• DocMonster (unregistered)

    And that is the story of how Rick Scott became Governor of Florida.

  • Ron Fox (google)

    But in the end, he simply had been making it up the whole time.

    A curt summation of life the universe and all that which is not 42

  • Nope (unregistered)

    Well thank God that this Hanzo-wannabe arc is done with....

  • Gernsucks (unregistered)

    All that, and she just walked away? Can Gern stop writing ridiculous fantasy stories now, they're awful and he just starts whining on twitter when people criticize.

  • LCrawford (unregistered)

    I'd like to hire anyone who can diagnose a vulnerability in Chrome's image handling after the fact just by looking at the image on the screen.

  • Brian (unregistered) in reply to Gernsucks

    I don't think they are awful. I think that is really unfair. Maybe it's not your cup of tea, but does everything have to be to your preference? Or can some things exist that you don't enjoy? Is it okay with you if the rest of us enjoy things that you don't?

  • (nodebb)

    What the fuck? This story made even less sense than previous ones:

    1. Hacker opens malicious image from USB drive on a computer (why an USB drive? couldn't just open it from an URL instead and avoid acting suspicious?)
    2. Malicious image uses an Chromium exploit to do something nasty in the kernel (
    3. By some miracle, this causes all the servers to become hacked, which causes them to melt on reboot.

    CPUs melting down is pure fiction and a joke (https://en.wikipedia.org/wiki/Halt_and_Catch_Fire).

    Not to mention that using a server as a desktop or development machine is terrible practice, these things are always placed somewhere out of reach like server rooms or utility closets because of security, noise and cooling requirements, and are generally administered via a command line rather than a GUI. Just like any other cloud environment Mercy is supposedly experienced in.

    This series is way worse than Hanzo and IMHO is written by someone who never had a real IT job and thinks that the ability to run a webserver on a regular desktop is pretty amazing.

  • D-Coder (unregistered) in reply to DocMonster


  • ChaoticEd (unregistered) in reply to zlogic

    Your conclusions are faulty I fear. As a HPC I have repeatedly come across companies, even large Fortune 500 ones, that run public servers on desktop hardware. Usually its a small project where one or more testservers have gotten "promoted". Usually its time-limited campaigns.

  • WhyNot (unregistered)

    Why not just pull the plug? No power, no "HACF sequence". Problem solved.

  • (nodebb)

    TRWTF is not locking your screen.

  • (nodebb) in reply to ChaoticEd

    Fortune 500 companies usually have all sorts of regulations to deal with and running servers without blessing of IT is generally a big no-no. PCI DSS for example requires exploits to be patched ASAP, firewalls to be deployed even on desktop machines without access to card data and so on. If the company hosts its own online store or accepts online payments in any way, it has to comply. And getting a port open on a desktop machine usually means filling a bunch of forms and explanations to the IT department and security team. If the network is managed by a third party, it's even more complicated. IT would probably also need full access to the machine to patch zero-day exploits which could compromise the whole network (exactly what happened in the story here!).

    The bigger the company, the higher chance it's going to be attacked, which means it takes security way more seriously than small businesses, and that means they try to reduce attack vectors by removing everything not required to do the task (browsers, GUIs, unneeded services, USB drives...). If someone wants to run a server on their desktop, they will probably have to spend months before the security team gives their blessing and unblocks it in the firewall.

    And anyway, the story here was that Mercy got to buy a bunch of "servers" and configure them on her own. She was familiar with cloud hosting (and was planning for it originally) and created a quite advanced setup with load balancing and everything. In fact, this article (http://thedailywtf.com/articles/mercy-the-mercenary-in-the-cloud) specifically states that "Ubuntu CLI" (Ubuntu Server?) was used. Seems like a decent setup, with proper deployment procedures and remote administration tools. But in this story the headless server somehow gets to run Chromium and is used as a desktop.

  • t0pC0der (unregistered)

    The Real WTF is so many of us taking the time to read these articles. I only wish I could forget I ever read them

  • Zahndethus (unregistered) in reply to DocMonster

    Well, Rick Scott is Lord Voldemort...

  • DocMonster (unregistered) in reply to Zahndethus

    You shut your filthy mouth, mudblood. Don't compare the Dark Lord to that cretin.

