• Gary (unregistered)

    i'm hitting refresh until shiva is the captcha.

  • ***** (unregistered)

    I really don't see the WTF with having your user name match your password.

    Sincerely,


  • Shiva (unregistered)

    Ha! You've been caught and heads will roll!

    I have changed my password to something you will never guess!

  • (cs) in reply to Shiva
    Shiva:
    Ha! You've been caught and heads will roll!

    I have changed my ******** to something you will never guess!

    FTFY

  • (cs)

    I worked at a bank where IT support had been out sourced to a firm in India. The machines they administered were still in Europe, but locked down so tight that it required a phone call to India to get anything vaguely sysadmin'ish done.

    One day I came into work, sat down and tried to log in, only to find my password had expired. I asked around, and discovered that to reset it would require an email to IT support, a minimum support charge of 50GBP, and a two day turnaround. In other words, I could do no work for two days.

    Thankfully, one of the support staff had forgotten to log out from a machine they had been using while carrying out some on site work. A colleague had the presence of mind to leave the machine be so that on occasions when things like passwords expired, it could be accomplished without needing IT support.

    (Cut to twelve months later, and the bank no longer existed, absorbed into another bank during the credit crunch).

  • Anon (unregistered)

    That's amazing. I've got the same combination on my luggage.

  • STarLite (unregistered) in reply to Anon
    Anon:
    That's amazing. I've got the same combination on my luggage.
    1... 2... 3... 4... .... 5...
  • (cs)
    1. Shiva is a strange name for a German.

    2. TRWTF is risking your job by logging into production as someone else without their knowledge. Any workplace strict enough to allow such tight controls would absolutely be strict enough to fire someone for doing this.

    3. TRRWTF is telling someone that you have just hacked someones production account. (yes, even if they had an easy to guess password).

    4. TRRRWTF is that no-one has mentioned hunter2 yet.

  • My Name Is Missing (unregistered)

    I worked at a Healthcare company where everyone knew the username and password for all the production servers and databases, and there was no audit system either. Security by stupidity.

  • Tynam (unregistered) in reply to The Enterpriser
    The Enterpriser:
    Any workplace strict enough to allow such tight controls would absolutely be strict enough to fire someone for doing this.

    Oh, if only that were true. In many places I've worked, the security standard is "Guard the front door with tanks and artillery, then leave the window open and ignore all references to it so your staff don't waste time with all those door checkpoints. If anyone points out the open window, complain that they're nitpicking and not a team player."

  • Mike (unregistered)
    “To keep Shiva from catching on,” the more senior developer explained, “we would play Shiva’s game once every other promotion.”

    What did this mean? I can't understand it.

  • (cs)
    feugiat:
    Bill:
    What's the process for proof-reading Daily WTF articles?

    What's the protocol for "shutting the fsck up"?

    I think you can just press CTRL + C to interrupt fsck, but why would you want to?

  • Anon (unregistered) in reply to Mike
    Mike:
    “To keep Shiva from catching on,” the more senior developer explained, “we would play Shiva’s game once every other promotion.”

    What did this mean? I can't understand it.

    Once every other promotion (of code from dev to production), they let Shiva do his signing off thing in order to let him think the process is always followed and he's doing something useful. The rest of the time they just log in as him and do it themselves.

  • (cs)

    See, this is why you don't hire Hindu gods as admins.

  • ih8u (unregistered)
    Even though I'm an editor, I've learned to ignore the typos and grammatical pratfalls on this site. But this article sticks out like a sore thumb. It's not only poorly edited, it's extremely poorly written.

    (Goes off to burn incense at Muphry's altar ... )

    Even though I'm an editor, I've learned to start sentences with "But". sigh

    I too have an eye for the grammatical. It was the only part of English class I could stand. I can, however, just RTFAs without screaming out in pain for a duplicated word or botched punctuation.

    The writing could be better for sure, but I think complaining should be left for lines that literally make no sense.

  • (cs)

    So I wonder how Shiva prevents people from signing-on in the environment prior to signing-in on the clipboard. Do you think he really locks user accounts until they write their names on a piece of paper? Maybe it's lonely in Shiva-land and he just wants people to visit him?

    I can certainly appreciate Shiva's wanting to keep source control clean, but it seems there's something missing. Actually, this kind of anal-retentiveness indicates Shiva's total lack of understanding of how version control is supposed to work.

