Outsourcing deconstruction
-
As part of my job, I occasionally have to rebuild websites built by others for porting to a new platform. At present, this is taking sites off Windows (ASP of various flavors and/or ColdFusion) and porting to LAMP.
A new client had a site which had been built at GREAT expense by an offshore contracting agency (I won't name names, but it's in a city whose name sounds somehwat similar to 'bangs a lot of doors'). The site has a form which could upload files to the server for later retrieval/processing by the site owners. As coded, the upload directory is within the wwwroot on the windows box, meaning anything uploaded is immediately retrievable via a normal URL. Thankfully, the upload directory is not browseable, and not linked to anywhere on the site, so it's secure-by-obscurity. However, anyone knowing how the upload script works (ie: these developers) could upload arbitrary .cfm/.asp pages to the server, and execute them (yes, the upload direct has script-execute permissions). Also, ColdFusion (which was handling the uploads) was set to overwrite in case of a filename conflict - files were stored with their original names as uploaded. There was no collision handling.
How can I prove that the site was built by this offshore agency?
--- they left their testing files within the upload directory ---
Essentially anything the developer(s) had available to upload to see if the receiving script worked, was uploaded. I've found a .JPG of the agency's office, a .JPG of what is presumably the development team, a .JPG of what could be one of the developer's children (a rather cute ~6month-old baby), and... best of all... some of the developer's resumes.
I'd like to share some of the choicer parts. Please note I'm not revealing the author's name, let's just call him Mr. X.
(all typos and bold-facing are verbatim from the resume, and yes, he refers to himself as Mr. X throughout)
Choice quote #1: "Mr. X has around 7 years of experience in .... hard disk partitioning, hard disk formatting ..."
Choice quote #2: "Mr. X has very good experience in File Handling, regular expressions, Files concepts... & good knowledge of OOPS"
Choice quote #3: "Hardware: INTEL PANTIUM IV"
Choice quote #4 (while describing a project he'd worked on): "One of the remarkable features of this site is the administration controls. All the administration functions are controlled by CGI scripts thus leaving no chance of any human error."
Choice WTF #1: There are multiple resumes from some of the developers in this upload directory. Some of these individuals worked on the same projects (no surprise, it seems to be a small shop). What's striking is that of the projects these people have in common, their experience/description blurbs are identical across all the resumes sharing that project. Copying/plagiarism is the quickest form of advancement, I suppose.
-
1. Collect underpants
2. [quote user="MarcB"]Choice quote #3: "Hardware: INTEL PANTIUM IV"[/quote]
3. Profit!
-
[quote user="MarcB"]
"Mr. X has around 7 years of experience in .... hard disk partitioning, hard disk formatting ..."
[/quote]
Some of the folks who come out of our colleges (I suppose I belong to the same brow-beaten region as the developers in question) would never have formatted a disk in their life.
Some of them cannot even install Windows on their own, forget partitioning disks.
So, there are these folks, like in this story, who consider formatting and partitioning as a skill. Like sharpening knives and lighting fires.
But 7 years of that ? WTF ?
-
[quote user="MarcB"]
A new client had a site which had been built at GREAT expense by an offshore contracting agency (I won't name names, but it's in a city whose name sounds somehwat similar to 'bangs a lot of doors').
[/quote]
Lets see... "Hangs a lot of whores"
"Fangs the pot of drawers."
"Mangy Commodores"
This must be one hell of an oddly named town...
-
[quote user="shadowman"]
[quote user="MarcB"]
A new client had a site which had been built at GREAT expense by an offshore contracting agency (I won't name names, but it's in a city whose name sounds somehwat similar to 'bangs a lot of doors').
[/quote]
Lets see... "Hangs a lot of whores"
"Fangs the pot of drawers."
"Mangy Commodores"
This must be one hell of an oddly named town...
[/quote]
"Hang a door" probably would have been a better choice on the original poster's part.
'cause I'm pretty I've never heard of "bangalottuvlore"
-
[quote user="merreborn"][quote user="shadowman"]
[quote user="MarcB"]
A new client had a site which had been built at GREAT expense by an offshore contracting agency (I won't name names, but it's in a city whose name sounds somehwat similar to 'bangs a lot of doors').
[/quote]
Lets see... "Hangs a lot of whores"
"Fangs the pot of drawers."
"Mangy Commodores"
This must be one hell of an oddly named town...
[/quote]
"Hang a door" probably would have been a better choice on the original poster's part.
'cause I'm pretty I've never heard of "bangalottuvlore"
[/quote]
Shit!! They're across the street. Names please. Got to add this to my blacklist.
-
I love how they have 7 years of experience in formatting hard drives, and they know OOPS...
I almost always say OOPS after formatting my hard drive. There's always some file I forgot to make a backup of.
-
Reading this has made me OOPS in my PANTIUM.
I don't supposed you could do a find and replace and post some more from the resumes please? I need to update mine and I'm looking for inspiration.
-
"Reading this has made me OOPS in my PANTIUM"
Ha! Funniest quote ever.
-
[quote user="Some Idiot"]
Reading this has made me OOPS in my PANTIUM.
[/quote]
Ha! Funniest quote ever.
-
A lot of sidebar WTF's are poor but this one has me in stitches...great post
-
this is just to funny...
