Ramsay's kitchen nightmares, but for software development : programmer

[–] Rancor_Tangerine@lemmy.world 2 points 1 hour ago

It would be depressing. I ended up working somewhere we would regularly get called in to clean up messes and enterprise software is a disaster.

Huge application. Dominating it's industry. It had only one user on a DBs with a password that hadn't been changed in over a decade. Same user/pass for each DB as well. The DBs were all publicly accessible. The applications, clients, engineers, and everyone else used that singular user. Better yet, one DB even had a table for the locations of every server, what it did, and what credentials you needed to log into it. This app held insurance information, PHI, PII, payment information, etc. The "Founder" thought he was clever because he'd turned of all logging on the DB and was under the impression if he couldn't detect a breach he didn't have to report it. The DB engines were so unbelievably old "community" versions of DBs. The password was something along the lines of 1998!

They had a load balancer that took traffic in on 443 and sent it to the server on 80, but since the servers only used 80 and no one explained networking to them, every internal request would be sent to the open internet on 80, hit another source, and then would make it's way back to the load balancer and into the app. They were excited to show it to me and everything. Networking and Developers are like water and oil.

Yes that did get reported to governing bodies. They slapped he company on the wrist. No fine. I fixed it so it's nearly bulletproof now. When I turned on logging I do want to note there were TONS of connections to Iran South America, China, India, Russia, etc.

But that's A LOT of apps. We kept doing M&As and 3/4 apps that are being sold were the exact same. Hell, I've seen apps handling CUI store their data unencrypted on open servers. Reported as well, but nothing ever happens. We were told by one person that the laws and fines only exist to hit companies after there's a breach AND a lawsuit from users. Before then there's no victim and no crime.

Tldr; auditing software is a lot like what I imagine smoking crack is like.

[–] lowered_lifted@lemmy.blahaj.zone 7 points 13 hours ago

I would watch this. Maybe something like "SRE Squad" with like a fire department type aesthetic and eagles and flags and butt rock theme song.

[–] tiredofsametab@fedia.io 11 points 14 hours ago (2 children)

Someone would have to look at and understand the existing code and infrastructure rather than just throwing it all away and writing a data migration. In other words, it would never happen.

[–] ryathal@sh.itjust.works 5 points 1 hour ago

It would have to be more like an unsolved mysteries show with a dramatic reenactment and a developer giving all the ugly details with a blacked out face and voice changer.

[–] mogranja@lemmy.world 1 points 2 hours ago

Op wrote software development, but the example is more infrastructure focused. Which is a lot easier to parse

[–] scathliath@lemmy.dbzer0.com 9 points 14 hours ago

Me and friends borked our school network by making it a doge coin miner in high school, the IT guy was not pleased.

[–] HugeNerd@lemmy.ca 5 points 14 hours ago

Silicon Valley

[–] MTK@lemmy.world 12 points 19 hours ago

And it will always end with a more modern and streamlined infrastructure that they never update again and then two years later there is an article that shows how they all went bankrupt.

[–] ChickenLadyLovesLife@lemmy.world 35 points 1 day ago (1 children)

This was my entire 25-year career. No way in hell would I want to watch a show like that.

Although if there were a show based on my career, I'm sure the highest ratings would be the show where my coworker fires a 125 mph knuckle ball a foot above a 10-year-old kid's head. It was the only time in my career when I had to physically intervene to prevent a fistfight between my boss and the client.

[–] doctorschlotkin@lemm.ee 11 points 1 day ago (1 children)

Please elaborate on this knuckle ball story. I am confusion.

[–] ChickenLadyLovesLife@lemmy.world 49 points 1 day ago* (last edited 1 day ago) (3 children)

We got hired by a company that was developing a remote-controlled baseball launching machine. The machine itself was just the standard two spinning wheels (although the max rotational speed of 125 mph was a lot for this sort of thing), but it could also pivot 360 degrees and also angle itself between straight up and 45 degrees down towards the ground, so it was capable of simulating any hit ball in baseball. The idea was that you would put this machine at home plate and then the coach could walk out among the players and use the remote (which was a Windows Mobile PDA) to generate any kind of hit, like a grounder to short or a pop fly to right field etc. Because the wheels could be independently controlled, you could put any kind of spin you wanted on a ball by having one wheel spinning faster than the other.