    TFA:
    ...was he so narcissistic so as to type his name in over and over? ...or perhaps it was a hint.
    Couldn't it be a little of both?
  • ShivaDestroyerOfWorlds (unregistered) in reply to The Enterpriser

    Not German, but perhaps reference to the god:

    http://en.wikipedia.org/wiki/Shiva

  • d.k. Allen (unregistered) in reply to frits
    frits:
    Shiva:
    Ha! You've been caught and heads will roll!

    I have changed my BUTT*** to something you will never guess!

    FTFY

    FTFTFY

  • Bitter Like Quinine (unregistered) in reply to ih8u
    Even though I'm an editor, I've learned to ignore the typos and grammatical pratfalls on this site. But this article sticks out like a sore thumb...
    Even though I'm an editor, I've learned to start sentences with "But".
    And?
  • iToad (unregistered) in reply to Shiva
    Shiva:
    Ha! You've been caught and heads will roll!

    I have changed my password to something you will never guess!

    It's probably avihS.

  • Rich (unregistered)

    I was in a startup where i started as both lead developer and Windows/Linux/FreeBSD sysadmin. Eventually they needed to hire a sysadmin to free me up 100% for dev duties. The sysadmin hated passwords. He set up NIS for our small-ish network. I checked it with ypcat, and he had set up a root-equiv/UID 0 account with no password at all. After i bitched to my boss/CEO (startup remember?) boss came back with something like "It's secure because no one will ever think we'd do something like that"

    Somehow the "no one will think we're that incredibly stupid" defense didn't work for me. That and hoping no hacker has the elite tools known as ypcat.

    CAPTCHA: transverbero too f'ing long.

  • Maboule (unregistered) in reply to Rich

    I worked for a large company and the home directory rights were 775 and everyone was in the same group. When I mentioned that this was a security issue, I was told that an application required things to be that way and that there was a company policy against hacking so it wasn't a real security issue. I changed the rights on my home directory; the application kept on working fine.

  • Ami Rite (unregistered)

    s/Townbank/Citibank/g s/Shiva/Ravi/g

  • Central Processing (unregistered)

    Clearly what was needed here was a process to control the creation of all new processes, so that something as ridiculous and workstopping as this would never be allowed to exist!

  • nasch (unregistered) in reply to boog
    boog:
    So I wonder how Shiva prevents people from signing-on in the environment prior to signing-in on the clipboard. Do you think he really locks user accounts until they write their names on a piece of paper?

    I assumed the devs didn't have accounts with the rights to commit.

  • Me (unregistered)

    If you had a shred of writesmanship, you would capitalize process throughout this article.

  • (cs) in reply to iToad
    iToad:
    Shiva:
    Ha! You've been caught and heads will roll!

    I have changed my password to something you will never guess!

    It's probably avihS.

    or toormai?

    I've seen that one used a few times.

  • (cs) in reply to nasch
    nasch:
    boog:
    So I wonder how Shiva prevents people from signing-on in the environment prior to signing-in on the clipboard. Do you think he really locks user accounts until they write their names on a piece of paper?

    I assumed the devs didn't have accounts with the rights to commit.

    I assumed the same, but I wasn't talking about version control in the quote above; I was talking about the clipboard prerequisite for sign-on in the environment.

  • by (unregistered) in reply to boog
    boog:
    nasch:
    boog:
    So I wonder how Shiva prevents people from signing-on in the environment prior to signing-in on the clipboard. Do you think he really locks user accounts until they write their names on a piece of paper?

    I assumed the devs didn't have accounts with the rights to commit.

    I assumed the same, but I wasn't talking about version control in the quote above; I was talking about the clipboard prerequisite for sign-on in the environment.
    This is extremely simple, particularly on an embedded system with no file system. All you have to do is alter the password verification routine to return TRUE, FALSE, or SHIVA_NOT_FOUND.

  • (cs) in reply to Bitter Like Quinine
    Bitter Like Quinine:
    Even though I'm an editor, I've learned to ignore the typos and grammatical pratfalls on this site. But this article sticks out like a sore thumb...
    Even though I'm an editor, I've learned to start sentences with "But".
    And?

    No, never start your sentences with 'And'.

  • (cs) in reply to @Deprecated
    @Deprecated:
    Bitter Like Quinine:
    And?

    No, never start your sentences with 'And'.

