• rtxn@lemmy.world
    link
    fedilink
    arrow-up
    3
    ·
    edit-2
    1 year ago

    Our business-critical internal software suite was written in Pascal as a temporary solution and has been unmaintained for almost 20 years. It transmits cleartext usernames and passwords as the URI components of GET requests. They also use a single decade-old Excel file to store vital statistics. A key part of the workflow involves an Excel file with a macro that processes an HTML document from the clipboard.

    I offered them a better solution, which was rejected because the downtime and the minimal training would be more costly than working around the current issues.

    • V4uban@lemmy.world
      link
      fedilink
      arrow-up
      0
      arrow-down
      1
      ·
      1 year ago

      As weird as it may seem, this might be a good argument in favor of Pascal. I despised learning it at uni, as it seems worthless, but is seems that it can still handle business-critical software for 20 years.

      • Overzeetop@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        1 year ago

        What OP didn’t tell you is that, due to its age, it’s running on an unpatched WinXP SP2 install and patching, upgrading to SP3, or to any newer Windows OS will break the software calls that version of Pascal relies upon.

  • esadatari@lemmy.world
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    i worked for a hybrid hosting and cloud provider that was partnered with Electronic Arts for the SimCity reboot.

    well half way through they decided our cloud wasn’t worth it, and moved providers. but no one bothered to tell all the outsourced foreign developers that they were on a new provider architecture.

    all the shit storm fail launch of SimCity was because of extremely shitty code that was meant to work on one cloud and didn’t really work on another. but they assumed hurr hurr all server same.

    so you guys got that shit launch and i knew exactly why and couldn’t say a damn thing for YEARS

  • TerkErJerbs@lemm.ee
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    I quit a well known ecomm tech company a few months ago ahead of (another) one of their layoff rounds because upper mgmt was turning into ultra-wall street corpo bullshit. With 30% of staff gone, and yet our userbase almost doubling over the same period, they wanted everyone to continue increasing output and quality. We were barely keeping up with our existing workload at that point, burnout was (and still is) rampant.

    Over the two weeks after I gave my notice I discovered that in the third-party app ecosystem many thousands of apps that had (approved) access to the Billing API weren’t even operating anymore. Some had quit operating years ago, but they were still billing end-users on a monthly basis. Many end-users install dozens of apps (just like people do with mobile phones) and then forget they ever did so. The monthly rates for these apps are anywhere from 3 to 20 dollars per month, many people never checked their bank statements or invoices (when they eventually did, they’d contact support to complain about paying for an app that doesn’t even load and may not have for months or years at this point).

    I gathered evidence on at least three dozen of these zombie apps. Many of them had hundreds of active installs, and were billing users for in some cases the past three years. I extrapolated that there were probably in the high-hundreds or low-thousands of these zombie apps billing users on the platform, amounting to high-thousands to low-tens-of thousands of installs… amounting to likely millions per year in faulty and sketchy invoicing happening over our Billing API.

    Mgmt actually did put together a triage team to address my findings, but I can absolutely assure you the only reason they acted so quickly is because I was on the way out of the company. I’d spotted things like this in the wild previously and nothing had ever been done about it. The pat answer has always been well people are responsible for their own accounts and invoicing. I believe they acted on this one because I was being very vocal about how it would be ‘a shame’ if this situation ever became public, and all those end-users came after the company for those false invoices at one time. It would be a PR and Support nightmare.

    You have definitely interacted with this ecommerce platform if you shop online.

    • Veltoss@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I guessing it’s Amazon’s old android app store? I remember lots of users having a lot of hope for that app store bringing competition and higher quality app and app store quality. Oh how naive we were.

      • booty_flexx@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        1 year ago

        ✅️ is a shopping platform

        ✅️ has an app ecosystem with a billing api

        ✅️ high probability that someone who shops online has interacted with a store on the platform

        ✅️ multiple rounds of layoffs w/ staff stretched thin

        ✅️ unclear ambitions of being a megaplatform, beyond what it already is

        I guess we’ll never know, lol

    • ki77erb@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I recently discovered that somehow I set up billing for a VPN directly from the company and also through Google Play. I probably got a renewal email and just followed the instructions. I went back through my bank statements and I’ve been double charged for probably at least 2 years and just never noticed it. It was only about $10 a month. I just feel really stupid for not noticing it until now and it’s entirely my fault. I cancelled the one through Google Play. You live and you learn!

