|
Why did you as a junior dev even have the ability to run a customers credit card number? it’s broken processes all the way down
|
#
?
Oct 23, 2017 16:54
|
|
|
|
| # ? May 18, 2024 18:16 |
|
|
Love Stole the Day posted:Open question for any of you guys: when you were trying to get your first job in this industry, what do you think it was, looking back, that landed you the interview(s) you needed in the first place? Was it because you had an extensive catalog of interesting personal projects that demonstrated expertise in a relevant library that the employer cared about? Maybe it was because your Github/LinkedIn page looked really good? Maybe you just knew the right person? Or maybe it was just luck? I worked part time doing Java at a startup in uni for beer money, applying based on an ad in the local classifieds (this was 1996, tech jobs still advertised in dead tree sometimes). It folded, but one of the guys there got a new job, suggested I apply once I was about to graduate, and told my future boss he should hire me.
|
|
#
?
Oct 23, 2017 16:55
|
|
|
Pollyanna posted:In the sense that I pulled the trigger, I mean. But I understand what you’re getting at, the reprimand I got afterwards has just stuck with me and only got worse as it was brought up over and over again in 1x1s. It made an appearance in the “you should probably leave” talk, too. At least you got it out of the way early. Now when you're handed a loaded RPG with no safety, you'll be a little more careful. I dropped a few tables in prod early on, and that (mostly) keeps me from mucking with prod DBs directly.
|
|
#
?
Oct 23, 2017 17:05
|
|
|
My fuckups lead me to believe that 1) nobody should have write access to prod and 2) SQL syntax should require a WHERE clause in an UPDATE and 3) that that should come before the SET, not after.
|
|
#
?
Oct 23, 2017 17:11
|
|
|
The Fool posted:Why did you as a junior dev even have the ability to run a customers credit card number? They told me to, when I asked if we had a test CC. Literally just “naw, just use the customer’s CC”. I guess the implication there was “but don’t actually charge them”, which is kind of dumb when you’re testing that specific functionality. If it was a test, I guess I failed  it was ultimately for the best that I left, really. My manager had some...pretty lovely behavior in trying to “mentor” me.
|
|
#
?
Oct 23, 2017 17:16
|
|
|
Munkeymon posted:My fuckups lead me to believe that 1) nobody should have write access to prod and 2) SQL syntax should require a WHERE clause in an UPDATE and 3) that that should come before the SET, not after. 2 is exactly the reason I would never dream of doing updates or deletes without Redguard at work. At least it warns you that you're probably missing a where. I've had the "250000 row(s) affected" once which was once too many.
|
|
#
?
Oct 23, 2017 17:22
|
|
|
Munkeymon posted:My fuckups lead me to believe that 1) nobody should have write access to prod and 2) SQL syntax should require a WHERE clause in an UPDATE and 3) that that should come before the SET, not after. And, if it’s not sensitive data, dump all affected columns (with keys) to a CSV file, and keep it around for a while. At Bank of America, the DBAs required us to submit a backup script along with any update or delete script. I carried that habit forward to future jobs, and it saved my rear end a few times. Sometimes it saves my rear end just by the fact that making a CSV dump script takes an extra step, and that’s an extra step to think.
|
|
#
?
Oct 23, 2017 17:35
|
|
|
feedmegin posted:this was 1996, tech jobs still advertised in dead tree sometimes Imagine my surprise when I subscribed to a dead tree this year and discovered that tech jobs are still advertised in them
|
|
#
?
Oct 23, 2017 17:38
|
|
|
Nobody should have write access. No problems then.
|
|
#
?
Oct 23, 2017 17:48
|
|
|
Joda posted:2 is exactly the reason I would never dream of doing updates or deletes without Redguard at work. At least it warns you that you're probably missing a where. I've had the "250000 row(s) affected" once which was once too many. The greybeard I'm working with right now got a good chuckle when he was looking over my shoulder and I started writing the WHERE right after the table. He thought I was just rusty with SQL until I explained I never wrote the SET without writing the WHERE first... anymore. lifg posted:And, if it’s not sensitive data, dump all affected columns (with keys) to a CSV file, and keep it around for a while. That's probably a better idea than my safety net which was dumping the table I was about to update into a #TempTableName. Thermopyle posted:Nobody should have write access. No problems then. Agreed. Safest server is powered off, filed with concrete and sunk in a deep lake.
|
|
#
?
