rant & question

Last year I had to collaborate to a project written by an old man; let's call him Bob. Bob started working in the punch cards era, he worked as a sysadmin for ages and now he is being "recycled" as a web developer. He will retire in 2 years.

The boss (that is not a programmer) loves Bob and trusts him on everything he says.

Here my problems with Bob and his code:
- he refuses learning git (or any other kind of version control system);
- he knows only procedural PHP (not OO);
- he mixes the presentation layer with business logic;
- he writes layout using tables;
- he uses deprecated HTML tags;
- he uses a random indentation;
- most of the code is vulnerable to SQL injection;
- and, of course, there are no tests.
- Ah, yes, he develops directly on the server, through a SSH connection, using vi without syntax highlighting.

In the beginning I tried to be nice, pointing out just the vulnerabilities and insisting on using git, but he ignored all my suggestions.

So, since I would have managed the production server, I decided to cheat: I completely rewrote the whole application, keeping the same UI, and I said the boss that I created a little fork in order to adapt the code to our infrastructure. He doesn't imagine that the 95% of the code is completely different from the original.

Now it's time to do some changes and another colleague is helping. She noticed what I did and said that I've been disrespectful in throwing away the old man clusterfuck, because in any case the code was working. Moreover he will retire in 2 years and I shouldn't force him to learn new things [tbh, he missed at least last 15 years of web development].

What would you have done in my place?

  • 8
    I would just have warned the boss that Bob has no clue, that his code is full of vulnerabilities, and that the company will get hacked.

    If boss doesn't believe that and decides to fuck up, so be it. But I would have made sure that there's a paper trail.
  • 8
    @Fast-Nop this would make sense, but unfortunately the boss thinks Bob is more skilled than me because he is 30 years older.
  • 6
    @xonya yeah, and the best way to convince him of the opposite is a massive fuckup that you can shrug off with "told you so".
  • 6
    Regardless of Bob's faults or the problems he is presenting, you are putting yourself at risk with the lack of transparency. Your description of Bob's boss makes me think it's likely that you'd be accused of "sabotaging", "going behind the back", etc. Partly because that's true. (Also, your post smacks of ageism. Why should I mention that? Because I'm getting thin skinned about it and there's nobody around to yell "get off my lawn!" at.)
  • 2
    If I where in your situation, I would ask to switch to another team/project or switch company
  • 4
    To be honest, you've put yorself at risk here. If anything goes wrong, and something usually does, you are personally liable. Making massive decisions by yourself does not work in a corporate or professional environment, trust me.
    Regarding Bob, he may not be up to date with the latest stuff but he seems to get the job done. I don't agree with the fact that he doesn't listen to new ideas though.
    Also, he's kind of a badass for the last item on your list (if he actually pulls it off)
  • 7
    As an older dev, I've been the recipient of your type of treatment. In my case, though I had something to contribute that they weren't considering (a WordPress site for Marketing so we could focus on another main app and Marketing wouldn't have to wait to get on our schedule). The young devs were purists and turned up their noses at my suggestion even though it was perfectly reasonable as a generally-accepted business practice. They got HR involved and I was fired under false pretenses and without an opportunity to present my case adequately.

    Bob does need to brush up, yes. Retirement in 2 years is no excuse. But undermining his code was not the answer. Teaching him and talking to his boss when he refused was the better play.
  • 2
    I would have respected my elders
  • 1
    @xonya I believe what you did is correct. Even if you have paper trail that Bob knew nothing and his code was vulnerable, in case the company gets hacked, boss would first look to fire the lower-level employees (less senior, like you).
  • 1
    It seems to me that the problem here is the "recycling" you mention early on. Sounds like Bob is a very competent sys admin. Moving him to web development when he clearly has not done that in a while seems a less then smart move. Of course you need to be flexible but learning to be a good web dev takes a lot of time and experience from the late nineties is not very useful. Hope he lands well. I understand your frustration. But we will all land in some sort of situation if we live and work long enough.
  • 1
    @xonya Sounds bad. Probably defacing your test system or popping a shell on it won't help you here.

    Do you have possibility of other auditing the code?

    Otherwise I'd deploy their shit, only take care your warning was in written form (in case site is really pwned)
  • 1
    Retry with the boss by giving more concrete flaws and attack simulations.

    If it doesn't work ask to be transferred, because your skillset is going to be wasted, and do you want to waste time on something that later on you'll have to rewrite anyway?

    If there's online exposure to what you're developing, SQL injections are not acceptable.
  • 0
    Thanks for your feedbacks guys, I really appreciate them (also the negative ones)!

    @stackodev I'm sorry they fired you. I don't want my company fires Bob, he doesn't deserve that. I simply would like to have a maintainable codebase, without so bad vulnerabilities, since I'll probably be still involved in this project after he will retire.

    @kgbemployee I'm not against vi, but I saw he working and, without syntax hilighting and code validation (things that you can set up in vi too), he wastes a lot of time on missing semicolons or not closed brackets. I don't think this is so cool.

    @phorkyas Currently only 3 persons worked on this code and the other one agrees that it is a mess but thinks that I shouldn't have rewritten it.
  • 1
    @xonya ok, i take it back then. 😕
Your Job Suck?
Get a Better Job
Add Comment