Our business-critical internal software suite was written in Pascal as a temporary solution and has been unmaintained for almost 20 years. It transmits cleartext usernames and passwords as the URI components of GET requests. They also use a single decade-old Excel file to store vital statistics. A key part of the workflow involves an Excel file with a macro that processes an HTML document from the clipboard.
I offered them a better solution, which was rejected because the downtime and the minimal training would be more costly than working around the current issues.
The library I worked for as a teen used to process off-site reservations by writing them to a text file, which was automatically e-faxed to all locations every odd day.
If you worked at not-the-main-location, you couldn't do an off-site reservation, so on even days, you would print your list and fax it to the main site, who would re-enter it into the system.
This was 2005. And yes, it broke every month with an odd number of days.
cleartext usernames and passwords as the URI components of GET requests
I’m not an infrastructure person. If the receiving web server doesn’t log the URI, and supposing the communication is encrypted with TLS, which removes the credentials from the URI, are there security concerns?
What do you mean by any involved network infrastructure? The URI is encrypted by TLS, you would only see the host address/domain unless you had access to it after decryption on the server.
The comment we are replying to is asking about a situation where there is TLS. Also using clear text values in the URI itself does not mean there wouldn't be TLS.
I would still not sleep well; other things might log URI's to different unprotected places. Depending on how the software works, this might be client, but also middleware or proxy...
Even if the destination doesn't log GET components, there could be corporate proxies that MITM that might log the URL. Corporate proxies usually present an internally trusted certificate to the client.
I feel your pain. Many good ideas that cause this are rejected. I have had ideas requiring one big downtime chunk rejected even though it reduces short but constant downtimes and mathematically the fix will pay for itself in a month easily.
Then the minimal retraining is frustrating when work environments and coworkers still pretend computers are some crazy device they’ve never seen before.
Places like that never learn their lesson until The Event™ happens. At my last place, The Event™ was a derecho that knocked out power for a few days, and then when it came back on, the SAN was all kinds of fucked. On top of that, we didn't have backups for everything because they didn't want to pay for more storage. They were losing like $100K+ every hour they were down.
The speed at which they approved all-new hardware inside a colocation facility after The Event™ was absolutely hilarious, I'd never seen anything approved that quickly.
Trust me, they're going to keep putting it off until you have your own version of The Event™, and they'll deny that they ever disregarded the risk of it happening in the first place, even though you have years' worth of emails saying "If we don't do X, Y will occur." And when when Y occurs, they'll scream "Oh my God, Y has occurred, no one could have ever foreseen this!"
Sounds like a universal experience for pretty much all fields of work.
Government and policy? Climate change? A fucking pandemic?!
We’ve seen it all happen time and time again. People in positions of authority get overconfident that if things are working right now, they’ll keep working indefinitely. And then despite being warned for decades, when things finally break, they’ll claim no one could have foreseen the consequences of their lack of responsibility. Some people will even chime in and begin theorising that surely, those that warned them, had to be responsible for all the chaos. It was an act of sabotage, and not of foresight.
Places I’m at usually end up bricking robots and causing tens of thousands of dollars of damage to them because they insist on running the robot without allowing small fixes.
Usually a big robot crash will be The Event that teaches people to respect early warning signs…for about 3 months. Then the old attitude slides back.
Good thing we aren’t building something that requires precision, like semi-conductor wafers. Oh wait.
As weird as it may seem, this might be a good argument in favor of Pascal. I despised learning it at uni, as it seems worthless, but is seems that it can still handle business-critical software for 20 years.
What OP didn't tell you is that, due to its age, it's running on an unpatched WinXP SP2 install and patching, upgrading to SP3, or to any newer Windows OS will break the software calls that version of Pascal relies upon.
You're literally describing the system that controlled employee keyscan badges a couple of jobs ago...
That thing was fun to try and tie into the user disable/termination script that I wrote. I ended up having to just manipulate its DB tables manually in the script instead of going through an API that the software exposed, because it didn't do that. Figuring out their fucked-up DB schema was an adventure on its own too.
I'm also describing the machine in my office that runs my $20,000 laser plotter/large format scanner. The software in the machine uses (Java?) over a web interface which was deprecated and removed from all browsers around 2012-14, iirc. The machine isn't supported anymore and the only way to clear an error or update where it sends scans is using that interface. I have a XPSP2 machine running the internal IE6 browser which will still display the interface. Since I'm now a one-person office, and I use the scanner about 6 times a year, I keep that machine around in case I need to turn it on to update the scanner or clear a print error. Buying a new plotter isn't worth the time/money - when it dies I'll just farm out the work to a 3rd party vendor; but while it does work it's convenient to have in-house.
If it's that old, I'm betting it doesn't use HTTPS for its connections. You could do a network packet capture on the XP machine (or if you can find one, hook it up to a network hub with another computer attached and capture there) while performing the "clear error" action and find out how it works/what you need to send to it to clear the error. You could also set up a SPAN port on a switch and mirror the traffic on the port going to the printer to capture the traffic, if you have a switch capable of doing that. If not, you can get one off Amazon for about $100.
It'd be pretty simple to put together a script that sends the "clear error" action to the printer after seeing how it's done in the packet capture. I've done this numerous times, the latest of which was for a network-connected temperature sensor that I wanted to tie into but didn't (publicly) expose an API of any kind.
It's more than that, though - it's used to setup custom sheet widths as well as enter new server and login details for sending scans via FTP to a server. If I'm doing billable work, I'm charging $225/hr. If I'm snooping the network, which isn't my field and I do almost never so it takes me several times longer than an expert, I'm making nothing. With an annual value on the machine's services at less than $500 (more than half of which would become reimbursable if I didn't have it), there's no actual value in "fixing" it by creating a different work around. 🤷♂️
i worked for a hybrid hosting and cloud provider that was partnered with Electronic Arts for the SimCity reboot.
well half way through they decided our cloud wasn’t worth it, and moved providers. but no one bothered to tell all the outsourced foreign developers that they were on a new provider architecture.
all the shit storm fail launch of SimCity was because of extremely shitty code that was meant to work on one cloud and didn’t really work on another. but they assumed hurr hurr all server same.
so you guys got that shit launch and i knew exactly why and couldn’t say a damn thing for YEARS
I wonder if that's related to "the wrong cloud". Imagine if someone wrote some super slick code that worked really really well in the original cloud, and just couldn't figure out how to make it work in the new cloud, so everything is just an awful workaround.
Unless you're really deep into a particular provider's unique-esque products (Lambda, Azure AD, Fargate, etc), this is exactly why things like Terraform exist.
Oh for sure, but the games industry is one of the few that still does some weird stuff because a lot of the software is only expected to last 5 years or so at most, and needs to get every drop of performance.
I could definitely see some hyper optimized cloud API looking really great and then not having an equivalent in another ecosystem (or at least not one that could be quickly swapped out just before release).
I think it's refering to the fact that the reboot SimCity was a single player game (you could never play with someone else) but that was always online anyway
It's pretty depressing, but the fact that soil and groundwater are almost certainly contaminated anywhere that humans have touched. I've seen all kinds of places from gas stations, to dry cleaners, to mines, to fire stations, to military bases, to schools, to hydroelectric plants, the list could go on, and every last one of them had poison in the ground.
Some places are insanely polluted to the point where you wonder how a whole company could be so braindead and essentially poison themselves.
A place not far from where I live had a chemical plant which just dumped loads of chemicals on a meadow for years. Now there are ground water pumps installed there which need to run 24/7 so that the chemicals don't contaminate nearby rivers and hence the rest of the country.
When taking samples from the pumped up water you can smell gasoline.
We're house shopping and there has been a house on a lake sitting on the market forever. I got curious and researched the lake and... It's a literal superfund site. The company that was on the other side of the lake just dumped their waste chemicals right on the shore and it has polluted both the lake and ground water forever essentially because they don't break down. I looked up the previous owner... Died of cancer. The shit that companies are and were allowed to get away with is just insane. Meanwhile right wing nut jobs want to get rid of the EPA (which was ironically created by Richard Nixon).
The largest lake in the UK by area got massively polluted and turned into a swamp of toxic green algae. It's crazy how people just let stuff like that happen.
It's just as depressing when something counts as "clean". My saddest example was a former sand pit, they spent 30 years digging out 15 meters of sand, then another 30 years filling it with anything from industrial to veterinary waste, "capped" it with rubble in the late 40s and called it clean enough.
Had a bigass job digging out the top 3 meters of random waste, including several thousand of barrels of whatever the fuck. And definitely no unexploded ordnance (spoiler, after finding several ww2 rifle stocks and helmets, the first mortarshells were dug up too). After makimg room, it was covered in sand, clay, bentonite and a protective grid.
So naturally, 3 months after that finished, some cockhead decided to throw an anchor and hit go all ahead flank on his assholes boat and tore the whole thing up. No need to fix anything though, just shovel some more sand it, that'll stop the anthrax!
This was all in open connection with a major river, of course. One people swim in.
Varies depending on the site, sometimes it's gasoline, or solvents, or heavy metals or PFAS. As for how it happens, accidental or deliberate releases. I've found military documents from the 50s that say the official place to dispose of used motor oil was a pit they'd dug in the ground.
Yep, the regulation is now a 5ft cubed hole dug around the soil in any spill. It's resulted in folks being more careful but also hiding where things are spilled. I've not once seen a hole dug. Corporations are roughly similar. Small organizations don't care at all.
Heavy metals and PCBs are most common in my area, various VOCs aren't far behind. Prior to the EPA and associated legislation companies would commonly use waste process waters for dust control, dump wastes in to pits or on the ground, spills would be left to soak away, and general processes were dirtier and uncontrolled.
One terrible example from western NY that bugs me even more than Love Canal is the involvement with the Manhattan Project. Local steel workers rolled Uranium and they were never told what is was, given any protections, or cared for when the inevitable happened. Radioactive waste was later used as fill for residential and commercial properties in the area. These Hotspot still exist and it is a slow process to get any cleanup done.
The programming team that is working hard on your project is just one dude and he smells funny. The programming team you’ve met in your introductory meeting are just the two unpaid interns that will be fired or will quit within the next two months and don’t know what’s happening. We don’t do agile despite advertising it. Also your project being a priority means it’ll be slapped together from start to finish 24 hours prior to the deadline. Oh and there will be extra charges to fix anything that doesn’t work as it should.
When you have a great programmer working on your project he will be cycled to a new project in 2-3 months. Your new senior developer who silently takes over the project is part time because he's working on finishing his education.
No one knows how anything works, except that one guy, who left the company half a year ago. That's how all software development is.
"The server mangles the authentication token after receiving it for reasons we don't really understand, so this function just checks to see that it's set in the request, but nothing actually cares if it's valid. DO NOT RETURN USER ACCOUNT DATA HERE AND YES THAT MEANS YOU MARCUS"
In my company we have a very modern agile workflow where QA is top priority.
At least that what we advertise. In reality it's all an unorganized clusterfuck where I'm pretty sure I am the only one who bothers to write automated tests. Who's got time to write tests bro just push that shit out ASAP we'll deal with it when the client calls us in the middle of the night to complain about previously-working shit being broken now.
Ironically, that was the one time I was working for a large, publicly-traded company (a big-box retailer, no less -- not even one of the halfway-respectable Fortune 500s!).
A lot of outsourcers do this. Here's my experience with a few companies.
The "team" you meet are competent, English speaking fronts. They are the demo models of the people who will work on your projects.
After the contract is signed, these people are swapped out with randos of varying competence.
In some cases, some of these randos are further hidden behind aliases: people with names that are actually more than one person sharing logins and passwords.
They will string you along, trying to charge maximum hours worked without regards to product or services delivered.
Most of these companies have a "bucket of crabs" mentality: the managers are horrible, the staff incompetent, and once the gain some skill, they leave for better companies. They backstab one another, hijack projects to fuck over coworkers, and lie and cover their tracks. Some of this is cultural, like a caste system, while some are just racist.
At one time, these people were pretty good, but they realized they had skills and left for other countries for better pay and better working conditions. The bids got more and more competitive, cutting costs until they were literally filled with low-skilled labor who can't be promoted or leave for economic or competence reasons.
Now that I read this, I'm kinda glad that our company doesn't do anything like that. But it's just a small indie team porting games to consoles, so I guess what you're mentioning is the bigger corp problem.
Company A: We got hacked and the lead dev argued for days it wasn't a hack. Malware was actively being served to customers during this time period because she refused to deal with it and there was no security team.
Company B: programming team was the IT guys nephew and some random UI designer who hadn't finished college and was never able to be employed after finishing college..
Company C: We interviewed a candidate who was way over qualified and would make our life so easy because he was eager and hungry. Instead we hired a bootcamper who had never heard of docker (half our infra is docker), react, or anything other than vanilla JavaScript. She failed our practical but still got hired because the hiring manager wanted and assistant. She has become a glorified project manager, but still has the title software engineer.
Think waterfall. But like. No design and no testing.
Not contracting, just another small shop that offers “complete” solutions from a to z kinda situation.
The only competent person in that org would be, oddly enough, the ceo. Everybody else just feel like they show up to be marked present on an attendance sheet in terms of being useful.
I used to work for a popular wrestling company, billionaire owner, very profitable, would write off any OSHA penalties as the 'cost of doing business' just as they did in 1998, when The Undertaker threw Mankind off Hell In A Cell, and plummeted 16 ft through an announcer's table
The company would bid on government contracts, knowing full well they promised features that didn’t exists and never would, but calculating that the fine for not meeting the specs was lower than the benefit of the contract and getting the buyers locked into our system. I raised this to my boss, nothing changed and I quit shortly after.
