Our business-critical internal software suite was written in Pascal as a temporary solution and has been unmaintained for almost 20 years. It transmits cleartext usernames and passwords as the URI components of GET requests. They also use a single decade-old Excel file to store vital statistics. A key part of the workflow involves an Excel file with a macro that processes an HTML document from the clipboard.
I offered them a better solution, which was rejected because the downtime and the minimal training would be more costly than working around the current issues.
The library I worked for as a teen used to process off-site reservations by writing them to a text file, which was automatically e-faxed to all locations every odd day.
If you worked at not-the-main-location, you couldn’t do an off-site reservation, so on even days, you would print your list and fax it to the main site, who would re-enter it into the system.
This was 2005. And yes, it broke every month with an odd number of days.
downtime
minimal retraining
I feel your pain. Many good ideas that cause this are rejected. I have had ideas requiring one big downtime chunk rejected even though it reduces short but constant downtimes and mathematically the fix will pay for itself in a month easily.
Then the minimal retraining is frustrating when work environments and coworkers still pretend computers are some crazy device they’ve never seen before.
As weird as it may seem, this might be a good argument in favor of Pascal. I despised learning it at uni, as it seems worthless, but is seems that it can still handle business-critical software for 20 years.
What OP didn’t tell you is that, due to its age, it’s running on an unpatched WinXP SP2 install and patching, upgrading to SP3, or to any newer Windows OS will break the software calls that version of Pascal relies upon.
i worked for a hybrid hosting and cloud provider that was partnered with Electronic Arts for the SimCity reboot.
well half way through they decided our cloud wasn’t worth it, and moved providers. but no one bothered to tell all the outsourced foreign developers that they were on a new provider architecture.
all the shit storm fail launch of SimCity was because of extremely shitty code that was meant to work on one cloud and didn’t really work on another. but they assumed hurr hurr all server same.
so you guys got that shit launch and i knew exactly why and couldn’t say a damn thing for YEARS
The company would bid on government contracts, knowing full well they promised features that didn’t exists and never would, but calculating that the fine for not meeting the specs was lower than the benefit of the contract and getting the buyers locked into our system. I raised this to my boss, nothing changed and I quit shortly after.
I’ve worked in IT consulting for over 10 years and have never once lied about the capabilities of a product. I have said, it doesn’t do that natively, but if that’s a requirement we can scope how much it would take to make it happen. Sadly my company is very much the exception.
The worst I saw was years ago I was working on an infrastructure upgrade of a Hyper-V environment. The client purchased a backup solution I wasn’t familiar with but said it supported Hyper-V. It turns out their Hyper-V support was in “beta”. It wasn’t in beta. They were literally using this client as a development environment. It was a freaking joke. At one point I had to get on the phone with one of their developers and explain how high-availability and fail-over worked.
I worked in government contracting (and government, for that matter) for years and that blows my mind. I can’t remember the details, but if you even had a bad reviews, much less being found noncompliant, it could disqualify you entirely from some contract vehicles for a matter of years. Wild that there’s some agency that somehow lets people get away with fraud.
Also, if that cost the government money, there’s a chance you could report that after the fact and make some money.
eh DHCP isn’t really important right? obviously if it hasn’t changed since the 80’s why would you need to reboot your server.
what are vulnerabilities?
The contractor I worked for was run by a man who used to say “if the contract says they’ll blow up the contractor on delivery, we’re putting in a bid and solve the problem later”
Promising features that never existed is part and parcel to a lot of software sales, whether gov or private. Speaking from post-sales experience.
Health insurance company I worked for would automatically reject claims over a certain amount without reviewing them. Just to be dicks and make people have to resubmit. This was over 25 years ago, but it’s my understanding many health insurers still pull this shit. They don’t care if it’s legal or not. Enforcement is lazy and fines are cheaper than medical claims.
Obviously this is in the USA.
We need a whole branch of government dedicated to fucking with insurance companies. They basically generate free money by having money, they don’t actually provide any net positive outside of just having money
We need to move to single payer healthcare and just eliminate the need for insurance companies.
Geek Squad, We were flying under the radar upgrading Macbook RAM, until one day we became officially Apple Authorized to fix iPhones, which means we were no longer allowed to upgrade Macbook RAM since the Macbooks were older and considered “obsolete” by apple, meaning we were unable to repair or upgrade the hardware the customer paid for, simply because apple said it was “too old”. it was at this point in my customer interaction, that we recommend a repair shop down the road that isn’t held at gunpoint by apple ;)
Isn’t the ram soldered? Is it too hard to upgrade?
if you have a hot air desoldering station it shouldn’t be too hard. but it’s a tool that most people aren’t going to have on hand.
