Experience can be SO meaningless



  • My previous contract is going to be transitioning from a full time one to a part time/intermittent one in a few weeks. Once the code's finished they'll just want occasional tweaks and additions. So I've been looking for more contracts, since a 10 hour a month contract doesn't typically pay enough for a mortgage payment.

    One of my previous clients has found me a potential new client who would want a few months from me, to integrate several disparate systems. Simply put, they're tired of the current workflow, which involves printing things out and physically carrying them to the desk of someone who does nothing but data entry, and many people who do nothing but scan one system for recent changes, so they can print out the web screen they get, bringing it to someone else who will do data entry...

    In short? Seven custom systems. With absolutely zero integration. Each was built to handle a different product, originally, but every time a new product came into existence a new system was created. This is a major problem for customers who buy more than one product, especially since the billing system isn't integrated with any of the other systems: the billing system is a standalone pin pad they manually enter card numbers into for monthly billing.

    Ideally they should have one custom system but they don't want to pay for that so they want me to write "glue" between multiple systems, such that if you buy one product you get registered as inactive in the others, and they want an automatic billing system, etc. So I'm to write connection code, basically. Since I get to deal with 7 completely different things written by 7 different contractors, some teams, some individuals... I decide that before I can even give them an estimate we have to have a nice long chat in IRC or similar, so we can figure out what types of interchange are a good idea, what projects could handle what, which I can dig into myself, which I have to have others alter if needed, and so on.

    These people are all angry that, because of their 10 months of politicking and finger-pointing and so on trying to get the integration (heh) contract for themselves, the company went elsewhere. So they're all being uncooperative. But there's one point in particular that they're mostly in agreement on: I tell them to talk amongst themselves about how to transmit subscription data while I head away from the keyboard to get dinner. When I come back, I discover that there is a point of disagreement: All six programmers using Windows for their projects are voting one way, the Linux guy is voting the other way. He insists they should defer to him because he's written billing systems for more than 50 companies. I scroll up past a few screenfuls of swearing in all directions to see what the actual dispute is.

    The Linux programmer had said, and I quote...

    "There is no reason, under any circumstances, to encrypt credit card numbers in transit on the Internet."

    I must admit I'm curious if anyone wants to propose a response. They think I'm still eating. I'm not sure how to answer this one... Or whether to just give the chat log to the company.



  • Re: Sometimes, the Windows guys are the smart ones

    I ended up replying that encryption will be used, period, as it's required by the company's merchant bank. His immediate response was that they obviously suck but "you can't fight city hall" and so on and so on. I'm still boggled that anyone who can code can be that stupid about security 101.



  • Re: Sometimes, the Windows guys are the smart ones

    While it is true that the vast majority of credit card numbers are compromised from merchant servers that store the numbers in cleartext, it is still a very bad idea to send the numbers in the clear over the Internet.  After all, you never know who is listening.



  • Re: Sometimes, the Windows guys are the smart ones

    @Wolftaur said:

    The Linux programmer had said, and I quote...

    "There is no reason, under any circumstances, to encrypt credit card numbers in transit on the Internet."

    I realize that time's up, but....

    • I'd be liable for data breeches if I implemented this without encryption - so not only are we going to be doing encryption, we're doing strong encryption.
    • There's apparently over 50 companies on the Internet who could probably each sue you for your entire net worth.

    I could come up with more, but it's late, and the wife wants me in bed.



  • @communist_goatboy said:

    While it is true that the vast majority of credit card numbers are compromised from merchant servers that store the numbers in cleartext, it is still a very bad idea to send the numbers in the clear over the Internet.  After all, you never know who is listening.

    Especially when it's a known fact to everyone on this team that there are at least 1,000 hosting clients on the same colocation LAN as one of the servers this guy proposes should be broadcasting credit card numbers in the clear...



  • Re: Sometimes, the Windows guys are the smart ones

    I think the #1 reason to encrypt credit-card numbers transmitted over the Internet is that it's a requirement of the Payment Card Industry consortium.  You lose your license to accept Visa, MasterCard, etc., if you don't have that info encrypted.

    It's the little things, innit?



  • @mrprogguy said:

    I think the #1 reason to encrypt credit-card numbers transmitted over the Internet is that it's a requirement of the Payment Card Industry consortium.  You lose your license to accept Visa, MasterCard, etc., if you don't have that info encrypted.

    It's the little things, innit?

    He actually ended up being even more idiotic than that...

    The company's never going to use him again: the server hasn't had security patches applied in over a year (fixed by me the moment I found that out), and... Well, here's the quote:

    Security patches for Linux don't fix holes because Linux doesn't have holes. They just release patches because Microsoft does and they don't want Linux to look inferior to Windows.

