Ramsay's kitchen nightmares, but for software development
-
It would have to be more like an unsolved mysteries show with a dramatic reenactment and a developer giving all the ugly details with a blacked out face and voice changer.
-
This post did not contain any content.
It would be depressing. I ended up working somewhere we would regularly get called in to clean up messes and enterprise software is a disaster.
Huge application. Dominating it's industry. It had only one user on a DBs with a password that hadn't been changed in over a decade. Same user/pass for each DB as well. The DBs were all publicly accessible. The applications, clients, engineers, and everyone else used that singular user. Better yet, one DB even had a table for the locations of every server, what it did, and what credentials you needed to log into it. This app held insurance information, PHI, PII, payment information, etc. The "Founder" thought he was clever because he'd turned of all logging on the DB and was under the impression if he couldn't detect a breach he didn't have to report it. The DB engines were so unbelievably old "community" versions of DBs. The password was something along the lines of <company name>1998!
They had a load balancer that took traffic in on 443 and sent it to the server on 80, but since the servers only used 80 and no one explained networking to them, every internal request would be sent to the open internet on 80, hit another source, and then would make it's way back to the load balancer and into the app. They were excited to show it to me and everything. Networking and Developers are like water and oil.
Yes that did get reported to governing bodies. They slapped he company on the wrist. No fine. I fixed it so it's nearly bulletproof now. When I turned on logging I do want to note there were TONS of connections to Iran South America, China, India, Russia, etc.
But that's A LOT of apps. We kept doing M&As and 3/4 apps that are being sold were the exact same. Hell, I've seen apps handling CUI store their data unencrypted on open servers. Reported as well, but nothing ever happens. We were told by one person that the laws and fines only exist to hit companies after there's a breach AND a lawsuit from users. Before then there's no victim and no crime.
Tldr; auditing software is a lot like what I imagine smoking crack is like.
-
And this wasn't even his biggest disaster as long as you don't count the potential for death. The baseball-throwing gig was just him and his manager; for his next project he led a team of five developers that turned three months into three years and never produced working software. The only revenue it ever produced was an initial $50K from the client that was later refunded to preempt a lawsuit. For the project he chose Ruby-on-Rails despite the fact that neither he nor anybody else on the team - nor anybody else in the entire state for that matter - had any experience with RoR. I have to give him credit, though: he was a true Renaissance Man in the sense that he could fuck up a project in any language or platform.
Whenever I feel like a bad programmer at least I can tell myself truthfully I haven't gotten anywhere near close to injuring someone with my code, let alone killing them.
-
This post did not contain any content.wrote on last edited by [email protected]
For the small niche that would find it comprehensible, that would be gold. Maybe it would work as a YouTube channel.
The trick is that software companies and their clients tend to be more publicity-averse than restaurants, and for Kitchen Nightmares they need to find ones that will straight-up agree to be made an ass of to get on TV.
-
It would be depressing. I ended up working somewhere we would regularly get called in to clean up messes and enterprise software is a disaster.
Huge application. Dominating it's industry. It had only one user on a DBs with a password that hadn't been changed in over a decade. Same user/pass for each DB as well. The DBs were all publicly accessible. The applications, clients, engineers, and everyone else used that singular user. Better yet, one DB even had a table for the locations of every server, what it did, and what credentials you needed to log into it. This app held insurance information, PHI, PII, payment information, etc. The "Founder" thought he was clever because he'd turned of all logging on the DB and was under the impression if he couldn't detect a breach he didn't have to report it. The DB engines were so unbelievably old "community" versions of DBs. The password was something along the lines of <company name>1998!
They had a load balancer that took traffic in on 443 and sent it to the server on 80, but since the servers only used 80 and no one explained networking to them, every internal request would be sent to the open internet on 80, hit another source, and then would make it's way back to the load balancer and into the app. They were excited to show it to me and everything. Networking and Developers are like water and oil.
Yes that did get reported to governing bodies. They slapped he company on the wrist. No fine. I fixed it so it's nearly bulletproof now. When I turned on logging I do want to note there were TONS of connections to Iran South America, China, India, Russia, etc.