Oct 23, 2017 17:57
|
|
|
This is very much a getting ahead of myself sort of thing, since I don't know how to program yet - but how is the non-US job market in this field? I'm an American CPA, but my wife refuses to live in the US for the time being. So, I'm clinging tightly to the one possible remote job in my field, but I'd like to have a less US-centric skill that could presumably get me hired elsewhere. I do have an independent interest in programming, and it's something I'll continue to study whether this is the thing or not - but do we have any EuroGoons or OceaniGoons or LatinAmerigoons working as devs who can tell me what the job market is like (especially for juniors) in your area? What sub field is easiest to break into as a self taught (assuming I get there)? I think I'm most interested in android development, but if it's 100% easier to break in doing Javascript webdev then that's worth considering.
|
|
#
?
Oct 23, 2017 18:08
|
|
|
Pollyanna posted:They told me to, when I asked if we had a test CC. Literally just “naw, just use the customer’s CC”. I guess the implication there was “but don’t actually charge them”, which is kind of dumb when you’re testing that specific functionality. If it was a test, I guess I failed The fact that devs have access to a customer's credit cards like that makes me die inside. You should name and shame so that we know not to ever give that company our credit card info.
|
|
#
?
Oct 23, 2017 18:17
|
|
|
Pollyanna posted:They told me to, when I asked if we had a test CC. Literally just “naw, just use the customer’s CC”. I guess the implication there was “but don’t actually charge them”, which is kind of dumb when you’re testing that specific functionality. If it was a test, I guess I failed You as a dev should not have even been able to see a customers cc information, so many things have to be wrong to get to that point. Jose Valasquez posted:The fact that devs have access to a customer's credit cards like that makes me die inside. You should name and shame so that we know not to ever give that company our credit card info. This guy gets it.
|
|
#
?
Oct 23, 2017 18:25
|
|
|
It was one of the major mobile analytics companies in the Boston area, that’s all I’ll say. Lots of big name customers by the time I left. No idea if they’ve shaped up since, but I wouldn’t know since most of my coworkers from back then have left.
|
|
#
?
Oct 23, 2017 18:35
|
|
|
That place sounds like a terrible shitshow. Have they had all their data stolen yet? Seems like a matter of time if they're that lax with their customer's information.
|
|
#
?
Oct 23, 2017 18:40
|
|
|
Not that I’m aware of, but it’s only a matter of time if they’re still pulling that poo poo.
|
|
#
?
Oct 23, 2017 18:43
|
|
|
Pollyanna posted:Other fuckups: used a customer’s CC to test our billing logic since we didn’t have a test CC, not realizing that it would charge the customer for the service they were trying to get. That was the final strike, IIRC. Hellblazer187 posted:What sub field is easiest to break into as a self taught (assuming I get there)? I think I'm most interested in android development, but if it's 100% easier to break in doing Javascript webdev then that's worth considering.
|
|
#
?
Oct 23, 2017 19:02
|
|
|
Keetron posted:I think this is hilarious and should be told as a feat of strength at parties. "Remember that one time I used a customers CC to test some service and he got charged for it?" I thought that was the kind of thing I’d get ostracized for admitting to  I wouldn’t tell it to potential bosses and hiring managers, at least.
|
|
#
?
