Comment On Working Around, Over, and Through the Process

When Kevin landed a job at Townbank in the late 1980s, he came face-to-face with the same thing that thousands of newly minted developers had encountered before and since – there is more to being a corporate programmer than just writing code – there’s the process. [expand full text]
« PrevPage 1 | Page 2Next »

Re: Working Around, Over, and Through the Process

2010-10-12 09:05 • by Gary (unregistered)
i'm hitting refresh until shiva is the captcha.

Re: Working Around, Over, and Through the Process

2010-10-12 09:09 • by ***** (unregistered)
I really don't see the WTF with having your user name match your password.

Sincerely,
*****

Re: Working Around, Over, and Through the Process

2010-10-12 09:15 • by Shiva (unregistered)
Ha! You've been caught and heads will roll!

I have changed my password to something you will never guess!

Re: Working Around, Over, and Through the Process

2010-10-12 09:16 • by frits
324711 in reply to 324710
Shiva:
Ha! You've been caught and heads will roll!

I have changed my ******** to something you will never guess!

FTFY

Re: Working Around, Over, and Through the Process

2010-10-12 09:24 • by java.lang.Chris;
I worked at a bank where IT support had been out sourced to a firm in India. The machines they administered were still in Europe, but locked down so tight that it required a phone call to India to get anything vaguely sysadmin'ish done.

One day I came into work, sat down and tried to log in, only to find my password had expired. I asked around, and discovered that to reset it would require an email to IT support, a minimum support charge of 50GBP, and a two day turnaround. In other words, I could do no work for two days.

Thankfully, one of the support staff had forgotten to log out from a machine they had been using while carrying out some on site work. A colleague had the presence of mind to leave the machine be so that on occasions when things like passwords expired, it could be accomplished without needing IT support.

(Cut to twelve months later, and the bank no longer existed, absorbed into another bank during the credit crunch).

Re: Working Around, Over, and Through the Process

2010-10-12 09:32 • by Anon (unregistered)
That's amazing. I've got the same combination on my luggage.

Re: Working Around, Over, and Through the Process

2010-10-12 09:55 • by STarLite (unregistered)
324722 in reply to 324717
Anon:
That's amazing. I've got the same combination on my luggage.

1...
2...
3...
4...
....
5...

Re: Working Around, Over, and Through the Process

2010-10-12 10:02 • by The Enterpriser
1. Shiva is a strange name for a German.

2. TRWTF is risking your job by logging into production as someone else without their knowledge. Any workplace strict enough to allow such tight controls would absolutely be strict enough to fire someone for doing this.

3. TRRWTF is telling someone that you have just hacked someones production account. (yes, even if they had an easy to guess password).

4. TRRRWTF is that no-one has mentioned hunter2 yet.

Re: Working Around, Over, and Through the Process

2010-10-12 10:03 • by My Name Is Missing (unregistered)
I worked at a Healthcare company where everyone knew the username and password for all the production servers and databases, and there was no audit system either. Security by stupidity.

Re: Working Around, Over, and Through the Process

2010-10-12 10:14 • by Tynam (unregistered)
324728 in reply to 324724
The Enterpriser:
Any workplace strict enough to allow such tight controls would absolutely be strict enough to fire someone for doing this.


Oh, if only _that_ were true. In many places I've worked, the security standard is "Guard the front door with tanks and artillery, then leave the window open and ignore all references to it so your staff don't waste time with all those door checkpoints. If anyone points out the open window, complain that they're nitpicking and not a team player."

Re: Working Around, Over, and Through the Process

2010-10-12 10:17 • by Mike (unregistered)
“To keep Shiva from catching on,” the more senior developer explained, “we would play Shiva’s game once every other promotion.”


What did this mean? I can't understand it.

Re: Working Around, Over, and Through the Process

2010-10-12 10:37 • by boog
feugiat:
Bill:
What's the process for proof-reading Daily WTF articles?


What's the protocol for "shutting the fsck up"?

I think you can just press CTRL + C to interrupt fsck, but why would you want to?

Re: Working Around, Over, and Through the Process

2010-10-12 10:37 • by Anon (unregistered)
324735 in reply to 324729
Mike:
“To keep Shiva from catching on,” the more senior developer explained, “we would play Shiva’s game once every other promotion.”


