• (cs) in reply to Pez
    Pez:
    jeremypnet:
    ubersoldat:
    JimM:
    ... I know at least two small charitable organisations ...
    Totally true, but I still don't know why this organizations (with a 'z' btw) waste precious money ...
    "Organisations" is standard spelling in the UK.
    And, let's face it, the RIGHT spelling
    Only if you're from England and were born since the early - mid 1800s. The Middle English form had a z AND a c (instead of the t) and could arguably be called correct, if spelling wasn't basically a matter of opinion in Middle England ;^). The s|z thing is all an affectation of Victorian Antiquarians, who thought it was more "civilised" to be like the Romans (c.f. the fallcious claim that it's wrong to split the infinitive). Shows what they know!

    Addendum (2008-12-05 08:16): I must correct myself: the s|z change comes about because of French, not Latin. I don't fully understand that myself. Not to mention the fact that many -ise / -ize words have a correct and standard noun form ending -ist. So yes, a theorist theorizes (rather than theorising, you understand). That's Greek for you...

  • (cs) in reply to JimM
    JimM:
    Pez:
    jeremypnet:
    ubersoldat:
    JimM:
    ... I know at least two small charitable organisations ...
    Totally true, but I still don't know why this organizations (with a 'z' btw) waste precious money ...
    "Organisations" is standard spelling in the UK.
    And, let's face it, the RIGHT spelling
    Only if you're from England and were born since the early - mid 1800s. The Middle English form had a z AND a c (instead of the t) and could arguably be called correct, if spelling wasn't basically a matter of opinion in Middle England ;^). The s|z thing is all an affectation of Victorian Antiquarians, who thought it was more "civilised" to be like the Romans (c.f. the fallcious claim that it's wrong to split the infinitive). Shows what they know!

    I'm surprised[1] no one has yet brought up ubersoldat's misuse of "this", where he means "these". Or possibly "theze".

    [1] Though definitely not "surprized", as the word came into English through French.

  • (cs) in reply to Bob
    Bob:
    JimM:
    That bit I do understand. Contract a company to do this work and pay for it and you have some kind of support to fall back on. If you take this from a volunteer you risk reaching a point where you can't update or change your site anymore!
    We all see your point.
    Apparently you don't, but I'll read on anyway...
    Bob:
    The one thing we don't know is where you could possibly be getting drugs that haven't killed you yet but are strong enough to make you believe that the quality of the "support" is going to be any better than the complete and utter crap that was supplied in the first place.
    Please feel free to quote the line in my comment where I say the support will be any good. I don't.
    Bob:
    No, seriously, if you actually read the posted article you'ld have noticed that there were several significant flaws in the product that was paid for, yet somehow you seem to assume that paying for something gets "support" but not paying for it creates "risk" that can only be banished by money.
    I don't remember saying that "risk" can only be "banished" by "money", but if that's your inference then I'm intrigued as to where you're going here...
    Bob:
    Even on a good day, you never know if support means "someone will be there before you've finished explaining the problem" or "someone will be there the month after we finish landing the next sucker." ... <snip>

    ...you might as well roll dice trying to pick which will give the best quality work.

    Yes, as I thought you've completely missed the point, which isn't about quality. It's about legal liability. If you sign a contract and pay for a service, then you have legal recourse if the service isn't of suitable quality (or isn't provided at all). Volunteers move on or get real jobs so they can't offer you the time anymore, and you have no legal recourse if they simply leave you with an unusable website. Also, charities in the UK have a legal obligation to have an accessible website - if you have a contract with an external company to provide that then you can reasonably deflect any legal liabiltiy if your site isn't accessible; with a volunteer the legal liability is al your own...

  • mister nasty (unregistered)

    ';DROP TABLE users;

  • mister nasty (unregistered)

    just checking

  • (cs) in reply to Cantabrigian
    Cantabrigian:
    I'm surprised no one has yet brought up ubersoldat's misuse of "this", where he means "these". Or possibly "theze".
    I believe that
    DeLos:
    Wow you attempt to correct someone because they use an alternate (and correct) spelling all while making a grammatical error yourself. Nicely done!
    was a subtle reference to that. Personally I considered myself above making the comment ;^)

    So, are you from Cambridge, or did you just go to Uni there?

