- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Oh man. You're probably joking, but I actually took over responsibility a system that was even worse than that. Let's just say that the fields were TEXT instead of VARCHAR(100) and the guy who developed it wasn't serializing objects, per se; he decided that he didn't really like the whole relational part of relational databases.
It was pretty unbelievable. I'll have to submit it sometime.
Admin
Admin
So your claim is that the executives defer to the legal experts on legal decisions because they themselves understand law, but they want to make the technical decisions themselves because they don't understand technology.
And the companies that do treat the technical staff with respect can't exist because... Ah, to hell with it. You are right. We all deserve to be mistreated and should just put up with it. If your boss is an idiot, stay there and complain because it could not possibly be any better elsewhere.
Admin
"Most people use passwords. Some people use passphrases. Bruce Schneier uses an epic passpoem, detailing the life and works of seven mythical Norse heroes."
http://geekz.co.uk/schneierfacts/fact/27
Captcha: tacos (now I know what I'm having for dinner)
Admin
I'm currently in charge of a .NET project that uses an Access database with 7 tables and about 30 columns that are nothing but TEXT fields (except for the ones that I added) and no relationships whatsoever.
My predecessor's rationale? "I didn't see any reason to go to that extra level of complexity."
Needless to say, I've spent the majority of my time employed here solving lurking, popping-up problems rather than working on new features.
Admin
There are more reasons than just "you're an idiot and can't get a job elsewhere" that people put up with dumbass bosses. I think that simply blanketing the entire IT profession and saying that everyone who has a PHB deserves it is VERY short sighted.
Your opinion of those who have the PHB deserve it is probably a correct one in a small percentage of cases but I would definitely not say it's the norm.
I continue to work for a PHB, not because I couldn't get a job elsewhere with a better boss (I've been offered several), but because all the perks and benefits I get are fantastic and currently outweigh my PHB. That doesn't mean I won't complain about him, but it's why I continue to stay.
Obviously there are additional reasons I won't get in to here, but this is a good example of why your logic doesn't apply to the entire IT industry.
Admin
Admin
[quote user="SomeCoder"][quote user="A very, very angry man"] There are more reasons than just "you're an idiot and can't get a job elsewhere" that people put up with dumbass bosses. I think that simply blanketing the entire IT profession and saying that everyone who has a PHB deserves it is VERY short sighted. [/quote]
You are absolutely right. It was not fair of me, and there are many reasons for putting up with a bad boss. Where I took exception was that so many people claimed that it could be no other way in the industry today.
If you look back through the comments on this article, you will see several comments that the boss listening to Enrique's concerns and holding up development to fix them was unrealistic and that any company that did listen to the technical staff would go out of business. Frankly, that annoys me because it holds back our entire profession.
It also annoys me that some (but certainly not all) techies make no effort to understand why the boss makes certain...questionable decisions and instead just assumes that management must be a bunch of monkeys. Seeing their motivations makes it much easier to figure out how to point them in the right direction and whether it is worth doing so.
Admin
A legal advisor, in contrast, is much more likely to find an environment where legal advisors' expertise is highly respected.
The prevailing impression of practicing lawyers is that they have gone through a lot of schooling and work. The prevailing impression of programmers is that any idiot could throw together a program (because, apparently, all software is equal regardless of quality).
If you've been around, you know technically competent managers exist in microscopic proportions.
Admin
Oh don't talk to me about such craaazy things. Just this year I've had to integrate with another company's database that didn't have primary keys / auto increment IDs, but application assigned IDs, on all the tables. Then again that database schema was so full of WTFs, but they were a Bangalore based company doing contract work and thus they didn't give a damn or have any sense of professionalism. Their documentation for the system was written on demand as we requested it. Clear text passwords throughout. Zero scalability (their system broke when having to handle anything slightly out of the original spec they were given, and their main client actually had cases outside that spec).