I've worked in IT consulting for over 10 years and have never once lied about the capabilities of a product. I have said, it doesn't do that natively, but if that's a requirement we can scope how much it would take to make it happen. Sadly my company is very much the exception.
The worst I saw was years ago I was working on an infrastructure upgrade of a Hyper-V environment. The client purchased a backup solution I wasn't familiar with but said it supported Hyper-V. It turns out their Hyper-V support was in "beta". It wasn't in beta. They were literally using this client as a development environment. It was a freaking joke. At one point I had to get on the phone with one of their developers and explain how high-availability and fail-over worked.
I could very well have been that developer. Usual story, sales promised the world, that our vmware-based system would run on anything and everything, and of course it's all HA and load balanced, smash cut to me on Monday morning trying to figure out how to make it do that before it goes live on Wednesday.
I'd actually wager the comments are cached, sent to the front end wrong (because of the bad cache), and then the front end posts against the wrong comment ID (maybe that's what you mean to be fair :) ).
I had something different in mind, coming from Angular: There would be a list of comment objects associated with DOM nodes, then the comment list would get updated, and Angular would associate the DOM nodes with the wrong list entries.
How would a bad cache mess up the association between a comment and its ID?
I used to do AngularJS and I've done some react... maybe something like that could happen. I'd wager it's unlikely though (bordering on Angular/Inferno itself having a bug).
I've seen some other things that seem like caching issues (e.g., seeing the wrong counts when switching between posts).
A cache could literally report the wrong ID for a comment to the front end in the JSON if the caching isn't right (and bad input = bad output).
Granted, in both cases I'd wonder why we're not seeing this all the time, it's got to be something niche, possible something already fixed but not on all instances.
The contractor I worked for was run by a man who used to say "if the contract says they'll blow up the contractor on delivery, we're putting in a bid and solve the problem later"
I worked in government contracting (and government, for that matter) for years and that blows my mind. I can't remember the details, but if you even had a bad reviews, much less being found noncompliant, it could disqualify you entirely from some contract vehicles for a matter of years. Wild that there's some agency that somehow lets people get away with fraud.
Also, if that cost the government money, there's a chance you could report that after the fact and make some money.
Might be local government. Me and sales have this argument pretty often
Me: it is in the spec
Sales: no one noticed it except you
Me: thanks?
Sales: no one is going to care
Me: then take it out of the spec and resign everything.
Sales: why are you making a big deal about this?
Me: because it is in the spec that we signed and if we don't honor the spec they can backcharge us.
Sales: that won't happen
Me: you are right because we are going to follow the spec. If you don't want me to please email me, the department head, and the client specifically ordering me not to follow the contract that we signed.
Yeah I’m in Europe and our customers were municipalities buying healthcare related solutions. It happened after our little startup got taken over by a big player and they started getting involved in the contract bids.
Geek Squad, We were flying under the radar upgrading Macbook RAM, until one day we became officially Apple Authorized to fix iPhones, which means we were no longer allowed to upgrade Macbook RAM since the Macbooks were older and considered "obsolete" by apple, meaning we were unable to repair or upgrade the hardware the customer paid for, simply because apple said it was "too old". it was at this point in my customer interaction, that we recommend a repair shop down the road that isn't held at gunpoint by apple ;)
1-800-got-junk? doesn't care at all about its environmental impact. No sorting what so ever happens to what goes on their trucks it all goes to landfills. All the ads will say they recycle and that they repurpose old furniture but I was threatened with being fired when I recommended donating antiques instead of dumping a load of furniture.
More jobs and more profits comes before anything else in that company, including employee health and safety. Several times I was told to enter spaces we werent trained for (attics and crawl spaces) and carry waste I legally couldn't transport (human/organic wastes and the laws states the driver is fined, not the company). One guy injured his shoulder during an attic job and was told to finish the shift or lose his job. Absoulte scum of a company with very sleazy management and possibly the labour board in their pocket as they kept "losing the files" when I tried to file a report with buddy's shoulder (he was hesistant to report for fear of losing his job).
Anybody knows that one waterfall attraction in the Southeast US? The one that advertises bloody everywhere? Waterfall is pumped during the dry seasons, otherwise there'd be nothing to see. Lots of the formations are fake, and the Cactus and Candle formation was either moved from a different spot in the cave, or is from a different cave in New Mexico. Management doesn't want people to know that, but fuck 'em.
After looking it up, you can find reports from others stating the same things. When I was there as a kid, I remember that they claimed no one knew where the source of the water came from... I guess they actually know enough to help it out at least, lol
I really enjoyed it and would like to go again, but it's no Mammoth Cave.
I mean, I'm sure humanity pumps that much water, in aggregate. If you look at every pumped system everywhere in the world, it's no doubt many times Niagara.
Now, doing it all in one place, like that? Yeah, for sure, that's tricky.
I quit a well known ecomm tech company a few months ago ahead of (another) one of their layoff rounds because upper mgmt was turning into ultra-wall street corpo bullshit. With 30% of staff gone, and yet our userbase almost doubling over the same period, they wanted everyone to continue increasing output and quality. We were barely keeping up with our existing workload at that point, burnout was (and still is) rampant.
Over the two weeks after I gave my notice I discovered that in the third-party app ecosystem many thousands of apps that had (approved) access to the Billing API weren't even operating anymore. Some had quit operating years ago, but they were still billing end-users on a monthly basis. Many end-users install dozens of apps (just like people do with mobile phones) and then forget they ever did so. The monthly rates for these apps are anywhere from 3 to 20 dollars per month, many people never checked their bank statements or invoices (when they eventually did, they'd contact support to complain about paying for an app that doesn't even load and may not have for months or years at this point).
I gathered evidence on at least three dozen of these zombie apps. Many of them had hundreds of active installs, and were billing users for in some cases the past three years. I extrapolated that there were probably in the high-hundreds or low-thousands of these zombie apps billing users on the platform, amounting to high-thousands to low-tens-of thousands of installs... amounting to likely millions per year in faulty and sketchy invoicing happening over our Billing API.
Mgmt actually did put together a triage team to address my findings, but I can absolutely assure you the only reason they acted so quickly is because I was on the way out of the company. I'd spotted things like this in the wild previously and nothing had ever been done about it. The pat answer has always been well people are responsible for their own accounts and invoicing. I believe they acted on this one because I was being very vocal about how it would be 'a shame' if this situation ever became public, and all those end-users came after the company for those false invoices at one time. It would be a PR and Support nightmare.
You have definitely interacted with this ecommerce platform if you shop online.
Health insurance company I worked for would automatically reject claims over a certain amount without reviewing them. Just to be dicks and make people have to resubmit. This was over 25 years ago, but it's my understanding many health insurers still pull this shit. They don't care if it's legal or not. Enforcement is lazy and fines are cheaper than medical claims.
I used to work for a cable company whose name rhymes with "bombast". They offer a wifi service whose name is a derivation of the word "infinity". Most of the hotspots for this wifi service are provided by the Bombast wireless routers that cable customers have in their homes. So if you're a Bombast customer, you're helping to pay the electrical bill and giving up bandwidth in order to provide Infinity wifi.
Another fun Bombast story: the founder, a man who always wore a bowtie, died a few years ago. At a memorial service in his honor, a number of vice presidents and other executives (including my boss at the time) wore bowties. Everyone who wore a bowtie to the service was fired within a week.
I worked for for the railroad. Nothing is fixed ever. I witnessed hundreds of code violations every day for years. Doesn't matter if a rail car or locomotive meets code as long as it "can travel" its good to go.
When an employee inspector finds a defective rail car management determines if it will get fixed. If the supervisor "feels" like "it's not that bad" then the rail car is "let go".
Over a decade ago I worked as a freelancer for an Investment Bank (the largest one that went bankrupt in the 2008 Crash, which was a few years later) were the head of the Proprietary Trading Desk (the team of Traders who invest for the profit of the bank) asked me if I could change the software so that they could see the investments of the Client Trading Desk (who invest for clients with client money) was making, with the assent of the latter team.
Now if the guys investing money for the bank know what they guys investing customer money are doing they can do things like Front-Run the customer trades (or serve them at exactly the right price to barelly beat the competiotion) thus making more profits for the bank and hence get bigger bonuses. This is why Financial regulations say that there is supposed to be so-called Chinese Walls between the proprietary trading and the customer trading activities: they're supposed to be segregated and not visible to each other.
Note that the heads of both teams were mates and already regularly had chats, so they might already have been exchanging this info informally.
I was quite fresh in there (less than 1 year) and the software system I worked in at the time was used by both teams, but when I started looking into it I saw that the separation was very explicitly coded in software and that got me thinking about what I had learned from the mandatory compliance training I had done when I first joined (so, yeah, that stuff is not totally useless!!!)
So I asked for written confirmation from the heads of both teams, and just got some vague response e-mails, no clear "do such and such".
So I played the fool and took it to a seperate team called Compliance (responsible for compliance with financial regulations) saying I just wanted to make sure it was all prim and proper, "just in case".
Of course, it kinda blew up (locally) and I ended up called to a meeting with the heads of the Prop Desk and whatnot - all stern looks and barelly contained angry tones - were I kept playing the fool.
Ultimatelly it ended up not being a problem for me at all, to the point that after that bank went bust and its component parts were sold to another bank, the technical team manager asked me to come back to work with the same IT group (remember, I was a freelancer) with even greater responsabilities, so this didn't exactly damage my career.
That said, over the years there were various cases of IT guys in large investment banks who went along with "innocent" requests from the Traders and ended up as the fall-guys for subsequent breaking of Finance Regulations, serving jail time, so had I gone along with that request I would've actually risked ending up in jail.
(Financial Regulators were and are a complete total joke when it comes to large banks, which actually makes it more likely that some poor techie guy will be made the fall guy to protected the bank and its heads).
Worked at a globally popular fast food francise many years ago. They had collection boxes for a charity that they raised money for. None of the money went to that charity, but was divided between owners and managers.
Office Depot sells printers at very low (or even negative) margin, and then inflates the margins on cables, paper, ink, and warranty. If you want the best deal, get the printer from OD, and everything else you need somewhere else. That $20 USB cable they sell costs them $1 and you can get the same or better online for $2.68.
I worked as a pastor and professor for a global, evangelical television ministry/college. They knowingly conceal scholarship on the Bible and punish their pastors for asking any questions that undermine their most closely held traditions (including anti-evolution, mental illness is supernatural, etc.). They tell their US viewers that they can't call themselves Christians if they don't vote Republican, while still enjoying tax-exempt status. They use pseudohistorians to inspire Christian Nationalism over their network, and are one of the largest propaganda networks for the Religious Right. A U.S. Capitol police commander told me his men were fighting people who were wearing the network's brand.
Acronis Backup charges you for local data backups from one device to the other. So basically if you are using Acronis to move data from your local drive to another local device like a NAS, you pay money for every gigabyte transferred. During the time I worked for them, the script to run the transfer was literally the most simple robocopy command, even simpler than one you could write yourself. And they still do it, charge for local to local data movement. Its fucking insane. One of my clients had a $15k a month bill for local data movement. Straight up highway robbery.
An AI company... They used to manually change system event logs to show it wasn't their software that caused the downtime for our clients.
Bought over a million dollars worth hardware (25% of which didn't even got racked), over 200 46inch LED screens that no one used, and very expensive offices at posh locations in the bid to increase its IPO valuation.
I worked for a furniture store. They used to buy mattresses and furniture sets for like $200-300 and arbitrarily sell them for around $700-1000. I used to be able to haggle with people and still sell them for like double what they cost. I hated that job for so many reasons
This local single location grocery store by my house would unwrap and rewrap meat packages when it hit expiration dates in order to generate a new label with a new expiration date. If the meat looked bad, it would be added to the meat grinder to make ground beef.
At Disneyland, Mickey Mouse is always played by a woman, due to the small costume. So if you put your arm around him for a photo, try not to accidentally touch Mickey’s boobs.
I worked for an online payment company you all know. Many eployees have access to the main DB which holds all transactions and names and everything in clear text. You could basically find out all PII (personal identification information) of any celebrity you wanted given they had anaccount. Address, phone number, credit card and all. If you knew a bit of SQL you could basically find whoever person you wanted and get purchase history and all.
Cant say I didnt use this to find stuff about my exes or various celebrities.
Frankly, I don't see this a a problem as long as the software is up to date and the hardware is sound. I bet there are thousands of SPARC servers out there processing data 24/7 since 1995.
CGNAT is really annoying for users, since the entire ISP looks like a single IP address. This can lead to situations where the entire ISP accidentally gets classified as a bot or otherwise blocked. It's not too hard to find these kinds of stories from StarLink customers.
We are at the point where we are are legitimately out of IPv4 addresses. Household NAT isn't enough and CGNAT has too many problems. IPv6 code was written ages ago and is very stable in all OSs these days.
It really is just these legacy middle boxes holding us back.
This guy knows. CGNAT is incredible sucky and we are definitely out of ipv4. Why not everyone is hopping on IPv6 I don't know. I'm thinking people are afraid of the formatting but that's just dumb.
I’ve tried running my house on ipv6 only before, but you run into A LOT of issues, even with major services. Example: sometimes my devices would fail when trying to connect to Netflix. Netflix.com issues round-robin DNS. One (1) of the possible endpoints turned out to be unreachable from me over IPv6 because of return path MTU shenanigans I had zero control over.