What did this mean? I can't understand it.


Once every other promotion (of code from dev to production), they let Shiva do his signing off thing in order to let him think the process is always followed and he's doing something useful. The rest of the time they just log in as him and do it themselves.

Re: Working Around, Over, and Through the Process

2010-10-12 10:41 • by Zylon
See, this is why you don't hire Hindu gods as admins.

Re: Working Around, Over, and Through the Process

2010-10-12 10:52 • by ih8u (unregistered)
Even though I'm an editor, I've learned to ignore the typos and grammatical pratfalls on this site. But this article sticks out like a sore thumb. It's not only poorly edited, it's extremely poorly written.

(Goes off to burn incense at Muphry's altar ... )


Even though I'm an editor, I've learned to start sentences with "But". *sigh*

I too have an eye for the grammatical. It was the only part of English class I could stand. I can, however, just RTFAs without screaming out in pain for a duplicated word or botched punctuation.

The writing could be better for sure, but I think complaining should be left for lines that literally make no sense.

Re: Working Around, Over, and Through the Process

2010-10-12 10:54 • by boog
So I wonder how Shiva prevents people from signing-on in the environment prior to signing-in on the clipboard. Do you think he really locks user accounts until they write their names on a piece of paper? Maybe it's lonely in Shiva-land and he just wants people to visit him?

I can certainly appreciate Shiva's wanting to keep source control clean, but it seems there's something missing. Actually, this kind of anal-retentiveness indicates Shiva's total lack of understanding of how version control is supposed to work.

TFA:
...was he so narcissistic so as to type his name in over and over? ...or perhaps it was a hint.

Couldn't it be a little of both?

Re: Working Around, Over, and Through the Process

2010-10-12 10:58 • by ShivaDestroyerOfWorlds (unregistered)
324739 in reply to 324724
Not German, but perhaps reference to the god:

http://en.wikipedia.org/wiki/Shiva

Re: Working Around, Over, and Through the Process

2010-10-12 10:58 • by d.k. Allen (unregistered)
324740 in reply to 324711
frits:
Shiva:
Ha! You've been caught and heads will roll!

I have changed my *BUTT**** to something you will never guess!

FTFY


FTFTFY

Re: Working Around, Over, and Through the Process

2010-10-12 11:04 • by Bitter Like Quinine (unregistered)
324741 in reply to 324737
Even though I'm an editor, I've learned to ignore the typos and grammatical pratfalls on this site. But this article sticks out like a sore thumb...

Even though I'm an editor, I've learned to start sentences with "But".

And?

Re: Working Around, Over, and Through the Process

2010-10-12 11:14 • by iToad (unregistered)
324742 in reply to 324710
Shiva:
Ha! You've been caught and heads will roll!

I have changed my password to something you will never guess!


It's probably avihS.

Re: Working Around, Over, and Through the Process

2010-10-12 11:52 • by Rich (unregistered)
I was in a startup where i started as both lead developer and Windows/Linux/FreeBSD sysadmin. Eventually they needed to hire a sysadmin to free me up 100% for dev duties. The sysadmin hated passwords. He set up NIS for our small-ish network. I checked it with ypcat, and he had set up a root-equiv/UID 0 account with no password at all. After i bitched to my boss/CEO (startup remember?) boss came back with something like "It's secure because no one will ever think we'd do something like that"

Somehow the "no one will think we're that incredibly stupid" defense didn't work for me. That and hoping no hacker has the elite tools known as ypcat.

CAPTCHA: transverbero
too f'ing long.

Re: Working Around, Over, and Through the Process

2010-10-12 12:11 • by Maboule (unregistered)
324749 in reply to 324745
I worked for a large company and the home directory rights were 775 and everyone was in the same group. When I mentioned that this was a security issue, I was told that an application required things to be that way and that there was a company policy against hacking so it wasn't a real security issue. I changed the rights on my home directory; the application kept on working fine.

Re: Working Around, Over, and Through the Process

2010-10-12 12:13 • by Ami Rite (unregistered)
s/Townbank/Citibank/g
s/Shiva/Ravi/g

Re: Working Around, Over, and Through the Process

2010-10-12 12:15 • by Central Processing (unregistered)
Clearly what was needed here was a process to control the creation of all new processes, so that something as ridiculous and workstopping as this would never be allowed to exist!

