadian fishery and cannery.

After a couple of months of weekends we launched the site. Third partner was to take care of fulfillment because of their connections.

A couple of months after that, my mother in law contacts me and asks when her shipment will arrive. Turns out she liked what was on offer and wanted to be supportive.

My friend and I got the fish guy on the phone. He said he had to take a day job and was having trouble doing the fulfilling. I said ok, refund my MIL and I’m going to turn all the “add to cart” buttons into “email us” buttons and when you let me know you’ve got a plan to fulfill orders, even if just once a week, let me know and we’ll put the site back online.

My MIL never got her refund. Neither of us have heard from the fish guy again.

I won't say much more here but this second question caught my eye, because the answer is the same as for your earlier question. Some impactful work I am intensely proud of also became a thing that haunts me (or at least challenged my idea of "doing good").

Think about dual-use. You may never really know quite how your creations pan out. Not quite in the league of Mikhail Kalashnikov, but it piqued my now intense interest in tech ethics.

EDIT: damnit seems like everybody here is in the same boat. So mine was a gesture detection for medical robotics control that was repurposed for look-and-lock air combat (fire and forget a2a missile. An important caveat is I'm not even a "pacifist" and went in eye's wide open with a defence firm. I just wish they'd told me more up front that this was "generic tech" I was developing.

Worked for a YC some time back. It was quite a ride, but our seed round was just about gone and we had zero product-market fit after some time. It was ran a bit like a cult.

As we scrambled to create something of value and keep the lights on, I (unintentionally) built and highly optimized a free-trial funnel for a Saas service according to a "gym-membership" model; ie, our entire revenue stream depended upon tricking people into submitting their credit cards and charging them for months when they forget to cancel (or couldn't due to the complicated cancellation funnel). Once someone hit gym-membership status, we would pause all emails, reminders, etc (on CEOs design) so they would forget about us and let their card be charged for years. People at our company would fight against these tactics, but leadership's only focus was AB testing the hell out of the funnel to continually increase subscriptions and impede cancellations.

To combat the inevitable high charge back rates we eventually encountered, our staff would purchase pre-paid gift cards at corner markets and we programmatically submitted multitudes of tiny transactions through out the day to skew the chargeback rate to an acceptable place; this was the CEOs idea again, rejecting our ideas of selling things people actually wanted.

It was a house of cards, but the success of monetization was leveraged to land further contracts with governments (that we could never fulfill) until it all came crashing down. I left long before then on principle.

The entire venture was revealed to be a complete mess from day 0. From the start, this outfit threw its entire batch seed into google ads to drive "users" and feign growth to pump up the valuation on demo day, landing a couple million in investment for something that had no real value. Hm. It seems that a system was crafted here to pick winners and losers, and the company responded by gaming it in every way they could.

Built an aircraft-mounted camera gimbal pointing system that I thought was supposed to be used by energy companies to look for power poles but was also sold to US Border Patrol to hunt down immigrants. Not my finest hour.

A ticketing company was experimenting with BLE beacons to trigger things like seat upgrades and coupons when people walked by certain things in a venue… or at least that’s what they said it would be used for.

Instead they covered LA Live and surrounding area with them and then just sold that data to… well I’m not sure who since I left shortly after they did that.

The justification was “but we put it in the TOS and Privacy Policy”.

A service to find CSAM online.

It worked well enough, then quickly got to a state of overwhelming the agency responsible for following up. That's depressing enough, but it was then repurposed and unleashed as a way to find copyrighted content for major studios, which meant it went from something doing good to something just annoying people with cease and desist notices.

I've coded the firmware for a CAN-based communication bus for a medical device with lots of different boards talking to each other. This same company had a war industry department and they used this code in a missile project. It left a weird taste in my mouth.

Btw, they got an early version that had a memory leak, and when I went to warn them, they just said: "It's okay! It's just going to run for about 20 seconds!"

I wrote the GNC firmware for a loitering munition and it's... complicated. I am both very proud of and saddened by it. I'm also realizing that it could be said to be the most "impactful" thing I've built.

I built a system for distributing and collecting homework assignments, and the assignments themselves were distributed with automated tests. Students would have instant feedback on their homework with clear tests and point assignments. Great idea, right? A high level required course of 40+ students could be scheduled, collected, and graded all in under an hour.

Not to mention the nightmare of early GitHub for Education used in the first semester (all forks mutually visible, what were they thinking!?), a genuinely shocking percentage of the class tried to cheat their way around it, thinking that I wasn't looking. Cheating felt like it had significantly increased the moment they thought we weren't looking. I expected some cheating, sure, but it really felt like it went higher and stayed higher than before.

The course has moved to others (who I have nothing but respect for), but I hear it is "notorious" for cheating. I was so proud of this system, and the distribution/collection systems are still used by a department, but the experience has really left me with a bad taste in my mouth wrt anything related to automated grading.