    "And is one of many words with which you should never start a sentence."

    Oh, no! What have I done?

  • EngleBart (unregistered) in reply to boog
    boog:
    nasch:
    boog:
    So I wonder how Shiva prevents people from signing-on in the environment prior to signing-in on the clipboard. Do you think he really locks user accounts until they write their names on a piece of paper?

    I assumed the devs didn't have accounts with the rights to commit.

    I assumed the same, but I wasn't talking about version control in the quote above; I was talking about the clipboard prerequisite for sign-on in the environment.
    The developers had a user account for email and the like. But when they wanted to log onto one of the developer accounts, I bet they used a separate account name that Shiva kept locked. In VMS it would have been very simple for him to enable your account, let you logon, and then disable your account. This would stop you from logging on after an idle-timer forced you off of the system. He could ensure that you had to bring him donuts every morning if he wanted.

    VMS security still kicks but compared to Windows. I am still waiting for Windows to tell me how many login failures since my last login. With VMS, if the protaganist had not guessed the password correctly the first time, then Shiva would have known on his next login. It would of course trace back to his own desk which would really piss him off! Of course Shiva may have still noticed that his last successful login was from a time when he was away from his desk if he had really been paying attention!

    P.S. Purposely started a sentence with "But". Can you feel the fingernails on the chalkboard?

  • (cs) in reply to @Deprecated
    @Deprecated:
    Bitter Like Quinine:
    Even though I'm an editor, I've learned to ignore the typos and grammatical pratfalls on this site. But this article sticks out like a sore thumb...
    Even though I'm an editor, I've learned to start sentences with "But".
    And?

    No, never start your sentences with 'And'.

    Or?

  • (cs)

    In a further development, Shiva has been downsized and replaced with...

    [image]
  • Mark (unregistered) in reply to @Deprecated
    @Deprecated:
    Bitter Like Quinine:
    Even though I'm an editor, I've learned to ignore the typos and grammatical pratfalls on this site. But this article sticks out like a sore thumb...
    Even though I'm an editor, I've learned to start sentences with "But".
    And?

    No, never start your sentences with 'And'.

    And why not?

  • (cs) in reply to EngleBart
    EngleBart:
    boog:
    nasch:
    boog:
    So I wonder how Shiva prevents people from signing-on in the environment prior to signing-in on the clipboard. Do you think he really locks user accounts until they write their names on a piece of paper?

    I assumed the devs didn't have accounts with the rights to commit.

    I assumed the same, but I wasn't talking about version control in the quote above; I was talking about the clipboard prerequisite for sign-on in the environment.
    The developers had a user account for email and the like. But when they wanted to log onto one of the developer accounts, I bet they used a separate account name that Shiva kept locked. In VMS it would have been very simple for him to enable your account, let you logon, and then disable your account. This would stop you from logging on after an idle-timer forced you off of the system. He could ensure that you had to bring him donuts every morning if he wanted.

    VMS security still kicks but compared to Windows. I am still waiting for Windows to tell me how many login failures since my last login. With VMS, if the protaganist had not guessed the password correctly the first time, then Shiva would have known on his next login. It would of course trace back to his own desk which would really piss him off! Of course Shiva may have still noticed that his last successful login was from a time when he was away from his desk if he had really been paying attention!

    P.S. Purposely started a sentence with "But". Can you feel the fingernails on the chalkboard?

    Windows authentication uses a multi-instance database with multi-master replication, your VMS example was a single system. Windows XP and later can also authenticate with cached credentials even without a network connection. A complete list of all login failures would have to be compiled from the logs of all systems that have ever been part of the Active Directory forest, even if they aren't currently on line. However, with event forwarding and a little reporting, you could get this information without too much effort. This is a typical case where an older system was easier to administer simply because it had fewer features.

  • Jay (unregistered) in reply to by
    by:
    boog:
    nasch:
    boog:
    So I wonder how Shiva prevents people from signing-on in the environment prior to signing-in on the clipboard. Do you think he really locks user accounts until they write their names on a piece of paper?

    I assumed the devs didn't have accounts with the rights to commit.

    I assumed the same, but I wasn't talking about version control in the quote above; I was talking about the clipboard prerequisite for sign-on in the environment.
    This is extremely simple, particularly on an embedded system with no file system. All you have to do is alter the password verification routine to return TRUE, FALSE, or SHIVA_NOT_FOUND.