But that's A LOT of apps. We kept doing M&As and 3/4 apps that are being sold were the exact same. Hell, I've seen apps handling CUI store their data unencrypted on open servers. Reported as well, but nothing ever happens. We were told by one person that the laws and fines only exist to hit companies after there's a breach AND a lawsuit from users. Before then there's no victim and no crime.
Tldr; auditing software is a lot like what I imagine smoking crack is like.
wrote on last edited by [email protected]Huge application. Dominating it’s industry. It had only one user on a DBs with a password that hadn’t been changed in over a decade. Same user/pass for each DB as well. The DBs were all publicly accessible. The applications, clients, engineers, and everyone else used that singular user.
At least one of those people seriously considered doing crime, right? It would be like shooting fish in a barrel and, with simple steps to hide your network origin, there would be no way of finding the culprit. With the kind of ransoms you could get from a company like that you could go and live happily ever after in Dubai.
Absolute madness.
-
I wonder if there is a forgotten torrent of the ISO somewhere floating around with users still seeding it
Nah, not forgotten at all. Here you have: https://old-releases.ubuntu.com/releases/8.04.0/
And they are all alive
-
We got hired by a company that was developing a remote-controlled baseball launching machine. The machine itself was just the standard two spinning wheels (although the max rotational speed of 125 mph was a lot for this sort of thing), but it could also pivot 360 degrees and also angle itself between straight up and 45 degrees down towards the ground, so it was capable of simulating any hit ball in baseball. The idea was that you would put this machine at home plate and then the coach could walk out among the players and use the remote (which was a Windows Mobile PDA) to generate any kind of hit, like a grounder to short or a pop fly to right field etc. Because the wheels could be independently controlled, you could put any kind of spin you wanted on a ball by having one wheel spinning faster than the other.
Really a cool device and a cool project, but my coworker who got the gig was a remarkably terrible programmer who spent more than a year fucking things up in various ways. At one point, for example, he spent three months trying to develop a Physics engine to control where the ball went, despite the fact that a) he knew nothing about Physics, and b) the Physics of a spinning baseball is actually incredibly complicated and well beyond the processing power of a PDA circa 2005. Not to mention that the balls used varied tremendously in how old and scuffed up they were, which would have defeated any attempt to calculate where they were going with any kind of real precision.
Despite being well over budget and past the original schedule, he had things sort of working (sometimes) and the client asked him to produce a variant of the software that would let the machine be used by Little League coaches. My coworker in addition to writing the version to scale back the speeds appropriately, also decided to completely change the API that was used to communicate with the machine. Previously, the speeds had been specified by short integer values between 0 and 32768, but he decided it would be better to use floating-point values between 0 and 1. All well and good, except his way of dealing with the huge amount of compiler errors this generated was to cast all the hard-coded short int values as floats and clamp the result between 0.0 and 1.0.
As bad as this was, he also decided to test this version - for the first time - on a field with actual Little Leaguers (in his defense - but only slightly - we rarely had access to the actual machine itself, so proper testing was always difficult). The coach sent the command for a slow grounder to the shortstop. This should have produced a horizontal ball with about a 30 mph speed on the bottom wheel and 35 mph on the top wheel to give it some topspin. Instead, his hard-code int values were about 10000 and 12000, which got cast and clamped to 1.0 by the API call - in other words, maximum speed (125 mph) on both wheels. This ejected a ball with no spin going 125 mph, the most deadly knuckleball in human history (human pitchers throw knucklers at maybe 50 mph and they're nearly impossible to hit or even catch). At least he had the angle and azimuth "right" so this was fired straight at the shortstop! Had it hit him, the kid for sure would have badly concussed and very possibly killed, but fortunately it sailed just over his head.
This is one of those moments I'm depressed I'm poor and this guy probably wasn't. Just, how do you fuck up that bad?
-
I wouldn't deploy this for my fucking dog, roll it back now!
wrote on last edited by [email protected]TBF if I was writing for my dog I'd pull out all the stops. Only the best for such a good boy! He would eat almost anything, though.
-
This is one of those moments I'm depressed I'm poor and this guy probably wasn't. Just, how do you fuck up that bad?
He knew the secrets: blame your tools and be the same religion as your bosses. He was also, to his credit, a fantastic softball player, which helped the company team win the championship every year.
-
This post did not contain any content.
Management: "But the coin miners are the only ones maintaining the server, if it wasn't for that it would have died long time ago"