I've worked for a few of the larger ISPs in the US. They all have their own special weird shit like a windows NT machine shoved in a corner in a CO in west Texas that you have to remote desktop into and run some java applet from the 90 to log into a hardwired machine from the 70s just to set up a voicemail box for a phone line. Ain't broke don't fix it leads to some wild setups at companies you wouldn't expect it from.
Big german TV production company with succesful primetime action series used rented cars for their stunts. Different people from the team rented them with full insurance, returned them crashed. They did this until every car rent in the city stopped offering insurance without retention.
A certain fruit company knows about you WAY more than you can imagine, and most of the information is accessible to even the lowest ranks of support. And yeah, my NDA is finally over.
Why is everyone here afraid to name the companies?
Unless you're sharing something that only you would know and the company is aware that you're the only one who knows it, there's no way they can identify you.
Something tells me the people posting here who had "NDAs" didn't actually have any sort of a high level clearance to important information.
imo solid tabletops are much better for pizza making. i’ve worked at a few places and in practice those pans get ACTUALLY cleaned much less often than a regular ass table does.
Realize that "clean, sanitized surfaces" is a VERY relative term in foodservice. Also more times food is handled, more chance of cross contamination. The gloves/hands that put that cheese back in the have supply may have just handled sausage/deli meats or underwashed tomatoes containing listeria, now your cheese had extra "flavor" potentially. More of a risk in scenarios where the food isn't then reheated above temp that kills bacteria.
Basically, ideal path is ingredients prepped in sealed/clean factory process, handled once from safe storage into your meal with clean gloves
From working at a pizza joint as a kid, I can tell you that most surfaces are sanitized at the end of the night and covered with plastic wrap so we could start fresh in the mornings.
To be fair, from a food-conservation standpoint, I’d expect cheese (and other materials) to be re-used. No need to throw it away just because it fell on a reasonably clean surface, especially prior to baking.
They shower the pizza with cheese, and any cheese that doesn't land on top of the pizza is collected and used for the next. Pretty standard practice when making food
The building, used by several hundred employees, had a security systems with 4-digit codes. I've been part of group of people who liked to work late times, and the building would lock at midnight -- the box by the door would start beeping and you would need to unlock it within a minute or so, or "proper alarm" would ensue.
However, to unlock the alarm you did not need your card -- all you needed to do was to enter any valid code. Guess what was the chance that, say, 1234 was someone's valid code? Yes.
We've been all using some poor guy's code 1234, and after several years, when he left the company we just guessed some other obvious code (4321) and kept using that.
By the way, after entering the code to the box by the door, it would shortly display name of the person whom the code "belonged" to. One of our colleagues took it as a personal secret project to slowly go through all 10000 possible codes and collect the names of the people, just for the kick of it.
(By the way, I don't work for that company anymore, and more importantly, the company does not use that building anymore, so don't get any ideas! 🙃 )
Not strictly a company secret, but I had to sign an NDA for it, because... reasons.
I used to work for a massive conglomerate, these guys are making from components for satellites and tank to rubber gloves for hospitals, and everything in between. My job was to help the company implement regulations, work with auditors and generally follow product specific rules.
So I was on these 2 New Product Development teams and because the products needed some very specific testing equipment, we started working with local authorities and some contractors to build the testing station in the future factory. We drafted plans, prepare documents, we had an auditor come and see the place, the contractor came and checked what he needed to do, everything was going according to plan.
While all of this was happening, I was on a separate project where we were working on closing down the above mentioned factory.
I worked for lumber liquidators, and their point of sale software seemed to be surplus navy because if you dug deep enough you could order nuclear sub parts.
An European Country stores citizens' critical data in vulnerable databases, whose password is in HaveIBeenPwned, on a VPN whose certificates are stored in random NASs. The IT guys don't know how encryption and certificates work and I wouldn't be surprised if everything was in some adversary countries' hands
S&P and Moody's were collaborating since at least 2000 on the pricing of the so-called "esoteric" structured instruments associated with mortgaged-backed securities that caused the 4Q07 crash. They collaborated via the competitive intelligence firm Washington Information Group (which does not seem to be around anymore.) The collaboration was almost certainly illegal (IANAL). They did this because neither wanted a price war when rating these. I did sign an NDA with S&P that kept me out of the industry for two years. I left the industry shortly after that and went back to what I used to do.
The first steel mill I worked for, the test requirements were more of a suggestion than a rigid specification. I, a trained and skilled engineer with the capacity to make informed decisions, had to run all rejections by my boss who would tell me "it's close enough" even if it wasn't. Sometimes it bit us in the ass with warranty failures, but the warranties were probably cheaper than internal rejections (and what is brand perception worth?).
My second steel mill job, I was the one making the rejection decisions. I did the hard thing and rejected our failures but I also troubleshot them to prevent recurrence, making our product and capability better over time.
It very much matters who you buy your steel from; two mills can have vastly different performance for the same products based on how they handle these situations.
Worked in tech support for a major internet provider. We would constantly have major ouages in various locations due to overtaxed systems going down. Corporate refused to allow us to admit that there were problems on our end and forced the techs to troubleshoot the customer calls, even though we all knew that we could do nothing for the customer. Saw multiple techs releived of their job for telling the truth to the customers. So many hours wasted on both the customer and techs part.
I worked as software engineer and my boss tolerated me going to office at 2pm and leave at 9pm. It's against company policy, certainly, but no one talked about it. It still is my most productive and happy time.
I work in IT. Most systems have laughable security. Passwords are often saved in plain text in scripts or config files. I went to a site to help out a very large provincial governmental organization move some data out of one system and into another. They sat me down with a loaner laptop and the guy logged me into his user account on the server. When I asked for escalated privileges, he told me he'd go get someone who knew the service account passwords.
After a few minutes, I started poking around on my own... And had administrative access within an hour. I could read the database (raw data), access documents, start and stop the software, plus, figured out how to get into the upstream system that fed data to this server... I was working on figuring out the software's admin password when the guy came back. I'm sure that given some more time, I could have rooted the box because the OS hadn't been updated in years.
I used to work at Starbucks (almost a decade ago now), but at the time, the motto was "just say yes" to any customer requests. We also had free drink cards that you could give out to deesclate any issue. So I would say any time you're even the slightest bit unhappy, bring it up, and you should at least have your problem solved, if not compensated for a free drink next time.
We also had customer satisfaction surveys that would print on reciepts, where filling one out would get the customer a free drink. We always kept them for customers that were happier to try and rig the odds in our favour of a higher rating, but also if a customer asked for one, I would give it if I had it. You could always ask the cashier if they have any of those as well.
Again, not sure how much either of those things have changed in the past 10 years, and I'm not sure how regional it was (this was in Canada at a corporately run store), but maybe worth a try.
Also I love these types of threads -- great topic to post.
Worked support for an electricity supplier. I was able to see a frightening amount of info about the customers. Even past ones who had moved elsewhere.
We also kept notes about each call, email, web or app chat. So if you were an asshole in the past, everyone will know going forward.
Also fuck landlords and landladies etc. More often than not, they were shitty to deal with.
Also we would often use Google Maps and Streetview to see what your house looked like. We also had pictures of the inside because the installation techs took pictures to confirm that works were completed as specified.
Alll of this was available to us for any reason, at any time with no oversight. And none of it was encrypted.
There was also government websites in use up to 2020 that required internet explorer to use and had passwords as trivial as 'Password1'.
I left that job because the pay was lousy and the stress was pretty full on. I respected a lot of people that worked there. Both higher ups and people who came after me. But fuck was there a lot of potential for bad actors or like stalkers etc to mess with your info.
I would reccomend to everyone. Please use password managers. Especially decent open source ones like Bitwarden. Take note of every piece of info that you give a company. From your phone number, address, email etc to even when you contacted them.
Also try to not have your home look like an abandoned hovel on Streetview lol. Easier said than done I know. But it may affect your dealings with support people that you need help from.
And lastly, please dont use Password1 as a login. Ever. Like please.
The biotech making your new drugs follows a less than scientific method. Lots of cherry picking of data, fudging results, etc. Part of me thinks this is part of why a lot of drugs never make it past trials. There is more incentive for individuals to come up with a drug that almost passes trials than to come up empty handed for years.
My wife worked at a pretty well-known hiking supplies store in our country. The retail price is sometimes over x4 the manufacturing cost and extremely marked up. The amount of faulty products with manufacturing faults is really high, with the suppliers 100% aware but gave the stores discounts on the wholesale price just to push units, even though the clothes/bags/shoes would break after a year or so of light use.
I work for a MSP that works a lot with very large tech companies. Most of these companies outsource a lot of work to India. I frequently have to remote in and help them with our product. You'll see passwords in plain text being thrown around in teams chats, .txt documents on the desktop and emails like candy. I will frequently work with individuals with titles like "Cloud Engineer" to "Solutions Expert" that I swear have never opened a terminal window in their life and unable to follow basic IT instructions. I have worked with a lot of very good Indian engineers, but I swear chronyism has a lot of people put into positions that they aren't really qualified for.
Back when I managed a Blockbuster Video, most stores ran at a loss thanks to theft.
The real reason most stores failed wasn't because DVDs were going out. It was because we couldn't stem the flow of money out the door thanks to thieves.
I don't have any interesting secrets or facts from my current ex-jobs, so I'll share an interesting fact from a buddy's. It's one of those companies that offers automated phone systems (and chats, nowadays) that listen to your options rather than taking number inputs.
This may no longer be the case, but these systems were not actually automated. There are entire call centers dedicated to these phone systems, whereby an operator listens to your call snippet and manually selects the next option in the phone tree, or transcribes your input.
I wouldn't be surprised at all if advances in AI have made this whole song and dance less in need of human intervention, but once upon a time, your call wasn't truly automated - it was federated.
I find it humorous that y’all think it’s only the company you worked at that had a fragile tech solution held together (sometimes literally) with duct tape and coat hangers, as part of a mission critical business process.
Pretty much every company big or tiny has at least one permanent “temporary” solution in place.
Depending upon your position you have an NDA that either has a date or never expires.
I have worked for companies that I have NDAs with that never expire. Be careful what you share.
About 25 years ago I worked in a small town KFC franchise. Owner was, well, what you'd expect in a small town franchise owner - there was lots of pressure to cut costs and the manager had their job threatened at least once a month due to cost overruns (which cut into the owner's profits).
Manager quote, "I don't care if it's green, cook it anyway, nobody will tell once it's breaded and fried."
My previous employer - a multi-billion dollar internet search company would secretly listen to people's conversation via their mobile devices then place ads on the same devices (e.g in the browser search results or at the start of videos) based on keywords from the conversations, this had to be kept hidden of course and this large well-known company shall remain nameless.
The amount of school districts and city govts. that use Google docs for everything is terrifying. I'm talking plain text student info and billing information.
I did some IT work at a hospital, patient records including names, addresses, conditions and doctor's notes (inc mental health notes) were stored in the database in plain text. You had to have admin access to the database (which I did), but I was stunned that I could browse anyone's entire medical information.
A few weeks after I left I sent an anonymous email to a couple of people letting them know how bad it was - I didn't use my real one just in case they may have come after me for looking at the records.
I worked for a pretty popular magazine back in the late 90's. One day near the beginning/middle of 2000, we were all called down to the bullpen for a last minute meeting by management and marketing. (That's never a good sign.)
We were told that we have a great product with amazing writing, but marketing doesn't know how to sell it so they're closing us down. Instead, we went online only. I was the web developer so I survived the firings.
So then we figured that we were set because our website produced more content and had more traffic than any of the company's other websites. However, in March of 2001, we had another emergency meeting. Again, we were told our content was great, but the company was going in another direction. Instead of producing our own content, the company was going to just repost other sites' content. I and everyone else in my team were let go.
Needless to say, the whole "we'll just repost what other people posted" plan didn't go so well. Last time I checked, the company wasn't doing very well at all.
Have you ever had an anonymous survey sent to you by your work or by a company your work has hired? They're not anonymous. Management knows what your opinions are and will use them against you.
I worked for a consultant that would try and help fix businesses. The worst example I can think of was when I saw one person had answered a survey question saying that their employer had a "blame culture". Rather than trying to work on the processes or address why something had gone wrong, staff would start pointing fingers to keep out of trouble. This didn't fix anything and only made people spend all the time covering their posteriors.
The manager called a general meeting of everyone at that site and then singled out the employee who'd mentioned the blame culture, blaming him for saying there was a blame culture. The employee then pointed out that they'd been told, in writing, that the survey was anonymous. That employee called the manager a liar and then she lost control of the meeting, with lots of employees calling her a liar and several storming out. They weren't in business the next year.
I used to work in a very large mortgage company in their website. The amount of tracking they do, the amount of information they have, just for mortgages, is astounding and frightening. We knew almost every detail about someone before they committed to a mortgage.
Snake Farm, when asked how to sell a policy that's clearly more expensive than the competition's answer was "They should feel privilege to be a Snake Farm customer."
Worked for a Gaming Hoster. Critical informations where hidden in small texts everywhere just (we) couldn't get sued. VPS would get "corrupted" when not used for a period of time, just so we could replace it with a new server. Backends were not protected. You could replace the executable with something malicious and get access to the server. Some more specific things i can't name or it would be clear which hoster it is. NEVER trust a gaming hoster which have access to you server files..
They let the intern access the production db. The company is one of the biggest hosting and internet service companies in the country. The db was SQL but had no primary key.
