• khedron (unregistered)

    This is why I'm self-employed. No ridiculous cow orkers!

    captcha: tesla (ouch!)

  • Rex (unregistered)

    That story was really funny around the lottery ticket thing, but by the end my heart just hurt.

  • (cs)

    So the intern waited 2 years to come back and get his stuff? Must have been important.

  • FireJayPa (unregistered)

    Wow that poor guy, my heart aches for him.

    Having to deal with all of that nonsense; and I'm sure the intern came back for some EverQuest Screenshots that were on his machine

  • Shannon (unregistered) in reply to vt_mruhlin

    Even worse, the intern still had security to access ANYTHING on the system after longer than a couple of hours of leaving, much less two years?

  • James Schend (unregistered)

    If the code was as bad as it sounds, and the intern as bad as he sounds, it's more likely he put in some kind of backdoor to either let him run ad-hoc queries on the data, or a pre-programmed sabotage query. That's what I'd guess... he might not even have done it from the office.

  • Anonymous Coward (unregistered)
    Comment held for moderation.
  • Cope with IT (unregistered)

    "Jared L. is our Odysseus in this story. As a fresh college graduate, he landed ..."

    Odysseus went to college?!? ;-)

  • FireJayPa (unregistered) in reply to Cope with IT

    Yes,

    He went to College in that gap that isn't accounted for after the Illiad ...

  • (cs) in reply to FireJayPa

    So Jared put up with that mess for two years? Sounds like he needs to learn when to stop beating his head against a wall... Sometimes it's best to walk away.

  • pico suave (unregistered)

    Well, it's nice to know that I'm not the only one at a company that received lottery tickets in lieu of a well-deserved bonus.

    I was working as a tech support rep (doing a good deal of application programming in addition to taking calls and finding workarounds for bugs) and working regular 10 hour days. Aside from the lottery-ticket bonus, I was also denied a promised raise for nearly 2 years.

    Why do we let this kind of thing happen to ourselves?

  • (cs)

    What happened with the consultant? That detail was not addressed in this otherwise spellbinding story.

  • Neal (unregistered)

    So now we know how Jared REALLY lost all that weight. Curse you Subway!!!!!!!!

  • (cs) in reply to Neal

    The thing I don't get is why the user names thing was so big a deal. Have everyone e-mail you there username and run them through the same filter to get a backwards map and then run that on the table. About 10 lines of code to generate the map and not a lot more to run the database updates. What am I missing?

  • jtl (unregistered) in reply to worsethatuseless

    "Have everyone e-mail you there username"

    So your solution is to spam everybody and make the company look incompetent?

  • Joe (unregistered) in reply to Neal
    Comment held for moderation.
  • Schnapple (unregistered) in reply to snoofle
    snoofle:
    So Jared put up with that mess for two years? Sounds like he needs to learn when to stop beating his head against a wall... Sometimes it's best to walk away.

    Well he was fresh out of college with no experience. I'm sure prospective employers would say "so you don't have any experience except for this one job you're trying to run away from..."

  • (cs)

    Obviously, the barely-competent company had no backups of the database (to which they could revert to correct the "F" ing problem)

    Is it a bit of Poetic Justice the way the Intern "F"-ed up the database?

  • Veinor (unregistered) in reply to worsethatuseless
    worsethatuseless:
    The thing I don't get is why the user names thing was so big a deal. Have everyone e-mail you there username and run them through the same filter to get a backwards map and then run that on the table. About 10 lines of code to generate the map and not a lot more to run the database updates. What am I missing?

    Erank, Erancis, Erancine, Steeanie, and Josee would like to have a word with you.

  • (cs) in reply to Veinor
    Veinor:
    worsethatuseless:
    The thing I don't get is why the user names thing was so big a deal. Have everyone e-mail you there username and run them through the same filter to get a backwards map and then run that on the table. About 10 lines of code to generate the map and not a lot more to run the database updates. What am I missing?

    Erank, Erancis, Erancine, Steeanie, and Josee would like to have a word with you.

    Who is Josff? And who in the hell spells Stephanie with an 'f'?

