Slashdot Mirror

Not too long ago, there was a small furor in the local media about a major disaster at The State's Technology Services Division. The details were a bit sketchy â" mostly because The State was "unable to comment on an ongoing investigation" â" but what was reported was that, for two full days, employees of The State were unable to logon to their computers or access email, and that this caused business within The State to grind to a halt.

As the "investigation" carried on, the media lost interest in the story and moved on to more newsworthy stories like who Paris Hilton was partying with last weekend. Fortunately for us, a certain employee of The State named J.N. works in the Technology Services Division and decided to share what really was behind those fateful days.

When employees of The State came in to work following a three day weekend, they found their workstations overloaded with "cannot logon" and "Exchange communication" error messages. The Network Services folks had it even worse: the server room was a sweltering 109 Fahrenheit and filled with dead or dying servers.

At first, everyone had assumed that the Primary A/C, the Secondary A/C, and the Tertiary A/C had all managed to fail at once. But after cycling the power, the A/Cs all fired up and brought the room back to a cool 64. At the time, the "why" wasnâ(TM)t so important: the network administrators had to figure out how to bring online the four Exchange Services, six Domain Controllers, a few Sun servers, and the entire State Tax Commissionâ(TM)s server farm. Out of all of the downed servers, those were the only ones that did not come back to life upon a restart.

They worked day and night to order new equipment, build new servers, and restore everything from back-up. Countless overtime hours and nearly two hundred thousand dollars in equipment costs later, they managed to bring everything back online. When the Exchange servers were finally restored, the following email finally made its way to everyone's inbox, conveniently answering the "why"

From: ----- -----------
        To: IT Department
        Re: A/C constantly running.

        To whom it may concern,

        I came in today (Monday) to finish up a project I was working
        on before our big meeting with the State ----- Commission tomorrow,
        and I noticed that there were three or four large air conditioners
        running the entire time I was here. Since it's a three day weekend,
        no one is around, why do we need to have the A/C running 24/7?

        With all the power that all those big computers in that room use, I
        doubt it is really eco-friendly to run those big units at the same
        time. And all computers have cooling fans anyway, so why put the A/C
        for the building in that room?

        I got a keycard from [the facility managerâ(TM)s] desk and shut off the
        A/C units. I'm sure you guys can deal with it being warm for an hour
        or two when you come in tomorrow morning.

        In the future, let's try to be a little more conscientious of our
        energy usage!

        Thanks,
        -----

As for the employee who sent it, he decided to take an early retirement.

-Daily WTF

If your developers are mindless enough not to validiate user input then at least use stored procedures.

... and, don't forget the most important: forbid the end users to employ dangerous words in their "security question" answers. Hey, how cool is that?

(You can find this and other amusing samples of anti sql-injection techniques by dumb developers at WTF)

The reason it's done is a combination of great variability in skill among IT applicants, compared to professions with time-tested accreditation bodies like lawyers and accountants, and skills that are fairly amenable to formal testing, compared to professions like sales and HR, at least with respect to weeding out duds (if someone can't write a simple program in an afternoon, given a language reference, they should not be hired). More generally, I can't imagine why it's unreasonable for an employer to test skill.

Competent IT professionals accept it because it's in fact beneficial to them to be distinguished from their less competent peers. (If the test itself is poor, they complain about that, and don't whine about the indignity of taking a test in general.) Paternalism is forcing someone to do something for their own good. This is not. I can assure of I have no intention of refusing tests of skill when applying for jobs.

Employment history, certifications, and degrees do not ensure competence. Probably most of the people on The Daily WTF passed such basic screening.

Building hybrids uses machinery that pollutes the environment. The solution? Ship the parts of a hybrid individually and get your customers to put the car together themselves.

And you plan on shipping those parts using what exactly? I'm willing to be that the energy used to plant-machine the car then drive it to my house on hybrid power, and the energy used to fossil-fueled 18-wheeler ship a ton of crap to my house are at least on par-- if the latter is not even worse.

And what about packaging? Because seriously, if this is what cmos batteries take to ship, I'd had to see how many Styrofoam peanuts go into shipping a car.

Reminds me of the clbuttic filtering mistake, which is mbuttively worse. I think you should rebuttess the severity of this.

It's not resin, but it's also a nice alternative
http://thedailywtf.com/Articles/Silent-But-Deadly.aspx

And you are brillant!

http://thedailywtf.com/Articles/The_Brillant_Paula_Bean.aspx

An often overlooked scripting language is Mumps...

Hiss! It burns!