I was the intern. I normalized it to 3NF as part of my internship project.
The last company I worked for has both NDA's and arbitration agreements, which would keep me from spilling company secrets and would screw me over if I did. But here is a secret - they use online PDF forms and don't check what text is entered into the signature.
If you're doing a holiday in the USA and renting a car via enterprise, Alamo or national book with Rentalcars.com, unless you're flying with doing a Virgin package holiday, in Which case do it with them. They have the best rates in the market due to special agreements. If you want the best customer service experience for rental cars book with Virgin as they will put a lot of pressure on Alamo/national/enterprise who will bend over backwards for you.
I work for a commercial airliner (regional) on the ramp and cleaning planes (regional and mainline - 737, 738 etc).
Don't drink the coffee. The coffee pots rarely get switched out and are only cleaned with water from a water bottle, after an agent used the same gloves to clean other parts of the plane (assuming they don't start with the galley or taking out the trash).
I worked for an MSP doing IT for an assortment of companies. Most of the companies were in the medical or legal fields. Every single computer they sold to their clients, used the exact same bitlocker key when booting the computer. If you've worked for one of the companies we supported, you knew the bitlocker key for all of them. Iat been the exact same bitlocker key for at least 10 years. This MSP also regularly puts out social media posts and emails saying how security focused they are etc, etc.
i worked in a place where we put journal,magasin in leters and film. we got a DISGUSTING porn thing like... i dont even think it was legal (zoo ect) i personaly refuse to put that in envelope. and you know what? the most common adress we got? religious person. yup most recieve it was the one in church reading you the bibles...
Shit, piss or vomit has graced just about every surface at your public pool and the staff are constantly fighting a losing battle against it. Nothing is washed just power sprayed till it looks clean.
The chlorine smell at a public pool isn't because they have the chlorine concentrate wrong. Its because people are peeing in the pool and the smell is a product of the chemical reaction between chlorine and urine.
I worked for a very large insurance company until recently . IT is run like the Wild West. Contractors seem to do whatever they want.  after a merger several years ago, all the people who built the systems were driven out, leaving a bunch of low paid outsourced contractors to support everything. The entire IT infrastructure is a bad day from collapsing.
It was me, I did it, I put that cheeky note on the noticeboard. I told the boss I accepted responsibility because I was in charge on that shift, but in fact it was me all along. Sorry Derek. (Not sorry.)
One company I worked at had more full-time collections people than sales people. Our products were a lot cheaper than our competitors, and it attracted a lot of customers with no money.
Another company I worked at ignored all "first notice" bills they ran up. CFO told me that if a company wanted paid, they needed to send a second notice.
The dealership I worked for gave out loans they knew people couldn’t afford, ignored safety items, slapped inspection stickers that didn’t match vehicles to get them on the lot. Ran a lift that was jerry rigged because the wiring busted along with the hydraulic tank.
Employee bought a vehicle and his manager watched where he went on his lunch (via GPS installed by said company into sold vehicles). Funnily enough it was to an interview.
Oh another one. School bus company 1 is one of the largest in the US. In between runs a buddies transmission starts leaking on his bus. He calls the terminal on my phone to let them know.
“Keep driving keep it going, we are not sending out another bus to you.”
Transmission in a 45ft flat nose busts fully in the middle of one of the busiest intersections in the town. He calls over radio letting them know it busted as he told them.
“What do you mean this is first time I’m hearing about this”
Flat nose I drove kept writing up for not having heat and turning it into the people I was told. This went for an entire winter and I didn’t have heat until after the thaw and spring started. Mechanic never knew that bus had been being written up. They were hiding slips. Same bus, folding door let go and was flapping in the wind with a bus full of students. Over the radio they said to keep driving and refused to send a replacement.
The potato and gravy at KFC uses whatever crud fell to the bottom of the friers each day. Usually that was good chicken bits, but sometimes it could be whatever the staff were playing catch with for fun.
Oh and be nice to the people making your food. Trust me on that one.
Instagram allows employees to check on the accounts of the users and share that to other people. I didn't work there, but an employee told my girlfriend who I talked to before we were exclusive. I think that's total bullshit
Worked Customer Service for a well-known car company that also had it's own financial services dept with its own branded credit card. During training we were told that the card itself sucked and that smart/discerning customers would likely reject getting the card if they actually knew the details. Why should people get the card? Just based on the "prestige" of the brand, because they would see it as a status symbol. And they had a quota for us to sign people up for every month, which I consistently failed because literally the only time I could get anybody to sign up for the card was when they didn't care enough to know the details and just absent-mindedly said, "Yea sure, I'll do that."
I worked for a company that was also a small ISP. If the internet service for our clients went down we were not allowed to tell them the truth. We either had to blame the upstream provider, or act like we had just heard about it and were looking into it.
Some Verizon retailers are more or less based on what they sell you. Motorola pays the most while Samsung and Apple pay the least amount. Meaning there is incentive to sell you something over something else.
same at my old workplace. First line that executes in Main was to disable certificate validation on everything. But we could say we updated everything to the newest version of tls
I worked for a company that had an expensive San Jose lease during the .com bubble. When they decided they needed to get out of that lease, they folded the company - “fired” everyone, then re-hired everyone under an independent second company that was owned by the parent company. Sketchy, but not really surprising…
When they re-hired me, they didn’t have me sign any NDAs. All the old NDAs were with the company that folded, not the parent company. Some days I wish I had been unethical enough to sell off their source code to a competitor.
You would never buy a car if you were involved in making it. We have a vehicle that dumps all its coolant on the road as you drive your brand new car back from the dealership. Making cars is difficult.
There is an unreleased and un-leaked version of the 2012 ARGOS Christmas advert, not dissimilar to the infamous "rainbow for adults" sketch which leaked many years ago.
To watch it we had all our phones taken away from us, and there was a pretty thorough "OK you all saw it, funny hey, time to destroy the CD"
I work in pest control and 99% of the shit we use. You can buy without having a license. The license just covers us to use the products on other people's houses responsibly. If you really want to do pest control, you only need a few chemicals and they are all easily obtainable on Amazon.
I worked for a certain media company that sold hardware / software in cars with memberships (typically through a deal with the OEMs). For those customers that have the hardware-only experience, a set of testing IDs can be applied that effectively give free membership and can't really be revoked because of their wide-use in initial manufacturing provisioning. There have been multiple independent security reviews pointing this out, but not much can be done about it because of how the trial memberships are applied after manufacturing.
Alesis, creators of ADAT Type 2 digital audio tapes hired none other that James Doohan to promote it playing the “Famous Engineer” because they didn’t get the rights to anything Star Trek.
It was only played during trade shows, but someone I know got a copy.
Yes, in the mid 1990s, large banks in the USA were being electronically compromised so often that they wouldn’t investigate or pursue a loss if it was under $50k.
I know this thread is old but: so many HIPPA violations, oh my God. I am a pediatric therapists/child psych, and the clinic I used to work at constantly stored client data in the most insecure ways, and therapists and staff would discuss client names, diagnosis', address, EVERYTHING openly in the break room. I complained at one point, but it went nowhere. Turns out nobody cares, lol. They also frequently ignored the best interests of our clients to maximize profit from insurance (leaning towards fraud). I ultimately left the company when my boss blatantly violated the safety of one of my clients by refusing to send her home when she had a fever of 104 F. Sure, working with kids means everyone gets sick a lot, but when the child is THAT sick, they need to be in a hospital, not in a hot, cramped room with a therapist.
Software dev here.
I once quoted a single line change to my manager. And the client was billed for 3 weeks.
I understand that there's a support structure involved. But 1 line to 3 weeks??!?
Tech consultancy is a sham.
Every time we notified anyone about a potential illegal breach of gdpr that could get us fined or sued, admin pretended they had never been informed because the changes would take too long and collide with their plans to "revamp everything, reinvent the platform, and rebrand".
I should have whistleblown them myself if it were not for the fact that doing so would probably get some previous employees fired rather than hurt the company.
Our business-critical internal software suite was written in Pascal as a temporary solution and has been unmaintained for almost 20 years. It transmits cleartext usernames and passwords as the URI components of GET requests. They also use a single decade-old Excel file to store vital statistics. A key part of the workflow involves an Excel file with a macro that processes an HTML document from the clipboard.
I offered them a better solution, which was rejected because the downtime and the minimal training would be more costly than working around the current issues.
The library I worked for as a teen used to process off-site reservations by writing them to a text file, which was automatically e-faxed to all locations every odd day.
If you worked at not-the-main-location, you couldn't do an off-site reservation, so on even days, you would print your list and fax it to the main site, who would re-enter it into the system.
This was 2005. And yes, it broke every month with an odd number of days.
I’m not an infrastructure person. If the receiving web server doesn’t log the URI, and supposing the communication is encrypted with TLS, which removes the credentials from the URI, are there security concerns?
Anyone who has access to any involved network infrastructure can trace the cleartext communication and extract the credentials.
What do you mean by any involved network infrastructure? The URI is encrypted by TLS, you would only see the host address/domain unless you had access to it after decryption on the server.
They said clear text, I would assume it's not https.
The comment we are replying to is asking about a situation where there is TLS. Also using clear text values in the URI itself does not mean there wouldn't be TLS.
When someone just says cleartext, I assume they mean transmission too.
OP replied confirming HTTP: https://lemmy.world/comment/1033128
Nope, it's bare-ass HTTP. The server software also connected to an LDAP server.
I don't even let things communicate on /30 networks via HTTP/cleartext...this whole thing is horrifying.
I'm not 100% on this but I think GET requests are logged by default.
POST requests, normally used for passwords, don't get logged by default.
BUT the Uri would get logged would get logged on both, so if the URI contained @username:Password then it's likely all there in the logs
That’s why I specified
in my question.
Get and post requests are logged
The difference is that the logged get requests will also include any query params
GET /some/uri?user=Alpha&pass=bravo
While a post request will have those same params sent as part of a form body request. Those aren’t logged and so it would look like this
POST /some/uri
I would still not sleep well; other things might log URI's to different unprotected places. Depending on how the software works, this might be client, but also middleware or proxy...
I can practically guarantee you it was not
Browser history
Even if the destination doesn't log GET components, there could be corporate proxies that MITM that might log the URL. Corporate proxies usually present an internally trusted certificate to the client.
I feel your pain. Many good ideas that cause this are rejected. I have had ideas requiring one big downtime chunk rejected even though it reduces short but constant downtimes and mathematically the fix will pay for itself in a month easily.
Then the minimal retraining is frustrating when work environments and coworkers still pretend computers are some crazy device they’ve never seen before.
Places like that never learn their lesson until The Event™ happens. At my last place, The Event™ was a derecho that knocked out power for a few days, and then when it came back on, the SAN was all kinds of fucked. On top of that, we didn't have backups for everything because they didn't want to pay for more storage. They were losing like $100K+ every hour they were down.
The speed at which they approved all-new hardware inside a colocation facility after The Event™ was absolutely hilarious, I'd never seen anything approved that quickly.
Trust me, they're going to keep putting it off until you have your own version of The Event™, and they'll deny that they ever disregarded the risk of it happening in the first place, even though you have years' worth of emails saying "If we don't do X, Y will occur." And when when Y occurs, they'll scream "Oh my God, Y has occurred, no one could have ever foreseen this!"
It'll happen. Wait and watch.
Sounds like a universal experience for pretty much all fields of work.
Government and policy? Climate change? A fucking pandemic?!
We’ve seen it all happen time and time again. People in positions of authority get overconfident that if things are working right now, they’ll keep working indefinitely. And then despite being warned for decades, when things finally break, they’ll claim no one could have foreseen the consequences of their lack of responsibility. Some people will even chime in and begin theorising that surely, those that warned them, had to be responsible for all the chaos. It was an act of sabotage, and not of foresight.
Places I’m at usually end up bricking robots and causing tens of thousands of dollars of damage to them because they insist on running the robot without allowing small fixes.
Usually a big robot crash will be The Event that teaches people to respect early warning signs…for about 3 months. Then the old attitude slides back.
Good thing we aren’t building something that requires precision, like semi-conductor wafers. Oh wait.
That's just be on them losing tons and tons of money from bad usable platter space lol they're machine gunning themselves in the legs
As weird as it may seem, this might be a good argument in favor of Pascal. I despised learning it at uni, as it seems worthless, but is seems that it can still handle business-critical software for 20 years.
What OP didn't tell you is that, due to its age, it's running on an unpatched WinXP SP2 install and patching, upgrading to SP3, or to any newer Windows OS will break the software calls that version of Pascal relies upon.
You're literally describing the system that controlled employee keyscan badges a couple of jobs ago...
That thing was fun to try and tie into the user disable/termination script that I wrote. I ended up having to just manipulate its DB tables manually in the script instead of going through an API that the software exposed, because it didn't do that. Figuring out their fucked-up DB schema was an adventure on its own too.
I'm also describing the machine in my office that runs my $20,000 laser plotter/large format scanner. The software in the machine uses (Java?) over a web interface which was deprecated and removed from all browsers around 2012-14, iirc. The machine isn't supported anymore and the only way to clear an error or update where it sends scans is using that interface. I have a XPSP2 machine running the internal IE6 browser which will still display the interface. Since I'm now a one-person office, and I use the scanner about 6 times a year, I keep that machine around in case I need to turn it on to update the scanner or clear a print error. Buying a new plotter isn't worth the time/money - when it dies I'll just farm out the work to a 3rd party vendor; but while it does work it's convenient to have in-house.
