Code review is slowing your team down
Posted by the-scream-i-scrumpt@reddit | ExperiencedDevs | View on Reddit | 65 comments
Code review is just a way to say "do I trust you?" but after 100 pull requests within one part of the codebase, you should basically trust that person going forward.
The fact that nobody does this just goes to show how distrusting and hierarchical our industry is
---
And no, we don't do code review to disseminate knowledge, there are much better ways to knowledge share.
And no, it's not for SOC 2, you can get an AI to review it if you need to meet compliance checks (the auditor that you hired isn't going to complain)
\^ excuses
ExperiencedDevs-ModTeam@reddit
Rule 1: Do not participate unless experienced
If you have less than 3 years of experience as a developer, do not make a post, nor participate in comments threads except for the weekly “Ask Experienced Devs” auto-thread.
ksceriath@reddit
I find myself looking for someone in the team who'd seriously nit-pick my code and design.. and not take it for granted. There used to be a time when my submissions were reviewed critically. It used to feel like there were guardrails. Now, my team just takes my submissions for granted.. but I still can overlook things and make mistakes also. I wish they didn't trust me that much... and told me how can I improve further.
skdeimos@reddit
Why are you on this subreddit if you have no experience writing professional software LOL
the-scream-i-scrumpt@reddit (OP)
I didn't ask you to attack my credibility... Guess that's what happens when you post an unpopular opinion
skdeimos@reddit
Has a coworker not ever caught a mistake in your PR?
Have you never noticed a mistake in code that was written by someone you trust?
If you're a developer long enough, that is going to happen.
the-scream-i-scrumpt@reddit (OP)
Sure, I've reverted code before. So have you. And we've both been getting 100% of our code reviewed 👀
SpiderHack@reddit
Now imagine how many more times you'd have to revert code if no one was reviewing your code...
And also, this process is that 'a process' that is in place to not oromote bad practices... From experience.
"Ohh look, why is Tom fetching a payload from a random website for this 'test data download' and then executing it?"
2 months later
"Why is our github token on the front page of Reddit?"
56killa@reddit
What are you on about exactly, this reads terribly. Shouldve had someone grammar review this.
Aomix@reddit
This doesn’t feel AI written, genuine human silliness at work here.
56killa@reddit
Almost wouldve preferred schlop tbh
eloel-@reddit
They trusted him and rubber-stamped it, so we have to read the bullshit now
56killa@reddit
😂
the-scream-i-scrumpt@reddit (OP)
Clearly you understood what I was on about ¯_(ツ)_/¯
eloel-@reddit
nit: you've dropped a backslash
the-scream-i-scrumpt@reddit (OP)
The autocorrect caught it, it was a non-blocking check, I chose to ship anyways
RedBlueKoi@reddit
I am sorry what?! This is such a stupid take. I would be happy to receive a code review from my mid devs, for many reasons as well. If nothing else just for sanity check and making sure my code is readable and understandable
the-scream-i-scrumpt@reddit (OP)
Your "mid" devs? I'm sorry, did you hire shitty devs that you don't trust? I think that's a hiring problem.
RedBlueKoi@reddit
I meant middle of course
CriticalOfBarns@reddit
I’ve driven thousands of miles and never had a wreck, yet I still wear a seatbelt. What gives?
the-scream-i-scrumpt@reddit (OP)
The AI will be my seatbelt, it does a better job than a human did anyways
CriticalOfBarns@reddit
Jesus take the wheel!
eloel-@reddit
Omnissiah guide us
Sensitive-Ear-3896@reddit
lgtm!
kevin074@reddit
Sure after 100 PRs, let me just add a hack to deposit a check to my account
the-scream-i-scrumpt@reddit (OP)
I can already sneak that into any code reviewed change, the code review isn't a protection mechanism
kevin074@reddit
Funny you said that, I just watched a YouTube talking about a hacker almost released a malicious code into Linux base code and could have hacked everything in existence.
The reason he wasn’t caught earlier was because the maintainer just trusted the hacker after a year(?) of good work.
The reason he was caught was because someone just read the code (or the output) and saw extra bytes that he couldn’t understand why.
the-scream-i-scrumpt@reddit (OP)
I suppose I didn't specify a caveat for open source. Fine, I can see how review is important for open source.
darkblue2382@reddit
Wow, you and your team do terrible reviews then. You shouldn't drag yourself like that it's bad for your mental health.
caboosetp@reddit
Code review is absolutely a protection mechanism. But also people make mistakes.
Imoa@reddit
That’s an indictment of your team’s code reviews, not the general practice.
obelix_dogmatix@reddit
shit like this is what broke crowdstrike
the-scream-i-scrumpt@reddit (OP)
Crowd strike should've had a hundred checks to prevent their crappy outage. I guarantee you they didn't do a post-mortem and say "you know what? It's all Jim's fault, he didn't get a code review"
_Atomfinger_@reddit
It's not.
the-scream-i-scrumpt@reddit (OP)
What is it then, wise guy
_Atomfinger_@reddit
It has nothing to do with trust whatsoever.