I used to work for a company whose product was a specialized proxy server aimed at telco companies. The thesis was that telco companies (at the time, this was quite some time ago) were heavy users of telnet and ssh to administer network devices, and needed some tooling to help manage them all. So our device would proxy telnet and ssh connections, and do things like looking at the hostname and the login prompt and automatically submit the correct credentials, and then further do things like blocking certain commands from being run, providing pre-configured scripts for certain tasks, yadda yadda yadda.

Now that's all fine and good as such. I had no qualms about working on that stuff. But then somebody introduced the idea of capturing frequent screen-grabs (essentially video, albeit at a fairly low frame rate) of the user's desktop as they used the system. We worked out a way to do some weird windows network driver shenanigans to make sure the recording started when an outgoing connection was made to certain destinations, and then streamed the video to a server where it was stored.

The nominal purpose for this was advertised as "training" with a side-dish of "compliance enforcement", and probably in some highly regulated industries people will (and do?) accept this sort of thing. But it never sat well with me, and I felt a bit queasy about working on that aspect of the product.

I built a distraction free writing app in 2012 to help me write, and it has been the single greatest distraction of all. it was successful, becoming the number one writing app on Windows store for years. I now have thousands of users, and it makes a tiny bit of money each month, and supporting and fixing bugs takes up most of my spare time. I have to date not managed to finish more than a sketchy first draft of a novel using the software I wrote to help me write.

Detonators for cluster bombs ... The US wasn't really part of any conflicts at the time but seeing them on the beaches in Libya changed my view of war dramatically.

an Android watchface creator app...

I regret building it, but not for any ethical reasons, except for maybe that it's become nothing but corporate ads.

My real reason for regret is just the entire process that happened after it became successful. It took off and was over 50k DAUs ~5 months after I launched it. I tried supporting it the best I could, and had aspirations for the future of it, but I was young and dumb. I got caught up on feedback, took it too personally and started having trouble in my personal life due to it.

I ended up selling it to another company for far less than what it was worth, even while I had 2 competing bids because I let one of them get to me emotionally at the time. I also agreed to continue working with them on it, at what I found out later was vastly underpaid, to the tune of being ~10k below the CA minimum for a salaried SWE. Our time together lasted less than 9 months for a myriad of reasons.

I regret it, mainly because I always look back and think of what could have become if I had the strength to continue it solo, or had spent the time to look for a better partner to carry my vision forward. Instead now, you can get your latest [insert corporate media here] watchface from it for a mere $4.99/mo.

Early in my career I had a job at a small startup with about 3 other full time devs, including the founder. All of us were more or less clueless.

Project management consisted of the founder telling us what to implement. One day he told me to build something that would help us track the (many) exceptions in the app.

I went on to build a terrible alternative to SaaS bug trackers, which already existed at that time, but no one knew about/had the skills to find out.

A system for tracking email marketing recipients. That is, bounce rates, open rates, recurrence and deduplication of email addresses.

It dawned on me 10-20 hours into the gig that these customers were professional spammers, and that I was helping them avoid being blacklisted.

I scrapped everything I’d made and eventually paid back my fee.

A Linux computer for my grandma. The correct tech answer when doing things for regular people is standard tech that lots of people use.

A pop up builder for WordPress.

Received a lot of requests for this from my existing SaaS customers then started out as a corner-only slide-in modal.

Eventually I caved and added a centered modal… It’s currently in active use on at least 30.000 websites.

I’m sorry for making browsing the web suck a little more instead of less.

I'm not sure I've ever built something that I'm unhappy about the ethics of, aside from participating in a few products I believe were completely pointless.

Most of my big regrets were bad technical decisions that worsened the quality. I'm sure every dev has stories like that but for a long time my mistakes followed a pattern.

Often because I didn't follow best practices and reinvented a wheel, without being aware of how much time the project would take up.

A lot of my biggest regrets were personal projects, they almost all were major time drains that I would say worsened my life. My expectations were too high and the disappointment was far larger than any enjoyment.

I am still working on selling things on eBay and decluttering stuff bought for DIY projects.

Now I constantly advocate for best practices. A lot of my biggest contributions come from finding ways to make things work without adding more custom software.

There's just so much good software out there, often that already does exactly what you want.

Created a sports news site. I was very proud of it - in the mid-90s it was fully internationalized for European audiences, and could deliver minute by minute updates. Mostly it was for journalists who would then relay the info over their media, but people on the internet could also use it.

It was commissioned by tobacco firms who had sponsored those teams.

Later on some regulators decided that this could potentially market tobacco to children and it was going to be shut down. My boss joked that we should just remake the site but never mention the names of the teams, only just use their colors. The sponsors thought this was an ingenious idea and we actually did it.

A lot of denial from people working on this project. I heard my product manager and the CEO talking to each other privately about whether this increased tobacco use and they both strongly agreed that it couldn’t, they repeated the common lie told by tobacco companies at the time that it just encouraged people to switch brands.

A WooCommerce shop I built in a couple of days ended up making millions of dollars for the catholic church... I learned to research who I'm working for

I ran the web frontend team at Facebook.