If it's that old, I'm betting it doesn't use HTTPS for its connections. You could do a network packet capture on the XP machine (or if you can find one, hook it up to a network hub with another computer attached and capture there) while performing the "clear error" action and find out how it works/what you need to send to it to clear the error. You could also set up a SPAN port on a switch and mirror the traffic on the port going to the printer to capture the traffic, if you have a switch capable of doing that. If not, you can get one off Amazon for about $100.
It'd be pretty simple to put together a script that sends the "clear error" action to the printer after seeing how it's done in the packet capture. I've done this numerous times, the latest of which was for a network-connected temperature sensor that I wanted to tie into but didn't (publicly) expose an API of any kind.
It's more than that, though - it's used to setup custom sheet widths as well as enter new server and login details for sending scans via FTP to a server. If I'm doing billable work, I'm charging $225/hr. If I'm snooping the network, which isn't my field and I do almost never so it takes me several times longer than an expert, I'm making nothing. With an annual value on the machine's services at less than $500 (more than half of which would become reimbursable if I didn't have it), there's no actual value in "fixing" it by creating a different work around. 🤷♂️
Anything can if you don't update it.
Survivorship Bias
i worked for a hybrid hosting and cloud provider that was partnered with Electronic Arts for the SimCity reboot.
well half way through they decided our cloud wasn’t worth it, and moved providers. but no one bothered to tell all the outsourced foreign developers that they were on a new provider architecture.
all the shit storm fail launch of SimCity was because of extremely shitty code that was meant to work on one cloud and didn’t really work on another. but they assumed hurr hurr all server same.
so you guys got that shit launch and i knew exactly why and couldn’t say a damn thing for YEARS
Not to put the blame on the devs, but the problems might have been attenuated by defining a proper interface layer against the server.
It's a damn single player game 💀
The multiplayer stuff was neat in theory, but any multiplayer thing you did took like 20+ minutes to actually propagate to other players games
I wonder if that's related to "the wrong cloud". Imagine if someone wrote some super slick code that worked really really well in the original cloud, and just couldn't figure out how to make it work in the new cloud, so everything is just an awful workaround.
Unless you're really deep into a particular provider's unique-esque products (Lambda, Azure AD, Fargate, etc), this is exactly why things like Terraform exist.
Oh for sure, but the games industry is one of the few that still does some weird stuff because a lot of the software is only expected to last 5 years or so at most, and needs to get every drop of performance.
I could definitely see some hyper optimized cloud API looking really great and then not having an equivalent in another ecosystem (or at least not one that could be quickly swapped out just before release).
I think it's refering to the fact that the reboot SimCity was a single player game (you could never play with someone else) but that was always online anyway
There was no Rebooted SimCity in Ba Sing Se
All this fuss over servers for a single player game. Not only did they handle the migration poorly, it shouldn't need to talk to servers period!
I think it's AWS
That’s cool to know! I had been wondering what happened with that historically bad launch.
Kevin Fang - The Worst Website Launch of All Time <on Piped's frontend (thanks bot!)>
Here is an alternative Piped link(s): https://piped.video/watch?v=Ui5op0N700A
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I'm open-source, check me out at GitHub.
I knew that's gonna be gold after I read that first sentence
It's pretty depressing, but the fact that soil and groundwater are almost certainly contaminated anywhere that humans have touched. I've seen all kinds of places from gas stations, to dry cleaners, to mines, to fire stations, to military bases, to schools, to hydroelectric plants, the list could go on, and every last one of them had poison in the ground.
Some places are insanely polluted to the point where you wonder how a whole company could be so braindead and essentially poison themselves.
A place not far from where I live had a chemical plant which just dumped loads of chemicals on a meadow for years. Now there are ground water pumps installed there which need to run 24/7 so that the chemicals don't contaminate nearby rivers and hence the rest of the country.
When taking samples from the pumped up water you can smell gasoline.
We're house shopping and there has been a house on a lake sitting on the market forever. I got curious and researched the lake and... It's a literal superfund site. The company that was on the other side of the lake just dumped their waste chemicals right on the shore and it has polluted both the lake and ground water forever essentially because they don't break down. I looked up the previous owner... Died of cancer. The shit that companies are and were allowed to get away with is just insane. Meanwhile right wing nut jobs want to get rid of the EPA (which was ironically created by Richard Nixon).
"That's the future guy's problem, my problem is making money."
No need to wonder. That's how.
Sounds cheap.
The largest lake in the UK by area got massively polluted and turned into a swamp of toxic green algae. It's crazy how people just let stuff like that happen.
It's just as depressing when something counts as "clean". My saddest example was a former sand pit, they spent 30 years digging out 15 meters of sand, then another 30 years filling it with anything from industrial to veterinary waste, "capped" it with rubble in the late 40s and called it clean enough.
Had a bigass job digging out the top 3 meters of random waste, including several thousand of barrels of whatever the fuck. And definitely no unexploded ordnance (spoiler, after finding several ww2 rifle stocks and helmets, the first mortarshells were dug up too). After makimg room, it was covered in sand, clay, bentonite and a protective grid.
So naturally, 3 months after that finished, some cockhead decided to throw an anchor and hit go all ahead flank on his assholes boat and tore the whole thing up. No need to fix anything though, just shovel some more sand it, that'll stop the anthrax!
This was all in open connection with a major river, of course. One people swim in.
@Tar_alcaran @thrawn21 fucking yikes. Was the public notified in any way? Did it make it to the news? Or just kind of brushed under the rug?
What are they poisoned with and how does it happen?
Varies depending on the site, sometimes it's gasoline, or solvents, or heavy metals or PFAS. As for how it happens, accidental or deliberate releases. I've found military documents from the 50s that say the official place to dispose of used motor oil was a pit they'd dug in the ground.
Yep, the regulation is now a 5ft cubed hole dug around the soil in any spill. It's resulted in folks being more careful but also hiding where things are spilled. I've not once seen a hole dug. Corporations are roughly similar. Small organizations don't care at all.
Here's a recent article about PFAS in drinking water. Very unfortunate.
Heavy metals and PCBs are most common in my area, various VOCs aren't far behind. Prior to the EPA and associated legislation companies would commonly use waste process waters for dust control, dump wastes in to pits or on the ground, spills would be left to soak away, and general processes were dirtier and uncontrolled.
One terrible example from western NY that bugs me even more than Love Canal is the involvement with the Manhattan Project. Local steel workers rolled Uranium and they were never told what is was, given any protections, or cared for when the inevitable happened. Radioactive waste was later used as fill for residential and commercial properties in the area. These Hotspot still exist and it is a slow process to get any cleanup done.
I work in air quality and it's a similar story. It's crazy to me seeing how much is unregulated, grandfathered in, or simply not enforced.
What do you want? They moved it out of the environment. . .
The programming team that is working hard on your project is just one dude and he smells funny. The programming team you’ve met in your introductory meeting are just the two unpaid interns that will be fired or will quit within the next two months and don’t know what’s happening. We don’t do agile despite advertising it. Also your project being a priority means it’ll be slapped together from start to finish 24 hours prior to the deadline. Oh and there will be extra charges to fix anything that doesn’t work as it should.
I think we work in the same company, the dude does not smell funny to me but maybe that's just me.
Are you that dude?
No he is many things including functioning alcoholic and a choleric but I could not detect strong odor.
I do not know what my thing is because that's obviously my blind spot.
That's what he said, yep.
We all work for that company. Except at mine, I work remote, so I have only myself to blame the stinkiness on.
When you have a great programmer working on your project he will be cycled to a new project in 2-3 months. Your new senior developer who silently takes over the project is part time because he's working on finishing his education.
No one knows how anything works, except that one guy, who left the company half a year ago. That's how all software development is.
Throw in a mysterious comment that says "Don't change anything below this line or everything breaks" and it's complete.
"We don't know why this works, but it does, don't touch it." would also be acceptable.
"The server mangles the authentication token after receiving it for reasons we don't really understand, so this function just checks to see that it's set in the request, but nothing actually cares if it's valid. DO NOT RETURN USER ACCOUNT DATA HERE AND YES THAT MEANS YOU MARCUS"
Thai is basically my current team, haha.
In my company we have a very modern agile workflow where QA is top priority.
At least that what we advertise. In reality it's all an unorganized clusterfuck where I'm pretty sure I am the only one who bothers to write automated tests. Who's got time to write tests bro just push that shit out ASAP we'll deal with it when the client calls us in the middle of the night to complain about previously-working shit being broken now.
I've worked for one company that actually did it right (complete with pair programming, even). It was pretty nice.
Too bad we were apparently the "experimental?" team and the only one in the whole company doing it that way.
I worked for a company like that. Wall Street shits bought us up and sold everything that wasn't bolted down.
Ironically, that was the one time I was working for a large, publicly-traded company (a big-box retailer, no less -- not even one of the halfway-respectable Fortune 500s!).
A lot of outsourcers do this. Here's my experience with a few companies.
At one time, these people were pretty good, but they realized they had skills and left for other countries for better pay and better working conditions. The bids got more and more competitive, cutting costs until they were literally filled with low-skilled labor who can't be promoted or leave for economic or competence reasons.
Now that I read this, I'm kinda glad that our company doesn't do anything like that. But it's just a small indie team porting games to consoles, so I guess what you're mentioning is the bigger corp problem.
Programming teams I've worked with are a joke.
Company A: We got hacked and the lead dev argued for days it wasn't a hack. Malware was actively being served to customers during this time period because she refused to deal with it and there was no security team.
Company B: programming team was the IT guys nephew and some random UI designer who hadn't finished college and was never able to be employed after finishing college..
Company C: We interviewed a candidate who was way over qualified and would make our life so easy because he was eager and hungry. Instead we hired a bootcamper who had never heard of docker (half our infra is docker), react, or anything other than vanilla JavaScript. She failed our practical but still got hired because the hiring manager wanted and assistant. She has become a glorified project manager, but still has the title software engineer.
Can confirm. I am the smelly guy. Leave me alone and you get code. Bother me and you don't.
Hah, is this contracting? And what is done vs agile?
Think waterfall. But like. No design and no testing.
Not contracting, just another small shop that offers “complete” solutions from a to z kinda situation.
The only competent person in that org would be, oddly enough, the ceo. Everybody else just feel like they show up to be marked present on an attendance sheet in terms of being useful.
That's just "cowboy coding."
I used to work for a popular wrestling company, billionaire owner, very profitable, would write off any OSHA penalties as the 'cost of doing business' just as they did in 1998, when The Undertaker threw Mankind off Hell In A Cell, and plummeted 16 ft through an announcer's table
The company would bid on government contracts, knowing full well they promised features that didn’t exists and never would, but calculating that the fine for not meeting the specs was lower than the benefit of the contract and getting the buyers locked into our system. I raised this to my boss, nothing changed and I quit shortly after.
I've worked in IT consulting for over 10 years and have never once lied about the capabilities of a product. I have said, it doesn't do that natively, but if that's a requirement we can scope how much it would take to make it happen. Sadly my company is very much the exception.
The worst I saw was years ago I was working on an infrastructure upgrade of a Hyper-V environment. The client purchased a backup solution I wasn't familiar with but said it supported Hyper-V. It turns out their Hyper-V support was in "beta". It wasn't in beta. They were literally using this client as a development environment. It was a freaking joke. At one point I had to get on the phone with one of their developers and explain how high-availability and fail-over worked.
I could very well have been that developer. Usual story, sales promised the world, that our vmware-based system would run on anything and everything, and of course it's all HA and load balanced, smash cut to me on Monday morning trying to figure out how to make it do that before it goes live on Wednesday.
eh DHCP isn’t really important right? obviously if it hasn’t changed since the 80’s why would you need to reboot your server.
what are vulnerabilities?
You responded to the wrong comment, but i’ve been seeing that a lot so I wonder what causes it.
Being a frontend dev myself, I’d guess someone screwed up the indexing of comments :P
Sounds like a DHCP issue.
(I mean, not really, but it rhymes I guess.)
It's definitely DNS.
I'd actually wager the comments are cached, sent to the front end wrong (because of the bad cache), and then the front end posts against the wrong comment ID (maybe that's what you mean to be fair :) ).
I had something different in mind, coming from Angular: There would be a list of comment objects associated with DOM nodes, then the comment list would get updated, and Angular would associate the DOM nodes with the wrong list entries.
How would a bad cache mess up the association between a comment and its ID?
I used to do AngularJS and I've done some react... maybe something like that could happen. I'd wager it's unlikely though (bordering on Angular/Inferno itself having a bug).
I've seen some other things that seem like caching issues (e.g., seeing the wrong counts when switching between posts).
A cache could literally report the wrong ID for a comment to the front end in the JSON if the caching isn't right (and bad input = bad output).
Granted, in both cases I'd wonder why we're not seeing this all the time, it's got to be something niche, possible something already fixed but not on all instances.
The contractor I worked for was run by a man who used to say "if the contract says they'll blow up the contractor on delivery, we're putting in a bid and solve the problem later"
Promising features that never existed is part and parcel to a lot of software sales, whether gov or private. Speaking from post-sales experience.
I think it’s fine to promise them, but to claim they currently exist when you never plan to implement them is what I couldn’t support.
I worked in government contracting (and government, for that matter) for years and that blows my mind. I can't remember the details, but if you even had a bad reviews, much less being found noncompliant, it could disqualify you entirely from some contract vehicles for a matter of years. Wild that there's some agency that somehow lets people get away with fraud.
