- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
How funny, I looked at the post that suggested resemblance to R.Z., and I thought exactly the same thing: Renee's weight isn't exactly under control . . . OTOH, Katja looks all righty in my book.
Admin
Of course the opposite can happen as well-and the boss still thinks you're incompetent.
After being hired as a DBA/SysAdmin for a division of a company that specialized in building and hosting custom web sites for other divisions and outside clients, I did a brief survey of the iis servers and the sql servers I was about to inherit to see what sort of state everything was in. It was the worst environment from the security perspective I had ever seen. In fact, from what I could tell there hadn't been any sort of attempt to secure anything on any of the servers. I informed my boss(we'll call him C.) and my boss's boss(we'll call him E.) that the first thing I needed to do was secure the web servers and database servers, explaining all of the problems I had found. In the meantime, their senior/lead ASP programmer(we'll call him P.) was having some trouble with adding a feature to a page on one of the sites he was supposed to maintain.
My boss reassigned me the maintenance programming task for this site that their "superstar" had built. The change involved an event registration page in .asp, that needed to do client side validation of the organization member's id number. I protested, explaining that, since every website allowed anonymous access, and the file system permissions were set to allow the Everyone group full control, this posed a serious risk to their web servers, and that setting sa user's password to blank was a bad idea. C. and E. explained to me that they hadn't ever been hacked, and the internal client was getting impatient, so the maintenance took priority. Long story short, my concerns were dismissed and I wrote some Javascript to run at the client and perform the validation.
With this out of the way, I asked if I could proceed with securing the servers. Nope, P. was in trouble again, I needed to take over some more maintenance that P. didn't have time for. Again, I tried to impress the importance of security, but to no avail. I am ordered to tackle another maintenance issue, caused by the fact that P. didn't like to use the option exlicit directive, since the one time he added the directive to one of his pages, the page quit working. Granted, he never declared variables in that page(or any other page), but obviously, option explicit was the problem.
Okay, problem solved. Now can I start doing the job I was hired for? Nope. P. is having another issue. This time it involved one of P.'s "brilliant" optimization tricks. Instead of building a query with a "where" clause when he retrieved data in an ASP page(I'll not even mention the looks I got when I mentioned using stored procedures), P. would SELECT * FROM TABLE, and iterate through the records in a loop, testing the target column in each record to see if it was the record he needed, then jumping out of the loop. To make things even better, P. used the ADO recordset's GetRows method so he would have a nice 2D array with his recordset in it.
Here's an example(I don't still have access to his code, and I didn't save any of it, but I still have nightmares and daymares about it, so this is a pretty close reproduction):
rs1=c.Execute("Select * from clients")
d=rs1.GetRows
for cl=0 to ubound(d)
if (t = d(cl)(5) ) then
names=d(cl)(4) + d(cl)(5)
add=d(cl)(10) + d(cl)(11) + d(cl)(12) + d(cl)(19)
cl=ubound(d)+1
end if
next
Explanation for those who are still reading:
rs1 is the recordset for the client list(I know, this one's pretty obvious)
c is the connection he created opened somewhere else in the page(usually at the top)
d is the data array
cl is the index for the client location in d
and all the numbers are the indices into d(cl) for each of the columns he needed to retrieve
names is the client first name and last name string
add is the client's address
The problem ended up being that he miscounted(he was always miscounting), and was retrieving the wrong column(array element). When I asked him about this code, he explained that it was "more efficient". Please note, that he never disposes of anything or closes connections when he's done with them, so for each session that requests this page, there is an ADO connection open, and an ADO recordset, and an array that contains the rows and columns of the same recordset, in memory at the same time.
While I was debugging this travesty, we get hacked. In a big way, too. The "crazy boobix" (if I remember correctly), defaces and destroys the sites for most of our large clients, creates directories to hold adult oriented material and playstation game disk images, etc.
And my bosses(C. and E.) wanted to how this could have happened, didn't they hire me to take care of the servers? What exactly was my problem? Why wasn't I doing my job? Was I ignorant or irresponsible? At which point, I make the mistake of responding with a very irate "I told you so" tirade. Which made me, according to my bosses, not only ignorant and irresponsible, but also "not a team player". I got assigned only maintenance coding and break-fix stuff afterward, due to my poor attitude. They brought in somebody's best friend to be the sysadmin and dba, and "Froggy" as I called him, couldn't backup a database(to Froggy, SQLServer was just a different version of Access), didn't understand how acls worked or anything else, but his best friend did and walked him through the tasks, since I refused to help him with anything.
This all happened 6 years ago(I had lined up another job and was about to quit, when they announced they were laying me off with two weeks pay as severance, so I quietly threw my resignation letter in the shredder), and this all still makes me so mad that, if I weren't a man, I would cry. If I think about it enough, I will probably end up mad enought that I might cry anyway.
When they announced the layoffs:
-P. had already went to work for one of our client's as "Lead Programmer"
-E. had already went to work as some kind of manager for a huge company with a 3 letter name
-C. had already went to work for E.
Frankly, I know I shouldn't, but I secretly hope these three jackasses burn in hell for an eternity. That would actually be too good for them, but it's the worst thing I can think of right now.
I have some other good stories from this job. But I'm too busy sobbing quietly to tell them.
Admin
Unfortunately, I can't edit my post- You can ignore the first line. You should probably ignore the whole thing, actually.
Admin
The guy was a visionary. Obviously he'd invented JSON years before AJAX and Web2.0 were fashionable.
Admin
computer_serf, that was a great story, thanks.
Admin
That hit a little close to home. I had an executive at my company ask if we use XML in our application. Needless to say I was a bit afraid to answer that.
Admin
"My friend back then during the dot-Com era was proposing to their so called technical manager (who surely must have had years of experience, especially with a technology company) the use of Coldfusion as the platform to power the customer membership club application they wanted."
Now THAT'S a sentence!
Admin
computer_serf,
I can really relate to your closing comments!
How can such incompetence avoid the natural selection process and thrive?
My experience with the in-bread management at a certain Texas state agency was that 6 inch knife cutting a valley in my soul. My coding team leader boss was an infant technological experience-wise. But worse he was a thoroughly incompetent boss. One of his most bewildering traits was not that he made bad decisions, but that he made no decisions at all. And one cannot exaggerate this point. 6 months after an (internal) customer requested help - for a very simple task - he still had not signed off that 2 paragraph sheet of paper agreeing to an initial assessment! We could have done the whole project twice by then!
Admin
This talk about JS used for everything seems all the more ironic 7 years later in 2012. Windows 8 apps built in cutting edge... JavaScript!!
Admin
He obviously meant to say JavaScript Object Notation, but your rude looks did not let him finish...