  • KD (unregistered)

    My friends, why do we always have to argue about regional differences in spelling and grammar? The vast majority of people on this site are industry professionals with years of experience in writing and maintaining expansive enterprise applications. Yet we can't even have a friendly discussion without someone shouting out "you spell that word different to me, you're STUPID and so is your STUPID country".

    I truly don't understand why so many people on this site behave like school children. Actually, that's not fair - because this would be immature behaviour even in school.

    That's all I have to say. So, are we going to try to get along or are you all going to berate me for spelling "behaviour" in the British form instead of the American form?

  • secretGeek (unregistered)

    oh i have been there. experienced that exact same situation.

    this story was like a page out of my diary -- except that i don't have a diary and if i did it wouldn't have pages just bytes.

  • Your Name (unregistered) in reply to KD
    KD:
    My friends, why do we always have to argue about regional differences in spelling and grammar?
    The same reason programmers argue about syntax rather than semantics: Because the barrier to entry is so low.
  • (cs) in reply to JimM
    JimM:
    Cantabrigian:
    I'm surprised no one has yet brought up ubersoldat's misuse of "this", where he means "these". Or possibly "theze".
    I believe that
    DeLos:
    Wow you attempt to correct someone because they use an alternate (and correct) spelling all while making a grammatical error yourself. Nicely done!
    was a subtle reference to that. Personally I considered myself above making the comment ;^)

    So, are you from Cambridge, or did you just go to Uni there?

    Depends what you mean: I'm not originally from Cambridge but went to the University and have lived here ever since.

    And sorry for not noticing your subtle comment: Muphry's (sic) law applies at least twice ;)

  • (cs)

    It is true that organisation was spelled interchangably with "z" or "s". It was standardised (note the "s") by Dr. Johnson with his dictionary, which superceded the previous attempts at dictionaries and became the only correct spelling.

    As for those across the pond, they emigrated there before this happened so can't be blamed for it all.

    The fact that OED even lists variants has made me deliberately ignore any new editions. They are basically saying it is correct spelling when it isn't (in this country). Pupils have been marked down for American spelling (even if it is in OED) and a good thing too. English is hard enough for the dyslexics without variant spellings and non-existent words (like "incentivize").

  • jordanwb (unregistered) in reply to David
    David:
    Given that English is spoken by over 1,000 million people worldwide, and only around 250 million of those are in the US, it might almost be said that the spelling using the 'z' is the alternate.

    1,000 Million?

  • noname (unregistered)

    I am adamant that this comment.

    Captha: Validus

  • Rogerwilco (unregistered) in reply to noname

    What amazes me each time, is how hard it is to get management and the technician/programmer to communicate.

    It seems a lot of us have a big problem to be acknowledged to be right, even if we are right.

    I've been in similar situations myself. I once could not convince my boss to buy my 512Mb ram so I could run my computations, because he would not spend any money, unless I could show him exactly how much the company would save if I could run my computations. The irony: The computations were supposed to show how much money we could save. (I'm talking easily 10 million euros or more annualy, because it was about forecasting nationwide electricity usage).

    It still is one of the most frustrating moments of my life that I could not get someone to spend 50 euros to save possible millions.

    What is so fundamentally wrong that this kind of communication fails all the time?

    What should the submitter of the story have done differently to get management to realise the errors of the website design?

    Anyone has a clue?

  • nyctonyc (unregistered) in reply to JimM

    DreamWeaver, FrontPage, and Notepad are just tools.

    You can code a beatiful site in Notepad (yeah, I know, REAL programmers use COPY CON PROGRAM.EXE), and you can create a pile of crap in DW. Or the other way around.

    Don't blame the tools. Blame the complete lack of any type of education regarding good design, common sense, and basic understanding of usability.

  • nyctonyc (unregistered) in reply to jordanwb
    jordanwb:
    David:
    Given that English is spoken by over 1,000 million people worldwide, and only around 250 million of those are in the US, it might almost be said that the spelling using the 'z' is the alternate.

    1,000 Million?

    Well, over 9000 to be sure.

  • Davidibus (unregistered)

    I remember experiencing some second-hand pain with an outsourced marketing website a few years ago.

    It was ASP, and had an excellent search function. You filled in your search term, hit search, at which point it would read the full text of all files in the web application directory trying to find exactly matching text. No indexing. On demand. Including the source code of all ASP files. So you could search for "<!--" and it would match every single page in the site. Also, if you hit search too many times, funnily enough it would slow to a crawl...