You used to be able to just pop it out and swap. Those were the days
Not for some models at the time, we also did SSD upgrades which we werent allowed to do. Even more ridiculous
Anybody knows that one waterfall attraction in the Southeast US? The one that advertises bloody everywhere? Waterfall is pumped during the dry seasons, otherwise there’d be nothing to see. Lots of the formations are fake, and the Cactus and Candle formation was either moved from a different spot in the cave, or is from a different cave in New Mexico. Management doesn’t want people to know that, but fuck 'em.
Ruby Falls?
After looking it up, you can find reports from others stating the same things. When I was there as a kid, I remember that they claimed no one knew where the source of the water came from… I guess they actually know enough to help it out at least, lol
I really enjoyed it and would like to go again, but it’s no Mammoth Cave.
1-800-got-junk? doesn’t care at all about its environmental impact. No sorting what so ever happens to what goes on their trucks it all goes to landfills. All the ads will say they recycle and that they repurpose old furniture but I was threatened with being fired when I recommended donating antiques instead of dumping a load of furniture.
More jobs and more profits comes before anything else in that company, including employee health and safety. Several times I was told to enter spaces we werent trained for (attics and crawl spaces) and carry waste I legally couldn’t transport (human/organic wastes and the laws states the driver is fined, not the company). One guy injured his shoulder during an attic job and was told to finish the shift or lose his job. Absoulte scum of a company with very sleazy management and possibly the labour board in their pocket as they kept “losing the files” when I tried to file a report with buddy’s shoulder (he was hesistant to report for fear of losing his job).
I’ve had a few friends work for them out in Montreal, and their parent company (2 Men and a Truck). According to them it’s a mob-operated business.
Oh no! I had a great experience with 2 men and a truck when I he used them! No idea it was associated with the 1 800 junk folks
The majority of tech startups are super chaotic and barely keeping things running. More than you would ever imagine.
Worked support for an electricity supplier. I was able to see a frightening amount of info about the customers. Even past ones who had moved elsewhere.
We also kept notes about each call, email, web or app chat. So if you were an asshole in the past, everyone will know going forward.
Also fuck landlords and landladies etc. More often than not, they were shitty to deal with.
Also we would often use Google Maps and Streetview to see what your house looked like. We also had pictures of the inside because the installation techs took pictures to confirm that works were completed as specified.
Alll of this was available to us for any reason, at any time with no oversight. And none of it was encrypted. There was also government websites in use up to 2020 that required internet explorer to use and had passwords as trivial as ‘Password1’.
I left that job because the pay was lousy and the stress was pretty full on. I respected a lot of people that worked there. Both higher ups and people who came after me. But fuck was there a lot of potential for bad actors or like stalkers etc to mess with your info.
I would reccomend to everyone. Please use password managers. Especially decent open source ones like Bitwarden. Take note of every piece of info that you give a company. From your phone number, address, email etc to even when you contacted them. Also try to not have your home look like an abandoned hovel on Streetview lol. Easier said than done I know. But it may affect your dealings with support people that you need help from. And lastly, please dont use Password1 as a login. Ever. Like please.
i would recommend Keepass
I worked as software engineer and my boss tolerated me going to office at 2pm and leave at 9pm. It’s against company policy, certainly, but no one talked about it. It still is my most productive and happy time.
I’m changing jobs at the moment. I accepted a position at a UK office of an American company which I was a perfect fit for but they wouldn’t tolerate remote working or flexitime. A few days after, I was offered a job at a UK company offering 80% remote work and very generous flexi but for £5000/year less. I let the American company know I wouldn’t be starting with them after all. Honestly, it this day and age flexible hours and such aren’t a big ask for most information workers and work-life life balance is too important.
This comment is not like the others, lol.
Good on your manager.
Over a decade ago I worked as a freelancer for an Investment Bank (the largest one that went bankrupt in the 2008 Crash, which was a few years later) were the head of the Proprietary Trading Desk (the team of Traders who invest for the profit of the bank) asked me if I could change the software so that they could see the investments of the Client Trading Desk (who invest for clients with client money) was making, with the assent of the latter team.
Now if the guys investing money for the bank know what they guys investing customer money are doing they can do things like Front-Run the customer trades (or serve them at exactly the right price to barelly beat the competiotion) thus making more profits for the bank and hence get bigger bonuses. This is why Financial regulations say that there is supposed to be so-called Chinese Walls between the proprietary trading and the customer trading activities: they’re supposed to be segregated and not visible to each other.