I don't have anything that I deeply regret, but I have one where I somewhat regret my techincal decisions.

It was for a programming language that I developed at the time called OwU[0]. It was supposed to be a sort of mashup between Lisp and K (an ASCII-friendly dialect of APL). I took a lot of design decisions from oK[1], a K dialect with a code design that I admired.

The biggest mistake that I made during my decisions is to seperate between verbs and user-defined functions. This is because in K, verbs behaves like operators, while functions behave like, well, functions. But in Lisp, both built-in and user-defined functions should be fundamentally the same in data type.

Because of this seperation, it was very hard for me to implement functional programming stuff, like fold and reduce, because I have to handle two different data types at the same time.

Not to even mention the fact that I chose to go with objects in the entire language to be dictionaries, and not classes (I implement this in Python). This makes code just generally very messy to me, as I have to figure out how would I access the data to perform operators on them, and this cause me to make a good few bugs.

Overall, OwU is a language that is better than any previous attempt, but there's still a lot of it that I regret.

[0]: https://github.com/HoangTuan110/owu [1]: https://github.com/JohnEarnest/ok

Back in the early days of mobile games (Zynga et al) I worked at one of those shops helping them build a better Skinner Box.

Right now I have regretted spending so much time and energy learning how to build win32 applications in C and implementing multi monitor DPI support (kind of a nightmare in a library not made for this), because it has fried my brain.

But the odd dream of creating an awesome retro gui for.. well, whatever reason, will likely pop up again soon.

Not from an ethical perspective, but from a personal one - I do regret putting so much effort into a past project that to me looked like it had a lot of potential to move things.

There were lots of open questions, not only tech-wise, but also business-wise that made me really anxious (in both senses) to get to work on them. So I pushed the stakeholders to discover what they wanted. I asked for definitions of terms, clarification on business language, workshops to figure out what it is my software was supposed to improve, what problems it was supposed to solve.

I sat down with them and explained Agile from A to Z while also writing code, reviewing code, writing CI/CD pipelines, talking to other teams about architecture, and generally putting in work wherever it was useful - and that was everywhere.

Then a week before my 3 month trial period was up, I was told to clear my desk until the end of the day because that was not what the company was looking for. End of story.

I don't regret doing everything I did, but I do regret not playing it smart politically and doing it out in the open.

I regret becoming a software developer. It was a dumb financial decision in the country I live in.

Also, systems knowledge and critical thinking skills have brought me anguish and made me cynical. I see problems and logical contradictions everywhere and it makes everything and everyone unbearably frustrating.

I should have been a lawyer and done software as a hobby. I don't think law rewires your brain like decades of coding does... You're still human. There's something about being constantly corrected by a compiler for over a decade which changes the way your mind works in a fundamental way.

I regret a "let's just rebuild the entire UI" project I proposed, fought for, and implemented. It's been many years since then. I was very much the zealot armed with many opinions and few facts. Good lesson learned, but I feel bad about how much fucking time it wasted.

This is one side story, with no "oh I didn't knew it'll be used that way!" gotcha moment - I've worked in private milsec for some time, and I'm responsible for few device designs / ammo improvements/mk's, while I take pride in job well done, just because someone dies more quickly, doesn't mean its a good death - so after some years, I've started having doubts of that career path.

I helped some jerks create an NFT collection.

Created a LIMS system (Lawful Interception and Monitoring Systems) in 2000-2001.

It was abused at a large scale in some large enterprises in India to monitor it's employees network communication.

Thought I was doing a good work for govt. agencies, but in turned out otherwise due to the abuse and affected a lot of privacy. Since then, I've made myself away from any and all mass techs as much possible and stuck with manual methods, cash and privacy friendly alternatives.

It's like creating a double edged sword. All the newer age, continuous monitoring and etc, etc., are doing more harm then what it solves...

Like in medical community, but an opposite... Risks outweigh the benefits!! Enough said! Peace!

I built a tool for helping a trailer park management company track numerous eviction lawsuits. I didn't complete before being reassigned, but I never should've started it.

forensics software that pulled down everything possible from all social media sites at once and put into a forensic container. it would also make a fake disk image for older software. it was originally for lawful collections after u/p was obtained via warrants or willfully etc, but changed hands and was used aggressively like a cloud version of kicking the door in to grab pcs. i refused to scrape where possible and use apis and this was right before the cambridge analytica stuff blew up so a lot of the FB stuff ate dirt at least.

it was technically well made tho, everything integrated into a single executable file that had an web interface:/

I wrote a largely autonomous agent that seeks and builds data dossiers on everyone you point it at. Then you buy legally encumbered data, genuinely sensitive stuff for fractions of pennies, and you reverse identify the person, unencumbering the majority of the data, because writing privacy laws that don't cripple well intended business is very difficult.

It is not inherently bad. Some of the real life uses are practical and beneficial, but it can also be weaponized.