  • Asiago Chow (unregistered) in reply to Anonymous
    Anonymous:
    Asiago Chow:
    So...no, an IT professional wouldn't have listed the changes and asked for permission any more than a surgeon would ask his patients to approve everything he might do to remove a cancerous growth.

    The problem with these analogies is that your forgetting there is three parties in the original story. The management, the contracted "professionals" and the employed professional.

    There are often three parties. That doesn't change the obligations. The three parties in this story are the customer (marketing guy), the builder (who provided the web page), and the IT guy (responsible for the IT infrastructure of the company). That's no different than a patient, a hospital, and a surgeon. Hospitals provide operating theaters. If they provide one that doesn't meet the surgeon's needs he can't just do a surgery anyway...and if the surgery is actualy necessary he can't just refuse to do it under any circumstances. He must find a way of providing for his patient's needs (or in the story the marketing department's needs) within the context of what the hospital (or web developer) can provide while not abandoning his professional ethics (not leaving his employer open to the harm that comes from vulnerable websites and lack of search indexing).
    Amateur:
    I hate to be the guy who brings up dictionary definitions in discussions on the internet, but this discussion seems to consist of you trying to redefine the word "professional", so it seems appropriate.

    2 a:...

    Not redefining but using in the correct way. Note that you had to go down to meaning 2 to find a looser standard of "professional".

    I prefer this:

    A professional is a worker required to possess a large body of knowledge derived from extensive academic study (usually tertiary), with the training almost always formalized. Professionals are at least to a degree self-regulating, in that they control the training and evaluation processes that admit new persons to the field, and in judging whether the work done by their members is up to standard. This differs from other kinds of work where regulation (if considered necessary) is imposed by the state, or where official quality standards are often lacking. Professions have some historical links to guilds in these regards.

    Professionals usually exercise autonomy in the workplace, and are expected to utilize their independent judgement and professional ethics in carrying out their responsibilities. This holds true even if they are employees instead of working on their own. Typically a professional provides a service (in exchange for payment or salary), in accordance with established protocols for licensing, ethics, procedures, standards of service and training / certification.

    The above definitions were echoed by economist and sociologist Max Weber, who noted that professions are defined by the power to exclude and control admission to the profession, as well as by the development of a particular vocabulary specific to the occupation, and at least somewhat incomprehensible to outsiders. ...

    Trades In narrow usage, not all expertise is considered a profession. Although sometimes referred to as professions, such occupations as skilled construction work are more generally thought of as trades or crafts.

    (emphasis mine)

    That was copy/pasted from wikipedia but matches what I was taught in school and have known as the definition of "profession" since I was a child.

    So I'm not redefining but using the common definition.

    There are professional societies for IT. There is certainly a particular vocabulary. Where are the ethics and standards of care?

    argh:
    If the engineer's employer hired another professional company to build the bridge, the engineer should not meddle with the work they do in their professional capacity unless she wants to bring the liability upon herself when it collapses and the police find her fingerprints on the steel beams that she installed one night.
    That depends. If she is responsible for bridge safety (like the IT guy was taking responsibility for IT security) she has not only the right but the responsibility for vetting the 3rd party work and authorizing changes to the design. There is no need to be installing beams at night. If she is an engineer she should stamp her changes and send a work crew. She is going to need to document the work and get it paid for anyway. That sort of thing happens all the time in bridges -- and IT.
    Eternal Density:
    She's a tradesman?
    The English tradesman is neuter. :)
  • jared (unregistered) in reply to Asiago Chow

    There are no professional societies for IT. There are attempts but until they are recognized by the government as having some authority, they are nothing more than glorified clubs.

    Let me know when one of them lets me say to my employer "That is against code and potentially dangerous. I will not do it and I will not order others to do it. If I find that you have found someone who is not a member of our organization to do it for you, I will report you to the proper authorities who will force you to do it properly or stop you from doing it at all."

    If I don't have that right by being a member of an organization then that organization is not a professional society.

    So I guess I agree that IT folks are not "professionals" but I strongly disagree that it's due to their actions/in-actions. It's because of all the untrained bosses nephews that fuck everything up.

  • Asiago Chow (unregistered) in reply to jared
    jared:
    There are no professional societies for IT. There are attempts but until they are recognized by the government as having some authority, they are nothing more than glorified clubs.

