Tunnel Rat posted on March 28, 2007 16:02

I got a lot done that Saturday. Now, I’m not a workaholic, and strongly believe in the XP philosophy that if you are going to work overtime, it should be done in small, infrequent intervals. But without much help from my “team,” shit was just not going to happen.

"Team" was a generous term. Team would imply that they could work in a coordinated, collaborative manner. Not so – they worked together like four guys in a circle jerk work together.

When I came in the next Monday, I fired up Visual Studio to wrap up some lose ends on the Online Inquiry app I had worked on over the weekend. The piece of shit site was finally getting stabilized, and if Mr. Whiteboard could get his act together and verify that it worked properly, we could launch in a week. I checked the code into Source Safe and moved on to some other tasks.

Big mistake.

When I finally got some half-assed specs from the overworked business analyst who sorta, kinda, maybe knew how the thing was supposed to work, there were some gaps. Evidently, the security of the system was so well designed that every user had the same login id. The way they differentiated who was who was by assigning a unique password, and the code had to figure who the user was by querying the database for that password, along with the group code (which was being passed around in the query string – in the clear). Not very secure. In fact, a hackers dream. Crack the weak password, guess which one of the four group codes to use, and you are in. Kiddie script stuff.

Not that you would be privy to much, except PERSONAL MEDICAL DATA, like the fact that Juan Esconseco in Orange, California was getting treatment for genital warts, or that Stacy Mooring in Yorba Linda, California had received a prescription for Lithium. Not very important, unless you had just started dating Juan and thought he had beauty marks, or you are married to Stacy and didn’t realize she was bipolar and thought that her violent mood swings were due to PMS.

The fact is, with folks like Charlie and Mr. Whiteboard in charge of your sensitive medical information, the chances of your medical data being secure are slim to none. They have other things to worry about, like their kid’s basketball games (Mr. Whiteboard) or beating some gangsta wannabe in some violent video game at the local internet café (Charlie). Security is an afterthought.

But not to me. I had done what I could to tighten the security holes in the Online Inquiry App, and was ready to circle back around a few days later. I first had to spend a day in a Leadership For Results class. Mr. Whiteboard’s idea. I have a bunch of coddled punks on my team and an impotent boss, and I’m the one that needed the leadership training.

Right. Sit in a class with a bunch of middle managers and department heads and do silly exercises designed to make me a better leader. No fucking way. No amount of role-playing was going to help me deal with the squad of bozos I had. But I went through the motions, played nice with folks like the Director of Coordinated Care and the Manager of Executive Compliance, and kissed a little ass with the HR lady that ran the thing. She was, after all, the one that turned me on to Charlie’s bogus resume and was helping me navigate through the shitstorm that was festering in Mr. Whiteboard’s shop.

When I cracked open the code a few days later, the work I had done was gone.

I did a double-take. Chill-out, I said to myself. Let’s make sure it didn’t get moved around or renamed, or put in folder created by a Vietnamese coder with limited English skills, like “Businez Leyer” or something.

No luck. I couldn’t find the class I had written. I was starting to freak.

It was a very stressful, nerve racking job, pushing the rat's mental state to its limits. Crawling through narrow, pitch black tunnels, sometimes for hours looking for a heavily armed enemy who would if he got the drop on you not hesitate to kill you.Occasionally under the strain a mans nerves would break and he'd be dragged from the tunnel screaming and crying. (Link)


Charlie had laid a trap. But I knew what I was up against, so I prepped myself. I checked the app to see if it would still run. Somehow, it was working like it did when I had wrapped up my changes a few days earlier. That meant the functionality that I had coded was there, somewhere.

Charlie had moved my code around, and didn’t bother to leave any comments, like “I moved your fucking code to class bla-bla-bla, you round-eyed piece of shit.” Just moved it, probably to some place it didn’t belong.

I found my logic lurking in the front-end, mixed in with a bunch of Charlie-code. Charlie-code was ugly, and I could spot it a mile away. I got my shit together and scheduled a meeting with Mr. Whiteboard.