It was a shame to see our scalable system have to integrate with such a crapfest.
Admin
That's pretty close to what we do. Except we use the XML datatype in SQL server 2005
Admin
I take your point about having many short jobs on a CV but personally my attitude is that I'd rather not work for the company where PHBs can exist or the one that disregards candidates based on assumptions about their career history. There are always other jobs, my sanity is too precious.
I've only ever encountered managers like this in the largest of companies and generally they are rare, and stick out like a sore thumb because their entire department has stopped giving a toss.They are usually the first ones stuck on gardening leave when the new overlord is appointed in the bi-annual re-organisations these big firms like to have.
The only time I've ever seen a manager like this exist for any serious length of time is in a small->medium business when the owner has even less of a clue than the PHB, and that's not a place I want to work either!
Never seen a technical screw up more expensive than a management one, just that the management ones for some strange reason don't get highlighted quite as much.And risk management states nothing of the sort, in fact you can't do any sort of risk management until you've identified and assessed the risks and any business that takes it seriously that assessment comes from the people who know.
Most PHBs will be only to happy to take a techie's risk assessment on board because they look at it like a big can of CYA. The most likely pitfall is that they'll do this and then forget to carry out the mitigating /reduction steps and it'll be your fault. Or they'll pick a strategy that is worse than the problem.
Admin
Sounds just like the system my workplace uses to store asset, financial and customer information. It only asks for a password to log in, no usernames. Wouldn't take a rocket scientist to sit there and try "cat", "dog", etc until they got in, especially given the 8 char limit it has. From what I've seen, most people use either their name, a family member's name, or a phone number.
Admin
There's a big difference between the Access TEXT type and the MSSQL Text type... The Access TEXT type is exactly like the VARCHAR(n) type in SQL.
Admin
Based on the last few lines of this story, I now know that it is a fairy tale...with a happy ending like that, what else could it be? I was glad though, because this one actually made me say WTF? and I shivered a little too.
Admin
Admin
Brings to mind one of my favourite quotes: "It is the tragedy of the world that no one knows what he doesn't know; and the less a man knows, the more sure he is that he knows everything" -Joyce Cary (1888-1957)
Admin
yes, i think this was planed as a April 1st post.
;)
Admin
Admin
The bit that made me laugh out load was
I am amazed by the mentality of people who make bugs go away by deleting all the assertions or disabling all those irritating warning messages. As when Homer Simpson put a piece of black tape over the light in his car that told him something was wrong with the engine, and told Lisa not to worry as it was fixed.Admin
Nice one, saving the real WTF to the last part! I've heard too many stories about stupid storage/processing of passwords on this site before to be too surprised, scarily ... but never before has a WTF ended with the boss agreeing to get the problem sorted!
Admin
[i]I am amazed by the mentality of people who make bugs go away by deleting all the assertions or disabling all those irritating warning messages. As when Homer Simpson put a piece of black tape over the light in his car that told him something was wrong with the engine, and told Lisa not to worry as it was fixed.[i]
Funny, that is exactly how modern medicine works.
Don't believe me? Read following sites: http://www.cholesterol-and-health.com/Whats-New.html http://www.thincs.org/ http://www.thegreatcholesterolcon.com/ http://weightoftheevidence.blogspot.com/ http://www.proteinpower.com/drmike/ and many more
Admin
No you misunderstand, he is claiming the exact opposite. Most managers and execs do NOT understand the law and they know they don't. The think the understand technology because after all they run a PC at home, high school kids are writing programs so how hard can it be? You won't find a 14 year old practicing law would you? You will find one writing cool applications.
Yes we as techs do not receive the proper respect, but that is part of the field, I deal with it. Until there is a more measurable form of certification it will remain that way. The problem is that enforcing that certification will simply force more off-shoring to places that do not require it for the savings in revenue. Remember, even though we are the manufacturers of the product or service sold we are considered an expense, not an asset.
