- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Back in my teenage years, I did summer work for a contractor. The classic motto there was "Measure once, cut twice, cut again, and order more wood."
Admin
DIEBOLD is a respected security company. Voting is a simple one-time transaction. How much database functionality do you need for that?
Seems the issue is user interface and database security, not the database itself. Would a different database provide less amibiguous ballot results? What's your point? Do you think we might not vote?
From this day to the ending of the world,
But we in it shall be remember'd;
We few, we happy few, we band of 'mericans;
For he to-day that votes his right as his
Shall be my brother; be he ne'er so vile,
This day shall gentle his condition:
And gentlemen of 'merica now a-bed
Shall think themselves accursed they did not vote,
And hold their manhoods cheap whiles any speaks
That dared to vote with us upon election day.
Admin
I'm surprised no one so far mentioned the Capability Im-Maturity Model.
Admin
well if this is the Zero-Stage Deployment Process i must be using the divide by zero deployment process on my job :)
Admin
This is a no-brains prank... you can configure any email client to send emails as though appearing to come from your partner, so what really is the point in doing that?
Now, if you really want a prank, try activating Active Desktop and pointing the user homepage to some gay porn site. And if they use a NVIDIA card, rotate the image upside down (that is a kicker). Then you can turn on High Contrast for good measure. If you want you can activate mouse trails - it is stupidly annoying.
And all of it is quickly reversible.
The only thing I do not recommend is reducing the key press refresh rate, otherwise your developer might have to depress each key for about 5 seconds before the system would print it on screen. And we wouldn't want that :)
Admin
Unfortunately, Winston Smith has done a number on Roger and his post no longer exists. Roger himself no longer exists. But if he did you can be sure he really loves those non-code stories now.
Admin
Works with ATI and Intel chipsets too - for extra fun, try assignig a commonly used hotkey, like Crtl+A, or Shift+E, or something alike :-)
Admin
Lies! All Lies! If you are a Developer, do not believe this! The blame will still be pointing at the Developer. Who are the best People to deploy? Developers. (Note: I'm talking about deployment to Production server; not to CD or ship to customer.)
Lets look at it from another story.
At my current company, we have been through this and now I wish we don't have this Process (RED TAPES) setup.
Good Developers value the quality of our work. We have own process to test and deploy (all scripted). We also have a great QA which is a Business person who is very technical that serve as a communication bridge between Developers and the Business. He also has people who work under him to test. Our process also goes through test, uat (staging), and Production environments. Test is for us to test our stuff. UAT is accessible to our Business for testing. Because we took the pro-active approach to log everything, we usually know about any issue before our user and can work on an immediate fix. Life was good.
Did I mention that we have four Development Teams and we were the only team that was successful? This was because we, Sr. Developers, work hard to enforce this Process. We usually up late during deployment nights, wait for the Database stuff to be deploy before we can deploy our stuff to Production.
About eight months ago, two of the four Development teams were let go. Their Managements blame the failure on having no Process. They saw what we had and decided start hiring new IT Director, QA and SE (System Engineers). We have no problem with that. In fact, we were excited because that would reduce our work load.
The Process came. They lock us out of Production servers. They lock us out of the Database. Oh, of course we didn't have Production database before, but now we're even lock out of Test and UAT Database. Things has to be done through this Deployment Ticketing System has a gazillion steps in order to move a work item into Production. There has to be a Deployment Document (Microsoft Word Document) that include every file that is to be deploy and their version number (a big pain).
Deployment night came. Developers has to still be online at night. Not a problem, we are used to this. But this time, we are waiting helplessly for SE to deploy so we can check our logs to make sure there are no errors. Sometime, we have configuration error (you know the different between environments.) Come on? It's just configuration error, those SE should be able to change it. But no, it would be rollback. We would have to resubmit the configuration file change. They just want to drag and drop the file onto the Server. The ticket would be a failure count toward who? Developer. Any failure point to the Developer. We all know the Cooporate World and finger pointing. Nobody want to take the blame.
Developers are now stripped of all powers and still get all the blame. What if the new Process is a WTF? You know there are a lot of WTF people out there. What if your SE are those WTF people? So Paula didn't make it as a Developer so now she's hired to be your SE?
The WTF is that they think they locked us out of the Production servers? We recently guessed the password to a network account that has access to all Production servers. And who requested for this account to be created? ;) The purpose of the account was for running a Window Service that need network access to process file from a share drive. They didn't change the password when they move to Production. Apparently, they gave access to this account on all Production server. And we're suppose to trust them to keep our network secure.
Admin
"Would a different database provide less ambiguous ballot results?"
...yes. The vast majority of concerns over Diebold machines are not about consistency or accuracy, they're about security. There have been numerous documented occasions where people have been able to access and modify the results (and actual code) of these machines. This entire company is a True WTF unto themselves. Their participation in such an industry is both astonishing and really really scary.
Admin
More like:
Load ammo,
Aim,
Fired.
