- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Admin
Admin
If you mean, using testing data data, yes, everyone does. In our purchasing product development environment, I used to order "gold ingots". Lots of them.
But this is just gross....
Admin
"We assume you are an admin until proven otherwise. By 'otherwise' we mean any chimp too dumb to save and edit HTML."
Admin
I bet you also told everyone that the psychiatrist Luke Skywalker talked to was dead all along?
And that the movie wasn't actually set "A long time ago", that was just a ruse to keep Nicole Kidman's kids from escaping the Moulin Rouge?
(PS: Spoilers)
Admin
Pfft, you're all working too hard...
javascript: void( $(".artic").show() )
Done ^^
Admin
You have won April Fools day on TheDailyWTF
Admin
What is a Humerus?
Admin
Funny, but misspelled...
Admin
It's your funny bone.
Admin
Admin
/tosses a quarter to Akismet
Admin
Like a Fire Marshal coming to test safety procedures by starting an actual fire. Building burns to the ground, people die. Similarly ironic.
Admin
Could have been worse. They could have "made unavailable" certain critical resources with 10 gallons of gasoline and a match.
CAPTCHA: augue - Winning the argument by using a (power) auger.
Admin
Admin
So... never attribute to malice that which is written by the fatuous?
Admin
And tomorrow is April 2nd...
Admin
I would try it on Nagesh's humerus.
Admin
Obvious master it is you!!!
Admin
Admin
Admin
The REAL WTF is giving that kind of access to outside entities. No consultant or auditor should be given that level of access or permission.
Admin
Too much work.
CAPTCHA: ratis - I don't give a ratis about this WTF.
Admin
TRWTF is that outsiders got that level of physical access. I was once asked for root credentials to systems that I had "ownership" of by the internal audit team. This was a "Big" company that did financial and tax work. I told them "no." I asked for the tools they wished to run and what reports on them they'd like.
I then read their scripts (Ugly csh that made HORRIBLE assumptions) and laughed. Not only would they not collect metrics, they would not even work. Rather than find out where the binaries such as "ls" were, they assumed they were in some ridiculous location (/usr/local/bin) so as to make the entire script do nothing more than spit out the hostname and their formatting, but no data. I gave them their reports as well as the log to show the script had been run as root.
Admin
I'm curious as to why all the other comments are about backups and not the php code in the article.
Admin
Just attribute it to malice.
Admin
The form does a GET submission, meaning the user would be able to see a flash of /SetSession.php?is_admin=no in their address bar (before the session page redirects to the account spage or whatever, probably with another autosubmission). Some curiosity and a login later, /SetSession.php?is_admin=yes gets them admin privileges.
TRWTF is that this code is sent to the browser in the first place.
Admin
Why yes, I will remove tdwtf from my trusted javascript list.
Admin
That's cool. As long as they're looking for a guy named "frits" I should be in the clear.
Admin
Very humerus.
Admin
Admin
Admin
Or if they enabled shadow copy at the origional backup location (and the free disk space is a few times bigger than their backup), they may try to retrieve the deleted files there first.
Admin
I remember a firedrill in an army barracks in the 1980s (no name pack drill) The building itself housed offices and was built in the 1880's
Anywhoo they decided to make it more realistic by "popping smoke" - a few broken arms, legs and dislocated ankles later ....
Admin
Not quite as disasterous, but I have a similar story. When I was in the Marine Corps Infantry, our company was sitting outdoors for an NBC (Nuclear, Biological, Chemical) class. Our company commander thought it would be "good traing" to suprise us with a couple of CS grenades. One landed right next to me. Before I could get my mask on, I had already taken a deep breath of CS. The fight-or-flight instinct kicked in and I ran. Blindly. I didn't even see the tree coming...
Admin
Admin
Not really. It did fail. Why did they have to resort to off site backups, Just load the last hours tape from the jukebox and hit restore...
What fool sets up a set of redundant servers and does NOT do a image to SDLT at least every 4 hours? it should have been able to be restored from a in house tape from that morning.
Finally, why did they not have a raid 60 set up? with failover mirroring? It's really easy to foil some testing company if you have real hardware in place instead of crap designed by someone that does not do a complete job for critical backups.
Admin
The WTF is in performing a catastrophe recovery simulation that is both a) destructive and b) surprise. Good engineering, professionalism, and plain ol' common sense dictate that you do not do both simultaneously.
When your professional services involve white-hat hacking, security or data/systems recovery, your number one priority is always, always, and fucking always to leave data and systems the way you found them.
If you perform a destructive drill without notifying those to be inspected a-priori, you pretty much tie the loss of data to the inspected ability to recover (which in this case was being claimed to faulty.)
As an inspector, you do not have a recovery plan of your own. How could you? So how could you, professionally and ethically perform a destructive simulation on your client's premises under conditions you cannot possibly control.
That's pretty much putting a client's assets at a destructive risk that is completely unnecessary and possibly unrecoverable. If not even weapon manufacturers do that except in the rarest of circumstances, what sort of a retarded buffoon would think this is a good idea in an IT shop?
It is absolutely f* stupid, to a point that is just retarded and criminal, to even think doing so is a good idea. In my line of work, companies I've worked on have conducted recovery scenarios by simulation, by rehearsal of recovery checklists, and destructive runs followed by backup tests on test/pre-production hardware (the type of hardware one promotes to "production" if actual production hardware suffers a catastrophic failure, down to steps required to open/close firewalls, DNS changes, etc.
Never, ever, ever do you put live data and back ups at unnecessary (and unannounced) risk. Doing otherwise is nothing more than a pissing contest to prove one is right and win a contract.
That is a WTF.
Admin
Admin
that "knife test" reminds me of a story in a book, "Government goofs": it describes the requirements for high-class ashtrays, and one requirement is the "size of the pieces it makes when smashed with a hammer"...so you would have to actually smash them to see if they met this requirement...
Admin
How is it that one of Nagesh's pointless ramblings is a featured comment?