I built a web crawling site ring.nz on polymer/web components. Looking at the marketing of the framework it was an easy way to get material design components but in reality the overuse of shadow Dom and shadow CSS meant it was really difficult to use the components or theme them. I'm pretty sure the whole polymer project is abandoned now... The site became too hard/bothersome for me to maintain under its tech debt but is still on my GitHub.

I also regret building some things in C# or Java a long time ago.

The biggest regret money wise is I built a crypto forecasting company that became somewhat profitable BitBank.nz but I built it without enough foresight for cloud costs, was running a forecaster constantly on compute engine as well as filling up a postgres database without offlining data, turned out harder to scale down a database than scale up the memory. Basically things like that and I never had time for it after having kids meant it long term costed more than it made even with paying customers so I shut it down.

Now I run https://text-generator.io still machine learning related but I run it very lean from two GPUs I own at home which is a bit easier

I built software to track our traders. This was at one of the largest investment banks in the world and at the time they had a rudimentary system for tracking and recording their in-house traders activities - orders, trades, and other order/trade related information. At the time, the rudimentary system was built mostly to comply with government regulations, and was later modified by someone else to capture and report a larger scope of information about the traders to a higher-up department.

My system was built entirely from scratch because the existing system was antiquated, poorly structured, and really not conducive to future expansions.

After testing and implementing my system, a handful of traders lost their jobs as a result. One criteria often looked at was their number and reasons for failure to delivers (FTD's).

Other than that, it's mostly automating things that I almost sort of regret. A lot of folks in the bank were fired after I wrote a series of apps that could do the work they do. Mostly repetitive tasks. Still feel bad about that but if I didn't do it, they would have hired someone else and at the time I was really, really in dire need for a paycheck.

I wrote a system called OverSeer that was intended to record inspections of Fire Extinguishers. The system itself had positive effects in that it forced the maintenance and availability of things that otherwise were slacked off on (though the paperwork was always signed, regardless of reality)

It's the little * on the report, when someone manually entered a barcode instead of scanning it, that I felt a bit squeamish about.

Using styled components for the Reddit redesign and littering the DOM with nodes.

My main regrets are code for canceled closed source projects that will never see the light of day (waste of effort), and one early-career large scale refactoring which was only ever half-finished due to time pressure - resulting in worse code than if I'd never initiated the refactoring in the first place.

Even the bad technical decisions tended to be correctable learning experiences.

Not anything too big, but... I wrote a program to merge Jupyter notebooks properly. The backend was mostly done, and I had a start on the GUI.

Then I found out about nbdime, which did nearly everything I wanted. I ended up just making a simple Python script to make using nbdime more convenient, and soon I'm planning to make a vs code extension to make it 1-click.

I specified and architected an internal ERP system (PLM/SRM side) to replace a paper system. This was a big Oracle/web thing in the early 00's at the peak of Six Sigma. This was resisted by the engineering teams who had been using the old system since WW2. Rather than use it, there was a mini strike that resulted in nearly 50 engineers taking retirement and lead to a national scandal when a huge defence project was delayed and over budget. It was one of the largest contributing factors of the project failure.

After doing lots of post mortem analysis, the paper system was far more capable and had a better audit trail and most of the objections that were formed were entirely spot on. But we steamrolled them because we were under the six sigma project flag.

After seeing the shit show and reflection, I quit and got a shit job throwing web sites together.

Hmm that's a tricky one. I guess there was one situation where one of the clients we built a website for turned out to be a scammer/con artist who got arrested for forex fraud. I guess our work in making their site look/function as well as possible sadly helped them gain customers to rip off, and gave them a false sense of legitimacy. But no one there knew the customer's company was a dodgy operation, so I guess hindsight is everything there.

I guess there have also been a few previous companies I worked on sites for that weren't exactly the most ethical operations overall.

But I don't think I can recall ever working on anything that was used for surveillance, or that itself was built for unethical ends. It's usually things associated with questionable companies that I didn't really know were questionable.

Tons and tons of technical things!

I've seen (and caused/fixed) so many horrific things that I feel compelled to improve my expression skills... so that I can write them up more formally.

Most recently, I moved some of our Ubuntu systems away from network-scripts to systemd-networkd

I didn't realize the gravity of this change. Be warned, systemd-networkd will significantly change how forwarding works.

Due to things outside of my control, we have some systems playing router. They didn't like this change a whole lot, and I neglected to test this.

On network-scripts with the usual kit of sysctl and iptables rules, you're good to go.

networkd however requires more explicit configuration; particularly which interfaces may forward.

Not a big deal, unless you don't know... like I didn't

I know a couple of engineers who built soccer stadiums in Iraq during the 80's. Those stadiums were also used for other purposes later on.