MUMPS (originally, Massachusetts General Hospital Utility Multi-Programming System) is conceptually different from just about every other programming language out there. The primary design goal MUMPS was to create code that, once written, can never be maintained by anyone ever again. The syntax is somewhat reminiscent of FORTRAN and SNOBOL (no, not the toilet cleaner), only much, much worse. Ironically, being inflicted with mumps (the disease) is much more pleasant that actually working with MUMPS (the language). A more apt name for the language certainly would have been EXPLOSIVE-DIARRHEA; Im sure they could have even worked SNOBOL (the language, or, heck, even the toilet cleaner) in there as well. ...

Keep in mind that MUMPS is not one of those esoteric joke languages. It should be, but it isnt. MUMPS is very real, and has been used for the past thirty years to create and maintain colossal medical information systems.

- http://thedailywtf.com/Articles/A_Case_of_the_MUMPS.aspx

Think it through, fellas - what, exactly, do you plan to DO with this data?

To have my personal collection of http://thedailywtf.com/ ?

Assume you are going to have to pony up $10,000 (USD) to solve this problem.

Oh come on. A fishbowl and a portable AC would cost $505.50.
For the "priceless" picture, click here.

This makes a lot of sense.

It sure does!

I saw a boxfan blowing on a bunch of servers

Chumps. They need to step up to the big leagues and use an oscillating Cooling Apparatus.

They might have... http://thedailywtf.com/Articles/Encrypted-For-Your-Security.aspx

You have to be careful not to breed a Defect Black Market

Basically, you have developers colluding with testers. The developer intentionally drops a minor bug into the system (inverting an AND and OR, for example). The tester magically "finds" it. The tester gets the reward, and splits it with the developer. Repeat until the system is scrapped.

Reminds me of this: http://thedailywtf.com/Articles/The-Defect-Black-Market.aspx

Or... in some cases where your car is being towed by a speeding tow truck:

Traffic Enfarcement

Since it is your license plate that the camera picks up, you get the speeding ticket.

--jeffk++

Check this out, specifically the illustration halfway down the page. Axing features is sometimes the only way to avoid failure.

Covered recently with great accuracy by The Daily WTF.

It is the entire motivation behind Mandatory Fun Day.

As Talderas says, there's always use strict;

And what you're talking about is a language enforcing a coding standard -- particularly syntax-wise -- which just strikes me as a bad idea, especially considering that if the only thing forcing you to write maintainable code is a stricter language, it's going to surface in other ways.

If you look at The Daily WTF, you'll find that there's pretty much equal opportunity f*cked up code.

Yes, Perl makes it easy to write such code, if you really want to. But it's ultimately your choice whether to write readable code or not, just as it's your choice whether to use ObjectWrapper.

As Talderas says, there's always use strict;

And what you're talking about is a language enforcing a coding standard -- particularly syntax-wise -- which just strikes me as a bad idea, especially considering that if the only thing forcing you to write maintainable code is a stricter language, it's going to surface in other ways.

If you look at The Daily WTF, you'll find that there's pretty much equal opportunity f*cked up code.

Yes, Perl makes it easy to write such code, if you really want to. But it's ultimately your choice whether to write readable code or not, just as it's your choice whether to use ObjectWrapper.

As many others have pointed out, you can write bad code in any language. Perl makes it very easy to write terrible code, just as Perl makes it very easy to write just about anything else. There are other languages that place obstacles between you and the bad code you're trying to write - for example, Python won't let you not indent correctly, and Java won't let you not use OOP.

When coding large applications, it is critical that certain coding standards are followed. Everybody has to play by the rules, and do things in a standardized way. Perl doesn't impose any of these rules for you automatically. If you choose not to self-impose any rules, your code will wind up being an unmaintainable mess. But no language can save you from that - if you write terrible code in Python, it's guaranteed to be nicely indented, but that doesn't mean it'll be maintainable. And, if you want to self-impose some rules to help keep your code clean, Perl Best Practices will point you in the right direction.

I highly recommend The Daily WTF?. Perl does NOT get a disproportionally large representation there.

Anyone that frequents http://thedailywtf.com/ will tell you of "Irish girl" http://www.bustedtees.com/irish#female

Anyone thinking this is bad needs to cruise on over to TheDailyWtf and read this gem about how this particular auto company does business.

sorry... typed an extra '/' before that link, http://thedailywtf.com/Default.aspx

I got locked out of my bank account because of that BS once (it wasn't a password reset though, it was a 2 step authentication, so it asked that on TOP of the password)

You mean a "Wish-It-Was" two-step authentication.

Exactly how excellent is your memory, then? This kind of corner-case made me reconsider best-practices password security.

Indeed, this is the theme of a recent DailyWTF.

tl;dr version: a software team spends five months optimizing some code, because the server keeps on running out of memory. They manage a 54% reduction in the memory footprint - but the server was running on 512 MB of ram. $60 would have bought them a 2 GB stick.

