I know this thread is old but: so many HIPPA violations, oh my God. I am a pediatric therapists/child psych, and the clinic I used to work at constantly stored client data in the most insecure ways, and therapists and staff would discuss client names, diagnosis’, address, EVERYTHING openly in the break room. I complained at one point, but it went nowhere. Turns out nobody cares, lol. They also frequently ignored the best interests of our clients to maximize profit from insurance (leaning towards fraud). I ultimately left the company when my boss blatantly violated the safety of one of my clients by refusing to send her home when she had a fever of 104 F. Sure, working with kids means everyone gets sick a lot, but when the child is THAT sick, they need to be in a hospital, not in a hot, cramped room with a therapist.
Every time we notified anyone about a potential illegal breach of gdpr that could get us fined or sued, admin pretended they had never been informed because the changes would take too long and collide with their plans to “revamp everything, reinvent the platform, and rebrand”.
I should have whistleblown them myself if it were not for the fact that doing so would probably get some previous employees fired rather than hurt the company.
I find it humorous that y’all think it’s only the company you worked at that had a fragile tech solution held together (sometimes literally) with duct tape and coat hangers, as part of a mission critical business process.
Pretty much every company big or tiny has at least one permanent “temporary” solution in place.
I used to work at Starbucks (almost a decade ago now), but at the time, the motto was “just say yes” to any customer requests. We also had free drink cards that you could give out to deesclate any issue. So I would say any time you’re even the slightest bit unhappy, bring it up, and you should at least have your problem solved, if not compensated for a free drink next time.
We also had customer satisfaction surveys that would print on reciepts, where filling one out would get the customer a free drink. We always kept them for customers that were happier to try and rig the odds in our favour of a higher rating, but also if a customer asked for one, I would give it if I had it. You could always ask the cashier if they have any of those as well.
Again, not sure how much either of those things have changed in the past 10 years, and I’m not sure how regional it was (this was in Canada at a corporately run store), but maybe worth a try.
Also I love these types of threads – great topic to post.
“Can I have a free drink card?”
Why is everyone here afraid to name the companies?
Unless you’re sharing something that only you would know and the company is aware that you’re the only one who knows it, there’s no way they can identify you.
Something tells me the people posting here who had “NDAs” didn’t actually have any sort of a high level clearance to important information.
Code base is shit. We’re not doing what we’re promising or any close of it. We’re probably going to bankrupt in a year or two.
The majority of tech startups are super chaotic and barely keeping things running. More than you would ever imagine.
That I made their DropBox account, and they can’t access it anymore…
My previous employer - a multi-billion dollar internet search company would secretly listen to people’s conversation via their mobile devices then place ads on the same devices (e.g in the browser search results or at the start of videos) based on keywords from the conversations, this had to be kept hidden of course and this large well-known company shall remain nameless.
You sure about that? because if it’s Google, that particular method of doing this would be easily discovered.
Also, the scary part isn’t that they could do this by listening to your phone, the scary part is that they DON’T need to listen to your phone to do exactly that. Much easier to identify multiple devices coming from the same network (both physical and social), and then figuring out query interests, and then send ads down the same pipelines.
The building, used by several hundred employees, had a security systems with 4-digit codes. I’ve been part of group of people who liked to work late times, and the building would lock at midnight – the box by the door would start beeping and you would need to unlock it within a minute or so, or “proper alarm” would ensue.
However, to unlock the alarm you did not need your card – all you needed to do was to enter any valid code. Guess what was the chance that, say,
1234was someone’s valid code? Yes.We’ve been all using some poor guy’s code
1234, and after several years, when he left the company we just guessed some other obvious code (4321) and kept using that.By the way, after entering the code to the box by the door, it would shortly display name of the person whom the code “belonged” to. One of our colleagues took it as a personal secret project to slowly go through all 10000 possible codes and collect the names of the people, just for the kick of it.
(By the way, I don’t work for that company anymore, and more importantly, the company does not use that building anymore, so don’t get any ideas! 🙃 )
One of our colleagues took it as a personal secret project to slowly go through all 1000 possible codes and collect the names of the people, just for the kick of it.
Just an FYI it’s 10,000 codes, not 1,000. 0000-9999
The company would bid on government contracts, knowing full well they promised features that didn’t exists and never would, but calculating that the fine for not meeting the specs was lower than the benefit of the contract and getting the buyers locked into our system. I raised this to my boss, nothing changed and I quit shortly after.
I’ve worked in IT consulting for over 10 years and have never once lied about the capabilities of a product. I have said, it doesn’t do that natively, but if that’s a requirement we can scope how much it would take to make it happen. Sadly my company is very much the exception.
The worst I saw was years ago I was working on an infrastructure upgrade of a Hyper-V environment. The client purchased a backup solution I wasn’t familiar with but said it supported Hyper-V. It turns out their Hyper-V support was in “beta”. It wasn’t in beta. They were literally using this client as a development environment. It was a freaking joke. At one point I had to get on the phone with one of their developers and explain how high-availability and fail-over worked.
I quit a well known ecomm tech company a few months ago ahead of (another) one of their layoff rounds because upper mgmt was turning into ultra-wall street corpo bullshit. With 30% of staff gone, and yet our userbase almost doubling over the same period, they wanted everyone to continue increasing output and quality. We were barely keeping up with our existing workload at that point, burnout was (and still is) rampant.