      • TerkErJerbs@lemm.ee
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        lmfao. Does the VPN company’s name start with a W by any chance? If so, I am very aware of that issue as well. 😂

  • LucasWaffyWaf@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Anybody knows that one waterfall attraction in the Southeast US? The one that advertises bloody everywhere? Waterfall is pumped during the dry seasons, otherwise there’d be nothing to see. Lots of the formations are fake, and the Cactus and Candle formation was either moved from a different spot in the cave, or is from a different cave in New Mexico. Management doesn’t want people to know that, but fuck 'em.

      • DannyMac@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        After looking it up, you can find reports from others stating the same things. When I was there as a kid, I remember that they claimed no one knew where the source of the water came from… I guess they actually know enough to help it out at least, lol

        I really enjoyed it and would like to go again, but it’s no Mammoth Cave.

  • popemichael@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Back when I managed a Blockbuster Video, most stores ran at a loss thanks to theft.

    The real reason most stores failed wasn’t because DVDs were going out. It was because we couldn’t stem the flow of money out the door thanks to thieves.

    • gan0n@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      Did they have the actual disc on the shelves? Where I’m from the rental places only displayed the cover, then you picked up the disc at the counter. Not sure how theft would’ve been a big problem then?

      • ji88aja88a@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        I suspect it was not returning the DVDs. I’m not from the USA but recall hearing blockbuster wiped all their late fees…

  • kn33@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    I worked at an ISP. The DHCP server we use for our DSL offering was made in the 90s and hasn’t been updated since.

    • Borgzilla@lemmy.ca
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Frankly, I don’t see this a a problem as long as the software is up to date and the hardware is sound. I bet there are thousands of SPARC servers out there processing data 24/7 since 1995.

          • cbarrick@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            The alternative to IPv6 is CGNAT.

            CGNAT is really annoying for users, since the entire ISP looks like a single IP address. This can lead to situations where the entire ISP accidentally gets classified as a bot or otherwise blocked. It’s not too hard to find these kinds of stories from StarLink customers.

            We are at the point where we are are legitimately out of IPv4 addresses. Household NAT isn’t enough and CGNAT has too many problems. IPv6 code was written ages ago and is very stable in all OSs these days.

            It really is just these legacy middle boxes holding us back.

  • FireRetardant@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    1 year ago

    1-800-got-junk? doesn’t care at all about its environmental impact. No sorting what so ever happens to what goes on their trucks it all goes to landfills. All the ads will say they recycle and that they repurpose old furniture but I was threatened with being fired when I recommended donating antiques instead of dumping a load of furniture.

    More jobs and more profits comes before anything else in that company, including employee health and safety. Several times I was told to enter spaces we werent trained for (attics and crawl spaces) and carry waste I legally couldn’t transport (human/organic wastes and the laws states the driver is fined, not the company). One guy injured his shoulder during an attic job and was told to finish the shift or lose his job. Absoulte scum of a company with very sleazy management and possibly the labour board in their pocket as they kept “losing the files” when I tried to file a report with buddy’s shoulder (he was hesistant to report for fear of losing his job).

  • MrBodyMassage@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    There is a million times more counterfeit/fake items at amazon than you think, and they dont care one bit to fix the problem

    • netvor@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I always thought there’s exactly 0 counterfeit/fake items at amazon, so … 0 times million … phew…

      /s

    • drphungky@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      they dont care one bit to fix the problem

      Who is they? Warehouse workers? Because without getting into too many details, I know someone fairly high up at Amazon corporate, and if I recall correctly her colleague runs a whole…divison? I don’t know, largish multi-person unit…and their whole job is addressing the counterfeit problem. I think it’s just really hard to do.

      • chiliedogg@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Well the easiest solution is to go back to having Amazon be the seller of products on Amazon, but we all one that ship sailed.

        But if the problem is shared bin storage, the solution isn’t free, but it’s also not as expensive as lots of buyer confidence:

        Tag every item with a QR code indicating its source when it comes into the distribution center. Use that code to identify the bad actors when there are returns and ban them.

        “But what about products not shipped by Amazon?”

        In that case, you know who sold and shipped the product, and if they can’t get their shit together they shouldn’t be allowed to work with Amazon.

      • GreyEyedGhost@lemmy.ca
        link
        fedilink
        arrow-up
        0
        ·
        1 year ago

        Amazon has a policy of binning items with the same UPC together, regardless of the source. What this means is if you buy a valid product and any vendor who is part of their warehouse storage system sells counterfeits, then there is a chance of you getting a counterfeit part, regardless of who you buy from. This reduces the number of locations required for a given item. It just requires that you trust your vendors to not counterfeit. If they were kept separate you could easily see who is selling counterfeits, but it would require more space.

        So Amazon has traded the ability to sell parts from verifiable vendors for short-term profits. At this point in the game, your best assumption is if there is any knock-off company selling the product you wish to buy you have no way of knowing it it’s legitimate or counterfeit. This is currently diluting their brand and will ultimately impact their sales, if not their profits.