Admin
Yours Yazeran.
Plan: To go to Mars one dya with a hammer (likely i have to with this message on the public record.. :-)
Admin
The real WTF is that the boss got it.
Admin
IT gets short shrift (especially for Web projects) simply because PHBs think that it is as easy to make / fix as it is easy for them to use. They haven't the slightest notion that you're probably using at least 3 different languages just to present them with a pretty box of current news items on a page as all they do is click on what appears to be plain text. And they don't care, either.
Admin
Couple of weird things...
They say "first we check if the password is in use, then we run sp_update_passwords"... so sp_update_passwords doesn't check first to see if the "new password" is already in use? WOW!
If the manager is so technically adept, how in the world did this get built in the first place?
Admin
Agreed, except for the using almost no fat, low meat, high fibres etc part. Dietary fat especially saturated fats are not bad (trans-fats and polyunsaturated are bad), animal protein are the basis of our regimen since paleolithic times (the start of agriculture was the curse) and about high fiber read what Dr.Eades had to say about http://www.proteinpower.com/drmike/?p=274
Admin
I've got nearly 30 years experience in IT, going back to a 6 year stint in the US Navy as an electronic tech. Over that time I've had a variety of bosses. By far the worst from a geek's perspective were in the military; thieves, drunks, and simple incompetents. It's why I got out. I figured if I was going to be asked to risk my life for my country, I'd much rather have a boss that I could trust to spend it well. Kinda puts a different spin on what makes a true PHB, eh? :)
Anyhow, I would argue that most techies who can't stand their bosses probably get what they deserve. It's not because the geeks are incompetent, it's because they never learned to communicate in terms that their bosses could understand.
As a civilian I've had a wide variety of bosses. By and large, I was allowed to do what I wanted/needed to get the job done. Why? Because I took enough business courses while I was on active duty to understand how to structure my arguments in ways that made it clear why things needed to be done.
My first such success was convincing my CEO and CIO to spend several million dollars on a complete network overhaul. This was a big deal for a company with about 1,200 employees at the time. We migrated from direct serial links to the backs of PDP-11s and Unix boxes hauled over dedicated circuits to a multi-protocol network supporting TCP/IP, bridged LAT, AppleTalk, and Netware. It still ran over dedicated circuits, but at least we didn't have to run dedicated serial channels. The entire network supported 25 sites in three countries. The entire thing was designed, installed, maintained, and managed by just two of us. The initial concept and the base design were mine, though.
This was back in the '80s when nearly everyone was doing multi-protocol nets. I migrated the whole thing to just IP over frame relay once I persuaded all the various sysadmins to drop their desire to remain completely native.
I was able to accomplish this even though I had no paper credibility. Even though I've spent my entire career as a geek, my most advanced formal degree is only an A.A. in Business Management.
I'm currently an enterprise architect at a company with 50,000+ employees. I can't say that I've pushed bits around in quite some time. OTOH, I can safely say that I got to where I am because I've always been able to sell my concepts to my peers, my management, and my end users. Knowing how to shape your message for your audience is not just a platitude, it's critical to doing your job as a tech.
Admin
fucked company did that for a while. I'm not sure if they ran out of steam or what - there was a lot of grist for that mill during the dotcom bubble.
It's still not the tech's fault - the PHB was informed of the risks. If he chooses to ignore them, then it's his fault. This is what offsite backups are for.
Admin
I find it amazing that they don't use an integer sequence to set the USER_ID. sure, declare USERNAME & PASSWORD as UNIQUE NOT NULL, but use integer keys!
That provides many security & performance features. It can be the PRIMARY KEY & FOREIGN KEY. It hides the USERNAME & PASSWORD, since it is the KEY passed through the application. Integer keys also are more easily indexed than char-strings (...WHERE USER_ID = ? is a common query).
Database designs often have WTF built-in.
Admin
How strange.. this never happens to me.