Oct 23, 2017 19:05
|
|
|
Love Stole the Day posted:Open question for any of you guys: when you were trying to get your first job in this industry, what do you think it was, looking back, that landed you the interview(s) you needed in the first place? Was it because you had an extensive catalog of interesting personal projects that demonstrated expertise in a relevant library that the employer cared about? Maybe it was because your Github/LinkedIn page looked really good? Maybe you just knew the right person? Or maybe it was just luck? For my first job, I was probably the only one that applied for the position. It was a low-paid programmer position with a university but I needed the job so For my second job, it was a meat grinder organization that would've interviewed me even if I had been clinically dead but not yet room temp. That job, terrible though it was, gave me a chance to build my network in a new city. For the three subsequent jobs, it was all people I knew inside the target company that got my resume flagged as Good for setting up initial interviews. Pollyanna posted:I thought that was the kind of thing I’d get ostracized for admitting to Nah, it's a good story. Besides this isn't the first time you've told this story in CoC, and if I recall correctly the last time around it was generally agreed that the situation was not your fault and that company was bottom-of-the-poo poo-barrel stupid.
|
|
#
?
Oct 23, 2017 19:16
|
|
|
Keetron posted:Eurogoon (Netherlands): Anyone that has Java or C# in his resume will be spammed with a wide variety of jobs. If you can program your way around testing, can count to 20 with your shoes on (or 30 if you can then tie your own laces), there is a job out there for you. English is a requirement, not being from India as well. This last comment because companies willing to work with Indians will use TCS or Infosys or some other type of sweatshop. Just about everyone you will work with can speak English to some degree so if you manage that, you'll be fine. If you or anyone else in development wants to get a foot in the door in the greater Amsterdam area, send me a PM and based on your skills I might be able to introduce you to people. Thanks! I'll keep plugging away at my learning and, well, maybe someday you'll get a PM out from the wilderness. I've got some family in Amsterdam as well! Good to know that this isn't something that only works in the US!
|
|
#
?
Oct 23, 2017 19:17
|
|
|
Pollyanna posted:I thought that was the kind of thing I’d get ostracized for admitting to Nah, we all gently caress up and it only becomes really bad if you blame others for your mistakes. In this case, the blame is shared as your boss suggested it and you followed up. Let me put it this way, but if someone says they never make mistakes they are not only lying but in denial about it as well. Admit your mistakes, fix them fast and laugh about it. Then move on.
|
|
#
?
Oct 23, 2017 19:17
|
|
|
Keetron posted:Nah, we all gently caress up and it only becomes really bad if you blame others for your mistakes. In this case, the blame is shared as your boss suggested it and you followed up. Let me put it this way, but if someone says they never make mistakes they are not only lying but in denial about it as well. Admit your mistakes, fix them fast and laugh about it. Then move on. But you see, it really WAS everyone else's fault.
|
|
#
?
Oct 23, 2017 19:18
|
|
|
Pollyanna posted:I thought that was the kind of thing I’d get ostracized for admitting to It's ripe fodder to be spun into a "How I learned best practices" story in future interviews.
|
|
#
?
Oct 23, 2017 19:19
|
|
|
Keetron posted:If you or anyone else in development wants to get a foot in the door in the greater Amsterdam area, send me a PM and based on your skills I might be able to introduce you to people. What’s going on with Amsterdam? I recently talked with two bootcamp people who moved there for a startup. And they were from Boston, which is supposed to be great for startups.
|
|
#
?
Oct 23, 2017 20:49
|
|
|
Pollyanna posted:I thought that was the kind of thing I’d get ostracized for admitting to Your fuckup is massively outweighed by the process and compliance fuckups that a) allow devs to have access to customers cards, and b) probably don't have any semblance of PCI compliance for the CC storage and transmission.
|
|
#
?
