18

Really loving the instant legacy code being added to our new project by devs who think they are too good to follow our peer review process, yum... today I found out that there are two different implementations of an API endpoint that does the same thing running in prod, in two different places, because the guy who wrote the second one wasn't aware that the first one existed and didn't let a second developer look at it before he pushed it to master.

Comments
  • 0
    If it works, don't touch it PERIOD.
  • 7
    @error503 No shit, a live API endpoint can't be removed without doing a new version of the API and deprecating the old one, which isn't going to happen for years. So now we get to maintain both for the foreseeable future. Thus "instant legacy code".
  • 0
    @HollowKitty I'm on something similar too. The financial banking software my company has developed has no encrypted password for users. We can't do anything because they don't want to pay for maintenance and don't want to pay for new development. We going to have talk with them again next week. Motherfuckers!
  • 4
    @error503 The costs (financial, reputation, legal) any data breach would incur should scare them more than enough.
  • 0
    @Root Yes, we are going to scare them next week.
  • 1
    Plus, GDPR.
    Remind them they might be fined with a 10M-20M€ or 2-4% of their global annual revenue as a penalty and they might frig off and let you do the right thing... Assholes...
  • 1
    I really hate this type of people that think security comes second... I would either force them to do it or rate quit and call the EU on them :v
    (Oh, and all that GDPR thing is iff they do business in the EU or with EU citizens)
Add Comment