Worked in monetization and optimized ingame shops for some of the most profitable games at the time. I know there are probably people that really like the game they develop but trust me the monetizers don't care they just want more money.

coded email targeting for people with financial problems / poor credit and offered them sketchy credit repair deals or cash advance loans with rates that were essentially usury

About 10 years ago at the start of my career I built a prototype of a Google Analytics analogue that would suck up all your Facebook profile/likes and send it to a server. This is long before Cambridge Analytica when the APIs were wide open.

At my first internship I built a program that generated reports with a ranking of call center agents based on their daily time on the phone and calls taken. It was used to fire the bottom X% periodically.

Not nefarious, but wasn’t how I want to spend my energy.

It used to be a content recommendation system for a chinese media company. We monitored peoples movements through their phone and gave marketers a really easy way to directly target people. It's sort of rampant now, but years ago it felt like it was a dangerous step in the wrong direction.

But recently I found out that an algorithm that I was a crucial part in building ended up doing some real bad things. I don't really want to talk about it directly because I'm not sure I really want to be implicated.

The point is, I feel terrible. I played a role in negatively impacting a lot of peoples lives. Sure, I wasn't the only one who built it. Nor did I play a part in what it turned into, or made any decisions about how it should be used. I just built a thing.

But I think we as programmers, tend to look fondly on our systems that we develop. They are sort of like our children (in a very loose sense). I spent years thinking back to building it, and being filled with joy. Now I see what it's done, what I helped create, where it ended up.

I just feel sick. I talked to a peer who helped on it about it. They also feel the same. Just terrible. Burnt out. Ready to switch careers entirely.

I think I might be able to continue in this field, make the right decisions, and think through the true impact of what I'm building before I commit to it.

But then again, I think back at all of the work I've done in my career, and all of it was exploitative to people at least in some sense. I'm not sure you can profit without exploitation in tech, it might be inherent (I realize that's a negative statement. I'm in a mood).

So I'm thinking I may just switch into a career I can feel good about, unless I can find a job or project that will allow me to be ethical.

We really need to come together as a community and stand up for ethics. Every day a programmer out there is faced with an ethical dilemma, one that will probably get them fired if they don't comply. Plus, that won't even matter, because they will just get someone else to do it anyway. There's not a good way to save your source of income while also doing the right thing.

Amazing thread!

Those of you implementing DPI, assisting CCP with logging, cryptocurrency daredevils, tracking enablers and even a slave helmet guy. Do know that you have changed the world. For worse. And you'll never git amend or git revert what you've done. Most likely you will never find rest for what you've done as the confessions are very indicative.

Funny, how Hollywood different the notion of an evil computer guy in movies (asian/western european/nerd) to an average american family guy Mikey Mike doing all this real damage.

But, I bet all those mortgages ain't gonna pay themselves, right?

Long ago, I worked on a popular dating app (maybe not anymore, but still top 5) and learned how they monetize "love" and "dating". Building features that claim one thing (marketing got it approved by legal) but under the hood work in a ridiculous way.

Worked on an e-commerce site for an extremely well known media company. Again, tech wise it was cool, but the way it worked and how the marketing and other folks talked about the audience and their schemes to extract $ from them was gross and disgusting.

Now I work in boring enterprise SaaS, but at least I know I'm actually helping our users do their jobs better. The job kind is boring af, the tech stack is lame, but that's fine. Every so often I'll be on customer calls and I love hearing them tell us that our fix or some new feature is wonderful.

I will never work for big tech or adjacent companies ever again. I want to be able to sleep at night and not be associated with psychopaths and people who care only about money at any costs.

In the early 00s I designed and wrote a system that procured abandoned domain names, analyzed them for SEO purposes (existing pagerank scores, inbound traffic from other respectable domains, etc) and then generated a web of links and artificial content designed purely to sell ads and boost other client domains. The part I enjoyed the most was automating Apache and systems administration work for the server farm, but I regret working on it. I was broke and desperate at 20, and I ended up quitting the job after a few months anyway.

Something to convince German people to feel comfortable with Google sucking up all their data.

Hey at least I’m not the AMP guy.

Interesting that most posts here have to do with monitoring or surveillance of others. Privacy is important...

I built a web SPA "crypto" calculator that performed basic and generic tasks such as symmetric ciphering with block padding, hashing with different algorithms at the same time, pkcs7 messages ciphering/deciphering, and utilities like base64 to hex to ascii, etc encoding/decoding, etc.

I did at the time Angular was hot and I wanted to learn it. Also because it made my life easier at my job. I developed it fully at home outside office hours (I did not work remotely at that time), published it on github and deployed it on a personal public VM, and I told one or two direct colleagues about it.

A few months later, some people in the company who I did not know started using it (from the public site, not running it locally) and then later even manual validation plans or troubleshooting guides referred to it (its url).

I noticed through the server logs that it was used from many different countries, it was barely active but still got between 2 to 5 visits per day. And from the location I knew that it was very likely people from my company (no zscaler at that time).

One day I wanted to upgrade the VM and also cut down old sites that I maintained. So I shut down the website. A few days later I received a complaint in my company from 2 guys asking me to put it back on. I had to explain them that no way, I would not put it back on, it was a personal project fully developed outside business hour on my personal laptop, hosted on a personal VM that I paid for, etc.