Oct 23, 2017 22:24
|
|
|
I'm a student. I was going to post in the academic advice thread, but a poster suggested I bring my questions here. Preface: I live in South America. I'm fairly young, in my early twenties, and a little clueless I guess about what life will probably be like after I've graduated. I decided to switch from Biology to CE and took a gap year to buckle down and get my poo poo together, and also to get myself up to an adequate level of math to start myself on my path. (Hopefully this was a good choice) I've been doing a good chunk of the Stitz Zeagler precalculus book to refresh basic math, then the Coursera Calculus course. Overall, I'm trying to follow this layout of online CS courses I found, to supplement or at least prepare me for actual university next year. As someone with no prior programming experience whatsoever, I found myself really drained by CS50. After the first three weeks, I felt I wasn't retaining information properly so I did them again and they felt quite easy. Then the problem sets for the fourth week and fifth week became very trying for me. I feel like I understand a lot of the concepts, but when it comes time to translate that into a program, I've had a hard time and it's made me want to take a break and focus on math before I come back with a different mentality. I've been feeling kind of anxious about whether or not I'm not grokking something that so many other students seem to be able to, I guess? And wondering/hoping that it's just the high standards set by a Harvard-sponsored course that are challenging me so much, and not some kind of natural lack of talent for programming. I guess I just want to know if anyone went through a similar phase. I looked at that FizzBuzz thing someone linked on this thread or the Academic Advice one and found I could resolve it even with the basic knowledge I have from a few weeks of CS50, and that made me feel that maybe I'm just overthinking Tosk fucked around with this message at 01:45 on Oct 24, 2017 |
|
#
?
Oct 24, 2017 00:47
|
|
|
The Fool posted:Why did you as a junior dev even have the ability to run a customers credit card number? Yeah its hosed. But that said, lots of startups and even medium sized companies are very fly-by-the-seat-of-their-pants when it comes to server security and permissions and stuff. No joke one time years back I entered a SQL command that would have wiped out all user passwords, I had open the prod server in one terminal and my local DB in another terminal. I realized RIGHT after I entered the command and CTRL+C'd that poo poo, and the whole transaction reset, but drat. Its nice working for a proper outfit now where I can't even touch prod. Pollyanna posted:I thought that was the kind of thing I’d get ostracized for admitting to Nah you have no idea how common that poo poo is. There's a reason why 99% of modern software practices are all about protecting you from yourself. OOP, static-analysis, peer review, etc. etc. etc. We're not machines. And I dunno, often I get asked poo poo in interviews about where I screwed up and learned from it, and not having any answer is by far the worst possible thing you can do. Zaphod42 fucked around with this message at 01:27 on Oct 24, 2017 |
|
#
?
Oct 24, 2017 01:23
|
|
|
For anyone who's even mildly curious, the first day went really well, every body is super friendly at the company, and I'm super excited to actually be able to code for a living.  It was all set up today and honestly a lot of it was completely over my head. I've mainly been working on Ubuntu but this is a Microsoft shop, there was tons of configuration to be done through IIS. Wondering if it'll be worth my time learning a bit more about IIS, although it seems that this is the kind of stuff I only need to set up once and probably can forget about it soon after.
|
|
#
?
Oct 24, 2017 04:25
|
|
|
The Dark Wind posted:For anyone who's even mildly curious, the first day went really well, every body is super friendly at the company, and I'm super excited to actually be able to code for a living. It is a good idea to become familiar with the surrounding ecosystem. It will help when debugging, and if you are the guy people can go to for strange questions, you become so much more valuable than someone who just stays in their corner. However, take your time, no rush, they probably don't expect you to seriously contribute anything for the first 2-3 months. Don't stress out (too much, you should stress some, all men must know fear) over feeling useless.
|
|
#
?
Oct 24, 2017 04:30
|
|
|
I have a phone interview on friday. Excited. Nervous. Scared. At least I have a couple of days to prepare. I only applied for the job yesterday, and the person who emailed me was extremely responsive. We emailed back and forth several times in a 30 minute period. So I'm somewhat optimistic. edit: The Dark Wind posted:For anyone who's even mildly curious, the first day went really well, every body is super friendly at the company, and I'm super excited to actually be able to code for a living. That's great! Snak fucked around with this message at 04:44 on Oct 24, 2017 |
|
#
?
Oct 24, 2017 04:33
|
|
|
Snak posted:I have a phone interview on friday. Excited. Nervous. Scared. Have you read Cracking the Coding Interview? Get it rush asap. Probably wont' get it in time for the phone interview but if you get an on-site you'll want to have read and studied it. OP appears to have a link to an older free version
|
|
#
?