    Professional societies don't need government recognition. Glorified club is good enough. Law gives a great example: The Bar Association is the professional organization of lawyers, right? Everyone knows that. Lawyers are supposed to be members of their State Bar Association in good standing. The Bar Association can field complaints about lawyers and even sanction lawyers for -- punish them -- for misconduct, failing to maintain standards, or even for the types of ads they run. If a lawyer insists on running ads that promise victory he will likely be thrown out of the Bar Association.

    Being a member of the Bar Association is not required to practice law in many states. That's despite the fact that "Bar" comes from "admission to the bar", which is the grant of permission to practice law by a court. You can be admitted to the bar without being a member of the Bar Association. Yes, it is a requirement in others... but you cannot argue that the lack of government recognition makes the bar association all that much less relevant, or a lawyer less of a professional bound to ethical guidelines, in one state vs another.

    How does it work? I happen to have a relative who practices law though he is not a member of his state bar association. He has a law degree, he is licensed by his state, has been admitted to the bar, but he never joined the bar association. Dumbest move he could make IMO because he is stuck working for the state (which of course doesn't care about no stinkin association membership), family (at a major discount), or outside of the legal industry -- no member of the bar association will hire or recommend him as a lawyer and most prospective clients leave when they realize he isn't a bar association member in good standing. It's strictly cultural -- no law prevents him from working and in fact he has mostly worked for the state -- but people hiring lawyers go to other lawyers for advice and they won't recommend him so he gets paid half of what a "real" lawyer would for the same work. He's just freaked out by the association admissions requirements and comfortable with the dregs he can get outside the association so he doesn't join...but if he did he would double his yearly income and get a lot more respect.

    It's a culture we in IT are fully capable of adopting right now without any government regulation. And yes, the requirement is that we act like professionals.

    Or not... there is nothing wrong with being tradesmen. Overtime is nice.

  • Stumbler (unregistered)

    I just found this:

    http://www.harmony-framework.com/

    WTF?

  • Franz Kafka (unregistered) in reply to Asiago Chow
    Asiago Chow:
    Or not... there is nothing wrong with being tradesmen. Overtime is nice.

    Lawyers get paid by the hour. Most Software guys don't.

  • Asiago Chow (unregistered) in reply to Franz Kafka
    Franz Kafka:
    Lawyers get paid by the hour.
    Law firms bill by the hour. Lawyers may or may not be paid by the hour.

    Companies that sell custom software usually bill by the hour. They may or may not pay their programmers by the hour.

    If you contact my employer and ask for a service that takes an hour of my time they will bill an hourly rate of several hundred dollars. That does not mean that I am paid by the hour or that I receive several hundred dollars per hour.

    In any case the lawyer and programmer are considered "exempt" from overtime under US labor law. So where a pump repair person (salaried or hourly) would usually go from $N/hr to $1.5N/hr after 8 hours per day or 40 per week actually on the job, the lawyer and programmer stay at N whether they work 40 hours or 90...even if they can be fired for working 39 hours. Go figure.

  • Jazz (unregistered) in reply to Asiago Chow
    Asiago Chow:
    As an IT person your job is to support the business needs of the company that pays you. Business needs are typically determined by the people who actually bring money into the company -- sales and customer support. If the sales side says "our business needs include a product website in order to market and sell this product", IT's responsibility is to ensure that the website exists and can work to market and sell the product.

    Absolutely. Brandon supported the business needs of his company by ensuring that their site would be findable by potential customers and that their data assets would be safe from malicious users. As you said, IT's responsibility is to make sure the site can "work to market and sell the product." It can't do this if it can't be found by google users. It can't do this if the database for the site is corrupt or destroyed. Therefore, by your own argument, Brandon performed precisely his job.

  • Asiago Chow (unregistered) in reply to Jazz

    Good to see that my argument was understood.

  • Simon Says (unregistered)

    What annoys me is that these kind of douche bags seem to be in every company. I get tired of hearing this stuff day in and day out in my job. Please tell me there are companies where everyone is smart and has a clue?

  • spejic (unregistered) in reply to Rootbeer
    Rootbeer:
    No, as an "IT person" your job is the specific duties listed in your job description. Which are of course intended to contribute to supporting the business needs of the company that pays you, but that's not the point.
    Once in the break room, I saw a small fire in the microwave. But my job description does not include putting out fires, so I did nothing.

    In a totally unrelated coincidence, the office building burned down latter that day. Strange. At least it was a good way to learn a lesson about fires.