Also, if that cost the government money, there's a chance you could report that after the fact and make some money.
Might be local government. Me and sales have this argument pretty often
Me: it is in the spec
Sales: no one noticed it except you
Me: thanks?
Sales: no one is going to care
Me: then take it out of the spec and resign everything.
Sales: why are you making a big deal about this?
Me: because it is in the spec that we signed and if we don't honor the spec they can backcharge us.
Sales: that won't happen
Me: you are right because we are going to follow the spec. If you don't want me to please email me, the department head, and the client specifically ordering me not to follow the contract that we signed.
Yeah I’m in Europe and our customers were municipalities buying healthcare related solutions. It happened after our little startup got taken over by a big player and they started getting involved in the contract bids.
There is a million times more counterfeit/fake items at amazon than you think, and they dont care one bit to fix the problem
Geek Squad, We were flying under the radar upgrading Macbook RAM, until one day we became officially Apple Authorized to fix iPhones, which means we were no longer allowed to upgrade Macbook RAM since the Macbooks were older and considered "obsolete" by apple, meaning we were unable to repair or upgrade the hardware the customer paid for, simply because apple said it was "too old". it was at this point in my customer interaction, that we recommend a repair shop down the road that isn't held at gunpoint by apple ;)
1-800-got-junk? doesn't care at all about its environmental impact. No sorting what so ever happens to what goes on their trucks it all goes to landfills. All the ads will say they recycle and that they repurpose old furniture but I was threatened with being fired when I recommended donating antiques instead of dumping a load of furniture.
More jobs and more profits comes before anything else in that company, including employee health and safety. Several times I was told to enter spaces we werent trained for (attics and crawl spaces) and carry waste I legally couldn't transport (human/organic wastes and the laws states the driver is fined, not the company). One guy injured his shoulder during an attic job and was told to finish the shift or lose his job. Absoulte scum of a company with very sleazy management and possibly the labour board in their pocket as they kept "losing the files" when I tried to file a report with buddy's shoulder (he was hesistant to report for fear of losing his job).
Anybody knows that one waterfall attraction in the Southeast US? The one that advertises bloody everywhere? Waterfall is pumped during the dry seasons, otherwise there'd be nothing to see. Lots of the formations are fake, and the Cactus and Candle formation was either moved from a different spot in the cave, or is from a different cave in New Mexico. Management doesn't want people to know that, but fuck 'em.
Ruby Falls?
Ye!
After looking it up, you can find reports from others stating the same things. When I was there as a kid, I remember that they claimed no one knew where the source of the water came from... I guess they actually know enough to help it out at least, lol
I really enjoyed it and would like to go again, but it's no Mammoth Cave.
Gravity Falls?
For some reason I’m not surprised to learn this about Ruby Falls. Lived near it awhile and visited.
Eh kinda cruddy to learn, but also was still a cool experience.
Niagara falls?
Nawh mate, that's up in New York and Canada.
I'm simple man not from US. I hear waterfalls, I think Niagara ¯\_(ツ)_/¯
As a simple Canadian man having been to Niagra Falls several times, I defy humanity to engineer a way to pump that much water.
Probably just be easier to pay off literally everyone who goes there to lie about it.
I mean, I'm sure humanity pumps that much water, in aggregate. If you look at every pumped system everywhere in the world, it's no doubt many times Niagara.
Now, doing it all in one place, like that? Yeah, for sure, that's tricky.
Victoria falls?
I quit a well known ecomm tech company a few months ago ahead of (another) one of their layoff rounds because upper mgmt was turning into ultra-wall street corpo bullshit. With 30% of staff gone, and yet our userbase almost doubling over the same period, they wanted everyone to continue increasing output and quality. We were barely keeping up with our existing workload at that point, burnout was (and still is) rampant.
Over the two weeks after I gave my notice I discovered that in the third-party app ecosystem many thousands of apps that had (approved) access to the Billing API weren't even operating anymore. Some had quit operating years ago, but they were still billing end-users on a monthly basis. Many end-users install dozens of apps (just like people do with mobile phones) and then forget they ever did so. The monthly rates for these apps are anywhere from 3 to 20 dollars per month, many people never checked their bank statements or invoices (when they eventually did, they'd contact support to complain about paying for an app that doesn't even load and may not have for months or years at this point).
I gathered evidence on at least three dozen of these zombie apps. Many of them had hundreds of active installs, and were billing users for in some cases the past three years. I extrapolated that there were probably in the high-hundreds or low-thousands of these zombie apps billing users on the platform, amounting to high-thousands to low-tens-of thousands of installs... amounting to likely millions per year in faulty and sketchy invoicing happening over our Billing API.
Mgmt actually did put together a triage team to address my findings, but I can absolutely assure you the only reason they acted so quickly is because I was on the way out of the company. I'd spotted things like this in the wild previously and nothing had ever been done about it. The pat answer has always been well people are responsible for their own accounts and invoicing. I believe they acted on this one because I was being very vocal about how it would be 'a shame' if this situation ever became public, and all those end-users came after the company for those false invoices at one time. It would be a PR and Support nightmare.
You have definitely interacted with this ecommerce platform if you shop online.
Health insurance company I worked for would automatically reject claims over a certain amount without reviewing them. Just to be dicks and make people have to resubmit. This was over 25 years ago, but it's my understanding many health insurers still pull this shit. They don't care if it's legal or not. Enforcement is lazy and fines are cheaper than medical claims.
Obviously this is in the USA.
I used to work for a cable company whose name rhymes with "bombast". They offer a wifi service whose name is a derivation of the word "infinity". Most of the hotspots for this wifi service are provided by the Bombast wireless routers that cable customers have in their homes. So if you're a Bombast customer, you're helping to pay the electrical bill and giving up bandwidth in order to provide Infinity wifi.
Another fun Bombast story: the founder, a man who always wore a bowtie, died a few years ago. At a memorial service in his honor, a number of vice presidents and other executives (including my boss at the time) wore bowties. Everyone who wore a bowtie to the service was fired within a week.
I worked for for the railroad. Nothing is fixed ever. I witnessed hundreds of code violations every day for years. Doesn't matter if a rail car or locomotive meets code as long as it "can travel" its good to go.
When an employee inspector finds a defective rail car management determines if it will get fixed. If the supervisor "feels" like "it's not that bad" then the rail car is "let go".
Over a decade ago I worked as a freelancer for an Investment Bank (the largest one that went bankrupt in the 2008 Crash, which was a few years later) were the head of the Proprietary Trading Desk (the team of Traders who invest for the profit of the bank) asked me if I could change the software so that they could see the investments of the Client Trading Desk (who invest for clients with client money) was making, with the assent of the latter team.
Now if the guys investing money for the bank know what they guys investing customer money are doing they can do things like Front-Run the customer trades (or serve them at exactly the right price to barelly beat the competiotion) thus making more profits for the bank and hence get bigger bonuses. This is why Financial regulations say that there is supposed to be so-called Chinese Walls between the proprietary trading and the customer trading activities: they're supposed to be segregated and not visible to each other.
Note that the heads of both teams were mates and already regularly had chats, so they might already have been exchanging this info informally.
I was quite fresh in there (less than 1 year) and the software system I worked in at the time was used by both teams, but when I started looking into it I saw that the separation was very explicitly coded in software and that got me thinking about what I had learned from the mandatory compliance training I had done when I first joined (so, yeah, that stuff is not totally useless!!!)
So I asked for written confirmation from the heads of both teams, and just got some vague response e-mails, no clear "do such and such".
So I played the fool and took it to a seperate team called Compliance (responsible for compliance with financial regulations) saying I just wanted to make sure it was all prim and proper, "just in case".
Of course, it kinda blew up (locally) and I ended up called to a meeting with the heads of the Prop Desk and whatnot - all stern looks and barelly contained angry tones - were I kept playing the fool.
Ultimatelly it ended up not being a problem for me at all, to the point that after that bank went bust and its component parts were sold to another bank, the technical team manager asked me to come back to work with the same IT group (remember, I was a freelancer) with even greater responsabilities, so this didn't exactly damage my career.
That said, over the years there were various cases of IT guys in large investment banks who went along with "innocent" requests from the Traders and ended up as the fall-guys for subsequent breaking of Finance Regulations, serving jail time, so had I gone along with that request I would've actually risked ending up in jail.
(Financial Regulators were and are a complete total joke when it comes to large banks, which actually makes it more likely that some poor techie guy will be made the fall guy to protected the bank and its heads).
Worked at a globally popular fast food francise many years ago. They had collection boxes for a charity that they raised money for. None of the money went to that charity, but was divided between owners and managers.
Office Depot sells printers at very low (or even negative) margin, and then inflates the margins on cables, paper, ink, and warranty. If you want the best deal, get the printer from OD, and everything else you need somewhere else. That $20 USB cable they sell costs them $1 and you can get the same or better online for $2.68.
I worked as a pastor and professor for a global, evangelical television ministry/college. They knowingly conceal scholarship on the Bible and punish their pastors for asking any questions that undermine their most closely held traditions (including anti-evolution, mental illness is supernatural, etc.). They tell their US viewers that they can't call themselves Christians if they don't vote Republican, while still enjoying tax-exempt status. They use pseudohistorians to inspire Christian Nationalism over their network, and are one of the largest propaganda networks for the Religious Right. A U.S. Capitol police commander told me his men were fighting people who were wearing the network's brand.
I worked with people from many indian IT companies who just outright clone github repos and tell clients they developed the entire thing from scratch.
Acronis Backup charges you for local data backups from one device to the other. So basically if you are using Acronis to move data from your local drive to another local device like a NAS, you pay money for every gigabyte transferred. During the time I worked for them, the script to run the transfer was literally the most simple robocopy command, even simpler than one you could write yourself. And they still do it, charge for local to local data movement. Its fucking insane. One of my clients had a $15k a month bill for local data movement. Straight up highway robbery.
The people who negotiate your medical claims make more money on the settlement commissions than the doctors even make from their procedures.
And there’s like 25-40 people total who handle the claims for every single health insurance company.
An AI company... They used to manually change system event logs to show it wasn't their software that caused the downtime for our clients.
Bought over a million dollars worth hardware (25% of which didn't even got racked), over 200 46inch LED screens that no one used, and very expensive offices at posh locations in the bid to increase its IPO valuation.
I worked for a furniture store. They used to buy mattresses and furniture sets for like $200-300 and arbitrarily sell them for around $700-1000. I used to be able to haggle with people and still sell them for like double what they cost. I hated that job for so many reasons
This local single location grocery store by my house would unwrap and rewrap meat packages when it hit expiration dates in order to generate a new label with a new expiration date. If the meat looked bad, it would be added to the meat grinder to make ground beef.
Worked at a newspaper for a few years.
With very few exceptions, they do not give a fuck about you or the news. The advertisers are their customers and your attention is their product.
The buildings alarm code was 0711. Guess where I worked....
No way.
Circle K?
Olive garden?
Plaid Pantry?
Kidding.
gonna go on a slush run and try something new I just learned… brb
Amateurs... should've been 7110
Dollar tree?
At Disneyland, Mickey Mouse is always played by a woman, due to the small costume. So if you put your arm around him for a photo, try not to accidentally touch Mickey’s boobs.
I worked for an online payment company you all know. Many eployees have access to the main DB which holds all transactions and names and everything in clear text. You could basically find out all PII (personal identification information) of any celebrity you wanted given they had anaccount. Address, phone number, credit card and all. If you knew a bit of SQL you could basically find whoever person you wanted and get purchase history and all.
Cant say I didnt use this to find stuff about my exes or various celebrities.
I worked at an ISP. The DHCP server we use for our DSL offering was made in the 90s and hasn't been updated since.
Frankly, I don't see this a a problem as long as the software is up to date and the hardware is sound. I bet there are thousands of SPARC servers out there processing data 24/7 since 1995.
Might want to get on updating it soon for IPV6 though
I don't know, I remember hearing that everything would soon be IPV6 a couple decades ago.
The alternative to IPv6 is CGNAT.
CGNAT is really annoying for users, since the entire ISP looks like a single IP address. This can lead to situations where the entire ISP accidentally gets classified as a bot or otherwise blocked. It's not too hard to find these kinds of stories from StarLink customers.
We are at the point where we are are legitimately out of IPv4 addresses. Household NAT isn't enough and CGNAT has too many problems. IPv6 code was written ages ago and is very stable in all OSs these days.
It really is just these legacy middle boxes holding us back.
This guy knows. CGNAT is incredible sucky and we are definitely out of ipv4. Why not everyone is hopping on IPv6 I don't know. I'm thinking people are afraid of the formatting but that's just dumb.
I’ve tried running my house on ipv6 only before, but you run into A LOT of issues, even with major services. Example: sometimes my devices would fail when trying to connect to Netflix. Netflix.com issues round-robin DNS. One (1) of the possible endpoints turned out to be unreachable from me over IPv6 because of return path MTU shenanigans I had zero control over.
but if we move to ipv6 then my no place like 192.168.1.1 tattoo would lose all meaning! /s
There’s no place like ::1
You could have saved quite a bit of ink with an IPv6 tattoo though.
I've worked for a few of the larger ISPs in the US. They all have their own special weird shit like a windows NT machine shoved in a corner in a CO in west Texas that you have to remote desktop into and run some java applet from the 90 to log into a hardwired machine from the 70s just to set up a voicemail box for a phone line. Ain't broke don't fix it leads to some wild setups at companies you wouldn't expect it from.