Re: Working Around, Over, and Through the Process

2010-10-12 12:17 • by nasch (unregistered)
324752 in reply to 324738
boog:
So I wonder how Shiva prevents people from signing-on in the environment prior to signing-in on the clipboard. Do you think he really locks user accounts until they write their names on a piece of paper?


I assumed the devs didn't have accounts with the rights to commit.

Re: Working Around, Over, and Through the Process

2010-10-12 12:18 • by Me (unregistered)
If you had a shred of writesmanship, you would capitalize process throughout this article.

Re: Working Around, Over, and Through the Process

2010-10-12 12:22 • by dubbreak
324754 in reply to 324742
iToad:
Shiva:
Ha! You've been caught and heads will roll!

I have changed my password to something you will never guess!


It's probably avihS.

or toormai?

I've seen that one used a few times.

Re: Working Around, Over, and Through the Process

2010-10-12 12:32 • by boog
324755 in reply to 324752
nasch:
boog:
So I wonder how Shiva prevents people from signing-on in the environment prior to signing-in on the clipboard. Do you think he really locks user accounts until they write their names on a piece of paper?


I assumed the devs didn't have accounts with the rights to commit.

I assumed the same, but I wasn't talking about version control in the quote above; I was talking about the clipboard prerequisite for sign-on in the environment.

Re: Working Around, Over, and Through the Process

2010-10-12 12:40 • by by (unregistered)
324756 in reply to 324755
boog:
nasch:
boog:
So I wonder how Shiva prevents people from signing-on in the environment prior to signing-in on the clipboard. Do you think he really locks user accounts until they write their names on a piece of paper?


I assumed the devs didn't have accounts with the rights to commit.

I assumed the same, but I wasn't talking about version control in the quote above; I was talking about the clipboard prerequisite for sign-on in the environment.

This is extremely simple, particularly on an embedded system with no file system. All you have to do is alter the password verification routine to return TRUE, FALSE, or SHIVA_NOT_FOUND.

Re: Working Around, Over, and Through the Process

2010-10-12 12:51 • by @Deprecated
324759 in reply to 324741
Bitter Like Quinine:
Even though I'm an editor, I've learned to ignore the typos and grammatical pratfalls on this site. But this article sticks out like a sore thumb...

Even though I'm an editor, I've learned to start sentences with "But".

And?


No, never start your sentences with 'And'.

Re: Working Around, Over, and Through the Process

2010-10-12 13:05 • by boog
324761 in reply to 324759
@Deprecated:
Bitter Like Quinine:
And?


No, never start your sentences with 'And'.

"And is one of many words with which you should never start a sentence."

Oh, no! What have I done?

Re: Working Around, Over, and Through the Process

2010-10-12 13:08 • by EngleBart (unregistered)
324762 in reply to 324755
boog:
nasch:
boog:
So I wonder how Shiva prevents people from signing-on in the environment prior to signing-in on the clipboard. Do you think he really locks user accounts until they write their names on a piece of paper?


I assumed the devs didn't have accounts with the rights to commit.

I assumed the same, but I wasn't talking about version control in the quote above; I was talking about the clipboard prerequisite for sign-on in the environment.

The developers had a user account for email and the like. But when they wanted to log onto one of the developer accounts, I bet they used a separate account name that Shiva kept locked. In VMS it would have been very simple for him to enable your account, let you logon, and then disable your account. This would stop you from logging on after an idle-timer forced you off of the system. He could ensure that you had to bring him donuts every morning if he wanted.

VMS security still kicks but compared to Windows. I am still waiting for Windows to tell me how many login failures since my last login. With VMS, if the protaganist had not guessed the password correctly the first time, then Shiva would have known on his next login. It would of course trace back to his own desk which would really piss him off! Of course Shiva may have still noticed that his last successful login was from a time when he was away from his desk if he had really been paying attention!

P.S. Purposely started a sentence with "But". Can you feel the fingernails on the chalkboard?