  • Page (unregistered) in reply to nyctonyc
    nyctonyc:
    You can code a beatiful site in Notepad

    Notepad is decadent. Real men use Vim.

  • (cs) in reply to Asiago Chow
    Asiago Chow:
    Code Dependent:
    And Paul said, "Code, he didn't want you to tell him how to fix the pump. He wanted you to go get the grease can."

    "...Because ultimately, what he's paying you for is to do what he tells you."

    Which is the essence of being a tradesman. A tradesman, however skilled, is not a professional. She may have abilities that took a lot of practice to gain. She may even have an insight into the problem being faced, but she is being paid to do what she is told. Servicing pumps is a trade, not a profession.

    There is tradecraft. Running backups, assembling and configuring networks, building computers, fixing pumps... There is profession. Taking responsibility for data security. Taking responsibility for a patient's health. Taking responsibility for designing functional software. Taking responsibility for a person's civil rights in a trial. Doing things that require more than orders from on high -- things that require independent judgment and thought.

    People around here throw the word professional around all the time. "I'm an IT professional!" But they also want to hide from professional responsibility. "I only responsible for doing what I'm told!" If you really are a professional you have ethical obligations a tradesperson doesn't have. Sometimes that means doing more than you are told..or less.

    If you don't feel the ethical obligation you are a tradesman. That's not a bad thing...most of mankind's greatest accomplishments have been executed by tradesmen...it is just isn't professional. So make up your mind, be what you want to be, and use the right terms to describe yourself.

    Well, it's a cute idea, Asi. Bless you for the thought. Meanwhile, back in the real world...
  • (cs) in reply to Mark
    Mark:
    Man, I want to buy you a beer and get some more stories out of you. That was great!
    We can work it that way. :)
  • (cs) in reply to spejic
    spejic:
    But my job description does not include putting out fries, so I did nothing.
    Fixed that for you.
  • (cs) in reply to The Dread Pedant Roberts
    The Dread Pedant Roberts:
    *snip*
    INCORRECTABLE!!!
  • Asiago Chow (unregistered) in reply to Code Dependent
    Code Dependent:
    Well, it's a cute idea, Asi. Bless you for the thought. Meanwhile, back in the real world...

    Our decisions create our real worlds. Seems mine is different from yours. So long as we're both happy....

  • Andrew (unregistered) in reply to Tamas
    Tamas:
    This is just unbelievable. Web 2.0 at its best.

    I just wonder why ';DROP TABLE users;

    The company owns the SQL database server, right? Limit the the username given to the 3rd party developers.

    REVOKE ALL FROM username; GRANT INSERT, UPDATE, SELECT TO username;

    The deadly ALTER, CREATE, and DROP at least go away. If you also REVOKE UPDATE, then they can only add garbage rows.

    GRANT and REVOKE, at least, prevent the worst SQL-injection attacks on untrusted webserver code.

  • (cs) in reply to Asiago Chow
    Asiago Chow:
    Our decisions create our real worlds. Seems mine is different from yours. So long as we're both happy....
    Yes. Well said.

    Addendum (2008-12-06 15:55): I would love to have you join Mark and me (see below). I'm sure it would be a stimulating and rewarding conversation.

    Code Dependent:
    Mark:
    Man, I want to buy you a beer and get some more stories out of you. That was great!
    We can work it that way. :)
  • (cs) in reply to jordanwb
    jordanwb:
    David:
    Given that English is spoken by over 1,000 million people worldwide, and only around 250 million of those are in the US, it might almost be said that the spelling using the 'z' is the alternate.

    1,000 Million?

    Yes. We can agree on what the word "million" means, but to some the word "billion" means a thousand million and to others it means a million million. (The word for a thousand million in the UK would be "milliard", though it's not in common use -- probably in order to avoid mathematicians giggling every time a calculation resulted in a number between 1,000,000,000,000 and 999,999,999,999,999.9... Guess what a thousand billion is called?)

  • (cs) in reply to Stan Rogers
    Stan Rogers:
    Yes. We can agree on what the word "million" means, but to some the word "billion" means a thousand million and to others it means a million million.

    Actually, it always used to be that billion in the UK meant a 10^12, but to the French and Americans it's always meant 10^9, but now, to avoid confusion, the UK now officially (in the sense of the government) takes it to mean 10^9 too. Many older people (including myself, a mere lad of 45) were still taught that it meant 10^12) I think it's best to refer to the number of zeroes as I've done here to save confusion if you're intending to be accurate, and not just using it to mean a massive number.