  • (nodebb) in reply to zlogic

    Fortune 500 companies usually have all sorts of regulations to deal with and running servers without blessing of IT is generally a big no-no.

    But it happens anyway. IT is often a bit too good at saying “no” and you get the situation where the rest of the business starts to try and route round the damage. This is particularly prevalent when a new area is opening up and nobody in IT has really realised that they need to take on more systems, when the business is still exploring whether they're going to want to make a go of something or not. If you've got a C*O who sees the demo and decides “this goes live immediately!!!” then the kit that the experiment was running on will suddenly get promoted to production despite not being suitable at all.

  • Webskale (unregistered)

    TIL pay your hackers well, or they rat you out to a lady with a cell phone.

  • Joseph Osako (google)

    Finally, this series gets the Mercy killing it needed. Now all we need is for Mercy to wake up and realize it was all a nightmare and our journey to the Dark Side will be complete.

  • Andrew (unregistered)

    I'm in agreement with zlogic. This story doesn't make sense. I know of some CPU flaws and looked up anything related to overheating an x86 CPU; there isn't any. Unless your cooling solution was complete crap and a power virus ran on them, you're not going to have a literal halt and catch fire instruction sequence. Most CPUs and motherboards will trigger an automatic shutdown if temperature goes beyond a certain point.

    Also, I don't think CPUs have a 'burning plastic' smell to them when they catch fire. Another thing: how freaking stupid would you be to NOT call the cops after an intrusion like that? Who cares about keeping it quiet, you'd get great media coverage and the ability to point a finger at the opponent as a prime suspect.

    Another reason why this never happened: hackers typically don't leave calling cards.

  • DocMonster (unregistered)

    Honestly this series sounded like a bad plot on House of Cards.

  • (nodebb) in reply to dkf

    Yes, this does seem a likely scenario... It all probably depends on how flexible the IT department is. I've seen too many super-bureaucratic organizations where adding an IP to the list of firewall exceptions took months, and escalating didn't help one bit :(

  • Ron Fox (google) in reply to dkf

    Well yes...in the new product or new technology the really insidious words are "We'll just bring this up as a test and we can make it production later if it works out"

    6 months later you have all sorts of dependencies, on this 'test' system and before a year is out it starts to be considered mission critical. Making it production? Well that happened once the ok was given to bring up the test.

  • Ron Fox (google) in reply to Joseph Osako

    Or maybe Mercy's middle name was Paula?

  • Verisimilidude (unregistered)

    Despite the nay-sayers I found the Mercy arc entertaining. Thanks for a good work writing this up. I have to wonder if the anonymizing moved the 2006 Alaskan governor's race south.

  • Hans the Great (unregistered)

    I do read many stories. Some are great some are not ... , Some stories describes horrendous stupid people, wherein I almost never can find anything like that in real life or is situations I have worked in the last 35 years. Some other stories describes things I have seen worse in real life. I read this site and pick the pearls now and then and let other, for me less interesting, stories be.

    When you worked around the world as a HPC as I have at bigger and smaller companies you would be surprised to see how bad things can be. Small or Big does not matter. How bad code can be, created by highly educated programmers (HEP) and how good it sometimes can be made by beginners.

    If you cannot say anything nice, don't say anything at all!

  • cbd (unregistered) in reply to Andrew

    "Hackers typically don't leave calling cards"

    Stupid ones, or ones trying to be like the hackers in movies/tv do.

  • Anonymous Coward (unregistered)

    Well, at least this Mercy series is consistent. Once again, our hero is the biggest WTF:

    • leaving a critical system unlocked
    • using a server as a workstation
    • not reporting this crime to the authorities
    • not being able to leave servers running for a few days without rebooting them
  • (nodebb) in reply to Anonymous Coward

    It's a temporary election campaign base, these places are not run like companies, not to mention most of them don't have data that needs to be maintained for more then a few weeks anyway. In many cases the elected wieners want them lost, so they can deny the promises they made.

  • (nodebb) in reply to dkf

    If you've got a C*O who sees the demo and decides “this goes live immediately!!!” then the kit that the experiment was running on will suddenly get promoted to production despite not being suitable at all.

    This. So much this. I'm still trying to get an internal site I hacked up in a week to get promoted to Production servers (because it's stuck on the Dev server and people are using it like it's the final version!).

    I think I'm actually going to add a paywall splash to the home screen, that'll get them to move, right?

