• FRIZT (unregistered)

    FRIZT!

  • (nodebb)

    We have to take cybersecurity courses every 3 months, but it seems like this has no effect on the capabilities of my fellow coworkers.

    You cannot fix sloppiness with courses. That's one thing a developer has to do by himself/herself and it's a never ending effort. Every person is sloppy to a degree, some more, some less. If you can't get a grip on it, you always will be a liability, coworkers will have to constantly verify and correct your work and nobody is going to be happy. So at this point it's a matter of maybe picking another profession like, I dun know, a manager or politician perhaps.

  • FRIZT (unregistered)

    Yay I did it! Also I don’t blame her coworkers, asynchrony is sooo hard. I know some coders who put async on every function and await on every line to make sure nothing breaks

  • Sauron (unregistered)

    Gretchen saw this line in the front-end code for their website and freaked out

    Rightfully so!

  • (nodebb)

    My company subscribes to an online cybersecurity training service, but I've stopped wasting time taking the classes. They're all about obvious things like locking your computer/phone, shredding proprietary paper documents, how to recognize phishing email, etc. Nothing about how to write secure code.

  • (nodebb)

    I worked for a popular online travel company, where were took classes on security every year, the first lesson was always "Never store passwords, nor send them to users when they forget". Of course, that's what we did (not my team, but the backend people). They are now just a marketing brand of one of the two big brands. Why take lessons if you don't learn from them?

  • (nodebb) in reply to MaxiTB

    That's one thing a developer has to do by himself/herself and it's a never ending effort.

    I goes further than this. A developer cannot improve without looking at the code base they are responsible for and deciding in what ways it is troublesome. Until there's something you disapprove of, you'll follow the same patterns forever - or maybe randomly change with no actual direction in mind.

    One of my standard questions to ask other developers is "What annoys you about writing code in <<platform of choice>>, and what might improve this situation?"

  • (nodebb)

    To follow up on my own comment with an example...

    The other day I ran into these two lines in a unit test:

    var controller = serviceProvider.GetService<ServiceClass>(); var result = controller!.Method();

    I proposed this change:

    var controller = serviceProvider.GetRequiredService<ServiceClass>(); var result = controller.Method();

    Half a dozen people said "that's the same thing!". I responded with "The first failed with a null reference exception that you have to figure out, The second fails with a 'Cannot locate service ServiceClass' error that gets you on the right debugging track much quicker."

  • Anon (unregistered) in reply to Barry Margolin

    My previous company subscribed to a service called "phriendly phishing". Every so often, they'd send out fake phishing emails and see if you caught them or were caught by them.

    This service consistently sent those emails from a particular set of domains, so I set up rules in Outlook: if the From: address was one of those domains (or a subdomain of those domains), send it straight to junk. Life's too short to have to deal with that crap.

  • Officer Johnny Holzkopf (unregistered) in reply to Barry Margolin

    The primary purpose of those classes is to "shift money around". You give me money, I give you a stamped certificate. With that certificate in hand, you can make your service 10% more expensive, because now you're "Business Excellense Gold CERTIFIED Enterprise Security Class A+ Premium", signed, Bigheadthinker, (o). And everyone is happy with that solution...

  • SG (unregistered)

    You cannot fix sloppiness with courses.

    No, and HR tends to frown on fixing it with a cattle prod.

  • SG (unregistered) in reply to Anon

    My previous company subscribed to a service called "phriendly phishing". Every so often, they'd send out fake phishing emails and see if you caught them or were caught by them.

    Oh, those are a pain. I got some flak one time for failing to click the "report a scam" button on one of them, but IT backed down after I pointed out it that reporting it as a scam required me to actually spend more than a fraction of a second looking at it before clicking delete.

  • (nodebb)

    I would sooner expect the tissue-paper-thin proxy was not the idea of a dev, but rather a brilliant tech lead AKA PHB in training who said "we need this done today, and only today. Do what you can in 5 hours, then release it to prod".

    As a greenfield design it of course make s no sense. But as the smallest possible band-aid that permits them to truthfully tell some suit "We did something to resolve this audit finding." it makes complete and cost-effective sense. Until the next time.

Leave a comment on “The Mask Service”

Log In or post as a guest

Replying to comment #:

Log Out

« Return to Article