Reminds me of this WTF: http://thedailywtf.com/Articles/Incredibly-Accessible.aspx

Something like The Upgrade Threadmill ?

This is a clbuttic problem with automated censorship.

Ray Davis is the founder and visionary behind the BRS technology and serves as Chairman and CEO. In 2000 Mr. Davis founded SimDesk Technologies and served as Vice-Chairman when he left in 2006 to start BRS. SimDesk created revolutionary technology that changed the very business model of the computer industry. By creating a server that can out perform any other system by a thousand times, SimDesk has been able to sell its products to federal, state, and local governments which in turn provide the software to millions of users in the U.S. and overseas. In 1995 Mr. Davis founded CyNet, Inc., an Internet related company that ranked within the top ten fastest growing companies in Houston in 1996 and 1997. Mr. Davis sold the company in 1998 and the company went public in 1999.

For the uninitiated about Simdesk and Virtudyne:

http://thedailywtf.com/Articles/Virtudyne_0x3a__The_Founding.aspx

http://www.bloghouston.net/item/6996

...a shingle is just fine.

You must switch to version control, urgently!

Given how many banks employ Wish It Was Two-Factor authentication, I'm not surprised at all.

The concept of two-factor authentication is stupidly simple: Something you have, and something you know.

Somehow, banks (and credit card companies) seem to be confusing this with "two things you know" -- which actually isn't one bit more secure than "one thing you know".

The reality is, all the technology to do this right exists. It is trivial to do. But banks don't want to pay for it. (Which, in itself, is a WTF -- I'll gladly pay some extra for an RSA key auth scheme for my bank, so if the concern is that most users wouldn't notice or care, that gives you an excuse to get more money out of the ones who do. But instead, you just leave everyone somewhat less secure and more irritated than with PayPal.)

The problem with the questions is based on a watered-down version of bank security measures.

There were guidelines issued that said banks and other financial institutions should use two-factor authentication. The banks, however, fought back because such changes (keyfobs, scratch tickets, etc) cost money, and the guidelines were watered down to what they are now - "sorta-wannabe-two-factor".

In reality, it's another password.

http://thedailywtf.com/Articles/WishItWas-TwoFactor-.aspx

Heck, some banks are really idiotic, too...

http://thedailywtf.com/Articles/Banking-So-Advanced.aspx

The problem with the questions is based on a watered-down version of bank security measures.

There were guidelines issued that said banks and other financial institutions should use two-factor authentication. The banks, however, fought back because such changes (keyfobs, scratch tickets, etc) cost money, and the guidelines were watered down to what they are now - "sorta-wannabe-two-factor".

In reality, it's another password.

http://thedailywtf.com/Articles/WishItWas-TwoFactor-.aspx

Heck, some banks are really idiotic, too...

http://thedailywtf.com/Articles/Banking-So-Advanced.aspx

Tandem just got a mention over at DailyWFT

Look at the packaging for a few screws!

> it's a shame no one gives assembly the respect it deserves.

That's because aside from you, me, and a dozen other people, nobody knows assembly any more. Today's generation lives in the world of the 500M web application.

Maybe he was this guy.

If we can put a man on the moon, ... is moderate competence in what we do daily really too much to ask?

I'm not a fan of manned space flight, but I do find the achievements of Apollo inspiring, setting a tangible benchmark, and fair game for non sequitur generation :)

There are no absolutes.

Sometimes laws aren't to be followed, because they aren't just.

Even the US government can ignore laws at times.

For example, they can perform searches without a warrant, under dire circumstances, even though, technically, the constitution requires a warrant.

Most every rule has exceptional cases where it's very stupid to adhere to the rule.

See slaves to the process

Pushing procedure above all else reminds me of this

Submit that pic to the thedailywtf.com!

Ironic you bring this up when thedailywtf.com posted this little bit today.

Plus, writing a decent XML parser is easy!

http://thedailywtf.com/Articles/Up-or-Out-Solving-the-IT-Turnover-Crisis.aspx

Banks in the US are required to use two-factor authentication: http://www.schneier.com/blog/archives/2005/10/us_regulators_r.html

This won't help. It'll change the tactics of the criminals, but won't make them go away. ...the short version is that two-factor authentication won't mitigate identity theft, because it's not an authentication problem -- it's a problem with fraudulent transactions

The funnier rendition of this sad tale is here: http://thedailywtf.com/Articles/WishItWas-TwoFactor-.aspx

These days, when logging on to various websites, users are asked for a name, password, and the answer to one or more "secret questions." It's actually a new-fangled type of authentication called Wish-It-Was Two-Factor.

Well, I've personally recieved e-mails from students asking for help from the UK, US, Spain and pakistan to name but a few. I actually submitted some of the funnier ones here