Admin
The real wtf is the comments (TM). It starts with the broken system, where code gets very little testing. To fix the inadequate testing, they bring in a QA system so secure it doesn't even have access to the network. Meanwhile production is always accessible, no protection whatsoever, so people upload their code to production. So the QA system is useless; people just upload their code to production, and ignore the QA (well almost, they do submit their code to it, but what's the point if it's in production already?).
Admin
Quoted for truth. Their ATMs may be secure, but I couldn't possibly trust their voting machines any less than I already do. Every security consultant who has seen the code has shuddered. Researchers at princeton have made a virus that could alter results with a minimum of effort on the part of the saboteur. Ars-Fucking-Technica has an article out about methods with which to rig the vote.
Hell, even Slashdot got into the action
http://politics.slashdot.org/article.pl?sid=06/07/31/1646246
But here, let me give you a TDWTF anecdote. After a quick google it appears that I can't find the article about this, but I assure you that if you search hard enough you will.
One day, an election supervisor watching the tally noticed that around 32,700 votes or so, the votes started ticking down with every vote. "Hmm," he though, "the tally should INCREASE, not DECREASE" as people vote.
Anyone reading this here should already be starting to groan as they realize what the problem is, but let me just tell you. No, it wasn't some sort of intentional sabotage. It was A SIGNED INTEGER BEING USED FOR COUNTING VOTES. Yes. Signed. In a poll. Someplace where you will never have anything negative.
These machines are flat out untrustworthy, and if I run across one I'm going to ask for a provisional ballot to vote with.
Admin
That's been my career. I've had to bring Tortose SVN and Unit Testing into co's by myself.
Admin
I worked at a place that forced me to do that. Our "mission-critical" app was a web service that every app used. Every fix or feature I had to implement had to be done on the production server because of political issues. I came up with this amazing scheme where I would implement new features in C# + Notepad on the server, but not save the file until every one was ready with their code.
Source control checkins were even more weird. "Could you store the file but only that feature? We don't want team X to know we deployed feature Y."
Amazing that I lasted nine months there...
Admin
Are you me? :D
Because I am in the process of doing that very same thing where I work. I installed Subversion on an unused server and have slowly getting it to the point where it could be used as a Development environment. And trying to create a "Process" for stuff. Because right now, Developmestruction all the way.
Admin
2x4s are most commonly used as studs inside walls. In that application the 4" dimension is the critical one and the 2" dimension could be smaller. You just have to be a little more careful where you place the nails. As far as the nailing the boards together, a properly toe-nailed application of nails would be plenty strong within a wall. You wouldn't want to have all your studs made up this way and you wouldn't pass a code inspection, but it would be stronger than the steel 2x4s that are in common usage.
So no, I did NOT post a WTF.
Test question: How big is a 2x4?
Admin
Quite a bit smaller than 2" x 4"...
Admin
And the end result is produstruction.
Admin
In Germany voting computers are currently being introduced, too. We're saving money that way. Well actually not, it's costing us heaps of money. But it's more transparent. Except that these computers are black boxes. And the source code for the software is a trade secret of the producer. The real advantage is better separation of powers. Well actually not that much better because the Ministry of Interior is responsible for verifying the equipment and mere mortals are not allowed to. But if we don't use voting machines, the world will think we're backward, like "These silly Germans are still voting themselves, even though they could let machines do that!" So I guess it's a good thing.
There are some constitutional concerns but I don't think there's a tangible risk, because there's never been a dictatorship on German soil. In the last 15 years.
Admin
Even in only a five person company we have:
1. Local CVS checkouts and branches for coding. Changes to schema or data are scripted. Regression tests that are part of the code base run at all times.
2. The development environment where changes from local CVS are merged and scripts created are run. UI level regression tests are run.
3. Developers use the staging environment to test the batch of changes to be released and ensure that code and scripts all play nice together.
4. Testing environment is updated using the "final batch" of CVS and script changes approved in stage. Testers verify changes do what they were supposed to and the full battery of regression and functional tests are run and/or updated.
5. Release to production environment is green lighted only after testing is complete.
There is an accelerated path for bug fixes, but even those get a test cycle better than "throw it over the wall".
Admin
Wow.... I had no idea.
Pure speculation - but I'd guess the voting software needed to support an "Undo" or "Start Over" feature.
I've seen inventory systems where the only way to correct a data entry error is to create another entry to mathematically cancel it.
While every "touch" to the screen commits a new vote record, the only way to "Undo" a vote is to create another negative vote record.
Now I see why the choice of database matters. I can easily see where charging ahead to develop some simple polling app, only later to find out that it needed to support "undo" would result in the easy fix...signed integers.
Admin
What's wrong with that? It means he'd have two 1x4's, that he could then join together (into a 1x8 for a butt-joint, or slightly less if he wants to get fancy with finger joints or dovetailing), which should be long enough for the job.
Perhaps "Anonymous" here would like to work some more on his basic comprehension skills.
Admin
captcha: wtf. Indeed...
Admin
This is only mandatory for the Irish Girl. For all others, it is forbidden.