Re: Working Around, Over, and Through the Process

2010-10-12 13:08 • by danixdefcon5
324763 in reply to 324759
@Deprecated:
Bitter Like Quinine:
Even though I'm an editor, I've learned to ignore the typos and grammatical pratfalls on this site. But this article sticks out like a sore thumb...

Even though I'm an editor, I've learned to start sentences with "But".

And?


No, never start your sentences with 'And'.
Or?

Re: Working Around, Over, and Through the Process

2010-10-12 13:20 • by Zylon
In a further development, Shiva has been downsized and replaced with...

Re: Working Around, Over, and Through the Process

2010-10-12 13:23 • by Mark (unregistered)
324766 in reply to 324759
@Deprecated:
Bitter Like Quinine:
Even though I'm an editor, I've learned to ignore the typos and grammatical pratfalls on this site. But this article sticks out like a sore thumb...

Even though I'm an editor, I've learned to start sentences with "But".

And?


No, never start your sentences with 'And'.


And why not?

Re: Working Around, Over, and Through the Process

2010-10-12 13:24 • by Jaime
324767 in reply to 324762
EngleBart:
boog:
nasch:
boog:
So I wonder how Shiva prevents people from signing-on in the environment prior to signing-in on the clipboard. Do you think he really locks user accounts until they write their names on a piece of paper?


I assumed the devs didn't have accounts with the rights to commit.

I assumed the same, but I wasn't talking about version control in the quote above; I was talking about the clipboard prerequisite for sign-on in the environment.

The developers had a user account for email and the like. But when they wanted to log onto one of the developer accounts, I bet they used a separate account name that Shiva kept locked. In VMS it would have been very simple for him to enable your account, let you logon, and then disable your account. This would stop you from logging on after an idle-timer forced you off of the system. He could ensure that you had to bring him donuts every morning if he wanted.

VMS security still kicks but compared to Windows. I am still waiting for Windows to tell me how many login failures since my last login. With VMS, if the protaganist had not guessed the password correctly the first time, then Shiva would have known on his next login. It would of course trace back to his own desk which would really piss him off! Of course Shiva may have still noticed that his last successful login was from a time when he was away from his desk if he had really been paying attention!

P.S. Purposely started a sentence with "But". Can you feel the fingernails on the chalkboard?
Windows authentication uses a multi-instance database with multi-master replication, your VMS example was a single system. Windows XP and later can also authenticate with cached credentials even without a network connection. A complete list of all login failures would have to be compiled from the logs of all systems that have ever been part of the Active Directory forest, even if they aren't currently on line. However, with event forwarding and a little reporting, you could get this information without too much effort. This is a typical case where an older system was easier to administer simply because it had fewer features.

Re: Working Around, Over, and Through the Process

2010-10-12 13:29 • by Jay (unregistered)
324768 in reply to 324756
by:
boog:
nasch:
boog:
So I wonder how Shiva prevents people from signing-on in the environment prior to signing-in on the clipboard. Do you think he really locks user accounts until they write their names on a piece of paper?


I assumed the devs didn't have accounts with the rights to commit.

I assumed the same, but I wasn't talking about version control in the quote above; I was talking about the clipboard prerequisite for sign-on in the environment.

This is extremely simple, particularly on an embedded system with no file system. All you have to do is alter the password verification routine to return TRUE, FALSE, or SHIVA_NOT_FOUND.


+1 This should be the start of a new running joke.

Re: Working Around, Over, and Through the Process

2010-10-12 13:32 • by Jay (unregistered)
324769 in reply to 324759
@Deprecated:
Bitter Like Quinine:
Even though I'm an editor, I've learned to ignore the typos and grammatical pratfalls on this site. But this article sticks out like a sore thumb...

Even though I'm an editor, I've learned to start sentences with "But".

And?


No, never start your sentences with 'And'.


Oh, the irony! In response to an article about organizations demanding that people follow a rule that serves no useful purpose just because "it's the rule", a poster ridicules someone for failing to follow a rule that serves no useful purpose just because "it's the rule".

Re: Working Around, Over, and Through the Process

2010-10-12 13:32 • by Andy (unregistered)
324770 in reply to 324766
Because a bunch of youngsters learning English would write fragments that started with a conjunction and then left out the other clause, teachers insisted that they not start sentences that way even though it is quite grammatical to do so.