It is someone looking at the code, checking whether it is good enough for production, and seeing whether the implemented code actually aligns with what the developer was supposed to build.
It is to have someone look over it and see if it meets the team's standards.
It is to have someone look it over to see if the writer had a brainfart (or if you have a better idea that might improve it).
It is to share knowledge and familiarity about the solution.
Whether I trust you has nothing to do with it. We all have our bad days, or we might misunderstand the feature. We all can benefit from an extra pair of eyes on our code.
the-scream-i-scrumpt@reddit (OP)
But don't you think AI does that these days?
After 100 changes to the codebase that I'm the expert in... It's much more common that I'm explaining the feature to the reviewer than the reviewer is explaining it to me! Understood that some companies just assign your a jira ticket and say "go", but I'm defining my own roadmap so I'm well aware of what we're trying to build.
And even if I did screw up this way... So long as the change is safe that should be enough. If it's "building the wrong thing," then 9 times out of 10 I can revert it and course correct. I'd prefer reverting 1 change than being slowed down on 100 changes.
_Atomfinger_@reddit
No. Not well enough.
So knowledge sharing! That's great. See, now you're getting it! Very team player of you.
Great that you have people reviewing your code to ensure it is actually safe and maintainable. Great job!
joebgoode@reddit
I feel bad for your team.
I feel great for my team, since you're not part of it.
the-scream-i-scrumpt@reddit (OP)
I feel bad for my team too.
I feel bad for your team also.
HK-65@reddit
I've a feeling someone got told to tighten up the slopstream.
Every-Third-MP@reddit
Deranged post.
the-scream-i-scrumpt@reddit (OP)
Why, can you debate me on it?
arjjov@reddit
Welcome to the real world, kid.
Nobody wants to maintain someone's else crap, and get paged to deal with it later, wether intentionally or not.
Peer reviews potentially help to prevent this.
the-scream-i-scrumpt@reddit (OP)
But I own the crap! I'm the expert in this crap! Should I not get a free pass when I'm trying to fix the crap??
arjjov@reddit
Well, when you leave the company someone's else will likely have to maintain it.
the-scream-i-scrumpt@reddit (OP)
And my fix will help them have a much nicer time! Wouldn't they love to read some beautiful well-factored code?
With the ways my code reviews go, everyone's always scared shitless about refactoring anything that has production traffic going through it
the-scream-i-scrumpt@reddit (OP)
I'm gonna have to... But it drives me crazy: this is why every company is drowning in tech debt after 5 years in business. This is why we can't have nice things.
Sensitive-Ear-3896@reddit
potentially being the key word
Otherwise_Source_842@reddit
This is an ass take. You think great devs never have a typo or forget/miss something?
daltorak@reddit
A horizontal rule in a five-sentence post tells me everything I need to know about how seriously to take this.
the-scream-i-scrumpt@reddit (OP)
???
Teflon_Twon@reddit
Trust? Trust but verify the dev coded based on the requirements, design and standards (coding, security)
This post is
another_dudeman@reddit
No.
saposapot@reddit
Good luck on that Audit review.
Own-Football4632@reddit
The best engineers might have sales skills and might not.
Some of the best maintainers are awkward people that make sure things work smoothly, and some of the best salespeople are egomaniacs who think their personality and goals make them better than other people by default in every realm.
The best engineers know they can make mistakes or bad calls and can leave room for others to give them at least a sanity check.
The best engineers actually think with nuance so aren't convinced by blanket statements yelled into a void like "Stop doing ____" or "Your team is bad because ___".
Take this back to LinkedIn where shallow hot takes are treated like a commodity.
country-dev@reddit
"you should basically trust that person going forward"
- things said moments before disaster
Imoa@reddit
It makes me laugh - zero trust, RBAC, etc. This field reinforces the idea that you verify every time repeatedly in so many contexts.
Next this dude will tell us he shouldn’t have to log into his computer after logging in 100 times, or he should get escalated privileges after making 100 queries in a database.
austinwiltshire@reddit
You can always tell who the imposters on experienced dev are...
the-scream-i-scrumpt@reddit (OP)
I've been doing this for 7 years wondering when I'd be able to say "huh, these code reviews are actually a good idea," but I woke up today and realized they're still just as shit as I thought
mackstann@reddit
I think people already account for this. When you work with someone for a while and trust their abilities, you loosen up your skepticism during review. You know what you can probably rely on and what their weakness are that you should watch out for.
Sensitive-Ear-3896@reddit
The Idea is good, but submitting a pr waiting 3 days and begging people to review (only to get lgtm) then having to rebase is shit, and makes me hate the industry
BiackPanda@reddit
This is experience devs not experienced managers
Linaran@reddit
Written confidently with a very vague point ...
Resident-Trouble-574@reddit
Will AI be held responsible if the reviewed code ends up not being compliant?
colorblooms_ghost@reddit
Or, crazy idea, software engineering requires making a massive number of decisions. Statistically, the more decisions you make in a row, the more certain that some of them are bad. AI is good at catching some things but not good at identifying when the thrust of the change is wrongheaded