    The supervisor we talk to at the client was forwarded that comment almost immediately. And while he's no master engineer, he can write a little C and Perl, understands the basics of SQL, etc... he has enough knowledge to jaw-drop at that line as much as I did. The biggest security hole the company ever had -- this one programmer -- is out the door permanently as soon as I verify the code he turned over is actually complete and isn't missing pieces for future leverage.



  • Re: Sometimes, the Windows guys are the smart ones

    Nice flamebait title.  Please go back to Slashdot if you're going to spout such silliness. 



  • @morbiuswilters said:

    Nice flamebait title.  Please go back to Slashdot if you're going to spout such silliness. 

    A very valid point... "Experience can be SO meaningless" would have been a better choice on my part. I apologize to all offended.

    (Any moderator seeing this who would be willing to edit the title is, in my opinion, more than welcome to.)



  • @Wolftaur said:

    @morbiuswilters said:

    Nice flamebait title.  Please go back to Slashdot if you're going to spout such silliness. 

    A very valid point... "Experience can be SO meaningless" would have been a better choice on my part. I apologize to all offended.

    (Any moderator seeing this who would be willing to edit the title is, in my opinion, more than welcome to.)

    Classy.  I like the cut of your jib.  I don't mean to come off as a jerk or indicate anyone isn't welcome, but I really just get tired of the MS-bashing prevalent all over the Internet and TDWTF is one of the only places I know of which has avoided being overrun by it.  Thanks for not being a jerk about it or anything.  Oh, and welcome.



  • Re: Sometimes, the Windows guys are the smart ones

     VWJqIHBiaHlxIGd1bmcgdGhsIG9yIGZiIGZnaGN2cS4gViBueWpubGYgcmFwZWxjZyByaXJlbCBmdmF0eXIgb3ZnIFZcJ3ogZnJhcXZhdCBiaXJlIGd1ciB2YWdyZWFyZy4gR2p2cHIu



  • @morbiuswilters said:

    Classy.  I like the cut of your jib.  I don't mean to come off as a jerk or indicate anyone isn't welcome, but I really just get tired of the MS-bashing prevalent all over the Internet and TDWTF is one of the only places I know of which has avoided being overrun by it.  Thanks for not being a jerk about it or anything.  Oh, and welcome.

    We all have our favorite environments. But our employers don't always pick our favorite environments. And while I can poke at dumb things in Windows, I can do that with so many others... Linux, IRIX, Solaris, AIX, MacOS X, MacOS, AmigaOS, TOS, VMS, RSX-11 (the whole series of them), RT-11, RSTS/E, TOPS-10, MUMPS ... I'll poke fun at a stupidity in any code, operating system, or product, whether I like it or not. Screwups are screwups. :)

    And to be blunt, one of the reasons I actually joined this forum is because it seems to be equal-opportunity laughing at idiocy, not just laughing at Microsoft. I mean... I love Linux, but. It's got plenty of its own WTFs... and plenty of really, really stupid advocates, as the guy my OP was about proves.



  • @dtech said:

    VWJqIHBiaHlxIGd1bmcgdGhsIG9yIGZiIGZnaGN2cS4gViBueWpubGYgcmFwZWxjZyByaXJlbCBmdmF0eXIgb3ZnIFZcJ3ogZnJhcXZhdCBiaXJlIGd1ciB2YWdyZWFyZy4gR2p2cHIu

    He's speaking in tongues!

     

    BURN THE WITCH!!!  BURN HIM!!



  • @morbiuswilters said:

    @dtech said:

    VWJqIHBiaHlxIGd1bmcgdGhsIG9yIGZiIGZnaGN2cS4gViBueWpubGYgcmFwZWxjZyByaXJlbCBmdmF0eXIgb3ZnIFZcJ3ogZnJhcXZhdCBiaXJlIGd1ciB2YWdyZWFyZy4gR2p2cHIu

    He's speaking in tongues!

     

    BURN THE WITCH!!!  BURN HIM!!

    Pfft. That's not speaking in tongues. That's speaking in base 72.



  • @Wolftaur said:

    @morbiuswilters said:

    @dtech said:

    VWJqIHBiaHlxIGd1bmcgdGhsIG9yIGZiIGZnaGN2cS4gViBueWpubGYgcmFwZWxjZyByaXJlbCBmdmF0eXIgb3ZnIFZcJ3ogZnJhcXZhdCBiaXJlIGd1ciB2YWdyZWFyZy4gR2p2cHIu

    He's speaking in tongues!