Note that the heads of both teams were mates and already regularly had chats, so they might already have been exchanging this info informally.
I was quite fresh in there (less than 1 year) and the software system I worked in at the time was used by both teams, but when I started looking into it I saw that the separation was very explicitly coded in software and that got me thinking about what I had learned from the mandatory compliance training I had done when I first joined (so, yeah, that stuff is not totally useless!!!)
So I asked for written confirmation from the heads of both teams, and just got some vague response e-mails, no clear “do such and such”.
So I played the fool and took it to a seperate team called Compliance (responsible for compliance with financial regulations) saying I just wanted to make sure it was all prim and proper, “just in case”.
Of course, it kinda blew up (locally) and I ended up called to a meeting with the heads of the Prop Desk and whatnot - all stern looks and barelly contained angry tones - were I kept playing the fool.
Ultimatelly it ended up not being a problem for me at all, to the point that after that bank went bust and its component parts were sold to another bank, the technical team manager asked me to come back to work with the same IT group (remember, I was a freelancer) with even greater responsabilities, so this didn’t exactly damage my career.
That said, over the years there were various cases of IT guys in large investment banks who went along with “innocent” requests from the Traders and ended up as the fall-guys for subsequent breaking of Finance Regulations, serving jail time, so had I gone along with that request I would’ve actually risked ending up in jail.
(Financial Regulators were and are a complete total joke when it comes to large banks, which actually makes it more likely that some poor techie guy will be made the fall guy to protected the bank and its heads).
This is your friendly reminder that the only person who went to jail for the diesel gate is the software developer who implemented the test-cheating practice. Not the managers, the directors who asked for it or anybody else
Every time we notified anyone about a potential illegal breach of gdpr that could get us fined or sued, admin pretended they had never been informed because the changes would take too long and collide with their plans to “revamp everything, reinvent the platform, and rebrand”.
I should have whistleblown them myself if it were not for the fact that doing so would probably get some previous employees fired rather than hurt the company.
I work in IT. Most systems have laughable security. Passwords are often saved in plain text in scripts or config files. I went to a site to help out a very large provincial governmental organization move some data out of one system and into another. They sat me down with a loaner laptop and the guy logged me into his user account on the server. When I asked for escalated privileges, he told me he’d go get someone who knew the service account passwords.
After a few minutes, I started poking around on my own… And had administrative access within an hour. I could read the database (raw data), access documents, start and stop the software, plus, figured out how to get into the upstream system that fed data to this server… I was working on figuring out the software’s admin password when the guy came back. I’m sure that given some more time, I could have rooted the box because the OS hadn’t been updated in years.
Having worked network support, the number of times I’ve been on a screen share with someone who opens an excel sheet from the share drive that holds all the root passwords for every network device they own is high. A bad actor could take down some very large companies with some simple social engineering skills.
I work as a pentester and Red Teamer, I can attest that even for some large companies, you always stumble upon something that’s just dumb, and completely renders their multi-million investment they are probably making into security tools and solutions worthless.
I worked for a pretty popular magazine back in the late 90’s. One day near the beginning/middle of 2000, we were all called down to the bullpen for a last minute meeting by management and marketing. (That’s never a good sign.)
We were told that we have a great product with amazing writing, but marketing doesn’t know how to sell it so they’re closing us down. Instead, we went online only. I was the web developer so I survived the firings.
So then we figured that we were set because our website produced more content and had more traffic than any of the company’s other websites. However, in March of 2001, we had another emergency meeting. Again, we were told our content was great, but the company was going in another direction. Instead of producing our own content, the company was going to just repost other sites’ content. I and everyone else in my team were let go.
Needless to say, the whole “we’ll just repost what other people posted” plan didn’t go so well. Last time I checked, the company wasn’t doing very well at all.
An AI company… They used to manually change system event logs to show it wasn’t their software that caused the downtime for our clients.
Bought over a million dollars worth hardware (25% of which didn’t even got racked), over 200 46inch LED screens that no one used, and very expensive offices at posh locations in the bid to increase its IPO valuation.
I’ve always been wondering to what degree are logs accurate, or rather believable as presented.
Such as when it comes to affiliate marketing, or ads. How can I, as a customer, know the numbers Amazon or Google about how many people used my link / seen my ad, aren’t full of shit?
Well related to that Google has recently been accused of faking that data sooo https://qz.com/google-video-ads-violate-its-own-standards-1850585533
Its been a decade since ive done cpa marketing but we used invisible tracking pixels to cross reference how many ads have been viewed and click through rates but ya they can wash the ads with junk traffic.
