Our business-critical internal software suite was written in Pascal as a temporary solution and has been unmaintained for almost 20 years. It transmits cleartext usernames and passwords as the URI components of GET requests. They also use a single decade-old Excel file to store vital statistics. A key part of the workflow involves an Excel file with a macro that processes an HTML document from the clipboard.
I offered them a better solution, which was rejected because the downtime and the minimal training would be more costly than working around the current issues.
cleartext usernames and passwords as the URI components of GET requests
I’m not an infrastructure person. If the receiving web server doesn’t log the URI, and supposing the communication is encrypted with TLS, which removes the credentials from the URI, are there security concerns?
Anyone who has access to any involved network infrastructure can trace the cleartext communication and extract the credentials.
What do you mean by any involved network infrastructure? The URI is encrypted by TLS, you would only see the host address/domain unless you had access to it after decryption on the server.
Browser history
Even if the destination doesn’t log GET components, there could be corporate proxies that MITM that might log the URL. Corporate proxies usually present an internally trusted certificate to the client.
downtime
minimal retraining
I feel your pain. Many good ideas that cause this are rejected. I have had ideas requiring one big downtime chunk rejected even though it reduces short but constant downtimes and mathematically the fix will pay for itself in a month easily.
Then the minimal retraining is frustrating when work environments and coworkers still pretend computers are some crazy device they’ve never seen before.
i worked for a hybrid hosting and cloud provider that was partnered with Electronic Arts for the SimCity reboot.
well half way through they decided our cloud wasn’t worth it, and moved providers. but no one bothered to tell all the outsourced foreign developers that they were on a new provider architecture.
all the shit storm fail launch of SimCity was because of extremely shitty code that was meant to work on one cloud and didn’t really work on another. but they assumed hurr hurr all server same.
so you guys got that shit launch and i knew exactly why and couldn’t say a damn thing for YEARS
Not to put the blame on the devs, but the problems might have been attenuated by defining a proper interface layer against the server.
It’s a damn single player game 💀
The company would bid on government contracts, knowing full well they promised features that didn’t exists and never would, but calculating that the fine for not meeting the specs was lower than the benefit of the contract and getting the buyers locked into our system. I raised this to my boss, nothing changed and I quit shortly after.
There is a million times more counterfeit/fake items at amazon than you think, and they dont care one bit to fix the problem
I recall watching a video about the nature of how things are stored at Amazon warehouses - basically if there are multiple sellers offering the same item it all goes in the same bin. Even if you are providing a genuine product, there’s a very good chance one of the other sellers is not, and that counterfeit gets sent out attached to your seller ID. Then you get a complaint for selling a counterfeit item someone else provided.
Then when that seller is caught and booted, they just register another trademark with 5-10 random characters and do it again. This is causing a massive headache for the US Trademark Office as well.
Having worked for Amazon across multiple facilities. This is not true or at least wasn’t. When stowing everything seemed pretty random for spots. Seemed to be where ever there was space. But the items themselves when not sold directly by Amazon use a different set of numbers than the B00 number I think it is an FBA (fulfilled by Amazon) number.
That being said, just going to the bathroom was enough to tank the rate for day and have to play catch-up. Lunches reset this.
In one facility they caught two people in a Gaylord having some relations. Same facility they found a used sex toy that had biological material.
I bought a pepper grinder called the Pepper Cannon. Yes, its wonderfully overengineered and costs a fortune. But it’s made in the USA, and they’ve been pretty open with their startup process for making it.
Few months ago I was browsing across amazon and lo and behold, some pepper grinders that look identical to the pepper cannon came up. They were all cheaper knockoffs, selling for a fraction of the cost, and outright stealing PCs industrial design. I didn’t buy one, as I don’t need one and didn’t really care enough to test if the mechanism was the same as the one I bought, but I did drop a line to the pepper cannon guys so they can try to get em delisted
Now I want a Pepper Cannon. Would you recommend getting it, before I ruin my hype by looking up the price or what is actually is? :D
Its really great if you like pepper. It puts out an absolute ton of it, and you’ll find yourself going through way more black pepper than you thought you ever could. And the grind settings are unrivaled; you can get tiny little faerie dusts of pepper, all the way up to big honkin flakes that work great on a steak. Whenever I’m doing a brisket or similar on the smoker, its great to have on hand
Its milled out of a single billet of aluminum, the grinding mechanism js custom built, and the whole thing just screams quality.
And you pay for it. They’re around $200
There’s also a salt cannon, if you want the same sort of thing but built for salt. I got it because I like the matching pair, but you don’t strictly need it; salt is salt, regardless of where it was ground.
Big german TV production company with succesful primetime action series used rented cars for their stunts. Different people from the team rented them with full insurance, returned them crashed. They did this until every car rent in the city stopped offering insurance without retention.
Any chance to get to know which one? :)
The buildings alarm code was 0711. Guess where I worked…
No way.
Dollar tree?
I quit a well known ecomm tech company a few months ago ahead of (another) one of their layoff rounds because upper mgmt was turning into ultra-wall street corpo bullshit. With 30% of staff gone, and yet our userbase almost doubling over the same period, they wanted everyone to continue increasing output and quality. We were barely keeping up with our existing workload at that point, burnout was (and still is) rampant.
