Far better to shove everything through port 443 and redownload the software over and over until the end of time.
Windows will invariably tell them your software is not secure and block it.
It doesn't matter what the software does, all that matters is that only your company runs it, so there isn't a million people out there with a copy.
Oh boy I have some bad news for thise IT security losers
And we wonder why ageism exists in our industry. Not saying that’s fair or all of it by any stretch, but ouch. It goes to show many of these worst practices are alive, well, and employable.
I'm _not staying you should_, but if it works and makes money, it may not be that dumb.
UUencode all 354 fields (64MB string) and put it in a hidden input field!
Twice!!
In practice they led to fairly severe security vulnerabilities. "XXE" used to be an OWASP Web Top 10 issue, and the reason it dropped off the list was because XML mostly went away, not because it stopped being a thing.
> But at least, I think XML doesn't have macro expansions, so that's a win.
XML, like HTML, has entities that can be expanded. Unlike HTML you can define them in XML and this led to the "Billion laughs attack": https://en.wikipedia.org/wiki/Billion_laughs_attack
Well, that seems to not matter for the people writing YAML.
> XML, like HTML, has entities that can be expanded.
Lol! Of course I'd be wrong about that.
Expecting XML not to have a well known security vulnerability is a losing proposition.
But seriously, it's not only cynical careerists who are pumping resume keywords like it's a game everyone is playing, and everyone keeps quiet about RDD, etc., because nobody wants to spoil it for everyone. It's also people who are really into one of the keywords, and think it's the most important thing, or the only important thing.
-- Past Case Study #1 --
Context: interview with systems research PhD brand-new founders, after my cold outreach pitch as a "startup generalist" (I think I said it in the headline) who would complement the scientists.
Me: (paraphrased) You're the experts in novel distributed systems research niche X, and I can't help you with that. What I can help with is all the other early startup work you'll need done, like bespoke infrastructure that works with X, Web consoles, mobile apps, some systems programming, product definition, project management, helping academic researchers and industry engineers work together, whatever needs to be done.
PhD founder: (this might be an exact quote) We need an expert, not a generalist.
-- Past Case Study #2 --
Context: interview with a mid-stage startup's CTO, who was hired for distributed systems expertise.
Me: I suspect that a Postgres server on a modest cloud server can handle the entire planet's activity of X. And (since the company's recruiting materials emphasized bias for action, and rapid iteration) we could very quickly build and validate that empirically with simulated transaction load. Of course, in production, we'd set up Postgres with distributed failover, etc.
CTO: I going to need a severalth one-on-one interview with you, an offer is imminent, but it's unclear whether you'll ever be allowed to talk with anyone else on the team, who you pointedly have still not yet met.
Haphazard schema is the quickest way to develop terrible performance, loss of referential integrity, and insane queries. Well, outside of sticking everything into a JSON column.
I have occasionally stuffed json into proprietary software data fields to get that data accessible/usable by another system.
(High performance not required)
And some closed proprietary software does things like adds a few additional fields for pragmatic end user extensibility like this.
The practice predates JSON, but sometimes your bespoke string or ID or whatever in field "Custom 1" is all compromise you need to make things work well.
It works fantastically well, and don't let anyone tell you that you MUST bloat the CLI interface of your program with every possible dial or lever it contains. We should all be cogent of the fact that, in this very young and rapidly evolving profession, textbook and real-world best practice often do not overlap, and are converging and diverging all the time.
I want to name names - I could cross-reference some of these with specific company names that you've heard of, but I shan't.
I'll definitely keep this website in my hip pocket to privately throw at teams going forward, as needed.
The manager doing the exit interview started getting defensive and blaming my "attitude problems" [1], and eventually I started explaining that it felt like the entirety of the culture at BigCo, particularly amongst management but even with engineers, came down to "try and justify your existence in the company". Instead of doing things ways that are easy and straightforward, you instead were incentivized to make your code complicated so you can brag about how complicated it is, and then drop constant references to your management about how hard what you're doing is.
The manager didn't like this response, and got more defensive, we ended up going back and forth, and eventually the interview ended and despite taking a pretty considerable paycut I was ok with my decision.
I didn't know the term "Resume Driven Development" until after I left, but that was a pretty accurate description.
[1] Not completely wrong, but that doesn't absolve them of their sins.
(Sorry, you struck a nerve with your BigCo depiction. :-)
When I said that the job boiled down to a lot of people trying to justify their existence, Steven said "do you really think that people are doing things to justify their existence in the company, Tom? Really?"
I responded back with "Yes. I think some managers, STEVEN, really like to schedule meetings to make it look like they're doing important work, STEVEN, despite the fact that most of these meetings are useless and could have been handled over slack STEVEN. I don't want to name names STEVEN, but I have observed it on the management side. I suppose you'll need to figure out who I am talking about STEVEN".
This was several years ago so I'm paraphrasing, but barely. I really disliked that job and when he wouldn't just let me answer with "it wasn't a good fit" I got (maybe irrationally) angry and it ended up being an excuse to air all my grievances. I could tell that he was getting upset when I started basically resorting to thinly-veiled insults. Not my proudest moment, to be 100% honest, but I also can't really say that I'm sorry either because I meant everything I said.
Just my view as a dev who's largest co was like 500 people. ~100 engineers.
Big companies are significantly better to work in when you're either (a) in sales with a clear path to hitting/exceeding quota, (b) a strategic revenue generator, or (c) a super hot and extremely well funded corporate initiative (basically all AI projects right now).
The money tap is always on, you get all the cool toys, travel perks are great, and you get to work on amazing stuff without as much red tape.
There were occasional bits of ambition to occasionally work on interesting stuff, but it was mostly a “keep the lights on and then figure out how to make yourself seem important”.
One of my biggest pet peeves is when engineers say that we can’t do something because we would have to learn something new. I got into several arguments because I wanted to rewrite some buggy mutex-heavy code (that kept getting me paged in the middle of the night) with ZeroMQ, and people acted like learning it was some insurmountable challenge. My response would usually be something to the effect of “I’m sorry, I was under the impression that we were engineers, and that we had the ability to learn new things”.
As I said, complaints about my attitude weren’t completely unfounded, but it’s just immensely frustrating for people using their unwillingness to learn new things as an excuse to keep some code in a broken state.
It's not as simple as "BigCo" vs startup; I've worked at startups where layoffs were frequent enough that it devolved into existence justification, and I've worked at BigCos that actually did give a fair bit of leeway in how you do things (within some degree of reason).
The closest thing to a "rule" that I've come to is if they use a less-mainstream language; if they're routinely using Haskell or something, they're probably a bit more onboard with experimentation, but that's still not a hard and fast rule.
> "We are doing DevOps now! The developers write Dockerfiles and the Ops team operates Jenkins, which cannot build the Dockerfiles."
I have DEFINITELY seen this done in production back when containers were en vogue! This and Dockerfiles passed around by email.
slater•11h ago
marcosdumay•9h ago