Oct 24, 2017 06:56
|
|
|
The Dark Wind posted:For anyone who's even mildly curious, the first day went really well, every body is super friendly at the company, and I'm super excited to actually be able to code for a living. So jealous. Congratulations duderino
|
|
#
?
Oct 24, 2017 07:18
|
|
|
The Dark Wind posted:For anyone who's even mildly curious, the first day went really well, every body is super friendly at the company, and I'm super excited to actually be able to code for a living. Congrats and good luck! lifg posted:What’s going on with Amsterdam? I recently talked with two bootcamp people who moved there for a startup. And they were from Boston, which is supposed to be great for startups. This is ignoring the culture, history, food and proximity to all of Europe. forgot: a visa is tied to employment, not employer. When fired, you have 3 months to find another job that will sign on the dotted line so after arrival you are not some sort of slave to the company (indentured servitude anyone?). Keetron fucked around with this message at 11:22 on Oct 24, 2017 |
|
#
?
Oct 24, 2017 11:19
|
|
|
Pollyanna posted:I thought that was the kind of thing I’d get ostracized for admitting to the fact that you could even see a customers credit card #, let alone were encouraged to use it for testing is insanity. Especially when every good payment processor has test cards that allow you to programmatically validate all of the things in your staging environment/local development. For reference, amazon realized in the mid 90s that you needed to isolate access to payment info as much as possible, and so one of the first distinct systems was for credit card storage and payment.
|
|
#
?
Oct 24, 2017 16:10
|
|
|
There was a wave of self-schadenfreude back at Experts Exchange on the day when somebody realized there was a slight problem with dumping all the POST request parameters when an error happened: it wrote a lot of credit card numbers to the (unencrypted) log. And the error events were often sent as emails. And the logs were backed up periodically. We all went, "Welp, at least we know what's at the top of the priority list now!" and got to scrubbing.
|
|
#
?
Oct 24, 2017 16:19
|
|
|
CPColin posted:There was a wave of self-schadenfreude back at Experts Exchange on the day when somebody realized there was a slight problem with dumping all the POST request parameters when an error happened: it wrote a lot of credit card numbers to the (unencrypted) log. And the error events were often sent as emails. And the logs were backed up periodically. Haha, that's awesome. (And by awesome I obviously mean horribad)
|
|
#
?
Oct 24, 2017 18:35
|
|
|
At my first internship, I brought down a nationwide auto dealership's web site, in the middle of the day, because I rolled out untested changes, that contained a while loop with a (flawed) regular expression as the termination condition, to their PHP4-based website, resulting in an infinite loop that choked the cpu to death and crashed the server. Twice. Apologies for likely triggering some of you multiple times in one sentence, but when it comes to learning lessons and best (worst) practices, that incident was drat efficient. Che Delilas fucked around with this message at 21:40 on Oct 24, 2017 |
|
#
?
Oct 24, 2017 21:35
|
|
|
The only thing that's triggering me is the lack of separation between development and deployment versions and letting new interns commit directly to deployment. I've been working where I work for 9 months and I still make the occasional mistake that would be catastrophic if my work went directly to production. As do my colleagues occasionally. My favourite is introducing a bug that disallowed anyone from entering a string that wasn't exactly 255 characters long. Joda fucked around with this message at 22:19 on Oct 24, 2017 |
|
#
?
Oct 24, 2017 22:16
|
|
|
Zaphod42 posted:
I'm perfect, perfect in every way. A flawless code master, who's only mistakes are simple and benign and fixed before committed. Unless you count the time I accidentally committed and deployed a co-workers April fools joke to prod. But really, is that a mistake or is it a feature people didn't know they needed?
|
|
#
?
Oct 24, 2017 22:51
|
|
|
|
| # ? May 18, 2024 18:16 |
|
|
Just lol if you're looking at something and not thinking "how am I gonna break this today?"
|
|
#
?
Oct 24, 2017 23:20
|
|