  • (cs) in reply to ChrisSamsDad

    Anyway, what I was going to say was: I once got a job on a major website in the UK, which is now a household name. When I started, though it wasn't part of my job, I had some experience of SEO so they asked me to take a look at their rankings which were basically non-existant.

    Well, the pages weren't too optimised, but they had good keyword densities, and they had some good links, some from national newspapers and the BBC, plus their hits were high.

    Eventually I found a bit of code which - first thing in every page - took a look at what browser you were using, and (this is bad enough in itself) decided that if your browser's version number was 2.0 or less, it would redirect you to a very simple page which essentially said 'get a better browser and come back then'. (This used to be quite common in the early days of the web, though this was only 6 years ago). This page contained no links, and no other text.

    Well, when GoogleBot 1.3 hit the site.... you can figure out the rest.

  • jake (unregistered) in reply to Asiago Chow
    Asiago Chow :
    There is tradecraft. Running backups, assembling and configuring networks, building computers, fixing pumps... There is profession. Taking responsibility for data security. Taking responsibility for a patient's health. Taking responsibility for designing functional software. Taking responsibility for a person's civil rights in a trial. Doing things that require more than orders from on high -- things that require independent judgment and thought.
    Taking responsibility implies having control. How can you be (held) responsible if you do not have control over a situation? You cannot, and is the main cause of (work related) stress.

    Control of a matter is assigned by management. It decides who/which company gets to work on the matter at hand (the website). If that control is not assigned to you, the professional, then you cannot be held responsible for it.

    You are responsible for making sure management is informed about the issues you, as a professional, detect, so management can make an informed decision how to proceed in this matter.

    Sure, in a professionally run company, management takes a backseat to letting the professionals do their jobs, and create a climate and circumstances in which the right professional flourish to fulfill the goals of the company. In the real world only a few companies (or other organizations for that matter) are run that way. Professionalism is more and more stifled by management, and that is a shame.

  • (cs) in reply to morkk
    morkk:
    here's the TRWTF:

    The site shared the look and feel of the company's existing Web site, but with its own unique color and layout.

    how can it be both?!?!?

    It's called humor. It's like being serious, except not.

  • (cs) in reply to ShatteredArm
    ShatteredArm:
    1) Why was he not more assertive? He should have told the marketing manager his concerns, and been stern about it.
    1. If that fails, he should have just injected some SQL and be done with it.

    So yeah, TRWTF is that the developer caved so easily when it was his work at stake.

    Yeah, real course of action he should've done:

    1 - Backup database 2 - SQL Inject the site with something like DROP (or even some INSERTs with goofy data) 3 - Inform the product manager "oh noes, we've been 0wned!" 4 - When the marketing guys whine, just rebutt with "oh, do you still think SQL Injection is not a concern?" 5 - After the marketing guys have been sacked, restore DB.

  • russ (unregistered)

    "that's only a problem for the government and huge corporations"

    i've heard that argument before - but there have been automated sql injection attacks going around the net. http://www.modsecurity.org/blog/archives/2008/01/sql_injection_a.html

    getting hacked rarely means there's some snivelling hollywood computer hacker hunched over a computer yelling "i hack you" as it all happens..

  • An Englishneut (unregistered) in reply to Asiago Chow
    Asiago Chow:
    The English tradesman is neuter. :)

    Most English men are.

    CAPTCHA: nobis

  • Little Dutch Boy (unregistered)
    Code Dependent:
    As he fumbled with the covers, he repeated, "Get the grease can," and I repeated, "We don't need it."
    That's where you went wrong. Instead of repeating the previous action and expecting him to suddenly take your word for it, you should have said—as you were standing up to get the grease can—"Okay. Just checking, though: Do you need it for something besides greasing the manual cam? Because that one's electric." I'm sure my phrasing could be improved, and a whole lot would depend on what tone of voice you used, but my point is that he's not going to understand why you're refusing to do what he says unless you explain yourself, and the time to do that is before he blows his top. If you explain yourself from the beginning, then you save time and no one gets upset.

    Back to the original story:

    Brandon acted responsibly and in the best interest of his company. Furthermore, I can't believe that anyone would acvocate his sabotaging the website by intentionally injecting malicious SQL commands just to prove it can be done. This does nothing but make the company look bad publicly, and if someone did that I would not only fire them but have them brought up on criminal charges.