Really a cool device and a cool project, but my coworker who got the gig was a remarkably terrible programmer who spent more than a year fucking things up in various ways. At one point, for example, he spent three months trying to develop a Physics engine to control where the ball went, despite the fact that a) he knew nothing about Physics, and b) the Physics of a spinning baseball is actually incredibly complicated and well beyond the processing power of a PDA circa 2005. Not to mention that the balls used varied tremendously in how old and scuffed up they were, which would have defeated any attempt to calculate where they were going with any kind of real precision.

Despite being well over budget and past the original schedule, he had things sort of working (sometimes) and the client asked him to produce a variant of the software that would let the machine be used by Little League coaches. My coworker in addition to writing the version to scale back the speeds appropriately, also decided to completely change the API that was used to communicate with the machine. Previously, the speeds had been specified by short integer values between 0 and 32768, but he decided it would be better to use floating-point values between 0 and 1. All well and good, except his way of dealing with the huge amount of compiler errors this generated was to cast all the hard-coded short int values as floats and clamp the result between 0.0 and 1.0.

As bad as this was, he also decided to test this version - for the first time - on a field with actual Little Leaguers (in his defense - but only slightly - we rarely had access to the actual machine itself, so proper testing was always difficult). The coach sent the command for a slow grounder to the shortstop. This should have produced a horizontal ball with about a 30 mph speed on the bottom wheel and 35 mph on the top wheel to give it some topspin. Instead, his hard-code int values were about 10000 and 12000, which got cast and clamped to 1.0 by the API call - in other words, maximum speed (125 mph) on both wheels. This ejected a ball with no spin going 125 mph, the most deadly knuckleball in human history (human pitchers throw knucklers at maybe 50 mph and they're nearly impossible to hit or even catch). At least he had the angle and azimuth "right" so this was fired straight at the shortstop! Had it hit him, the kid for sure would have badly concussed and very possibly killed, but fortunately it sailed just over his head.

[–] mogranja@lemmy.world 2 points 2 hours ago

That's testing in production, with live ammo. Glad it didn't maim anyone.

[–] thatonecoder@lemmy.ca 8 points 21 hours ago* (last edited 21 hours ago) (1 children)

The fuck??? That's a horrible co-worker…

[–] ChickenLadyLovesLife@lemmy.world 25 points 21 hours ago (1 children)

And this wasn't even his biggest disaster as long as you don't count the potential for death. The baseball-throwing gig was just him and his manager; for his next project he led a team of five developers that turned three months into three years and never produced working software. The only revenue it ever produced was an initial $50K from the client that was later refunded to preempt a lawsuit. For the project he chose Ruby-on-Rails despite the fact that neither he nor anybody else on the team - nor anybody else in the entire state for that matter - had any experience with RoR. I have to give him credit, though: he was a true Renaissance Man in the sense that he could fuck up a project in any language or platform.

[–] thatonecoder@lemmy.ca 7 points 21 hours ago

Now, I don't have to be embarrased at the hobby project forks I make. Thanks!

[–] stratoscaster@lemmy.world 7 points 21 hours ago

Wow thank you for sharing. Very interesting story.

[–] nthavoc@lemmy.today 23 points 1 day ago

These images are RAW! YOU, DONKEY! Here, take your blob, and gtfo. GO! OUT!!!!!

[–] Natanael@infosec.pub 1 points 14 hours ago

It's called incident response

[–] Ghostwurm@lemmy.ca 5 points 21 hours ago

You fucking Donkey!

[–] conditional_soup@lemm.ee 8 points 1 day ago

I would watch the absolute fuck out of this to the point that my family would be so fucking sick of it.