This could have got me fired maybe, even though the cryptographic functions were really generic, I could have been accused to have stolen company time or whatever. The company was really not the kind to give 20% of our time to work on personal ideas.

Spent a year building a financial analysis engine for automated commodities trading, including a home-baked distributed computing system. Ran it on servers at work (which was unethical) and ended up losing some money (not a lot) on trading a system it produced. The trades themselves did make profit, but I failed to account for broker fees. Good learning experience but wasted a lot of time writing code that I ultimately threw away.

Not really answering the question: I interviewed at a company that measured Internet traffic and would do so by installing proxy servers in popular software downloads. This was 15+ years ago now. I suppose this was the early versions of spyware. I got an offer but never took it because I disliked the concept and multiple layers of deception to the end user. no regrets here, but i always wondered how people could work on such products.

An xml parser.

I worked on a private jet plane computer for months, saving the project reluctantly (because private jets are very very rarely used for "good", mostly by entitled very wealthy persons, and are very polluting), just to learn the component I was working on would be used on a military plane as well. YMMV, but I don't work for military stuff, and it still haunts me.

A PBX extension to remind customers of a renewal they opted into. Highly successful but also no ability to determine time zone... so not great

I've spent the last four years now trying to start a business on the Internet (working on ideas roughly two hours per day before work).

I kinda regret that I didn't just build one thing, and stick to it until it succeeded, but each project had valuable lessons (both business and code/architecture) that carried over into the next one. So far I've built:

- bill splitting service (2017)

I spent days agonising over which new framework to use (this was late 2017 after all), eventually learned to just use the tools I knew (react, node, postgres). I didn't really care about the problem space, so shut it down.

- jobs aggregator (2017/2018)

I learned that implementation is meaningless to the user if you're not delivering value. I wanted to copy remoteok.io and make it serverless (effectively free to serve traffic), I didn't realise existing sites provided value via their traffic. The reason StackOverflow can charge as much as it did is the millions of page views per month it receives, creating value for its job posters.

- appointment scheduler (2018)

I built an appointment scheduler, had no real means of attracting users, shut it down.

- room booking service (2018)

Spin-off of the previous idea, but for meeting rooms. Tried to build the whole thing using Google APIs, eventually got stung by API limitations, gave up (learned not to rely on other's APIs without understanding their limits first).

- graphql API monitoring service (2018/2019)

Traction again, couldn't find users (tried in-person sales for the first time, too).

- site speed monitoring service (2019/2020)

Essentially running google lighthouse as a service. had some users, but fixing all the edge cases around chrome/puppeteer/lighthouse across super slow websites was a total pain. Couldn't figure out distribution.

- uptime monitoring service (2021-current) - https://onlineornot.com

Doesn't seem to be as useless as the other projects. Has bought me the MacBook Air M1 I'm typing this comment on now.

Rewrote my old graphql API monitoring service from scratch to monitor APIs, websites and web apps, seems to be going well so far. Now also a status page service.

Thank goodness none of us have the burden in our lives of have programmed this machine, that literally killed people with overdoses of radiation. About the most awful way to die aside from full body fire or chemical burns

https://en.m.wikipedia.org/wiki/Therac-25

I've built a website and a browser extension/addon that allows you to download any video at it's best possible quality or as an MP3, made it mostly for myself but it was public.

I made sure I don't collect any data except the URLs that come in, for debugging purposes, so that if I see too many failures I can fix whatever the issues is and attached an inbox so people can reach me.

I've seen some really disturbing stuff in the logs, you can tell from the URL alone, zoophilia, murder and executions, rape, but that's all stuff you can find on the internet.

I stopped looking at the logs long time ago, but I vowed that if I ever get a whiff of underage sexual content going trough the site, I will take it down and use it only in private.

----

Ow, I also get emails from horny people who really want to download specific porn videos from unsupported websites.

I wrote a web tracker that was oversized and inefficient, which got deployed to a lot of websites. At the time I lacked the necessary experience or guidance to do better. It should've been much smaller with a drastically reduced network footprint. At the scale it was deployed every byte counts.

I still feel really bad about this. Sorry.

20 years ago I bought a domain which is .co.uk.

I didn't know what to do with it, so I collected GIFs of women... Jiggling.

At the time I thought it was humourous but now I just cringe.

I should probably take it down sometime, but I just don't know what to do with it.

I did some hobby work with a commoncrawl dataset. A year or so later I got contacted by a startup to see if I could do something similar for them. They basically wanted to collect phone numbers and email addresses of businesses from the couple of TB of data. I gave them some disclaimer like: you can use this for good and bad things, I trust it's good and also it is your responsibility to comply with privacy regulations. They ran my code in their own AWS account and probably collected millions of addresses. I think the startup didn't make it. No idea what they did with it but I still feel a bit bad.