    +1 This should be the start of a new running joke.

  • Jay (unregistered) in reply to @Deprecated
    @Deprecated:
    Bitter Like Quinine:
    Even though I'm an editor, I've learned to ignore the typos and grammatical pratfalls on this site. But this article sticks out like a sore thumb...
    Even though I'm an editor, I've learned to start sentences with "But".
    And?

    No, never start your sentences with 'And'.

    Oh, the irony! In response to an article about organizations demanding that people follow a rule that serves no useful purpose just because "it's the rule", a poster ridicules someone for failing to follow a rule that serves no useful purpose just because "it's the rule".

  • Andy (unregistered) in reply to Mark

    Because a bunch of youngsters learning English would write fragments that started with a conjunction and then left out the other clause, teachers insisted that they not start sentences that way even though it is quite grammatical to do so.

    Also, if you make the sentences long enough, that backwards form can be confusing, since you don't necessarily have all of the context until you reach the end.

  • (cs) in reply to Zylon
    Zylon:
    See, this is why you don't hire Hindu gods as admins.

    I thought it was about the Jewish practice of shiva, not the Hindu deity.

    In retrospect, either one fits. Sysadmins who think they are gods, or a mourning process.

  • (cs) in reply to Jay
    Jay:
    by:
    boog:
    nasch:
    boog:
    So I wonder how Shiva prevents people from signing-on in the environment prior to signing-in on the clipboard. Do you think he really locks user accounts until they write their names on a piece of paper?

    I assumed the devs didn't have accounts with the rights to commit.

    I assumed the same, but I wasn't talking about version control in the quote above; I was talking about the clipboard prerequisite for sign-on in the environment.
    This is extremely simple, particularly on an embedded system with no file system. All you have to do is alter the password verification routine to return TRUE, FALSE, or SHIVA_NOT_FOUND.

    +1 This should be the start of a new running joke.

    Please Shiva, no.

  • (cs) in reply to danixdefcon5
    danixdefcon5:
    @Deprecated:
    Bitter Like Quinine:
    Even though I'm an editor, I've learned to ignore the typos and grammatical pratfalls on this site. But this article sticks out like a sore thumb...
    Even though I'm an editor, I've learned to start sentences with "But".
    And?

    No, never start your sentences with 'And'.

    Or?

    Or is another word with which you should not begin sentences.

  • Jay (unregistered)

    Grammar rules that I routinely ignore:

    Never use a preposition to end a sentence with. (As Winston Churchill said, "That is a rule up with which I shall not put.")

    Be sure to not split your infinitives. (I strive to boldly split infinitives that no man has split before.)

    About sentence fragments.

    And never begin a sentence with a conjunction.

  • Jay (unregistered) in reply to Andy
    Andy:
    Because a bunch of youngsters learning English would write fragments that started with a conjunction and then left out the other clause, teachers insisted that they not start sentences that way even though it is quite grammatical to do so.

    Also, if you make the sentences long enough, that backwards form can be confusing, since you don't necessarily have all of the context until you reach the end.

    I'm not sure if you're being deliberately ironic, or if you failed to realize that both sentences of your reply begin with conjunctions, thus breaking the rule that you are defending.

  • KittyKat (unregistered) in reply to Jaime
    Jaime:
    EngleBart:
    boog:
    nasch:
    boog:
    So I wonder how Shiva prevents people from signing-on in the environment prior to signing-in on the clipboard. Do you think he really locks user accounts until they write their names on a piece of paper?

    I assumed the devs didn't have accounts with the rights to commit.

    I assumed the same, but I wasn't talking about version control in the quote above; I was talking about the clipboard prerequisite for sign-on in the environment.
    The developers had a user account for email and the like. But when they wanted to log onto one of the developer accounts, I bet they used a separate account name that Shiva kept locked. In VMS it would have been very simple for him to enable your account, let you logon, and then disable your account. This would stop you from logging on after an idle-timer forced you off of the system. He could ensure that you had to bring him donuts every morning if he wanted.

    VMS security still kicks but compared to Windows. I am still waiting for Windows to tell me how many login failures since my last login. With VMS, if the protaganist had not guessed the password correctly the first time, then Shiva would have known on his next login. It would of course trace back to his own desk which would really piss him off! Of course Shiva may have still noticed that his last successful login was from a time when he was away from his desk if he had really been paying attention!