[–] dumbass@quokk.au 38 points 1 day ago (1 children)

It surprises me that there aren't more shows like that, just some random dude bursting through your job calling you all twats and pointing out where you failed, then helping you fix it.

I want carwash nightmares or retail nightmares shows.

[–] applebusch@lemmy.blahaj.zone 3 points 14 hours ago

Startup nightmares would either be cathartic or give me ptsd flashbacks.

[–] vrkr@programming.dev 13 points 1 day ago* (last edited 1 day ago) (1 children)

Still have a copy of Ubu 8.04 on CD somewhere. Not sure if it still works though.

Good times.

[–] Appoxo@lemmy.dbzer0.com 4 points 15 hours ago

I wonder if there is a forgotten torrent of the ISO somewhere floating around with users still seeding it

[–] philthi@lemmy.world 156 points 1 day ago* (last edited 7 hours ago) (7 children)

I would watch this. Especially if it was an angry Brit, rather than a dramatic American. And even more if it didn't keep replaying the same 5 minutes of telly before and after each ad break. And even more if it didn't have an ad break every 10 minutes that lasted 5 minutes.

[–] eager_eagle@lemmy.world 60 points 1 day ago* (last edited 1 day ago) (2 children)

right? I don't watch TV because of all this crap. I don't understand how some people have the patience, honestly.

[–] kuberoot@discuss.tchncs.de 2 points 5 hours ago

Our public TV has no midroll ads, only between programs, and I'm so happy I can use a guide and usually find something to watch when eating and get no ads. But I'm also watching the endless reruns of a series I like, so that's also not difficult to get.

[–] roofuskit@lemmy.world 36 points 1 day ago (2 children)

Frog in pot is my guess. I haven't watched ad supported television for like 20 years now and it is so jarring when I'm in someone's house and an ad comes on.

load more comments (2 replies)

load more comments (6 replies)

[–] swelter_spark@reddthat.com 20 points 1 day ago

I would watch this.

[–] Lemminary@lemmy.world 28 points 1 day ago (2 children)

Yes, but consider that the abbreviations alone would make the show unwatchable. "Hold on, babe, what's a SaaS?"

[–] insaneinthemembrane@lemmy.world 2 points 20 hours ago

Could use subtitle style helpful info like in Alone

[–] Sorse@discuss.tchncs.de 11 points 1 day ago

Shit as a Service

[–] kautau@lemmy.world 43 points 1 day ago (2 children)

“And the big surprise, is that the fucking image uploads are being stored in fucking RAW!”

load more comments (2 replies)

[–] Aurenkin@sh.itjust.works 64 points 1 day ago

I wouldn't deploy this for my fucking dog, roll it back now!

[–] Psaldorn@lemmy.world 85 points 1 day ago* (last edited 1 day ago)

Look at this ci deployment! THE TESTS ARE TURNED OFF. YOU'RE RAWDOGGING PRODUCTION.

Oh my days. Your AWS isn't destroying old deployments, no wonder you're indebt, you have seven times more compute than NASA FOR FUCKS SAKE.

[–] abbadon420@lemm.ee 41 points 1 day ago (7 children)

Just talked to a woman from a company in the same holding as mine. They still run their computers on windows xp. They're in health care and deal with sensitive, confidential patient data.

[–] tiredofsametab@fedia.io 4 points 14 hours ago

I used to work in healthcare IT until around 2008ish. Various clinics had things running on 3.11, 95, 98, etc.

For the 3.11 case, it was only controlling the door card/lock system IIRC and was not otherwise on the network, but some of the others, less so. We didn't have direct control over the sites' decisions and couldn't really enforce anything so us removing them was not possible. We did everything we could to convince the site mgmt, of course.

[–] conditional_soup@lemm.ee 5 points 1 day ago* (last edited 1 day ago)

The criticality of any given service is inversely proportional to how recently released was the technology that it runs on.

