Sometime around midnight...
Lorne: And so another April 2nd begins. Hope you enjoyed all three articles this April 1st. What, three of them? Yup. I guess you're one of the, like, 3 people who didn't figure out by hacking the site / clicking View Source.

All three articles are now display:block for your viewing pleasure. Thanks to Alex for throwing his sabos into the "RSS Factory", and for letting me indulge in a bit of mischief. Half the fun was trying to subvert the article system. The other half was researching wood-analogs for human bone. (I'm a writer. I really like research. It's like constructive procrastination).

For the record, two of the three articles are fakes. The screen shot is not from a real blade sharpening system, and no one had their dev servers bombed as "a test".

That bit of php, though? Paraphrased nearly line-for-line from a system I worked on once. Oh, memories. Painful, painful memories.

- Lorne, April 1, 2011

(PS: Svengali is real, and his show is better than Cats. You should go see it, again and again.)


Today's storystories comes to us from Svengali:

Featured Article

I know I shouldn't attribute to malice what can be explained by incompetence-- but it's hard when the malice is proclaimed and intentional.

I was the head of IT for a medium-sized company. One day, a consulting firm gave management a power-point filled presentation about data disasters. The crux of the presentation was that no IT department was ever prepared enough, and only an outsider could properly protect the company's precious, precious data.

Needless to say, they were hired to do a protection audit. I did some research on the company. Turns out their "audits" were actually surprise data disaster drills based on no-win scenarios. They were designed to show CEOs that their IT departments were incompetent, in order to sell over-priced protection rackets… I mean, services.

With that heads-up, I spent a week preparing for their Kobyashi. I checked every asset, made sure the cage was stocked with kit, charged every UPS, and make sure every server was backed up thrice. I documented everything in a "hit by a bus" file. I was prepared.

The next week, the consultants showed up, CEO in tow, and handed out expense cards for the pub down the road. The department was to relax until 1pm, and enjoy what I knew would be a costly free lunch. Sure enough, at 12:45pm, all our "Oh Crap!" pagers went off. The simulated alarms were a nice touch, but being 15 minutes early wasn't.

Back at the office, all our monitoring systems were going nuts, and everyone was in a panic. The consultant gave the CEO this smug "told you so" look, then let us in on what was going on.

They wanted to really prove to the CEO that we couldn't handle an emergency, even one we thought we were prepared for. So rather than run their own scenario, they decided to test our own "hit by a bus" plan. The consultant smugly explained to the CEO how all IT plans were fundamentally flawed, and would always fail, and this would show that we weren't prepared for planning to fail.

I tried to log into the production servers, and failed. In order to make the simulation as real as possible, they'd "made unavailable" certain critical resources.

And by "made unavailable", I mean deleted.

And by "certain", I mean every database I'd listed in my file.

Their instructions were "Restore from backup. Your time starts now."

My response was "Those were the backups."

At least we got to test our offsite backups that day. I left the company before I found out how the lawsuit ended.


CodeSOD

"This login processes has been in production on our order tracking website for at least five years. Thankfully we have either non-tech savvy or non-malicious users."

LoginSubmit.php

// load $db_user_record based on username and password given by Login.php
// ... snip ...	
<form id='autosubmit_form' method='GET' action='SetSession.php'%gt;
<%php 		 		
	if ($db_user_record['is_admin'] == '1')
	{
		echo "<input type='hidden' name='is_admin' id='is_admin' value='no' />";
	}
%>

<script type='text/javascript'>
	document.autosubmit_form.submit();
</script>	
	
SetSession.php:
<%php
	$_SESSION['IsAdmin'] = true;
	if ($_REQUEST['is_admin'] == 'no')
	{
		$_SESSION['IsAdmin'] = false;
	}
	// Set a bunch of other session variables before redirecting to the home page
%>

Error'd

The shop's automatic sharpener requires you to test the blades out on a piece of material of an appropriate hardness. The choice of material depends on a ton of factors, and if you pick the wrong one, you dull the blade. There's a lot of guesswork involved, so we put in a feature request with the machine's manufacturer.

The latest version of the software suggests what you should test the blade on. Either they're using different materials than us, or the feature was maliciously implemented by Stephen King:

svengali

What did you think of this story? Make sure to share your thoughts and read other comments!