Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
For the small niche that would find it comprehensible, that would be gold. Maybe it would work as a YouTube channel.
The trick is that software companies and their clients tend to be more publicity-averse than restaurants, and for Kitchen Nightmares they need to find ones that will straight-up agree to be made an ass of to get on TV.
It would be depressing. I ended up working somewhere we would regularly get called in to clean up messes and enterprise software is a disaster.
Huge application. Dominating it's industry. It had only one user on a DBs with a password that hadn't been changed in over a decade. Same user/pass for each DB as well. The DBs were all publicly accessible. The applications, clients, engineers, and everyone else used that singular user. Better yet, one DB even had a table for the locations of every server, what it did, and what credentials you needed to log into it. This app held insurance information, PHI, PII, payment information, etc. The "Founder" thought he was clever because he'd turned of all logging on the DB and was under the impression if he couldn't detect a breach he didn't have to report it. The DB engines were so unbelievably old "community" versions of DBs. The password was something along the lines of 1998!
They had a load balancer that took traffic in on 443 and sent it to the server on 80, but since the servers only used 80 and no one explained networking to them, every internal request would be sent to the open internet on 80, hit another source, and then would make it's way back to the load balancer and into the app. They were excited to show it to me and everything. Networking and Developers are like water and oil.
Yes that did get reported to governing bodies. They slapped he company on the wrist. No fine. I fixed it so it's nearly bulletproof now. When I turned on logging I do want to note there were TONS of connections to Iran South America, China, India, Russia, etc.
But that's A LOT of apps. We kept doing M&As and 3/4 apps that are being sold were the exact same. Hell, I've seen apps handling CUI store their data unencrypted on open servers. Reported as well, but nothing ever happens. We were told by one person that the laws and fines only exist to hit companies after there's a breach AND a lawsuit from users. Before then there's no victim and no crime.
Tldr; auditing software is a lot like what I imagine smoking crack is like.
Huge application. Dominating it’s industry. It had only one user on a DBs with a password that hadn’t been changed in over a decade. Same user/pass for each DB as well. The DBs were all publicly accessible. The applications, clients, engineers, and everyone else used that singular user.
At least one of those people seriously considered doing crime, right? It would be like shooting fish in a barrel and, with simple steps to hide your network origin, there would be no way of finding the culprit. With the kind of ransoms you could get from a company like that you could go and live happily ever after in Dubai.
Absolute madness.
Someone would have to look at and understand the existing code and infrastructure rather than just throwing it all away and writing a data migration. In other words, it would never happen.
It would have to be more like an unsolved mysteries show with a dramatic reenactment and a developer giving all the ugly details with a blacked out face and voice changer.
Op wrote software development, but the example is more infrastructure focused. Which is a lot easier to parse
I would watch this. Maybe something like "SRE Squad" with like a fire department type aesthetic and eagles and flags and butt rock theme song.
Me and friends borked our school network by making it a doge coin miner in high school, the IT guy was not pleased.
Silicon Valley
And it will always end with a more modern and streamlined infrastructure that they never update again and then two years later there is an article that shows how they all went bankrupt.
This was my entire 25-year career. No way in hell would I want to watch a show like that.
Although if there were a show based on my career, I'm sure the highest ratings would be the show where my coworker fires a 125 mph knuckle ball a foot above a 10-year-old kid's head. It was the only time in my career when I had to physically intervene to prevent a fistfight between my boss and the client.
Please elaborate on this knuckle ball story. I am confusion.
We got hired by a company that was developing a remote-controlled baseball launching machine. The machine itself was just the standard two spinning wheels (although the max rotational speed of 125 mph was a lot for this sort of thing), but it could also pivot 360 degrees and also angle itself between straight up and 45 degrees down towards the ground, so it was capable of simulating any hit ball in baseball. The idea was that you would put this machine at home plate and then the coach could walk out among the players and use the remote (which was a Windows Mobile PDA) to generate any kind of hit, like a grounder to short or a pop fly to right field etc. Because the wheels could be independently controlled, you could put any kind of spin you wanted on a ball by having one wheel spinning faster than the other.
Really a cool device and a cool project, but my coworker who got the gig was a remarkably terrible programmer who spent more than a year fucking things up in various ways. At one point, for example, he spent three months trying to develop a Physics engine to control where the ball went, despite the fact that a) he knew nothing about Physics, and b) the Physics of a spinning baseball is actually incredibly complicated and well beyond the processing power of a PDA circa 2005. Not to mention that the balls used varied tremendously in how old and scuffed up they were, which would have defeated any attempt to calculate where they were going with any kind of real precision.
Despite being well over budget and past the original schedule, he had things sort of working (sometimes) and the client asked him to produce a variant of the software that would let the machine be used by Little League coaches. My coworker in addition to writing the version to scale back the speeds appropriately, also decided to completely change the API that was used to communicate with the machine. Previously, the speeds had been specified by short integer values between 0 and 32768, but he decided it would be better to use floating-point values between 0 and 1. All well and good, except his way of dealing with the huge amount of compiler errors this generated was to cast all the hard-coded short int values as floats and clamp the result between 0.0 and 1.0.