Over the two weeks after I gave my notice I discovered that in the third-party app ecosystem many thousands of apps that had (approved) access to the Billing API weren’t even operating anymore. Some had quit operating years ago, but they were still billing end-users on a monthly basis. Many end-users install dozens of apps (just like people do with mobile phones) and then forget they ever did so. The monthly rates for these apps are anywhere from 3 to 20 dollars per month, many people never checked their bank statements or invoices (when they eventually did, they’d contact support to complain about paying for an app that doesn’t even load and may not have for months or years at this point).
I gathered evidence on at least three dozen of these zombie apps. Many of them had hundreds of active installs, and were billing users for in some cases the past three years. I extrapolated that there were probably in the high-hundreds or low-thousands of these zombie apps billing users on the platform, amounting to high-thousands to low-tens-of thousands of installs… amounting to likely millions per year in faulty and sketchy invoicing happening over our Billing API.
Mgmt actually did put together a triage team to address my findings, but I can absolutely assure you the only reason they acted so quickly is because I was on the way out of the company. I’d spotted things like this in the wild previously and nothing had ever been done about it. The pat answer has always been well people are responsible for their own accounts and invoicing. I believe they acted on this one because I was being very vocal about how it would be ‘a shame’ if this situation ever became public, and all those end-users came after the company for those false invoices at one time. It would be a PR and Support nightmare.
You have definitely interacted with this ecommerce platform if you shop online.
I’m unfortunately dependent upon said company, as a “partner”, which just means a hack indie developer who herds customers to the slaughter for the corp.
The last round of layoffs was a brutal experience for the “Plus” customers. They lost crucial advisers and support, and now the guidance available is a bored and untrained chat support thrall on the other side of the world, or a stochastic parrot.
You can smell the enshittification from here. The vendor lock-in is so intense it seemed inevitable.
You’re absolutely right on all counts. And that’s why I quit (without waiting around to be laid off which frankly the severance package would’ve been nice). I got hired into the first (private) company I applied to, I’m thriving, and I don’t miss that stink of wall street/silicon valley money at all.
deleted by creator
Does this platform have an esports team and/or is it built with Rails?
Name and shame!
just guessing here but sounds like the rain forest company.
I’m guessing that if you have the right kind of Pal, you could figure out a way to Pay them to help you figure it out…
This has GOT to be Shopify
✅️ is a shopping platform
✅️ has an app ecosystem with a billing api
✅️ high probability that someone who shops online has interacted with a store on the platform
✅️ multiple rounds of layoffs w/ staff stretched thin
✅️ unclear ambitions of being a megaplatform, beyond what it already is
I guess we’ll never know, lol
Our business-critical internal software suite was written in Pascal as a temporary solution and has been unmaintained for almost 20 years. It transmits cleartext usernames and passwords as the URI components of GET requests. They also use a single decade-old Excel file to store vital statistics. A key part of the workflow involves an Excel file with a macro that processes an HTML document from the clipboard.
I offered them a better solution, which was rejected because the downtime and the minimal training would be more costly than working around the current issues.
The library I worked for as a teen used to process off-site reservations by writing them to a text file, which was automatically e-faxed to all locations every odd day.
If you worked at not-the-main-location, you couldn’t do an off-site reservation, so on even days, you would print your list and fax it to the main site, who would re-enter it into the system.
This was 2005. And yes, it broke every month with an odd number of days.
downtime
minimal retraining
I feel your pain. Many good ideas that cause this are rejected. I have had ideas requiring one big downtime chunk rejected even though it reduces short but constant downtimes and mathematically the fix will pay for itself in a month easily.
Then the minimal retraining is frustrating when work environments and coworkers still pretend computers are some crazy device they’ve never seen before.
cleartext usernames and passwords as the URI components of GET requests
I’m not an infrastructure person. If the receiving web server doesn’t log the URI, and supposing the communication is encrypted with TLS, which removes the credentials from the URI, are there security concerns?
Anyone who has access to any involved network infrastructure can trace the cleartext communication and extract the credentials.
i worked for a hybrid hosting and cloud provider that was partnered with Electronic Arts for the SimCity reboot.
well half way through they decided our cloud wasn’t worth it, and moved providers. but no one bothered to tell all the outsourced foreign developers that they were on a new provider architecture.
all the shit storm fail launch of SimCity was because of extremely shitty code that was meant to work on one cloud and didn’t really work on another. but they assumed hurr hurr all server same.
so you guys got that shit launch and i knew exactly why and couldn’t say a damn thing for YEARS
Not to put the blame on the devs, but the problems might have been attenuated by defining a proper interface layer against the server.
It’s a damn single player game 💀
I worked for for the railroad. Nothing is fixed ever. I witnessed hundreds of code violations every day for years. Doesn’t matter if a rail car or locomotive meets code as long as it “can travel” its good to go.
When an employee inspector finds a defective rail car management determines if it will get fixed. If the supervisor “feels” like “it’s not that bad” then the rail car is “let go”.
Oh, so like ambulances in the USA.
“The ambulance had issues making it unsafe (or even illegal) to drive? But it can still drive down the road? Doesn’t seem too bad: keep an eye on it.”
You’d think they’d have money to keep it pristine, with how much a short ambulance ride costs in the USA
Just like hospitals, that money is going straight to the top and staying there.
With the amount of money a 3 mile ambulance trip costs, you could buy a beater car and drive yourself there.
A lot of US freight railroads seem to love to manage themselves into the ground.
