For the small niche that would find it comprehensible, that would be gold. Maybe it would work as a YouTube channel.
The trick is that software companies and their clients tend to be more publicity-averse than restaurants, and for Kitchen Nightmares they need to find ones that will straight-up agree to be made an ass of to get on TV.
It would be depressing. I ended up working somewhere we would regularly get called in to clean up messes and enterprise software is a disaster.
Huge application. Dominating it’s industry. It had only one user on a DBs with a password that hadn’t been changed in over a decade. Same user/pass for each DB as well. The DBs were all publicly accessible. The applications, clients, engineers, and everyone else used that singular user. Better yet, one DB even had a table for the locations of every server, what it did, and what credentials you needed to log into it. This app held insurance information, PHI, PII, payment information, etc. The “Founder” thought he was clever because he’d turned of all logging on the DB and was under the impression if he couldn’t detect a breach he didn’t have to report it. The DB engines were so unbelievably old “community” versions of DBs. The password was something along the lines of <company name>1998!
They had a load balancer that took traffic in on 443 and sent it to the server on 80, but since the servers only used 80 and no one explained networking to them, every internal request would be sent to the open internet on 80, hit another source, and then would make it’s way back to the load balancer and into the app. They were excited to show it to me and everything. Networking and Developers are like water and oil.
Yes that did get reported to governing bodies. They slapped he company on the wrist. No fine. I fixed it so it’s nearly bulletproof now. When I turned on logging I do want to note there were TONS of connections to Iran South America, China, India, Russia, etc.
But that’s A LOT of apps. We kept doing M&As and 3/4 apps that are being sold were the exact same. Hell, I’ve seen apps handling CUI store their data unencrypted on open servers. Reported as well, but nothing ever happens. We were told by one person that the laws and fines only exist to hit companies after there’s a breach AND a lawsuit from users. Before then there’s no victim and no crime.
Tldr; auditing software is a lot like what I imagine smoking crack is like.
Huge application. Dominating it’s industry. It had only one user on a DBs with a password that hadn’t been changed in over a decade. Same user/pass for each DB as well. The DBs were all publicly accessible. The applications, clients, engineers, and everyone else used that singular user.
At least one of those people seriously considered doing crime, right? It would be like shooting fish in a barrel and, with simple steps to hide your network origin, there would be no way of finding the culprit. With the kind of ransoms you could get from a company like that you could go and live happily ever after in Dubai.
Absolute madness.
Someone would have to look at and understand the existing code and infrastructure rather than just throwing it all away and writing a data migration. In other words, it would never happen.
It would have to be more like an unsolved mysteries show with a dramatic reenactment and a developer giving all the ugly details with a blacked out face and voice changer.
Op wrote software development, but the example is more infrastructure focused. Which is a lot easier to parse
And it will always end with a more modern and streamlined infrastructure that they never update again and then two years later there is an article that shows how they all went bankrupt.
Me and friends borked our school network by making it a doge coin miner in high school, the IT guy was not pleased.
I would watch this. Maybe something like “SRE Squad” with like a fire department type aesthetic and eagles and flags and butt rock theme song.
Silicon Valley
You fucking Donkey!
It’s called incident response
Cute silly furry
I would watch this. Especially if it was an angry Brit, rather than a dramatic American. And even more if it didn’t keep replaying the same 5 minutes of telly before and after each ad break. And even more if it didn’t have an ad break every 10 minutes that lasted 5 minutes.
right? I don’t watch TV because of all this crap. I don’t understand how some people have the patience, honestly.
Our public TV has no midroll ads, only between programs, and I’m so happy I can use a guide and usually find something to watch when eating and get no ads. But I’m also watching the endless reruns of a series I like, so that’s also not difficult to get.
Frog in pot is my guess. I haven’t watched ad supported television for like 20 years now and it is so jarring when I’m in someone’s house and an ad comes on.
Same with YouTube, honestly.
Yeah give me Ublock or give me death.
This gave me major Dragon Ball Z vibes. Find out on next weeks episode of Dragon Ball Z
I once watched bake off on ITV and I swear it was 10 minutes of ads to 3 minutes of show, 50min episode took like 2.5 hrs to watch, it was nuts.
Can we get Ludic to do this? Not a Brit, but he does have a way with words.
deleted by creator
Look at this ci deployment! THE TESTS ARE TURNED OFF. YOU’RE RAWDOGGING PRODUCTION.
Oh my days. Your AWS isn’t destroying old deployments, no wonder you’re indebt, you have seven times more compute than NASA FOR FUCKS SAKE.
I wouldn’t deploy this for my fucking dog, roll it back now!
TBF if I was writing for my dog I’d pull out all the stops. Only the best for such a good boy! He would eat almost anything, though.
“And the big surprise, is that the fucking image uploads are being stored in fucking RAW!”
Isn’t that probably a feature, which would then also be advertised to the end user? Maybe for photo-artists and such
lol yes, however I’m purely combining
https://www.youtube.com/watch?v=JsBRTEm6HlI
with RAW being an image format. of course it would make sense on a paid image storage service. I’m sorry you felt the whoosh
Senior developer: “not my coin miner!! … i mean, how’d that get there?”
You joke, but I’ve actually been responsible for a coder getting shown the door for running a coin miner on his work laptop.
In his defense, cyber security at that company was crap for a long time. After a ransomware outbreak, they started paying attention and brought some folks like myself in to start digging out. This guy missed the easy out of, “hey that’s not mine!” The logs we had were spotty enough that we would have just nuked the laptop and moved on. But no, he had to fight us and insist that he should be allowed to run a coin miner on his work laptop. Management was not amused.
Am I just stupid or does that seem like an extreme reaction?
Apart from the ~0% profitability these days, what’s the issue with running a coin miner?The first issue with running a coin miner is using company resources for your own profit. Your own system, using your own electricity, go for it. Running it on a company owned laptop, while at a company building, burning electricity the company is paying for. Ya, that starts to get uncomfortably close to fraud or theft. There is also that whole, “running unauthorized software on a company system, doing who knows what else in the background.” There is a very real possibility that the coin miner has unknown vulnerabilities which could allow remote code execution; or, just outright be malicious and contain a remote access trojan. Maybe he was smart enough to audit all the code it was using and be very sure that’s not the case. More likely, he just grabbed a random implementation of XMRIG, put his wallet in the config file and ran it. Either way, he also made a point of refusing to remove it, so we escalated up to management. With the recent ransomware outbreak having been in the multi-million dollar (possibly low tens of millions) damage range, refusing to remove unauthorized software went over about as well as a lead balloon. There may have been other factors at play; but, the unauthorized software and being a dick about removing it was what got him out the door.
Analogous to someone using the company car to make some extra money as a uber/lift driver. Do you still not see the problem?
Kinda, but not as a firable offense.
Using the company car for uber would raise the odometer, wear the tyres, use fuel, risk crashing, etc…As long as things are within thermal limits, it won’t risk damaging the device.
I guess it could make the battery degrade quicker, but it seems so insignificant in comparison.
Besides the general security risk of they run trojaned clients, if they run it in the office they’re spending the company’s electricity
