I worked as a pastor and professor for a global, evangelical television ministry/college. They knowingly conceal scholarship on the Bible and punish their pastors for asking any questions that undermine their most closely held traditions (including anti-evolution, mental illness is supernatural, etc.). They tell their US viewers that they can’t call themselves Christians if they don’t vote Republican, while still enjoying tax-exempt status. They use pseudohistorians to inspire Christian Nationalism over their network, and are one of the largest propaganda networks for the Religious Right. A U.S. Capitol police commander told me his men were fighting people who were wearing the network’s brand.
Sounds like you escaped a violent theocratic cult.
The company would bid on government contracts, knowing full well they promised features that didn’t exists and never would, but calculating that the fine for not meeting the specs was lower than the benefit of the contract and getting the buyers locked into our system. I raised this to my boss, nothing changed and I quit shortly after.
I’ve worked in IT consulting for over 10 years and have never once lied about the capabilities of a product. I have said, it doesn’t do that natively, but if that’s a requirement we can scope how much it would take to make it happen. Sadly my company is very much the exception.
The worst I saw was years ago I was working on an infrastructure upgrade of a Hyper-V environment. The client purchased a backup solution I wasn’t familiar with but said it supported Hyper-V. It turns out their Hyper-V support was in “beta”. It wasn’t in beta. They were literally using this client as a development environment. It was a freaking joke. At one point I had to get on the phone with one of their developers and explain how high-availability and fail-over worked.
I could very well have been that developer. Usual story, sales promised the world, that our vmware-based system would run on anything and everything, and of course it’s all HA and load balanced, smash cut to me on Monday morning trying to figure out how to make it do that before it goes live on Wednesday.
The programming team that is working hard on your project is just one dude and he smells funny. The programming team you’ve met in your introductory meeting are just the two unpaid interns that will be fired or will quit within the next two months and don’t know what’s happening. We don’t do agile despite advertising it. Also your project being a priority means it’ll be slapped together from start to finish 24 hours prior to the deadline. Oh and there will be extra charges to fix anything that doesn’t work as it should.
Our business-critical internal software suite was written in Pascal as a temporary solution and has been unmaintained for almost 20 years. It transmits cleartext usernames and passwords as the URI components of GET requests. They also use a single decade-old Excel file to store vital statistics. A key part of the workflow involves an Excel file with a macro that processes an HTML document from the clipboard.
I offered them a better solution, which was rejected because the downtime and the minimal training would be more costly than working around the current issues.
The library I worked for as a teen used to process off-site reservations by writing them to a text file, which was automatically e-faxed to all locations every odd day.
If you worked at not-the-main-location, you couldn’t do an off-site reservation, so on even days, you would print your list and fax it to the main site, who would re-enter it into the system.
This was 2005. And yes, it broke every month with an odd number of days.
downtime
minimal retraining
I feel your pain. Many good ideas that cause this are rejected. I have had ideas requiring one big downtime chunk rejected even though it reduces short but constant downtimes and mathematically the fix will pay for itself in a month easily.
Then the minimal retraining is frustrating when work environments and coworkers still pretend computers are some crazy device they’ve never seen before.
I worked for lumber liquidators, and their point of sale software seemed to be surplus navy because if you dug deep enough you could order nuclear sub parts.
I work in IT. Most systems have laughable security. Passwords are often saved in plain text in scripts or config files. I went to a site to help out a very large provincial governmental organization move some data out of one system and into another. They sat me down with a loaner laptop and the guy logged me into his user account on the server. When I asked for escalated privileges, he told me he’d go get someone who knew the service account passwords.
After a few minutes, I started poking around on my own… And had administrative access within an hour. I could read the database (raw data), access documents, start and stop the software, plus, figured out how to get into the upstream system that fed data to this server… I was working on figuring out the software’s admin password when the guy came back. I’m sure that given some more time, I could have rooted the box because the OS hadn’t been updated in years.
I work as a pentester and Red Teamer, I can attest that even for some large companies, you always stumble upon something that’s just dumb, and completely renders their multi-million investment they are probably making into security tools and solutions worthless.
the guy logged me into his user account
It’s pretty common to have this as the only barrier. If someone got into my work PC they could easily take down a lot of critical infrastructure, if they knew where to look.
Terrible, but common.
Having worked network support, the number of times I’ve been on a screen share with someone who opens an excel sheet from the share drive that holds all the root passwords for every network device they own is high. A bad actor could take down some very large companies with some simple social engineering skills.
Over a decade ago I worked as a freelancer for an Investment Bank (the largest one that went bankrupt in the 2008 Crash, which was a few years later) were the head of the Proprietary Trading Desk (the team of Traders who invest for the profit of the bank) asked me if I could change the software so that they could see the investments of the Client Trading Desk (who invest for clients with client money) was making, with the assent of the latter team.