This, if you see some ancient machine sitting there humming, don't even make eye contact with that mf, don't even think about it. In fact, try to minimize your time in the same room so when it eventually goes tits up, you don't get blamed.

[–] Kazumara@discuss.tchncs.de 8 points 1 day ago* (last edited 1 day ago) (2 children)

This week I heard from a network group lead of a university hospital, that they have a similar issue. Some medical devices that come with control computers can't be upgraded, because they were only certified for medical use with the specific software they came with.

They just isolate those devices as much as possible on the network, not much else to do, when there is no official support and recertification for upgrading. And of course nobody wants to spend half a million on a new imaging device when the old one is still fine except for the OS of the control computer.

Sounds like a shitty place to be, I pity those guys.

That said, if you were talking about normal client computers then it's inexcusable.

[–] applebusch@lemmy.blahaj.zone 3 points 14 hours ago

It baffles me that medical device manufacturers use windows for fucking anything. You'd think just the licensing cost would push them away, but it being hot garbage for embedded software should have been enough. It's amazing any medical device certification process would allow them to use it at all, with the notorious unreliability and not giving a shit what you think about updates. People could die because of a fucking windows update at the wrong time.

load more comments (1 replies)

[–] kautau@lemmy.world 12 points 1 day ago

Quarterly profits above all else bby

load more comments (3 replies)

[–] nullPointer@programming.dev 42 points 1 day ago (1 children)

Senior developer: "not my coin miner!! ... i mean, how'd that get there?"

[–] sylver_dragon@lemmy.world 23 points 1 day ago (1 children)

You joke, but I've actually been responsible for a coder getting shown the door for running a coin miner on his work laptop.

In his defense, cyber security at that company was crap for a long time. After a ransomware outbreak, they started paying attention and brought some folks like myself in to start digging out. This guy missed the easy out of, "hey that's not mine!" The logs we had were spotty enough that we would have just nuked the laptop and moved on. But no, he had to fight us and insist that he should be allowed to run a coin miner on his work laptop. Management was not amused.

[–] lemsip@sh.itjust.works 1 points 19 hours ago (3 children)

Am I just stupid or does that seem like an extreme reaction?
Apart from the ~0% profitability these days, what's the issue with running a coin miner?

[–] sylver_dragon@lemmy.world 2 points 10 hours ago

The first issue with running a coin miner is using company resources for your own profit. Your own system, using your own electricity, go for it. Running it on a company owned laptop, while at a company building, burning electricity the company is paying for. Ya, that starts to get uncomfortably close to fraud or theft. There is also that whole, "running unauthorized software on a company system, doing who knows what else in the background." There is a very real possibility that the coin miner has unknown vulnerabilities which could allow remote code execution; or, just outright be malicious and contain a remote access trojan. Maybe he was smart enough to audit all the code it was using and be very sure that's not the case. More likely, he just grabbed a random implementation of XMRIG, put his wallet in the config file and ran it. Either way, he also made a point of refusing to remove it, so we escalated up to management. With the recent ransomware outbreak having been in the multi-million dollar (possibly low tens of millions) damage range, refusing to remove unauthorized software went over about as well as a lead balloon. There may have been other factors at play; but, the unauthorized software and being a dick about removing it was what got him out the door.

[–] StaticFalconar@lemmy.world 2 points 14 hours ago (1 children)

Analogous to someone using the company car to make some extra money as a uber/lift driver. Do you still not see the problem?

[–] lemsip@sh.itjust.works 0 points 10 hours ago

Kinda, but not as a firable offense.
Using the company car for uber would raise the odometer, wear the tyres, use fuel, risk crashing, etc..

As long as things are within thermal limits, it won't risk damaging the device.
I guess it could make the battery degrade quicker, but it seems so insignificant in comparison.

[–] Natanael@infosec.pub 1 points 13 hours ago

Besides the general security risk of they run trojaned clients, if they run it in the office they're spending the company's electricity

Programmer Humor

Rules