        • squozenode@lemmy.world
          link
          fedilink
          arrow-up
          0
          arrow-down
          1
          ·
          1 year ago

          Amazon makes something like 80% of their profit off of Amazon web services. They have no reason to give the tiniest crap about any physical product they will ever sell ever again.

    • SweetBilliam@midwest.social
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I wrote a review about a counterfeit item I received. They never approved that one. I haven’t bought cologne from them since.

    • wildebeesties@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      10 months ago

      One of the major issues is counterfeit baby products, specifically sleep products. In the US, sleep spaces for babies are highly regulated. The terms “bassinet, crib, and playard” are terms that can only be used for products that pass rigorous ASTM testing. If something doesn’t complete that testing then they are not allowed to use one of those terms in ads or on their manual. This is why you’ll see many products listed as “loungers” because they’re not safe for sleep. There are hundreds of products online that are horribly made and steal manuals of actual approved products. Amazon is notified (groups I’m in notify them) and they don’t care. There are also products that aren’t knock-off versions of things but just flat out lie and say a product is safe for sleep when it isn’t and will use one of the protected terms - which makes the sale of them illegal.

    • ohlaph@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Exactly why I only buy from Amazon when I can’t find it after searching elsewhere for a while.

    • Sharkwellington@lemmy.one
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      I recall watching a video about the nature of how things are stored at Amazon warehouses - basically if there are multiple sellers offering the same item it all goes in the same bin. Even if you are providing a genuine product, there’s a very good chance one of the other sellers is not, and that counterfeit gets sent out attached to your seller ID. Then you get a complaint for selling a counterfeit item someone else provided.

      Then when that seller is caught and booted, they just register another trademark with 5-10 random characters and do it again. This is causing a massive headache for the US Trademark Office as well.

    • Paradox@lemdro.id
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      I bought a pepper grinder called the Pepper Cannon. Yes, its wonderfully overengineered and costs a fortune. But it’s made in the USA, and they’ve been pretty open with their startup process for making it.

      Few months ago I was browsing across amazon and lo and behold, some pepper grinders that look identical to the pepper cannon came up. They were all cheaper knockoffs, selling for a fraction of the cost, and outright stealing PCs industrial design. I didn’t buy one, as I don’t need one and didn’t really care enough to test if the mechanism was the same as the one I bought, but I did drop a line to the pepper cannon guys so they can try to get em delisted

      • Mikina@programming.dev
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Now I want a Pepper Cannon. Would you recommend getting it, before I ruin my hype by looking up the price or what is actually is? :D

        • Paradox@lemdro.id
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Its really great if you like pepper. It puts out an absolute ton of it, and you’ll find yourself going through way more black pepper than you thought you ever could. And the grind settings are unrivaled; you can get tiny little faerie dusts of pepper, all the way up to big honkin flakes that work great on a steak. Whenever I’m doing a brisket or similar on the smoker, its great to have on hand

          Its milled out of a single billet of aluminum, the grinding mechanism js custom built, and the whole thing just screams quality.

          And you pay for it. They’re around $200

          There’s also a salt cannon, if you want the same sort of thing but built for salt. I got it because I like the matching pair, but you don’t strictly need it; salt is salt, regardless of where it was ground.

  • Boozilla@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Health insurance company I worked for would automatically reject claims over a certain amount without reviewing them. Just to be dicks and make people have to resubmit. This was over 25 years ago, but it’s my understanding many health insurers still pull this shit. They don’t care if it’s legal or not. Enforcement is lazy and fines are cheaper than medical claims.

    Obviously this is in the USA.

  • ChickenLadyLovesLife@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    I used to work for a cable company whose name rhymes with “bombast”. They offer a wifi service whose name is a derivation of the word “infinity”. Most of the hotspots for this wifi service are provided by the Bombast wireless routers that cable customers have in their homes. So if you’re a Bombast customer, you’re helping to pay the electrical bill and giving up bandwidth in order to provide Infinity wifi.

    Another fun Bombast story: the founder, a man who always wore a bowtie, died a few years ago. At a memorial service in his honor, a number of vice presidents and other executives (including my boss at the time) wore bowties. Everyone who wore a bowtie to the service was fired within a week.

    • SetheryVanDamn@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      The shared internet thing is a setting that comes turned on for Xfinity routers by default (aka the ones you rent from them). If you go into the settings of the router you can turn the wifi sharing setting off.

          • ChickenLadyLovesLife@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            I have no idea why they were fired or who fired them - I just know that they were fired.