  • Thf bfst onf (unregistered) in reply to akatherder

    [quote user="akatherder"][quote user="Veinor"][quote user="worsethatuseless"]Erank, Erancis, Erancine, Steeanie, and Josee would like to have a word with you.[/quote]

    Who is Josff?[/quote] Josef?

  • (cs) in reply to khedron

    It hasn't happened to me yet, but I'm pretty sure if my company offered me a "raise" of lottery tickets or no raise at all in my yearly review, I would be immediately polishing up my resume and sending it out to all my head hunter buddies. I think company loyalty is major BS. I work for you, help you make more money, then you give me a raise...end of story.

    Plus, if they can't afford to give raises, who knows how long they are even going to be in business or how long your position is going to be around. No sense in waiting around to see what happens, IMHO.

  • my name is missing (unregistered)

    So the solution to the companies issues was using a single password for everything and giving no one access to anything. Sounds like a government solution to me.

  • Shinobu (unregistered) in reply to akatherder
    akatherder:
    And who in the hell spells Stephanie with an 'f'?
    I don't really know about hell, but here on earth it's quite common.
  • Troy Mclure (unregistered) in reply to vt_mruhlin
    vt_mruhlin:
    So the intern waited 2 years to come back and get his stuff? Must have been important.

    I read the entire story and thats what bugged me the most. It was 2 years + 4 months. Who does that?

  • (cs) in reply to Veinor
    Veinor:
    worsethatuseless:
    The thing I don't get is why the user names thing was so big a deal. Have everyone e-mail you there username and run them through the same filter to get a backwards map and then run that on the table. About 10 lines of code to generate the map and not a lot more to run the database updates. What am I missing?

    Erank, Erancis, Erancine, Steeanie, and Josee would like to have a word with you.

    I think what worsethatuseless means is that Stefanie emails you, you run her name through the "same filter" (tr/eE/fF/), and now you know that in the database, "Stffanif" means Stefanie. It sounds like a pretty slick plan, except for one thing--the users aren't a database you can query at your leisure. As a group, they won't answer your beck and call the way Oracle does (for instance), and they won't appreciate being treated that way.

  • (cs) in reply to punissuer
    punissuer:
    Veinor:
    worsethatuseless:
    The thing I don't get is why the user names thing was so big a deal. Have everyone e-mail you there username and run them through the same filter to get a backwards map and then run that on the table. About 10 lines of code to generate the map and not a lot more to run the database updates. What am I missing?

    Erank, Erancis, Erancine, Steeanie, and Josee would like to have a word with you.

    I think what worsethatuseless means is that Stefanie emails you, you run her name through the "same filter" (tr/eE/fF/), and now you know that in the database, "Stffanif" means Stefanie. It sounds like a pretty slick plan, except for one thing--the users aren't a database you can query at your leisure. As a group, they won't answer your beck and call the way Oracle does (for instance), and they won't appreciate being treated that way.
    The fact that they probably can't login to email you might also be quite prohibitive.

    Josee is a name btw.

  • A Gould (unregistered) in reply to pico suave
    pico suave:
    Why do we let this kind of thing happen to ourselves?

    Because we want to believe the company acts in our best interest. (Like in "the good old days").

    It's pretty much the dirty secret of corporate HR - as much as they want "retention" and "rewarding excellence", they want it for the lowest possible cost.

    I spent a year as management, and it was a real learning experience to see how employees are seen from the other side.

  • Aidan (unregistered)

    josee (n): one who is josed

  • Perplexed (unregistered)

    So let me get this straight - this guy is hired out of school as the Webmaster / Java developer for these sites and doesn't feel obligated, let alone entitled, to make sure the new site is being developed properly? The "he was the boss' neighbor's kid" excuse sounds a little thin to justify spending 4 months (months?!?) reading instead of jumping in and maybe identifying the issues earlier. If I were his manager I'd be upset that Jared hadn't taken more ownership early on, especially given that the other two developers were temporary.

  • anon (unregistered) in reply to Lingerance

    Or when the user logs in, tr/eE/fF/ on the username, look it up in the database, and update it with the correct spelling.