As bad as this was, he also decided to test this version - for the first time - on a field with actual Little Leaguers (in his defense - but only slightly - we rarely had access to the actual machine itself, so proper testing was always difficult). The coach sent the command for a slow grounder to the shortstop. This should have produced a horizontal ball with about a 30 mph speed on the bottom wheel and 35 mph on the top wheel to give it some topspin. Instead, his hard-code int values were about 10000 and 12000, which got cast and clamped to 1.0 by the API call - in other words, maximum speed (125 mph) on both wheels. This ejected a ball with no spin going 125 mph, the most deadly knuckleball in human history (human pitchers throw knucklers at maybe 50 mph and they're nearly impossible to hit or even catch). At least he had the angle and azimuth "right" so this was fired straight at the shortstop! Had it hit him, the kid for sure would have badly concussed and very possibly killed, but fortunately it sailed just over his head.
This is one of those moments I'm depressed I'm poor and this guy probably wasn't. Just, how do you fuck up that bad?
He knew the secrets: blame your tools and be the same religion as your bosses. He was also, to his credit, a fantastic softball player, which helped the company team win the championship every year.
That's testing in production, with live ammo. Glad it didn't maim anyone.
The fuck??? That's a horrible co-worker…
And this wasn't even his biggest disaster as long as you don't count the potential for death. The baseball-throwing gig was just him and his manager; for his next project he led a team of five developers that turned three months into three years and never produced working software. The only revenue it ever produced was an initial $50K from the client that was later refunded to preempt a lawsuit. For the project he chose Ruby-on-Rails despite the fact that neither he nor anybody else on the team - nor anybody else in the entire state for that matter - had any experience with RoR. I have to give him credit, though: he was a true Renaissance Man in the sense that he could fuck up a project in any language or platform.
Now, I don't have to be embarrased at the hobby project forks I make. Thanks!
Wow thank you for sharing. Very interesting story.
These images are RAW! YOU, DONKEY! Here, take your blob, and gtfo. GO! OUT!!!!!
You fucking Donkey!
It surprises me that there aren't more shows like that, just some random dude bursting through your job calling you all twats and pointing out where you failed, then helping you fix it.
I want carwash nightmares or retail nightmares shows.
Startup nightmares would either be cathartic or give me ptsd flashbacks.
I would watch this. Especially if it was an angry Brit, rather than a dramatic American. And even more if it didn't keep replaying the same 5 minutes of telly before and after each ad break. And even more if it didn't have an ad break every 10 minutes that lasted 5 minutes.
right? I don't watch TV because of all this crap. I don't understand how some people have the patience, honestly.
Our public TV has no midroll ads, only between programs, and I'm so happy I can use a guide and usually find something to watch when eating and get no ads. But I'm also watching the endless reruns of a series I like, so that's also not difficult to get.
It's called incident response
Still have a copy of Ubu 8.04 on CD somewhere. Not sure if it still works though.
Good times.
I wonder if there is a forgotten torrent of the ISO somewhere floating around with users still seeding it
Nah, not forgotten at all. Here you have: https://old-releases.ubuntu.com/releases/8.04.0/
And they are all alive :)
I would watch the absolute fuck out of this to the point that my family would be so fucking sick of it.
I would watch this.
I wouldn't deploy this for my fucking dog, roll it back now!
TBF if I was writing for my dog I'd pull out all the stops. Only the best for such a good boy! He would eat almost anything, though.
“And the big surprise, is that the fucking image uploads are being stored in fucking RAW!”
Yes, but consider that the abbreviations alone would make the show unwatchable. "Hold on, babe, what's a SaaS?"
Look at this ci deployment! THE TESTS ARE TURNED OFF. YOU'RE RAWDOGGING PRODUCTION.
Oh my days. Your AWS isn't destroying old deployments, no wonder you're indebt, you have seven times more compute than NASA FOR FUCKS SAKE.
Just talked to a woman from a company in the same holding as mine. They still run their computers on windows xp. They're in health care and deal with sensitive, confidential patient data.
I used to work in healthcare IT until around 2008ish. Various clinics had things running on 3.11, 95, 98, etc.
For the 3.11 case, it was only controlling the door card/lock system IIRC and was not otherwise on the network, but some of the others, less so. We didn't have direct control over the sites' decisions and couldn't really enforce anything so us removing them was not possible. We did everything we could to convince the site mgmt, of course.
This week I heard from a network group lead of a university hospital, that they have a similar issue. Some medical devices that come with control computers can't be upgraded, because they were only certified for medical use with the specific software they came with.
They just isolate those devices as much as possible on the network, not much else to do, when there is no official support and recertification for upgrading. And of course nobody wants to spend half a million on a new imaging device when the old one is still fine except for the OS of the control computer.
Sounds like a shitty place to be, I pity those guys.
That said, if you were talking about normal client computers then it's inexcusable.
It baffles me that medical device manufacturers use windows for fucking anything. You'd think just the licensing cost would push them away, but it being hot garbage for embedded software should have been enough. It's amazing any medical device certification process would allow them to use it at all, with the notorious unreliability and not giving a shit what you think about updates. People could die because of a fucking windows update at the wrong time.