Over the two weeks after I gave my notice I discovered that in the third-party app ecosystem many thousands of apps that had (approved) access to the Billing API weren’t even operating anymore. Some had quit operating years ago, but they were still billing end-users on a monthly basis. Many end-users install dozens of apps (just like people do with mobile phones) and then forget they ever did so. The monthly rates for these apps are anywhere from 3 to 20 dollars per month, many people never checked their bank statements or invoices (when they eventually did, they’d contact support to complain about paying for an app that doesn’t even load and may not have for months or years at this point).
I gathered evidence on at least three dozen of these zombie apps. Many of them had hundreds of active installs, and were billing users for in some cases the past three years. I extrapolated that there were probably in the high-hundreds or low-thousands of these zombie apps billing users on the platform, amounting to high-thousands to low-tens-of thousands of installs… amounting to likely millions per year in faulty and sketchy invoicing happening over our Billing API.
Mgmt actually did put together a triage team to address my findings, but I can absolutely assure you the only reason they acted so quickly is because I was on the way out of the company. I’d spotted things like this in the wild previously and nothing had ever been done about it. The pat answer has always been well people are responsible for their own accounts and invoicing. I believe they acted on this one because I was being very vocal about how it would be ‘a shame’ if this situation ever became public, and all those end-users came after the company for those false invoices at one time. It would be a PR and Support nightmare.
You have definitely interacted with this ecommerce platform if you shop online.
Ohhh shit that’s a good one.
I recently de-googled but I completely forgot to check if I had any old app subscriptions. Thank you for indirectly reminding me to do that.
I’m unfortunately dependent upon said company, as a “partner”, which just means a hack indie developer who herds customers to the slaughter for the corp.
The last round of layoffs was a brutal experience for the “Plus” customers. They lost crucial advisers and support, and now the guidance available is a bored and untrained chat support thrall on the other side of the world, or a stochastic parrot.
You can smell the enshittification from here. The vendor lock-in is so intense it seemed inevitable.
You’re absolutely right on all counts. And that’s why I quit (without waiting around to be laid off which frankly the severance package would’ve been nice). I got hired into the first (private) company I applied to, I’m thriving, and I don’t miss that stink of wall street/silicon valley money at all.
This has GOT to be Shopify
✅️ is a shopping platform
✅️ has an app ecosystem with a billing api
✅️ high probability that someone who shops online has interacted with a store on the platform
✅️ multiple rounds of layoffs w/ staff stretched thin
✅️ unclear ambitions of being a megaplatform, beyond what it already is
I guess we’ll never know, lol
Name and shame!
just guessing here but sounds like the rain forest company.
I’m guessing that if you have the right kind of Pal, you could figure out a way to Pay them to help you figure it out…
I worked for a furniture store. They used to buy mattresses and furniture sets for like $200-300 and arbitrarily sell them for around $700-1000. I used to be able to haggle with people and still sell them for like double what they cost. I hated that job for so many reasons
Worked in tech support for a satellite based Internet company that oversold its bandwidth on one of the satellites.
We told customers on that beam we were working on it. The actual solution was attrition. Eventually enough customers would quit that service would be better for those that remained.
Starlink must be getting like that in some places. The further away from civilization you are, the better the service. Use it in the footprint of a city and you’ll probably regret it.
I worked for for the railroad. Nothing is fixed ever. I witnessed hundreds of code violations every day for years. Doesn’t matter if a rail car or locomotive meets code as long as it “can travel” its good to go.
When an employee inspector finds a defective rail car management determines if it will get fixed. If the supervisor “feels” like “it’s not that bad” then the rail car is “let go”.
Oh, so like ambulances in the USA.
“The ambulance had issues making it unsafe (or even illegal) to drive? But it can still drive down the road? Doesn’t seem too bad: keep an eye on it.”
You’d think they’d have money to keep it pristine, with how much a short ambulance ride costs in the USA
Just like hospitals, that money is going straight to the top and staying there.
Everything comes in frozen. Before mixing with the sauces it smells off. Half the staff mix without gloves. Dont get the tuna but have it your way…
Working at the morgue must have been tough
I used exclusively go into subway for the tuna sandwich…
The first steel mill I worked for, the test requirements were more of a suggestion than a rigid specification. I, a trained and skilled engineer with the capacity to make informed decisions, had to run all rejections by my boss who would tell me “it’s close enough” even if it wasn’t. Sometimes it bit us in the ass with warranty failures, but the warranties were probably cheaper than internal rejections (and what is brand perception worth?).
My second steel mill job, I was the one making the rejection decisions. I did the hard thing and rejected our failures but I also troubleshot them to prevent recurrence, making our product and capability better over time.
It very much matters who you buy your steel from; two mills can have vastly different performance for the same products based on how they handle these situations.
I work in pest control and 99% of the shit we use. You can buy without having a license. The license just covers us to use the products on other people’s houses responsibly. If you really want to do pest control, you only need a few chemicals and they are all easily obtainable on Amazon.
Battersea Dogs Homes senior dog carers are employed based on their PR experience and not at all on their experience at looking after dogs
Alesis, creators of ADAT Type 2 digital audio tapes hired none other that James Doohan to promote it playing the “Famous Engineer” because they didn’t get the rights to anything Star Trek.
It was only played during trade shows, but someone I know got a copy.