     

    BURN THE WITCH!!!  BURN HIM!!

    Pfft. That's not speaking in tongues. That's speaking in base 72.

     

    Burn him regardless.



  • @Soviut said:

    @Wolftaur said:

    @morbiuswilters said:

    @dtech said:

    VWJqIHBiaHlxIGd1bmcgdGhsIG9yIGZiIGZnaGN2cS4gViBueWpubGYgcmFwZWxjZyByaXJlbCBmdmF0eXIgb3ZnIFZcJ3ogZnJhcXZhdCBiaXJlIGd1ciB2YWdyZWFyZy4gR2p2cHIu

    He's speaking in tongues!

     

    BURN THE WITCH!!!  BURN HIM!!

    Pfft. That's not speaking in tongues. That's speaking in base 72.

     

    Burn him regardless.

    He tured me into a newt!



  • @tgape said:

    it's late, and the wife wants me in bed.

    Plz send teh codez



  • @fyjham said:

    He tured me into a newt!

    gives a long, hard look A newt, you say?



  • @Wolftaur said:

    *gives a long, hard look* A newt, you say?
     

    I got better...



  • @fyjham said:

    @Wolftaur said:

    gives a long, hard look A newt, you say?
     

    I got better...


    Hey, you're not supposed to get better. Just your code is. :)



  • @dtech said:

     VWJqIHBiaHlxIGd1bmcgdGhsIG9yIGZiIGZnaGN2cS4gViBueWpubGYgcmFwZWxjZyByaXJlbCBmdmF0eXIgb3ZnIFZcJ3ogZnJhcXZhdCBiaXJlIGd1ciB2YWdyZWFyZy4gR2p2cHIu

     

    Bah, base64 and rot13, i could do that in my head.

    I usually do double-base64 and tripple-rot13 just to be extra safe.



  •  @mrprogguy said:

    I think the #1 reason to encrypt credit-card numbers transmitted over the Internet is that it's a requirement of the Payment Card Industry consortium.  You lose your license to accept Visa, MasterCard, etc., if you don't have that info encrypted.

    It's the little things, innit?

    In any case ask that linux guy about his ip address and a guest ssh password and check out his unencrypted password files, then fuck with him for a while, he'll figure it out eventually and solicit you to start putting 128 bit encryption keys on everything in the system :) For added bonus make sure you do this from windows using nothing but microsoft tools and tell him 'r0x0red by m1cr0$0ft!'



  • Hi -- the title of the original post has been changed, as requested.



  • Re: Experience can be SO meaningless

    @Jeff S said:

    Hi -- the title of the original post has been changed, as requested.

    Thanks!



  • Re: Experience can be SO meaningless

    @bohica61 said:

    @tgape said:

    it's late, and the wife wants me in bed.

    Plz send teh codez

    That's proprietary information.

    However, I have gotten approval to release this much:

    if (wife wants me in bed) {
       alarm(10);
       finish post(); /* This routine returns if it receives a SIGALRM */
       alarm(0);
       go to bed();
    }


  • @astonerbum said:

    In any case ask that linux guy about his ip address and a guest ssh password and check out his unencrypted password files, then fuck with him for a while, he'll figure it out eventually and solicit you to start putting 128 bit encryption keys on everything in the system :) For added bonus make sure you do this from windows using nothing but microsoft tools and tell him 'r0x0red by m1cr0$0ft!'
    I don't think he'd have SSH because the S stands for Secure. RSH or Telnet would be fine.



  • @astonerbum said:

    In any case ask that linux guy about his ip address and a guest ssh password and check out his unencrypted password files, then fuck with him for a while, he'll figure it out eventually and solicit you to start putting 128 bit encryption keys on everything in the system :) For added bonus make sure you do this from windows using nothing but microsoft tools and tell him 'r0x0red by m1cr0$0ft!'
    I don't think that he'd have Secure SHell running; it has encryption. RSH or Telnet might work though.



  • @TwelveBaud said:

    @astonerbum said:

    In any case ask that linux guy about his ip address and a guest ssh password and check out his unencrypted password files, then fuck with him for a while, he'll figure it out eventually and solicit you to start putting 128 bit encryption keys on everything in the system :) For added bonus make sure you do this from windows using nothing but microsoft tools and tell him 'r0x0red by m1cr0$0ft!'
    I don't think that he'd have Secure SHell running; it has encryption. RSH or Telnet might work though.

    Yea I am sorry I forgot that SSH is secure, how stupid of me to think someone would use such a waste of computer clock cycles. You have to pay per clock cycle you know...


Log in to reply