  • Tim! (unregistered) in reply to Andrew

    The magic smoke in CPUs and other electronic components definitely has a recognizable electrical fire smell. Its exact aroma depends on the material used for the dielectric, which is most often some kind of plastic.


  • Lurch (unregistered)

    This whole thing was like watching a series (sorry, season) of Scorpion.

    I'm still not sure how I feel about it.

  • Anna (unregistered)

    i liked these mercy stories. get wrecked, nerds.

  • Alec Baldwin's cousin (unregistered) in reply to Anna

    Are you Gern's mom, sister or just another one of his female fantasy?

  • löchlein deluxe (unregistered)

    Oh FFS. Can we please have Mandatory Fun Day back instead? If I want bullshit drivel, I'll go watch the firewall scene in Assword: Swordfish again, TYVM.

  • GorGutz 'Ead 'Unta (unregistered)

    Ahhhh! Stop liking things I don't like!

    Also, who the fuck are Hanzo and Paula? Is there some meme I'm missing out on here or something?

  • foxyshadis (unregistered)

    Lovely example of a series that started off strong and grounded, then got spun off to less and less believable heights, until being summarily killed off when the writer couldn't think of anywhere else it could go. Great job with the HCF plot though, that did wonders for the verisimilitude (or lack thereof). I only disagree with you not having a console shock our heroine and put her in a coma, after which she dedicated her life to SEAL Team 6 elimination of foreign hackers. Think of all the Tom Clancy plots you're giving up!

  • (nodebb)

    If you go to the site's main page, on the left you'll see a "Contents" header. Look underneath that to the "Classic Articles" list and the very first one there is "The Brillant Paula Bean". That's Paula.

    Hanzo refers to an earlier series of stories by the same writer (Erik Gern), which were fairly roundly criticised for poor writing, descriptions of technical issues that made no sense, and the submitter appearing to be the biggest WTF - as has happened with this series also. You could find them by googling "hanzo site:thedailywtf.com", but to save you some time: http://thedailywtf.com/articles/I-Didnt-Do-Anything http://thedailywtf.com/articles/Waste-Not,-Want-Not http://thedailywtf.com/articles/SyncingSunk http://thedailywtf.com/articles/Authenticated-Authentication http://thedailywtf.com/articles/Printer-Futility

  • (nodebb) in reply to GorGutz 'Ead 'Unta

    There is some meme, yes. "Missing", however....

  • GorGutz 'Ead 'Unta (unregistered) in reply to Scarlet_Manuka

    Thanks for the explanation.

  • StuMan (unregistered)

    Stop posting shitty, essentially fanfic wankery, noone wants to read this Mary Sue I can do anything look at me and how cool I am garbage.

  • Jay (unregistered) in reply to Nope

    Personally, I liked it. It's fun getting a little more depth with the serial format.

  • The Original Fritz (unregistered)

    Bring back Mandatory Fun Day.

  • FritzBot (unregistered) in reply to The Original Fritz

    It's actually amazing how many bad in-house post formats were attempted by the TDWTF staff.

  • Zelornium (unregistered)

    He strung me on for a while there, but this finale convinced me that the Mercy series is an epic troll. I applaud you sir.

  • Notsonormal (unregistered)

    "In the beginning, Mercy thought he was brilliant. But in the end, he simply had been making it up the whole time." Pfffffffffff

  • _that_guy_ (unregistered)

    But in the end, he simply had been making it up the whole time.

    Someone forgot to format the editor's note.

  • _that_guy_ (unregistered) in reply to Anonymous Coward

    My thoughts exactly. Multiple PCs running Linux behind a load balancer and you're going to need to reboot them all for updates within a couple of days? I smell a Windows user projecting problems onto other OSes.

  • Steve (unregistered)

    Wait, so is Mercy the villain of the story here? Is she some kind of evil black hat programmer? Because as I see it, she just disobeyed a direct order which, had she done what she was told, would have prevented a totally unsuitable sick, scared, old man from becoming governor.

  • Why (unregistered)

    TRWTF is why you keep publishing your Mary Sue garbage on a site that is supposed to be about strange coding implementations.

Leave a comment on “Mercy the Mercenary in… a Heated Argument”

Log In or post as a guest

Replying to comment #:

« Return to Article