    Brandon does need to work on his communication so that his temporary fixes are official and so the larger problems can be dealt with, but in the meantime he's got his finger in the dam.

  • (cs) in reply to Rogerwilco
    Rogerwilco:
    What amazes me each time, is how hard it is to get management and the technician/programmer to communicate.

    It seems a lot of us have a big problem to be acknowledged to be right, even if we are right.

    What is so fundamentally wrong that this kind of communication fails all the time?

    What should the submitter of the story have done differently to get management to realise the errors of the website design?

    Anyone has a clue?

    Yes. I'm sure someone does. It might even be me. Just in case it is me...

    I think you're missing a key portion to communication. It's not just understanding, semantically, what the other person said, and saying the semantically correct answer.

    To really communicate, you need to understand, semantically, what the other person thought they said, and you need to say, semantically, what they will understand to indicate the correct answer. This sounds like it would require powers claimed by psychic hotlines everywhere. However, it's not that bad, because most people understand their native language fairly well.

    In my experience, the most common reason why people fail to say something that the other person will understand is that they forget that the other person doesn't necessarily know all of the same fundamental things. The most common reason why people fail to understand something someone else said is that they fail to realize that person may have additional information they're not realizing they need to say.

    If I tell my manager that a website is insecure, and that manager tells me that only VBCs need to worry about web site security, then it's pretty likely that my manager doesn't know about automated malware. Rather than wasting time thinking about how he's an idiot, I should consider how to relate this information to him in a way he'll understand. This is potentially more complicated than it sounds, because he's almost certainly heard about viruses, and it's almost certain he thinks he understands them. To relate this, I need to know more about him. Armed with only the knowledge I've gotten from the conversation portion I've mentioned above, I'm almost guaranteed failure at communicating. But I at least have a better shot than someone who thinks, "What a moron", and then repeats that the website is insecure.

    Rogerwilco:
    I've been in similar situations myself. I once could not convince my boss to buy my 512Mb ram so I could run my computations, because he would not spend any money, unless I could show him exactly how much the company would save if I could run my computations. The irony: The computations were supposed to show how much money we could save. (I'm talking easily 10 million euros or more annualy, because it was about forecasting nationwide electricity usage).

    It still is one of the most frustrating moments of my life that I could not get someone to spend 50 euros to save possible millions.

    For what it's worth, what your management probably wanted was for you to do what you could to estimate the numbers, given the hardware that you had available to you. At least, that's my guess, from having numerous coworkers in that situation, and me responding by helping them come up with estimates, and them being surprised that they got hardware out of it.

    There are, of course, other reasons for communication failures. Too many clauses. Too many disjoint concepts in one (sentence|paragraph|page|chapter|post|book). Bad organization. Excessively complicated sentence structure. I've often had those issues. But I seem to have better success at communicating than my coworkers. My coworkers tend to use simpler sentences. I tend to use excessively complicated sentences.

    Of course, sending emails to many people can be quite stressful to one such as myself. Forum posts can be worse.

  • (cs) in reply to ChrisSamsDad
    ChrisSamsDad:
    Actually, it always used to be that billion in the UK meant a 10^12, but to the French and Americans it's always meant 10^9...

    Um, no. In French (the entire francophonie, AFAIK, including the Canadian French I grew up speaking), 10^9 is properly a milliard. We bilingual types never had a problem with it.

  • (cs) in reply to DOA
    DOA:
    I like the idea of taking responsibility and putting your foot down when the situation calls for it. But I don't know how well that translates in real life. In fact the saying "No good deed goes unpunished" comes to mind. But maybe I'm just a little bitter. I think that this whole thing goes beyond a single incident and has more to do with your relationship with your employer.

    This is exceedingly true. It's also worth noting that 'your employer' can frequently be a complex entity.

    When I started working for my current company, I was brought on to fix a catastrophically failing system. It took me about 3 weeks to diagnose it, and 6 more weeks to fix it (had to order hardware). My manager thought, "He's apparently at least semi-competent," and proceeded to second-guess every decision I had to run by him.

    After working there about 8 months, I changed departments, and thus managers. The new manager had heard about my previous accomplishments, and was delighted to trust me on all of my suggestions. He even asked me for advice on technical issues outside my job description.