    P.S. Purposely started a sentence with "But". Can you feel the fingernails on the chalkboard?

    Windows authentication uses a multi-instance database with multi-master replication, your VMS example was a single system. Windows XP and later can also authenticate with cached credentials even without a network connection. A complete list of all login failures would have to be compiled from the logs of all systems that have ever been part of the Active Directory forest, even if they aren't currently on line. However, with event forwarding and a little reporting, you could get this information without too much effort. This is a typical case where an older system was easier to administer simply because it had fewer features.

    Heh, complicated does not equal good (repost, hit reply not quote)

  • (cs) in reply to Jay

    The moral of the story: never break a rule until you understand why it is there.

  • FTS (unregistered) in reply to Jay
    Jay:
    Andy:
    Because a bunch of youngsters learning English would write fragments that started with a conjunction and then left out the other clause, teachers insisted that they not start sentences that way even though it is quite grammatical to do so.

    Also, if you make the sentences long enough, that backwards form can be confusing, since you don't necessarily have all of the context until you reach the end.

    I'm not sure if you're being deliberately ironic, or if you failed to realize that both sentences of your reply begin with conjunctions, thus breaking the rule that you are defending.

    He's not defending the rule. The so-called rule is nothing of the sort. (I.e., it's perfectly okay to begin a sentence with and, or, or but.)

  • Buffled (unregistered) in reply to boog
    boog:
    @Deprecated:
    Bitter Like Quinine:
    And?

    No, never start your sentences with 'And'.

    "And is one of many words with which you should never start a sentence."

    Oh, no! What have I done?

    Some people might call it funny. I just call it "rape of the English language". (Note that there's some question over whether the period goes inside or outside of the quote: My Rule states that if the content inside the quotes is a complete sentence, then the period goes inside. Otherwise, it goes outside. Everyone should follow My Rule.)

  • Mark (unregistered)

    My problem here is that the story conflates two situations:

    The bulk of the story describes a procedure whose costs clearly outweigh any benefits it could ever have. That's a problem.

    But the into to the story reads as a typical developer rant against ANY procedure one might be required to follow, suggesting that a developer should never be told to follow a procedure the reasons for which he or she doesn't personally understand.

    So what are you to do as an organization with legitimate problems that require a process? For example, perhaps you have a promotion policy that requries the use of a source control system and certain documentation. Undocumented exceptions would quickly erode the value of this system, and it may well be that your long term costs would be much higher without it. It may even be that you couldn't meet your legal obligations without it.

    Yet short-term costs will always be lower without it, and we all know that when a project is behind the principals will argue that there's not time to do things right. There will always be a demand for these exceptions regardless of the long-term costs. So what are you to do?

    Do you spend the time to draw out example scenarios that are long-term enough the developer is going to dismiss them anyway, regardless of their validity? Do you waste time explaining the purpose and connecting the dots over and over again? Do you fire perfectly good development talent because they can't or won't grasp the underlying reasons for the process? Do you just let them ignore the policies and hope for the best (all too common, actually)?

    Or maybe, if you want your organization to function over any length of time, you tell them "it's not in your project's scope to change the process or tell me how much you like it; it is the process."

  • David (unregistered)

    TRWTF is that this story must be 25 years old; VAXen were still the new thing in the mid 1980's but not much beyond. Still, if you want old stories...

    Jaime:
    Windows authentication uses a multi-instance database with multi-master replication, your VMS example was a single system. Windows XP and later can also authenticate with cached credentials even without a network connection.
    So could VMS over DECnet.

    As EngleBart said, VMS records login times, and can show who is online. I once noticed an account logged on when its owner was away, and from a VT100 in a different office to his. When I called our Sandwich Student into my office and told him where and when he had logged in as Roger, he was shocked that I knew, and confessed immediately. Had I told his college, he'd probably have been kicked out and failed his degree. However those were more innocent times, and his actual punishment was to become a System Administrator - he'd proved at least some ability, and with full access to SYSTEM he'd have no more incentive to break in. He did a good job of it too. (And yes, we blocked Roger's account and made him change his weak password when he came back.)

    TRRWTF is that nowadays the student would probably have got a police record, and his future career would have been ruined. Still, can't be too careful with all those terrorists about can we?

Leave a comment on “Working Around, Over, and Through the Process”

Log In or post as a guest

Replying to comment #:

« Return to Article