When I walked into his office a few hours later, he looked scared. He always looked scared when I went to go see him. Let me try to “manage up” and help him out, I thought to myself. He wasn’t cut out for this stuff.

“I got the app security stuff working this weekend,” I told him.

“Oh. That’s good.” He flashed me a fake smile. He looked like he was passing a gallstone.

“Yeah, I figured out there are no unique user IDs, so I tightened that up a bit.”

“Yes, I know, we, uhm, came up with that to make it easier to set up users. And there is a “Z” login that you can use to test all the accounts. It’s in the code” He looked ashamed. Deep-down, he knew that wasn’t right, hard-coding a backdoor to make things easier on him. Lazy bastard.

“No prob, I found that. But I had everything working, and now my code is gone.”

Mr. Whiteboard grimaced, like another gallstone was moving through his alimentary canal. “Did you check with Charlie?” he asked.

He was getting wise. At least he was dialed in to the fact that Charlie could, and would, do all sorts of crazy shit to maintain his position as Head Motherfucker In Charge of Code.

“Well, I was about to, but I wanted to check with you first. See, the code was moved around somewhere. I think we need to talk to him, you know, reinforce the need to communicate things.”

He took a deep breath. “Oh boy.” God, he hated this stuff, I could tell. He wanted so much to be adored by his staff, and Charlie was Golden Buy, his pick of the litter. And now he had to do something about his behavior.

Mr. Whiteboard got on speakerphone and rang Charlie’s extension.

“Hawo.”

“Do you have a second, Charlie?”

“Wud you need?”

Maybe you could get your little ass into your boss’ office, I felt like screaming into the phone.

“Uhm, we just want to talk about a couple of things about the Online Inquiry app. It will just take a second.” Mr. Whiteboard was begging.

Charlie walked into the office and sat down next to me. No pleasantries were exchanged, just grunts and nods.

It was a short cross examination.

“I wrote some code to handle security in the app, and now it’s gone,” I told him.

“Yeah, I move id do da frond end.”

“Huh?”

“Da frond end.”

“Oh, the front-end. Why?”

“Dad where id belong,” he mumbled.

“How come you didn’t comment your changes?” I asked.

He shrugged.

Mr. Whiteboard had had enough. “Thanks, Charlie.”

That was it. No discussion about the importance of communicating with your supervisor, yada-yada-yada, nothing. He just didn’t have the stomach for it. I wasn’t going to get much backup from this clown, and if I came down heavy on Charlie, or anybody else, Mr. Whiteboard was going to back them up. I was screwed.

“So, what do we do?” he asked.

“I’ll tell him to roll back his changes and leave my code where I had it.”

“But where does it belong?”

Jesus, now I was going have to get into a technical discussion over this? Not going to happen.

“That’s not really the point,” I told him, trying to remain calm. I wanted to pound my fist on the table. “Ideally, the code should be in the middle-tier, it’s more secure that way. But he shouldn’t just move it around – that’s the issue here.”

He stared at me, blankly. He had no clue what I was talking about. I stared back at him, blankly. The meeting was over.


Posted in:   Tags: ,

- Vineet Nayar, CEO, HCL Technologies

Recent Posts

Slumdog Comment Generator

Clueless?
Not Sure How To Respond?
Use the Slumdog Comment Generator!

Calendar

«  April 2017  »
MoTuWeThFrSaSu
272829303112
3456789
10111213141516
17181920212223
24252627282930
1234567
View posts in large calendar

Month List

Disclaimer
The thoughts expressed on this blog may or may not be the author's own and are protected by the 1st Amendment. Any attempt to reveal his identity by contacting a slumdog hack at Google, or a corrupt Desi sys-admin at his ISP will be dealt with promptly and severely. Civil and criminal penalties may apply if one is found to have used private information in an attempt to get the author fired at the Hindu-only I.T. ghetto he currently works at. In addition, any Desi who attempts to burn the author's house down because they are enraged over his writing will be prosecuted to the fullest extent of the law. This isn't India.

© Copyright 2017 Life of an I.T. Grunt


View My Stats