    About six months after that, my department went corporate; my manager stayed put, so I got a third manager. He saw me as the senior tech on a successful team (yes, turnover heck), and so he trusted me on most of my recommendations (semantic tip: all recommendations are suggestions; the reverse is not true). He also encouraged me to mentor the newer team members.

    Recently, my department was reorged, getting a new manager in the process. To my latest manager, I'm one of the old fogies who was working here long before him. I sometimes act like I know more than the person who wrote my department's processes (um, I wrote most of my department's processes, back when I didn't know quite as much...) even if I do follow them except when I have a waiver (that is, the rest of the department's agreed with me that the process isn't appropriate). Possibly worst of all, I'm openly critical of projects that I'd originally advised against and have since had numerous project failures (especially those I'm not on and don't have sufficient access to sabotage - note I'm being critical of projects here, not the competency of the unfortunates tasked with performing these projects). When I give him advice that's contrary to what he already thought, it's because I don't understand business needs. If I tell him something will cost either more or less than he thinks it will, I'm bad at making estimates. This doesn't change when it turns out that it costs more or less than what he thought it should cost.

  • (cs) in reply to Hans
    Hans:
    Any company who values the opinion of some outsourced company over their own internal I.T. staff deserves to fail. That's all there is to it. I would have handed in my resignation then and there.

    I started out in IT as a contractor for a company whose internal I.T. staff believed that a bridged network was appropriate for an international corporation with over 50,000 computers total. For clarification, that's a single, international bridged network.

    Depending on network issues and server availability, it was possible for a mobile computer in California, USA to be served its DHCP information from a DHCP server in Italy. A diskless terminal in Germany on rare occasion would boot off of a server in Japan. These sorts of issues were considered flukes, rather than signs of real problems.

    Of course, such international broadcast packet responses were very infrequent, because not only were nearer servers more likely to respond first, but the international circuits randomly dropped around 98% of the 3,00+ broadcast packets per second from the US network, as well as impressive but lesser portions of their broadcast packets from international locations. (Yes, that's right, randomly. Another bright idea from one of their internal I.T. staff.)

    For what it's worth, they're all better now - they hired a contracting company to come in and fix it all for them.

    Since then, I've heard of a number of other companies who also managed to extend bridged networks to 50,000+ computers. All of these companies did so on the advice of their internal I.T. staff.

    Note that I'm not saying that companies cannot have competent IT staffers. I currently work at a place where the average internal IT staff is easily twice as competent as the average outsourced IT "professional". What I am saying is what other people before me have said much less verbosely: idiots are everywhere. Competent people are everywhere. Failure is identifying one as the other.

  • Jens Schultz (unregistered)

    Erhm... Doesn't GWT use this approach as well? Look at the source / HTML for a GWT app and it's prety much a couple of style sheets and a javascript include... So pages made with GWT can't really be indexed by Google... Interesting...

  • (cs)

    I woulda made a backup of the codebase and the table, constructed a careful SQL statement, told^H^H^H^Hconvinced the manager to make the call, then it would've probably gone something like this:

    "OK," Brandon replied. "Another concern I had was SQL injection. On the contact us page, if you ..."

    "Wait a second," interrupted the rep. "Did you say SQL injection? You guys really don't have to worry about that. I mean, really, that's only a problem for the government and huge corporations."

    "Yes, but it's not that hard to prevent ..."

    The marketing rep interrupted again: "You see, Brandon, we're employing a brand-new technology called AJAX that makes your pages load lightning-fast, form submissions quicker and be more responsive. It's a win-win for everyone."

    feigning sincerity again "Okay, okay, I see your point. Hey can I quickly try something? It'll take about 15 seconds."

    "Okay, what?"

    sound of typing

    "..."

    "Okay, take a look at the site now."

    "...WHAT ON EARTH JUST HAPPENED?"

    "I didn't touch any of the code just there. I did all that through a browser, and anyone looking at your site would've come to the same conclusions I just did to figure out that what I did was possible. Your code is completely insecure."

    "...uhh..."

    "And for your information, 'Google indexing' isn't simply having a search box on the site. It's the ability for Google to FIND the site in the first place."

    "But Google handle all that themselve--"

    "No they don't. Google have a dumbed-down robot that scans web pages for data. It's incapable of reading stylesheets or Javascript. Look on Wikipedia as to the definition of 'Search engine optimization'."

    click

Leave a comment on “Google Botched”

Log In or post as a guest

Replying to comment #:

« Return to Article