  • Perplexed (unregistered)

    And another thing- is the article really pushing the notion that Jared couldn't develop and test without directly accessing code and data in production? If development and test environments weren't available and accessible, there's no better time to force the issue. Worst case, just set up your own local database and webserver if you have to. This just reads like he was working the wrong way for a long time, someone blocked his ability to work the wrong way, and he quit, probably never having bothered to ask or understand what processes were in place.

  • (cs)

    Regarding the database fixing: At least with first names, it would have been easy to use a dictionary-based guessing system. Last names more tricky, but with a few rules about pronunciation most of those would have been taken care of too. It leaves perhaps a hundred edge cases.

    The database was big enough to justify a heuristic approach - let alone that programming a computer to sort out those letters is far less traumatizing than doing it yourself.

  • Dd (unregistered)

    2 years? I went back to my ex-workplace to pickup some things after 6 months once and all that was left was a smoking crater.

  • freakwent (unregistered) in reply to pico suave

    Because we haven't got a good union.

    Just wait for a minute.

    Just think.

    What happens in a 2-week strike of all IT people?

    A month, nationwide -- or worldwide! Port workers have done it....

    Just how much is it worth to corporates to avoid that sort of thing?

    There's your pay rise, right there. Organised labour.

  • Nick (unregistered)
    Later, everyone's passwords were changed to one password. One password common to everyone. Users weren't allowed to change their passwords, either. They also stripped Jared of his ability to work on any of the sites by revoking access to the servers, disabling all of the nightly batch jobs that he'd created, and deleting his user account from the production site. He wasn't even given read-only access to the code. And that's how Jared could no longer do his job.
    How does this even happen? Didn't someone in IT say how stupid this was?

    I contract for a government department managing their critical Oracle systems, as a government department we have audits every 6 months, part of the audit involves system security. One of the auditors recommendations was to disable the Oracle administrator account "because it was too powerful", they obviously didn't think about this for too long.

    I told them it was the stupidest thing I have heard (not in those words of course), explained to them why, and refused.

    Why don't IT departments actually stand up against management when they want something insane like this, ie. DO THEIR JOB.

  • Lynx@Work (unregistered) in reply to Nick
    Nick:
    Why don't IT departments actually stand up against management when they want something insane like this, ie. DO THEIR JOB.
    There's a number of reasons. One, in some places, it's cultural for people to just nod along with the management and then grouse in private. I can tell you guys it's extremely annoying to hear the grouses.

    Two, in some places IT is viewed as a cost center, meaning it doesn't provide revenue and would need another department (commonly known as the User) to provide revenue. So in some cases, the decisions were forced upon the IT department by the Users and politically it was pretty suicidal to refuse.

    But I do tend to agree that at least in my environment, IT management tends to be more "bend over" than "up yours". It's quite sad actually, considering how much implicit political power IT has nowadays.

    As for the intern, it's a bit amusing in a dark way. For me, we are increasingly dependent on interns -- the line managers tend to see them as cheap resources, better than contract programmers. Yet that's probably the worst way to treat interns, and in the long run the absolute pits when it comes to relationships with tertiary insituitions.

    Still, as evidence by this particular case, you really cannot expect interns to be as professional as, well, professionals are supposed to be. So we're caught in between wanting to give interns a more meaningful internship, and safeguarding the corporate's interests. It's really a no-win situation IMO.

  • (cs)

    Been there, seen that... A couple of years ago in a company meeting I was voted to be the "most positive guy in the company". I was very surprised. As an award I was given a lottery ticket. Woo-hoo. Since that I have NOT been the most positive guy in the company.

    Hey gimme a break, is there ANY sense in giving a lottery ticket as award in the first place? Most propably the ticket is less valuable than toilet paper - there's already something written on it so you cannot use it to write down notes, and it is not soft enough to be used as toilet paper. If - by coincidence - the awarded one happens to win couple of million bucks, he would most propably quit and stop wasting his/her valuable time for working.

  • Make Lemonade (unregistered)

    [quote]He wasn't even given read-only access to the code. And that's how Jared could no longer do his job.

    Finally, Jared submitted his two weeks' notice and found another position.[quote]

    See, now that's the wrong solution. What he should have done was to keep "working" there, and drawing the same paycheck, forever. Management clearly didn't pay any attention to anyone in his department unless something blew up, and even if it did he could point to his lack of access to get off the hook. He could then use his now-copious free time to do freelance contract work on his laptop -- a nice double-dip.