Also, if you make the sentences long enough, that backwards form can be confusing, since you don't necessarily have all of the context until you reach the end.

Re: Working Around, Over, and Through the Process

2010-10-12 13:32 • by Silfax
324771 in reply to 324736
Zylon:
See, this is why you don't hire Hindu gods as admins.



I thought it was about the Jewish practice of shiva, not the Hindu deity.

In retrospect, either one fits. Sysadmins who think they are gods, or a mourning process.





Re: Working Around, Over, and Through the Process

2010-10-12 13:32 • by frits
324772 in reply to 324768
Jay:
by:
boog:
nasch:
boog:
So I wonder how Shiva prevents people from signing-on in the environment prior to signing-in on the clipboard. Do you think he really locks user accounts until they write their names on a piece of paper?


I assumed the devs didn't have accounts with the rights to commit.

I assumed the same, but I wasn't talking about version control in the quote above; I was talking about the clipboard prerequisite for sign-on in the environment.

This is extremely simple, particularly on an embedded system with no file system. All you have to do is alter the password verification routine to return TRUE, FALSE, or SHIVA_NOT_FOUND.


+1 This should be the start of a new running joke.


Please Shiva, no.

Re: Working Around, Over, and Through the Process

2010-10-12 13:33 • by hatterson
324773 in reply to 324763
danixdefcon5:
@Deprecated:
Bitter Like Quinine:
Even though I'm an editor, I've learned to ignore the typos and grammatical pratfalls on this site. But this article sticks out like a sore thumb...

Even though I'm an editor, I've learned to start sentences with "But".

And?


No, never start your sentences with 'And'.
Or?


Or is another word with which you should not begin sentences.

Re: Working Around, Over, and Through the Process

2010-10-12 13:35 • by Jay (unregistered)
Grammar rules that I routinely ignore:

Never use a preposition to end a sentence with. (As Winston Churchill said, "That is a rule up with which I shall not put.")

Be sure to not split your infinitives. (I strive to boldly split infinitives that no man has split before.)

About sentence fragments.

And never begin a sentence with a conjunction.

Re: Working Around, Over, and Through the Process

2010-10-12 13:37 • by Jay (unregistered)
324776 in reply to 324770
Andy:
Because a bunch of youngsters learning English would write fragments that started with a conjunction and then left out the other clause, teachers insisted that they not start sentences that way even though it is quite grammatical to do so.

Also, if you make the sentences long enough, that backwards form can be confusing, since you don't necessarily have all of the context until you reach the end.


I'm not sure if you're being deliberately ironic, or if you failed to realize that both sentences of your reply begin with conjunctions, thus breaking the rule that you are defending.

Re: Working Around, Over, and Through the Process

2010-10-12 13:39 • by KittyKat (unregistered)
324777 in reply to 324767
Jaime:
EngleBart:
boog:
nasch:
boog:
So I wonder how Shiva prevents people from signing-on in the environment prior to signing-in on the clipboard. Do you think he really locks user accounts until they write their names on a piece of paper?


I assumed the devs didn't have accounts with the rights to commit.

I assumed the same, but I wasn't talking about version control in the quote above; I was talking about the clipboard prerequisite for sign-on in the environment.

The developers had a user account for email and the like. But when they wanted to log onto one of the developer accounts, I bet they used a separate account name that Shiva kept locked. In VMS it would have been very simple for him to enable your account, let you logon, and then disable your account. This would stop you from logging on after an idle-timer forced you off of the system. He could ensure that you had to bring him donuts every morning if he wanted.

VMS security still kicks but compared to Windows. I am still waiting for Windows to tell me how many login failures since my last login. With VMS, if the protaganist had not guessed the password correctly the first time, then Shiva would have known on his next login. It would of course trace back to his own desk which would really piss him off! Of course Shiva may have still noticed that his last successful login was from a time when he was away from his desk if he had really been paying attention!

P.S. Purposely started a sentence with "But". Can you feel the fingernails on the chalkboard?
Windows authentication uses a multi-instance database with multi-master replication, your VMS example was a single system. Windows XP and later can also authenticate with cached credentials even without a network connection. A complete list of all login failures would have to be compiled from the logs of all systems that have ever been part of the Active Directory forest, even if they aren't currently on line. However, with event forwarding and a little reporting, you could get this information without too much effort. This is a typical case where an older system was easier to administer simply because it had fewer features.