Now if the guys investing money for the bank know what they guys investing customer money are doing they can do things like Front-Run the customer trades (or serve them at exactly the right price to barelly beat the competiotion) thus making more profits for the bank and hence get bigger bonuses. This is why Financial regulations say that there is supposed to be so-called Chinese Walls between the proprietary trading and the customer trading activities: they’re supposed to be segregated and not visible to each other.
Note that the heads of both teams were mates and already regularly had chats, so they might already have been exchanging this info informally.
I was quite fresh in there (less than 1 year) and the software system I worked in at the time was used by both teams, but when I started looking into it I saw that the separation was very explicitly coded in software and that got me thinking about what I had learned from the mandatory compliance training I had done when I first joined (so, yeah, that stuff is not totally useless!!!)
So I asked for written confirmation from the heads of both teams, and just got some vague response e-mails, no clear “do such and such”.
So I played the fool and took it to a seperate team called Compliance (responsible for compliance with financial regulations) saying I just wanted to make sure it was all prim and proper, “just in case”.
Of course, it kinda blew up (locally) and I ended up called to a meeting with the heads of the Prop Desk and whatnot - all stern looks and barelly contained angry tones - were I kept playing the fool.
Ultimatelly it ended up not being a problem for me at all, to the point that after that bank went bust and its component parts were sold to another bank, the technical team manager asked me to come back to work with the same IT group (remember, I was a freelancer) with even greater responsabilities, so this didn’t exactly damage my career.
That said, over the years there were various cases of IT guys in large investment banks who went along with “innocent” requests from the Traders and ended up as the fall-guys for subsequent breaking of Finance Regulations, serving jail time, so had I gone along with that request I would’ve actually risked ending up in jail.
(Financial Regulators were and are a complete total joke when it comes to large banks, which actually makes it more likely that some poor techie guy will be made the fall guy to protected the bank and its heads).
I worked with people from many indian IT companies who just outright clone github repos and tell clients they developed the entire thing from scratch.
This one doesn’t surprise me. I remember a recording of a guy in India doing a job interview over the phone. He had a friend on a other phone giving him the answers to the test questions. The person giving the interview heard enough in the background to figure this out, and gave the cheater tips on how to be less obvious next time.
That I made their DropBox account, and they can’t access it anymore…
This local single location grocery store by my house would unwrap and rewrap meat packages when it hit expiration dates in order to generate a new label with a new expiration date. If the meat looked bad, it would be added to the meat grinder to make ground beef.
Worked in tech support for a major internet provider. We would constantly have major ouages in various locations due to overtaxed systems going down. Corporate refused to allow us to admit that there were problems on our end and forced the techs to troubleshoot the customer calls, even though we all knew that we could do nothing for the customer. Saw multiple techs releived of their job for telling the truth to the customers. So many hours wasted on both the customer and techs part.
S&P and Moody’s were collaborating since at least 2000 on the pricing of the so-called “esoteric” structured instruments associated with mortgaged-backed securities that caused the 4Q07 crash. They collaborated via the competitive intelligence firm Washington Information Group (which does not seem to be around anymore.) The collaboration was almost certainly illegal (IANAL). They did this because neither wanted a price war when rating these. I did sign an NDA with S&P that kept me out of the industry for two years. I left the industry shortly after that and went back to what I used to do.
A national (not US) cake company uses expired ingredients because it’s cheaper. Yes, I did report them to the authorities.
You did a great job, OP.
And nothing happened after you reported them I assume?
AFAIK they did get a couple visits from sanitary inspectors, but I haven’t been in contact since.
I worked at an ISP. The DHCP server we use for our DSL offering was made in the 90s and hasn’t been updated since.
I’ve worked for a few of the larger ISPs in the US. They all have their own special weird shit like a windows NT machine shoved in a corner in a CO in west Texas that you have to remote desktop into and run some java applet from the 90 to log into a hardwired machine from the 70s just to set up a voicemail box for a phone line. Ain’t broke don’t fix it leads to some wild setups at companies you wouldn’t expect it from.
Frankly, I don’t see this a a problem as long as the software is up to date and the hardware is sound. I bet there are thousands of SPARC servers out there processing data 24/7 since 1995.
I don’t have any interesting secrets or facts from my current ex-jobs, so I’ll share an interesting fact from a buddy’s. It’s one of those companies that offers automated phone systems (and chats, nowadays) that listen to your options rather than taking number inputs.
This may no longer be the case, but these systems were not actually automated. There are entire call centers dedicated to these phone systems, whereby an operator listens to your call snippet and manually selects the next option in the phone tree, or transcribes your input.
I wouldn’t be surprised at all if advances in AI have made this whole song and dance less in need of human intervention, but once upon a time, your call wasn’t truly automated - it was federated.