I used to work in digital advertising company that had their on DPI technology and had deals with ISPs to tap into their network and some publishers. We profiled each user, by default it was opted in (: after some pressure it was by default opt-out but whoever was opted in and didn't know that remained opted-in. China was just meh, everybody opt-in we don't care about your privacy....

Truly ingenious technology but everything else was shit, truly bad moment in my career that fortunately lead to a better place for me...

(Also this was pre-https everything so it was super-easy to sniff the traffic)

I wrote an blog post about my biggest regret in programming:

https://iaindooley.com/post/57313703317/an-open-letter-and-a...

EDIT: actually I just remembered that around 2011 I repurposed SMS subscription software I had written to run a (basically) spam premium SMS service in Ireland. It wasn’t my service, it was for a client, but I knew it was shit and I did it anyway. What can I say I needed the cash.

I don't really have anything that I regret, as I have learned something from every project, but I have a number of projects that didn't do as well as I wanted; either from a performance/features PoV, or from the perspective of how they were received.

In some cases, something that I wrote some time earlier, and had "let go of," proved valuable, at a later time (that has been the case for the app that I'm writing now). In other cases, it took years longer for something to "catch fire," than I initially expected.

Eons ago, I wrote a bash script to split up a test suite to run in different order across our device matrix, so even though the suite took hours to run, it took only 10 minutes to get an email that a test was failing on some machine.

I was gone in 6 months, but 3 years later the team (having doubled and doubled) still used that dumb script. Had they buckled down redo it in Java, they would have learned a lot and would have relevant experience to get jobs in the then-burgeoning enterprise server market.

Not bad for society, just for them.

ever heard of ActiveX? you know, arbitrary code installing and running in your browser and available to be scripted by javascript? sorry. I'm not solely responsible, there were many of us. but still sorry, pretty responsible. we were young. code-signing as a means of validating origin was a great idea. it needed additional infrastructure to keep track of originators and to prevent abuse, though, and that wasn't perfectly thought through or executed. live and learn.

I was involved in building an app that tracks driving behavior for an insurance company. Of course live location data and names are logged in plaintext for all customers.

I built a utility to help plant personnel get up date to job information and documents on a tablet instead of having to refer to printouts from up to a few weeks before that may or may not have up to date information.

It was co-opted as a time tracking system. A bad one that, as far as I can tell, produces no actionable data while simultaneously being a pain in the ass for the poor bastards using it.

It is the last time I will ever go out of my way to improve a non-IT aspect of the company.

Worked in a medical start-up in one of the country's biggest incubators, but eventually uncovered that the whole thing was a scam. All what management did is launder the money to themselves with no actual product in sight. I was responsible for the pilots and demos to the municipal hospitals and government officials, and i regret i've spent ~year to help them cover their crimes.

The management guys are not in prison and i think will never be.

Deep packet inspection hardware/software that was sold to controversial governments/militaries who ended up in a coup and used to track and ** opposition.

I was asked to solve a relatively minor problem. I then turned it into a much larger project, more or less to entertain myself. Years later and the project just won't die, we've tried to get everybody off of it, but they just won't leave. Nobody wants to run this thing any more, it's just too big. In retrospect I should have focused only on just what the business really needed, and not turned it into a magnum opus.

I have wasted a lot of time building a two sided marketplace for gigs, that was the biggest thing i regret, that i kept trying for much too long of a time

I built an integration from our CRM to a sales team messaging platform. For users that exist in the CRM, it worked great. The problem was the side uses of the messaging platform for users that were not active in the CRM or never in the CRM. It’s a nightmare to keep dealing with all the exceptions related to non-active CRM users.

I usually don’t let myself get caught in such a scenario, this one slid by and I regret it.

Once upon a time I wrote a DNS zone sync shell script. It was great, and terrible. Truth is, it should never have been a shell script. I used curl to make API calls to Oracle (then Dyn), awk to turn API output into the local zone format, sorted the local and remote zone data, diff'd them, then more curl'ing to make the updates. It was brilliant then-- now, not so much.

openIPMP (https://sourceforge.net/projects/openipmp/). At the time (2002), we were trying to jump start legal content consumption foolishly thinking that providing a POC DRM system might generate either real services/debate. We thought providing an infrastructure that demonstrates rights management within (the great MPEG4IP project) would facilitate this. We tried to implement some 'standards' MPEG-21, ISMA, MPEG4.. but at the end of the day I think it was just a dumb idea. We got some free press, even some consulting work out of it.. but it wasn't very good and we weren't going to move any needles with it. I learned a lot about mpeg4 a/v and built a cool rights store in PKCS12.. but we spent over a year on it and it ultimately went nowhere...

Too many things related to cryptocurrency.

I worked at Ashley Madison, enough said.

Same thing as the most impactful for me too.

It was a chemical thing. Toxic too.

You've got to figure it's a lot more likely to have impact if there's a somewhat likely negative outcome within the reach of unscrupulous operators, especially if popularization can be a factor in a more widespread negative effect.