I'd actually rather this than making new software with all kinds of bugs
If it works and is secure, what's the problem
Big german TV production company with succesful primetime action series used rented cars for their stunts. Different people from the team rented them with full insurance, returned them crashed. They did this until every car rent in the city stopped offering insurance without retention.
I worked at a fruit processing plant. We found maggots in the blueberries. Line got shut down for obvious reasons.
Owner of the company came in and said 'pack them anyway'. We knowingly sent out blueberries with maggots in them.
Needless to say that company sucks and people hate working there.
A certain fruit company knows about you WAY more than you can imagine, and most of the information is accessible to even the lowest ranks of support. And yeah, my NDA is finally over.
Why is everyone here afraid to name the companies?
Unless you're sharing something that only you would know and the company is aware that you're the only one who knows it, there's no way they can identify you.
Something tells me the people posting here who had "NDAs" didn't actually have any sort of a high level clearance to important information.
A large pizza chain, it costs about $1 to make a large cheese pizza. Cheese is re-used as much as possible.
How do you reuse cheese? That is concerning.
If it was poured on the pizza and fell off, it's picked back up and put back in the bin if the health department allows it.
Just from clean sanitized surfaces? If so that I can get. Otherwise, icky 😬
Pfew, well that actually makes sense and is efficient. Picking it up off the floor probably is not worth the bending over luckily.
imo solid tabletops are much better for pizza making. i’ve worked at a few places and in practice those pans get ACTUALLY cleaned much less often than a regular ass table does.
Pans have the upside of being disinfected with gratuitous heat
(Ignore this. I just want to see what color comes after violet.)
I'm sure those minimum wage employees are doing their due diligence in regards to cleanliness
I mean the pizza is going into 500f,it'll be fine. I'm all for reuse instead of waste when possible.
Pizza is junk food anyway, so it's not like you're expecting gourmet cheese.
Less waste is good IMO
If lack of cleanliness bothers you, many take-out places are a no-go.
Many people's own kitchens would never pass a health inspection!
Trash cheese 😋
To be fair it is less about the wage and more about maturity level. Which can sometimes, not always, correlate with age.
Realize that "clean, sanitized surfaces" is a VERY relative term in foodservice. Also more times food is handled, more chance of cross contamination. The gloves/hands that put that cheese back in the have supply may have just handled sausage/deli meats or underwashed tomatoes containing listeria, now your cheese had extra "flavor" potentially. More of a risk in scenarios where the food isn't then reheated above temp that kills bacteria.
Basically, ideal path is ingredients prepped in sealed/clean factory process, handled once from safe storage into your meal with clean gloves
From working at a pizza joint as a kid, I can tell you that most surfaces are sanitized at the end of the night and covered with plastic wrap so we could start fresh in the mornings.
Pizza store experience person here... definitely didn't cover tables with plastic wrap.
To be fair, from a food-conservation standpoint, I’d expect cheese (and other materials) to be re-used. No need to throw it away just because it fell on a reasonably clean surface, especially prior to baking.
Cheese? You mean processed
diarydairy by-product?What does re use mean o.o
They shower the pizza with cheese, and any cheese that doesn't land on top of the pizza is collected and used for the next. Pretty standard practice when making food
That's why I stopped eating. Too much reused cheese.
The extra is labor and the building? (And profit?)
Also food waste, which tends to be high with pizza delivery.
The building, used by several hundred employees, had a security systems with 4-digit codes. I've been part of group of people who liked to work late times, and the building would lock at midnight -- the box by the door would start beeping and you would need to unlock it within a minute or so, or "proper alarm" would ensue.
However, to unlock the alarm you did not need your card -- all you needed to do was to enter any valid code. Guess what was the chance that, say,
1234was someone's valid code? Yes.We've been all using some poor guy's code
1234, and after several years, when he left the company we just guessed some other obvious code (4321) and kept using that.By the way, after entering the code to the box by the door, it would shortly display name of the person whom the code "belonged" to. One of our colleagues took it as a personal secret project to slowly go through all 10000 possible codes and collect the names of the people, just for the kick of it.
(By the way, I don't work for that company anymore, and more importantly, the company does not use that building anymore, so don't get any ideas! 🙃 )
Everything comes in frozen. Before mixing with the sauces it smells off. Half the staff mix without gloves. Dont get the tuna but have it your way...
Working at the morgue must have been tough
An uncle of mine ran a funeral home. He and his staff took hygiene freaken seriously.
Presumably because you're protecting yourself rather than the "clients"?
I used exclusively go into subway for the tuna sandwich...
The majority of tech startups are super chaotic and barely keeping things running. More than you would ever imagine.
A national (not US) cake company uses expired ingredients because it's cheaper. Yes, I did report them to the authorities.
Not strictly a company secret, but I had to sign an NDA for it, because... reasons.
I used to work for a massive conglomerate, these guys are making from components for satellites and tank to rubber gloves for hospitals, and everything in between. My job was to help the company implement regulations, work with auditors and generally follow product specific rules.
So I was on these 2 New Product Development teams and because the products needed some very specific testing equipment, we started working with local authorities and some contractors to build the testing station in the future factory. We drafted plans, prepare documents, we had an auditor come and see the place, the contractor came and checked what he needed to do, everything was going according to plan.
While all of this was happening, I was on a separate project where we were working on closing down the above mentioned factory.
I worked for lumber liquidators, and their point of sale software seemed to be surplus navy because if you dug deep enough you could order nuclear sub parts.
An European Country stores citizens' critical data in vulnerable databases, whose password is in HaveIBeenPwned, on a VPN whose certificates are stored in random NASs. The IT guys don't know how encryption and certificates work and I wouldn't be surprised if everything was in some adversary countries' hands
S&P and Moody's were collaborating since at least 2000 on the pricing of the so-called "esoteric" structured instruments associated with mortgaged-backed securities that caused the 4Q07 crash. They collaborated via the competitive intelligence firm Washington Information Group (which does not seem to be around anymore.) The collaboration was almost certainly illegal (IANAL). They did this because neither wanted a price war when rating these. I did sign an NDA with S&P that kept me out of the industry for two years. I left the industry shortly after that and went back to what I used to do.
The first steel mill I worked for, the test requirements were more of a suggestion than a rigid specification. I, a trained and skilled engineer with the capacity to make informed decisions, had to run all rejections by my boss who would tell me "it's close enough" even if it wasn't. Sometimes it bit us in the ass with warranty failures, but the warranties were probably cheaper than internal rejections (and what is brand perception worth?).
My second steel mill job, I was the one making the rejection decisions. I did the hard thing and rejected our failures but I also troubleshot them to prevent recurrence, making our product and capability better over time.
It very much matters who you buy your steel from; two mills can have vastly different performance for the same products based on how they handle these situations.
Worked in tech support for a major internet provider. We would constantly have major ouages in various locations due to overtaxed systems going down. Corporate refused to allow us to admit that there were problems on our end and forced the techs to troubleshoot the customer calls, even though we all knew that we could do nothing for the customer. Saw multiple techs releived of their job for telling the truth to the customers. So many hours wasted on both the customer and techs part.
I worked as software engineer and my boss tolerated me going to office at 2pm and leave at 9pm. It's against company policy, certainly, but no one talked about it. It still is my most productive and happy time.
I work in IT. Most systems have laughable security. Passwords are often saved in plain text in scripts or config files. I went to a site to help out a very large provincial governmental organization move some data out of one system and into another. They sat me down with a loaner laptop and the guy logged me into his user account on the server. When I asked for escalated privileges, he told me he'd go get someone who knew the service account passwords.
After a few minutes, I started poking around on my own... And had administrative access within an hour. I could read the database (raw data), access documents, start and stop the software, plus, figured out how to get into the upstream system that fed data to this server... I was working on figuring out the software's admin password when the guy came back. I'm sure that given some more time, I could have rooted the box because the OS hadn't been updated in years.
I used to work at Starbucks (almost a decade ago now), but at the time, the motto was "just say yes" to any customer requests. We also had free drink cards that you could give out to deesclate any issue. So I would say any time you're even the slightest bit unhappy, bring it up, and you should at least have your problem solved, if not compensated for a free drink next time.
We also had customer satisfaction surveys that would print on reciepts, where filling one out would get the customer a free drink. We always kept them for customers that were happier to try and rig the odds in our favour of a higher rating, but also if a customer asked for one, I would give it if I had it. You could always ask the cashier if they have any of those as well.
Again, not sure how much either of those things have changed in the past 10 years, and I'm not sure how regional it was (this was in Canada at a corporately run store), but maybe worth a try.
Also I love these types of threads -- great topic to post.
DoorDash and food apps are willingly scamming restaurants, and users.
They are perpetually in debt as they aren't actually making money and they will likely only make very little.
Ubers only profitable line of business was UberFrieght, then they decided to outsource it or shutter it.
Both of these companies broke laws early on in order to operate.
Most of you support that came from Uber in before 2019 were coming from drunk 20 something's.
Worked support for an electricity supplier. I was able to see a frightening amount of info about the customers. Even past ones who had moved elsewhere.
We also kept notes about each call, email, web or app chat. So if you were an asshole in the past, everyone will know going forward.
Also fuck landlords and landladies etc. More often than not, they were shitty to deal with.
Also we would often use Google Maps and Streetview to see what your house looked like. We also had pictures of the inside because the installation techs took pictures to confirm that works were completed as specified.
Alll of this was available to us for any reason, at any time with no oversight. And none of it was encrypted. There was also government websites in use up to 2020 that required internet explorer to use and had passwords as trivial as 'Password1'.
I left that job because the pay was lousy and the stress was pretty full on. I respected a lot of people that worked there. Both higher ups and people who came after me. But fuck was there a lot of potential for bad actors or like stalkers etc to mess with your info.
I would reccomend to everyone. Please use password managers. Especially decent open source ones like Bitwarden. Take note of every piece of info that you give a company. From your phone number, address, email etc to even when you contacted them. Also try to not have your home look like an abandoned hovel on Streetview lol. Easier said than done I know. But it may affect your dealings with support people that you need help from. And lastly, please dont use Password1 as a login. Ever. Like please.
The biotech making your new drugs follows a less than scientific method. Lots of cherry picking of data, fudging results, etc. Part of me thinks this is part of why a lot of drugs never make it past trials. There is more incentive for individuals to come up with a drug that almost passes trials than to come up empty handed for years.
My wife worked at a pretty well-known hiking supplies store in our country. The retail price is sometimes over x4 the manufacturing cost and extremely marked up. The amount of faulty products with manufacturing faults is really high, with the suppliers 100% aware but gave the stores discounts on the wholesale price just to push units, even though the clothes/bags/shoes would break after a year or so of light use.
I work for a MSP that works a lot with very large tech companies. Most of these companies outsource a lot of work to India. I frequently have to remote in and help them with our product. You'll see passwords in plain text being thrown around in teams chats, .txt documents on the desktop and emails like candy. I will frequently work with individuals with titles like "Cloud Engineer" to "Solutions Expert" that I swear have never opened a terminal window in their life and unable to follow basic IT instructions. I have worked with a lot of very good Indian engineers, but I swear chronyism has a lot of people put into positions that they aren't really qualified for.
Back when I managed a Blockbuster Video, most stores ran at a loss thanks to theft.
The real reason most stores failed wasn't because DVDs were going out. It was because we couldn't stem the flow of money out the door thanks to thieves.
That I made their DropBox account, and they can't access it anymore..
I don't have any interesting secrets or facts from my current ex-jobs, so I'll share an interesting fact from a buddy's. It's one of those companies that offers automated phone systems (and chats, nowadays) that listen to your options rather than taking number inputs.
This may no longer be the case, but these systems were not actually automated. There are entire call centers dedicated to these phone systems, whereby an operator listens to your call snippet and manually selects the next option in the phone tree, or transcribes your input.
I wouldn't be surprised at all if advances in AI have made this whole song and dance less in need of human intervention, but once upon a time, your call wasn't truly automated - it was federated.
I used to work at a hotel and they never changed the duvet covers guest to guest, only the other sheets.
A friend of mine was a manager at a fairly upscale women's clothing store.
She said that even at 95% discounts, they could turn a profit.
I find it humorous that y’all think it’s only the company you worked at that had a fragile tech solution held together (sometimes literally) with duct tape and coat hangers, as part of a mission critical business process.
Pretty much every company big or tiny has at least one permanent “temporary” solution in place.
At my company, we have a saying: "That which is temporary shall outlive us all."
Pretty much every company 90% of the tech infastructure I've worked for is held together with 10 year old sun dried rubber bands.
There's nothing more permanent than a temporary building
Right, Guys the financial industry is held up with ducktape and the hope that people will remember how to code like its 1975.
The financial backbone of the world is written in fucking RPG
You basically have to put up flyers in retirement homes to find experienced RPG devs. I'm barely joking.
Code base is shit. We’re not doing what we’re promising or any close of it. We’re probably going to bankrupt in a year or two.
Depending upon your position you have an NDA that either has a date or never expires. I have worked for companies that I have NDAs with that never expire. Be careful what you share.
About 25 years ago I worked in a small town KFC franchise. Owner was, well, what you'd expect in a small town franchise owner - there was lots of pressure to cut costs and the manager had their job threatened at least once a month due to cost overruns (which cut into the owner's profits).
Manager quote, "I don't care if it's green, cook it anyway, nobody will tell once it's breaded and fried."