Heh, complicated does not equal good (repost, hit reply not quote)

Re: Working Around, Over, and Through the Process

2010-10-12 13:52 • by itzac
324779 in reply to 324769
The moral of the story: never break a rule until you understand why it is there.

Re: Working Around, Over, and Through the Process

2010-10-12 14:26 • by FTS (unregistered)
324781 in reply to 324776
Jay:
Andy:
Because a bunch of youngsters learning English would write fragments that started with a conjunction and then left out the other clause, teachers insisted that they not start sentences that way even though it is quite grammatical to do so.

Also, if you make the sentences long enough, that backwards form can be confusing, since you don't necessarily have all of the context until you reach the end.


I'm not sure if you're being deliberately ironic, or if you failed to realize that both sentences of your reply begin with conjunctions, thus breaking the rule that you are defending.

He's not defending the rule. The so-called rule is nothing of the sort. (I.e., it's perfectly okay to begin a sentence with and, or, or but.)

Re: Working Around, Over, and Through the Process

2010-10-12 14:29 • by Buffled (unregistered)
324782 in reply to 324761
boog:
@Deprecated:
Bitter Like Quinine:
And?


No, never start your sentences with 'And'.

"And is one of many words with which you should never start a sentence."

Oh, no! What have I done?


Some people might call it funny. I just call it "rape of the English language". (Note that there's some question over whether the period goes inside or outside of the quote: My Rule states that if the content inside the quotes is a complete sentence, then the period goes inside. Otherwise, it goes outside. Everyone should follow My Rule.)

Re: Working Around, Over, and Through the Process

2010-10-12 14:35 • by Mark (unregistered)
My problem here is that the story conflates two situations:

The bulk of the story describes a procedure whose costs clearly outweigh any benefits it could ever have. That's a problem.

But the into to the story reads as a typical developer rant against ANY procedure one might be required to follow, suggesting that a developer should never be told to follow a procedure the reasons for which he or she doesn't personally understand.

So what are you to do as an organization with legitimate problems that require a process? For example, perhaps you have a promotion policy that requries the use of a source control system and certain documentation. Undocumented exceptions would quickly erode the value of this system, and it may well be that your long term costs would be much higher without it. It may even be that you couldn't meet your legal obligations without it.

Yet short-term costs will always be lower without it, and we all know that when a project is behind the principals will argue that there's not time to do things right. There will always be a demand for these exceptions regardless of the long-term costs. So what are you to do?

Do you spend the time to draw out example scenarios that are long-term enough the developer is going to dismiss them anyway, regardless of their validity? Do you waste time explaining the purpose and connecting the dots over and over again? Do you fire perfectly good development talent because they can't or won't grasp the underlying reasons for the process? Do you just let them ignore the policies and hope for the best (all too common, actually)?

Or maybe, if you want your organization to function over any length of time, you tell them "it's not in your project's scope to change the process or tell me how much you like it; it is the process."

Re: Working Around, Over, and Through the Process

2010-10-12 15:12 • by David (unregistered)
TRWTF is that this story must be 25 years old; VAXen were still the new thing in the mid 1980's but not much beyond. Still, if you want old stories...

Jaime:
Windows authentication uses a multi-instance database with multi-master replication, your VMS example was a single system. Windows XP and later can also authenticate with cached credentials even without a network connection.

So could VMS over DECnet.

As EngleBart said, VMS records login times, and can show who is online. I once noticed an account logged on when its owner was away, and from a VT100 in a different office to his.
When I called our Sandwich Student into my office and told him where and when he had logged in as Roger, he was shocked that I knew, and confessed immediately. Had I told his college, he'd probably have been kicked out and failed his degree. However those were more innocent times, and his actual punishment was to become a System Administrator - he'd proved at least some ability, and with full access to SYSTEM he'd have no more incentive to break in. He did a good job of it too. (And yes, we blocked Roger's account and made him change his weak password when he came back.)

TRRWTF is that nowadays the student would probably have got a police record, and his future career would have been ruined. Still, can't be too careful with all those terrorists about can we?
« PrevPage 1 | Page 2Next »

Add Comment