Admin
ALTER TABLE users ADD (the_real_password tinytext); #done.
Admin
Seriously, this is clearly a fairy tale...
Admin
are you familiar with ON UPDATE CASCADE ?
http://blogs.ittoolbox.com/database/soup/archives/primary-keyvil-part-i-7327
Admin
I seem to recall many websites at the beginning of the internet (pre 2000), had this issue. I'm pretty sure xoommail was one. I also want to say Neopets had this issue, but that just doesn't seem right.
Admin
Meaningful PKeys are a hassle, but they aren't horrible. Still, if you're going to do a table, meaningful data shouldn't be in the PK - changes on complex schemas get expensive. Much simpler if you only need an index rebuild.
Admin
agreed, i tend to use surrogate keys just because of path of least resistance. but certainly, if you want to go the meaningful keys route, to me that makes you maybe a little too idealistic or noble, but certainly qualified.
Admin
That scheme would be brilliant if it weren't for those pesky usernames. Get rid of those, call it One-Factor Authentication, patent it and market the hell out of it. This thing could be even bigger than One-Click Ordering.
Admin
Is this story for real?
I can't imagine the reasoning behind using a password as a unique identifier, and a foreign key.
It is all too common for application developers to be ignorant of elementary database design principles, and secure data access. I deal with this kind of ignorance every day (well, maybe not to the same degree of ignorance detailed in this story, but ignorance nonetheless). The worst part about it is that when I purpose intelligent solutions to database problems, my team of application developers look at me with that "deer in headlights" look, because they don't follow my line of reasoning (and no, it's not because I don't know how to explain myself either).
For something as fundamentally important, and as pervasive, as a database, it is surprising how many remain developer ignorant of the concepts of proper design of a schema. I would hazard a guess that they're understanding of how to design and implement an object oriented solution would be at the same level as their understanding of the design an application schema.
Admin
http://support.microsoft.com/kb/276304
That's not a bug, that's a security feature dammit.
If the application in question had used microsoft's limitations on password, that would have reduced the chance of clashes significantly. Personally I think 18770 or something is a bit aggressive though, especially with database limited column sizes.
Admin
A few years ago I had a client call me in to help with their credit card ecommerce app. On the first day of looking at the current situation, I found he was taking credit card information without SSL, and then storing inside a Microsoft Access database, which was in the web root!!!!!
Admin
The Citadel BBS program, a popular dialup BBS system, used passwords for login.
So, you'd create an account, and then pick a password. After this, you entered your password, and ONLY your password, to log in.
This was the case for years, and every so often, someone would ask, but the Citadel developers were adamant that the marginal security advantages of requiring you to at least guess whose password you had before logging in were far, far, outweighed by the convenience of not having to remember your user name.
At one point, we had a user named "Dark Thief" on a BBS I ran, and one day, I pranked him by editing the user table to show his name as "Dark Theif". He logged in and got, predictably, quite mad.
Captcha: "bathe", which reminds me of why no one liked him. :P
Admin
I once had a supervisor who wanted me to make a list of everyone's passwords, because people forgot their passwords then we could tell them to them. I told him, if they forget their password, I set it to something, tell the system they have to change their password at next login, and no problem.
He didn't want this, insisted I make a list of people's passwords. He said the old programmer used to maintain a list of passwords. I searched around and, sure enough, found a list of people's passwords.
I went to about 5 people, asked for their passwords, explained why, then went onto the system and made it so they had to change their password on the next login and gave him the list of the (now defunct) passwords.
I don't know what he actually wanted with the passwords but I would tell people not to give anyone their password, including me.
Admin
Belgium, Ford, Belgium!
Admin
No surely only Java people could be this ignorant !!
Admin
No, that is not true. The VAX had very good security.
Admin
The real wtf here is the fairy tale ending!
Admin
i need passwords for neopets and fast!
Admin
I need neopets passwords!! Just post them already!!