            Bombast had a lot of helplessly incompetent (and sometimes clinically insane) executives running things, but they never lasted that long. There seemed to be some sort of Avenging Angel of Death wandering the Bombast Center and culling the more useless examples of management. My bowtie-wearing boss was one of these and certainly deserved the axe, but I don’t know if this was true of the other members of the bowtie brigade.

    • zuhayr@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      If you disconnect your existing connection, and got a new one using another name, saying that you’re new occupant, you can get that new connection discount (over and over again).

      • Maslo@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Careful, sometimes they’ll come out just to pull your plug from a concentrator when you disconnect, or it just happens when they’re hooking up a new customer and yours gets unplugged to make room. But then they turn around and charge like $50 just to come out and plug that back in for a new install. That can be the entire install, you can bring your own modem and have everything fine inside, but some yahoo charges $50 to come out and plug some coax into a concentrator in a box 20 ft from your house that they unplugged for free last week.

      • 丂イ乇尺レノ刀ム@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        I’ve never had to disconnect. Once the discount has expired, I just go online and check the prices for changing my internet speed. Most of the time there’s a discounted one (with a contract agreement of course). But I’ve been switching back and forth between different speeds for years and saved a lot of money that way. Also buy your own modem/router instead of paying rental fees for their equipment.

      • squozenode@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        With Time Warner you don’t even have to do that you can just call up and ask, they’ll probably give you the discount. They absolutely do not care.

  • TemporaryBoyfriend@lemmy.ca
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    I work in IT. Most systems have laughable security. Passwords are often saved in plain text in scripts or config files. I went to a site to help out a very large provincial governmental organization move some data out of one system and into another. They sat me down with a loaner laptop and the guy logged me into his user account on the server. When I asked for escalated privileges, he told me he’d go get someone who knew the service account passwords.

    After a few minutes, I started poking around on my own… And had administrative access within an hour. I could read the database (raw data), access documents, start and stop the software, plus, figured out how to get into the upstream system that fed data to this server… I was working on figuring out the software’s admin password when the guy came back. I’m sure that given some more time, I could have rooted the box because the OS hadn’t been updated in years.

    • bpm@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Having worked network support, the number of times I’ve been on a screen share with someone who opens an excel sheet from the share drive that holds all the root passwords for every network device they own is high. A bad actor could take down some very large companies with some simple social engineering skills.

    • Mikina@programming.dev
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I work as a pentester and Red Teamer, I can attest that even for some large companies, you always stumble upon something that’s just dumb, and completely renders their multi-million investment they are probably making into security tools and solutions worthless.

  • oshu@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    The majority of tech startups are super chaotic and barely keeping things running. More than you would ever imagine.

  • shadesdk@lemmy.ml
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    1 year ago

    The company would bid on government contracts, knowing full well they promised features that didn’t exists and never would, but calculating that the fine for not meeting the specs was lower than the benefit of the contract and getting the buyers locked into our system. I raised this to my boss, nothing changed and I quit shortly after.

    • hactar42@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      I’ve worked in IT consulting for over 10 years and have never once lied about the capabilities of a product. I have said, it doesn’t do that natively, but if that’s a requirement we can scope how much it would take to make it happen. Sadly my company is very much the exception.

      The worst I saw was years ago I was working on an infrastructure upgrade of a Hyper-V environment. The client purchased a backup solution I wasn’t familiar with but said it supported Hyper-V. It turns out their Hyper-V support was in “beta”. It wasn’t in beta. They were literally using this client as a development environment. It was a freaking joke. At one point I had to get on the phone with one of their developers and explain how high-availability and fail-over worked.

      • bpm@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        I could very well have been that developer. Usual story, sales promised the world, that our vmware-based system would run on anything and everything, and of course it’s all HA and load balanced, smash cut to me on Monday morning trying to figure out how to make it do that before it goes live on Wednesday.

    • forgotaboutlaye@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Promising features that never existed is part and parcel to a lot of software sales, whether gov or private. Speaking from post-sales experience.

    • esadatari@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      eh DHCP isn’t really important right? obviously if it hasn’t changed since the 80’s why would you need to reboot your server.

      what are vulnerabilities?

    • drphungky@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I worked in government contracting (and government, for that matter) for years and that blows my mind. I can’t remember the details, but if you even had a bad reviews, much less being found noncompliant, it could disqualify you entirely from some contract vehicles for a matter of years. Wild that there’s some agency that somehow lets people get away with fraud.

      Also, if that cost the government money, there’s a chance you could report that after the fact and make some money.

  • seraphelven@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Depending upon your position you have an NDA that either has a date or never expires. I have worked for companies that I have NDAs with that never expire. Be careful what you share.