My previous employer - a multi-billion dollar internet search company would secretly listen to people's conversation via their mobile devices then place ads on the same devices (e.g in the browser search results or at the start of videos) based on keywords from the conversations, this had to be kept hidden of course and this large well-known company shall remain nameless.
Military equipment is sold to the PRC and mislabeled as COTS, i.e. civilian.
i dont think it was a secret for anything
but i once went to a job interview at a phone support line for an ISP in my country
it turned out to be ... a sales department. basically that's what they called it. all support calls had to eventually lead into selling something.
that just seems so idiotic i couldn't deal with it
The amount of school districts and city govts. that use Google docs for everything is terrifying. I'm talking plain text student info and billing information.
I did some IT work at a hospital, patient records including names, addresses, conditions and doctor's notes (inc mental health notes) were stored in the database in plain text. You had to have admin access to the database (which I did), but I was stunned that I could browse anyone's entire medical information. A few weeks after I left I sent an anonymous email to a couple of people letting them know how bad it was - I didn't use my real one just in case they may have come after me for looking at the records.
I worked for a pretty popular magazine back in the late 90's. One day near the beginning/middle of 2000, we were all called down to the bullpen for a last minute meeting by management and marketing. (That's never a good sign.)
We were told that we have a great product with amazing writing, but marketing doesn't know how to sell it so they're closing us down. Instead, we went online only. I was the web developer so I survived the firings.
So then we figured that we were set because our website produced more content and had more traffic than any of the company's other websites. However, in March of 2001, we had another emergency meeting. Again, we were told our content was great, but the company was going in another direction. Instead of producing our own content, the company was going to just repost other sites' content. I and everyone else in my team were let go.
Needless to say, the whole "we'll just repost what other people posted" plan didn't go so well. Last time I checked, the company wasn't doing very well at all.
Just remembered another one:
Have you ever had an anonymous survey sent to you by your work or by a company your work has hired? They're not anonymous. Management knows what your opinions are and will use them against you.
I worked for a consultant that would try and help fix businesses. The worst example I can think of was when I saw one person had answered a survey question saying that their employer had a "blame culture". Rather than trying to work on the processes or address why something had gone wrong, staff would start pointing fingers to keep out of trouble. This didn't fix anything and only made people spend all the time covering their posteriors.
The manager called a general meeting of everyone at that site and then singled out the employee who'd mentioned the blame culture, blaming him for saying there was a blame culture. The employee then pointed out that they'd been told, in writing, that the survey was anonymous. That employee called the manager a liar and then she lost control of the meeting, with lots of employees calling her a liar and several storming out. They weren't in business the next year.
I used to work in a very large mortgage company in their website. The amount of tracking they do, the amount of information they have, just for mortgages, is astounding and frightening. We knew almost every detail about someone before they committed to a mortgage.
They actually kept the domain admin password on a post-it under 2 different keyboards. One of which was secured from the public.
When I worked at Bob Evans I watched a manager peel the expiration dates off of expired food and replace them with dates in the future to avoid waste.
Snake Farm, when asked how to sell a policy that's clearly more expensive than the competition's answer was "They should feel privilege to be a Snake Farm customer."
The hubris was baffling.
Worked for a Gaming Hoster. Critical informations where hidden in small texts everywhere just (we) couldn't get sued. VPS would get "corrupted" when not used for a period of time, just so we could replace it with a new server. Backends were not protected. You could replace the executable with something malicious and get access to the server. Some more specific things i can't name or it would be clear which hoster it is. NEVER trust a gaming hoster which have access to you server files..
They let the intern access the production db. The company is one of the biggest hosting and internet service companies in the country. The db was SQL but had no primary key.
I was the intern. I normalized it to 3NF as part of my internship project.
The last company I worked for has both NDA's and arbitration agreements, which would keep me from spilling company secrets and would screw me over if I did. But here is a secret - they use online PDF forms and don't check what text is entered into the signature.
If you're doing a holiday in the USA and renting a car via enterprise, Alamo or national book with Rentalcars.com, unless you're flying with doing a Virgin package holiday, in Which case do it with them. They have the best rates in the market due to special agreements. If you want the best customer service experience for rental cars book with Virgin as they will put a lot of pressure on Alamo/national/enterprise who will bend over backwards for you.
Chinese delivery doughnuts in the US are just deep fried canned biscuits.
I work for a commercial airliner (regional) on the ramp and cleaning planes (regional and mainline - 737, 738 etc).
Don't drink the coffee. The coffee pots rarely get switched out and are only cleaned with water from a water bottle, after an agent used the same gloves to clean other parts of the plane (assuming they don't start with the galley or taking out the trash).
People like me help to define, build, test, and support important services you use. Explains a lot.
Haha, I love it.
I worked for an MSP doing IT for an assortment of companies. Most of the companies were in the medical or legal fields. Every single computer they sold to their clients, used the exact same bitlocker key when booting the computer. If you've worked for one of the companies we supported, you knew the bitlocker key for all of them. Iat been the exact same bitlocker key for at least 10 years. This MSP also regularly puts out social media posts and emails saying how security focused they are etc, etc.
i worked in a place where we put journal,magasin in leters and film. we got a DISGUSTING porn thing like... i dont even think it was legal (zoo ect) i personaly refuse to put that in envelope. and you know what? the most common adress we got? religious person. yup most recieve it was the one in church reading you the bibles...
Shit, piss or vomit has graced just about every surface at your public pool and the staff are constantly fighting a losing battle against it. Nothing is washed just power sprayed till it looks clean.
The chlorine smell at a public pool isn't because they have the chlorine concentrate wrong. Its because people are peeing in the pool and the smell is a product of the chemical reaction between chlorine and urine.
That's not true.
Actually... It is. Here's an article about it.
Public pools are fucking disgusting as are buffets
Gotta keep that immune system on its toes!
I worked for a very large insurance company until recently . IT is run like the Wild West. Contractors seem to do whatever they want.  after a merger several years ago, all the people who built the systems were driven out, leaving a bunch of low paid outsourced contractors to support everything. The entire IT infrastructure is a bad day from collapsing.
It was me, I did it, I put that cheeky note on the noticeboard. I told the boss I accepted responsibility because I was in charge on that shift, but in fact it was me all along. Sorry Derek. (Not sorry.)
One company I worked at had more full-time collections people than sales people. Our products were a lot cheaper than our competitors, and it attracted a lot of customers with no money.
Another company I worked at ignored all "first notice" bills they ran up. CFO told me that if a company wanted paid, they needed to send a second notice.
The dealership I worked for gave out loans they knew people couldn’t afford, ignored safety items, slapped inspection stickers that didn’t match vehicles to get them on the lot. Ran a lift that was jerry rigged because the wiring busted along with the hydraulic tank.
Employee bought a vehicle and his manager watched where he went on his lunch (via GPS installed by said company into sold vehicles). Funnily enough it was to an interview.
Oh another one. School bus company 1 is one of the largest in the US. In between runs a buddies transmission starts leaking on his bus. He calls the terminal on my phone to let them know.
“Keep driving keep it going, we are not sending out another bus to you.”
Transmission in a 45ft flat nose busts fully in the middle of one of the busiest intersections in the town. He calls over radio letting them know it busted as he told them.
“What do you mean this is first time I’m hearing about this”
Flat nose I drove kept writing up for not having heat and turning it into the people I was told. This went for an entire winter and I didn’t have heat until after the thaw and spring started. Mechanic never knew that bus had been being written up. They were hiding slips. Same bus, folding door let go and was flapping in the wind with a bus full of students. Over the radio they said to keep driving and refused to send a replacement.
The potato and gravy at KFC uses whatever crud fell to the bottom of the friers each day. Usually that was good chicken bits, but sometimes it could be whatever the staff were playing catch with for fun.
Oh and be nice to the people making your food. Trust me on that one.
Instagram allows employees to check on the accounts of the users and share that to other people. I didn't work there, but an employee told my girlfriend who I talked to before we were exclusive. I think that's total bullshit
My boss was high 99% of the time he was at work.
Or awake.
I worked for a domain registrar and hosting company. The margins on their products are massive!
We would charge €75 for a domain recovery, while it would just cost €2 something to actually do. And the process was fully automated.
Worked Customer Service for a well-known car company that also had it's own financial services dept with its own branded credit card. During training we were told that the card itself sucked and that smart/discerning customers would likely reject getting the card if they actually knew the details. Why should people get the card? Just based on the "prestige" of the brand, because they would see it as a status symbol. And they had a quota for us to sign people up for every month, which I consistently failed because literally the only time I could get anybody to sign up for the card was when they didn't care enough to know the details and just absent-mindedly said, "Yea sure, I'll do that."
I worked for a company that was also a small ISP. If the internet service for our clients went down we were not allowed to tell them the truth. We either had to blame the upstream provider, or act like we had just heard about it and were looking into it.
Certain search engine company was a badly managed, bureaucratic slog of an ads-driven soulless corporation for way longer than people think.
Some Verizon retailers are more or less based on what they sell you. Motorola pays the most while Samsung and Apple pay the least amount. Meaning there is incentive to sell you something over something else.
I was high the whole time, beginning to end.
Our SSL implementation never checks the certificates, largely defeating the purpose of SSL.
same at my old workplace. First line that executes in Main was to disable certificate validation on everything. But we could say we updated everything to the newest version of tls
I worked for a company that had an expensive San Jose lease during the .com bubble. When they decided they needed to get out of that lease, they folded the company - “fired” everyone, then re-hired everyone under an independent second company that was owned by the parent company. Sketchy, but not really surprising…
When they re-hired me, they didn’t have me sign any NDAs. All the old NDAs were with the company that folded, not the parent company. Some days I wish I had been unethical enough to sell off their source code to a competitor.
You would never buy a car if you were involved in making it. We have a vehicle that dumps all its coolant on the road as you drive your brand new car back from the dealership. Making cars is difficult.
There is an unreleased and un-leaked version of the 2012 ARGOS Christmas advert, not dissimilar to the infamous "rainbow for adults" sketch which leaked many years ago.
To watch it we had all our phones taken away from us, and there was a pretty thorough "OK you all saw it, funny hey, time to destroy the CD"
Nothing ever actually gets sanitized and we lots of "new products" are actually repackaged returns from other stores.
Ignoring all common sense approaches to staying competitive by using simple, textbook ideas of strategic management does negatively impact growth.
Imagine that!
We would "file it". As in file it under "fuck it it's fine".
Battersea Dogs Homes senior dog carers are employed based on their PR experience and not at all on their experience at looking after dogs
I was the web designer for a prominent business magazine, but after an economic turndown they wanted everyone in-house (in Georgia) and fired me.
They replaced me with the grandson of the magazine's founder.
I work in pest control and 99% of the shit we use. You can buy without having a license. The license just covers us to use the products on other people's houses responsibly. If you really want to do pest control, you only need a few chemicals and they are all easily obtainable on Amazon.
I worked for a government contractor that would have me log into to classified data to monitor uptime.
I was not cleared to view it nor did I have my own account so my manager had me log in with his credentials.
In the US where I'm located, that's a felony for the individuals and a massive fine for the company.
That wasn’t chicken…
I worked for a certain media company that sold hardware / software in cars with memberships (typically through a deal with the OEMs). For those customers that have the hardware-only experience, a set of testing IDs can be applied that effectively give free membership and can't really be revoked because of their wide-use in initial manufacturing provisioning. There have been multiple independent security reviews pointing this out, but not much can be done about it because of how the trial memberships are applied after manufacturing.
Alesis, creators of ADAT Type 2 digital audio tapes hired none other that James Doohan to promote it playing the “Famous Engineer” because they didn’t get the rights to anything Star Trek.
It was only played during trade shows, but someone I know got a copy.
https://youtu.be/oHB_Dyad4cg
Yes, in the mid 1990s, large banks in the USA were being electronically compromised so often that they wouldn’t investigate or pursue a loss if it was under $50k.
I know this thread is old but: so many HIPPA violations, oh my God. I am a pediatric therapists/child psych, and the clinic I used to work at constantly stored client data in the most insecure ways, and therapists and staff would discuss client names, diagnosis', address, EVERYTHING openly in the break room. I complained at one point, but it went nowhere. Turns out nobody cares, lol. They also frequently ignored the best interests of our clients to maximize profit from insurance (leaning towards fraud). I ultimately left the company when my boss blatantly violated the safety of one of my clients by refusing to send her home when she had a fever of 104 F. Sure, working with kids means everyone gets sick a lot, but when the child is THAT sick, they need to be in a hospital, not in a hot, cramped room with a therapist.
Nice try fbi
parting gifts weren't actually gifts. nice ladder I'm still using after ~20 years
Software dev here. I once quoted a single line change to my manager. And the client was billed for 3 weeks. I understand that there's a support structure involved. But 1 line to 3 weeks??!? Tech consultancy is a sham.
We didn't investigate an online theft from any bank account unless it was over US $100k.
Even without any details, I seriously got scared i'd be put in jail. My country isn't know for it's freedom.
Edit :meant to answer a comment but somehow screwed that up.
Every time we notified anyone about a potential illegal breach of gdpr that could get us fined or sued, admin pretended they had never been informed because the changes would take too long and collide with their plans to "revamp everything, reinvent the platform, and rebrand".
I should have whistleblown them myself if it were not for the fact that doing so would probably get some previous employees fired rather than hurt the company.
Mike from Tom's Landscaping smokes a bowl of reefer in his car at lunch break every day.
Sorry Mike someone had to say something.
I used to work at the CIA. We did 9/11