  • blastard (unregistered) in reply to Troy Mclure

    I once came back (to a place where I had been an intern) for a jacket after a year. It is gone again now.

  • blastard (unregistered) in reply to sirhegel
    sirhegel:
    Been there, seen that... A couple of years ago in a company meeting I was voted to be the "most positive guy in the company". I was very surprised. As an award I was given a lottery ticket. Woo-hoo. Since that I have NOT been the most positive guy in the company.

    HA HA HA HA HA HA HA HA HAHAHA! HAHAHAHAAHAHAHAHAHAAAAAAHAHAHAHA! Omg, that was so frakking funny!

  • Me (unregistered) in reply to Lingerance
    Lingerance:
    punissuer:
    Veinor:
    worsethatuseless:
    The thing I don't get is why the user names thing was so big a deal. Have everyone e-mail you there username and run them through the same filter to get a backwards map and then run that on the table. About 10 lines of code to generate the map and not a lot more to run the database updates. What am I missing?

    Erank, Erancis, Erancine, Steeanie, and Josee would like to have a word with you.

    I think what worsethatuseless means is that Stefanie emails you, you run her name through the "same filter" (tr/eE/fF/), and now you know that in the database, "Stffanif" means Stefanie. It sounds like a pretty slick plan, except for one thing--the users aren't a database you can query at your leisure. As a group, they won't answer your beck and call the way Oracle does (for instance), and they won't appreciate being treated that way.
    The fact that they probably can't login to email you might also be quite prohibitive.

    Josee is a name btw.

    Thier email addresses will also have had the e-f translation, so that won't work too well. You will still need to phone people up, and of course everyone has had it drummed into them that they should not give out private details over the 'phone.

  • sweavo (unregistered)

    Graduates: If you secure an important key position of high responsibility fresh out of grad school, bear in mind you will be working for the sort of company that will give an important key position of high responsibility to someone fresh out of grad school.

    Captcha: you spelled "tasty" wrong.

  • (cs)

    TRWTF is that the article is 1192 words including the code segment, whereas Jake indicates that the article is 1349 words.

  • Anonymous Coward (unregistered)

    I once was rewarded a few months of overtime with an admittedly very fancy dinner. Although it didn't quite compensate for all the extra hours I put in, it was a nice token of appreciation. But I never worked overtime like that again.

    If there is no room for a bonus, just say so. But being rewarded with 4 bucks for months of overtime? I'd consider that a downright insult. Worse than failure, indeed.

    captcha: smile

  • AnonAndOnAndOn (unregistered) in reply to Helix
    Helix:
    TRWTF is that the article is 1192 words including the code segment, whereas Jake indicates that the article is 1349 words.

    Maybe some of it it hidden in comments.

  • Panencephalitis (unregistered)

    Hahahah. Unpaid overtime. That's why I left IT for the field of medicine.

    Wait -- What is that? 80-100 hour work weeks with no overtime???? CRRAAAAAAAAAAAAAAAPPPPPPPPPPPPPP!!!!!!!

    *** Panencephalitis has left #med-school

    captcha: bathe

  • seamus (unregistered) in reply to Lynx@Work
    Comment held for moderation.
  • tsrtg (unregistered)

    I would say that Jared was a clueless idiot who could not fix a simple corporate web site in 2 years. A web site that was created by somebody who was working 2 hours per day for a couple of months. Ha-ha. And he could not even figure out how the intern changed the data? Provided that he had all the information and moreover the intern's system was replaced by his own by that time? A true professional! (BTW I suspect the intern has nothing to do with that, and the decision to stop all Jared's batch jobs was correct)

  • Foomcbar (unregistered) in reply to tsrtg

    Apparently tsrtg has never had to deal with the mountains spaghetti code that someone like that intern can produce.

    2 years is a long time, yes, but seriously bad code can be really really difficult to just "fix".

    Stopping the batch jobs, that probably actually did important things...yeah, great decision </sarcasm>

Leave a comment on “That's One Way to Secure It”

Log In or post as a guest

Replying to comment #:

« Return to Article