I don't have anything to add except this is an awesome thread. One of the best I've read.

Software related to various "eye in the sky" wide-area surveillance the government conducts.

around 2008 i was working for a startup incubator.

there were 2 webproperties

a people search engine a travel social network a yelp clone

i was in charge of SEO

in it was a major success

the people search engine became part of the biggest websites of the western world, top 10 in europe

the travel social network became a travel guide with more traffic than tripadviser then

the yelp clone became bigger them qype, the then leading yelp clone in europe

all with technical SEO

felt like a superstar

all resources were shifted to SEO and monitization

all 3 webproperties dont exit anymore (sometimes the companies behind them still do)

we did scaleable SEO before we had a product that users wanted.

so by now, I don't touch projects before they are not (near) product market fit. SEO kills if done otherwise.

said that, the people search engine had a 100m exit i think, which was a lot at that time.

Nested HTML tables in Microsoft's web site in 1995. Mea culpa. Mea maxima culpa.

EQE (https://eqe.fm/about)

Because of the opportunity cost. It's a fun hobby but I wish I made something that made me money. Being a salaried software engineer kinda sucks.

I don’t think I built any regrettable things.

Except for that one time I built something pretty good and he didn’t want to pay me for it. Big regret. Shouldn’t have finished that job.

Has anyone built software that killed people? This is different from regret but similar in the sense some people regret this, others don't.

Awesome question, and awesome thread.

A financially debilitating coffee addiction. Basically if I don’t drink caffeine my heart stops.

Copy protection schemes. Cringe.

Basically every spreadsheet I built working at an investment bank during the GFC.

TikTok

Pretty much anything I built for $big_investment_bank. All largely in response to the 2008 crisis and all largely unused as a result of regulatory and management changes. Feels like a big fat waste of time and other peoples money.

I'm a bit late but just had this recommended to me by someone who knows what happened to me.

I set up a startup with an acquaintance (also the life partner of an ex colleague and now former friend). We were equal partners: I did the tech, they did the marketing/strategy and occasional bit of UI design.

We got pre-seed investment with a 7-figure valuation, and we were doing the standard startup thing: building features, looking for product market fit. We had a good working relationship, with zero arguments and barely a disagreement.

Then, my one-year-old son was suddenly taken seriously ill with a life-changing condition. There was a horrible period where we weren't sure if he was going to live or die. To add to this, my wife was also 6 months pregnant at the time.

My son had some very serious operations, and required a long time to recover. The operations didn't go as planned, leaving him still with a life changing illness with a very dim outlook.

Obviously, as soon as this happened I told my partner, and they told me they would take care of everything and to take the time we needed. Everything was set up to run without intervention, and for marginal cost, so I things could be on hold without really affecting our runway.

There were some accounts we had set up with 3rd parties where I was the account admin so I transferred these over when my partner asked me to. I did this outside the paediatric intensive care unit where my son's life was in the balance.

After nearly two months of bad news after bad news, we finally made it home and began adapting to our new life.

I told my partner that I would be ready to begin returning to work gradually if possible. I got no reply.

After a few weeks, I finally got a response. My behaviour was apparently so bad that it put the company at risk, and I had been fired from my own company, with all my shares being transferred back with zero value.

Now, obviously this was absolute nonsense, and I had done nothing of the sort, so I phoned our investor to see if they knew anything. Apparently my partner had told a complete tissue of lies about how we'd been arguing and etc., etc. which was all 100% false.

Anyway, I immediately instructed the most expensive lawyer I could find who told me there was absolutely no way on earth they could lawfully do what they had done, so we began action for breach of contract.

It turned out ok for me in the end, but not after a lot of turmoil.

I absolutely cannot believe someone could be so evil, cruel and opportunistic. Basically, I'd built something that was a working, sellable product as is, requiring very little human intervention, and they decided to steal it off me.

I'm actually glad to be out of it, but I have to say getting into business with that person is a huge regret. Also, my ex-colleague who was her life partner obviously helped with figuring out what accounts and stuff they needed to take complete control of everything. I didn't think at the time what was going on when they were asking for owner access to everything. It did strike me as slightly odd but I trusted them.

As bad as it was, I've learned a lot from it: 1. Don't go into business with people you don't know really, really well. 2. Some seemingly nice people can be utter, utter shitbags for money. 3. It turns out that some people will literally completely make up stuff about you and tell it to other people. Things with not even a grain of truth. 4. Expensive lawyers are worth the money. 5. It feels good to win when someone does something shit to you like that. 6. Nothing matters more than family.

tldr; I regret making bots in the early 2000's.

Sometimes we make things in our youth that end up getting people arrested. Sometimes nobody knows you even participated in coding and releasing some of the worst bots that are still used today in variants for banking theft software. Sometimes you just have to keep it to yourself and be the hacker you were when you built those evil things. Above all else you were/are a hacker and you should never claim your evil hacking deeds for yourself and should always do it for the love of the game.

amazon.com